Update 5.4.x+fslc up to v5.4.163 #507
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 19221e3 upstream. The tegra_powergate_power_up() has a typo in the error code path where it will try to disable clocks twice, fix it. In practice that error never happens, so this is a minor correction. Tested-by: Peter Geis <[email protected]> # Ouya T30 Tested-by: Nicolas Chauvet <[email protected]> # PAZ00 T20 and TK1 T124 Tested-by: Matt Merhar <[email protected]> # Ouya T30 Signed-off-by: Dmitry Osipenko <[email protected]> Signed-off-by: Thierry Reding <[email protected]> Cc: Guenter Roeck <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 6337f58 upstream. The interrupt might be shared, in which case it is not an error for the interrupt handler to be called when the interrupt status is zero, so don't print the message unless there was enabled interrupt status. Link: https://lore.kernel.org/r/[email protected] Fixes: 9333d77 ("scsi: ufs: Fix irq return code") Reviewed-by: Avri Altman <[email protected]> Signed-off-by: Adrian Hunter <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Orson Zhai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
…EVEL commit a923a26 upstream. Fix assembly errors like: {standard input}: Assembler messages: {standard input}:287: Error: opcode not supported on this processor: mips3 (mips3) `dins $10,$7,32,32' {standard input}:680: Error: opcode not supported on this processor: mips3 (mips3) `dins $10,$7,32,32' {standard input}:1274: Error: opcode not supported on this processor: mips3 (mips3) `dins $12,$9,32,32' {standard input}:2175: Error: opcode not supported on this processor: mips3 (mips3) `dins $10,$7,32,32' make[1]: *** [scripts/Makefile.build:277: mm/highmem.o] Error 1 with code produced from `__cmpxchg64' for MIPS64r2 CPU configurations using CONFIG_32BIT and CONFIG_PHYS_ADDR_T_64BIT. This is due to MIPS_ISA_ARCH_LEVEL downgrading the assembly architecture to `r4000' i.e. MIPS III for MIPS64r2 configurations, while there is a block of code containing a DINS MIPS64r2 instruction conditionalized on MIPS_ISA_REV >= 2 within the scope of the downgrade. The assembly architecture override code pattern has been put there for LL/SC instructions, so that code compiles for configurations that select a processor to build for that does not support these instructions while still providing run-time support for processors that do, dynamically switched by non-constant `cpu_has_llsc'. It went in with linux-mips.org commit aac8aa7 ("Enable a suitable ISA for the assembler around ll/sc so that code builds even for processors that don't support the instructions. Plus minor formatting fixes.") back in 2005. Fix the problem by wrapping these instructions along with the adjacent SYNC instructions only, following the practice established with commit cfd54de ("MIPS: Avoid move psuedo-instruction whilst using MIPS_ISA_LEVEL") and commit 378ed6f ("MIPS: Avoid using .set mips0 to restore ISA"). Strictly speaking the SYNC instructions do not have to be wrapped as they are only used as a Loongson3 erratum workaround, so they will be enabled in the assembler by default, but do this so as to keep code consistent with other places. Reported-by: kernel test robot <[email protected]> Signed-off-by: Maciej W. Rozycki <[email protected]> Fixes: c7e2d71 ("MIPS: Fix set_pte() for Netlogic XLR using cmpxchg64()") Cc: [email protected] # v5.1+ Signed-off-by: Thomas Bogendoerfer <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
…granular unit commit 39fec68 upstream. Ext4 file system has default lazy inode table initialization setup once it is mounted. However, it has issue on computing the next schedule time that makes the timeout same amount in jiffies but different real time in secs if with various HZ values. Therefore, fix by measuring the current time in a more granular unit nanoseconds and make the next schedule time independent of the HZ value. Fixes: bfff687 ("ext4: add support for lazy inode table initialization") Signed-off-by: Shaoying Xu <[email protected]> Cc: [email protected] Signed-off-by: Theodore Ts'o <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Theodore Ts'o <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit eeb1b55 upstream. When non-fatal error like line-reset happens, ufshcd_err_handler() starts to abort tasks by ufshcd_try_to_abort_task(). When it tries to issue a task management request, we hit two warnings: WARNING: CPU: 7 PID: 7 at block/blk-core.c:630 blk_get_request+0x68/0x70 WARNING: CPU: 4 PID: 157 at block/blk-mq-tag.c:82 blk_mq_get_tag+0x438/0x46c After fixing the above warnings we hit another tm_cmd timeout which may be caused by unstable controller state: __ufshcd_issue_tm_cmd: task management cmd 0x80 timed-out Then, ufshcd_err_handler() enters full reset, and kernel gets stuck. It turned out ufshcd_print_trs() printed too many messages on console which requires CPU locks. Likewise hba->silence_err_logs, we need to avoid too verbose messages. This is actually not an error case. Link: https://lore.kernel.org/r/[email protected] Fixes: 69a6c26 ("scsi: ufs: Use blk_{get,put}_request() to allocate and free TMFs") Reviewed-by: Can Guo <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> [Zhai: remove an item of debug print not available in v5.4] Signed-off-by: Orson Zhai <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit a52f8a5 upstream. Clang has never correctly compiled the FORTIFY_SOURCE defenses due to a couple bugs: Eliding inlines with matching __builtin_* names https://bugs.llvm.org/show_bug.cgi?id=50322 Incorrect __builtin_constant_p() of some globals https://bugs.llvm.org/show_bug.cgi?id=41459 In the process of making improvements to the FORTIFY_SOURCE defenses, the first (silent) bug (coincidentally) becomes worked around, but exposes the latter which breaks the build. As such, Clang must not be used with CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), and the fortify routines have been rearranged. Update the Kconfig to reflect the reality of the current situation. Signed-off-by: Kees Cook <[email protected]> Acked-by: Nick Desaulniers <[email protected]> Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com Cc: Nathan Chancellor <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 3ec18fc upstream. commit 8779e05 ("parisc: Fix ptrace check on syscall return") fixed testing of TI_FLAGS. This uncovered a bug in the test mask. syscall_restore_rfi is only used when the kernel needs to exit to usespace with single or block stepping and the recovery counter enabled. The test however used _TIF_SYSCALL_TRACE_MASK, which includes a lot of bits that shouldn't be tested here. Fix this by using TIF_SINGLESTEP and TIF_BLOCKSTEP directly. I encountered this bug by enabling syscall tracepoints. Both in qemu and on real hardware. As soon as i enabled the tracepoint (sys_exit_read, but i guess it doesn't really matter which one), i got random page faults in userspace almost immediately. Signed-off-by: Sven Schnelle <[email protected]> Signed-off-by: Helge Deller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 3735459 upstream. free_msi_irqs() frees the MSI entries before destroying the sysfs entries which are exposing them. Nothing prevents a concurrent free while a sysfs file is read and accesses the possibly freed entry. Move the sysfs release ahead of freeing the entries. Fixes: 1c51b50 ("PCI/MSI: Export MSI mode using attributes, not kobjects") Signed-off-by: Thomas Gleixner <[email protected]> Reviewed-by: Greg Kroah-Hartman <[email protected]> Cc: Bjorn Helgaas <[email protected]> Cc: [email protected] Link: https://lore.kernel.org/r/87sfw5305m.ffs@tglx Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 2226667 upstream. It appears that some devices are lying about their mask capability, pretending that they don't have it, while they actually do. The net result is that now that we don't enable MSIs on such endpoint. Add a new per-device flag to deal with this. Further patches will make use of it, sadly. Signed-off-by: Marc Zyngier <[email protected]> Signed-off-by: Thomas Gleixner <[email protected]> Reviewed-by: Thomas Gleixner <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: Bjorn Helgaas <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit f21082f upstream. The ION AHCI device pretends that MSI masking isn't a thing, while it actually implements it and needs MSIs to be unmasked to work. Add a quirk to that effect. Reported-by: Rui Salvaterra <[email protected]> Signed-off-by: Marc Zyngier <[email protected]> Signed-off-by: Thomas Gleixner <[email protected]> Tested-by: Rui Salvaterra <[email protected]> Reviewed-by: Thomas Gleixner <[email protected]> Cc: Bjorn Helgaas <[email protected]> Link: https://lore.kernel.org/r/CALjTZvbzYfBuLB+H=fj2J+9=DxjQ2Uqcy0if_PvmJ-nU-qEgkg@mail.gmail.com Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 7dea3de upstream. No any behavior to variable occupied in z_erofs_attach_page() which is only caller to z_erofs_pagevec_enqueue(). Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Yue Hu <[email protected]> Reviewed-by: Gao Xiang <[email protected]> Signed-off-by: Gao Xiang <[email protected]> Signed-off-by: Gao Xiang <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 86432a6 upstream. There are pclusters in runtime marked with Z_EROFS_PCLUSTER_TAIL before actual I/O submission. Thus, the decompression chain can be extended if the following pcluster chain hooks such tail pcluster. As the related comment mentioned, if some page is made of a hooked pcluster and another followed pcluster, it can be reused for in-place I/O (since I/O should be submitted anyway): _______________________________________________________________ | tail (partial) page | head (partial) page | |_____PRIMARY_HOOKED___|____________PRIMARY_FOLLOWED____________| However, it's by no means safe to reuse as pagevec since if such PRIMARY_HOOKED pclusters finally move into bypass chain without I/O submission. It's somewhat hard to reproduce with LZ4 and I just found it (general protection fault) by ro_fsstressing a LZMA image for long time. I'm going to actively clean up related code together with multi-page folio adaption in the next few months. Let's address it directly for easier backporting for now. Call trace for reference: z_erofs_decompress_pcluster+0x10a/0x8a0 [erofs] z_erofs_decompress_queue.isra.36+0x3c/0x60 [erofs] z_erofs_runqueue+0x5f3/0x840 [erofs] z_erofs_readahead+0x1e8/0x320 [erofs] read_pages+0x91/0x270 page_cache_ra_unbounded+0x18b/0x240 filemap_get_pages+0x10a/0x5f0 filemap_read+0xa9/0x330 new_sync_read+0x11b/0x1a0 vfs_read+0xf1/0x190 Link: https://lore.kernel.org/r/[email protected] Fixes: 3883a79 ("staging: erofs: introduce VLE decompression support") Cc: <[email protected]> # 4.19+ Reviewed-by: Chao Yu <[email protected]> Signed-off-by: Gao Xiang <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Link: https://lore.kernel.org/r/[email protected] Tested-by: Florian Fainelli <[email protected]> Tested-by: Fox Chen <[email protected]> Tested-by: Shuah Khan <[email protected]> Tested-by: Rudi Heitbaum <[email protected]> Tested-by: Guenter Roeck <[email protected]> Tested-By: Scott Bruce <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
This is the 5.4.161 stable release Signed-off-by: Andrey Zhizhikin <[email protected]>
[ Upstream commit 167721a ] In kernel 5.4, support has been added for reading MTD devices via the nvmem API. For this the mtd devices are registered as read-only NVMEM providers under sysfs with the same name as the flash partition label property. So if flash partition label property of multiple flash devices are identical then the second mtd device fails to get registered as a NVMEM provider. This patch fixes the issue by having different label property for different flashes. Signed-off-by: Amit Kumar Mahapatra <[email protected]> Signed-off-by: Michal Simek <[email protected]> Link: https://lore.kernel.org/r/6c4b9b9232b93d9e316a63c086540fd5bf6b8687.1623684253.git.michal.simek@xilinx.com Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 812fa2f ] Based on commit 65a2c14 ("dt-bindings: serial: convert Cadence UART bindings to YAML") compatible string should look like differently that's why fix it to be aligned with dt binding. Signed-off-by: Michal Simek <[email protected]> Reviewed-by: Laurent Pinchart <[email protected]> Link: https://lore.kernel.org/r/89b36e0a6187cc6b05b27a035efdf79173bd4486.1628240307.git.michal.simek@xilinx.com Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 15a563d ] Running dtbs_check yielded the issues with bcm-nsp.dtsi. Firstly this patch fixes the following message by appending "-bus" to the mpcore node name: mpcore@19000000: $nodename:0: 'mpcore@19000000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$' Secondly mmc node name. The label name can remain as is. sdhci@21000: $nodename:0: 'sdhci@21000' does not match '^mmc(@.*)?$' Signed-off-by: Matthew Hagan <[email protected]> Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 9915458 ] When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure. Link: https://lore.kernel.org/r/[email protected] Co-developed-by: Justin Tee <[email protected]> Signed-off-by: Justin Tee <[email protected]> Signed-off-by: James Smart <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 894d4f1 ] According to Documentation/devicetree/bindings/watchdog/arm,sp805.yaml the compatible is: compatible = "arm,sp805", "arm,primecell"; The current compatible string doesn't exist at all. Fix it. Signed-off-by: Michael Walle <[email protected]> Signed-off-by: Wei Xu <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 6bda391 ] When VF is configured with default vlan, HW strips the vlan from the packet and driver receives it in Rx completion. VLAN needs to be reported for UD work completion only if the vlan is configured on the host. Add a check for valid vlan in the UD receive path. Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Selvin Xavier <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
…source() [ Upstream commit 1465149 ] It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. Signed-off-by: Yang Yingliang <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit b7a0a63 ] Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error. There's no need to crash systems with panic-on-warn enabled. Reviewed-by: Heikki Krogerus <[email protected]> Signed-off-by: Sven Peter <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 3f1dcaf ] The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings were written for CPU sleep but the min-residency-us param was miscalculated (supposedly, while porting this from downstream); Then, the power collapse states are setting PC on both the CPU cluster *and* the L2 cache, which have different timings: in the specific case of L2 the times are higher so these ones should be taken into account instead of the CPU ones. This parameter misconfiguration was not giving particular issues because on MSM8998 there was no CPU scaling at all, so cluster/L2 power collapse was rarely (if ever) hit. When CPU scaling is enabled, though, the wrong timings will produce SoC unstability shown to the user as random, apparently error-less, sudden reboots and/or lockups. This set of parameters are stabilizing the SoC when CPU scaling is ON and when power collapse is frequently hit. Signed-off-by: AngeloGioacchino Del Regno <[email protected]> Signed-off-by: Bjorn Andersson <[email protected]> Link: https://lore.kernel.org/r/20210901183123.1087392-3-angelogioacchino.delregno@somainline.org Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 99a7cac ] According to Documentation/devicetree/bindings/watchdog/arm,sp805.yaml the compatible is: compatible = "arm,sp805", "arm,primecell"; The current compatible string doesn't exist at all. Fix it. Signed-off-by: Michael Walle <[email protected]> Signed-off-by: Shawn Guo <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit a20f3b1 ] The initial hdac_stream code was adapted a third time with the same locking issues. Move the spin_lock outside the loops and make sure the fields are protected on read/write. Signed-off-by: Pierre-Louis Bossart <[email protected]> Acked-by: Mark Brown <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 2f9d618 ] The csi_sel mux register is located in the CCM register base and not the CCM_ANALOG register base. So move it to the correct position in code. Otherwise changing the parent of the csi clock can lead to a complete system failure due to the CCM_ANALOG_PLL_SYS_TOG register being falsely modified. Also remove the SET_RATE_PARENT flag since one possible supply for the csi_sel mux is the system PLL which we don't want to modify. Signed-off-by: Stefan Riedmueller <[email protected]> Reviewed-by: Abel Vesa <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Abel Vesa <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 92d3360 ] Add a quirk mechanism to allow specifying that active-high jack-detection should be used on platforms where this info is not available in devicetree. And add an entry for the Cyberbook T116 tablet to the DMI table, so that jack-detection will work properly on this tablet. Signed-off-by: Hans de Goede <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit d4996c6 ] Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. Change %lx to %p to print the hashed pointer. Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Guo Zhi <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit f7a07f7 ] The firmware_loader can be used with a pre-allocated buffer through the use of the API calls: o request_firmware_into_buf() o request_partial_firmware_into_buf() If the firmware was built-in and present, our current check for if the built-in firmware fits into the pre-allocated buffer does not return any errors, and we proceed to tell the caller that everything worked fine. It's a lie and no firmware would end up being copied into the pre-allocated buffer. So if the caller trust the result it may end up writing a bunch of 0's to a device! Fix this by making the function that checks for the pre-allocated buffer return non-void. Since the typical use case is when no pre-allocated buffer is provided make this return successfully for that case. If the built-in firmware does *not* fit into the pre-allocated buffer size return a failure as we should have been doing before. I'm not aware of users of the built-in firmware using the API calls with a pre-allocated buffer, as such I doubt this fixes any real life issue. But you never know... perhaps some oddball private tree might use it. In so far as upstream is concerned this just fixes our code for correctness. Signed-off-by: Luis Chamberlain <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 51b9e22 ] gpmc,mux-add-data is not boolean. Fixes the below errors flagged by dtbs_check. "ethernet@4,0:gpmc,mux-add-data: True is not of type 'array'" Signed-off-by: Roger Quadros <[email protected]> Signed-off-by: Tony Lindgren <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit eaeace6 ] Oleksandr brought a bug report where netpoll causes trace messages in the log on igb. Danielle brought this back up as still occurring, so we'll try again. [22038.710800] ------------[ cut here ]------------ [22038.710801] igb_poll+0x0/0x1440 [igb] exceeded budget in poll [22038.710802] WARNING: CPU: 12 PID: 40362 at net/core/netpoll.c:155 netpoll_poll_dev+0x18a/0x1a0 As Alex suggested, change the driver to return work_done at the exit of napi_poll, which should be safe to do in this driver because it is not polling multiple queues in this single napi context (multiple queues attached to one MSI-X vector). Several other drivers contain the same simple sequence, so I hope this will not create new problems. Fixes: 16eb881 ("igb: Refactor clean_rx_irq to reduce overhead and improve performance") Reported-by: Oleksandr Natalenko <[email protected]> Reported-by: Danielle Ratson <[email protected]> Suggested-by: Alexander Duyck <[email protected]> Signed-off-by: Jesse Brandeburg <[email protected]> Tested-by: Oleksandr Natalenko <[email protected]> Tested-by: Danielle Ratson <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 41ce097 ] It hangup when booting Loongson 3A1000 with BOTH CONFIG_PAGE_SIZE_64KB and CONFIG_MIPS_VA_BITS_48, that it turn out to use 2-level pgtable instead of 3-level. 64KB page size with 2-level pgtable only cover 42 bits VA, use 3-level pgtable to cover all 48 bits VA(55 bits) Fixes: 1e321fa ("MIPS64: Support of at least 48 bits of SEGBITS) Signed-off-by: Huang Pei <[email protected]> Signed-off-by: Thomas Bogendoerfer <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 01d9cc2 ] Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100 ip link del dev dummy1 When the dummy netdevice is removed, we will get a WARNING as following: ======================================================================= refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 and an endless loop of: ======================================================================= unregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824 That is because dev_put(real_dev) in vlan_dev_free() be called without dev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev underflow. Move the dev_hold(real_dev) to vlan_dev_init() which is the call-back of ndo_init(). That makes dev_hold() and dev_put() for vlan's real_dev symmetrical. Fixes: 563bcba ("net: vlan: fix a UAF in vlan_dev_real_dev()") Reported-by: Petr Machata <[email protected]> Suggested-by: Jakub Kicinski <[email protected]> Signed-off-by: Ziyang Xuan <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit bacb6c1 ] When applications call shutdown() with SHUT_RDWR in userspace, smc_close_active() calls kernel_sock_shutdown(), and it is called twice in smc_shutdown(). This fixes this by checking sk_state before do clcsock shutdown, and avoids missing the application's call of smc_shutdown(). Link: https://lore.kernel.org/linux-s390/[email protected]/ Fixes: 606a63c ("net/smc: Ensure the active closing peer first closes clcsock") Signed-off-by: Tony Lu <[email protected]> Reviewed-by: Wen Gu <[email protected]> Acked-by: Karsten Graul <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 8d2ad99 ] When PF is set to multi-TCs and configured mapping relationship between priorities and TCs, the hardware will active these settings for this PF and its VFs. In this case when VF just uses one TC and its rx packets contain priority, and if the priority is not mapped to TC0, as other TCs of VF is not valid, hardware always put this kind of packets to the queue 0. It cause this kind of packets of VF can not be used RSS function. To fix this problem, set tc mode of all unused TCs of VF to the setting of TC0, then rx packet with priority which map to unused TC will be direct to TC0. Fixes: e2cb1de ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support") Signed-off-by: Guangbin Huang <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
…TSTAMP [ Upstream commit 8a07546 ] The ocelot driver, when asked to timestamp all receiving packets, 1588 v1 or NTP, says "nah, here's 1588 v2 for you". According to this discussion: https://patchwork.kernel.org/project/netdevbpf/patch/[email protected]/#24577647 drivers that downgrade from a wider request to a narrower response (or even a response where the intersection with the request is empty) are buggy, and should return -ERANGE instead. This patch fixes that. Fixes: 4e3b046 ("net: mscc: PTP Hardware Clock (PHC) support") Suggested-by: Richard Cochran <[email protected]> Signed-off-by: Vladimir Oltean <[email protected]> Acked-by: Richard Cochran <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
…htool [ Upstream commit c49a35e ] The driver doesn't support RX timestamping for non-PTP packets, but it declares that it does. Restrict the reported RX filters to PTP v2 over L2 and over L4. Fixes: 4e3b046 ("net: mscc: PTP Hardware Clock (PHC) support") Signed-off-by: Vladimir Oltean <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 6663b13 ] Inconsistent node block will cause a file fail to open or read, which could make the user process crashes or stucks. Let's mark SBI_NEED_FSCK flag to trigger a fix at next fsck time. After unlinking the corrupted file, the user process could regenerate a new one and work correctly. Signed-off-by: Weichao Guo <[email protected]> Reviewed-by: Chao Yu <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
[ Upstream commit 71e6864 ] Linux allows doing a flush/fsync on a file open for read-only, but the protocol does not allow that. If the file passed in on the flush is read-only try to find a writeable handle for the same inode, if that is not possible skip sending the fsync call to the server to avoid breaking the apps. Reported-by: Julian Sikorski <[email protected]> Tested-by: Julian Sikorski <[email protected]> Suggested-by: Jeremy Allison <[email protected]> Reviewed-by: Paulo Alcantara (SUSE) <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
commit 49d8c5f upstream. The "used length" reported by calling vhost_add_used() must be the number of bytes written by the device (using "in" buffers). In vhost_vsock_handle_tx_kick() the device only reads the guest buffers (they are all "out" buffers), without writing anything, so we must pass 0 as "used length" to comply virtio spec. Fixes: 433fc58 ("VSOCK: Introduce vhost_vsock.ko") Cc: [email protected] Reported-by: Halil Pasic <[email protected]> Suggested-by: Jason Wang <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Reviewed-by: Halil Pasic <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 6cb2065 upstream. When pid filtering is activated in an instance, all of the events trace files for that instance has the PID_FILTER flag set. This determines whether or not pid filtering needs to be done on the event, otherwise the event is executed as normal. If pid filtering is enabled when an event is created (via a dynamic event or modules), its flag is not updated to reflect the current state, and the events are not filtered properly. Cc: [email protected] Fixes: 3fdaf80 ("tracing: Implement event pid filtering") Signed-off-by: Steven Rostedt (VMware) <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit fe3d100 upstream. We should not walk/touch page tables outside of VMA boundaries when holding only the mmap sem in read mode. Evil user space can modify the VMA layout just before this function runs and e.g., trigger races with page table removal code since commit dd2283f ("mm: mmap: zap pages with read mmap_sem in munmap"). gfn_to_hva() will only translate using KVM memory regions, but won't validate the VMA. Further, we should not allocate page tables outside of VMA boundaries: if evil user space decides to map hugetlbfs to these ranges, bad things will happen because we suddenly have PTE or PMD page tables where we shouldn't have them. Similarly, we have to check if we suddenly find a hugetlbfs VMA, before calling get_locked_pte(). Fixes: 2d42f94 ("s390/kvm: Add PGSTE manipulation functions") Signed-off-by: David Hildenbrand <[email protected]> Reviewed-by: Claudio Imbrenda <[email protected]> Acked-by: Heiko Carstens <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Christian Borntraeger <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 85b6d24 upstream. Currently, the exit_shm() function not designed to work properly when task->sysvshm.shm_clist holds shm objects from different IPC namespaces. This is a real pain when sysctl kernel.shm_rmid_forced = 1, because it leads to use-after-free (reproducer exists). This is an attempt to fix the problem by extending exit_shm mechanism to handle shm's destroy from several IPC ns'es. To achieve that we do several things: 1. add a namespace (non-refcounted) pointer to the struct shmid_kernel 2. during new shm object creation (newseg()/shmget syscall) we initialize this pointer by current task IPC ns 3. exit_shm() fully reworked such that it traverses over all shp's in task->sysvshm.shm_clist and gets IPC namespace not from current task as it was before but from shp's object itself, then call shm_destroy(shp, ns). Note: We need to be really careful here, because as it was said before (1), our pointer to IPC ns non-refcnt'ed. To be on the safe side we using special helper get_ipc_ns_not_zero() which allows to get IPC ns refcounter only if IPC ns not in the "state of destruction". Q/A Q: Why can we access shp->ns memory using non-refcounted pointer? A: Because shp object lifetime is always shorther than IPC namespace lifetime, so, if we get shp object from the task->sysvshm.shm_clist while holding task_lock(task) nobody can steal our namespace. Q: Does this patch change semantics of unshare/setns/clone syscalls? A: No. It's just fixes non-covered case when process may leave IPC namespace without getting task->sysvshm.shm_clist list cleaned up. Link: https://lkml.kernel.org/r/[email protected] Link: https://lkml.kernel.org/r/[email protected] Fixes: ab602f7 ("shm: make exit_shm work proportional to task activity") Co-developed-by: Manfred Spraul <[email protected]> Signed-off-by: Manfred Spraul <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]> Cc: "Eric W. Biederman" <[email protected]> Cc: Davidlohr Bueso <[email protected]> Cc: Greg KH <[email protected]> Cc: Andrei Vagin <[email protected]> Cc: Pavel Tikhomirov <[email protected]> Cc: Vasily Averin <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 48b71a9 upstream. There are two sites that calls queue_work() after the destroy_workqueue() and lead to possible UAF. The first site is nci_send_cmd(), which can happen after the nci_close_device as below nfcmrvl_nci_unregister_dev | nfc_genl_dev_up nci_close_device | flush_workqueue | del_timer_sync | nci_unregister_device | nfc_get_device destroy_workqueue | nfc_dev_up nfc_unregister_device | nci_dev_up device_del | nci_open_device | __nci_request | nci_send_cmd | queue_work !!! Another site is nci_cmd_timer, awaked by the nci_cmd_work from the nci_send_cmd. ... | ... nci_unregister_device | queue_work destroy_workqueue | nfc_unregister_device | ... device_del | nci_cmd_work | mod_timer | ... | nci_cmd_timer | queue_work !!! For the above two UAF, the root cause is that the nfc_dev_up can race between the nci_unregister_device routine. Therefore, this patch introduce NCI_UNREG flag to easily eliminate the possible race. In addition, the mutex_lock in nci_close_device can act as a barrier. Signed-off-by: Lin Ma <[email protected]> Fixes: 6a2968a ("NFC: basic NCI protocol implementation") Reviewed-by: Jakub Kicinski <[email protected]> Reviewed-by: Krzysztof Kozlowski <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 4734417 upstream. Checking buf->flags should be done before the pipe_buf_release() is called on the pipe buffer, since releasing the buffer might modify the flags. This is exactly what page_cache_pipe_buf_release() does, and which results in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was trying to fix. Reported-by: Justin Forbes <[email protected]> Fixes: 712a951 ("fuse: fix page stealing") Cc: <[email protected]> # v2.6.35 Signed-off-by: Miklos Szeredi <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 629a5d8 upstream. Sync include/xen/interface/io/ring.h with Xen's newest version in order to get the RING_COPY_RESPONSE() and RING_RESPONSE_PROD_OVERFLOW() macros. Note that this will correct the wrong license info by adding the missing original copyright notice. Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 71b6624 upstream. In order to avoid problems in case the backend is modifying a response on the ring page while the frontend has already seen it, just read the response into a local buffer in one go and then operate on that buffer only. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Acked-by: Roger Pau Monné <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 8f5a695 upstream. In order to avoid a malicious backend being able to influence the local copy of a request build the request locally first and then copy it to the ring page instead of doing it the other way round as today. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Acked-by: Roger Pau Monné <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit b94e4b1 upstream. Today blkfront will trust the backend to send only sane response data. In order to avoid privilege escalations or crashes in case of malicious backends verify the data to be within expected limits. Especially make sure that the response always references an outstanding request. Introduce a new state of the ring BLKIF_STATE_ERROR which will be switched to in case an inconsistency is being detected. Recovering from this state is possible only via removing and adding the virtual device again (e.g. via a suspend/resume cycle). Make all warning messages issued due to valid error responses rate limited in order to avoid message floods being triggered by a malicious backend. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Acked-by: Roger Pau Monné <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 8446066 upstream. In order to avoid problems in case the backend is modifying a response on the ring page while the frontend has already seen it, just read the response into a local buffer in one go and then operate on that buffer only. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 162081e upstream. In order to avoid a malicious backend being able to influence the local processing of a request build the request locally first and then copy it to the ring page. Any reading from the request influencing the processing in the frontend needs to be done on the local instance. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit 21631d2 upstream. The tx_skb_freelist elements are in a single linked list with the request id used as link reference. The per element link field is in a union with the skb pointer of an in use request. Move the link reference out of the union in order to enable a later reuse of it for requests which need a populated skb pointer. Rename add_id_to_freelist() and get_id_from_freelist() to add_id_to_list() and get_id_from_list() in order to prepare using those for other lists as well. Define ~0 as value to indicate the end of a list and place that value into the link for a request not being on the list. When freeing a skb zero the skb pointer in the request. Use a NULL value of the skb pointer instead of skb_entry_is_link() for deciding whether a request has a skb linked to it. Remove skb_entry_set_link() and open code it instead as it is really trivial now. Signed-off-by: Juergen Gross <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit a884daa upstream. Today netfront will trust the backend to send only sane response data. In order to avoid privilege escalations or crashes in case of malicious backends verify the data to be within expected limits. Especially make sure that the response always references an outstanding request. Note that only the tx queue needs special id handling, as for the rx queue the id is equal to the index in the ring page. Introduce a new indicator for the device whether it is broken and let the device stop working when it is set. Set this indicator in case the backend sets any weird data. Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
commit e679004 upstream. Xen frontends shouldn't BUG() in case of illegal data received from their backends. So replace the BUG_ON()s when reading illegal data from the ring page with negative return values. This is commit e679004 upstream. Reviewed-by: Jan Beulich <[email protected]> Signed-off-by: Juergen Gross <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Link: https://lore.kernel.org/r/[email protected] Tested-by: Shuah Khan <[email protected]> Tested-by: Hulk Robot <[email protected]> Tested-by: Florian Fainelli <[email protected]> Tested-by: Jon Hunter <[email protected]> Tested-by: Linux Kernel Functional Testing <[email protected]> Tested-by: Sudip Mukherjee <[email protected]> Tested-by: Guenter Roeck <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
This is the 5.4.163 stable release Signed-off-by: Andrey Zhizhikin <[email protected]>
mnme
added a commit
to mnme/meta-freescale
that referenced
this pull request
Jan 18, 2022
Kernel repository has been upgraded up to v5.4.163 from stable korg.
Following upstream commits are included in this version:
----
57899c4e26bf Linux 5.4.163
6c728efe164f tty: hvc: replace BUG_ON() with negative return value
c3024e1945fe xen/netfront: don't trust the backend response data blindly
828b1d3861a1 xen/netfront: disentangle tx_skb_freelist
5b757077dacd xen/netfront: don't read data from request on the ring page
5c374d830e1b xen/netfront: read response from backend only once
3456a07614b1 xen/blkfront: don't trust the backend response data blindly
6392f51a9d2e xen/blkfront: don't take local copy of a request from the ring page
ce011335cb42 xen/blkfront: read response from backend only once
61826a7884cb xen: sync include/xen/interface/io/ring.h with Xen's newest version
54f682cd4849 fuse: release pipe buf after last use
eff32973ecc3 NFC: add NCI_UNREG flag to eliminate the race
43788453983e shm: extend forced shm destroy to support objects from several IPC nses
b23c0c4c9e0a s390/mm: validate VMA in PGSTE manipulation functions
3c9a213e0edb tracing: Check pid filtering when creating events
dda227cccf14 vhost/vsock: fix incorrect used length reported to the guest
2eacc0acf6ea smb3: do not error on fsync when readonly
51be334da375 f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
3ceecea047c2 net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
ee4e3f9d3dd7 net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
0ea2e5497b8c net: hns3: fix VF RSS failed problem after PF enable multi-TCs
3b961640399b net/smc: Don't call clcsock shutdown twice when smc shutdown
5e44178864b3 net: vlan: fix underflow for the real_dev refcnt
296139e1de16 MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
9f5838471aed igb: fix netpoll exit with traffic
25980820c4f0 nvmet: use IOCB_NOWAIT only if the filesystem supports it
d54662a91faa tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
562fe6a6d2c5 PM: hibernate: use correct mode for swsusp_close()
2654e6cfc483 net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
080f6b694ef1 nvmet-tcp: fix incomplete data digest send
6c0ab2caa8d1 net/smc: Ensure the active closing peer first closes clcsock
7854de57be29 scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
67a6f64a0c84 net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
cca61bb17042 net: ipv6: add fib6_nh_release_dsts stub
ddd0518c1e09 nfp: checking parameter process for rx-usecs/tx-usecs is invalid
b638eb32c64d ipv6: fix typos in __ip6_finish_output()
8029ced6d775 iavf: Prevent changing static ITR values if adaptive moderation is on
4374e414fcbf drm/vc4: fix error code in vc4_create_object()
7e324f734a91 scsi: mpt3sas: Fix kernel panic during drive powercycle test
dc9eb93d5a0a ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
a078967dd34b NFSv42: Don't fail clone() unless the OP_CLONE operation failed
ce50e97a06bd firmware: arm_scmi: pm: Propagate return value to caller
7360abf31ce0 net: ieee802154: handle iftypes as u32
4421a196fdaf ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
76867d0cb83f ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
a848a22e9434 ARM: dts: BCM5301X: Add interrupt properties to GPIO node
03f7379e2c69 ARM: dts: BCM5301X: Fix I2C controller interrupt
17a763eab714 netfilter: ipvs: Fix reuse connection if RS weight is 0
fd7974c547ab proc/vmcore: fix clearing user buffer by properly using clear_user()
66d6eacba7a6 arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
3a4baf070c6a pinctrl: armada-37xx: Correct PWM pins definitions
086226048bcd PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
7c517d7b8898 PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
44b2776a9307 PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
bbc6201152fb PCI: aardvark: Fix link training
3d770a20950b PCI: aardvark: Simplify initialization of rootcap on virtual bridge
a06ace0d317d PCI: aardvark: Implement re-issuing config requests on CRS response
75faadcc3a0e PCI: aardvark: Fix PCIe Max Payload Size setting
c697885a1281 PCI: aardvark: Configure PCIe resources from 'ranges' DT property
e3c51ac70aae PCI: pci-bridge-emul: Fix array overruns, improve safety
ea6eef03dafb PCI: aardvark: Update comment about disabling link training
fe8a8c3a408e PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
14311e77c93e PCI: aardvark: Fix compilation on s390
93491c5d26f7 PCI: aardvark: Don't touch PCIe registers if no card connected
8b0f7b8b7839 PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
e090b2e2708e PCI: aardvark: Issue PERST via GPIO
0ad291db2d01 PCI: aardvark: Improve link training
063a98c00528 PCI: aardvark: Train link immediately after enabling training
bbe213fd12fb PCI: aardvark: Fix big endian support
5551081d845e PCI: aardvark: Wait for endpoint to be ready before training link
65d962199b7f PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
57c7d46e8b1d mdio: aspeed: Fix "Link is Down" issue
e466278662be mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
e09e868c6341 tracing: Fix pid filtering when triggers are attached
f5bbebfd7ca1 tracing/uprobe: Fix uprobe_perf_open probes iteration
5c895828f421 KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
4f1adc3f572a xen: detect uninitialized xenbus in xenbus_init
173fe1aedf67 xen: don't continue xenstore initialization in case of errors
2e1ec01af2c7 staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
e72e981d16fc staging/fbtft: Fix backlight
9b406e39e539 HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
c03ad97293d2 Revert "parisc: Fix backtrace to always include init funtion names"
4a6f918a92b0 media: cec: copy sequence field for the reply
8d0b9ea19174 ALSA: ctxfi: Fix out-of-range access
aaa83768ba39 binder: fix test regression due to sender_euid change
d797fde8644a usb: hub: Fix locking issues with address0_mutex
4b354aeea431 usb: hub: Fix usb enumeration issue due to address0 race
d00bf013aed2 usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
7b6f44856da5 net: nexthop: fix null pointer dereference when IPv6 is not enabled
9ad421aedc55 usb: dwc2: hcd_queue: Fix use of floating point literal
e44a934f9e04 usb: dwc2: gadget: Fix ISOC flow for elapsed frames
c2e05c4ed8a3 USB: serial: option: add Fibocom FM101-GL variants
ee034eae9d9b USB: serial: option: add Telit LE910S1 0x9200 composition
9334f48f5673 Linux 5.4.162
46a8e16fcf2c ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
293385739d68 ALSA: hda: hdac_ext_stream: fix potential locking issues
201340ca4eb7 hugetlbfs: flush TLBs correctly after huge_pmd_unshare
e7891b22b251 tlb: mmu_gather: add tlb_flush_*_range APIs
10e34766d8ac ice: Delete always true check of PF pointer
101485e566ce usb: max-3421: Use driver data instead of maintaining a list of bound devices
4e1b3e718f24 ASoC: DAPM: Cover regression by kctl change notification fix
56a32c82761a batman-adv: Don't always reallocate the fragmentation skb head
08bceb1e30c2 batman-adv: Reserve needed_*room for fragments
374c55d416ab batman-adv: Consider fragmentation for needed_headroom
9eff9854f82d perf/core: Avoid put_page() when GUP fails
e0122ea133cd Revert "net: mvpp2: disable force link UP during port init procedure"
4efa2509d3aa drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
c0276de0be48 drm/i915/dp: Ensure sink rate values are always valid
1c4af56ffbfb drm/nouveau: use drm_dev_unplug() during device removal
9e98622aa508 drm/udl: fix control-message timeout
52affc201fc2 cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
ca9834a1148b parisc/sticon: fix reverse colors
670f6b3867c8 btrfs: fix memory ordering between normal and ordered work functions
1c3882215946 udf: Fix crash after seekdir
f79957d274b0 s390/kexec: fix memory leak of ipl report buffer
b0e44dfb4e4c x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
f2e0cd42f198 mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
95de3703a1d0 ipc: WARN if trying to remove ipc object which is absent
8997bb6d1ecc hexagon: export raw I/O routines for modules
01a7ecd36d1e tun: fix bonding active backup with arp monitoring
7c8f778f0a3a arm64: vdso32: suppress error message for 'make mrproper'
e636f65b3d8f s390/kexec: fix return code handling
cc093e5a966d perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
cc63a789d80d perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
47a810817823 KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
307d2e6cebfc NFC: reorder the logic in nfc_{un,}register_device
da3a87eeb990 drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
e418bb556ff8 NFC: reorganize the functions in nci_request
bbb8376d58ac i40e: Fix display error code in dmesg
69e5d27af579 i40e: Fix creation of first queue by omitting it if is not power of two
5564e9129f1f i40e: Fix ping is lost after configuring ADq on VF
8509178dc001 i40e: Fix changing previously set num_queue_pairs for PFs
c30162da9132 i40e: Fix NULL ptr dereference on VSI filter sync
0a0308af22a5 i40e: Fix correct max_pkt_size on VF RX queue
fb2dbc124a7f net: virtio_net_hdr_to_skb: count transport header in UFO
d74ff10ed2d9 net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
8b2c66b0f2a0 net: sched: act_mirred: drop dst for the direction from egress to ingress
edd783162bf2 scsi: core: sysfs: Fix hang when device state is set via sysfs
446882f216ac platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
453b5b614b93 mips: lantiq: add support for clk_get_parent()
477653f3e4e4 mips: bcm63xx: add support for clk_get_parent()
426fed211b49 MIPS: generic/yamon-dt: fix uninitialized variable error
67334abd4fb7 iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
98f3badc414f iavf: validate pointers
92cecf349121 iavf: prevent accidental free of filter structure
63f032a956ed iavf: Fix failure to exit out from last all-multicast mode
926e8c83d4c1 iavf: free q_vectors before queues in iavf_disable_vf
f0222e7eee0c iavf: check for null in iavf_fix_features
b5638bc64a69 net: bnx2x: fix variable dereferenced before check
fbba0692ec4b perf tests: Remove bash construct from record+zstd_comp_decomp.sh
9e0df711f8db perf bench futex: Fix memory leak of perf_cpu_map__new()
642fc22210a5 perf bpf: Avoid memory leak from perf_env__insert_btf()
6bf5523090a7 RDMA/netlink: Add __maybe_unused to static inline in C file
ef82c3716a5a tracing/histogram: Do not copy the fixed-size char array field over the field size
80b777606925 tracing: Save normal string variables
8928e31a776a sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
a93a58bae950 mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
05311b9192be clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
ee1317e1f4b0 clk/ast2600: Fix soc revision for AHB
d6c32b4c83f6 clk: ingenic: Fix bugs with divided dividers
982d31ba5533 sh: define __BIG_ENDIAN for math-emu
214cd15d3675 sh: math-emu: drop unused functions
3d774e776f68 sh: fix kconfig unmet dependency warning for FRAME_POINTER
7727659e45f8 f2fs: fix up f2fs_lookup tracepoints
d7c612f6b1f3 maple: fix wrong return value of maple_bus_init().
9823ba8f17f8 sh: check return code of request_irq
94292e4577a2 powerpc/dcr: Use cmplwi instead of 3-argument cmpli
c6d2cefdd05c ALSA: gus: fix null pointer dereference on pointer block
513543f1eda1 powerpc/5200: dts: fix memory node unit name
3a9eae47a550 iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
a3ecee8a8fd7 scsi: target: Fix alua_tg_pt_gps_count tracking
14934afd4f5d scsi: target: Fix ordered tag handling
1ab3b4f4f46f MIPS: sni: Fix the build
d491c84df5c4 tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
80709beddb8d ALSA: ISA: not for M68K
2f8cda43c415 ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
723c1af01c35 ARM: dts: ls1021a: move thermal-zones node out of soc/
f98986b7acb4 usb: host: ohci-tmio: check return value after calling platform_get_resource()
e187c2f3f25e ARM: dts: omap: fix gpmc,mux-add-data type
3b9d8d3e4af2 firmware_loader: fix pre-allocated buf built-in firmware use
cc248790bfdc scsi: advansys: Fix kernel pointer leak
bcc1eac0bd49 ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
c9428e13417d clk: imx: imx6ul: Move csi_sel mux to correct base register
e5f8c43c8546 ASoC: SOF: Intel: hda-dai: fix potential locking issue
cb074c00b71a arm64: dts: freescale: fix arm,sp805 compatible string
a14d7038ea20 arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
30dcfcda8992 usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
3ee15f1af174 usb: musb: tusb6010: check return value after calling platform_get_resource()
ba9579f832bd RDMA/bnxt_re: Check if the vlan is valid before reporting
bf6a633b0736 arm64: dts: hisilicon: fix arm,sp805 compatible string
16bcbfb56d75 scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
51c94d6aee59 ARM: dts: NSP: Fix mpcore, mmc node names
1390f32ea964 arm64: zynqmp: Fix serial compatible string
31df0f0f1882 arm64: zynqmp: Do not duplicate flash partition label property
5c088fba39af Linux 5.4.161
b786cb3236e1 erofs: fix unsafe pagevec reuse of hooked pclusters
83de35ae27a1 erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
b37f6da8c3fc PCI: Add MSI masking quirk for Nvidia ION AHCI
db1390b60e89 PCI/MSI: Deal with devices lying about their MSI mask capability
49b55a7792ec PCI/MSI: Destroy sysfs before freeing entries
7186be970c11 parisc/entry: fix trace test in syscall exit path
258c42a8fb31 fortify: Explicitly disable Clang support
4f9a3cda1660 scsi: ufs: Fix tm request when non-fatal error happens
c468f9249d84 ext4: fix lazy initialization next schedule time computation in more granular unit
307c6f728728 MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
7be773a0288e scsi: ufs: Fix interrupt error message for shared interrupts
e3c97ba4a69e soc/tegra: pmc: Fix imbalanced clock disabling in error code path
----
Link: https://lore.kernel.org/r/[email protected] # 5.4.163
Link: Freescale/linux-fslc#507
Signed-off-by: Nicolas Jeker <[email protected]>
LeBlue
pushed a commit
to LeBlue/linux-fslc
that referenced
this pull request
Jan 20, 2022
[ Upstream commit e5c6b31 ] The struct sugov_tunables is protected by the kobject, so we can't free it directly. Otherwise we would get a call trace like this: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30 WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100 Modules linked in: CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ Freescale#507 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--) pc : debug_print_object+0xb8/0x100 lr : debug_print_object+0xb8/0x100 sp : ffff80001ecaf910 x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80 x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000 x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20 x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010 x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365 x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69 x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0 x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001 x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000 x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000 Call trace: debug_print_object+0xb8/0x100 __debug_check_no_obj_freed+0x1c0/0x230 debug_check_no_obj_freed+0x20/0x88 slab_free_freelist_hook+0x154/0x1c8 kfree+0x114/0x5d0 sugov_exit+0xbc/0xc0 cpufreq_exit_governor+0x44/0x90 cpufreq_set_policy+0x268/0x4a8 store_scaling_governor+0xe0/0x128 store+0xc0/0xf0 sysfs_kf_write+0x54/0x80 kernfs_fop_write_iter+0x128/0x1c0 new_sync_write+0xf0/0x190 vfs_write+0x2d4/0x478 ksys_write+0x74/0x100 __arm64_sys_write+0x24/0x30 invoke_syscall.constprop.0+0x54/0xe0 do_el0_svc+0x64/0x158 el0_svc+0x2c/0xb0 el0t_64_sync_handler+0xb0/0xb8 el0t_64_sync+0x198/0x19c irq event stamp: 5518 hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8 hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0 softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0 softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8 So split the original sugov_tunables_free() into two functions, sugov_clear_global_tunables() is just used to clear the global_tunables and the new sugov_tunables_free() is used as kobj_type::release to release the sugov_tunables safely. Fixes: 9bdcb44 ("cpufreq: schedutil: New governor based on scheduler utilization data") Cc: 4.7+ <[email protected]> # 4.7+ Signed-off-by: Kevin Hao <[email protected]> Acked-by: Viresh Kumar <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
MrCry0
pushed a commit
to MrCry0/linux-fslc
that referenced
this pull request
Mar 30, 2024
[ Upstream commit 0bfc033 ] Adjust the XDP feature flags for the bond device when no bond slave devices are attached. After 9b0ed89 ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY"), the empty bond device must report 0 as flags instead of NETDEV_XDP_ACT_MASK. # ./vmtest.sh -- ./test_progs -t xdp_bond [...] [ 3.983311] bond1 (unregistering): (slave veth1_1): Releasing backup interface [ 3.995434] bond1 (unregistering): Released all slaves [ 4.022311] bond2: (slave veth2_1): Releasing backup interface Freescale#507/1 xdp_bonding/xdp_bonding_attach:OK Freescale#507/2 xdp_bonding/xdp_bonding_nested:OK Freescale#507/3 xdp_bonding/xdp_bonding_features:OK Freescale#507/4 xdp_bonding/xdp_bonding_roundrobin:OK Freescale#507/5 xdp_bonding/xdp_bonding_activebackup:OK Freescale#507/6 xdp_bonding/xdp_bonding_xor_layer2:OK Freescale#507/7 xdp_bonding/xdp_bonding_xor_layer23:OK Freescale#507/8 xdp_bonding/xdp_bonding_xor_layer34:OK Freescale#507/9 xdp_bonding/xdp_bonding_redirect_multi:OK Freescale#507 xdp_bonding:OK Summary: 1/9 PASSED, 0 SKIPPED, 0 FAILED [ 4.185255] bond2 (unregistering): Released all slaves [...] Fixes: 9b0ed89 ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY") Signed-off-by: Daniel Borkmann <[email protected]> Reviewed-by: Toke Høiland-Jørgensen <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automatic merge performed, no conflicts reported.
Kernel has been built for both aarch64 (
defconfig) and arm32 (imx_v6_v7_defconfig).-- andrey