June 2022 - Linux-stable-mirror

FAILED: patch "[PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14073ce951b5919da450022c050772902f24f054 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 3 Mar 2022 13:08:55 +0200 Subject: [PATCH] xhci: make xhci_handshake timeout for xhci_reset() adjustable xhci_reset() timeout was increased from 250ms to 10 seconds in order to give Renesas 720201 xHC enough time to get ready in probe. xhci_reset() is called with interrupts disabled in other places, and waiting for 10 seconds there is not acceptable. Add a timeout parameter to xhci_reset(), and adjust it back to 250ms when called from xhci_stop() or xhci_shutdown() where interrupts are disabled, and successful reset isn't that critical. This solves issues when deactivating host mode on platforms like SM8450. For now don't change the timeout if xHC is reset in xhci_resume(). No issues are reported for it, and we need the reset to succeed. Locking around that reset needs to be revisited later. Additionally change the signed integer timeout parameter in xhci_handshake() to a u64 to match the timeout value we pass to readl_poll_timeout_atomic() Fixes: 22ceac191211 ("xhci: Increase reset timeout for Renesas 720201 host.") Cc: stable(a)vger.kernel.org Reported-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Reported-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Tested-by: Pavan Kondeti <quic_pkondeti(a)quicinc.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20220303110903.1662404-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index df3522dab31b..bb4f01ce90e3 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -762,7 +762,7 @@ static int xhci_exit_test_mode(struct xhci_hcd *xhci) } pm_runtime_allow(xhci_to_hcd(xhci)->self.controller); xhci->test_mode = 0; - return xhci_reset(xhci); + return xhci_reset(xhci, XHCI_RESET_SHORT_USEC); } void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port, diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index cb70d0b31e08..48114a462908 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2575,7 +2575,7 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) fail: xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); xhci_mem_cleanup(xhci); return -ENOMEM; } diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index a1c781f70d02..6b32f7e65d4c 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -65,7 +65,7 @@ static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) * handshake done). There are two failure modes: "usec" have passed (major * hardware flakeout), or the register reads as all-ones (hardware removed). */ -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) { u32 result; int ret; @@ -73,7 +73,7 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec) ret = readl_poll_timeout_atomic(ptr, result, (result & mask) == done || result == U32_MAX, - 1, usec); + 1, timeout_us); if (result == U32_MAX) /* card removed */ return -ENODEV; @@ -162,7 +162,7 @@ int xhci_start(struct xhci_hcd *xhci) * Transactions will be terminated immediately, and operational registers * will be set to their defaults. */ -int xhci_reset(struct xhci_hcd *xhci) +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) { u32 command; u32 state; @@ -195,8 +195,7 @@ int xhci_reset(struct xhci_hcd *xhci) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake(&xhci->op_regs->command, - CMD_RESET, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; @@ -209,8 +208,7 @@ int xhci_reset(struct xhci_hcd *xhci) * xHCI cannot write to any doorbells or operational registers other * than status until the "Controller Not Ready" flag is cleared. */ - ret = xhci_handshake(&xhci->op_regs->status, - STS_CNR, 0, 10 * 1000 * 1000); + ret = xhci_handshake(&xhci->op_regs->status, STS_CNR, 0, timeout_us); xhci->usb2_rhub.bus_state.port_c_suspend = 0; xhci->usb2_rhub.bus_state.suspended_ports = 0; @@ -731,7 +729,7 @@ static void xhci_stop(struct usb_hcd *hcd) xhci->xhc_state |= XHCI_STATE_HALTED; xhci->cmd_ring_state = CMD_RING_STATE_STOPPED; xhci_halt(xhci); - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -784,7 +782,7 @@ void xhci_shutdown(struct usb_hcd *hcd) xhci_halt(xhci); /* Workaround for spurious wakeups at shutdown with HSW */ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - xhci_reset(xhci); + xhci_reset(xhci, XHCI_RESET_SHORT_USEC); spin_unlock_irq(&xhci->lock); xhci_cleanup_msix(xhci); @@ -1170,7 +1168,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; @@ -5307,7 +5305,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) xhci_dbg(xhci, "Resetting HCD\n"); /* Reset the internal HC memory state and registers. */ - retval = xhci_reset(xhci); + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); if (retval) return retval; xhci_dbg(xhci, "Reset complete\n"); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8a0026ee9524..fce32f8ea9d0 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -229,6 +229,9 @@ struct xhci_op_regs { #define CMD_ETE (1 << 14) /* bits 15:31 are reserved (and should be preserved on writes). */ +#define XHCI_RESET_LONG_USEC (10 * 1000 * 1000) +#define XHCI_RESET_SHORT_USEC (250 * 1000) + /* IMAN - Interrupt Management Register */ #define IMAN_IE (1 << 1) #define IMAN_IP (1 << 0) @@ -2081,11 +2084,11 @@ void xhci_free_container_ctx(struct xhci_hcd *xhci, /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); -int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec); +int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); -int xhci_reset(struct xhci_hcd *xhci); +int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us); int xhci_run(struct usb_hcd *hcd); int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks); void xhci_shutdown(struct usb_hcd *hcd);

1 year, 9 months

3
2
0 0

[PATCH 5.15 000/135] 5.15.39-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.39 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 May 2022 13:07:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.39-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.39-rc1 Marek Behún <kabel(a)kernel.org> PCI: aardvark: Update comment about link going down after link-up Marek Behún <kabel(a)kernel.org> PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() Pali Rohár <pali(a)kernel.org> PCI: aardvark: Don't mask irq when mapping Pali Rohár <pali(a)kernel.org> PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Use separate INTA interrupt for emulated root bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for PME requester on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for PME interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for ERR interrupt on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: aardvark: Enable MSI-X support Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix setting MSI address Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for masking MSI interrupts Pali Rohár <pali(a)kernel.org> PCI: aardvark: Refactor unmasking summary MSI interrupt Marek Behún <kabel(a)kernel.org> PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) Marek Behún <kabel(a)kernel.org> PCI: aardvark: Make msi_domain_info structure a static driver structure Marek Behún <kabel(a)kernel.org> PCI: aardvark: Make MSI irq_chip structures static driver structures Pali Rohár <pali(a)kernel.org> PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ Pali Rohár <pali(a)kernel.org> PCI: aardvark: Rewrite IRQ code to chained IRQ handler Pali Rohár <pali(a)kernel.org> PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable common PHY when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable link training when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Assert PERST# when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix memory leak in driver unbind Pali Rohár <pali(a)kernel.org> PCI: aardvark: Mask all interrupts when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Disable bus mastering when unbinding driver Pali Rohár <pali(a)kernel.org> PCI: aardvark: Comment actions in driver remove method Pali Rohár <pali(a)kernel.org> PCI: aardvark: Clear all MSIs at setup Pali Rohár <pali(a)kernel.org> PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge Pali Rohár <pali(a)kernel.org> PCI: pci-bridge-emul: Add definitions for missing capabilities registers Pali Rohár <pali(a)kernel.org> PCI: pci-bridge-emul: Add description for class_revision field Frederic Weisbecker <frederic(a)kernel.org> rcu: Apply callbacks processing time limit only on softirq Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix callbacks processing time limit retaining cond_resched() Helge Deller <deller(a)gmx.de> Revert "parisc: Mark sched_clock unstable only if clocks are not syncronized" Ricky WU <ricky_wu(a)realtek.com> mmc: rtsx: add 74 Clocks in power on flow Sidhartha Kumar <sidhartha.kumar(a)oracle.com> selftest/vm: verify remap destination address in mremap_test Sidhartha Kumar <sidhartha.kumar(a)oracle.com> selftest/vm: verify mmap addr in mremap_test Wanpeng Li <wanpengli(a)tencent.com> KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: Do not change ICR on write to APIC_SELF_IPI Wanpeng Li <wanpengli(a)tencent.com> x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume Thomas Huth <thuth(a)redhat.com> KVM: selftests: Silence compiler warning in the kvm_page_table_test Paolo Bonzini <pbonzini(a)redhat.com> kvm: selftests: do not use bitfields larger than 32-bits for PTEs Hector Martin <marcan(a)marcan.st> iommu/dart: Add missing module owner to ops structure Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Don't skip fib events on current dst Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Fix fib_info pointer assignment Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Lag, Fix use-after-free in fib event handler Aya Levin <ayal(a)nvidia.com> net/mlx5: Fix slab-out-of-bounds while reading resource dump menu Javier Martinez Canillas <javierm(a)redhat.com> fbdev: Make fb_release() return -ENODEV if fbdev was unregistered Sandipan Das <sandipan.das(a)amd.com> kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU Baruch Siach <baruch(a)tkos.co.il> gpio: mvebu: drop pwm base assignment Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/amdgpu: Ensure HDA function is suspended before ASIC reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amdgpu: don't set s3 and s0ix at the same time Mario Limonciello <mario.limonciello(a)amd.com> drm/amdgpu: explicitly check for s0ix when evicting resources Nirmoy Das <nirmoy.das(a)amd.com> drm/amdgpu: unify BO evicting method in amdgpu_ttm Filipe Manana <fdmanana(a)suse.com> btrfs: always log symlinks in full mode Qu Wenruo <wqu(a)suse.com> btrfs: force v2 space cache usage for subpage mount Sergey Shtylyov <s.shtylyov(a)omp.ru> smsc911x: allow using IRQ0 Vladimir Oltean <vladimir.oltean(a)nxp.com> selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix unnecessary dropping of RX packets Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag Ido Schimmel <idosch(a)nvidia.com> selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational David Howells <dhowells(a)redhat.com> rxrpc: Enable IPv6 checksums on transport socket Eric Dumazet <edumazet(a)google.com> mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() Qiao Ma <mqaio(a)linux.alibaba.com> hinic: fix bug of wq out of bound access Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() on failure to update inode when setting xattr Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: remove fail safe mode related code Marc Kleine-Budde <mkl(a)pengutronix.de> selftests/net: so_txtime: usage(): fix documentation of default clock Marc Kleine-Budde <mkl(a)pengutronix.de> selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems Shravya Kumbham <shravya.kumbham(a)xilinx.com> net: emaclite: Add error handling for of_address_to_resource() Eric Dumazet <edumazet(a)google.com> net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() Yang Yingliang <yangyingliang(a)huawei.com> net: cpsw: add missing of_node_put() in cpsw_probe_dt() Niels Dossche <dossche.niels(a)gmail.com> net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller Yang Yingliang <yangyingliang(a)huawei.com> net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() Yang Yingliang <yangyingliang(a)huawei.com> net: dsa: mt7530: add missing of_node_put() in mt7530_setup() Yang Yingliang <yangyingliang(a)huawei.com> net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't invalidate inode attributes on delegation return Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Fix possible crash due to NULL netdev in notifier Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Reduce iWARP QP destroy time Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/siw: Fix a condition race issue in MPA request processing Olga Kornievskaia <kolga(a)netapp.com> SUNRPC release the transport of a relocated task with an assigned transport Jann Horn <jannh(a)google.com> selftests/seccomp: Don't call read() on TTY from background pgrp Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix deadlock in sync reset flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid double clear or set of sync reset requested Mark Zhang <markzhang(a)nvidia.com> net/mlx5e: Fix the calling of update_buffer_lossy() API Paul Blakey <paulb(a)nvidia.com> net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Don't match double-vlan packets if cvlan is not set Moshe Tal <moshet(a)nvidia.com> net/mlx5e: Fix trust state reset in reload Yang Yingliang <yangyingliang(a)huawei.com> iommu/dart: check return value after calling platform_get_resource() Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Drop stop marker messages Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: soc-ops: fix error handling Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: dmaengine: Restore NULL prepare_slave_config() callback Adam Wujek <dev_public(a)wujek.eu> hwmon: (pmbus) disable PEC if not enabled Armin Wolf <W_Armin(a)gmx.de> hwmon: (adt7470) Fix warning on module removal Puyou Lu <puyou.lu(a)gmail.com> gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) Nobuhiro Iwamatsu <nobuhiro1.iwamatsu(a)toshiba.co.jp> gpio: visconti: Fix fwnode of GPIO IRQ Duoming Zhou <duoming(a)zju.edu.cn> NFC: netlink: fix sleep in atomic bug when firmware download timeout Duoming Zhou <duoming(a)zju.edu.cn> nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs Duoming Zhou <duoming(a)zju.edu.cn> nfc: replace improper check device_is_registered() in netlink related functions Andreas Larsson <andreas(a)gaisler.com> can: grcan: only use the NAPI poll budget for RX Andreas Larsson <andreas(a)gaisler.com> can: grcan: grcan_probe(): fix broken system id check for errata workaround needs Daniel Hellstrom <daniel(a)gaisler.com> can: grcan: use ofdev->dev when allocating DMA memory Oliver Hartkopp <socketcan(a)hartkopp.net> can: isotp: remove re-binding of bound socket Duoming Zhou <duoming(a)zju.edu.cn> can: grcan: grcan_close(): fix deadlock Jan Höppner <hoeppner(a)linux.ibm.com> s390/dasd: Fix read inconsistency for ESE DASD devices Jan Höppner <hoeppner(a)linux.ibm.com> s390/dasd: Fix read for ESE with blksize < 4k Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: prevent double format of tracks for ESE devices Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix data corruption for ESE devices Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for AUI CODEC mux Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for G12A tohdmi mux Mark Brown <broonie(a)kernel.org> ASoC: meson: Fix event generation for AUI ACODEC mux Mark Brown <broonie(a)kernel.org> ASoC: wm8958: Fix change notifications for DSP controls Mark Brown <broonie(a)kernel.org> ASoC: da7219: Fix change notifications for tone generator frequency Thomas Pfaff <tpfaff(a)pcs.com> genirq: Synchronize interrupt thread startup Tan Tee Min <tee.min.tan(a)linux.intel.com> net: stmmac: disable Split Header (SPH) for Intel platforms Niels Dossche <dossche.niels(a)gmail.com> firewire: core: extend card->lock in fw_core_handle_bus_reset Jakob Koschel <jakobkoschel(a)gmail.com> firewire: remove check of list iterator against head past the loop body Chengfeng Ye <cyeaa(a)connect.ust.hk> firewire: fix potential uaf in outbound_phy_packet_callback() Kurt Kanzenbach <kurt(a)linutronix.de> timekeeping: Mark NMI safe time accessors as notrace Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "SUNRPC: attempt AF_LOCAL connect on setup" Nick Kossifidis <mick(a)ics.forth.gr> RISC-V: relocate DTB if it's outside memory region Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> drm/amdgpu: do not use passthrough mode in Xen dom0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() David Stevens <stevensd(a)chromium.org> iommu/vt-d: Calculate mask for non-aligned flushes Kyle Huey <me(a)kylehuey.com> KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id Thomas Gleixner <tglx(a)linutronix.de> x86/fpu: Prevent FPU state corruption Andrei Lalaev <andrei.lalaev(a)emlid.com> gpiolib: of: fix bounds check for 'gpio-reserved-ranges' Brian Norris <briannorris(a)chromium.org> mmc: core: Set HS clock speed before sending HS CMD13 Samuel Holland <samuel(a)sholland.org> mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits Shaik Sajida Bhanu <quic_c_sbhanu(a)quicinc.com> mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes Zihao Wang <wzhd(a)ustc.edu> ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers Helge Deller <deller(a)gmx.de> parisc: Merge model and model name into one line in /proc/cpuinfo Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Fix CP0 counter erratum detection for R4k CPUs ------------- Diffstat: Makefile | 4 +- arch/mips/include/asm/timex.h | 8 +- arch/mips/kernel/time.c | 11 +- arch/parisc/kernel/processor.c | 3 +- arch/parisc/kernel/setup.c | 2 + arch/parisc/kernel/time.c | 6 +- arch/riscv/mm/init.c | 21 +- arch/x86/kernel/fpu/core.c | 67 ++-- arch/x86/kernel/kvm.c | 13 + arch/x86/kvm/cpuid.c | 5 + arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/mmu/mmu.c | 2 + arch/x86/kvm/svm/pmu.c | 28 +- drivers/firewire/core-card.c | 3 + drivers/firewire/core-cdev.c | 4 +- drivers/firewire/core-topology.c | 9 +- drivers/firewire/core-transaction.c | 30 +- drivers/firewire/sbp2.c | 13 +- drivers/gpio/gpio-mvebu.c | 7 - drivers/gpio/gpio-pca953x.c | 4 +- drivers/gpio/gpio-visconti.c | 7 +- drivers/gpio/gpiolib-of.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 24 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 23 -- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 30 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 6 - drivers/gpu/drm/msm/dp/dp_panel.c | 11 - drivers/gpu/drm/msm/dp/dp_panel.h | 1 - drivers/hwmon/adt7470.c | 4 +- drivers/hwmon/pmbus/pmbus_core.c | 3 + drivers/infiniband/hw/irdma/cm.c | 26 +- drivers/infiniband/hw/irdma/utils.c | 21 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/sw/siw/siw_cm.c | 7 +- drivers/iommu/apple-dart.c | 10 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 9 +- drivers/iommu/intel/iommu.c | 27 +- drivers/iommu/intel/svm.c | 4 + drivers/mmc/core/mmc.c | 23 +- drivers/mmc/host/rtsx_pci_sdmmc.c | 29 +- drivers/mmc/host/sdhci-msm.c | 42 ++ drivers/mmc/host/sunxi-mmc.c | 5 +- drivers/net/can/grcan.c | 46 +-- drivers/net/dsa/mt7530.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 7 +- drivers/net/ethernet/mediatek/mtk_sgmii.c | 1 + .../ethernet/mellanox/mlx5/core/diag/rsc_dump.c | 31 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 60 +-- drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 38 +- drivers/net/ethernet/mellanox/mlx5/core/lag_mp.h | 7 +- drivers/net/ethernet/smsc/smsc911x.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/ti/cpsw_new.c | 5 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 15 +- drivers/net/mdio/mdio-mux-bcm6368.c | 2 +- drivers/nfc/nfcmrvl/main.c | 2 +- drivers/pci/controller/pci-aardvark.c | 428 ++++++++++++++++----- drivers/pci/pci-bridge-emul.c | 49 ++- drivers/s390/block/dasd.c | 18 +- drivers/s390/block/dasd_eckd.c | 28 +- drivers/s390/block/dasd_int.h | 14 + drivers/video/fbdev/core/fbmem.c | 5 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/tree-log.c | 14 +- fs/btrfs/xattr.c | 6 +- fs/nfs/nfs4proc.c | 12 +- include/linux/stmmac.h | 1 + kernel/irq/internals.h | 2 + kernel/irq/irqdesc.c | 2 + kernel/irq/manage.c | 39 +- kernel/rcu/tree.c | 31 +- kernel/time/timekeeping.c | 4 +- net/can/isotp.c | 22 +- net/ipv4/igmp.c | 9 +- net/ipv6/mcast.c | 8 +- net/nfc/core.c | 29 +- net/nfc/netlink.c | 4 +- net/rxrpc/local_object.c | 3 + net/sunrpc/clnt.c | 11 +- net/sunrpc/xprtsock.c | 3 - sound/firewire/fireworks/fireworks_hwdep.c | 1 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/da7219.c | 14 +- sound/soc/codecs/wm8958-dsp2.c | 8 +- sound/soc/meson/aiu-acodec-ctrl.c | 2 +- sound/soc/meson/aiu-codec-ctrl.c | 2 +- sound/soc/meson/g12a-tohdmitx.c | 2 +- sound/soc/soc-generic-dmaengine-pcm.c | 6 +- sound/soc/soc-ops.c | 2 +- .../drivers/net/ocelot/tc_flower_chains.sh | 2 +- .../selftests/kvm/include/x86_64/processor.h | 15 + tools/testing/selftests/kvm/kvm_page_table_test.c | 2 +- tools/testing/selftests/kvm/lib/x86_64/processor.c | 192 ++++----- .../net/forwarding/mirror_gre_bridge_1q.sh | 3 + tools/testing/selftests/net/so_txtime.c | 4 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 10 +- tools/testing/selftests/vm/mremap_test.c | 53 +++ 110 files changed, 1293 insertions(+), 656 deletions(-)

1 year, 9 months

15
150
0 0

FAILED: patch "[PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e8e79c416aae1de224c0f1860f2e3350fa171f8 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Thu, 17 Mar 2022 08:57:35 +0100 Subject: [PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. Fixes: 80646733f11c ("can: m_can: update to support CAN FD features") Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de Cc: stable(a)vger.kernel.org Reported-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 1a4b56f6fa8c..b3b5bc1c803b 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -1637,8 +1637,6 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) if (err) goto out_fail; - can_put_echo_skb(skb, dev, 0, 0); - if (cdev->can.ctrlmode & CAN_CTRLMODE_FD) { cccr = m_can_read(cdev, M_CAN_CCCR); cccr &= ~CCCR_CMR_MASK; @@ -1655,6 +1653,9 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) m_can_write(cdev, M_CAN_CCCR, cccr); } m_can_write(cdev, M_CAN_TXBTIE, 0x1); + + can_put_echo_skb(skb, dev, 0, 0); + m_can_write(cdev, M_CAN_TXBAR, 0x1); /* End of xmit function for version 3.0.x */ } else {

1 year, 9 months

2
1
0 0

FAILED: patch "[PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e8e79c416aae1de224c0f1860f2e3350fa171f8 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Thu, 17 Mar 2022 08:57:35 +0100 Subject: [PATCH] can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. Fixes: 80646733f11c ("can: m_can: update to support CAN FD features") Link: https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de Cc: stable(a)vger.kernel.org Reported-by: Hangyu Hua <hbh25y(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 1a4b56f6fa8c..b3b5bc1c803b 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -1637,8 +1637,6 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) if (err) goto out_fail; - can_put_echo_skb(skb, dev, 0, 0); - if (cdev->can.ctrlmode & CAN_CTRLMODE_FD) { cccr = m_can_read(cdev, M_CAN_CCCR); cccr &= ~CCCR_CMR_MASK; @@ -1655,6 +1653,9 @@ static netdev_tx_t m_can_tx_handler(struct m_can_classdev *cdev) m_can_write(cdev, M_CAN_CCCR, cccr); } m_can_write(cdev, M_CAN_TXBTIE, 0x1); + + can_put_echo_skb(skb, dev, 0, 0); + m_can_write(cdev, M_CAN_TXBAR, 0x1); /* End of xmit function for version 3.0.x */ } else {

1 year, 9 months

2
1
0 0

FAILED: patch "[PATCH] mm: invalidate hwpoison page cache page in fault path" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e53ac7374e64dede04d745ff0e70ff5048378d1f Mon Sep 17 00:00:00 2001 From: Rik van Riel <riel(a)surriel.com> Date: Tue, 22 Mar 2022 14:44:09 -0700 Subject: [PATCH] mm: invalidate hwpoison page cache page in fault path Sometimes the page offlining code can leave behind a hwpoisoned clean page cache page. This can lead to programs being killed over and over and over again as they fault in the hwpoisoned page, get killed, and then get re-spawned by whatever wanted to run them. This is particularly embarrassing when the page was offlined due to having too many corrected memory errors. Now we are killing tasks due to them trying to access memory that probably isn't even corrupted. This problem can be avoided by invalidating the page from the page fault handler, which already has a branch for dealing with these kinds of pages. With this patch we simply pretend the page fault was successful if the page was invalidated, return to userspace, incur another page fault, read in the file from disk (to a new memory page), and then everything works again. Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Reviewed-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index c96281458c83..1a55b4c5b5db 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3877,11 +3877,16 @@ static vm_fault_t __do_fault(struct vm_fault *vmf) return ret; if (unlikely(PageHWPoison(vmf->page))) { - if (ret & VM_FAULT_LOCKED) + vm_fault_t poisonret = VM_FAULT_HWPOISON; + if (ret & VM_FAULT_LOCKED) { + /* Retry if a clean page was removed from the cache. */ + if (invalidate_inode_page(vmf->page)) + poisonret = 0; unlock_page(vmf->page); + } put_page(vmf->page); vmf->page = NULL; - return VM_FAULT_HWPOISON; + return poisonret; } if (unlikely(!(ret & VM_FAULT_LOCKED)))

1 year, 9 months

2
1
0 0

[PATCH] tracing/histograms: Simplify create_hist_fields()

by Zheng Yejian

When I look into implements of create_hist_fields(), I think there can be following two simplifications: 1. If something wrong happened in parse_var_defs(), free_var_defs() would have been called in it, so no need goto free again after calling it; 2. After calling create_key_fields(), regardless of the value of 'ret', it then always runs into 'out: ', so the judge of 'ret' is redundant. No functional changes. Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> --- kernel/trace/trace_events_hist.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 2784951e0fc8..832c4ccf41ab 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -4454,7 +4454,7 @@ static int create_hist_fields(struct hist_trigger_data *hist_data, ret = parse_var_defs(hist_data); if (ret) - goto out; + return ret; ret = create_val_fields(hist_data, file); if (ret) @@ -4465,8 +4465,7 @@ static int create_hist_fields(struct hist_trigger_data *hist_data, goto out; ret = create_key_fields(hist_data, file); - if (ret) - goto out; + out: free_var_defs(hist_data); -- 2.32.0

1 year, 9 months

5
6
0 0

[PATCH] Revert "tracing: fix double free"

by Zheng Yejian

This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 ("tracing: fix double free") said, the "double free" problem reported by clang static analyzer is: > In parse_var_defs() if there is a problem allocating > var_defs.expr, the earlier var_defs.name is freed. > This free is duplicated by free_var_defs() which frees > the rest of the list. However, if there is a problem allocating N-th var_defs.expr: + in parse_var_defs(), the freed 'earlier var_defs.name' is actually the N-th var_defs.name; + then in free_var_defs(), the names from 0th to (N-1)-th are freed; IF ALLOCATING PROBLEM HAPPENED HERE!!! -+ \ | 0th 1th (N-1)-th N-th V +-------------+-------------+-----+-------------+----------- var_defs: | name | expr | name | expr | ... | name | expr | name | /// +-------------+-------------+-----+-------------+----------- These two frees don't act on same name, so there was no "double free" problem before. Conversely, after that commit, we get a "memory leak" problem because the above "N-th var_defs.name" is not freed. If enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th var_defs.expr allocated, then execute on shell like: $ echo 'hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc' > \ /sys/kernel/debug/tracing/events/kmem/kmalloc/trigger Then kmemleak reports: unreferenced object 0xffff8fb100ef3518 (size 8): comm "bash", pid 196, jiffies 4295681690 (age 28.538s) hex dump (first 8 bytes): 76 31 00 00 b1 8f ff ff v1...... backtrace: [<0000000038fe4895>] kstrdup+0x2d/0x60 [<00000000c99c049a>] event_hist_trigger_parse+0x206f/0x20e0 [<00000000ae70d2cc>] trigger_process_regex+0xc0/0x110 [<0000000066737a4c>] event_trigger_write+0x75/0xd0 [<000000007341e40c>] vfs_write+0xbb/0x2a0 [<0000000087fde4c2>] ksys_write+0x59/0xd0 [<00000000581e9cdf>] do_syscall_64+0x3a/0x80 [<00000000cf3b065c>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Cc: stable(a)vger.kernel.org Fixes: 46bbe5c671e0 ("tracing: fix double free") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> --- kernel/trace/trace_events_hist.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 48e82e141d54..2784951e0fc8 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -4430,6 +4430,7 @@ static int parse_var_defs(struct hist_trigger_data *hist_data) s = kstrdup(field_str, GFP_KERNEL); if (!s) { + kfree(hist_data->attrs->var_defs.name[n_vars]); ret = -ENOMEM; goto free; } -- 2.32.0

1 year, 9 months

3
6
0 0

[PATCH] PCI/AER: Iterate over error counters instead of error strings

by Mohamed Khalfella

PCI AER stats counters sysfs attributes need to iterate over stats counters instead of stats names. Also, added a build time check to make sure all counters have entries in strings array. Fixes: 0678e3109a3c ("PCI/AER: Simplify __aer_print_error()") Cc: stable(a)vger.kernel.org Reported-by: Meeta Saggi <msaggi(a)purestorage.com> Signed-off-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Reviewed-by: Meeta Saggi <msaggi(a)purestorage.com> Reviewed-by: Eric Badger <ebadger(a)purestorage.com> --- drivers/pci/pcie/aer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c index 9fa1f97e5b27..ce99a6d44786 100644 --- a/drivers/pci/pcie/aer.c +++ b/drivers/pci/pcie/aer.c @@ -533,7 +533,7 @@ static const char *aer_agent_string[] = { u64 *stats = pdev->aer_stats->stats_array; \ size_t len = 0; \ \ - for (i = 0; i < ARRAY_SIZE(strings_array); i++) { \ + for (i = 0; i < ARRAY_SIZE(pdev->aer_stats->stats_array); i++) {\ if (strings_array[i]) \ len += sysfs_emit_at(buf, len, "%s %llu\n", \ strings_array[i], \ @@ -1342,6 +1342,11 @@ static int aer_probe(struct pcie_device *dev) struct device *device = &dev->device; struct pci_dev *port = dev->port; + BUILD_BUG_ON(ARRAY_SIZE(aer_correctable_error_string) < + AER_MAX_TYPEOF_COR_ERRS); + BUILD_BUG_ON(ARRAY_SIZE(aer_uncorrectable_error_string) < + AER_MAX_TYPEOF_UNCOR_ERRS); + /* Limit to Root Ports or Root Complex Event Collectors */ if ((pci_pcie_type(port) != PCI_EXP_TYPE_RC_EC) && (pci_pcie_type(port) != PCI_EXP_TYPE_ROOT_PORT)) -- 2.29.0

1 year, 9 months

2
7
0 0

[PATCH v3 1/3] crypto: qat - use pre-allocated buffers in datapath

by Giovanni Cabiddu

In order to do DMAs, the QAT device requires that the scatterlist structures are mapped and translated into a format that the firmware can understand. This is defined as the composition of a scatter gather list (SGL) descriptor header, the struct qat_alg_buf_list, plus a variable number of flat buffer descriptors, the struct qat_alg_buf. The allocation and mapping of these data structures is done each time a request is received from the skcipher and aead APIs. In an OOM situation, this behaviour might lead to a dead-lock if an allocation fails. Based on the conversation in [1], increase the size of the aead and skcipher request contexts to include an SGL descriptor that can handle a maximum of 4 flat buffers. If requests exceed 4 entries buffers, memory is allocated dynamically. In addition, remove the CRYPTO_ALG_ALLOCATES_MEMORY flag from both aead and skcipher alg structures. [1] https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.or… Cc: stable(a)vger.kernel.org Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") Reported-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Reviewed-by: Marco Chiappero <marco.chiappero(a)intel.com> Reviewed-by: Wojciech Ziemba <wojciech.ziemba(a)intel.com> --- drivers/crypto/qat/qat_common/qat_algs.c | 77 ++++++++++++---------- drivers/crypto/qat/qat_common/qat_crypto.h | 24 +++++++ 2 files changed, 67 insertions(+), 34 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index f998ed58457c..b9228f3a26de 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -46,19 +46,6 @@ static DEFINE_MUTEX(algs_lock); static unsigned int active_devs; -struct qat_alg_buf { - u32 len; - u32 resrvd; - u64 addr; -} __packed; - -struct qat_alg_buf_list { - u64 resrvd; - u32 num_bufs; - u32 num_mapped_bufs; - struct qat_alg_buf bufers[]; -} __packed __aligned(64); - /* Common content descriptor */ struct qat_alg_cd { union { @@ -693,7 +680,10 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst, bl->bufers[i].len, DMA_BIDIRECTIONAL); dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE); - kfree(bl); + + if (!qat_req->buf.sgl_src_valid) + kfree(bl); + if (blp != blpout) { /* If out of place operation dma unmap only data */ int bufless = blout->num_bufs - blout->num_mapped_bufs; @@ -704,7 +694,9 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst, DMA_BIDIRECTIONAL); } dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE); - kfree(blout); + + if (!qat_req->buf.sgl_dst_valid) + kfree(blout); } } @@ -721,15 +713,24 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, dma_addr_t blp = DMA_MAPPING_ERROR; dma_addr_t bloutp = DMA_MAPPING_ERROR; struct scatterlist *sg; - size_t sz_out, sz = struct_size(bufl, bufers, n + 1); + size_t sz_out, sz = struct_size(bufl, bufers, n); + int node = dev_to_node(&GET_DEV(inst->accel_dev)); if (unlikely(!n)) return -EINVAL; - bufl = kzalloc_node(sz, GFP_ATOMIC, - dev_to_node(&GET_DEV(inst->accel_dev))); - if (unlikely(!bufl)) - return -ENOMEM; + qat_req->buf.sgl_src_valid = false; + qat_req->buf.sgl_dst_valid = false; + + if (n > QAT_MAX_BUFF_DESC) { + bufl = kzalloc_node(sz, GFP_ATOMIC, node); + if (unlikely(!bufl)) + return -ENOMEM; + } else { + bufl = &qat_req->buf.sgl_src.sgl_hdr; + memset(bufl, 0, sizeof(struct qat_alg_buf_list)); + qat_req->buf.sgl_src_valid = true; + } for_each_sg(sgl, sg, n, i) bufl->bufers[i].addr = DMA_MAPPING_ERROR; @@ -760,12 +761,18 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, struct qat_alg_buf *bufers; n = sg_nents(sglout); - sz_out = struct_size(buflout, bufers, n + 1); + sz_out = struct_size(buflout, bufers, n); sg_nctr = 0; - buflout = kzalloc_node(sz_out, GFP_ATOMIC, - dev_to_node(&GET_DEV(inst->accel_dev))); - if (unlikely(!buflout)) - goto err_in; + + if (n > QAT_MAX_BUFF_DESC) { + buflout = kzalloc_node(sz_out, GFP_ATOMIC, node); + if (unlikely(!buflout)) + goto err_in; + } else { + buflout = &qat_req->buf.sgl_dst.sgl_hdr; + memset(buflout, 0, sizeof(struct qat_alg_buf_list)); + qat_req->buf.sgl_dst_valid = true; + } bufers = buflout->bufers; for_each_sg(sglout, sg, n, i) @@ -810,7 +817,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, dma_unmap_single(dev, buflout->bufers[i].addr, buflout->bufers[i].len, DMA_BIDIRECTIONAL); - kfree(buflout); + + if (!qat_req->buf.sgl_dst_valid) + kfree(buflout); err_in: if (!dma_mapping_error(dev, blp)) @@ -823,7 +832,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, bufl->bufers[i].len, DMA_BIDIRECTIONAL); - kfree(bufl); + if (!qat_req->buf.sgl_src_valid) + kfree(bufl); dev_err(dev, "Failed to map buf for dma\n"); return -ENOMEM; @@ -1434,7 +1444,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha1),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha1", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1451,7 +1461,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha256),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha256", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1468,7 +1478,7 @@ static struct aead_alg qat_aeads[] = { { .cra_name = "authenc(hmac(sha512),cbc(aes))", .cra_driver_name = "qat_aes_cbc_hmac_sha512", .cra_priority = 4001, - .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .cra_flags = CRYPTO_ALG_ASYNC, .cra_blocksize = AES_BLOCK_SIZE, .cra_ctxsize = sizeof(struct qat_alg_aead_ctx), .cra_module = THIS_MODULE, @@ -1486,7 +1496,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "cbc(aes)", .base.cra_driver_name = "qat_aes_cbc", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC, .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, @@ -1504,7 +1514,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "ctr(aes)", .base.cra_driver_name = "qat_aes_ctr", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC, .base.cra_blocksize = 1, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, @@ -1522,8 +1532,7 @@ static struct skcipher_alg qat_skciphers[] = { { .base.cra_name = "xts(aes)", .base.cra_driver_name = "qat_aes_xts", .base.cra_priority = 4001, - .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK | - CRYPTO_ALG_ALLOCATES_MEMORY, + .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct qat_alg_skcipher_ctx), .base.cra_alignmask = 0, diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h index b6a4c95ae003..0928f159ea99 100644 --- a/drivers/crypto/qat/qat_common/qat_crypto.h +++ b/drivers/crypto/qat/qat_common/qat_crypto.h @@ -21,6 +21,26 @@ struct qat_crypto_instance { atomic_t refctr; }; +#define QAT_MAX_BUFF_DESC 4 + +struct qat_alg_buf { + u32 len; + u32 resrvd; + u64 addr; +} __packed; + +struct qat_alg_buf_list { + u64 resrvd; + u32 num_bufs; + u32 num_mapped_bufs; + struct qat_alg_buf bufers[]; +} __packed; + +struct qat_alg_fixed_buf_list { + struct qat_alg_buf_list sgl_hdr; + struct qat_alg_buf descriptors[QAT_MAX_BUFF_DESC]; +} __packed __aligned(64); + struct qat_crypto_request_buffs { struct qat_alg_buf_list *bl; dma_addr_t blp; @@ -28,6 +48,10 @@ struct qat_crypto_request_buffs { dma_addr_t bloutp; size_t sz; size_t sz_out; + bool sgl_src_valid; + bool sgl_dst_valid; + struct qat_alg_fixed_buf_list sgl_src; + struct qat_alg_fixed_buf_list sgl_dst; }; struct qat_crypto_request; -- 2.35.1

1 year, 9 months

3
4
0 0

[PATCH] media: flexcop-usb: fix endpoint type check

by Johan Hovold

Commit d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint type") tried to add an endpoint type sanity check for the single isochronous endpoint but instead broke the driver by checking the wrong descriptor or random data beyond the last endpoint descriptor. Make sure to check the right endpoint descriptor. Fixes: d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint type") Cc: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org # 5.9 Reported-by: Dongliang Mu <mudongliangabcd(a)gmail.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/media/usb/b2c2/flexcop-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c index 7835bb0f32fc..e012b21c4fd7 100644 --- a/drivers/media/usb/b2c2/flexcop-usb.c +++ b/drivers/media/usb/b2c2/flexcop-usb.c @@ -511,7 +511,7 @@ static int flexcop_usb_init(struct flexcop_usb *fc_usb) if (fc_usb->uintf->cur_altsetting->desc.bNumEndpoints < 1) return -ENODEV; - if (!usb_endpoint_is_isoc_in(&fc_usb->uintf->cur_altsetting->endpoint[1].desc)) + if (!usb_endpoint_is_isoc_in(&fc_usb->uintf->cur_altsetting->endpoint[0].desc)) return -ENODEV; switch (fc_usb->udev->speed) { -- 2.35.1

1 year, 9 months

1
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2022