Commit Graph

1104708 Commits

Author SHA1 Message Date
Dan Carpenter
690b2549b1 i2c: ismt: prevent memory corruption in ismt_access()
The "data->block[0]" variable comes from the user and is a number
between 0-255.  It needs to be capped to prevent writing beyond the end
of dma_buffer[].

Fixes: 5e9a97b1f4 ("i2c: ismt: Adding support for I2C_SMBUS_BLOCK_PROC_CALL")
Reported-and-tested-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-06-02 08:40:56 -07:00
Masahiro Yamada
3cbcff6911 sparc: fix mis-use of __kernel_{uid,gid}_t in uapi/asm/stat.h
Commit 31a088b664 ("sparc: add asm/stat.h to UAPI compile-test
coverage") converted as follows:

  uid_t  -->  __kernel_uid_t
  gid_t  -->  __kernel_gid_t

It changed the field widths of struct stat because Sparc uses 16-bits for
___kernel_{uid,gid}_t as in arch/sparc/include/uapi/asm/posix_types.h.

The safe replacements across all architectures are:

  uid_t  -->  __kernel_uid32_t
  gid_t  -->  __kernel_gid32_t

as defined in include/linux/types.h.

A similar issue was reported for the android binder. [1]

[1]: https://lore.kernel.org/all/20220601010017.2639048-1-cmllamas@google.com/

Fixes: 31a088b664 ("sparc: add asm/stat.h to UAPI compile-test coverage")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-06-02 17:38:15 +02:00
Masahiro Yamada
d39e061540 powerpc: use __kernel_{uid,gid}32_t in uapi/asm/stat.h
Commit c01013a2f8 ("powerpc: add asm/stat.h to UAPI compile-test
coverage") converted as follows:

  uid_t  -->  __kernel_uid_t
  gid_t  -->  __kernel_gid_t

The bit width of __kernel_{uid,gid}_t is 16 or 32-bits depending on
architectures.

PPC uses 32-bits for them as in include/uapi/asm-generic/posix_types.h,
so the previous conversion is probably fine, but let's stick to the
arch-independent conversion just in case.

The safe replacements across all architectures are:

  uid_t  -->  __kernel_uid32_t
  gid_t  -->  __kernel_gid32_t

as defined in include/linux/types.h.

A similar issue was reported for the android binder. [1]

[1]: https://lore.kernel.org/all/20220601010017.2639048-1-cmllamas@google.com/

Fixes: c01013a2f8 ("powerpc: add asm/stat.h to UAPI compile-test coverage")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-06-02 17:38:15 +02:00
Masahiro Yamada
6cd6356206 mips: use __kernel_{uid,gid}32_t in uapi/asm/stat.h
Commit 8c1a381a4f ("mips: add asm/stat.h to UAPI compile-test
coverage") converted as follows:

  uid_t  -->  __kernel_uid_t
  gid_t  -->  __kernel_gid_t

The bit width of __kernel_{uid,gid}_t is 16 or 32-bits depending on
architectures.

MIPS uses 32-bits for them as in include/uapi/asm-generic/posix_types.h,
so the previous conversion is probably fine, but let's stick to the
arch-independent conversion just in case.

The safe replacements across all architectures are:

  uid_t  -->  __kernel_uid32_t
  gid_t  -->  __kernel_gid32_t

as defined in include/linux/types.h.

A similar issue was reported for the android binder. [1]

[1]: https://lore.kernel.org/all/20220601010017.2639048-1-cmllamas@google.com/

Fixes: 8c1a381a4f ("mips: add asm/stat.h to UAPI compile-test coverage")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-06-02 17:38:15 +02:00
Rob Herring
fe3f70eec4 dt-bindings: PCI: apple: Add missing 'power-domains' property
The 'unevaluatedProperties' schema checks is not fully working and doesn't
catch some cases where there's a $ref to another schema. A fix is pending,
but results in new warnings in examples.

The Apple PCIe host schema is missing 'power-domains' in the schema.
The example has 3 power domains. However, this is wrong too as actual
dts files have a single power domain and Sven confirmed 1 is correct.

Cc: Sven Peter <sven@svenpeter.dev>
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Sven Peter <sven@svenpeter.dev>
Link: https://lore.kernel.org/r/20220531215815.2408477-1-robh@kernel.org
2022-06-02 10:08:47 -05:00
Sibi Sankar
f5f1a977fe dt-bindings: Update Sibi Sankar's email address
Update email address to the quicinc.com domain.

Signed-off-by: Sibi Sankar <quic_sibis@quicinc.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/1654130923-18722-1-git-send-email-quic_sibis@quicinc.com
2022-06-02 09:42:02 -05:00
Jeffrey Hugo
304e4d53dd dt-bindings: clock: Update my email address
Update my email address from the defunct codeaurora.org domain to the
current quicinc.com domain.

Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/1654118992-4026-1-git-send-email-quic_jhugo@quicinc.com
2022-06-02 09:39:52 -05:00
Dipen Patel
5dad4eccd2 dt-bindings: timestamp: Correct id path
During the repository renaming from hte to timestamp, $id path was not
updated accordingly. This patch corrects $id path.

Fixes: af583852d2 ("dt-bindings: Renamed hte directory to timestamp")
Signed-off-by: Dipen Patel <dipenp@nvidia.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
2022-06-02 15:56:59 +02:00
Damien Le Moal
aacae8c469 block: null_blk: Fix null_zone_write()
The bio and rq fields of struct nullb_cmd are now overlapping in a
union. So we cannot use a test on ->bio being non-NULL to detect the
NULL_Q_BIO queue mode. null_zone_write() use such broken test to set the
sector position of a zone append write in the command bio or request.
When the null_blk device uses the NULL_Q_MQ queue mode,
null_zone_write() wrongly end up setting the bio sector position,
resulting in the command request to be broken and random crashes
following.

Fix this by testing the device queue mode directly.

Fixes: 8ba816b23a ("null-blk: save memory footprint for struct nullb_cmd")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Link: https://lore.kernel.org/r/20220602120344.1365329-1-damien.lemoal@opensource.wdc.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-06-02 07:11:28 -06:00
Catalin Marinas
1bec877bdb arm64: Remove the __user annotation for the restore_za_context() argument
The struct user_ctx *user pointer passed to restore_za_context() is not
a user point but a structure containing several __user pointers. Remove
the __user annotation.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Fixes: 39782210eb ("arm64/sme: Implement ZA signal handling")
Reported-by: kernel test robot <lkp@intel.com>
Cc: Mark Brown <broonie@kernel.org>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220601171338.2143625-1-catalin.marinas@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2022-06-02 11:55:29 +01:00
Alexander Lobakin
6e1ff61873 ice: fix access-beyond-end in the switch code
Global `-Warray-bounds` enablement revealed some problems, one of
which is the way we define and use AQC rules messages.
In fact, they have a shared header, followed by the actual message,
which can be of one of several different formats. So it is
straightforward enough to define that header as a separate struct
and then embed it into message structures as needed, but currently
all the formats reside in one union coupled with the header. Then,
the code allocates only the memory needed for a particular message
format, leaving the union potentially incomplete.
There are no actual reads or writes beyond the end of an allocated
chunk, but at the same time, the whole implementation is fragile and
backed by an equilibrium rather than strong type and memory checks.

Define the structures the other way around: one for the common
header and the rest for the actual formats with the header embedded.
There are no places where several union members would be used at the
same time anyway. This allows to use proper struct_size() and let
the compiler know what is going to be done.
Finally, unsilence `-Warray-bounds` back for ice_switch.c.

Other little things worth mentioning:
* &ice_sw_rule_vsi_list_query is not used anywhere, remove it. It's
  weird anyway to talk to hardware with purely kernel types
  (bitmaps);
* expand the ICE_SW_RULE_*_SIZE() macros to pass a structure
  variable name to struct_size() to let it do strict typechecking;
* rename ice_sw_rule_lkup_rx_tx::hdr to ::hdr_data to keep ::hdr
  for the header structure to have the same name for it constistenly
  everywhere;
* drop the duplicate of %ICE_SW_RULE_RX_TX_NO_HDR_SIZE residing in
  ice_switch.h.

Fixes: 9daf8208dd ("ice: Add support for switch filter programming")
Fixes: 66486d8943 ("ice: replace single-element array used for C struct hack")
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Marcin Szycik <marcin.szycik@linux.intel.com>
Acked-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20220601105924.2841410-1-alexandr.lobakin@intel.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-06-02 12:41:10 +02:00
Fei Qin
c6fbbf1eae nfp: remove padding in nfp_nfdk_tx_desc
NFDK firmware supports 48-bit dma addressing and
parses 16 high bits of dma addresses.

In nfp_nfdk_tx_desc, dma related structure and tso
related structure are union. When "mss" be filled
with nonzero value due to enable tso, the memory used
by "padding" may be also filled. Then, firmware may
parse wrong dma addresses which causes TX watchdog
timeout problem.

This patch removes padding and unifies the dma_addr_hi
bits with the one in firmware. nfp_nfdk_tx_desc_set_dma_addr
is also added to match this change.

Fixes: c10d12e3dc ("nfp: add support for NFDK data path")
Signed-off-by: Fei Qin <fei.qin@corigine.com>
Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20220601083449.50556-1-simon.horman@corigine.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-06-02 11:08:43 +02:00
Duoming Zhou
7d8a3a477b ax25: Fix ax25 session cleanup problems
There are session cleanup problems in ax25_release() and
ax25_disconnect(). If we setup a session and then disconnect,
the disconnected session is still in "LISTENING" state that
is shown below.

Active AX.25 sockets
Dest       Source     Device  State        Vr/Vs    Send-Q  Recv-Q
DL9SAU-4   DL9SAU-3   ???     LISTENING    000/000  0       0
DL9SAU-3   DL9SAU-4   ???     LISTENING    000/000  0       0

The first reason is caused by del_timer_sync() in ax25_release().
The timers of ax25 are used for correct session cleanup. If we use
ax25_release() to close ax25 sessions and ax25_dev is not null,
the del_timer_sync() functions in ax25_release() will execute.
As a result, the sessions could not be cleaned up correctly,
because the timers have stopped.

In order to solve this problem, this patch adds a device_up flag
in ax25_dev in order to judge whether the device is up. If there
are sessions to be cleaned up, the del_timer_sync() in
ax25_release() will not execute. What's more, we add ax25_cb_del()
in ax25_kill_by_device(), because the timers have been stopped
and there are no functions that could delete ax25_cb if we do not
call ax25_release(). Finally, we reorder the position of
ax25_list_lock in ax25_cb_del() in order to synchronize among
different functions that call ax25_cb_del().

The second reason is caused by improper check in ax25_disconnect().
The incoming ax25 sessions which ax25->sk is null will close
heartbeat timer, because the check "if(!ax25->sk || ..)" is
satisfied. As a result, the session could not be cleaned up properly.

In order to solve this problem, this patch changes the improper
check to "if(ax25->sk && ..)" in ax25_disconnect().

What`s more, the ax25_disconnect() may be called twice, which is
not necessary. For example, ax25_kill_by_device() calls
ax25_disconnect() and sets ax25->state to AX25_STATE_0, but
ax25_release() calls ax25_disconnect() again.

In order to solve this problem, this patch add a check in
ax25_release(). If the flag of ax25->sk equals to SOCK_DEAD,
the ax25_disconnect() in ax25_release() should not be executed.

Fixes: 82e31755e5 ("ax25: Fix UAF bugs in ax25 timers")
Fixes: 8a367e74c0 ("ax25: Fix segfault after sock connection timeout")
Reported-and-tested-by: Thomas Osterried <thomas@osterried.de>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220530152158.108619-1-duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-06-02 10:37:57 +02:00
Jan Kara
22b106e535 block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
Commit d92c370a16 ("block: really clone the block cgroup in
bio_clone_blkg_association") changed bio_clone_blkg_association() to
just clone bio->bi_blkg reference from source to destination bio. This
is however wrong if the source and destination bios are against
different block devices because struct blkcg_gq is different for each
bdev-blkcg pair. This will result in IOs being accounted (and throttled
as a result) multiple times against the same device (src bdev) while
throttling of the other device (dst bdev) is ignored. In case of BFQ the
inconsistency can even result in crashes in bfq_bic_update_cgroup().
Fix the problem by looking up correct blkcg_gq for the cloned bio.

Reported-by: Logan Gunthorpe <logang@deltatee.com>
Reported-and-tested-by: Donald Buczek <buczek@molgen.mpg.de>
Fixes: d92c370a16 ("block: really clone the block cgroup in bio_clone_blkg_association")
CC: stable@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220602081242.7731-1-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-06-02 02:15:05 -06:00
Damien Le Moal
ff47dbd18b block: remove useless BUG_ON() in blk_mq_put_tag()
Since the if condition in blk_mq_put_tag() checks that the tag to put is
not a reserved one, the BUG_ON() check in the else branch checking if
the tag is indeed a reserved one is useless. Remove it.

Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20220602075159.1273366-1-damien.lemoal@opensource.wdc.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-06-02 02:05:56 -06:00
Jens Axboe
c9fdf7b453 nvme fixes for Linux 5.19
- set controller enable bit in a separate write (Niklas Cassel)
  - disable namespace identifiers for the MAXIO MAP1001 (me)
  - fix a comment typo (Julia Lawall)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAmKYSRALHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYOTRhAAgyfTQ2mtdCdJELcIYbhSTXDljDYzY7h9HDSDzXSp
 q6EE9bnxU+yBFS1t33lcM8/erN2M3RW2qIw2/pCSExXyGMrmg7jF8r0kDlVp2Lt9
 AAq+5LOQtJ4coFl2qSD/CGJzN7Wc/53XX18X+MwbkhbNSvk4Qgn1p+wyXOk2+q+w
 L2lwBEWtZmkSEaXeWGPVbHTKHfOGP54FrpKUNSu0O9YnACQTx2S0FC87FV+LlLU0
 dT+kpvsWTJIJZyAzvjrS4v8I2RX/BhFaCZu2WZwi6SQoSm2QGZe9GBVMUErC3iYM
 OzoM7rDyPfTY50VFX/mArEs9vGtPjusKypRK/rpvVx+QLsrkJkSBd78tOVy5fsCA
 7geXj9OWDJDH3B+XH3otsUEDhwLkOm7Ct22eoezDYtwOt6cbiRypbgljSA/a6zdr
 1c8gt1a6vLJMJUJGE3mSvqzgBHs2aNShLxQCq/SDA3nycSQfXjFr5vjLXW5eP5F6
 +Hs79zNQpHHgUsE0Ew5aXUDIaKu1AQNKqsORyFEvmCrZwOYRClzDsdU5ucw33VaD
 7dHDo4I2L17Dw+NPfn2xMoIYug4n/ITSOtHXnpISgsCHLNH76rrkT9uDxC7svlSq
 SsvQSfHSU5vkdQEuQoMW61AodtKkB1t+pIeS80MAO/Cf2ABfJP5ndFbXwrqxnJZP
 530=
 =IvA5
 -----END PGP SIGNATURE-----

Merge tag 'nvme-5.19-2022-06-02' of git://git.infradead.org/nvme into for-5.19/drivers

Pull NVMe fixes from Christoph:

"nvme fixes for Linux 5.19

 - set controller enable bit in a separate write (Niklas Cassel)
 - disable namespace identifiers for the MAXIO MAP1001 (me)
 - fix a comment typo (Julia Lawall)"

* tag 'nvme-5.19-2022-06-02' of git://git.infradead.org/nvme:
  nvmet: fix typo in comment
  nvme: set controller enable bit in a separate write
  nvme-pci: disable namespace identifiers for the MAXIO MAP1001
2022-06-02 01:48:35 -06:00
Uwe Kleine-König
7bb8a0cf49 gpio: adp5588: Remove support for platform setup and teardown callbacks
If the teardown callback failed in the gpio driver, it fails to free the
irq (if there is one). The device is removed anyhow. If later on the irq
triggers, all sorts of unpleasant things might happen (e.g. accessing
the struct adp5588_gpio which is already freed in the meantime or starting
i2c bus transfers for an unregistered device). Even before irq support was
added to this driver, exiting early was wrong; back then it failed to
unregister the gpiochip.

Fortunately these callbacks aren't used any more since at least blackfin
was removed in 2018. So just drop them.

Note that they are not removed from struct adp5588_gpio_platform_data
because the keyboard driver adp5588-keys.c also makes use of them.
(I didn't check if the callbacks might have been called twice, maybe there
is another reason hidden to better not call these functions.)

This patch is a preparation for making i2c remove callbacks return void.

Fixes: 80884094e3 ("gpio: adp5588-gpio: new driver for ADP5588 GPIO expanders")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Acked-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
2022-06-02 09:17:38 +02:00
Jens Axboe
9cae36a094 io_uring: reinstate the inflight tracking
After some debugging, it was realized that we really do still need the
old inflight tracking for any file type that has io_uring_fops assigned.
If we don't, then trivial circular references will mean that we never get
the ctx cleaned up and hence it'll leak.

Just bring back the inflight tracking, which then also means we can
eliminate the conditional dropping of the file when task_work is queued.

Fixes: d5361233e9 ("io_uring: drop the old style inflight file tracking")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-06-01 23:57:02 -06:00
Masahiro Yamada
9eb2e45d09
riscv: move errata/ and kvm/ builds to arch/riscv/Kbuild
Commit 909548d6c5 ("riscv: add arch/riscv/Kbuild") intended that
subdirectories in arch/riscv/ would be added in arch/riscv/Kbuild.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 22:26:32 -07:00
Xianting Tian
e61bf5c071
RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY
Commit 00ab027a3b ("RISC-V: Add kernel image sections to the resource tree")
marked IORESOURCE_BUSY for reserved memory, which caused resource map
failed in subsequent operations of related driver, so remove the
IORESOURCE_BUSY flag. In order to prohibit userland mapping reserved
memory, mark IORESOURCE_EXCLUSIVE for it.

The code to reproduce the issue,
dts:
        mem0: memory@a0000000 {
                reg = <0x0 0xa0000000 0 0x1000000>;
                no-map;
        };

        &test {
                status = "okay";
                memory-region = <&mem0>;
        };

code:
        np = of_parse_phandle(pdev->dev.of_node, "memory-region", 0);
        ret = of_address_to_resource(np, 0, &r);
        base = devm_ioremap_resource(&pdev->dev, &r);
        // base = -EBUSY

Fixes: 00ab027a3b ("RISC-V: Add kernel image sections to the resource tree")
Reported-by: Huaming Jiang <jianghuaming.jhm@alibaba-inc.com>
Reviewed-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Co-developed-by: Nick Kossifidis <mick@ics.forth.gr>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220518013428.1338983-1-xianting.tian@linux.alibaba.com
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 22:03:50 -07:00
Tobias Klauser
02d88b40cb
riscv: Wire up memfd_secret in UAPI header
Move the __ARCH_WANT_MEMFD_SECRET define added in commit 7bb7f2ac24
("arch, mm: wire up memfd_secret system call where relevant") to
<uapi/asm/unistd.h> so __NR_memfd_secret is defined when including
<unistd.h> in userspace.

This allows the memfd_secret selftest to pass on riscv.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Link: https://lore.kernel.org/r/20220505081815.22808-1-tklauser@distanz.ch
Fixes: 7bb7f2ac24 ("arch, mm: wire up memfd_secret system call where relevant")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 21:46:36 -07:00
Samuel Holland
2273272823
riscv: Fix irq_work when SMP is disabled
irq_work is triggered via an IPI, but the IPI infrastructure is not
included in uniprocessor kernels. As a result, irq_work never runs.
Fall back to the tick-based irq_work implementation on uniprocessor
configurations.

Fixes: 298447928b ("riscv: Support irq_work via self IPIs")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20220430030025.58405-1-samuel@sholland.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 21:46:31 -07:00
Alexandre Ghiti
26b8f69edd
riscv: Improve virtual kernel memory layout dump
With the arrival of sv48 and its large address space, it would be
cumbersome to statically define the unit size to use to print the different
portions of the virtual memory layout: instead, determine it dynamically.

Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 21:46:29 -07:00
Alexandre Ghiti
35d33c76d6
riscv: Initialize thread pointer before calling C functions
Because of the stack canary feature that reads from the current task
structure the stack canary value, the thread pointer register "tp" must
be set before calling any C function from head.S: by chance, setup_vm
and all the functions that it calls does not seem to be part of the
functions where the canary check is done, but in the following commits,
some functions will.

Fixes: f2c9699f65 ("riscv: Add STACKPROTECTOR supported")
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 21:46:23 -07:00
Steve French
096c956b0d cifs: update internal module number
To 2.37

Signed-off-by: Steve French <stfrench@microsoft.com>
2022-06-01 23:23:09 -05:00
Alexandre Ghiti
9d19f2b525
Documentation: riscv: Add sv48 description to VM layout
sv48 was just introduced, so add its virtual memory layout to the
documentation.

Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 20:38:34 -07:00
Steve French
7ef93ffccd cifs: version operations for smb20 unneeded when legacy support disabled
We should not be including unused smb20 specific code when legacy
support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned
off).  For example smb2_operations and smb2_values aren't used
in that case.  Over time we can move more and more SMB1/CIFS and SMB2.0
code into the insecure legacy ifdefs

Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2022-06-01 22:30:36 -05:00
Steve French
387ba9bf4c cifs: do not build smb1ops if legacy support is disabled
We should not be including unused SMB1/CIFS functions when legacy
support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned
off), but especially obvious is not needing to build smb1ops.c
at all when legacy support is disabled. Over time we can move
more SMB1/CIFS and SMB2.0 legacy functions into ifdefs but this
is a good start (and shrinks the module size a few percent).

Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2022-06-01 21:49:27 -05:00
Gleb Chesnokov
aa2a4ded05 scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
The ql_dm_tgt_ex_pct parameter was introduced in commit ead038556f
("qla2xxx: Add Dual mode support in the driver"). Then the use of this
parameter was dropped in commit 99e1b683c4 ("scsi: qla2xxx: Add
ql2xiniexchg parameter").

Thus, remove ql_dm_tgt_ex_pct since it is no longer used.

Link: https://lore.kernel.org/r/AM9PR10MB41185ADE95B92B4E6926BE639DD49@AM9PR10MB4118.EURPRD10.PROD.OUTLOOK.COM
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Gleb Chesnokov <Chesnokov.G@raidix.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:48:37 -04:00
Tom Rix
e250bd2699 scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
cppcheck reports
[drivers/scsi/qla2xxx/qla_mid.c:594]: (warning) Assignment of function parameter has no effect outside the function. Did you forget dereferencing it?
[drivers/scsi/qla2xxx/qla_mid.c:620]: (warning) Assignment of function parameter has no effect outside the function. Did you forget dereferencing it?

The functions qla25xx_free_req_que() and qla25xx_free_rsp_que() are
similar.  They free a 'req' and a 'rsp' parameter respectively. The last
statement of both functions is setting the parameter to NULL. This has no
effect and can be removed.

Link: https://lore.kernel.org/r/20220521201607.4145298-1-trix@redhat.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:46:11 -04:00
Jiapeng Chong
1fcbe4c490 scsi: mpi3mr: Fix kernel-doc
Fix the following W=1 kernel warnings:

drivers/scsi/mpi3mr/mpi3mr_app.c:1706: warning: expecting prototype for
adapter_state_show(). Prototype was for adp_state_show() instead.

Link: https://lore.kernel.org/r/20220525093514.55467-1-jiapeng.chong@linux.alibaba.com
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:43:26 -04:00
Bradley Grove
a5b168efba scsi: lpfc: Add support for ATTO Fibre Channel devices
Update pci_device_id table and generate reporting strings for ATTO Celerity
and ThunderLink Fibre Channel devices.

Link: https://lore.kernel.org/r/20220524125621.47102-1-bgrove@attotech.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: James Smart <jsmart2021@gmail.com>
Co-developed-by: Jason Seba <jseba@attotech.com>
Signed-off-by: Jason Seba <jseba@attotech.com>
Signed-off-by: Bradley Grove <bgrove@attotech.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:40:59 -04:00
Hannes Reinecke
b3bc1a88b5 scsi: core: Return BLK_STS_TRANSPORT for ALUA transitioning
When the 'ALUA state transitioning' sense code is returned we cannot use
BLK_STS_AGAIN, as this has a very specific use-case.  So return
BLK_STS_TRANSPORT here.

Link: https://lore.kernel.org/r/20220524055631.85480-3-hare@suse.de
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:38:53 -04:00
Damien Le Moal
30c4fdc3dc scsi: sd_zbc: Prevent zone information memory leak
Make sure to always free a scsi disk zone information, even for regular
disks. This ensures that there is no memory leak, even in the case of a
zoned disk changing type to a regular disk (e.g. with a reformat using the
FORMAT WITH PRESET command or other vendor proprietary command).

To do this, rename sd_zbc_clear_zone_info() to sd_zbc_free_zone_info() and
remove sd_zbc_release_disk(). A call to sd_zbc_free_zone_info() is added to
sd_zbc_read_zones() for drives for which sd_is_zoned() returns
false. Furthermore, sd_zbc_free_zone_info() code make s sure that the sdkp
rev_mutex is never used while not being initialized by gating the cleanup
code with a a check on the zone_wp_update_buf field as it is never NULL
when rev_mutex has been initialized.

Link: https://lore.kernel.org/r/20220601062544.905141-3-damien.lemoal@opensource.wdc.com
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:36:44 -04:00
Damien Le Moal
05fbde3a77 scsi: sd: Fix potential NULL pointer dereference
If sd_probe() sees an early error before sdkp->device is initialized,
sd_zbc_release_disk() is called. This causes a NULL pointer dereference
when sd_is_zoned() is called inside that function. Avoid this by removing
the call to sd_zbc_release_disk() in sd_probe() error path.

This change is safe and does not result in zone information memory leakage
because the zone information for a zoned disk is allocated only when
sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,
resulting in sd_disk_release() being called when needed to cleanup a disk
zone information using sd_zbc_release_disk().

Link: https://lore.kernel.org/r/20220601062544.905141-2-damien.lemoal@opensource.wdc.com
Fixes: 89d9475610 ("sd: Implement support for ZBC devices")
Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Suggested-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:36:44 -04:00
Sumit Saxena
4094981db7 scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings
During driver unload, mrioc->bsg_device reference count becomes
negative. Also, as reported in [1], the driver's bsg_device model had few
more bugs. Fix all these up.

[1] https://marc.info/?l=linux-scsi&m=165183971411991&w=2

Link: https://lore.kernel.org/r/20220526170157.58274-1-sumit.saxena@broadcom.com
Fixes: 4268fa7513 ("scsi: mpi3mr: Add bsg device support")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-06-01 22:23:09 -04:00
Palmer Dabbelt
77d707a310
RISC-V: Only default to spinwait on SBI-0.1 and M-mode
The spinwait boot method has been superseded by the SBI HSM extension
for some time now, but it still enabled by default.  This causes some
issues on large hart count systems, which will hang if a physical hart
exists that is larger than NR_CPUS.

Users on modern SBI implementation don't need spinwait, and while it's
probably possible to deal with some of the spinwait issues let's just
restrict the default to systems that are likely to actually use it.

Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20220421170354.10555-1-palmer@rivosinc.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2022-06-01 18:59:26 -07:00
Palmer Dabbelt
2981deb83d
RISC-V: PolarFire SoC Device Tree Updates
This add a device tree for Sundance Polarberry, along with various
cleanups to the PolarFire SOC device trees and bindings.

Link: https://lore.kernel.org/r/20220509142610.128590-1-conor.dooley@microchip.com

* 'riscv-pfsoc-dt' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/palmer/linux:
  riscv: dts: icicle: sort nodes alphabetically
  riscv: microchip: icicle: readability fixes
  riscv: dts: microchip: add the sundance polarberry
  dt-bindings: riscv: microchip: add polarberry compatible string
  dt-bindings: vendor-prefixes: add Sundance DSP
  riscv: dts: microchip: make the fabric dtsi board specific
  dt-bindings: riscv: microchip: document icicle reference design
  riscv: dts: microchip: remove soc vendor from filenames
  riscv: dts: microchip: move sysctrlr out of soc bus
  riscv: dts: microchip: remove icicle memory clocks
2022-06-01 18:34:02 -07:00
Stephen Brennan
d1dc87763f assoc_array: Fix BUG_ON during garbage collect
A rare BUG_ON triggered in assoc_array_gc:

    [3430308.818153] kernel BUG at lib/assoc_array.c:1609!

Which corresponded to the statement currently at line 1593 upstream:

    BUG_ON(assoc_array_ptr_is_meta(p));

Using the data from the core dump, I was able to generate a userspace
reproducer[1] and determine the cause of the bug.

[1]: https://github.com/brenns10/kernel_stuff/tree/master/assoc_array_gc

After running the iterator on the entire branch, an internal tree node
looked like the following:

    NODE (nr_leaves_on_branch: 3)
      SLOT [0] NODE (2 leaves)
      SLOT [1] NODE (1 leaf)
      SLOT [2..f] NODE (empty)

In the userspace reproducer, the pr_devel output when compressing this
node was:

    -- compress node 0x5607cc089380 --
    free=0, leaves=0
    [0] retain node 2/1 [nx 0]
    [1] fold node 1/1 [nx 0]
    [2] fold node 0/1 [nx 2]
    [3] fold node 0/2 [nx 2]
    [4] fold node 0/3 [nx 2]
    [5] fold node 0/4 [nx 2]
    [6] fold node 0/5 [nx 2]
    [7] fold node 0/6 [nx 2]
    [8] fold node 0/7 [nx 2]
    [9] fold node 0/8 [nx 2]
    [10] fold node 0/9 [nx 2]
    [11] fold node 0/10 [nx 2]
    [12] fold node 0/11 [nx 2]
    [13] fold node 0/12 [nx 2]
    [14] fold node 0/13 [nx 2]
    [15] fold node 0/14 [nx 2]
    after: 3

At slot 0, an internal node with 2 leaves could not be folded into the
node, because there was only one available slot (slot 0). Thus, the
internal node was retained. At slot 1, the node had one leaf, and was
able to be folded in successfully. The remaining nodes had no leaves,
and so were removed. By the end of the compression stage, there were 14
free slots, and only 3 leaf nodes. The tree was ascended and then its
parent node was compressed. When this node was seen, it could not be
folded, due to the internal node it contained.

The invariant for compression in this function is: whenever
nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT, the node should contain all
leaf nodes. The compression step currently cannot guarantee this, given
the corner case shown above.

To fix this issue, retry compression whenever we have retained a node,
and yet nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT. This second
compression will then allow the node in slot 1 to be folded in,
satisfying the invariant. Below is the output of the reproducer once the
fix is applied:

    -- compress node 0x560e9c562380 --
    free=0, leaves=0
    [0] retain node 2/1 [nx 0]
    [1] fold node 1/1 [nx 0]
    [2] fold node 0/1 [nx 2]
    [3] fold node 0/2 [nx 2]
    [4] fold node 0/3 [nx 2]
    [5] fold node 0/4 [nx 2]
    [6] fold node 0/5 [nx 2]
    [7] fold node 0/6 [nx 2]
    [8] fold node 0/7 [nx 2]
    [9] fold node 0/8 [nx 2]
    [10] fold node 0/9 [nx 2]
    [11] fold node 0/10 [nx 2]
    [12] fold node 0/11 [nx 2]
    [13] fold node 0/12 [nx 2]
    [14] fold node 0/13 [nx 2]
    [15] fold node 0/14 [nx 2]
    internal nodes remain despite enough space, retrying
    -- compress node 0x560e9c562380 --
    free=14, leaves=1
    [0] fold node 2/15 [nx 0]
    after: 3

Changes
=======
DH:
 - Use false instead of 0.
 - Reorder the inserted lines in a couple of places to put retained before
   next_slot.

ver #2)
 - Fix typo in pr_devel, correct comparison to "<="

Fixes: 3cb989501c ("Add a generic associative array implementation.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Andrew Morton <akpm@linux-foundation.org>
cc: keyrings@vger.kernel.org
Link: https://lore.kernel.org/r/20220511225517.407935-1-stephen.s.brennan@oracle.com/ # v1
Link: https://lore.kernel.org/r/20220512215045.489140-1-stephen.s.brennan@oracle.com/ # v2
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-06-01 18:29:06 -07:00
Slark Xiao
9f4fc18bf2 net: usb: qmi_wwan: Add support for Cinterion MV31 with new baseline
Adding support for Cinterion device MV31 with Qualcomm
new baseline. Use different PIDs to separate it from
previous base line products.
All interfaces settings keep same as previous.

T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  7 Spd=480 MxCh= 0
D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=1e2d ProdID=00b9 Rev=04.14
S:  Manufacturer=Cinterion
S:  Product=Cinterion PID 0x00B9 USB Mobile Broadband
S:  SerialNumber=90418e79
C:  #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=500mA
I:  If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
I:  If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
I:  If#=0x3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option

Signed-off-by: Slark Xiao <slark_xiao@163.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Link: https://lore.kernel.org/r/20220601040531.6016-1-slark_xiao@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 18:09:34 -07:00
Jakub Kicinski
c034ff2b53 mlx5-fixes-2022-05-31
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAmKWfVcACgkQSD+KveBX
 +j6WkQf/eKOHaSaD/h3JkUp1qFpFFxjdidnUJKVg/N4N5EhiiF5k2FZm5o0l3Nv9
 rR5emN/iMpeAtSEMoQcecKvjeCppFMFfuKWh8GoimQpbsApOwDvOAsk01p78FVOA
 ZK2DeWFdBT9P3d/NOiwgHujkYVHF0OuSMfnf5Iww3GubE5/1PfPZ4QTUyFRjM/D7
 Ir6GXi9psIBIERzAVTIRpnzTPjGzkKURgcyr5N7mpxMWbgjB4nKs//O0emfc/mG6
 i46OQNSU/mLWT7K8kXP2kyq6s1/DCXc+s7UbChEXp/v/N0yZeeelYrkhkZUsbGtr
 DA2mK2tikGGSGwtHpI8yYbs+N1LoIw==
 =msRz
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-fixes-2022-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
mlx5 fixes 2022-05-31

This series provides bug fixes to mlx5 driver.
Please pull and let me know if there is any problem.

* tag 'mlx5-fixes-2022-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux:
  net/mlx5: Fix mlx5_get_next_dev() peer device matching
  net/mlx5e: Update netdev features after changing XDP state
  net/mlx5: correct ECE offset in query qp output
  net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition
  net/mlx5: CT: Fix header-rewrite re-use for tupels
  net/mlx5e: TC NIC mode, fix tc chains miss table
  net/mlx5: Don't use already freed action pointer
====================

Link: https://lore.kernel.org/r/20220531205447.99236-1-saeed@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 18:04:41 -07:00
Jakub Kicinski
11049c9e71 Merge branch 'sfc-siena-fix-some-efx_separate_tx_channels-errors'
Íñigo Huguet says:

====================
sfc/siena: fix some efx_separate_tx_channels errors

Trying to load sfc driver with modparam efx_separate_tx_channels=1
resulted in errors during initialization and not being able to use the
NIC. This patches fix a few bugs and make it work again.

This has been already done for sfc, do it also for sfc_siena.
====================

Link: https://lore.kernel.org/r/20220601063603.15362-1-ihuguet@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 17:47:19 -07:00
Íñigo Huguet
25bde571b4 sfc/siena: fix wrong tx channel offset with efx_separate_tx_channels
tx_channel_offset is calculated in efx_allocate_msix_channels, but it is
also calculated again in efx_set_channels because it was originally done
there, and when efx_allocate_msix_channels was introduced it was
forgotten to be removed from efx_set_channels.

Moreover, the old calculation is wrong when using
efx_separate_tx_channels because now we can have XDP channels after the
TX channels, so n_channels - n_tx_channels doesn't point to the first TX
channel.

Remove the old calculation from efx_set_channels, and add the
initialization of this variable if MSI or legacy interrupts are used,
next to the initialization of the rest of the related variables, where
it was missing.

This has been already done for sfc, do it also for sfc_siena.

Fixes: 3990a8fffb ("sfc: allocate channels for XDP tx queues")
Reported-by: Tianhao Zhao <tizhao@redhat.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Acked-by: Martin Habets <habetsm.xilinx@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 17:47:17 -07:00
Martin Habets
183614bff5 sfc/siena: fix considering that all channels have TX queues
Normally, all channels have RX and TX queues, but this is not true if
modparam efx_separate_tx_channels=1 is used. In that cases, some
channels only have RX queues and others only TX queues (or more
preciselly, they have them allocated, but not initialized).

Fix efx_channel_has_tx_queues to return the correct value for this case
too.

This has been already done for sfc, do it also for sfc_siena.

Messages shown at probe time before the fix:
 sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0
 ------------[ cut here ]------------
 netdevice: ens6f0np0: failed to initialise TXQ -1
 WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]
 [...] stripped
 RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]
 [...] stripped
 Call Trace:
  efx_init_tx_queue+0xaa/0xf0 [sfc]
  efx_start_channels+0x49/0x120 [sfc]
  efx_start_all+0x1f8/0x430 [sfc]
  efx_net_open+0x5a/0xe0 [sfc]
  __dev_open+0xd0/0x190
  __dev_change_flags+0x1b3/0x220
  dev_change_flags+0x21/0x60
 [...] stripped

Messages shown at remove time before the fix:
 sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues
 sfc 0000:03:00.0 ens6f0np0: failed to flush queues

Fixes: 8700aff089 ("sfc: fix channel allocation with brute force")
Reported-by: Tianhao Zhao <tizhao@redhat.com>
Signed-off-by: Martin Habets <habetsm.xilinx@gmail.com>
Tested-by: Íñigo Huguet <ihuguet@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 17:47:16 -07:00
Jakub Kicinski
2440d2068a Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:

====================
ipsec 2022-06-01

1) Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
   From Michal Kubecek.

2) Don't set IPv4 DF bit when encapsulating IPv6 frames below 1280 bytes.
   From Maciej Żenczykowski.

* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
  xfrm: do not set IPv4 DF flag when encapsulating IPv6 frames <= 1280 bytes.
  Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
====================

Link: https://lore.kernel.org/r/20220601103349.2297361-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 17:44:04 -07:00
Jakub Kicinski
38a4762e4b wireless fixes for v5.19
First set of fixes for v5.19. Build fixes for iwlwifi and libertas, a
 scheduling while atomic fix for rtw88 and use-after-free fix for
 mac80211.
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEiBjanGPFTz4PRfLobhckVSbrbZsFAmKXSCgRHGt2YWxvQGtl
 cm5lbC5vcmcACgkQbhckVSbrbZvWpAf9G7EudAQVOCfP4ogJ89m60U5S3ui4HbSG
 5hyTwxUnzdrngYmykSEOsChX4inhZOPGiGBD1652sy82NQpD6e8lxRsBQUQeb8lm
 RTn4PBY9sWVJo7Qe1oLXLv6yKApAdiUlVtWJNZDjotOZUxd7KubCQWcTz4lNQ/Mu
 AG5zvWuCDP+McY9r6rqwhI3+ql/gsewbcONHd9nZufQMydDtxE39lk5GKFvPJgg2
 F6sAYPP/O243nVDUOmg73NrnlU+2tWwamCUp8v4dSlQpfXRd+G65k5AKruz5AXmJ
 zQ9rQkCe1aCvyPOtRa6Q2uAsi553NaCDudHHRgxV8+qP7phXWOpV/g==
 =Cly8
 -----END PGP SIGNATURE-----

Merge tag 'wireless-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

Kalle Valo says:

====================
wireless fixes for v5.19

First set of fixes for v5.19. Build fixes for iwlwifi and libertas, a
scheduling while atomic fix for rtw88 and use-after-free fix for
mac80211.

* tag 'wireless-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
  wifi: mac80211: fix use-after-free in chanctx code
  wifi: rtw88: add a work to correct atomic scheduling warning of ::set_tim
  wifi: iwlwifi: pcie: rename CAUSE macro
  wifi: libertas: use variable-size data in assoc req/resp cmd
====================

Link: https://lore.kernel.org/r/20220601110741.90B28C385A5@smtp.kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 17:34:22 -07:00
Linus Torvalds
0e5ab8dd87 xfs: Changes for 5.19-rc1 [2nd set]
This update includes:
 - fix refcount leak in xfs_ifree()
 - fix xfs_buf_cancel structure leaks in log recovery
 - fix dquot leak after failed quota check
 - fix a couple of problematic ASSERTS
 - fix small aim7 perf regression in from new btree sibling
   validation
 - clean up log incompat feature marking for new logged attribute
   feature
 - disallow logged attributes on legacy V4 filesystem formats.
 - fix da state leak when freeing attr intents
 - improve validation of the attr log items in recovery
 - use slab caches for commonly used attr structures
 - fix leaks of attr name/value buffer and reduce copying overhead
   during intent logging
 - remove some dead debug code from log recovery
 -----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEmJOoJ8GffZYWSjj/regpR/R1+h0FAmKX4ZUUHGRhdmlkQGZy
 b21vcmJpdC5jb20ACgkQregpR/R1+h06gQ//X9786aR6rfeMprvrWLqY0Ui6mGz4
 qI7s1BhsEyh6VMMzjVa0AzjX7R565ISTr4SdxLNewdPPAvro+avd2K4t+FdfFTG0
 9cA4kgC5MoURljHZmflYB8EKGsLXQ2fuzDmih6Ozu4pmKhKc5QU3XpsLn2HzLded
 KrNc08GX2JKvBxjdImk0pTxUq2xZ5CPWvpjdrfxnN2bNPHdJJtqBh/lhX1r73bqA
 Tz0RLwUqbL7fUZfIeslDlu2rU/MlZDXhT7C81y6tnyg7ObNN35NXuZX/UfQKFIWR
 pXUiPZTurso9Z7g7leEJ2Uco7Aeivs36mqes60Mv4YvN5ilv/Ja07kFZlfdaYkhJ
 YYSeIod1QLH3aOJOImPjYpOFOjyHrXmdG5KS5iLqADokywCPfgDMxCVWKeKxtLCC
 /1jBEQnKDWdZtAHup+vQ4PC1YP0rsLhXfNQNjYau8pwhEaN8nl2MOWMmQOLMyoES
 VAsBV9zrCa60sPT5IdYgnkRG3C+QV7nwLoLluguS+XvWtBgB0zxqjSZG5jFYYgCr
 v8VfW5esnvs+hF8YD3RmWpKxnoTuCXaftbc7ZdxneKZJyDPzWqr81zySCeBVCbt/
 wWrkl5E3Mdhq+LHDcbnrRZ63W377aRiNAh5D+aIeJUm0HZoEP+VLqBRVnWOuv/LC
 AfIuZcQi24PIZPw=
 =OLD4
 -----END PGP SIGNATURE-----

Merge tag 'xfs-5.19-for-linus-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull more xfs updates from Dave Chinner:
 "This update is largely bug fixes and cleanups for all the code merged
  in the first pull request. The majority of them are to the new logged
  attribute code, but there are also a couple of fixes for other log
  recovery and memory leaks that have recently been found.

  Summary:

   - fix refcount leak in xfs_ifree()

   - fix xfs_buf_cancel structure leaks in log recovery

   - fix dquot leak after failed quota check

   - fix a couple of problematic ASSERTS

   - fix small aim7 perf regression in from new btree sibling validation

   - clean up log incompat feature marking for new logged attribute
     feature

   - disallow logged attributes on legacy V4 filesystem formats.

   - fix da state leak when freeing attr intents

   - improve validation of the attr log items in recovery

   - use slab caches for commonly used attr structures

   - fix leaks of attr name/value buffer and reduce copying overhead
     during intent logging

   - remove some dead debug code from log recovery"

* tag 'xfs-5.19-for-linus-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (33 commits)
  xfs: fix xfs_ifree() error handling to not leak perag ref
  xfs: move xfs_attr_use_log_assist usage out of libxfs
  xfs: move xfs_attr_use_log_assist out of xfs_log.c
  xfs: warn about LARP once per mount
  xfs: implement per-mount warnings for scrub and shrink usage
  xfs: don't log every time we clear the log incompat flags
  xfs: convert buf_cancel_table allocation to kmalloc_array
  xfs: don't leak xfs_buf_cancel structures when recovery fails
  xfs: refactor buffer cancellation table allocation
  xfs: don't leak btree cursor when insrec fails after a split
  xfs: purge dquots after inode walk fails during quotacheck
  xfs: assert in xfs_btree_del_cursor should take into account error
  xfs: don't assert fail on perag references on teardown
  xfs: avoid unnecessary runtime sibling pointer endian conversions
  xfs: share xattr name and value buffers when logging xattr updates
  xfs: do not use logged xattr updates on V4 filesystems
  xfs: Remove duplicate include
  xfs: reduce IOCB_NOWAIT judgment for retry exclusive unaligned DIO
  xfs: Remove dead code
  xfs: fix typo in comment
  ...
2022-06-01 17:23:53 -07:00
Tobias Klauser
8d3398ba2a socket: Don't use u8 type in uapi socket.h
Use plain 255 instead, which also avoid introducing an additional header
dependency on <linux/types.h>

Fixes: 26859240e4 ("txhash: Add socket option to control TX hash rethink behavior")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Link: https://lore.kernel.org/r/20220531094345.13801-1-tklauser@distanz.ch
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-01 16:48:05 -07:00
Douglas Anderson
b9364eed92 drm/msm/dpu: Move min BW request and full BW disable back to mdss
In commit a670ff578f ("drm/msm/dpu: always use mdp device to scale
bandwidth") we fully moved interconnect stuff to the DPU driver. This
had no change for sc7180 but _did_ have an impact for other SoCs. It
made them match the sc7180 scheme.

Unfortunately, the sc7180 scheme seems like it was a bit broken.
Specifically the interconnect needs to be on for more than just the
DPU driver's AXI bus. In the very least it also needs to be on for the
DSI driver's AXI bus. This can be seen fairly easily by doing this on
a ChromeOS sc7180-trogdor class device:

  set_power_policy --ac_screen_dim_delay=5 --ac_screen_off_delay=10
  sleep 10
  cd /sys/bus/platform/devices/ae94000.dsi/power
  echo on > control

When you do that, you'll get a warning splat in the logs about
"gcc_disp_hf_axi_clk status stuck at 'off'".

One could argue that perhaps what I have done above is "illegal" and
that it can't happen naturally in the system because in normal system
usage the DPU is pretty much always on when DSI is on. That being
said:
* In official ChromeOS builds (admittedly a 5.4 kernel with backports)
  we have seen that splat at bootup.
* Even though we don't use "autosuspend" for these components, we
  don't use the "put_sync" variants. Thus plausibly the DSI could stay
  "runtime enabled" past when the DPU is enabled. Techncially we
  shouldn't do that if the DPU's suspend ends up yanking our clock.

Let's change things such that the "bare minimum" request for the
interconnect happens in the mdss driver again. That means that all of
the children can assume that the interconnect is on at the minimum
bandwidth. We'll then let the DPU request the higher amount that it
wants.

It should be noted that this isn't as hacky of a solution as it might
initially appear. Specifically:
* Since MDSS and DPU individually get their own references to the
  interconnect then the framework will actually handle aggregating
  them. The two drivers are _not_ clobbering each other.
* When the Qualcomm interconnect driver aggregates it takes the max of
  all the peaks. Thus having MDSS request a peak, as we're doing here,
  won't actually change the total interconnect bandwidth (it won't be
  added to the request for the DPU). This perhaps explains why the
  "average" requested in MDSS was historically 0 since that one
  _would_ be added in.

NOTE also that in the downstream ChromeOS 5.4 and 5.15 kernels, we're
also seeing some RPMH hangs that are addressed by this fix. These
hangs are showing up in the field and on _some_ devices with enough
stress testing of suspend/resume. Specifically right at suspend time
with a stack crawl that looks like this (from chromeos-5.15 tree):
  rpmh_write_batch+0x19c/0x240
  qcom_icc_bcm_voter_commit+0x210/0x420
  qcom_icc_set+0x28/0x38
  apply_constraints+0x70/0xa4
  icc_set_bw+0x150/0x24c
  dpu_runtime_resume+0x50/0x1c4
  pm_generic_runtime_resume+0x30/0x44
  __genpd_runtime_resume+0x68/0x7c
  genpd_runtime_resume+0x12c/0x20c
  __rpm_callback+0x98/0x138
  rpm_callback+0x30/0x88
  rpm_resume+0x370/0x4a0
  __pm_runtime_resume+0x80/0xb0
  dpu_kms_enable_commit+0x24/0x30
  msm_atomic_commit_tail+0x12c/0x630
  commit_tail+0xac/0x150
  drm_atomic_helper_commit+0x114/0x11c
  drm_atomic_commit+0x68/0x78
  drm_atomic_helper_disable_all+0x158/0x1c8
  drm_atomic_helper_suspend+0xc0/0x1c0
  drm_mode_config_helper_suspend+0x2c/0x60
  msm_pm_prepare+0x2c/0x40
  pm_generic_prepare+0x30/0x44
  genpd_prepare+0x80/0xd0
  device_prepare+0x78/0x17c
  dpm_prepare+0xb0/0x384
  dpm_suspend_start+0x34/0xc0

We don't completely understand all the mechanisms in play, but the
hang seemed to come and go with random factors. It's not terribly
surprising that the hang is gone after this patch since the line of
code that was failing is no longer present in the kernel.

Fixes: a670ff578f ("drm/msm/dpu: always use mdp device to scale bandwidth")
Fixes: c33b7c0389 ("drm/msm/dpu: add support for clk and bw scaling for display")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Tested-by: Jessica Zhang <quic_jesszhan@quicinc.com> # RB3 (sdm845) and
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/487884/
Link: https://lore.kernel.org/r/20220531160059.v2.1.Ie7f6d4bf8cce28131da31a43354727e417cae98d@changeid
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
2022-06-01 16:16:19 -07:00
Haowen Bai
8caad14e72 drm/msm/dpu: Fix pointer dereferenced before checking
The phys_enc->wb_idx is dereferencing before null checking, so move
it after checking.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Fixes: d7d0e73f7d ("drm/msm/dpu: introduce the dpu_encoder_phys_* for
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/487606/
Link: https://lore.kernel.org/r/1653877196-23114-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
2022-06-01 16:16:05 -07:00