14 Jan, 2021
1 commit
-
Export kstat_irqs_usr and kstat_irqs_cpu symbols for vendor
loadable modules. These symbols are useful for continuous
monitoring of irq stats to detect problems like interrupt
storms.1) kstat_irqs_usr: it helps in getting total interrupt count
for an IRQ.2) kstat_irqs_cpu: it helps in getting per cpu interrupt count
for an IRQ.Bug: 177393442
Change-Id: I6f65c5759cd096db391e1c41e4260aa4ebc40fb4
Signed-off-by: Prateek Sood
Signed-off-by: Mukesh Ojha
13 Jan, 2021
39 commits
-
Changes in 5.10.7
i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
iavf: fix double-release of rtnl_lock
net/sched: sch_taprio: ensure to reset/destroy all child qdiscs
net: mvpp2: Add TCAM entry to drop flow control pause frames
net: mvpp2: prs: fix PPPoE with ipv6 packet parse
net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
ethernet: ucc_geth: set dev->max_mtu to 1518
ionic: account for vlan tag len in rx buffer len
atm: idt77252: call pci_disable_device() on error path
net: mvpp2: Fix GoP port 3 Networking Complex Control configurations
net: stmmac: dwmac-meson8b: ignore the second clock input
ibmvnic: fix login buffer memory leak
ibmvnic: continue fatal error reset after passive init
net: ethernet: mvneta: Fix error handling in mvneta_probe
qede: fix offload for IPIP tunnel packets
virtio_net: Fix recursive call to cpus_read_lock()
net/ncsi: Use real net-device for response handler
net: ethernet: Fix memleak in ethoc_probe
net-sysfs: take the rtnl lock when storing xps_cpus
net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
net-sysfs: take the rtnl lock when storing xps_rxqs
net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc
net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
e1000e: Only run S0ix flows if shutdown succeeded
e1000e: bump up timeout to wait when ME un-configures ULP mode
Revert "e1000e: disable s0ix entry and exit flows for ME systems"
e1000e: Export S0ix flags to ethtool
bnxt_en: Check TQM rings for maximum supported value.
net: mvpp2: fix pkt coalescing int-threshold configuration
bnxt_en: Fix AER recovery.
ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
net: sched: prevent invalid Scell_log shift count
net: hns: fix return value check in __lb_other_process()
erspan: fix version 1 check in gre_parse_header()
net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
bareudp: set NETIF_F_LLTX flag
bareudp: Fix use of incorrect min_headroom size
vhost_net: fix ubuf refcount incorrectly when sendmsg fails
r8169: work around power-saving bug on some chip versions
net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access
CDC-NCM: remove "connected" log message
ibmvnic: fix: NULL pointer dereference.
net: usb: qmi_wwan: add Quectel EM160R-GL
selftests: mlxsw: Set headroom size of correct port
stmmac: intel: Add PCI IDs for TGL-H platform
selftests/vm: fix building protection keys test
block: add debugfs stanza for QUEUE_FLAG_NOWAIT
workqueue: Kick a worker based on the actual activation of delayed works
scsi: ufs: Fix wrong print message in dev_err()
scsi: ufs-pci: Fix restore from S4 for Intel controllers
scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff()
scsi: ufs-pci: Fix recovery from hibernate exit errors for Intel controllers
scsi: ufs-pci: Enable UFSHCD_CAP_RPM_AUTOSUSPEND for Intel controllers
scsi: block: Introduce BLK_MQ_REQ_PM
scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
scsi: ide: Mark power management requests with RQF_PM instead of RQF_PREEMPT
scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
scsi: core: Only process PM requests if rpm_status != RPM_ACTIVE
local64.h: make mandatory
lib/genalloc: fix the overflow when size is too big
depmod: handle the case of /sbin/depmod without /sbin in PATH
scsi: ufs: Clear UAC for FFU and RPMB LUNs
kbuild: don't hardcode depmod path
Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close
scsi: block: Remove RQF_PREEMPT and BLK_MQ_REQ_PREEMPT
scsi: block: Do not accept any requests while suspended
crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
crypto: asym_tpm: correct zero out potential secrets
powerpc: Handle .text.{hot,unlikely}.* in linker script
Staging: comedi: Return -EFAULT if copy_to_user() fails
staging: mt7621-dma: Fix a resource leak in an error handling path
usb: gadget: enable super speed plus
USB: cdc-acm: blacklist another IR Droid device
USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
usb: typec: intel_pmc_mux: Configure HPD first for HPD+IRQ request
usb: dwc3: meson-g12a: disable clk on error handling path in probe
usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
usb: dwc3: gadget: Clear wait flag on dequeue
usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression
usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data()
USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
usb: usbip: vhci_hcd: protect shift size
usb: uas: Add PNY USB Portable SSD to unusual_uas
USB: serial: iuu_phoenix: fix DMA from stack
USB: serial: option: add LongSung M5710 module support
USB: serial: option: add Quectel EM160R-GL
USB: yurex: fix control-URB timeout handling
USB: usblp: fix DMA to stack
ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
usb: gadget: select CONFIG_CRC32
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
usb: gadget: f_uac2: reset wMaxPacketSize
usb: gadget: function: printer: Fix a memory leak for interface descriptor
usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
USB: gadget: legacy: fix return error code in acm_ms_bind()
usb: gadget: Fix spinlock lockup on usb_function_deactivate
usb: gadget: configfs: Preserve function ordering after bind failure
usb: gadget: configfs: Fix use-after-free issue with udc_name
USB: serial: keyspan_pda: remove unused variable
hwmon: (amd_energy) fix allocation of hwmon_channel_info config
mm: make wait_on_page_writeback() wait for multiple pending writebacks
x86/mm: Fix leak of pmd ptlock
KVM: x86/mmu: Use -1 to flag an undefined spte in get_mmio_spte()
KVM: x86/mmu: Get root level from walkers when retrieving MMIO SPTE
kvm: check tlbs_dirty directly
KVM: x86/mmu: Ensure TDP MMU roots are freed after yield
x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
x86/resctrl: Don't move a task to the same resource group
blk-iocost: fix NULL iocg deref from racing against initialization
ALSA: hda/via: Fix runtime PM for Clevo W35xSS
ALSA: hda/conexant: add a new hda codec CX11970
ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
ALSA: hda/realtek: Add mute LED quirk for more HP laptops
ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7
ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256.
iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev
btrfs: qgroup: don't try to wait flushing if we're already holding a transaction
btrfs: send: fix wrong file path when there is an inode with a pending rmdir
Revert "device property: Keep secondary firmware node secondary by type"
dmabuf: fix use-after-free of dmabuf's file->f_inode
arm64: link with -z norelro for LLD or aarch64-elf
drm/i915: clear the shadow batch
drm/i915: clear the gpu reloc batch
bcache: fix typo from SUUP to SUPP in features.h
bcache: check unsupported feature sets for bcache register
bcache: introduce BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE for large bucket
net/mlx5e: Fix SWP offsets when vlan inserted by driver
ARM: dts: OMAP3: disable AES on N950/N9
netfilter: x_tables: Update remaining dereference to RCU
netfilter: ipset: fix shift-out-of-bounds in htable_bits()
netfilter: xt_RATEEST: reject non-null terminated string from userspace
netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
dmaengine: idxd: off by one in cleanup code
x86/mtrr: Correct the range check before performing MTRR type lookups
KVM: x86: fix shift out of bounds reported by UBSAN
xsk: Fix memory leak for failed bind
rtlwifi: rise completion at the last step of firmware callback
scsi: target: Fix XCOPY NAA identifier lookup
Linux 5.10.7Signed-off-by: Greg Kroah-Hartman
Change-Id: I1a7c195af35831fe362b027fe013c0c7e4dc20ea -
Changes in 5.10.6
Revert "drm/amd/display: Fix memory leaks in S3 resume"
Revert "mtd: spinand: Fix OOB read"
rtc: pcf2127: move watchdog initialisation to a separate function
rtc: pcf2127: only use watchdog when explicitly available
dt-bindings: rtc: add reset-source property
kdev_t: always inline major/minor helper functions
Bluetooth: Fix attempting to set RPA timeout when unsupported
ALSA: hda/realtek - Modify Dell platform name
ALSA: hda/hdmi: Fix incorrect mutex unlock in silent_stream_disable()
drm/i915/tgl: Fix Combo PHY DPLL fractional divider for 38.4MHz ref clock
scsi: ufs: Allow an error return value from ->device_reset()
scsi: ufs: Re-enable WriteBooster after device reset
RDMA/core: remove use of dma_virt_ops
RDMA/siw,rxe: Make emulated devices virtual in the device tree
fuse: fix bad inode
perf: Break deadlock involving exec_update_mutex
rwsem: Implement down_read_killable_nested
rwsem: Implement down_read_interruptible
exec: Transform exec_update_mutex into a rw_semaphore
mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
Linux 5.10.6Signed-off-by: Greg Kroah-Hartman
Change-Id: Id4c57a151a1e8f2162163d2337b6055f04edbe9b -
Fix an issue for non-GKI builds found by the 0-day test bot:
kernel/sched/fair.c: In function 'select_task_rq_fair':
>> kernel/sched/fair.c:6766:6: error: implicit declaration of function
'trace_android_rvh_select_task_rq_fair_enabled';
did you mean 'trace_android_rvh_select_task_rq_fair'?
6766 | if (trace_android_rvh_select_task_rq_fair_enabled())
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| trace_android_rvh_select_task_rq_fair
cc1: some warnings being treated as errorsReported-by: kernel test robot
Fixes: c7ba09ce6aa5 ("ANDROID: sched/fair: Sync task util for strf hook")
Signed-off-by: Todd Kjos
Change-Id: I1b15b9ada83dc5b2678cef3910a7aedc0d19f174 -
Export cpuidle_driver_state_disabled() so that CPU idle states may be
disabled at runtime for debugging CPU and cluster idle states.Bug: 175718935
Signed-off-by: Lina Iyer
Change-Id: Id9038074d64fb6c0444d9aca68420414c3223e93 -
Modules with a large number of compilation units may be
exceeding AR and LD command argument list. Handle this gracefully by
writing the long argument list in a file. The command line options
read from file are inserted in place of the original @file option.The usage is well documented at
https://www.gnu.org/software/make/manual/html_node/File-Function.htmlBug: 175420573
Change-Id: I3f9b8b9c59b9ba0c01ddd00d39fc3bbc62fda832
Signed-off-by: Mahesh Kumar Kalikot Veetil
Signed-off-by: Jeff Johnson -
Modules with a large number of compilation units can exceed execv
argument list resulting in E2BIG (Argument list too long) error.Fix this by replacing shell 'echo > file' into a more native
$(file op filename[,text]) option.Bug: 175420575
Change-Id: I9bc495482f16f2c9b4e05a4cb5b2283ff0c0439d
Signed-off-by: Mahesh Kumar Kalikot Veetil
Signed-off-by: Jeff Johnson -
Kernel stack violation when getting unit_descriptor/wb_buf_alloc_units from
rpmb lun. The reason is the unit descriptor length is different per LU.The lengh of Normal LU is 45, while the one of rpmb LU is 35.
int ufshcd_read_desc_param(struct ufs_hba *hba, ...)
{
param_offset=41;
param_size=4;
buff_len=45;
...
buff_len=35 by rpmb LU;if (is_kmalloc) {
/* Make sure we don't copy more data than available */
if (param_offset + param_size > buff_len)
param_size = buff_len - param_offset;
--> param_size = 250;
memcpy(param_read_buf, &desc_buf[param_offset], param_size);
--> memcpy(param_read_buf, desc_buf+41, 250);[ 141.868974][ T9174] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: wb_buf_alloc_units_show+0x11c/0x11c
}
}Bug: 174701661
Link: https://lore.kernel.org/linux-scsi/20210111095927.1830311-1-jaegeuk@kernel.org/
Reviewed-by: Avri Altman
Signed-off-by: Jaegeuk Kim
Signed-off-by: Jaegeuk Kim
Change-Id: I25205d465daa25b4bd330876ad05fcfd01195a56 -
When non-fatal error like line-reset happens, ufshcd_err_handler() starts
to abort tasks by ufshcd_try_to_abort_task(). When it tries to issue a task
management request, we hit two warnings:WARNING: CPU: 7 PID: 7 at block/blk-core.c:630 blk_get_request+0x68/0x70
WARNING: CPU: 4 PID: 157 at block/blk-mq-tag.c:82 blk_mq_get_tag+0x438/0x46cAfter fixing the above warnings we hit another tm_cmd timeout which may be
caused by unstable controller state:__ufshcd_issue_tm_cmd: task management cmd 0x80 timed-out
Then, ufshcd_err_handler() enters full reset, and kernel gets stuck. It
turned out ufshcd_print_trs() printed too many messages on console which
requires CPU locks. Likewise hba->silence_err_logs, we need to avoid too
verbose messages. This is actually not an error case.Bug: 175693074
Bug: 175170490
(cherry picked from commit eeb1b55b6e25c5f7265ff45cd050f3bc2cc423a4 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git fixes)
Link: https://lore.kernel.org/r/20210107185316.788815-3-jaegeuk@kernel.org
Fixes: 69a6c269c097 ("scsi: ufs: Use blk_{get,put}_request() to allocate and free TMFs")
Reviewed-by: Can Guo
Signed-off-by: Jaegeuk Kim
Signed-off-by: Martin K. Petersen
Change-Id: Ie05496f7a5ef1192d19ee08f9f7f91ee8ebb31cd
Signed-off-by: Jaegeuk Kim -
When gate_work/ungate_work experience an error during hibern8_enter or exit
we can livelock:ufshcd_err_handler()
ufshcd_scsi_block_requests()
ufshcd_reset_and_restore()
ufshcd_clear_ua_wluns() -> stuck
ufshcd_scsi_unblock_requests()In order to avoid this, ufshcd_clear_ua_wluns() can be called per recovery
flows such as suspend/resume, link_recovery, and error_handler.Bug: 175391270
(cherry picked from commit 4ee7ee530bc2bae6268247988d86722c65d02a37 git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git fixes)
Link: https://lore.kernel.org/r/20210107185316.788815-2-jaegeuk@kernel.org
Fixes: b56c9e4cdf09 ("FROMLIST: scsi: ufs: fix livelock of ufshcd_clear_ua_wluns")
Reviewed-by: Can Guo
Signed-off-by: Jaegeuk Kim
Signed-off-by: Martin K. Petersen
Change-Id: I16f41f552a0e4d6c93592b73cf7489fa1197a987
Signed-off-by: Jaegeuk Kim -
Export show_regs for vendor module usage to print cpu back trace
from trace_android_vh_ipi_stop vendor hook.Bug: 177348820
Change-Id: Idcbe887dfc02626d4af1a4cb53dafe3d5a2ba1dd
Signed-off-by: Prasad Sodagudi -
UCSI already conveys the information about a port's connection
status, whether it is operating in UFP or DFP mode, and whether the
partner supports USB data or not. This information can be used to
notify a dual-role controller to start up its host or peripheral
mode accordingly. Add optional support for this by querying each
port's fwnode to look for an associated USB role switch device.
If present, call usb_role_switch_set() with the determined data
role upon Connect Change or Connector Partner Change updates.Bug: 177215430
(cherry picked from commit 89795852c9c46b9b0701f7376d30a1c5ab4d146c
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing)
Change-Id: I83106abd1c5122d9ca89e5854e82aa988f5b528f
Reviewed-by: Heikki Krogerus
Signed-off-by: Mayank Rana
Signed-off-by: Jack Pham
Link: https://lore.kernel.org/r/20210111215520.18476-1-jackp@codeaurora.org
Signed-off-by: Greg Kroah-Hartman -
Export vmalloc_nr_pages which is used as part
of meminfo collection from minidump module.Bug: 177031593
Change-Id: I4c80fe2a0712658ec46b49064fda670da84b3732
Signed-off-by: Vijayanand Jitta -
Export symbols needed to implement vendor scheduler value-adds to modify
sched features.Bug: 177050087
Change-Id: Ibe14d2019403be68b7ceeee47425b2473ccb51fe
Signed-off-by: Shaleen Agrawal -
When used for qos or other reasons, wake up idle
cpus will wake cpus en-mass. Cpus that are paused
should not be woken up like this.Update to use active_mask, so that paused cpus are
ignored for general cpu wakeup operations.Bug: 161210528
Change-Id: I10721e75497a8902f8ec998ded4e2eb094770f38
Signed-off-by: Stephen Dickey -
With the introduction of pause, irqs should avoid
paused cpus. Previously, when userspace set the
irq affinity, it was only filtered toward online cpus.
A cpu can be paused but online, and irqs should avoid.Check the cpu_active_mask instead of the online mask
when writing the irq affinity, such that the subset
of cpus allowed doesn't include inactive cpus.Bug: 161210528
Change-Id: I359a452cc97ad58ad85e9613a29d144ffcd51567
Signed-off-by: Stephen Dickey -
Users can initiate resets to specific SCSI device/target/host through
IOCTL. When this happens, the SCSI cmd passed to eh_device/target/host
_reset_handler() callbacks is initialized with a request whose tag is -1.
In this case it is not right for eh_device_reset_handler() callback to
count on the LUN get from hba->lrb[-1]. Fix it by getting LUN from the SCSI
device associated with the SCSI cmd.Link: https://lore.kernel.org/r/1609157080-26283-1-git-send-email-cang@codeaurora.org
Reviewed-by: Avri Altman
Reviewed-by: Stanley Chu
Signed-off-by: Can Guo
Signed-off-by: Martin K. PetersenBug: 177042238
(cherry picked from commit 35fc4cd34426c242ab015ef280853b7bff101f48
git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git 5.11/scsi-fixes)
Change-Id: I7bd7602581b97f76442e179b5264ee2891d923a9
Signed-off-by: Can Guo -
Reducing the section size helps reduce wastage of reserved memory
for huge memory holes in sparsemem model. But having a much smaller
section size bits could break PMD mappings for vmemmap and wouldn't
accomodate the highest order page for certain page size granule configs.
It is determined that SECTION_SIZE_BITS of 27 (128MB) could be ideal
default value for 4K_PAGES that gives least section size without breaking
PMD based vmemmap mappings. For simplicity, 16K_PAGES could follow the
same as 4K_PAGES. And the least SECTION_SIZE_BITS for 64K_PAGES is 29
that could accomodate MAX_ORDER.Signed-off-by: Sudarshan Rajagopalan
Suggested-by: David Hildenbrand
Cc: Will Deacon
Cc: Anshuman Khandual
Cc: Mike Rapoport
Cc: Mark Rutland
Cc: Suren BaghdasaryanLink: https://lore.kernel.org/lkml/15cf9a2359197fee0168f820c5c904650d07939e.1610146597.git.sudaraja@codeaurora.org/
Bug: 175715646
Signed-off-by: Suren Baghdasaryan
Change-Id: Iecc0369c595bcabe01182a85a5464c87df36c217 -
Bing Song noticed the CMA heap was leaking memory due to a flub
I made in commit a5d2d29e24be ("dma-buf: heaps: Move heap-helper
logic into the cma_heap implementation"), and provided this fix
which ensures the pagelist is also freed on release.Cc: Bing Song
Cc: Sumit Semwal
Cc: Liam Mark
Cc: Laura Abbott
Cc: Brian Starkey
Cc: Hridya Valsaraju
Cc: Suren Baghdasaryan
Cc: Sandeep Patil
Cc: Daniel Mentz
Cc: Chris Goldsworthy
Cc: Ørjan Eide
Cc: Robin Murphy
Cc: Ezequiel Garcia
Cc: Simon Ser
Cc: James Jones
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Reported-by: Bing Song
Fixes: a5d2d29e24be ("dma-buf: heaps: Move heap-helper logic into the cma_heap implementation")
Signed-off-by: John Stultz
Signed-off-by: Sumit Semwal
Link: https://patchwork.freedesktop.org/patch/msgid/20210107202616.75170-1-john.stultz@linaro.org
(cherry picked from commit a0adc8eabb402cfb9f32d15edd9f65f65e35cdce
git: //anongit.freedesktop.org/drm/drm-misc drm-misc-fixes)
Signed-off-by: John Stultz
Change-Id: Ic532b71ad58699db1b11870eb0027966d93acac1 -
Export task_may_not_preempt.
Bug: 174030348
Signed-off-by: Rick Yiu
Change-Id: I71b50f876306811f008414096043b883dc43b4d5
Signed-off-by: Will McVicker -
Export cpupri_find_fitness.
Bug: 174030348
Signed-off-by: Rick Yiu
Change-Id: I47b2af2395bc7a618eb4f4af4469cc2422e25446
Signed-off-by: Will McVicker -
Since the sugov traces were added in kernel/sched/cpufreq_schedutil.c,
move it from power.h to sched.h.
And move the tracepoint to where the change happens.Bug: 174488007
Test: build pass and boot to home
Signed-off-by: Jimmy Shiu
Change-Id: Ibe18f04773c28be84db3619b1a4253bf08f0e289
Signed-off-by: Will McVicker -
ufshcd.c:8144:1: warning: unused label 'out' [-Wunused-label]
Bug: 175212278
Signed-off-by: Petri Gynther
Change-Id: I185958877f94f7cc18ccd3da476f4659665a6cb0
Signed-off-by: Will McVicker -
During init, vbus_vsafe0v does not get updated till the first
connect as a sink. This causes TCPM to be stuck in SRC_ATTACH_WAIT
state while booting with a sink (For instance: a headset) connected.[ 1.429168] Start toggling
[ 1.439907] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected]
[ 1.445242] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected]
[ 53.358528] CC1: 0 -> 0, CC2: 0 -> 2 [state TOGGLING, polarity 0, connected]
[ 53.358564] state change TOGGLING -> SRC_ATTACH_WAIT [rev1 NONE_AMS]Fix this by updating vbus_vsafe0v based on vbus_present status
on boot.Reviewed-by: Heikki Krogerus
Signed-off-by: Badhri Jagan Sridharan
Link: https://lore.kernel.org/r/20201211071911.2205197-1-badhri@google.com
Signed-off-by: Greg Kroah-Hartman
(cherry picked from commit 3db4c21c0f71f7a51ce5c50f0d4d3742c9ec4a65)
Signed-off-by: Will McVicker
Change-Id: I2760d68069088754546f462caa24d7c73f7a533f -
debugfs nodes were created in genpd_debug_init alled in late_initcall
preventing power domains registered though loadable modules to have
a debugfs entry.Create/remove debugfs nodes when the power domain is added/removed
to/from the internal gpd_list.Signed-off-by: Thierry Strudel
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Ulf Hansson
Signed-off-by: Rafael J. Wysocki
(cherry picked from commit 718072ceb211833f3c71724f49d733d636067191)
Signed-off-by: Will McVicker
Change-Id: Ibde0adddc5fb50a8c8e1a16d66ee0f6b58330a96 -
There is currently support for non-coherent devices to use the system
cache for their buffers by mapping the buffer with the IOMMU_SYS_CACHE_ONLY
protection flag. The IOMMU_SYS_CACHE_ONLY_FLAG maps the buffers with
a RW-allocate cache policy by default.There are usecases that do not benefit from having a RW allocate policy,
but instead benefit from a no write allocate (NWA) policy, while using
the system cache.Thus, add support for mapping memory with the attributes required
for it to be cached in the system cached, with a NWA policy:MAIR: 0xe4: inner non-cacheable, outer write-back read allocate.
Bug: 176778547
Change-Id: I6d2700a19f0f2e61905b3d36b15f60db3ae59b73
Signed-off-by: Isaac J. Manjarres -
Tested-by: Jon Hunter
Tested-by: Guenter Roeck
Tested-by: Shuah Khan
Tested-by: Linux Kernel Functional Testing
Link: https://lore.kernel.org/r/20210111161510.602817176@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman -
commit 2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 upstream.
When attempting to match EXTENDED COPY CSCD descriptors with corresponding
se_devices, target_xcopy_locate_se_dev_e4() currently iterates over LIO's
global devices list which includes all configured backstores.This change ensures that only initiator-accessible backstores are
considered during CSCD descriptor lookup, according to the session's
se_node_acl LUN list.To avoid LUN removal race conditions, device pinning is changed from being
configfs based to instead using the se_node_acl lun_ref.Reference: CVE-2020-28374
Fixes: cbf031f425fd ("target: Add support for EXTENDED_COPY copy offload emulation")
Reviewed-by: Lee Duncan
Signed-off-by: David Disseldorp
Signed-off-by: Mike Christie
Signed-off-by: Martin K. Petersen
Signed-off-by: Greg Kroah-Hartman -
commit 4dfde294b9792dcf8615b55c58f093d544f472f0 upstream.
request_firmware_nowait() which schedules another work is used to load
firmware when USB is probing. If USB is unplugged before running the
firmware work, it goes disconnect ops, and then causes use-after-free.
Though we wait for completion of firmware work before freeing the hw,
firmware callback rises completion too early. So I move it to the
last step.usb 5-1: Direct firmware load for rtlwifi/rtl8192cufw.bin failed with error -2
rtlwifi: Loading alternative firmware rtlwifi/rtl8192cufw.bin
rtlwifi: Selected firmware is not available
==================================================================
BUG: KASAN: use-after-free in rtl_fw_do_work.cold+0x68/0x6a drivers/net/wireless/realtek/rtlwifi/core.c:93
Write of size 4 at addr ffff8881454cff50 by task kworker/0:6/7379CPU: 0 PID: 7379 Comm: kworker/0:6 Not tainted 5.10.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xae/0x4c8 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562
rtl_fw_do_work.cold+0x68/0x6a drivers/net/wireless/realtek/rtlwifi/core.c:93
request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1079
process_one_work+0x933/0x1520 kernel/workqueue.c:2272
worker_thread+0x64c/0x1120 kernel/workqueue.c:2418
kthread+0x38c/0x460 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296The buggy address belongs to the page:
page:00000000f54435b3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1454cf
flags: 0x200000000000000()
raw: 0200000000000000 0000000000000000 ffffea00051533c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detectedMemory state around the buggy address:
ffff8881454cfe00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881454cfe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8881454cff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8881454cff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881454d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffReported-by: syzbot+65be4277f3c489293939@syzkaller.appspotmail.com
Signed-off-by: Ping-Ke Shih
Signed-off-by: Kalle Valo
Link: https://lore.kernel.org/r/20201214053106.7748-1-pkshih@realtek.com
Signed-off-by: Greg Kroah-Hartman -
commit 8bee683384087a6275c9183a483435225f7bb209 upstream.
Fix a possible memory leak when a bind of an AF_XDP socket fails. When
the fill and completion rings are created, they are tied to the
socket. But when the buffer pool is later created at bind time, the
ownership of these two rings are transferred to the buffer pool as
they might be shared between sockets (and the buffer pool cannot be
created until we know what we are binding to). So, before the buffer
pool is created, these two rings are cleaned up with the socket, and
after they have been transferred they are cleaned up together with
the buffer pool.The problem is that ownership was transferred before it was absolutely
certain that the buffer pool could be created and initialized
correctly and when one of these errors occurred, the fill and
completion rings did neither belong to the socket nor the pool and
where therefore leaked. Solve this by moving the ownership transfer
to the point where the buffer pool has been completely set up and
there is no way it can fail.Fixes: 7361f9c3d719 ("xsk: Move fill and completion rings to buffer pool")
Reported-by: syzbot+cfa88ddd0655afa88763@syzkaller.appspotmail.com
Signed-off-by: Magnus Karlsson
Signed-off-by: Daniel Borkmann
Acked-by: Björn Töpel
Link: https://lore.kernel.org/bpf/20201214085127.3960-1-magnus.karlsson@gmail.com
Signed-off-by: Greg Kroah-Hartman -
commit 2f80d502d627f30257ba7e3655e71c373b7d1a5a upstream.
Since we know that e >= s, we can reassociate the left shift,
changing the shifted number from 1 to 2 in exchange for
decreasing the right hand side by 1.Reported-by: syzbot+e87846c48bf72bc85311@syzkaller.appspotmail.com
Signed-off-by: Paolo Bonzini
Signed-off-by: Greg Kroah-Hartman -
commit cb7f4a8b1fb426a175d1708f05581939c61329d4 upstream.
In mtrr_type_lookup(), if the input memory address region is not in the
MTRR, over 4GB, and not over the top of memory, a write-back attribute
is returned. These condition checks are for ensuring the input memory
address region is actually mapped to the physical memory.However, if the end address is just aligned with the top of memory,
the condition check treats the address is over the top of memory, and
write-back attribute is not returned.And this hits in a real use case with NVDIMM: the nd_pmem module tries
to map NVDIMMs as cacheable memories when NVDIMMs are connected. If a
NVDIMM is the last of the DIMMs, the performance of this NVDIMM becomes
very low since it is aligned with the top of memory and its memory type
is uncached-minus.Move the input end address change to inclusive up into
mtrr_type_lookup(), before checking for the top of memory in either
mtrr_type_lookup_{variable,fixed}() helpers.[ bp: Massage commit message. ]
Fixes: 0cc705f56e40 ("x86/mm/mtrr: Clean up mtrr_type_lookup()")
Signed-off-by: Ying-Tsun Huang
Signed-off-by: Borislav Petkov
Link: https://lkml.kernel.org/r/20201215070721.4349-1-ying-tsun.huang@amd.com
Signed-off-by: Greg Kroah-Hartman -
commit ff58f7dd0c1352a01de3a40327895bd51e03de3a upstream.
The clean up is off by one so this will start at "i" and it should start
with "i - 1" and then it doesn't unregister the zeroeth elements in the
array.Fixes: c52ca478233c ("dmaengine: idxd: add configuration component of driver")
Signed-off-by: Dan Carpenter
Acked-by: Dave Jiang
Link: https://lore.kernel.org/r/X9nFeojulsNqUSnG@mwanda
Signed-off-by: Vinod Koul
Signed-off-by: Greg Kroah-Hartman -
commit 95cd4bca7b1f4a25810f3ddfc5e767fb46931789 upstream.
If userspace requests a feature which is not available the original set
definition, then bail out with EOPNOTSUPP. If userspace sends
unsupported dynset flags (new feature not supported by this kernel),
then report EOPNOTSUPP to userspace. EINVAL should be only used to
report malformed netlink messages from userspace.Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit 6cb56218ad9e580e519dcd23bfb3db08d8692e5a upstream.
syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
strlen include/linux/string.h:325 [inline]
strlcpy include/linux/string.h:348 [inline]
xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143strlcpy assumes src is a c-string. Check info->name before its used.
Reported-by: syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com
Fixes: 5859034d7eb8793 ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit 5c8193f568ae16f3242abad6518dc2ca6c8eef86 upstream.
htable_bits() can call jhash_size(32) and trigger shift-out-of-bounds
UBSAN: shift-out-of-bounds in net/netfilter/ipset/ip_set_hash_gen.h:151:6
shift exponent 32 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 8498 Comm: syz-executor519
Not tainted 5.10.0-rc7-next-20201208-syzkaller #0
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:120
ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
htable_bits net/netfilter/ipset/ip_set_hash_gen.h:151 [inline]
hash_mac_create.cold+0x58/0x9b net/netfilter/ipset/ip_set_hash_gen.h:1524
ip_set_create+0x610/0x1380 net/netfilter/ipset/ip_set_core.c:1115
nfnetlink_rcv_msg+0xecc/0x1180 net/netfilter/nfnetlink.c:252
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
nfnetlink_rcv+0x1ac/0x420 net/netfilter/nfnetlink.c:600
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x907/0xe40 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6e8/0x810 net/socket.c:2345
___sys_sendmsg+0xf3/0x170 net/socket.c:2399
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2432
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9This patch replaces htable_bits() by simple fls(hashsize - 1) call:
it alone returns valid nbits both for round and non-round hashsizes.
It is normal to set any nbits here because it is validated inside
following htable_size() call which returns 0 for nbits>31.Fixes: 1feab10d7e6d("netfilter: ipset: Unified hash type generation")
Reported-by: syzbot+d66bfadebca46cf61a2b@syzkaller.appspotmail.com
Signed-off-by: Vasily Averin
Acked-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit 443d6e86f821a165fae3fc3fc13086d27ac140b1 upstream.
This fixes the dereference to fetch the RCU pointer when holding
the appropriate xtables lock.Reported-by: kernel test robot
Fixes: cc00bcaa5899 ("netfilter: x_tables: Switch synchronization to RCU")
Signed-off-by: Subash Abhinov Kasiviswanathan
Reviewed-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Greg Kroah-Hartman -
commit f1dc15cd7fc146107cad2a926d9c1d005f69002a upstream.
AES needs to be disabled on Nokia N950/N9 as well (HS devices), otherwise
kernel fails to boot.Fixes: c312f066314e ("ARM: dts: omap3: Migrate AES from hwmods to sysc-omap2")
Signed-off-by: Aaro Koskinen
Signed-off-by: Tony Lindgren
Signed-off-by: Greg Kroah-Hartman -
commit b544011f0e58ce43c40105468d6dc67f980a0c7a upstream.
In case WQE includes inline header the vlan is inserted by driver even
if vlan offload is set. On geneve over vlan interface where software
parser is used the SWP offsets should be updated according to the added
vlan.Fixes: e3cfc7e6b7bd ("net/mlx5e: TX, Add geneve tunnel stateless offload support")
Signed-off-by: Moshe Shemesh
Reviewed-by: Tariq Toukan
Signed-off-by: Saeed Mahameed
Signed-off-by: Greg Kroah-Hartman -
commit b16671e8f493e3df40b1fb0dff4078f391c5099a upstream.
When large bucket feature was added, BCH_FEATURE_INCOMPAT_LARGE_BUCKET
was introduced into the incompat feature set. It used bucket_size_hi
(which was added at the tail of struct cache_sb_disk) to extend current
16bit bucket size to 32bit with existing bucket_size in struct
cache_sb_disk.This is not a good idea, there are two obvious problems,
- Bucket size is always value power of 2, if store log2(bucket size) in
existing bucket_size of struct cache_sb_disk, it is unnecessary to add
bucket_size_hi.
- Macro csum_set() assumes d[SB_JOURNAL_BUCKETS] is the last member in
struct cache_sb_disk, bucket_size_hi was added after d[] which makes
csum_set calculate an unexpected super block checksum.To fix the above problems, this patch introduces a new incompat feature
bit BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE, when this bit is set, it
means bucket_size in struct cache_sb_disk stores the order of power-of-2
bucket size value. When user specifies a bucket size larger than 32768
sectors, BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE will be set to
incompat feature set, and bucket_size stores log2(bucket size) more
than store the real bucket size value.The obsoleted BCH_FEATURE_INCOMPAT_LARGE_BUCKET won't be used anymore,
it is renamed to BCH_FEATURE_INCOMPAT_OBSO_LARGE_BUCKET and still only
recognized by kernel driver for legacy compatible purpose. The previous
bucket_size_hi is renmaed to obso_bucket_size_hi in struct cache_sb_disk
and not used in bcache-tools anymore.For cache device created with BCH_FEATURE_INCOMPAT_LARGE_BUCKET feature,
bcache-tools and kernel driver still recognize the feature string and
display it as "obso_large_bucket".With this change, the unnecessary extra space extend of bcache on-disk
super block can be avoided, and csum_set() may generate expected check
sum as well.Fixes: ffa470327572 ("bcache: add bucket_size_hi into struct cache_sb_disk for large bucket")
Signed-off-by: Coly Li
Cc: stable@vger.kernel.org # 5.9+
Signed-off-by: Jens Axboe
Signed-off-by: Greg Kroah-Hartman