May 2020 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.124 release. There are 80 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 May 2020 17:32:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.124-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.124-rc1 Sergei Trofimovich <slyfox(a)gentoo.org> Makefile: disallow data races on gcc-10 as well Jim Mattson <jmattson(a)google.com> KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7740: Add missing extal2 to CPG node Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> arm64: dts: renesas: r8a77980: Fix IPMMU VIP[01] nodes Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a73a4: Add missing CMT1 interrupts Chen-Yu Tsai <wens(a)csie.org> arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy Chen-Yu Tsai <wens(a)csie.org> arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards Marc Zyngier <maz(a)kernel.org> clk: Unlink clock if failed to prepare or enable Kai-Heng Feng <kai.heng.feng(a)canonical.com> Revert "ALSA: hda/realtek: Fix pop noise on ALC225" Wei Yongjun <weiyongjun1(a)huawei.com> usb: gadget: legacy: fix error return code in cdc_bind() Wei Yongjun <weiyongjun1(a)huawei.com> usb: gadget: legacy: fix error return code in gncm_bind() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: gadget: audio: Fix a missing error return value in audio_bind() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' John Stultz <john.stultz(a)linaro.org> dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() Justin Swartz <justin.swartz(a)risingedge.co.za> clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks Eric W. Biederman <ebiederm(a)xmission.com> exec: Move would_dump into flush_old_exec Josh Poimboeuf <jpoimboe(a)redhat.com> x86/unwind/orc: Fix error handling in __unwind_start() Borislav Petkov <bp(a)suse.de> x86: Fix early boot crash on gcc-10, third try Adam McCoy <adam(a)forsedomani.com> cifs: fix leaked reference on requeued write Fabio Estevam <festevam(a)gmail.com> ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries Kishon Vijay Abraham I <kishon(a)ti.com> ARM: dts: dra7: Fix bus_dma_limit for PCIe Sriharsha Allenki <sallenki(a)codeaurora.org> usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list Kyungtae Kim <kt0755(a)gmail.com> USB: gadget: fix illegal array access in binding with UDC Li Jun <jun.li(a)nxp.com> usb: host: xhci-plat: keep runtime active when removing host Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B Jesus Ramos <jesus-ramos(a)live.com> ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix racy buffer resize under concurrent accesses Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: avoid shadowing standard library 'free()' in crypto Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'restrict' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'stringop-overflow' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'array-bounds' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'zero-length-bounds' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> Stop the ad-hoc games with -Wno-maybe-initialized Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10 warnings: fix low-hanging fruit Jason Gunthorpe <jgg(a)ziepe.ca> pnp: Use list_for_each_entry() instead of open coding Samu Nuutamo <samu.nuutamo(a)vincit.fi> hwmon: (da9052) Synchronize access with mfd Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Test return value of calls to ib_get_cached_pkey Stefano Brivio <sbrivio(a)redhat.com> netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() Christoph Hellwig <hch(a)lst.de> arm64: fix the flush_icache_range arguments in machine_kexec Arnd Bergmann <arnd(a)arndb.de> netfilter: conntrack: avoid gcc-10 zero-length-bounds warning Dave Wysochanski <dwysocha(a)redhat.com> NFSv4: Fix fscache cookie aux_data to ensure change_attr is included Arnd Bergmann <arnd(a)arndb.de> nfs: fscache: use timespec64 in inode auxdata Dave Wysochanski <dwysocha(a)redhat.com> NFS: Fix fscache super_cookie index_key from changing after umount Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Fix request completion in the CQE timeout path Veerabhadrarao Badiganti <vbadigan(a)codeaurora.org> mmc: core: Check request type before completing the request Dan Carpenter <dan.carpenter(a)oracle.com> i40iw: Fix error handling in i40iw_manage_arp_cache() Grace Kao <grace.kao(a)intel.com> pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: baytrail: Enable pin configuration setting for GPIO chip Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Another gfs2_walk_metadata fix Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse Vasily Averin <vvs(a)virtuozzo.com> ipc/util.c: sysvipc_find_ipc() incorrectly updates position index Vasily Averin <vvs(a)virtuozzo.com> drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: fix race in monitor detection during probe Chris Wilson <chris(a)chris-wilson.co.uk> cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once Lubomir Rintel <lkundrak(a)v3.sk> dmaengine: mmp_tdma: Reset channel error on release Madhuparna Bhowmik <madhuparnabhowmik10(a)gmail.com> dmaengine: pch_dma.c: Avoid data race between probe and irq handler Ilie Halip <ilie.halip(a)gmail.com> riscv: fix vdso build with lld Eric Dumazet <edumazet(a)google.com> tcp: fix SO_RCVLOWAT hangs with fat skbs Kelly Littlepage <kelly(a)onechronos.com> net: tcp: fix rx timestamp behavior for tcp_recvmsg Zefan Li <lizefan(a)huawei.com> netprio_cgroup: Fix unlimited memory leak of v2 cgroups Paolo Abeni <pabeni(a)redhat.com> net: ipv4: really enforce backoff for redirects Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: loop: Add module soft dependency Luo bin <luobin9(a)huawei.com> hinic: fix a bug of ndo_stop Michael S. Tsirkin <mst(a)redhat.com> virtio_net: fix lockdep warning on 32 bit Eric Dumazet <edumazet(a)google.com> tcp: fix error recovery in tcp_zerocopy_receive() Maciej Żenczykowski <maze(a)google.com> Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" Guillaume Nault <gnault(a)redhat.com> pppoe: only process PADT targeted at local interfaces Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fix aneg restart in phy_ethtool_set_eee Paolo Abeni <pabeni(a)redhat.com> netlabel: cope with NULL catmap Cong Wang <xiyou.wangcong(a)gmail.com> net: fix a potential recursive NETDEV_FEAT_CHANGE Raul E Rangel <rrangel(a)chromium.org> mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040 Wu Bo <wubo40(a)huawei.com> scsi: sg: add sg_remove_request in sg_write Stefan Hajnoczi <stefanha(a)redhat.com> virtio-blk: handle block_device_operations callbacks after hot unplug Arnd Bergmann <arnd(a)arndb.de> drop_monitor: work around gcc-10 stringop-overflow warning Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: moxa: Fix a potential double 'free_irq()' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' Hugh Dickins <hughd(a)google.com> shmem: fix possible deadlocks on shmlock_user_lock Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not make user port errors fatal ------------- Diffstat: Makefile | 25 ++++--- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 4 +- arch/arm/boot/dts/r8a73a4.dtsi | 9 ++- arch/arm/boot/dts/r8a7740.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77980.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3328-evb.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3328-rock64.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 4 +- arch/arm64/kernel/machine_kexec.c | 1 + arch/riscv/kernel/vdso/Makefile | 6 +- arch/x86/include/asm/stackprotector.h | 7 +- arch/x86/kernel/smpboot.c | 8 +++ arch/x86/kernel/unwind_orc.c | 16 +++-- arch/x86/kvm/x86.c | 2 +- arch/x86/xen/smp_pv.c | 1 + crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/block/virtio_blk.c | 86 ++++++++++++++++++++--- drivers/clk/clk.c | 3 + drivers/clk/rockchip/clk-rk3228.c | 17 ++--- drivers/cpufreq/intel_pstate.c | 2 +- drivers/dma/mmp_tdma.c | 2 + drivers/dma/pch_dma.c | 2 +- drivers/gpu/drm/qxl/qxl_image.c | 3 +- drivers/hwmon/da9052-hwmon.c | 4 +- drivers/infiniband/hw/i40iw/i40iw_hw.c | 2 +- drivers/infiniband/hw/mlx4/qp.c | 14 +++- drivers/mmc/core/block.c | 3 +- drivers/mmc/core/queue.c | 3 +- drivers/mmc/host/sdhci-acpi.c | 10 +-- drivers/net/dsa/dsa_loop.c | 1 + drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c | 16 +++-- drivers/net/ethernet/huawei/hinic/hinic_main.c | 16 +---- drivers/net/ethernet/moxa/moxart_ether.c | 2 +- drivers/net/ethernet/natsemi/jazzsonic.c | 6 +- drivers/net/phy/phy.c | 8 ++- drivers/net/ppp/pppoe.c | 3 + drivers/net/virtio_net.c | 6 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 1 + drivers/pinctrl/intel/pinctrl-cherryview.c | 4 ++ drivers/scsi/sg.c | 4 +- drivers/usb/core/hub.c | 6 +- drivers/usb/dwc3/gadget.c | 3 - drivers/usb/gadget/configfs.c | 3 + drivers/usb/gadget/legacy/audio.c | 4 +- drivers/usb/gadget/legacy/cdc2.c | 4 +- drivers/usb/gadget/legacy/ncm.c | 4 +- drivers/usb/gadget/udc/net2272.c | 2 + drivers/usb/host/xhci-plat.c | 4 +- drivers/usb/host/xhci-ring.c | 4 +- fs/cifs/cifssmb.c | 2 +- fs/exec.c | 4 +- fs/gfs2/bmap.c | 16 +++-- fs/nfs/fscache-index.c | 6 +- fs/nfs/fscache.c | 31 ++++---- fs/nfs/fscache.h | 8 ++- include/linux/compiler.h | 6 ++ include/linux/fs.h | 2 +- include/linux/pnp.h | 29 +++----- include/linux/tty.h | 2 +- include/net/netfilter/nf_conntrack.h | 2 +- include/net/tcp.h | 13 ++++ include/sound/rawmidi.h | 1 + init/main.c | 2 + ipc/util.c | 12 ++-- mm/shmem.c | 7 +- net/core/dev.c | 4 +- net/core/drop_monitor.c | 11 +-- net/core/netprio_cgroup.c | 2 + net/dsa/dsa2.c | 2 +- net/ipv4/cipso_ipv4.c | 6 +- net/ipv4/route.c | 2 +- net/ipv4/tcp.c | 27 ++++--- net/ipv4/tcp_input.c | 3 +- net/ipv6/calipso.c | 3 +- net/ipv6/route.c | 6 +- net/netfilter/nf_conntrack_core.c | 4 +- net/netfilter/nft_set_rbtree.c | 17 +++-- net/netlabel/netlabel_kapi.c | 6 ++ sound/core/rawmidi.c | 31 ++++++-- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 28 +++++++- sound/usb/quirks.c | 9 +-- 84 files changed, 452 insertions(+), 209 deletions(-)

4 years, 9 months

12
102
0 0

[PATCH] x86/mm: Fix boot with some memory above MAXMEM

by Kirill A. Shutemov

A 5-level paging capable machine can have memory above 46-bit in the physical address space. This memory is only addressable in the 5-level paging mode: we don't have enough virtual address space to create direct mapping for such memory in the 4-level paging mode. Currently, we fail boot completely: NULL pointer dereference in subsection_map_init(). Skip creating a memblock for such memory instead and notify user that some memory is not addressable. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Dave Hansen <dave.hansen(a)intel.com> Cc: stable(a)vger.kernel.org # v4.14 --- Tested with a hacked QEMU: https://gist.github.com/kiryl/d45eb54110944ff95e544972d8bdac1d --- arch/x86/kernel/e820.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c index c5399e80c59c..d320d37d0f95 100644 --- a/arch/x86/kernel/e820.c +++ b/arch/x86/kernel/e820.c @@ -1280,8 +1280,8 @@ void __init e820__memory_setup(void) void __init e820__memblock_setup(void) { + u64 size, end, not_addressable = 0; int i; - u64 end; /* * The bootstrap memblock region count maximum is 128 entries @@ -1307,7 +1307,22 @@ void __init e820__memblock_setup(void) if (entry->type != E820_TYPE_RAM && entry->type != E820_TYPE_RESERVED_KERN) continue; - memblock_add(entry->addr, entry->size); + if (entry->addr >= MAXMEM) { + not_addressable += entry->size; + continue; + } + + end = min_t(u64, end, MAXMEM - 1); + size = end - entry->addr; + not_addressable += entry->size - size; + memblock_add(entry->addr, size); + } + + if (not_addressable) { + pr_err("%lldGB of physical memory is not addressable in the paging mode\n", + not_addressable >> 30); + if (!pgtable_l5_enabled()) + pr_err("Consider enabling 5-level paging\n"); } /* Throw away partial pages: */ -- 2.26.2

4 years, 9 months

4
7
0 0

[PATCH v2] Backport xfs security fix to 4.9 and 4.4 stable trees

by Siddharth Chandrasekaran

Hello, Lack of proper validation that cached inodes are free during allocation can, cause a crash in fs/xfs/xfs_icache.c (refer: CVE-2018-13093). To address this issue, I'm backporting upstream commit [1] to 4.4 and 4.9 stable trees (a backport of [1] to 4.14 already exists). Also, commit [1] references another commit [2] which added checks only to xfs_iget_cache_miss(). In this patch, those checks have been moved into a dedicated checker method and both xfs_iget_cache_miss() and xfs_iget_cache_hit() are made to call that method. This code reorg in commit [1], makes commit [2] redundant in the history of the 4.9 and 4.4 stable trees. So commit [2] is not being backported. -- Sid [1]: afca6c5b2595 ("xfs: validate cached inodes are free when allocated") [2]: ee457001ed6c ("xfs: catch inode allocation state mismatch corruption") change log: v2: - Reword cover letter. - Fix accidental worong patch that got mailed. -- 2.7.4

4 years, 9 months

4
6
0 0

Re: [PATCH] iommu/dma: limit iova free size to unmmaped iova

by guptap＠codeaurora.org

On 2020-05-22 01:46, Robin Murphy wrote: > On 2020-05-21 12:30, Prakash Gupta wrote: >> Limit the iova size while freeing based on unmapped size. In absence >> of >> this even with unmap failure, invalid iova is pushed to iova rcache >> and >> subsequently can cause panic while rcache magazine is freed. > > Can you elaborate on that panic? > We have seen couple of stability issues around this. Below is one such example: kernel BUG at kernel/msm-4.19/drivers/iommu/iova.c:904! iova_magazine_free_pfns iova_rcache_insert free_iova_fast __iommu_unmap_page iommu_dma_unmap_page It turned out an iova pfn 0 got into iova_rcache. One possibility I see is where client unmap with invalid dma_addr. The unmap call will fail and warn on and still try to free iova. This will cause invalid pfn to be inserted into rcache. As and when the magazine with invalid pfn will be freed private_find_iova() will return NULL for invalid iova and meet bug condition. >> Signed-off-by: Prakash Gupta <guptap(a)codeaurora.org> >> >> :100644 100644 4959f5df21bd 098f7d377e04 M drivers/iommu/dma-iommu.c >> >> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c >> index 4959f5df21bd..098f7d377e04 100644 >> --- a/drivers/iommu/dma-iommu.c >> +++ b/drivers/iommu/dma-iommu.c >> @@ -472,7 +472,8 @@ static void __iommu_dma_unmap(struct device *dev, >> dma_addr_t dma_addr, >> if (!cookie->fq_domain) >> iommu_tlb_sync(domain, &iotlb_gather); >> - iommu_dma_free_iova(cookie, dma_addr, size); >> + if (unmapped) >> + iommu_dma_free_iova(cookie, dma_addr, unmapped); > > Frankly, if any part of the unmap fails then things have gone > catastrophically wrong already, but either way this isn't right. The > IOVA API doesn't support partial freeing - an IOVA *must* be freed > with its original size, or not freed at all, otherwise it will corrupt > the state of the rcaches and risk a cascade of further misbehaviour > for future callers. > I agree, we shouldn't be freeing the partial iova. Instead just making sure if unmap was successful should be sufficient before freeing iova. So change can instead be something like this: - iommu_dma_free_iova(cookie, dma_addr, size); + if (unmapped) + iommu_dma_free_iova(cookie, dma_addr, size); > TBH my gut feeling here is that you're really just trying to treat a > symptom of another bug elsewhere, namely some driver calling > dma_unmap_* or dma_free_* with the wrong address or size in the first > place. > This condition would arise only if driver calling dma_unmap/free_* with 0 iova_pfn. This will be flagged with a warning during unmap but will trigger panic later on while doing unrelated dma_map/unmap_*. If unmapped has already failed for invalid iova, there is no reason we should consider this as valid iova and free. This part should be fixed. On 2020-05-22 00:19, Andrew Morton wrote: > I think we need a cc:stable here? > Added now. Thanks, Prakash

4 years, 9 months

2
5
0 0

[PATCH] pwm: lpss: Fix get_state runtime-pm reference handling

by Hans de Goede

Before commit cfc4c189bc70 ("pwm: Read initial hardware state at request time"), a driver's get_state callback would get called once per PWM from pwmchip_add(). pwm-lpss' runtime-pm code was relying on this, getting a runtime-pm ref for PWMs which are enabled at probe time from within its get_state callback, before enabling runtime-pm. The change to calling get_state at request time causes a number of problems: 1. PWMs enabled at probe time may get runtime suspended before they are requested, causing e.g. a LCD backlight controlled by the PWM to turn off. 2. When the request happens when the PWM has been runtime suspended, the ctrl register will read all 1 / 0xffffffff, causing get_state to store bogus values in the pwm_state. 3. get_state was using an async pm_runtime_get() call, because it assumed that runtime-pm has not been enabled yet. If shortly after the request an apply call is made, then the pwm_lpss_is_updating() check may trigger because the resume triggered by the pm_runtime_get() call is not complete yet, so the ctrl register still reads all 1 / 0xffffffff. This commit fixes these issues by moving the initial pm_runtime_get() call for PWMs which are enabled at probe time to the pwm_lpss_probe() function; and by making get_state take a runtime-pm ref before reading the ctrl reg. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1828927 Fixes: cfc4c189bc70 ("pwm: Read initial hardware state at request time") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/pwm/pwm-lpss.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/pwm/pwm-lpss.c b/drivers/pwm/pwm-lpss.c index 75bbfe5f3bc2..9d965ffe66d1 100644 --- a/drivers/pwm/pwm-lpss.c +++ b/drivers/pwm/pwm-lpss.c @@ -158,7 +158,6 @@ static int pwm_lpss_apply(struct pwm_chip *chip, struct pwm_device *pwm, return 0; } -/* This function gets called once from pwmchip_add to get the initial state */ static void pwm_lpss_get_state(struct pwm_chip *chip, struct pwm_device *pwm, struct pwm_state *state) { @@ -167,6 +166,8 @@ static void pwm_lpss_get_state(struct pwm_chip *chip, struct pwm_device *pwm, unsigned long long base_unit, freq, on_time_div; u32 ctrl; + pm_runtime_get_sync(chip->dev); + base_unit_range = BIT(lpwm->info->base_unit_bits); ctrl = pwm_lpss_read(pwm); @@ -187,8 +188,7 @@ static void pwm_lpss_get_state(struct pwm_chip *chip, struct pwm_device *pwm, state->polarity = PWM_POLARITY_NORMAL; state->enabled = !!(ctrl & PWM_ENABLE); - if (state->enabled) - pm_runtime_get(chip->dev); + pm_runtime_put(chip->dev); } static const struct pwm_ops pwm_lpss_ops = { @@ -202,7 +202,8 @@ struct pwm_lpss_chip *pwm_lpss_probe(struct device *dev, struct resource *r, { struct pwm_lpss_chip *lpwm; unsigned long c; - int ret; + int i, ret; + u32 ctrl; if (WARN_ON(info->npwm > MAX_PWMS)) return ERR_PTR(-ENODEV); @@ -232,6 +233,12 @@ struct pwm_lpss_chip *pwm_lpss_probe(struct device *dev, struct resource *r, return ERR_PTR(ret); } + for (i = 0; i < lpwm->info->npwm; i++) { + ctrl = pwm_lpss_read(&lpwm->chip.pwms[i]); + if (ctrl & PWM_ENABLE) + pm_runtime_get(dev); + } + return lpwm; } EXPORT_SYMBOL_GPL(pwm_lpss_probe); -- 2.26.0

4 years, 9 months

3
3
0 0

[PATCH v2 0/2] crypto: virtio: Fix two crash issue

by Longpeng(Mike)

Link: https://lkml.org/lkml/2020/1/23/205 Changes since v1: - remove some redundant checks [Jason] - normalize the commit message [Markus] Cc: Gonglei <arei.gonglei(a)huawei.com> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Markus Elfring <Markus.Elfring(a)web.de> Cc: virtualization(a)lists.linux-foundation.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Longpeng(Mike) (2): crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() drivers/crypto/virtio/virtio_crypto_algs.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) -- 2.23.0

4 years, 9 months

7
16
0 0

[PATCH stable-4.19.y] net: phy: reschedule state machine if AN has not completed in PHY_AN state

by Vladimir Oltean

From: Vladimir Oltean <vladimir.oltean(a)nxp.com> In kernel 4.19 (and probably earlier too) there are issues surrounding the PHY_AN state. For example, if a PHY is in PHY_AN state and AN has not finished, then what is supposed to happen is that the state machine gets rescheduled until it is, or until the link_timeout reaches zero which triggers an autoneg restart process. But actually the rescheduling never works if the PHY uses interrupts, because the condition under which rescheduling occurs is just if phy_polling_mode() is true. So basically, this whole rescheduling functionality works for AN-not-yet-complete just by mistake. Let me explain. Most of the time the AN process manages to finish by the time the interrupt has triggered. One might say "that should always be the case, otherwise the PHY wouldn't raise the interrupt, right?". Well, some PHYs implement an .aneg_done method which allows them to tell the state machine when the AN is really complete. The AR8031/AR8033 driver (at803x.c) is one such example. Even when copper autoneg completes, the driver still keeps the "aneg_done" variable unset until in-band SGMII autoneg finishes too (there is no interrupt for that). So we have the premises of a race condition. In practice, what really happens depends on the log level of the serial console. If the log level is verbose enough that kernel messages related to the Ethernet link state are printed to the console, then this gives in-band AN enough time to complete, which means the link will come up and everyone will be happy. But if the console is not that verbose, the link will sometimes come up, and sometimes will be forced down by the .aneg_done of the PHY driver (forever, since we are not rescheduling). The conclusion is that an extra condition needs to be explicitly added, so that the state machine can be rescheduled properly. Otherwise PHY devices in interrupt mode will never work properly if they have an .aneg_done callback. In more recent kernels, the whole PHY_AN state was removed by Heiner Kallweit in the "[net-next,0/5] net: phy: improve and simplify phylib state machine" series here: https://patchwork.ozlabs.org/cover/994464/ and the problem was just masked away instead of being addressed with a punctual patch. Fixes: 76a423a3f8f1 ("net: phy: allow driver to implement their own aneg_done") Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> --- I'm not sure the procedure I'm following is correct, sending this directly to Greg. The patch doesn't apply on net. drivers/net/phy/phy.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c index cc454b8c032c..ca4fd74fd2c8 100644 --- a/drivers/net/phy/phy.c +++ b/drivers/net/phy/phy.c @@ -934,7 +934,7 @@ void phy_state_machine(struct work_struct *work) struct delayed_work *dwork = to_delayed_work(work); struct phy_device *phydev = container_of(dwork, struct phy_device, state_queue); - bool needs_aneg = false, do_suspend = false; + bool recheck = false, needs_aneg = false, do_suspend = false; enum phy_state old_state; int err = 0; int old_link; @@ -981,6 +981,8 @@ void phy_state_machine(struct work_struct *work) phy_link_up(phydev); } else if (0 == phydev->link_timeout--) needs_aneg = true; + else + recheck = true; break; case PHY_NOLINK: if (!phy_polling_mode(phydev)) @@ -1123,7 +1125,7 @@ void phy_state_machine(struct work_struct *work) * PHY, if PHY_IGNORE_INTERRUPT is set, then we will be moving * between states from phy_mac_interrupt() */ - if (phy_polling_mode(phydev)) + if (phy_polling_mode(phydev) || recheck) queue_delayed_work(system_power_efficient_wq, &phydev->state_queue, PHY_STATE_TIME * HZ); } -- 2.25.1

4 years, 9 months

3
8
0 0

[PATCH v4 07/10] PCI: qcom: Define some PARF params needed for ipq8064 SoC

by Ansuel Smith

Set some specific value for Tx De-Emphasis, Tx Swing and Rx equalization needed on some ipq8064 based device (Netgear R7800 for example). Without this the system locks on kernel load. Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver") Signed-off-by: Ansuel Smith <ansuelsmth(a)gmail.com> Cc: stable(a)vger.kernel.org # v4.5+ --- drivers/pci/controller/dwc/pcie-qcom.c | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index f2ea1ab6f584..f5398b0d270c 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -46,6 +46,9 @@ #define PCIE20_PARF_PHY_CTRL 0x40 #define PCIE20_PARF_PHY_REFCLK 0x4C +#define PHY_REFCLK_SSP_EN BIT(16) +#define PHY_REFCLK_USE_PAD BIT(12) + #define PCIE20_PARF_DBI_BASE_ADDR 0x168 #define PCIE20_PARF_SLV_ADDR_SPACE_SIZE 0x16C #define PCIE20_PARF_MHI_CLOCK_RESET_CTRL 0x174 @@ -77,6 +80,18 @@ #define DBI_RO_WR_EN 1 #define PERST_DELAY_US 1000 +/* PARF registers */ +#define PCIE20_PARF_PCS_DEEMPH 0x34 +#define PCS_DEEMPH_TX_DEEMPH_GEN1(x) ((x) << 16) +#define PCS_DEEMPH_TX_DEEMPH_GEN2_3_5DB(x) ((x) << 8) +#define PCS_DEEMPH_TX_DEEMPH_GEN2_6DB(x) ((x) << 0) + +#define PCIE20_PARF_PCS_SWING 0x38 +#define PCS_SWING_TX_SWING_FULL(x) ((x) << 8) +#define PCS_SWING_TX_SWING_LOW(x) ((x) << 0) + +#define PCIE20_PARF_CONFIG_BITS 0x50 +#define PHY_RX0_EQ(x) ((x) << 24) #define PCIE20_v3_PARF_SLV_ADDR_SPACE_SIZE 0x358 #define SLV_ADDR_SPACE_SZ 0x10000000 @@ -293,6 +308,7 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) struct qcom_pcie_resources_2_1_0 *res = &pcie->res.v2_1_0; struct dw_pcie *pci = pcie->pci; struct device *dev = pci->dev; + struct device_node *node = dev->of_node; u32 val; int ret; @@ -347,6 +363,17 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) val &= ~BIT(0); writel(val, pcie->parf + PCIE20_PARF_PHY_CTRL); + if (of_device_is_compatible(node, "qcom,pcie-ipq8064")) { + writel(PCS_DEEMPH_TX_DEEMPH_GEN1(24) | + PCS_DEEMPH_TX_DEEMPH_GEN2_3_5DB(24) | + PCS_DEEMPH_TX_DEEMPH_GEN2_6DB(34), + pcie->parf + PCIE20_PARF_PCS_DEEMPH); + writel(PCS_SWING_TX_SWING_FULL(120) | + PCS_SWING_TX_SWING_LOW(120), + pcie->parf + PCIE20_PARF_PCS_SWING); + writel(PHY_RX0_EQ(4), pcie->parf + PCIE20_PARF_CONFIG_BITS); + } + /* enable external reference clock */ val = readl(pcie->parf + PCIE20_PARF_PHY_REFCLK); val |= BIT(16); -- 2.25.1

4 years, 9 months

3
2
0 0

nvme blk_update_request IO error is seen on stable kernel 5.4.41.

by Dakshaja Uppalapati

Hi all, Issue which is reported in https://lore.kernel.org/linux-nvme/CH2PR12MB40050ACF 2C0DC7439355ED3FDD270(a)CH2PR12MB4005.namprd12.prod.outlook.com/T/#r8cfc80b26f0cd 1cde41879a68fd6a71186e9594c is also seen on stable kernel 5.4.41. In upstream issue is fixed with commit b716e6889c95f64b. For stable 5.4 kernel it doesn’t apply clean and needs pulling in the following commits. commit 2cb6963a16e9e114486decf591af7cb2d69cb154 Author: Christoph Hellwig <hch(a)lst.de> Date: Wed Oct 23 10:35:41 2019 -0600 commit 6f86f2c9d94d55c4d3a6f1ffbc2e1115b5cb38a8 Author: Christoph Hellwig <hch(a)lst.de> Date: Wed Oct 23 10:35:42 2019 -0600 commit 59ef0eaa7741c3543f98220cc132c61bf0230bce Author: Christoph Hellwig <hch(a)lst.de> Date: Wed Oct 23 10:35:43 2019 -0600 commit e9061c397839eea34207668bfedce0a6c18c5015 Author: Christoph Hellwig <hch(a)lst.de> Date: Wed Oct 23 10:35:44 2019 -0600 commit b716e6889c95f64ba32af492461f6cc9341f3f05 Author: Sagi Grimberg <sagi(a)grimberg.me> Date: Sun Jan 26 23:23:28 2020 -0800 I tried a patch by including only necessary parts of the commits e9061c397839, 59ef0eaa7741 and b716e6889c95. PFA. With the attached patch, issue is not seen. Please let me know on how to fix it in stable, can all above 5 changes be cleanly pushed or if attached shorter version can be pushed? Thanks, Dakshaja.

4 years, 9 months

2
9
0 0

Re: [PATCH] perf: Make perf able to build with latest libbfd

by Marek Vasut

Hi, since commit 0ada120c883d ("perf: Make perf able to build with latest libbfd") is in master, can it be backported to stable as well? I keep hitting this with too new binutils on Linux 5.4.y and I have to keep cherry-picking this commit to fix it. Thanks

4 years, 9 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2020