| 3a3c5ab | Linus Torvalds | 04 June 2021, 16:30:23 UTC | Merge tag 'drm-fixes-2021-06-04-1' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Two big regression reverts in here, one for fbdev and one i915. Otherwise it's mostly amdgpu display fixes, and tegra fixes. fb: - revert broken fb_defio patch amdgpu: - Display fixes - FRU EEPROM error handling fix - RAS fix - PSP fix - Releasing pinned BO fix i915: - Revert conversion to io_mapping_map_user() which lead to BUG_ON() - Fix check for error valued returns in a selftest tegra: - SOR power domain race condition fix - build warning fix - runtime pm ref leak fix - modifier fix" * tag 'drm-fixes-2021-06-04-1' of git://anongit.freedesktop.org/drm/drm: amd/display: convert DRM_DEBUG_ATOMIC to drm_dbg_atomic drm/amdgpu: make sure we unpin the UVD BO drm/amd/amdgpu:save psp ring wptr to avoid attack drm/amd/display: Fix potential memory leak in DMUB hw_init drm/amdgpu: Don't query CE and UE errors drm/amd/display: Fix overlay validation by considering cursors drm/amdgpu: refine amdgpu_fru_get_product_info drm/amdgpu: add judgement for dc support drm/amd/display: Fix GPU scaling regression by FS video support drm/amd/display: Allow bandwidth validation for 0 streams. Revert "i915: use io_mapping_map_user" drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() Revert "fb_defio: Remove custom address_space_operations" drm/tegra: Correct DRM_FORMAT_MOD_NVIDIA_SECTOR_LAYOUT drm/tegra: sor: Fix AUX device reference leak drm/tegra: Get ref for DP AUX channel, not its ddc adapter drm/tegra: Fix shift overflow in tegra_shared_plane_atomic_update drm/tegra: sor: Fully initialize SOR before registration gpu: host1x: Split up client initalization and registration drm/tegra: sor: Do not leak runtime PM reference | 04 June 2021, 16:30:23 UTC |
| 37e2f2e | Dave Airlie | 04 June 2021, 00:23:23 UTC | Merge tag 'drm/tegra/for-5.13-rc5' of ssh://git.freedesktop.org/git/tegra/linux into drm-fixes drm/tegra: Fixes for v5.13-rc5 The most important change here fixes a race condition that causes either HDA or (more frequently) display to malfunction because they race for enabling the SOR power domain at probe time. Other than that, there's a couple of build warnings for issues introduced in v5.13 as well as some minor fixes, such as reference leak plugs. Signed-off-by: Dave Airlie <airlied@redhat.com> From: Thierry Reding <thierry.reding@gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210603144624.788861-1-thierry.reding@gmail.com | 04 June 2021, 00:23:57 UTC |
| d6273d8 | Dave Airlie | 03 June 2021, 23:45:15 UTC | Merge tag 'amd-drm-fixes-5.13-2021-06-02' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-5.13-2021-06-02: amdgpu: - Display fixes - FRU EEPROM error handling fix - RAS fix - PSP fix - Releasing pinned BO fix Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210603040410.4080-1-alexander.deucher@amd.com | 03 June 2021, 23:45:15 UTC |
| ff7a24a | Dave Airlie | 03 June 2021, 21:29:25 UTC | Merge tag 'drm-intel-fixes-2021-06-03' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes drm/i915 fixes for v5.13-rc5: - Revert conversion to io_mapping_map_user() which lead to BUG_ON() - Fix check for error valued returns in a selftest Signed-off-by: Dave Airlie <airlied@redhat.com> From: Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/87lf7rpcmp.fsf@intel.com | 03 June 2021, 21:29:26 UTC |
| 59dda70 | Dave Airlie | 03 June 2021, 21:29:00 UTC | Merge tag 'drm-misc-fixes-2021-06-03' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes One fix for a fb_defio breakage Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <maxime@cerno.tech> Link: https://patchwork.freedesktop.org/patch/msgid/20210603085321.l5l6flslj632yqse@gilmour | 03 June 2021, 21:29:08 UTC |
| f88cd3f | Linus Torvalds | 03 June 2021, 18:52:24 UTC | Merge tag 'vfio-v5.13-rc5' of git://github.com/awilliam/linux-vfio Pull VFIO fixes from Alex Williamson: - Fix error path return value (Zhen Lei) - Add vfio-pci CONFIG_MMU dependency (Randy Dunlap) - Replace open coding with struct_size() (Gustavo A. R. Silva) - Fix sample driver error path (Wei Yongjun) - Fix vfio-platform error path module_put() (Max Gurtovoy) * tag 'vfio-v5.13-rc5' of git://github.com/awilliam/linux-vfio: vfio/platform: fix module_put call in error flow samples: vfio-mdev: fix error handing in mdpy_fb_probe() vfio/iommu_type1: Use struct_size() for kzalloc() vfio/pci: zap_vma_ptes() needs MMU vfio/pci: Fix error return code in vfio_ecap_init() | 03 June 2021, 18:52:24 UTC |
| 143d28d | Linus Torvalds | 03 June 2021, 18:47:08 UTC | Merge tag 'block-5.13-2021-06-03' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "NVMe fixes from Christoph: - Fix corruption in RDMA in-capsule SGLs (Sagi Grimberg) - nvme-loop reset fixes (Hannes Reinecke) - nvmet fix for freeing unallocated p2pmem (Max Gurtovoy)" * tag 'block-5.13-2021-06-03' of git://git.kernel.dk/linux-block: nvmet: fix freeing unallocated p2pmem nvme-loop: do not warn for deleted controllers during reset nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() nvme-rdma: fix in-casule data send for chained sgls | 03 June 2021, 18:47:08 UTC |
| ec95502 | Linus Torvalds | 03 June 2021, 18:41:00 UTC | Merge tag 'io_uring-5.13-2021-06-03' of git://git.kernel.dk/linux-block Pull io_uring fix from Jens Axboe: "Just a single one-liner fix for an accounting regression in this release" * tag 'io_uring-5.13-2021-06-03' of git://git.kernel.dk/linux-block: io_uring: fix misaccounting fix buf pinned pages | 03 June 2021, 18:41:00 UTC |
| fd2ff27 | Linus Torvalds | 03 June 2021, 18:37:14 UTC | Merge tag 'for-5.13-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: "Error handling improvements, caught by error injection: - handle errors during checksum deletion - set error on mapping when ordered extent io cannot be finished - inode link count fixup in tree-log - missing return value checks for inode updates in tree-log - abort transaction in rename exchange if adding second reference fails Fixes: - fix fsync failure after writes to prealloc extents - fix deadlock when cloning inline extents and low on available space - fix compressed writes that cross stripe boundary" * tag 'for-5.13-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: MAINTAINERS: add btrfs IRC link btrfs: fix deadlock when cloning inline extents and low on available space btrfs: fix fsync failure and transaction abort after writes to prealloc extents btrfs: abort in rename_exchange if we fail to insert the second ref btrfs: check error value from btrfs_update_inode in tree log btrfs: fixup error handling in fixup_inode_link_counts btrfs: mark ordered extent and inode with error if we fail to finish btrfs: return errors from btrfs_del_csums in cleanup_ref_head btrfs: fix error handling in btrfs_del_csums btrfs: fix compressed writes that cross stripe boundary | 03 June 2021, 18:37:14 UTC |
| e369edb | Jens Axboe | 03 June 2021, 13:42:27 UTC | Merge tag 'nvme-5.13-2021-06-03' of git://git.infradead.org/nvme into block-5.13 Pull NVMe fixes from Christoph: "nvme fixes for Linux 5.13: - fix corruption in RDMA in-capsule SGLs (Sagi Grimberg) - nvme-loop reset fixes (Hannes Reinecke) - nvmet fix for freeing unallocated p2pmem (Max Gurtovoy)" * tag 'nvme-5.13-2021-06-03' of git://git.infradead.org/nvme: nvmet: fix freeing unallocated p2pmem nvme-loop: do not warn for deleted controllers during reset nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() nvme-rdma: fix in-casule data send for chained sgls | 03 June 2021, 13:42:27 UTC |
| 503d1ac | David Sterba | 03 June 2021, 13:36:52 UTC | MAINTAINERS: add btrfs IRC link We haven't had an IRC link before but now it's a good time to announce where to reach the community. Signed-off-by: David Sterba <dsterba@suse.com> | 03 June 2021, 13:40:38 UTC |
| e7591a8 | Simon Ser | 26 May 2021, 13:55:50 UTC | amd/display: convert DRM_DEBUG_ATOMIC to drm_dbg_atomic This allows to tie the log message to a specific DRM device. Signed-off-by: Simon Ser <contact@emersion.fr> Cc: Alex Deucher <alexander.deucher@amd.com> Cc: Harry Wentland <hwentlan@amd.com> Cc: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Reviewed-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:58:11 UTC |
| 0743860 | Nirmoy Das | 28 May 2021, 14:54:16 UTC | drm/amdgpu: make sure we unpin the UVD BO Releasing pinned BOs is illegal now. UVD 6 was missing from: commit 2f40801dc553 ("drm/amdgpu: make sure we unpin the UVD BO") Fixes: 2f40801dc553 ("drm/amdgpu: make sure we unpin the UVD BO") Cc: stable@vger.kernel.org Signed-off-by: Nirmoy Das <nirmoy.das@amd.com> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:57:07 UTC |
| 2370eba | Victor Zhao | 18 March 2021, 05:44:35 UTC | drm/amd/amdgpu:save psp ring wptr to avoid attack [Why] When some tools performing psp mailbox attack, the readback value of register can be a random value which may break psp. [How] Use a psp wptr cache machanism to aovid the change made by attack. v2: unify change and add detailed reason Signed-off-by: Victor Zhao <Victor.Zhao@amd.com> Signed-off-by: Jingwen Chen <Jingwen.Chen2@amd.com> Reviewed-by: Monk Liu <monk.liu@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:56:03 UTC |
| c5699e2 | Roman Li | 10 May 2021, 15:58:54 UTC | drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resume scenarios. [How] Allocate memory for the DC wrapper to DMUB only if it was not allocated before. No need to reallocate it on suspend/resume. Signed-off-by: Lang Yu <Lang.Yu@amd.com> Signed-off-by: Roman Li <roman.li@amd.com> Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com> Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com> Tested-by: Daniel Wheeler <daniel.wheeler@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:55:10 UTC |
| dce3d8e | Luben Tuikov | 12 May 2021, 16:33:23 UTC | drm/amdgpu: Don't query CE and UE errors On QUERY2 IOCTL don't query counts of correctable and uncorrectable errors, since when RAS is enabled and supported on Vega20 server boards, this takes insurmountably long time, in O(n^3), which slows the system down to the point of it being unusable when we have GUI up. Fixes: ae363a212b14 ("drm/amdgpu: Add a new flag to AMDGPU_CTX_OP_QUERY_STATE2") Cc: Alexander Deucher <Alexander.Deucher@amd.com> Cc: stable@vger.kernel.org Signed-off-by: Luben Tuikov <luben.tuikov@amd.com> Reviewed-by: Alexander Deucher <Alexander.Deucher@amd.com> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:52:38 UTC |
| 33f409e | Rodrigo Siqueira | 14 May 2021, 11:47:34 UTC | drm/amd/display: Fix overlay validation by considering cursors A few weeks ago, we saw a two cursor issue in a ChromeOS system. We fixed it in the commit: drm/amd/display: Fix two cursor duplication when using overlay (read the commit message for more details) After this change, we noticed that some IGT subtests related to kms_plane and kms_plane_scaling started to fail. After investigating this issue, we noticed that all subtests that fail have a primary plane covering the overlay plane, which is currently rejected by amdgpu dm. Fail those IGT tests highlight that our verification was too broad and compromises the overlay usage in our drive. This patch fixes this issue by ensuring that we only reject commits where the primary plane is not fully covered by the overlay when the cursor hardware is enabled. With this fix, all IGT tests start to pass again, which means our overlay support works as expected. Cc: Tianci.Yin <tianci.yin@amd.com> Cc: Harry Wentland <harry.wentland@amd.com> Cc: Nicholas Choi <nicholas.choi@amd.com> Cc: Bhawanpreet Lakha <bhawanpreet.lakha@amd.com> Cc: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com> Cc: Mark Yacoub <markyacoub@google.com> Cc: Daniel Wheeler <daniel.wheeler@amd.com> Tested-by: Daniel Wheeler <daniel.wheeler@amd.com> Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:51:53 UTC |
| 5cfc912 | Jiansong Chen | 25 May 2021, 06:14:58 UTC | drm/amdgpu: refine amdgpu_fru_get_product_info 1. eliminate potential array index out of bounds. 2. return meaningful value for failure. Signed-off-by: Jiansong Chen <Jiansong.Chen@amd.com> Reviewed-by: Jack Gui <Jack.Gui@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:51:12 UTC |
| 147feb0 | Asher Song | 21 May 2021, 09:11:33 UTC | drm/amdgpu: add judgement for dc support Drop DC initialization when DCN is harvested in VBIOS. The way doesn't affect virtual display ip initialization. Signed-off-by: Likun Gao <Likun.Gao@amd.com> Signed-off-by: Asher Song <Asher.Song@amd.com> Reviewed-by: Guchun Chen <guchun.chen@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:49:15 UTC |
| a53085c | Nicholas Kazlauskas | 19 May 2021, 20:12:19 UTC | drm/amd/display: Fix GPU scaling regression by FS video support [Why] FS video support regressed GPU scaling and the scaled buffer ends up stuck in the top left of the screen at native size - full, aspect, center scaling modes do not function. This is because decide_crtc_timing_for_drm_display_mode() does not get called when scaling is enabled. [How] Split recalculate timing and scaling into two different flags. We don't want to call drm_mode_set_crtcinfo() for scaling, but we do want to call it for FS video. Optimize and move preferred_refresh calculation next to decide_crtc_timing_for_drm_display_mode() like it used to be since that's not used for FS video. We don't need to copy over the VIC or polarity in the case of FS video modes because those don't change. Fixes: 6f59f229f8ed7a ("drm/amd/display: Skip modeset for front porch change") Cc: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:48:32 UTC |
| ba8e597 | Bindu Ramamurthy | 20 May 2021, 14:06:04 UTC | drm/amd/display: Allow bandwidth validation for 0 streams. [Why] Bandwidth calculations are triggered for non zero streams, and in case of 0 streams, these calculations were skipped with pstate status not being updated. [How] As the pstate status is applicable for non zero streams, check added for allowing 0 streams inline with dcn internal bandwidth validations. Signed-off-by: Bindu Ramamurthy <bindu.r@amd.com> Reviewed-by: Roman Li <Roman.Li@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 June 2021, 21:48:20 UTC |
| 324c92e | Linus Torvalds | 02 June 2021, 18:53:37 UTC | Merge tag 'efi-urgent-2021-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "A handful of EFI fixes: - Fix/robustify a diagnostic printk - Fix a (normally not triggered) parser bug in the libstub code - Allow !EFI_MEMORY_XP && !EFI_MEMORY_RO entries in the memory map - Stop RISC-V from crashing on boot if there's no FDT table" * tag 'efi-urgent-2021-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi: cper: fix snprintf() use in cper_dimm_err_location() efi/libstub: prevent read overflow in find_file_option() efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared efi/fdt: fix panic when no valid fdt found | 02 June 2021, 18:53:37 UTC |
| 0372b6d | Linus Torvalds | 02 June 2021, 18:46:57 UTC | Merge tag 'acpi-5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "Fix a mutex object memory leak in ACPICA occurring during object deletion that was introduced in 5.12-rc1 (Erik Kaneda)" * tag 'acpi-5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPICA: Clean up context mutex during object deletion | 02 June 2021, 18:46:57 UTC |
| 3bfc6ff | Linus Torvalds | 02 June 2021, 18:41:45 UTC | Merge tag 'hwmon-for-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "The most notable fix is for the q54sj108a2 driver to let it actually instantiate. Also attribute fixes for pmbus/isl68137, pmbus/fsp-3y, and dell-smm-hwmon drivers" * tag 'hwmon-for-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon/pmbus: (q54sj108a2) The PMBUS_MFR_ID is actually 6 chars instead of 5 hwmon: (pmbus/isl68137) remove READ_TEMPERATURE_3 for RAA228228 hwmon: (pmbus/fsp-3y) Fix FSP-3Y YH-5151E VOUT hwmon: (dell-smm-hwmon) Fix index values | 02 June 2021, 18:41:45 UTC |
| b87482d | Matthew Auld | 27 May 2021, 18:51:45 UTC | Revert "i915: use io_mapping_map_user" This reverts commit b739f125e4ebd73d10ed30a856574e13649119ed. We are unfortunately seeing more issues like we did in 293837b9ac8d ("Revert "i915: fix remap_io_sg to verify the pgprot""), except this is now for the vm_fault_gtt path, where we are now hitting the same BUG_ON(!pte_none(*pte)): [10887.466150] kernel BUG at mm/memory.c:2183! [10887.466162] invalid opcode: 0000 [#1] PREEMPT SMP PTI [10887.466168] CPU: 0 PID: 7775 Comm: ffmpeg Tainted: G U 5.13.0-rc3-CI-Nightly #1 [10887.466174] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J4205-ITX, BIOS P1.40 07/14/2017 [10887.466177] RIP: 0010:remap_pfn_range_notrack+0x30f/0x440 [10887.466188] Code: e8 96 d7 e0 ff 84 c0 0f 84 27 01 00 00 48 ba 00 f0 ff ff ff ff 0f 00 4c 89 e0 48 c1 e0 0c 4d 85 ed 75 96 48 21 d0 31 f6 eb a9 <0f> 0b 48 39 37 0f 85 0e 01 00 00 48 8b 0c 24 48 39 4f 08 0f 85 00 [10887.466193] RSP: 0018:ffffc90006e33c50 EFLAGS: 00010286 [10887.466198] RAX: 800000000000002f RBX: 00007f5e01800000 RCX: 0000000000000028 [10887.466201] RDX: 0000000000000001 RSI: ffffea0000000000 RDI: 0000000000000000 [10887.466204] RBP: ffffea000033fea8 R08: 800000000000002f R09: ffff8881072256e0 [10887.466207] R10: ffffc9000b84fff8 R11: 0000000017dab000 R12: 0000000000089f9f [10887.466210] R13: 800000000000002f R14: 00007f5e017e4000 R15: ffff88800cffaf20 [10887.466213] FS: 00007f5e04849640(0000) GS:ffff888278000000(0000) knlGS:0000000000000000 [10887.466216] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [10887.466220] CR2: 00007fd9b191a2ac CR3: 00000001829ac000 CR4: 00000000003506f0 [10887.466223] Call Trace: [10887.466233] vm_fault_gtt+0x1ca/0x5d0 [i915] [10887.466381] ? ktime_get+0x38/0x90 [10887.466389] __do_fault+0x37/0x90 [10887.466395] __handle_mm_fault+0xc46/0x1200 [10887.466402] handle_mm_fault+0xce/0x2a0 [10887.466407] do_user_addr_fault+0x1c5/0x660 Reverting this commit is reported to fix the issue. Reported-by: Eero Tamminen <eero.t.tamminen@intel.com> References: https://gitlab.freedesktop.org/drm/intel/-/issues/3519 Fixes: b739f125e4eb ("i915: use io_mapping_map_user") Cc: Christoph Hellwig <hch@lst.de> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Matthew Auld <matthew.auld@intel.com> Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/20210527185145.458021-1-matthew.auld@intel.com (cherry picked from commit 0e4fe0c9f2f981f26e01b73f3c465ca314c4f9c0) Signed-off-by: Jani Nikula <jani.nikula@intel.com> | 02 June 2021, 12:06:10 UTC |
| 10c1f0c | Zhihao Cheng | 01 June 2021, 09:19:35 UTC | drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() In case of error, the function live_context() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: 52c0fdb25c7c ("drm/i915: Replace global breadcrumbs with per-context interrupt tracking") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/33c46ef24cd547d0ad21dc106441491a@intel.com [tursulin: Wrap commit text, fix Fixes: tag.] Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com> (cherry picked from commit 8f4caef8d5401b42c6367d46c23da5e0e8111516) Signed-off-by: Jani Nikula <jani.nikula@intel.com> | 02 June 2021, 12:06:10 UTC |
| bcd9a07 | Max Gurtovoy | 01 June 2021, 16:22:05 UTC | nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a crash (BUG() is called). Instead, assign the p2p_dev for the request only if it was allocated from p2p pool. This is the crash that was caused: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI ... [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! ... [Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0 ... [Sun May 30 19:13:53 2021] Call Trace: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70 [Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80 [Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet] [Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518! [Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma] [Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma] Fixes: c6e3f1339812 ("nvmet: add metadata support for block devices") Reviewed-by: Israel Rukshin <israelr@nvidia.com> Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com> Reviewed-by: Logan Gunthorpe <logang@deltatee.com> Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Christoph Hellwig <hch@lst.de> | 02 June 2021, 07:10:38 UTC |
| 6622f9a | Hannes Reinecke | 26 May 2021, 15:23:18 UTC | nvme-loop: do not warn for deleted controllers during reset During concurrent reset and delete calls the reset workqueue is flushed, causing nvme_loop_reset_ctrl_work() to be executed when the controller is in state DELETING or DELETING_NOIO. But this is expected, so we shouldn't issue a WARN_ON here. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> | 02 June 2021, 07:06:53 UTC |
| 4237de2 | Hannes Reinecke | 26 May 2021, 15:23:17 UTC | nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() We need to check the NVME_LOOP_Q_LIVE flag in nvme_loop_destroy_admin_queue() to protect against duplicate invocations eg during concurrent reset and remove calls. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Christoph Hellwig <hch@lst.de> | 02 June 2021, 07:06:53 UTC |
| 1c5f8e8 | Hannes Reinecke | 26 May 2021, 15:23:16 UTC | nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails When the call to nvme_enable_ctrl() in nvme_loop_configure_admin_queue() fails the NVME_LOOP_Q_LIVE flag is not cleared. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Christoph Hellwig <hch@lst.de> | 02 June 2021, 07:06:53 UTC |
| a6c144f | Hannes Reinecke | 26 May 2021, 15:23:15 UTC | nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() The queue count is increased in nvme_loop_init_io_queues(), so we need to reset it to 1 at the end of nvme_loop_destroy_io_queues(). Otherwise the function is not re-entrant safe, and crash will happen during concurrent reset and remove calls. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Christoph Hellwig <hch@lst.de> | 02 June 2021, 07:06:53 UTC |
| 231bc53 | Linus Torvalds | 02 June 2021, 03:26:06 UTC | Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid Pull HID fixes from Jiri Kosina: - memory leak fix in usbhid from Anirudh Rayabharam - additions for a few new recognized generic key IDs from Dmitry Torokhov - Asus T101HA and Dell K15A quirks from Hans de Goede - memory leak fix in amd_sfh from Basavaraj Natikar - Win8 compatibility and Stylus fixes in multitouch driver from Ahelenia Ziemiańska - NULL pointer dereference fix in hid-magicmouse from Johan Hovold - assorted other small fixes and device ID additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: (33 commits) HID: asus: Cleanup Asus T101HA keyboard-dock handling HID: magicmouse: fix NULL-deref on disconnect HID: intel-ish-hid: ipc: Add Alder Lake device IDs HID: i2c-hid: fix format string mismatch HID: amd_sfh: Fix memory leak in amd_sfh_work HID: amd_sfh: Use devm_kzalloc() instead of kzalloc() HID: ft260: improve error handling of ft260_hid_feature_report_get() HID: magicmouse: fix crash when disconnecting Magic Trackpad 2 HID: gt683r: add missing MODULE_DEVICE_TABLE HID: pidff: fix error return code in hid_pidff_init() HID: logitech-hidpp: initialize level variable HID: multitouch: Disable event reporting on suspend on the Asus T101HA touchpad HID: core: Remove extraneous empty line before EXPORT_SYMBOL_GPL(hid_check_keys_pressed) HID: hid-sensor-custom: Process failure of sensor_hub_set_feature() HID: i2c-hid: Skip ELAN power-on command after reset HID: usbhid: fix info leak in hid_submit_ctrl HID: Add BUS_VIRTUAL to hid_connect logging HID: multitouch: set Stylus suffix for Stylus-application devices, too HID: multitouch: require Finger field to mark Win8 reports as MT HID: remove the unnecessary redefinition of a macro ... | 02 June 2021, 03:26:06 UTC |
| 00151f5 | Linus Torvalds | 02 June 2021, 03:20:40 UTC | Merge tag 'gfs2-v5.13-rc2-fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 fix from Andreas Gruenbacher: "Revert broken commit" * tag 'gfs2-v5.13-rc2-fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: Revert "gfs2: Fix mmap locking for write faults" | 02 June 2021, 03:20:40 UTC |
| 4d96d3b | Larry Finger | 01 June 2021, 19:04:18 UTC | Bluetooth: Add a new USB ID for RTL8822CE Some models of the RTL8822ce utilize a different USB ID. Add this new one to the Bluetooth driver. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 02 June 2021, 03:11:48 UTC |
| d5b8145 | Andreas Gruenbacher | 01 June 2021, 20:53:27 UTC | Revert "gfs2: Fix mmap locking for write faults" This reverts commit b7f55d928e75557295c1ac280c291b738905b6fb. As explained by Linus in [*], write faults on a mmap region are reads from a filesysten point of view, so taking the inode glock exclusively on write faults is incorrect. Instead, when a page is marked writable, the .page_mkwrite vm operation will be called, which is where the exclusive lock taking needs to happen. I got this wrong because of a broken test case that made me believe .page_mkwrite isn't getting called when it actually is. [*] https://lore.kernel.org/lkml/CAHk-=wj8EWr_D65i4oRSj2FTbrc6RdNydNNCGxeabRnwtoU=3Q@mail.gmail.com/ Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> | 01 June 2021, 21:16:42 UTC |
| 0b78f8b | Matthew Wilcox | 01 June 2021, 14:30:30 UTC | Revert "fb_defio: Remove custom address_space_operations" Commit ccf953d8f3d6 makes framebuffers which use deferred I/O stop displaying updates after the first one. This is because the pages handled by fb_defio no longer have a page_mapping(). That prevents page_mkclean() from marking the PTEs as clean, and so writes are only noticed the first time. Reported-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/YLZEhv0cpZp8uVE3@casper.infradead.org | 01 June 2021, 15:38:40 UTC |
| c2131f7 | Linus Torvalds | 31 May 2021, 15:57:22 UTC | Merge tag 'gfs2-v5.13-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 fixes from Andreas Gruenbacher: "Various gfs2 fixes" * tag 'gfs2-v5.13-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Fix use-after-free in gfs2_glock_shrink_scan gfs2: Fix mmap locking for write faults gfs2: Clean up revokes on normal withdraws gfs2: fix a deadlock on withdraw-during-mount gfs2: fix scheduling while atomic bug in glocks gfs2: Fix I_NEW check in gfs2_dinode_in gfs2: Prevent direct-I/O write fallback errors from getting lost | 31 May 2021, 15:57:22 UTC |
| 36c7955 | Linus Torvalds | 31 May 2021, 15:52:22 UTC | Merge tag 'fsnotify_for_v5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify fixes from Jan Kara: "A fix for permission checking with fanotify unpriviledged groups. Also there's a small update in MAINTAINERS file for fanotify" * tag 'fsnotify_for_v5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fanotify: fix permission model of unprivileged group MAINTAINERS: Add Matthew Bobrowski as a reviewer | 31 May 2021, 15:52:22 UTC |
| 671cc35 | Dmitry Osipenko | 30 May 2021, 19:55:06 UTC | drm/tegra: Correct DRM_FORMAT_MOD_NVIDIA_SECTOR_LAYOUT The format modifier is 64bit, while DRM_FORMAT_MOD_NVIDIA_SECTOR_LAYOUT uses BIT() macro that is 32bit on ARM32. The (modifier &= ~DRM_FORMAT_MOD_NVIDIA_SECTOR_LAYOUT) doesn't work as expected on ARM32 and tegra_fb_get_tiling() fails for the tiled formats on 32bit Tegra because modifier mask isn't applied properly. Use the BIT_ULL() macro to fix this trouble. Fixes: 7b6f846785f4 ("drm/tegra: Support sector layout on Tegra194") Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Signed-off-by: Thierry Reding <treding@nvidia.com> | 31 May 2021, 12:29:44 UTC |
| e4dfe10 | Erik Kaneda | 21 May 2021, 22:28:08 UTC | ACPICA: Clean up context mutex during object deletion ACPICA commit bc43c878fd4ff27ba75b1d111b97ee90d4a82707 Fixes: c27f3d011b08 ("Fix race in GenericSerialBus (I2C) and GPIO OpRegion parameter handling") Link: https://github.com/acpica/acpica/commit/bc43c878 Reported-by: John Garry <john.garry@huawei.com> Reported-by: Xiang Chen <chenxiang66@hisilicon.com> Tested-by: Xiang Chen <chenxiang66@hisilicon.com> Signed-off-by: Erik Kaneda <erik.kaneda@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 31 May 2021, 11:56:33 UTC |
| 1ab19c5 | Hillf Danton | 18 May 2021, 08:46:25 UTC | gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock. Reported-by: syzbot <syzbot+34ba7ddbf3021981a228@syzkaller.appspotmail.com> Signed-off-by: Hillf Danton <hdanton@sina.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> | 31 May 2021, 10:03:28 UTC |
| 12b2aaa | Sagi Grimberg | 28 May 2021, 01:16:38 UTC | nvme-rdma: fix in-casule data send for chained sgls We have only 2 inline sg entries and we allow 4 sg entries for the send wr sge. Larger sgls entries will be chained. However when we build in-capsule send wr sge, we iterate without taking into account that the sgl may be chained and still fit in-capsule (which can happen if the sgl is bigger than 2, but lower-equal to 4). Fix in-capsule data mapping to correctly iterate chained sgls. Fixes: 38e1800275d3 ("nvme-rdma: Avoid preallocating big SGL for data") Reported-by: Walker, Benjamin <benjamin.walker@intel.com> Signed-off-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> | 31 May 2021, 06:06:11 UTC |
| 8124c8a | Linus Torvalds | 30 May 2021, 21:58:25 UTC | Linux 5.13-rc4 | 30 May 2021, 21:58:25 UTC |
| b90e90f | Linus Torvalds | 30 May 2021, 04:24:00 UTC | Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "This is a bit larger than usual at rc4 time. The reason is due to Lee's work of fixing newly reported build warnings. The rest is fixes as usual" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (22 commits) MAINTAINERS: adjust to removing i2c designware platform data i2c: s3c2410: fix possible NULL pointer deref on read message after write i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset i2c: i801: Don't generate an interrupt on bus reset i2c: mpc: implement erratum A-004447 workaround powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag i2c: busses: i2c-stm32f4: Remove incorrectly placed ' ' from function name i2c: busses: i2c-st: Fix copy/paste function misnaming issues i2c: busses: i2c-pnx: Provide descriptions for 'alg_data' data structure i2c: busses: i2c-ocores: Place the expected function names into the documentation headers i2c: busses: i2c-eg20t: Fix 'bad line' issue and provide description for 'msgs' param i2c: busses: i2c-designware-master: Fix misnaming of 'i2c_dw_init_master()' i2c: busses: i2c-cadence: Fix incorrectly documented 'enum cdns_i2c_slave_mode' i2c: busses: i2c-ali1563: File headers are not good candidates for kernel-doc i2c: muxes: i2c-arb-gpio-challenge: Demote non-conformant kernel-doc headers i2c: busses: i2c-nomadik: Fix formatting issue pertaining to 'timeout' i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E i2c: I2C_HISI should depend on ACPI ... | 30 May 2021, 04:24:00 UTC |
| 9a76c0e | Linus Torvalds | 30 May 2021, 04:16:09 UTC | Merge tag 'seccomp-fixes-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull seccomp fixes from Kees Cook: "This fixes a hard-to-hit race condition in the addfd user_notif feature of seccomp, visible since v5.9. And a small documentation fix" * tag 'seccomp-fixes-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: seccomp: Refactor notification handler to prepare for new semantics Documentation: seccomp: Fix user notification documentation | 30 May 2021, 04:16:09 UTC |
| 9d68fe8 | Linus Torvalds | 30 May 2021, 04:10:10 UTC | Merge tag 'riscv-for-linus-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Palmer Dabbelt: "A handful of RISC-V related fixes: - avoid errors when the stack tracing code is tracing itself. - resurrect the memtest= kernel command line argument on RISC-V, which was briefly enabled during the merge window before a refactoring disabled it. - build fix and some warning cleanups" * tag 'riscv-for-linus-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: kexec: Fix W=1 build warnings riscv: kprobes: Fix build error when MMU=n riscv: Select ARCH_USE_MEMTEST riscv: stacktrace: fix the riscv stacktrace when CONFIG_FRAME_POINTER enabled | 30 May 2021, 04:10:10 UTC |
| 75b9c72 | Linus Torvalds | 30 May 2021, 03:47:19 UTC | Merge tag 'xfs-5.13-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: "This week's pile mitigates some decades-old problems in how extent size hints interact with realtime volumes, fixes some failures in online shrink, and fixes a problem where directory and symlink shrinking on extremely fragmented filesystems could fail. The most user-notable change here is to point users at our (new) IRC channel on OFTC. Freedom isn't free, it costs folks like you and me; and if you don't kowtow, they'll expel everyone and take over your channel. (Ok, ok, that didn't fit the song lyrics...) Summary: - Fix a bug where unmapping operations end earlier than expected, which can cause chaos on multi-block directory and symlink shrink operations. - Fix an erroneous assert that can trigger if we try to transition a bmap structure from btree format to extents format with zero extents. This was exposed by xfs/538" * tag 'xfs-5.13-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: bunmapi has unnecessary AG lock ordering issues xfs: btree format inode forks can have zero extents xfs: add new IRC channel to MAINTAINERS xfs: validate extsz hints against rt extent size when rtinherit is set xfs: standardize extent size hint validation xfs: check free AG space when making per-AG reservations | 30 May 2021, 03:47:19 UTC |
| 216e583 | Pavel Begunkov | 29 May 2021, 11:01:02 UTC | io_uring: fix misaccounting fix buf pinned pages As Andres reports "... io_sqe_buffer_register() doesn't initialize imu. io_buffer_account_pin() does imu->acct_pages++, before calling io_account_mem(ctx, imu->acct_pages).", leading to evevntual -ENOMEM. Initialise the field. Reported-by: Andres Freund <andres@anarazel.de> Fixes: 41edf1a5ec967 ("io_uring: keep table of pointers to ubufs") Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://lore.kernel.org/r/438a6f46739ae5e05d9c75a0c8fa235320ff367c.1622285901.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> | 30 May 2021, 01:27:21 UTC |
| ddc4739 | Sargun Dhillon | 17 May 2021, 19:39:06 UTC | seccomp: Refactor notification handler to prepare for new semantics This refactors the user notification code to have a do / while loop around the completion condition. This has a small change in semantic, in that previously we ignored addfd calls upon wakeup if the notification had been responded to, but instead with the new change we check for an outstanding addfd calls prior to returning to userspace. Rodrigo Campos also identified a bug that can result in addfd causing an early return, when the supervisor didn't actually handle the syscall [1]. [1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/ Fixes: 7cf97b125455 ("seccomp: Introduce addfd ioctl to seccomp user notifier") Signed-off-by: Sargun Dhillon <sargun@sargun.me> Acked-by: Tycho Andersen <tycho@tycho.pizza> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Rodrigo Campos <rodrigo@kinvolk.io> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210517193908.3113-3-sargun@sargun.me | 29 May 2021, 18:13:27 UTC |
| df8c66c | Linus Torvalds | 29 May 2021, 16:55:55 UTC | Merge tag 'thermal-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux Pull thermal fixes from Daniel Lezcano: - Fix uninitialized error code value for the SPMI adc driver (Yang Yingliang) - Fix kernel doc warning (Yang Li) - Fix wrong read-write thermal trip point initialization (Srinivas Pandruvada) * tag 'thermal-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: thermal/drivers/qcom: Fix error code in adc_tm5_get_dt_channel_data() thermal/ti-soc-thermal: Fix kernel-doc thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID | 29 May 2021, 16:55:55 UTC |
| f956cb9 | Linus Torvalds | 29 May 2021, 16:41:50 UTC | Merge tag 'char-misc-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are some tiny char/misc driver fixes for 5.13-rc4. Nothing huge here, just some tiny fixes for reported issues: - two interconnect driver fixes - kgdb build warning fix for gcc-11 - hgafb regression fix - soundwire driver fix - mei driver fix All have been in linux-next with no reported issues" * tag 'char-misc-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: mei: request autosuspend after sending rx flow control kgdb: fix gcc-11 warnings harder video: hgafb: correctly handle card detect failure during probe soundwire: qcom: fix handling of qcom,ports-block-pack-mode interconnect: qcom: Add missing MODULE_DEVICE_TABLE interconnect: qcom: bcm-voter: add a missing of_node_put() | 29 May 2021, 16:41:50 UTC |
| e1a9e3d | Linus Torvalds | 29 May 2021, 16:33:28 UTC | Merge tag 'driver-core-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here are three small driver core / debugfs fixes for 5.13-rc4: - debugfs fix for incorrect "lockdown" mode for selinux accesses - two device link changes, one bugfix and one cleanup All of these have been in linux-next for over a week with no reported problems" * tag 'driver-core-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: drivers: base: Reduce device link removal code duplication drivers: base: Fix device link removal debugfs: fix security_locked_down() call for SELinux | 29 May 2021, 16:33:28 UTC |
| 494b99f | Linus Torvalds | 29 May 2021, 16:29:13 UTC | Merge tag 'staging-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging and IIO driver fixes from Greg KH: "Here are some small IIO and staging driver fixes for reported issues for 5.13-rc4. Nothing major here, tiny changes for reported problems, full details are in the shortlog if people are curious. All have been in linux-next for a while with no reported problems" * tag 'staging-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: adc: ad7793: Add missing error code in ad7793_setup() iio: adc: ad7923: Fix undersized rx buffer. iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() iio: dac: ad5770r: Put fwnode in error case during ->probe() iio: gyro: fxas21002c: balance runtime power in error path staging: emxx_udc: fix loop in _nbu2ss_nuke() staging: iio: cdc: ad7746: avoid overwrite of num_channels iio: adc: ad7192: handle regulator voltage error first iio: adc: ad7192: Avoid disabling a clock that was never enabled. iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers iio: adc: ad7124: Fix missbalanced regulator enable / disable on error. | 29 May 2021, 16:29:13 UTC |
| 3837f9a | Linus Torvalds | 29 May 2021, 16:25:16 UTC | Merge tag 'tty-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty / serial driver fixes from Greg KH: "Here are some small fixes for reported problems for tty and serial drivers for 5.13-rc4. They consist of: - 8250 bugfixes and new device support - lockdown security mode fixup - syzbot found problems fixed - 8250_omap fix for interrupt storm - revert of 8250_omap driver fix as it caused worse problem than the original issue All but the last patch have been in linux-next for a while, the last one is a revert of a problem found in linux-next with the 8250_omap driver change" * tag 'tty-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "serial: 8250: 8250_omap: Fix possible interrupt storm" serial: 8250_pci: handle FL_NOIRQ board flag serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' serial: 8250_pci: Add support for new HPE serial device serial: 8250: 8250_omap: Fix possible interrupt storm serial: 8250: Use BIT(x) for UART_{CAP,BUG}_* serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART serial: 8250_dw: Add device HID for new AMD UART controller serial: sh-sci: Fix off-by-one error in FIFO threshold register setting serial: core: fix suspicious security_locked_down() call serial: tegra: Fix a mask operation that is always true | 29 May 2021, 16:25:16 UTC |
| 523d0b1 | Linus Torvalds | 29 May 2021, 16:11:21 UTC | Merge tag 'usb-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB / Thunderbolt fixes from Greg KH: "Here are a number of tiny USB and Thunderbolt driver fixes for 5.13-rc4. They consist of: - thunderbolt fixes for some NVM bound issues - xhci fixes for reported problems - control-request fixups - documentation build warning fixes - new usb-serial driver device ids - typec bugfixes for reported issues - usbfs warning fixups (could be triggered from userspace) - other tiny fixes for reported problems. All of these have been in linux-next with no reported issues" * tag 'usb-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits) xhci: Fix 5.12 regression of missing xHC cache clearing command after a Stall xhci: fix giving back URB with incorrect status regression in 5.12 usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() usb: typec: tcpm: Respond Not_Supported if no snk_vdo usb: typec: tcpm: Properly interrupt VDM AMS USB: trancevibrator: fix control-request direction usb: Restore the usb_header label usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header usb: typec: ucsi: Clear pending after acking connector change usb: typec: mux: Fix matching with typec_altmode_desc misc/uss720: fix memory leak in uss720_probe usb: dwc3: gadget: Properly track pending and queued SG USB: usbfs: Don't WARN about excessively large memory allocations thunderbolt: usb4: Fix NVM read buffer bounds and offset issue thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue usb: chipidea: udc: assign interrupt number to USB gadget structure usb: cdnsp: Fix lack of removing request from pending list. usb: cdns3: Fix runtime PM imbalance on error USB: serial: pl2303: add device id for ADLINK ND-6530 GC USB: serial: ti_usb_3410_5052: add startech.com device id ... | 29 May 2021, 16:11:21 UTC |
| 2244782 | Linus Torvalds | 29 May 2021, 16:02:25 UTC | Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "ARM fixes: - Another state update on exit to userspace fix - Prevent the creation of mixed 32/64 VMs - Fix regression with irqbypass not restarting the guest on failed connect - Fix regression with debug register decoding resulting in overlapping access - Commit exception state on exit to usrspace - Fix the MMU notifier return values - Add missing 'static' qualifiers in the new host stage-2 code x86 fixes: - fix guest missed wakeup with assigned devices - fix WARN reported by syzkaller - do not use BIT() in UAPI headers - make the kvm_amd.avic parameter bool PPC fixes: - make halt polling heuristics consistent with other architectures selftests: - various fixes - new performance selftest memslot_perf_test - test UFFD minor faults in demand_paging_test" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (44 commits) selftests: kvm: fix overlapping addresses in memslot_perf_test KVM: X86: Kill off ctxt->ud KVM: X86: Fix warning caused by stale emulation context KVM: X86: Use kvm_get_linear_rip() in single-step and #DB/#BP interception KVM: x86/mmu: Fix comment mentioning skip_4k KVM: VMX: update vcpu posted-interrupt descriptor when assigning device KVM: rename KVM_REQ_PENDING_TIMER to KVM_REQ_UNBLOCK KVM: x86: add start_assignment hook to kvm_x86_ops KVM: LAPIC: Narrow the timer latency between wait_lapic_expire and world switch selftests: kvm: do only 1 memslot_perf_test run by default KVM: X86: Use _BITUL() macro in UAPI headers KVM: selftests: add shared hugetlbfs backing source type KVM: selftests: allow using UFFD minor faults for demand paging KVM: selftests: create alias mappings when using shared memory KVM: selftests: add shmem backing source type KVM: selftests: refactor vm_mem_backing_src_type flags KVM: selftests: allow different backing source types KVM: selftests: compute correct demand paging size KVM: selftests: simplify setup_demand_paging error handling KVM: selftests: Print a message if /dev/kvm is missing ... | 29 May 2021, 16:02:25 UTC |
| 866c4b8 | Linus Torvalds | 29 May 2021, 15:51:53 UTC | Merge tag 's390-5.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Vasily Gorbik: "Fix races in vfio-ccw request handling" * tag 's390-5.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: vfio-ccw: Serialize FSM IDLE state with I/O completion vfio-ccw: Reset FSM state to IDLE inside FSM vfio-ccw: Check initialized flag in cp_init() | 29 May 2021, 15:51:53 UTC |
| 000ac42 | Paolo Bonzini | 28 May 2021, 19:10:58 UTC | selftests: kvm: fix overlapping addresses in memslot_perf_test vm_create allocates memory and maps it close to GPA. This memory is separate from what is allocated in subsequent calls to vm_userspace_mem_region_add, so it is incorrect to pass the test memory size to vm_create_default. Just pass a small fixed amount of memory which can be used later for page table, otherwise GPAs are already allocated at MEM_GPA and the test aborts. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 29 May 2021, 10:28:06 UTC |
| 6799d4f | Linus Torvalds | 29 May 2021, 00:47:48 UTC | Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Ten small fixes, all in drivers" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq scsi: vmw_pvscsi: Set correct residual data length scsi: bnx2fc: Return failure if io_req is already in ABTS processing scsi: aic7xxx: Remove multiple definition of globals scsi: aic7xxx: Restore several defines for aic7xxx firmware build scsi: target: iblock: Fix smp_processor_id() BUG messages scsi: libsas: Use _safe() loop in sas_resume_port() scsi: target: tcmu: Fix xarray RCU warning scsi: target: core: Avoid smp_processor_id() in preemptible code | 29 May 2021, 00:47:48 UTC |
| 0217a27 | Linus Torvalds | 29 May 2021, 00:42:37 UTC | Merge tag 'block-5.13-2021-05-28' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - NVMe pull request (Christoph): - fix a memory leak in nvme_cdev_add (Guoqing Jiang) - fix inline data size comparison in nvmet_tcp_queue_response (Hou Pu) - fix false keep-alive timeout when a controller is torn down (Sagi Grimberg) - fix a nvme-tcp Kconfig dependency (Sagi Grimberg) - short-circuit reconnect retries for FC (Hannes Reinecke) - decode host pathing error for connect (Hannes Reinecke) - MD pull request (Song): - Fix incorrect chunk boundary assert (Christoph) - Fix s390/dasd verification panic (Stefan) * tag 'block-5.13-2021-05-28' of git://git.kernel.dk/linux-block: nvmet: fix false keep-alive timeout when a controller is torn down nvmet-tcp: fix inline data size comparison in nvmet_tcp_queue_response nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME md/raid5: remove an incorrect assert in in_chunk_boundary s390/dasd: add missing discipline function nvme-fabrics: decode host pathing error for connect nvme-fc: short-circuit reconnect retries nvme: fix potential memory leaks in nvme_cdev_add | 29 May 2021, 00:42:37 UTC |
| b3dbbae | Linus Torvalds | 29 May 2021, 00:35:55 UTC | Merge tag 'io_uring-5.13-2021-05-28' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "A few minor fixes: - Fix an issue with hashed wait removal on exit (Zqiang, Pavel) - Fix a recent data race introduced in this series (Marco)" * tag 'io_uring-5.13-2021-05-28' of git://git.kernel.dk/linux-block: io_uring: fix data race to avoid potential NULL-deref io-wq: Fix UAF when wakeup wqe in hash waitqueue io_uring/io-wq: close io-wq full-stop gap | 29 May 2021, 00:35:55 UTC |
| 567d1fd | Linus Torvalds | 29 May 2021, 00:28:58 UTC | Merge tag 'drm-fixes-2021-05-29' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Pretty quiet this week, couple of amdgpu, one i915, and a few misc otherwise. ttm: - prevent irrelevant swapout amdgpu: - MultiGPU fan fix - VCN powergating fixes amdkfd: - Fix SDMA register offset error meson: - fix shutdown crash i915: - Re-enable LTTPR non-transparent LT mode for DPCD_REV < 1.4" * tag 'drm-fixes-2021-05-29' of git://anongit.freedesktop.org/drm/drm: drm/ttm: Skip swapout if ttm object is not populated drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 drm/meson: fix shutdown crash when component not probed drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error drm/amd/pm: correct MGpuFanBoost setting | 29 May 2021, 00:28:58 UTC |
| f289d99 | Linus Torvalds | 29 May 2021, 00:23:05 UTC | Merge tag 'perf-tools-fixes-for-v5.13-2021-05-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tools fixes from Arnaldo Carvalho de Melo: - Fix error checking of BPF prog attachment in 'perf stat'. - Fix getting maximum number of fds in the vendor events JSON parser. - Move debug initialization earlier, fixing a segfault in some cases. - Fix eventcode of power10 JSON events. * tag 'perf-tools-fixes-for-v5.13-2021-05-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: perf vendor events powerpc: Fix eventcode of power10 JSON events perf stat: Fix error check for bpf_program__attach perf debug: Move debug initialization earlier perf jevents: Fix getting maximum number of fds | 29 May 2021, 00:23:05 UTC |
| 7c0ec89 | Linus Torvalds | 29 May 2021, 00:15:47 UTC | Merge tag '5.13-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Three SMB3 fixes. Two for stable, and the other fixes a problem pointed out with a recently added ioctl" * tag '5.13-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6: cifs: change format of CIFS_FULL_KEY_DUMP ioctl cifs: fix string declarations and assignments in tracepoints cifs: set server->cipher_type to AES-128-CCM for SMB3.0 | 29 May 2021, 00:15:47 UTC |
| 5ff2756 | Linus Torvalds | 28 May 2021, 18:53:19 UTC | Merge tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: "Stable fixes: - Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - Fix Oops in xs_tcp_send_request() when transport is disconnected - Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Bugfixes: - Fix instances where signal_pending() should be fatal_signal_pending() - fix an incorrect limit in filelayout_decode_layout() - Fixes for the SUNRPC backlogged RPC queue - Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - Revert commit 586a0787ce35 ("Clean up rpcrdma_prepare_readch()")" * tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: nfs: Remove trailing semicolon in macros xprtrdma: Revert 586a0787ce35 NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config NFS: Clean up reset of the mirror accounting variables NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() NFS: Fix an Oopsable condition in __nfs_pageio_add_request() SUNRPC: More fixes for backlog congestion SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() SUNRPC in case of backlog, hand free slots directly to waiting task pNFS/NFSv4: Remove redundant initialization of 'rd_size' NFS: fix an incorrect limit in filelayout_decode_layout() fs/nfs: Use fatal_signal_pending instead of signal_pending | 28 May 2021, 18:53:19 UTC |
| fc683f9 | Linus Torvalds | 28 May 2021, 18:47:50 UTC | Merge tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A slightly high volume at this time due to pending ASoC fixes. While there are a few generic simple-card fixes for regressions, most of the changes are device-specific fixes: ASoC Intel SOF, codec clocks, other codec / platform fixes as well as usual HD-audio and USB-audio" * tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (37 commits) ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i ALSA: hda/realtek: Headphone volume is controlled by Front mixer ALSA: usb-audio: scarlett2: Improve driver startup messages ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci ALSA: usb-audio: fix control-request direction ASoC: qcom: lpass-cpu: Use optional clk APIs ASoC: cs35l33: fix an error code in probe() ASoC: SOF: Intel: hda: don't send DAI_CONFIG IPC for older firmware ASoC: fsl: fix SND_SOC_IMX_RPMSG dependency ASoC: cs42l52: Minor tidy up of error paths ASoC: cs35l32: Add missing regmap use_single config ASoC: cs35l34: Add missing regmap use_single config ASoC: cs42l73: Add missing regmap use_single config ASoC: cs53l30: Add missing regmap use_single config ... | 28 May 2021, 18:47:50 UTC |
| 8508b97 | Linus Torvalds | 28 May 2021, 18:31:48 UTC | Merge tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull clang feature fixes from Kees Cook: - Correctly pass stack frame size checking under LTO (Nick Desaulniers) - Avoid CFI mismatches by checking initcall_t types (Marco Elver) * tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: Makefile: LTO: have linker check -Wframe-larger-than init: verify that function is initcall_t at compile-time | 28 May 2021, 18:31:48 UTC |
| afdd147 | Linus Torvalds | 28 May 2021, 18:24:13 UTC | Merge tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Thomas Bogendoerfer: - fix function/preempt trace hangs - a few build fixes * tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c MIPS: launch.h: add include guard to prevent build errors MIPS: alchemy: xxs1500: add gpio-au1000.h header file | 28 May 2021, 18:24:13 UTC |
| a3d2ec9 | Paolo Bonzini | 28 May 2021, 17:02:03 UTC | Merge tag 'kvmarm-fixes-5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for 5.13, take #2 - Another state update on exit to userspace fix - Prevent the creation of mixed 32/64 VMs | 28 May 2021, 17:02:03 UTC |
| b35491e | Wanpeng Li | 28 May 2021, 00:01:37 UTC | KVM: X86: Kill off ctxt->ud ctxt->ud is consumed only by x86_decode_insn(), we can kill it off by passing emulation_type to x86_decode_insn() and dropping ctxt->ud altogether. Tracking that info in ctxt for literally one call is silly. Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Wanpeng Li <wanpengli@tencent.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Message-Id: <1622160097-37633-2-git-send-email-wanpengli@tencent.com> | 28 May 2021, 16:59:10 UTC |
| da6393c | Wanpeng Li | 28 May 2021, 00:01:36 UTC | KVM: X86: Fix warning caused by stale emulation context Reported by syzkaller: WARNING: CPU: 7 PID: 10526 at linux/arch/x86/kvm//x86.c:7621 x86_emulate_instruction+0x41b/0x510 [kvm] RIP: 0010:x86_emulate_instruction+0x41b/0x510 [kvm] Call Trace: kvm_mmu_page_fault+0x126/0x8f0 [kvm] vmx_handle_exit+0x11e/0x680 [kvm_intel] vcpu_enter_guest+0xd95/0x1b40 [kvm] kvm_arch_vcpu_ioctl_run+0x377/0x6a0 [kvm] kvm_vcpu_ioctl+0x389/0x630 [kvm] __x64_sys_ioctl+0x8e/0xd0 do_syscall_64+0x3c/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae Commit 4a1e10d5b5d8 ("KVM: x86: handle hardware breakpoints during emulation()) adds hardware breakpoints check before emulation the instruction and parts of emulation context initialization, actually we don't have the EMULTYPE_NO_DECODE flag here and the emulation context will not be reused. Commit c8848cee74ff ("KVM: x86: set ctxt->have_exception in x86_decode_insn()) triggers the warning because it catches the stale emulation context has #UD, however, it is not during instruction decoding which should result in EMULATION_FAILED. This patch fixes it by moving the second part emulation context initialization into init_emulate_ctxt() and before hardware breakpoints check. The ctxt->ud will be dropped by a follow-up patch. syzkaller source: https://syzkaller.appspot.com/x/repro.c?x=134683fdd00000 Reported-by: syzbot+71271244f206d17f6441@syzkaller.appspotmail.com Fixes: 4a1e10d5b5d8 (KVM: x86: handle hardware breakpoints during emulation) Signed-off-by: Wanpeng Li <wanpengli@tencent.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Message-Id: <1622160097-37633-1-git-send-email-wanpengli@tencent.com> | 28 May 2021, 16:59:09 UTC |
| e87e46d | Yuan Yao | 26 May 2021, 06:38:28 UTC | KVM: X86: Use kvm_get_linear_rip() in single-step and #DB/#BP interception The kvm_get_linear_rip() handles x86/long mode cases well and has better readability, __kvm_set_rflags() also use the paired function kvm_is_linear_rip() to check the vcpu->arch.singlestep_rip set in kvm_arch_vcpu_ioctl_set_guest_debug(), so change the "CS.BASE + RIP" code in kvm_arch_vcpu_ioctl_set_guest_debug() and handle_exception_nmi() to this one. Signed-off-by: Yuan Yao <yuan.yao@intel.com> Message-Id: <20210526063828.1173-1-yuan.yao@linux.intel.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 28 May 2021, 16:57:53 UTC |
| aac9029 | Sargun Dhillon | 17 May 2021, 19:39:05 UTC | Documentation: seccomp: Fix user notification documentation The documentation had some previously incorrect information about how userspace notifications (and responses) were handled due to a change from a previously proposed patchset. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Acked-by: Tycho Andersen <tycho@tycho.pizza> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Kees Cook <keescook@chromium.org> Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210517193908.3113-2-sargun@sargun.me | 28 May 2021, 16:54:12 UTC |
| 8aa0ae4 | Lukas Bulwahn | 19 April 2021, 06:18:09 UTC | MAINTAINERS: adjust to removing i2c designware platform data Commit 5a517b5bf687 ("i2c: designware: Get rid of legacy platform data") removes ./include/linux/platform_data/i2c-designware.h, but misses to adjust the SYNOPSYS DESIGNWARE I2C DRIVER section in MAINTAINERS. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains: warning: no file matches F: include/linux/platform_data/i2c-designware.h Remove the file entry to this removed file as well. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 28 May 2021, 14:48:48 UTC |
| 8fc4e4a | Kajol Jain | 25 May 2021, 06:37:23 UTC | perf vendor events powerpc: Fix eventcode of power10 JSON events Fixed the eventcode values in the power10 JSON event files to prepend "0x" since these are hexadecimal values. The patch also changes the event description of the PM_EXEC_STALL_LOAD_FINISH and PM_EXEC_STALL_NTC_FLUSH event and move some events to correct files. Fixes: 32daa5d7899e ("perf vendor events: Initial JSON/events list for power10 platform") Signed-off-by: Kajol Jain <kjain@linux.ibm.com> Reviewed-by: Paul A. Clarke <pc@us.ibm.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Cc: Athira Jajeev <atrajeev@linux.vnet.ibm.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com> Cc: linuxppc-dev@lists.ozlabs.org Link: http://lore.kernel.org/lkml/20210525063723.1191514-1-kjain@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> | 28 May 2021, 12:22:24 UTC |
| 56dde68 | Greg Kroah-Hartman | 28 May 2021, 08:58:49 UTC | Revert "serial: 8250: 8250_omap: Fix possible interrupt storm" This reverts commit 31fae7c8b18c3f8029a2a5dce97a3182c1a167a0. Tony writes: I just noticed this causes the following regression in Linux next when pressing a key on uart console after boot at least on omap3. This seems to happen on serial_port_in(port, UART_RX) in the quirk handling. So let's drop this. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/YLCCJzkkB4N7LTQS@atomide.com Fixes: 31fae7c8b18c ("serial: 8250: 8250_omap: Fix possible interrupt storm") Reported-by: Tony Lindgren <tony@atomide.com> Cc: Jan Kiszka <jan.kiszka@siemens.com> Cc: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 28 May 2021, 08:58:49 UTC |
| 2499042 | Krzysztof Kozlowski | 26 May 2021, 12:39:37 UTC | i2c: s3c2410: fix possible NULL pointer deref on read message after write Interrupt handler processes multiple message write requests one after another, till the driver message queue is drained. However if driver encounters a read message without preceding START, it stops the I2C transfer as it is an invalid condition for the controller. At least the comment describes a requirement "the controller forces us to send a new START when we change direction". This stop results in clearing the message queue (i2c->msg = NULL). The code however immediately jumped back to label "retry_write" which dereferenced the "i2c->msg" making it a possible NULL pointer dereference. The Coverity analysis: 1. Condition !is_msgend(i2c), taking false branch. if (!is_msgend(i2c)) { 2. Condition !is_lastmsg(i2c), taking true branch. } else if (!is_lastmsg(i2c)) { 3. Condition i2c->msg->flags & 1, taking true branch. if (i2c->msg->flags & I2C_M_RD) { 4. write_zero_model: Passing i2c to s3c24xx_i2c_stop, which sets i2c->msg to NULL. s3c24xx_i2c_stop(i2c, -EINVAL); 5. Jumping to label retry_write. goto retry_write; 6. var_deref_model: Passing i2c to is_msgend, which dereferences null i2c->msg. if (!is_msgend(i2c)) {" All previous calls to s3c24xx_i2c_stop() in this interrupt service routine are followed by jumping to end of function (acknowledging the interrupt and returning). This seems a reasonable choice also here since message buffer was entirely emptied. Addresses-Coverity: Explicit null dereferenced Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 28 May 2021, 08:16:23 UTC |
| fed1bd5 | Qii Wang | 27 May 2021, 12:04:04 UTC | i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset The i2c controller driver do dma reset after transfer timeout, but sometimes dma reset will trigger an unexpected DMA_ERR irq. It will cause the i2c controller to continuously send interrupts to the system and cause soft lock-up. So we need to disable i2c start_en and clear intr_stat to stop i2c controller before dma reset when transfer timeout. Fixes: aafced673c06("i2c: mediatek: move dma reset before i2c reset") Signed-off-by: Qii Wang <qii.wang@mediatek.com> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 28 May 2021, 08:13:07 UTC |
| aeeb517 | Dave Airlie | 28 May 2021, 03:28:18 UTC | Merge tag 'drm-intel-fixes-2021-05-27' of ssh://git.freedesktop.org/git/drm/drm-intel into drm-fixes drm/i915 fixes for v5.13-rc4: - Re-enable LTTPR non-transparent LT mode for DPCD_REV<1.4 Signed-off-by: Dave Airlie <airlied@redhat.com> From: Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/875yz4bnmj.fsf@intel.com | 28 May 2021, 03:28:18 UTC |
| b26389e | Dave Airlie | 28 May 2021, 03:24:25 UTC | Merge tag 'drm-misc-fixes-2021-05-27' of ssh://git.freedesktop.org/git/drm/drm-misc into drm-fixes A fix in meson for a crash at shutdown and one for TTM to prevent irrelevant swapout Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <maxime@cerno.tech> Link: https://patchwork.freedesktop.org/patch/msgid/20210527120828.3w7f53krzkslc4ii@gilmour | 28 May 2021, 03:24:42 UTC |
| c673b7f | Namhyung Kim | 27 May 2021, 22:00:52 UTC | perf stat: Fix error check for bpf_program__attach It seems the bpf_program__attach() returns a negative error code instead of a NULL pointer in case of error. Fixes: 7fac83aaf2ee ("perf stat: Introduce 'bperf' to share hardware PMCs with BPF") Signed-off-by: Namhyung Kim <namhyung@kernel.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Ian Rogers <irogers@google.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Song Liu <songliubraving@fb.com> Link: http://lore.kernel.org/lkml/20210527220052.1657578-1-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> | 28 May 2021, 00:51:21 UTC |
| ac6e9e3 | Dave Airlie | 27 May 2021, 23:18:04 UTC | Merge tag 'amd-drm-fixes-5.13-2021-05-26' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-5.13-2021-05-26: amdgpu: - MultiGPU fan fix - VCN powergating fixes amdkfd: - Fix SDMA register offset error Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210527031831.4057-1-alexander.deucher@amd.com | 27 May 2021, 23:18:04 UTC |
| 97e5bf6 | Linus Torvalds | 27 May 2021, 22:01:26 UTC | Merge branch 'for-5.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu Pull percpu fixes from Dennis Zhou: "This contains a cleanup to lib/percpu-refcount.c and an update to the MAINTAINERS file to more formally take over support for lib/percpu*" * 'for-5.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu: MAINTAINERS: Add lib/percpu* as part of percpu entry percpu_ref: Don't opencode percpu_ref_is_dying | 27 May 2021, 22:01:26 UTC |
| 3c856a3 | Linus Torvalds | 27 May 2021, 21:58:26 UTC | Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Don't use contiguous or block mappings for the linear map when KFENCE is enabled. - Fix link in the arch_counter_enforce_ordering() comment. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mm: don't use CON and BLK mapping if KFENCE is enabled arm64: Fix stale link in the arch_counter_enforce_ordering() comment | 27 May 2021, 21:58:26 UTC |
| 38747c9 | Linus Torvalds | 27 May 2021, 21:54:36 UTC | Merge tag 'for-5.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix DM verity target's 'require_signatures' module_param permissions. - Revert DM snapshot fix from v5.13-rc3 and then properly fix crash when an origin has no snapshots. This allows only the proper fix to go to stable@ (since the original fix was successfully dropped). * tag 'for-5.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm snapshot: properly fix a crash when an origin has no snapshots dm snapshot: revert "fix a crash when an origin has no snapshots" dm verity: fix require_signatures module_param permissions | 27 May 2021, 21:54:36 UTC |
| 76a6d5c | Filipe Manana | 25 May 2021, 10:05:28 UTC | btrfs: fix deadlock when cloning inline extents and low on available space There are a few cases where cloning an inline extent requires copying data into a page of the destination inode. For these cases we are allocating the required data and metadata space while holding a leaf locked. This can result in a deadlock when we are low on available space because allocating the space may flush delalloc and two deadlock scenarios can happen: 1) When starting writeback for an inode with a very small dirty range that fits in an inline extent, we deadlock during the writeback when trying to insert the inline extent, at cow_file_range_inline(), if the extent is going to be located in the leaf for which we are already holding a read lock; 2) After successfully starting writeback, for non-inline extent cases, the async reclaim thread will hang waiting for an ordered extent to complete if the ordered extent completion needs to modify the leaf for which the clone task is holding a read lock (for adding or replacing file extent items). So the cloning task will wait forever on the async reclaim thread to make progress, which in turn is waiting for the ordered extent completion which in turn is waiting to acquire a write lock on the same leaf. So fix this by making sure we release the path (and therefore the leaf) every time we need to copy the inline extent's data into a page of the destination inode, as by that time we do not need to have the leaf locked. Fixes: 05a5a7621ce66c ("Btrfs: implement full reflink support for inline extents") CC: stable@vger.kernel.org # 5.10+ Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:52 UTC |
| ea7036d | Filipe Manana | 24 May 2021, 10:35:53 UTC | btrfs: fix fsync failure and transaction abort after writes to prealloc extents When doing a series of partial writes to different ranges of preallocated extents with transaction commits and fsyncs in between, we can end up with a checksum items in a log tree. This causes an fsync to fail with -EIO and abort the transaction, turning the filesystem to RO mode, when syncing the log. For this to happen, we need to have a full fsync of a file following one or more fast fsyncs. The following example reproduces the problem and explains how it happens: $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt # Create our test file with 2 preallocated extents. Leave a 1M hole # between them to ensure that we get two file extent items that will # never be merged into a single one. The extents are contiguous on disk, # which will later result in the checksums for their data to be merged # into a single checksum item in the csums btree. # $ xfs_io -f \ -c "falloc 0 1M" \ -c "falloc 3M 3M" \ /mnt/foobar # Now write to the second extent and leave only 1M of it as unwritten, # which corresponds to the file range [4M, 5M[. # # Then fsync the file to flush delalloc and to clear full sync flag from # the inode, so that a future fsync will use the fast code path. # # After the writeback triggered by the fsync we have 3 file extent items # that point to the second extent we previously allocated: # # 1) One file extent item of type BTRFS_FILE_EXTENT_REG that covers the # file range [3M, 4M[ # # 2) One file extent item of type BTRFS_FILE_EXTENT_PREALLOC that covers # the file range [4M, 5M[ # # 3) One file extent item of type BTRFS_FILE_EXTENT_REG that covers the # file range [5M, 6M[ # # All these file extent items have a generation of 6, which is the ID of # the transaction where they were created. The split of the original file # extent item is done at btrfs_mark_extent_written() when ordered extents # complete for the file ranges [3M, 4M[ and [5M, 6M[. # $ xfs_io -c "pwrite -S 0xab 3M 1M" \ -c "pwrite -S 0xef 5M 1M" \ -c "fsync" \ /mnt/foobar # Commit the current transaction. This wipes out the log tree created by # the previous fsync. sync # Now write to the unwritten range of the second extent we allocated, # corresponding to the file range [4M, 5M[, and fsync the file, which # triggers the fast fsync code path. # # The fast fsync code path sees that there is a new extent map covering # the file range [4M, 5M[ and therefore it will log a checksum item # covering the range [1M, 2M[ of the second extent we allocated. # # Also, after the fsync finishes we no longer have the 3 file extent # items that pointed to 3 sections of the second extent we allocated. # Instead we end up with a single file extent item pointing to the whole # extent, with a type of BTRFS_FILE_EXTENT_REG and a generation of 7 (the # current transaction ID). This is due to the file extent item merging we # do when completing ordered extents into ranges that point to unwritten # (preallocated) extents. This merging is done at # btrfs_mark_extent_written(). # $ xfs_io -c "pwrite -S 0xcd 4M 1M" \ -c "fsync" \ /mnt/foobar # Now do some write to our file outside the range of the second extent # that we allocated with fallocate() and truncate the file size from 6M # down to 5M. # # The truncate operation sets the full sync runtime flag on the inode, # forcing the next fsync to use the slow code path. It also changes the # length of the second file extent item so that it represents the file # range [3M, 5M[ and not the range [3M, 6M[ anymore. # # Finally fsync the file. Since this is a fsync that triggers the slow # code path, it will remove all items associated to the inode from the # log tree and then it will scan for file extent items in the # fs/subvolume tree that have a generation matching the current # transaction ID, which is 7. This means it will log 2 file extent # items: # # 1) One for the first extent we allocated, covering the file range # [0, 1M[ # # 2) Another for the first 2M of the second extent we allocated, # covering the file range [3M, 5M[ # # When logging the first file extent item we log a single checksum item # that has all the checksums for the entire extent. # # When logging the second file extent item, we also lookup for the # checksums that are associated with the range [0, 2M[ of the second # extent we allocated (file range [3M, 5M[), and then we log them with # btrfs_csum_file_blocks(). However that results in ending up with a log # that has two checksum items with ranges that overlap: # # 1) One for the range [1M, 2M[ of the second extent we allocated, # corresponding to the file range [4M, 5M[, which we logged in the # previous fsync that used the fast code path; # # 2) One for the ranges [0, 1M[ and [0, 2M[ of the first and second # extents, respectively, corresponding to the files ranges [0, 1M[ # and [3M, 5M[. This one was added during this last fsync that uses # the slow code path and overlaps with the previous one logged by # the previous fast fsync. # # This happens because when logging the checksums for the second # extent, we notice they start at an offset that matches the end of the # checksums item that we logged for the first extent, and because both # extents are contiguous on disk, btrfs_csum_file_blocks() decides to # extend that existing checksums item and append the checksums for the # second extent to this item. The end result is we end up with two # checksum items in the log tree that have overlapping ranges, as # listed before, resulting in the fsync to fail with -EIO and aborting # the transaction, turning the filesystem into RO mode. # $ xfs_io -c "pwrite -S 0xff 0 1M" \ -c "truncate 5M" \ -c "fsync" \ /mnt/foobar fsync: Input/output error After running the example, dmesg/syslog shows the tree checker complained about the checksum items with overlapping ranges and we aborted the transaction: $ dmesg (...) [756289.557487] BTRFS critical (device sdc): corrupt leaf: root=18446744073709551610 block=30720000 slot=5, csum end range (16777216) goes beyond the start range (15728640) of the next csum item [756289.560583] BTRFS info (device sdc): leaf 30720000 gen 7 total ptrs 7 free space 11677 owner 18446744073709551610 [756289.562435] BTRFS info (device sdc): refs 2 lock_owner 0 current 2303929 [756289.563654] item 0 key (257 1 0) itemoff 16123 itemsize 160 [756289.564649] inode generation 6 size 5242880 mode 100600 [756289.565636] item 1 key (257 12 256) itemoff 16107 itemsize 16 [756289.566694] item 2 key (257 108 0) itemoff 16054 itemsize 53 [756289.567725] extent data disk bytenr 13631488 nr 1048576 [756289.568697] extent data offset 0 nr 1048576 ram 1048576 [756289.569689] item 3 key (257 108 1048576) itemoff 16001 itemsize 53 [756289.570682] extent data disk bytenr 0 nr 0 [756289.571363] extent data offset 0 nr 2097152 ram 2097152 [756289.572213] item 4 key (257 108 3145728) itemoff 15948 itemsize 53 [756289.573246] extent data disk bytenr 14680064 nr 3145728 [756289.574121] extent data offset 0 nr 2097152 ram 3145728 [756289.574993] item 5 key (18446744073709551606 128 13631488) itemoff 12876 itemsize 3072 [756289.576113] item 6 key (18446744073709551606 128 15728640) itemoff 11852 itemsize 1024 [756289.577286] BTRFS error (device sdc): block=30720000 write time tree block corruption detected [756289.578644] ------------[ cut here ]------------ [756289.579376] WARNING: CPU: 0 PID: 2303929 at fs/btrfs/disk-io.c:465 csum_one_extent_buffer+0xed/0x100 [btrfs] [756289.580857] Modules linked in: btrfs dm_zero dm_dust loop dm_snapshot (...) [756289.591534] CPU: 0 PID: 2303929 Comm: xfs_io Tainted: G W 5.12.0-rc8-btrfs-next-87 #1 [756289.592580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [756289.594161] RIP: 0010:csum_one_extent_buffer+0xed/0x100 [btrfs] [756289.595122] Code: 5d c3 e8 76 60 (...) [756289.597509] RSP: 0018:ffffb51b416cb898 EFLAGS: 00010282 [756289.598142] RAX: 0000000000000000 RBX: fffff02b8a365bc0 RCX: 0000000000000000 [756289.598970] RDX: 0000000000000000 RSI: ffffffffa9112421 RDI: 00000000ffffffff [756289.599798] RBP: ffffa06500880000 R08: 0000000000000000 R09: 0000000000000000 [756289.600619] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [756289.601456] R13: ffffa0652b1d8980 R14: ffffa06500880000 R15: 0000000000000000 [756289.602278] FS: 00007f08b23c9800(0000) GS:ffffa0682be00000(0000) knlGS:0000000000000000 [756289.603217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [756289.603892] CR2: 00005652f32d0138 CR3: 000000025d616003 CR4: 0000000000370ef0 [756289.604725] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [756289.605563] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [756289.606400] Call Trace: [756289.606704] btree_csum_one_bio+0x244/0x2b0 [btrfs] [756289.607313] btrfs_submit_metadata_bio+0xb7/0x100 [btrfs] [756289.608040] submit_one_bio+0x61/0x70 [btrfs] [756289.608587] btree_write_cache_pages+0x587/0x610 [btrfs] [756289.609258] ? free_debug_processing+0x1d5/0x240 [756289.609812] ? __module_address+0x28/0xf0 [756289.610298] ? lock_acquire+0x1a0/0x3e0 [756289.610754] ? lock_acquired+0x19f/0x430 [756289.611220] ? lock_acquire+0x1a0/0x3e0 [756289.611675] do_writepages+0x43/0xf0 [756289.612101] ? __filemap_fdatawrite_range+0xa4/0x100 [756289.612800] __filemap_fdatawrite_range+0xc5/0x100 [756289.613393] btrfs_write_marked_extents+0x68/0x160 [btrfs] [756289.614085] btrfs_sync_log+0x21c/0xf20 [btrfs] [756289.614661] ? finish_wait+0x90/0x90 [756289.615096] ? __mutex_unlock_slowpath+0x45/0x2a0 [756289.615661] ? btrfs_log_inode_parent+0x3c9/0xdc0 [btrfs] [756289.616338] ? lock_acquire+0x1a0/0x3e0 [756289.616801] ? lock_acquired+0x19f/0x430 [756289.617284] ? lock_acquire+0x1a0/0x3e0 [756289.617750] ? lock_release+0x214/0x470 [756289.618221] ? lock_acquired+0x19f/0x430 [756289.618704] ? dput+0x20/0x4a0 [756289.619079] ? dput+0x20/0x4a0 [756289.619452] ? lockref_put_or_lock+0x9/0x30 [756289.619969] ? lock_release+0x214/0x470 [756289.620445] ? lock_release+0x214/0x470 [756289.620924] ? lock_release+0x214/0x470 [756289.621415] btrfs_sync_file+0x46a/0x5b0 [btrfs] [756289.621982] do_fsync+0x38/0x70 [756289.622395] __x64_sys_fsync+0x10/0x20 [756289.622907] do_syscall_64+0x33/0x80 [756289.623438] entry_SYSCALL_64_after_hwframe+0x44/0xae [756289.624063] RIP: 0033:0x7f08b27fbb7b [756289.624588] Code: 0f 05 48 3d 00 (...) [756289.626760] RSP: 002b:00007ffe2583f940 EFLAGS: 00000293 ORIG_RAX: 000000000000004a [756289.627639] RAX: ffffffffffffffda RBX: 00005652f32cd0f0 RCX: 00007f08b27fbb7b [756289.628464] RDX: 00005652f32cbca0 RSI: 00005652f32cd110 RDI: 0000000000000003 [756289.629323] RBP: 00005652f32cd110 R08: 0000000000000000 R09: 00007f08b28c4be0 [756289.630172] R10: fffffffffffff39a R11: 0000000000000293 R12: 0000000000000001 [756289.631007] R13: 00005652f32cd0f0 R14: 0000000000000001 R15: 00005652f32cc480 [756289.631819] irq event stamp: 0 [756289.632188] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [756289.632911] hardirqs last disabled at (0): [<ffffffffa7e97c29>] copy_process+0x879/0x1cc0 [756289.633893] softirqs last enabled at (0): [<ffffffffa7e97c29>] copy_process+0x879/0x1cc0 [756289.634871] softirqs last disabled at (0): [<0000000000000000>] 0x0 [756289.635606] ---[ end trace 0a039fdc16ff3fef ]--- [756289.636179] BTRFS: error (device sdc) in btrfs_sync_log:3136: errno=-5 IO failure [756289.637082] BTRFS info (device sdc): forced readonly Having checksum items covering ranges that overlap is dangerous as in some cases it can lead to having extent ranges for which we miss checksums after log replay or getting the wrong checksum item. There were some fixes in the past for bugs that resulted in this problem, and were explained and fixed by the following commits: 27b9a8122ff71a ("Btrfs: fix csum tree corruption, duplicate and outdated checksums") b84b8390d6009c ("Btrfs: fix file read corruption after extent cloning and fsync") 40e046acbd2f36 ("Btrfs: fix missing data checksums after replaying a log tree") e289f03ea79bbc ("btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents") Fix the issue by making btrfs_csum_file_blocks() taking into account the start offset of the next checksum item when it decides to extend an existing checksum item, so that it never extends the checksum to end at a range that goes beyond the start range of the next checksum item. When we can not access the next checksum item without releasing the path, simply drop the optimization of extending the previous checksum item and fallback to inserting a new checksum item - this happens rarely and the optimization is not significant enough for a log tree in order to justify the extra complexity, as it would only save a few bytes (the size of a struct btrfs_item) of leaf space. This behaviour is only needed when inserting into a log tree because for the regular checksums tree we never have a case where we try to insert a range of checksums that overlap with a range that was previously inserted. A test case for fstests will follow soon. Reported-by: Philipp Fent <fent@in.tum.de> Link: https://lore.kernel.org/linux-btrfs/93c4600e-5263-5cba-adf0-6f47526e7561@in.tum.de/ CC: stable@vger.kernel.org # 5.4+ Tested-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:36 UTC |
| dc09ef3 | Josef Bacik | 19 May 2021, 18:04:21 UTC | btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because we insert the inode ref for one side of the rename, and then for the other side. If this second inode ref insert fails we'll leave the first one dangling and leave a corrupt file system behind. Fix this by aborting if we did the insert for the first inode ref. CC: stable@vger.kernel.org # 4.9+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:16 UTC |
| f96d447 | Josef Bacik | 19 May 2021, 15:26:25 UTC | btrfs: check error value from btrfs_update_inode in tree log Error injection testing uncovered a case where we ended up with invalid link counts on an inode. This happened because we failed to notice an error when updating the inode while replaying the tree log, and committed the transaction with an invalid file system. Fix this by checking the return value of btrfs_update_inode. This resolved the link count errors I was seeing, and we already properly handle passing up the error values in these paths. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Reviewed-by: Qu Wenruo <wqu@suse.com> Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:13 UTC |
| 011b28a | Josef Bacik | 19 May 2021, 17:13:15 UTC | btrfs: fixup error handling in fixup_inode_link_counts This function has the following pattern while (1) { ret = whatever(); if (ret) goto out; } ret = 0 out: return ret; However several places in this while loop we simply break; when there's a problem, thus clearing the return value, and in one case we do a return -EIO, and leak the memory for the path. Fix this by re-arranging the loop to deal with ret == 1 coming from btrfs_search_slot, and then simply delete the ret = 0; out: bit so everybody can break if there is an error, which will allow for proper error handling to occur. CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:08 UTC |
| d61bec0 | Josef Bacik | 19 May 2021, 13:38:27 UTC | btrfs: mark ordered extent and inode with error if we fail to finish While doing error injection testing I saw that sometimes we'd get an abort that wouldn't stop the current transaction commit from completing. This abort was coming from finish ordered IO, but at this point in the transaction commit we should have gotten an error and stopped. It turns out the abort came from finish ordered io while trying to write out the free space cache. It occurred to me that any failure inside of finish_ordered_io isn't actually raised to the person doing the writing, so we could have any number of failures in this path and think the ordered extent completed successfully and the inode was fine. Fix this by marking the ordered extent with BTRFS_ORDERED_IOERR, and marking the mapping of the inode with mapping_set_error, so any callers that simply call fdatawait will also get the error. With this we're seeing the IO error on the free space inode when we fail to do the finish_ordered_io. CC: stable@vger.kernel.org # 4.19+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:31:01 UTC |
| 856bd27 | Josef Bacik | 19 May 2021, 14:52:46 UTC | btrfs: return errors from btrfs_del_csums in cleanup_ref_head We are unconditionally returning 0 in cleanup_ref_head, despite the fact that btrfs_del_csums could fail. We need to return the error so the transaction gets aborted properly, fix this by returning ret from btrfs_del_csums in cleanup_ref_head. Reviewed-by: Qu Wenruo <wqu@suse.com> CC: stable@vger.kernel.org # 4.19+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:30:55 UTC |
| b86652b | Josef Bacik | 19 May 2021, 14:52:45 UTC | btrfs: fix error handling in btrfs_del_csums Error injection stress would sometimes fail with checksums on disk that did not have a corresponding extent. This occurred because the pattern in btrfs_del_csums was while (1) { ret = btrfs_search_slot(); if (ret < 0) break; } ret = 0; out: btrfs_free_path(path); return ret; If we got an error from btrfs_search_slot we'd clear the error because we were breaking instead of goto out. Instead of using goto out, simply handle the cases where we may leave a random value in ret, and get rid of the ret = 0; out: pattern and simply allow break to have the proper error reporting. With this fix we properly abort the transaction and do not commit thinking we successfully deleted the csum. Reviewed-by: Qu Wenruo <wqu@suse.com> CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:30:49 UTC |
| 4c80a97 | Qu Wenruo | 25 May 2021, 05:52:43 UTC | btrfs: fix compressed writes that cross stripe boundary [BUG] When running btrfs/027 with "-o compress" mount option, it always crashes with the following call trace: BTRFS critical (device dm-4): mapping failed logical 298901504 bio len 12288 len 8192 ------------[ cut here ]------------ kernel BUG at fs/btrfs/volumes.c:6651! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 5 PID: 31089 Comm: kworker/u24:10 Tainted: G OE 5.13.0-rc2-custom+ #26 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: btrfs-delalloc btrfs_work_helper [btrfs] RIP: 0010:btrfs_map_bio.cold+0x58/0x5a [btrfs] Call Trace: btrfs_submit_compressed_write+0x2d7/0x470 [btrfs] submit_compressed_extents+0x3b0/0x470 [btrfs] ? mark_held_locks+0x49/0x70 btrfs_work_helper+0x131/0x3e0 [btrfs] process_one_work+0x28f/0x5d0 worker_thread+0x55/0x3c0 ? process_one_work+0x5d0/0x5d0 kthread+0x141/0x160 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 ---[ end trace 63113a3a91f34e68 ]--- [CAUSE] The critical message before the crash means we have a bio at logical bytenr 298901504 length 12288, but only 8192 bytes can fit into one stripe, the remaining 4096 bytes go to another stripe. In btrfs, all bios are properly split to avoid cross stripe boundary, but commit 764c7c9a464b ("btrfs: zoned: fix parallel compressed writes") changed the behavior for compressed writes. Previously if we find our new page can't be fitted into current stripe, ie. "submit == 1" case, we submit current bio without adding current page. submit = btrfs_bio_fits_in_stripe(page, PAGE_SIZE, bio, 0); page->mapping = NULL; if (submit || bio_add_page(bio, page, PAGE_SIZE, 0) < PAGE_SIZE) { But after the modification, we will add the page no matter if it crosses stripe boundary, leading to the above crash. submit = btrfs_bio_fits_in_stripe(page, PAGE_SIZE, bio, 0); if (pg_index == 0 && use_append) len = bio_add_zone_append_page(bio, page, PAGE_SIZE, 0); else len = bio_add_page(bio, page, PAGE_SIZE, 0); page->mapping = NULL; if (submit || len < PAGE_SIZE) { [FIX] It's no longer possible to revert to the original code style as we have two different bio_add_*_page() calls now. The new fix is to skip the bio_add_*_page() call if @submit is true. Also to avoid @len to be uninitialized, always initialize it to zero. If @submit is true, @len will not be checked. If @submit is not true, @len will be the return value of bio_add_*_page() call. Either way, the behavior is still the same as the old code. Reported-by: Josef Bacik <josef@toxicpanda.com> Fixes: 764c7c9a464b ("btrfs: zoned: fix parallel compressed writes") Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> | 27 May 2021, 21:30:38 UTC |
| 1bb5681 | Aurelien Aptel | 21 May 2021, 15:19:28 UTC | cifs: change format of CIFS_FULL_KEY_DUMP ioctl Make CIFS_FULL_KEY_DUMP ioctl able to return variable-length keys. * userspace needs to pass the struct size along with optional session_id and some space at the end to store keys * if there is enough space kernel returns keys in the extra space and sets the length of each key via xyz_key_length fields This also fixes the build error for get_user() on ARM. Sample program: #include <stdlib.h> #include <stdio.h> #include <stdint.h> #include <sys/fcntl.h> #include <sys/ioctl.h> struct smb3_full_key_debug_info { uint32_t in_size; uint64_t session_id; uint16_t cipher_type; uint8_t session_key_length; uint8_t server_in_key_length; uint8_t server_out_key_length; uint8_t data[]; /* * return this struct with the keys appended at the end: * uint8_t session_key[session_key_length]; * uint8_t server_in_key[server_in_key_length]; * uint8_t server_out_key[server_out_key_length]; */ } __attribute__((packed)); #define CIFS_IOCTL_MAGIC 0xCF #define CIFS_DUMP_FULL_KEY _IOWR(CIFS_IOCTL_MAGIC, 10, struct smb3_full_key_debug_info) void dump(const void *p, size_t len) { const char *hex = "0123456789ABCDEF"; const uint8_t *b = p; for (int i = 0; i < len; i++) printf("%c%c ", hex[(b[i]>>4)&0xf], hex[b[i]&0xf]); putchar('\n'); } int main(int argc, char **argv) { struct smb3_full_key_debug_info *keys; uint8_t buf[sizeof(*keys)+1024] = {0}; size_t off = 0; int fd, rc; keys = (struct smb3_full_key_debug_info *)&buf; keys->in_size = sizeof(buf); fd = open(argv[1], O_RDONLY); if (fd < 0) perror("open"), exit(1); rc = ioctl(fd, CIFS_DUMP_FULL_KEY, keys); if (rc < 0) perror("ioctl"), exit(1); printf("SessionId "); dump(&keys->session_id, 8); printf("Cipher %04x\n", keys->cipher_type); printf("SessionKey "); dump(keys->data+off, keys->session_key_length); off += keys->session_key_length; printf("ServerIn Key "); dump(keys->data+off, keys->server_in_key_length); off += keys->server_in_key_length; printf("ServerOut Key "); dump(keys->data+off, keys->server_out_key_length); return 0; } Usage: $ gcc -o dumpkeys dumpkeys.c Against Windows Server 2020 preview (with AES-256-GCM support): # mount.cifs //$ip/test /mnt -o "username=administrator,password=foo,vers=3.0,seal" # ./dumpkeys /mnt/somefile SessionId 0D 00 00 00 00 0C 00 00 Cipher 0002 SessionKey AB CD CC 0D E4 15 05 0C 6F 3C 92 90 19 F3 0D 25 ServerIn Key 73 C6 6A C8 6B 08 CF A2 CB 8E A5 7D 10 D1 5B DC ServerOut Key 6D 7E 2B A1 71 9D D7 2B 94 7B BA C4 F0 A5 A4 F8 # umount /mnt With 256 bit keys: # echo 1 > /sys/module/cifs/parameters/require_gcm_256 # mount.cifs //$ip/test /mnt -o "username=administrator,password=foo,vers=3.11,seal" # ./dumpkeys /mnt/somefile SessionId 09 00 00 00 00 0C 00 00 Cipher 0004 SessionKey 93 F5 82 3B 2F B7 2A 50 0B B9 BA 26 FB 8C 8B 03 ServerIn Key 6C 6A 89 B2 CB 7B 78 E8 04 93 37 DA 22 53 47 DF B3 2C 5F 02 26 70 43 DB 8D 33 7B DC 66 D3 75 A9 ServerOut Key 04 11 AA D7 52 C7 A8 0F ED E3 93 3A 65 FE 03 AD 3F 63 03 01 2B C0 1B D7 D7 E5 52 19 7F CC 46 B4 Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by: Steve French <stfrench@microsoft.com> | 27 May 2021, 20:26:32 UTC |
| e4d8716 | Jean Delvare | 25 May 2021, 15:03:36 UTC | i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. Fixes: 636752bcb517 ("i2c-i801: Enable IRQ for SMBus transactions") Reported-by: syzbot+b4d3fd1dfd53e90afd79@syzkaller.appspotmail.com Signed-off-by: Jean Delvare <jdelvare@suse.de> Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Jarkko Nikula <jarkko.nikula@linux.intel.com> Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 27 May 2021, 19:56:42 UTC |
| 8f0cdec | Chris Packham | 11 May 2021, 21:20:52 UTC | i2c: mpc: implement erratum A-004447 workaround The P2040/P2041 has an erratum where the normal i2c recovery mechanism does not work. Implement the alternative recovery mechanism documented in the P2040 Chip Errata Rev Q. Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 27 May 2021, 19:52:25 UTC |
| 19ae697 | Chris Packham | 11 May 2021, 21:20:51 UTC | powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers The i2c controllers on the P1010 have an erratum where the documented scheme for i2c bus recovery will not work (A-004447). A different mechanism is needed which is documented in the P1010 Chip Errata Rev L. Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 27 May 2021, 19:52:16 UTC |
| 7adc7b2 | Chris Packham | 11 May 2021, 21:20:50 UTC | powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers The i2c controllers on the P2040/P2041 have an erratum where the documented scheme for i2c bus recovery will not work (A-004447). A different mechanism is needed which is documented in the P2040 Chip Errata Rev Q (latest available at the time of writing). Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 27 May 2021, 19:52:06 UTC |
| a5063ab | Chris Packham | 11 May 2021, 21:20:49 UTC | dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag Document the fsl,i2c-erratum-a004447 flag which indicates the presence of an i2c erratum on some QorIQ SoCs. Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Wolfram Sang <wsa@kernel.org> | 27 May 2021, 19:51:54 UTC |
