22 Jan, 2021
10 commits
-
Remove less-than-zero comparison of an unsigned value
Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
Check return value to fix Coverity Issue: 11566403.
Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
Check return value to fix coverity Issue: 11566404.
Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
Delete unused code to fix coverity Issue: 11566405.
Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
Delete dead code to fix Coverity Issue: 11566407.
Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
Add default access hdcp bus to fix
Coverity Issue: 11566406 Uninitialized scalar variable.Signed-off-by: Sandor Yu
Reviewed-by: Robby Cai -
With mailbox driver support i.MX8 SCU MU channel, we could
use it to avoid trigger interrupts for each TR/RR registers
in one MU, instead, only one RX interrupt for a recv and
one TX interrupt for a send.Signed-off-by: Nitin Garg
Reviewed-by: Dong Aisheng -
This reverts commit 31997c2be9328bfe82fd7484b8532646de4d4965.
This change isn't needed as the new MU binding is efficient and
can handle messages of any sizes.Signed-off-by: Nitin Garg
Reviewed-by: Dong Aisheng -
This reverts commit 175fe6289fcb7e13cb5add2b80cdc0e5e049fb95.
This change isn't needed as the new MU binding is efficient and
can handle messages of any sizes.Signed-off-by: Nitin Garg
Reviewed-by: Dong Aisheng -
The 'dmt' is duplicated by 'drm_mode_find_dmt()' and it
should be explicitly freed after it has been used to avoid
memory leak.This issue is detected by Coverity with CID 1149970.
Signed-off-by: Fancy Fang
Reviewed-by: Robby Cai
21 Jan, 2021
3 commits
-
In case no job rings are available, secure memory structures are not
initialized, since caam_jr_probe()->init_misc_func()->caam_sm_startup()
is not called.
This could happen if all job ring devices bind to the jr uio driver
instead of the caam/jr driver.
Running sm_test in this case will lead to a crash.Add a check to verify that SM has been initialized - if not the tests
will be skipped.Reported-by: Gaurav Jain
Signed-off-by: Horia Geantă
Reviewed-by: Gaurav Jain -
Introduction
===Currently we are facing some limitations in the caam/jr module lifecycle.
There are some discussion in upstream:
Link: https://lore.kernel.org/linux-crypto/20190904023515.7107-13-andrew.smirnov@gmail.com
Link: https://lore.kernel.org/linux-crypto/20191105151353.6522-1-andrew.smirnov@gmail.com
but in the end it all seems to get down to implementations not being able
to gracefully unregister crypto algorithms from crypto API while there are
users / allocated tfms (cra_refcnt > 1).[*] OTOH functionalities in caam/jr that don't interact with crypto API
(like Secure Memory or black keys / blobs generation) don't face this
limitation.Issue at hand
===When unloading the caam_jr module, the .remove callback for the last JR
device exits with -EBUSY (see "Introduction" above) and doesn't perform
the clean-up (crypto algorithms unregistering etc.).One side effect of this is leeding to an oops, which occurs due to a
corruption in the linked list of "misc devices"
(drivers/char/misc.c - misc_list):
1. caam_jr module is unloaded without calling unregister_algs()->
caam_keygen_exit()->misc_deregister() for the last job ring device;
this leaves a dangling entry in the misc_list double-linked list
2. rng_core module is unloaded and calls misc_deregister(); this implies
removing the corresponding entry in the misc_list; while doing this the
dangling entry is accessed - which leads to an oops since the address is
no longer valid (address points to the caam_jr module address space,
but caam_jr has been previously unloaded).Fix this by moving the clean-up of non-crypto related functionalities [*]
before crypto related ones.Fixes: 3af836d4b311 ("MLK-24420-3 crypto: caam - add ioctl calls for black keys and blobs generation")
Signed-off-by: Horia Geantă
Reviewed-by: Gaurav Jain -
In case of long format of qDMA command descriptor, there are one frame
descriptor, three entries in the frame list and two data entries. So the
size of dma_pool_create for these three fields should be the same with
the total size of entries respectively, or the contents may be overwritten
by the next allocated descriptor.Signed-off-by: Guanhua Gao
20 Jan, 2021
27 commits
-
This is the 5.10.9 stable release
* tag 'v5.10.9': (153 commits)
Linux 5.10.9
netfilter: nf_nat: Fix memleak in nf_nat_init
netfilter: conntrack: fix reading nf_conntrack_buckets
...Signed-off-by: Jason Liu
-
This is the 5.10.8 stable release
* tag 'v5.10.8': (104 commits)
Linux 5.10.8
tools headers UAPI: Sync linux/fscrypt.h with the kernel sources
drm/panfrost: Remove unused variables in panfrost_job_close()
...Signed-off-by: Jason Liu
-
This is the 5.10.7 stable release
* tag 'v5.10.7': (144 commits)
Linux 5.10.7
scsi: target: Fix XCOPY NAA identifier lookup
rtlwifi: rise completion at the last step of firmware callback
...Signed-off-by: Jason Liu
-
This is the 5.10.6 stable release
* tag 'v5.10.6': (21 commits)
Linux 5.10.6
mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
exec: Transform exec_update_mutex into a rw_semaphore
...Signed-off-by: Jason Liu
Conflicts:
drivers/rtc/rtc-pcf2127.c -
This is the 5.10.5 stable release
* tag 'v5.10.5': (63 commits)
Linux 5.10.5
device-dax: Fix range release
ext4: avoid s_mb_prefetch to be zero in individual scenarios
...Signed-off-by: Jason Liu
-
add the gpio-scu node and enable on-board phy for
enet0 by default.remove "enable-active-high" property from mii_select node to
use the enet module.Signed-off-by: Shenwei Wang
-
This is a gpio driver to control the PINs which are managed by scu fw.
Signed-off-by: Shenwei Wang
-
Tested-by: Linux Kernel Functional Testing
Tested-by: Pavel Machek (CIP)
Tested-by: Jon Hunter
Tested-by: Guenter Roeck
Link: https://lore.kernel.org/r/20210118113352.764293297@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman -
commit 869f4fdaf4ca7bb6e0d05caf6fa1108dddc346a7 upstream.
When register_pernet_subsys() fails, nf_nat_bysource
should be freed just like when nf_ct_extend_register()
fails.Fixes: 1cd472bf036ca ("netfilter: nf_nat: add nat hook register functions to nf_nat")
Signed-off-by: Dinghao Liu
Acked-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit f6351c3f1c27c80535d76cac2299aec44c36291e upstream.
The old way of changing the conntrack hashsize runtime was through changing
the module param via file /sys/module/nf_conntrack/parameters/hashsize. This
was extended to sysctl change in commit 3183ab8997a4 ("netfilter: conntrack:
allow increasing bucket size via sysctl too").The commit introduced second "user" variable nf_conntrack_htable_size_user
which shadow actual variable nf_conntrack_htable_size. When hashsize is
changed via module param this "user" variable isn't updated. This results in
sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users
update via the old way.This patch fix the issue by always updating "user" variable when reading the
proc file. This will take care of changes to the actual variable without
sysctl need to be aware.Fixes: 3183ab8997a4 ("netfilter: conntrack: allow increasing bucket size via sysctl too")
Reported-by: Yoel Caspersen
Signed-off-by: Jesper Dangaard Brouer
Acked-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit 9f65df9c589f249435255da37a5dd11f1bc86f4d upstream.
As snd_fw_async_midi_port.consume_bytes is unsigned int, and
NSEC_PER_SEC is 1000000000L, the second multiplication inport->consume_bytes * 8 * NSEC_PER_SEC / 31250
always overflows on 32-bit platforms, truncating the result. Fix this
by precalculating "NSEC_PER_SEC / 31250", which is an integer constant.Note that this assumes port->consume_bytes
Signed-off-by: Geert Uytterhoeven
Link: https://lore.kernel.org/r/20210111130251.361335-3-geert+renesas@glider.be
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman -
commit e7c22eeaff8565d9a8374f320238c251ca31480b upstream.
As snd_ff.rx_bytes[] is unsigned int, and NSEC_PER_SEC is 1000000000L,
the second multiplication inff->rx_bytes[port] * 8 * NSEC_PER_SEC / 31250
always overflows on 32-bit platforms, truncating the result. Fix this
by precalculating "NSEC_PER_SEC / 31250", which is an integer constant.Note that this assumes ff->rx_bytes[port]
Signed-off-by: Geert Uytterhoeven
Link: https://lore.kernel.org/r/20210111130251.361335-2-geert+renesas@glider.be
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman -
commit 0378c625afe80eb3f212adae42cc33c9f6f31abf upstream.
There wasn't ever a real need to log an error in the kernel log for
ioctls issued with insufficient permissions. Simply return an error
and if an admin/user is sufficiently motivated they can enable DM's
dynamic debugging to see an explanation for why the ioctls were
disallowed.Reported-by: Nir Soffer
Fixes: e980f62353c6 ("dm: don't allow ioctls to targets that don't map to whole devices")
Signed-off-by: Mike Snitzer
Signed-off-by: Greg Kroah-Hartman -
commit fab336b42441e0b2eb1d81becedb45fbdf99606e upstream.
Fix nft_conntrack_helper.sh false fail report:
1) Conntrack tool need "-f ipv6" parameter to show out ipv6 traffic items.
2) Sleep 1 second after background nc send packet, to make sure check
is after this statement executed.False report:
FAIL: ns1-lkjUemYw did not show attached helper ip set via ruleset
PASS: ns1-lkjUemYw connection on port 2121 has ftp helper attached
...After fix:
PASS: ns1-2hUniwU2 connection on port 2121 has ftp helper attached
PASS: ns2-2hUniwU2 connection on port 2121 has ftp helper attached
...Fixes: 619ae8e0697a6 ("selftests: netfilter: add test case for conntrack helper assignment")
Signed-off-by: Chen Yi
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit 86b53fbf08f48d353a86a06aef537e78e82ba721 upstream.
A return value of 0 means success. This is documented in lib/kstrtox.c.
This was found by trying to mount an NFS share from a link-local IPv6
address with the interface specified by its index:mount("[fe80::1%1]:/srv/nfs", "/mnt", "nfs", 0, "nolock,addr=fe80::1%1")
Before this commit this failed with EINVAL and also caused the following
message in dmesg:[...] NFS: bad IP address specified: addr=fe80::1%1
The syscall using the same address based on the interface name instead
of its index succeeds.Credits for this patch go to my colleague Christian Speich, who traced
the origin of this bug to this line of code.Signed-off-by: Johannes Nixdorf
Fixes: 00cfaa943ec3 ("replace strict_strto calls")
Signed-off-by: Trond Myklebust
Signed-off-by: Greg Kroah-Hartman -
commit 2d6ffc63f12417b979955a5b22ad9a76d2af5de9 upstream.
The VT-d hardware will ignore those Addr bits which have been masked by
the AM field in the PASID-based-IOTLB invalidation descriptor. As the
result, if the starting address in the descriptor is not aligned with
the address mask, some IOTLB caches might not invalidate. Hence people
will see below errors.[ 1093.704661] dmar_fault: 29 callbacks suppressed
[ 1093.704664] DMAR: DRHD: handling fault status reg 3
[ 1093.712738] DMAR: [DMA Read] Request device [7a:02.0] PASID 2
fault addr 7f81c968d000 [fault reason 113]
SM: Present bit in first-level paging entry is clearFix this by using aligned address for PASID-based-IOTLB invalidation.
Fixes: 1c4f88b7f1f9 ("iommu/vt-d: Shared virtual address in scalable mode")
Reported-and-tested-by: Guo Kaijie
Signed-off-by: Lu Baolu
Link: https://lore.kernel.org/r/20201231005323.2178523-2-baolu.lu@linux.intel.com
Signed-off-by: Will Deacon
Signed-off-by: Greg Kroah-Hartman -
commit 7cd1af107a92eb63b93a96dc07406dcbc5269436 upstream.
We should call irq trace only if interrupt is going to be enabled during
excecption handling. Otherwise, it results in following warning during
boot with lock debugging enabled.[ 0.000000] ------------[ cut here ]------------
[ 0.000000] DEBUG_LOCKS_WARN_ON(early_boot_irqs_disabled)
[ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:4085 lockdep_hardirqs_on_prepare+0x22a/0x22e
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.10.0-00022-ge20097fb37e2-dirty #548
[ 0.000000] epc: c005d5d4 ra : c005d5d4 sp : c1c01e80
[ 0.000000] gp : c1d456e0 tp : c1c0a980 t0 : 00000000
[ 0.000000] t1 : ffffffff t2 : 00000000 s0 : c1c01ea0
[ 0.000000] s1 : c100f360 a0 : 0000002d a1 : c00666ee
[ 0.000000] a2 : 00000000 a3 : 00000000 a4 : 00000000
[ 0.000000] a5 : 00000000 a6 : c1c6b390 a7 : 3ffff00e
[ 0.000000] s2 : c2384fe8 s3 : 00000000 s4 : 00000001
[ 0.000000] s5 : c1c0a980 s6 : c1d48000 s7 : c1613b4c
[ 0.000000] s8 : 00000fff s9 : 80000200 s10: c1613b40
[ 0.000000] s11: 00000000 t3 : 00000000 t4 : 00000000
[ 0.000000] t5 : 00000001 t6 : 00000000Fixes: 3c4697982982 ("riscv:Enable LOCKDEP_SUPPORT & fixup TRACE_IRQFLAGS_SUPPORT")
Signed-off-by: Atish Patra
Signed-off-by: Palmer Dabbelt
Signed-off-by: Greg Kroah-Hartman -
commit 8ff60eb052eeba95cfb3efe16b08c9199f8121cf upstream.
acquire_slab() fails if there is contention on the freelist of the page
(probably because some other CPU is concurrently freeing an object from
the page). In that case, it might make sense to look for a different page
(since there might be more remote frees to the page from other CPUs, and
we don't want contention on struct page).However, the current code accidentally stops looking at the partial list
completely in that case. Especially on kernels without CONFIG_NUMA set,
this means that get_partial() fails and new_slab_objects() falls back to
new_slab(), allocating new pages. This could lead to an unnecessary
increase in memory fragmentation.Link: https://lkml.kernel.org/r/20201228130853.1871516-1-jannh@google.com
Fixes: 7ced37197196 ("slub: Acquire_slab() avoid loop")
Signed-off-by: Jann Horn
Acked-by: David Rientjes
Acked-by: Joonsoo Kim
Cc: Christoph Lameter
Cc: Pekka Enberg
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 09aa9e45863e9e25dfbf350bae89fc3c2964482c upstream.
The mitigation is required for all gen7 platforms, now that it does not
cause GPU hangs, restore it for Ivybridge and Baytrail.Fixes: 47f8253d2b89 ("drm/i915/gen7: Clear all EU/L3 residual contexts")
Signed-off-by: Chris Wilson
Cc: Mika Kuoppala
Cc: Prathap Kumar Valsan
Cc: Akeem G Abodunrin
Cc: Bloomfield Jon
Reviewed-by: Akeem G Abodunrin
Reviewed-by: Rodrigo Vivi
Link: https://patchwork.freedesktop.org/patch/msgid/20210111225220.3483-2-chris@chris-wilson.co.uk
(cherry picked from commit 008ead6ef8f588a8c832adfe9db201d9be5fd410)
Signed-off-by: Jani Nikula
Signed-off-by: Greg Kroah-Hartman -
commit 2af5268180410b874fc06be91a1b2fbb22b1be0c upstream.
For an enabled DSC during HW readout the corresponding power reference
is taken along the CRTC power domain references in
get_crtc_power_domains(). Remove the incorrect get ref from the DSI
encoder hook.Fixes: 2b68392e638d ("drm/i915/dsi: add support for DSC")
Cc: Vandita Kulkarni
Cc: Jani Nikula
Signed-off-by: Imre Deak
Reviewed-by: Anshuman Gupta
Link: https://patchwork.freedesktop.org/patch/msgid/20201209153952.3397959-1-imre.deak@intel.com
(cherry picked from commit 3a9ec563a4ff770ae647f6ee539810f1866866c9)
Signed-off-by: Jani Nikula
Signed-off-by: Greg Kroah-Hartman -
…eset-deassert MIPI-sequence
commit 00cb645fd7e29bdd20967cd20fa8f77bcdf422f9 upstream.
Commit 25b4620ee822 ("drm/i915/dsi: Skip delays for v3 VBTs in vid-mode")
added an intel_dsi_msleep() helper which skips sleeping if the
MIPI-sequences have a version of 3 or newer and the panel is in vid-mode;
and it moved a bunch of msleep-s over to this new helper.This was based on my reading of the big comment around line 730 which
starts with "Panel enable/disable sequences from the VBT spec.",
where the "v3 video mode seq" column does not have any wait t# entries.Given that this code has been used on a lot of different devices without
issues until now, it seems that my interpretation of the spec here is
mostly correct.But now I have encountered one device, an Acer Aspire Switch 10 E
SW3-016, where the panel will not light up unless we do actually honor the
panel_on_delay after exexuting the MIPI_SEQ_PANEL_ON sequence.What seems to set this model apart is that it is lacking a
MIPI_SEQ_DEASSERT_RESET sequence, which is where the power-on
delay usually happens.Fix the panel not lighting up on this model by using an unconditional
msleep(panel_on_delay) instead of intel_dsi_msleep() when there is
no MIPI_SEQ_DEASSERT_RESET sequence.Fixes: 25b4620ee822 ("drm/i915/dsi: Skip delays for v3 VBTs in vid-mode")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20201118124058.26021-1-hdegoede@redhat.com
(cherry picked from commit 6fdb335f1c9c0845b50625de1624d8445c4c4a07)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -
commit b690bd546b227c32b860dae985a18bed8aa946fe upstream.
Without crc32 support, this driver fails to link:
arm-linux-gnueabi-ld: drivers/md/dm-zoned-metadata.o: in function `dmz_write_sb':
dm-zoned-metadata.c:(.text+0xe98): undefined reference to `crc32_le'
arm-linux-gnueabi-ld: drivers/md/dm-zoned-metadata.o: in function `dmz_check_sb':
dm-zoned-metadata.c:(.text+0x7978): undefined reference to `crc32_le'Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target")
Signed-off-by: Arnd Bergmann
Reviewed-by: Damien Le Moal
Signed-off-by: Mike Snitzer
Signed-off-by: Greg Kroah-Hartman -
commit a0a6df9afcaf439a6b4c88a3b522e3d05fdef46f upstream.
Unfortunately, there's userland code that used to rely upon these
checks being done before anything else to check for UMOUNT_NOFOLLOW
support. That broke in 41525f56e256 ("fs: refactor ksys_umount").
Separate those from the rest of checks and move them to ksys_umount();
unlike everything else in there, this can be sanely done there.Reported-by: Sargun Dhillon
Fixes: 41525f56e256 ("fs: refactor ksys_umount")
Signed-off-by: Al Viro
Signed-off-by: Greg Kroah-Hartman -
commit 2cb091f6293df898b47f4e0f2e54324e2bbaf816 upstream.
When set_has_smi_cap() fails, multiport master cleanup is missed. Fix it
by doing the correct error unwinding goto.Fixes: a989ea01cb10 ("RDMA/mlx5: Move SMI caps logic")
Link: https://lore.kernel.org/r/20210113121703.559778-3-leon@kernel.org
Signed-off-by: Parav Pandit
Signed-off-by: Leon Romanovsky
Signed-off-by: Jason Gunthorpe
Signed-off-by: Greg Kroah-Hartman -
commit 1c3aa6bd0b823105c2030af85d92d158e815d669 upstream.
If the allocation of the fast path blue flame register fails, the driver
should free the regular blue flame register allocated a statement above,
not the one that it just failed to allocate.Fixes: 16c1975f1032 ("IB/mlx5: Create profile infrastructure to add and remove stages")
Link: https://lore.kernel.org/r/20210113121703.559778-6-leon@kernel.org
Reported-by: Hans Petter Selasky
Signed-off-by: Mark Bloch
Signed-off-by: Leon Romanovsky
Signed-off-by: Jason Gunthorpe
Signed-off-by: Greg Kroah-Hartman -
commit 869c4d5eb1e6fbda66aa790c48bdb946d71494a0 upstream.
The function bnxt_get_ulp_stat_ctxs() does not count the stats contexts
used by the RDMA driver correctly when the RDMA driver is freeing the
MSIX vectors. It assumes that if the RDMA driver is registered, the
additional stats contexts will be needed. This is not true when the
RDMA driver is about to unregister and frees the MSIX vectors.This slight error leads to over accouting of the stats contexts needed
after the RDMA driver has unloaded. This will cause some firmware
warning and error messages in dmesg during subsequent config. changes
or ifdown/ifup.Fix it by properly accouting for extra stats contexts only if the
RDMA driver is registered and MSIX vectors have been successfully
requested.Fixes: c027c6b4e91f ("bnxt_en: get rid of num_stat_ctxs variable")
Reviewed-by: Yongping Zhang
Reviewed-by: Pavan Chebbi
Signed-off-by: Michael Chan
Signed-off-by: Jakub Kicinski
Signed-off-by: Greg Kroah-Hartman -
commit a306aba9c8d869b1fdfc8ad9237f1ed718ea55e6 upstream.
If usnic_ib_qp_grp_create() fails at the first call, dev_list
will not be freed on error, which leads to memleak.Fixes: e3cf00d0a87f ("IB/usnic: Add Cisco VIC low-level hardware driver")
Link: https://lore.kernel.org/r/20201226074248.2893-1-dinghao.liu@zju.edu.cn
Signed-off-by: Dinghao Liu
Reviewed-by: Leon Romanovsky
Signed-off-by: Jason Gunthorpe
Signed-off-by: Greg Kroah-Hartman
