Ziyang Xuan says:
====================
octeon_ep: fix several bugs in exception paths
Find several obvious bugs during code review in exception paths. Provide
this patchset to fix them. Not tested, just compiled.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
octep_get_mac_addr() can fail because send mbox message failed. If this
happens, octep_dev->mac_addr will be zero. It should not continue to
initialize. Add exception handling for octep_get_mac_addr() to fix it.
Fixes: 862cd659a6 ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When occur unsupported_dev and mbox init errors, it did not free oct->conf
and iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.
Add kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under
unsupported_dev and mbox init errors to fix the problem.
Fixes: 862cd659a6 ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
octep_get_link_status() can fail because send mbox message failed, then
octep_get_link_status() will return ret less than 0. Excute octep_link_up()
as long as ret is not equal to 0 in octep_open() now. That is not correct.
The value type of link.state is enum octep_ctrl_net_state. Positive value
represents up. Excute octep_link_up() when ret is bigger than 0.
Fixes: 862cd659a6 ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
octep_napi_add() and octep_napi_enable() are all after
netif_set_real_num_{tx,rx}_queues() in octep_open(), so it is unnecessary
napi rollback under set_queues_err. Delete them to fix it.
Fixes: 37d79d0596 ("octeon_ep: add Tx/Rx processing and interrupt support")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When pci_register_driver failed, we need to remove debugfs,
which will caused a resource leak, fix it.
Resource leak logs as follows:
[ 52.184456] debugfs: Directory 'bnxt_en' with parent '/' already present!
Fixes: cabfb09d87 ("bnxt_en: add debugfs support for DIM")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When connecting to client timeout, disconnect client for twice in
chnl_net_open(). Remove one. Compile tested only.
Fixes: 2aa40aef9d ("caif: Use link layer MTU instead of fixed MTU")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hlist_for_each_entry_rcu() has built-in RCU and lock checking.
Pass cond argument to hlist_for_each_entry_rcu() to silence false
lockdep warning when CONFIG_PROVE_RCU_LIST is enabled.
Execute as follow:
ip link add link eth0 type macvlan mode source macaddr add <MAC-ADDR>
The rtnl_lock is held when macvlan_hash_lookup_source() or
macvlan_fill_info_macaddr() are called in the non-RCU read side section.
So, pass lockdep_rtnl_is_held() to silence false lockdep warning.
Fixes: 79cf79abce ("macvlan: add source mode")
Signed-off-by: Chuang Wang <nashuiliang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We should not release reference by put_device() before calling device_initialize().
Fixes: e7d1d4d9ac ("mISDN: fix possible memory leak in mISDN_register_device()")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When liquidio driver open failed, it doesn't release resources. Compile
tested only.
Fixes: 5b07aee112 ("liquidio: MSIX support for CN23XX")
Fixes: dbc97bfd39 ("net: liquidio: Add missing null pointer checks")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the fault handler, make sure we check if the BO maps lmem after
we schedule the migration, since the current resource might change from
lmem to smem, if the pages are in the non-cpu visible portion of lmem.
This then leads to adding the object to the lmem_userfault_list even
though the current resource is no longer lmem. If we then destroy the
object, the list might still contain a link to the now free object, since
we only remove it if the object is still in lmem.
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/7469
Fixes: ad74457a6b ("drm/i915/dgfx: Release mmap on rpm suspend")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Anshuman Gupta <anshuman.gupta@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Andrzej Hajda <andrzej.hajda@intel.com>
Cc: Nirmoy Das <nirmoy.das@intel.com>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221107165414.56970-1-matthew.auld@intel.com
(cherry picked from commit 625b74460e)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
The request's r_session maybe changed when it was forwarded or
resent. Both the forwarding and resending cases the requests will
be protected by the mdsc->mutex.
Cc: stable@vger.kernel.org
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2137955
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
When decoding the snaps fails it maybe leaving the 'first_realm'
and 'realm' pointing to the same snaprealm memory. And then it'll
put it twice and could cause random use-after-free, BUG_ON, etc
issues.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/57686
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
The ceph_lookup_inode() function returns error pointers. It never
returns NULL.
Fixes: aa87052dd9 ("ceph: fix incorrectly showing the .snap size for stat")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Github deprecated the git:// links about a year ago, so let's move to
the https:// URLs instead.
Reported-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
It contains:
- signal name fix for a pin on SAMA7G5
- memory self-refresh fix for SAMA7G5 by avoid soft resetting AC
DLL which can introduce glitches in RAM controller and lead to
unexpected behavior
- led support fix for lan966x-pcb8291 board by enabling sgpio node
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTsZ8eserC1pmhwqDmejrg/N2X7/QUCY2zi+AAKCRCejrg/N2X7
/RyZAQD0sVokdA9MKnPaap8zuXMnZd5yrQ7YMRYDn1puIscY3wEA98lZHOKlvVLW
+Ap3IUuFIEVwcrrIBGq7AZ0vIJjqxAE=
=uGGN
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmNyCOEACgkQmmx57+YA
GNm5mxAAtRG5ZG4X50+U6rninbMLtSN2jV/Zk4OBlbej4uwjINx2+3Wy5zkiD5wr
MHntpDBqT9HUdTna88LDlq0JFcYtVdd7vOA3SNjVyKrnXpUy2Nvt6GU4tErHQUlI
fwwq/dKOl/5lMzhKpnXjaoOJE9X6XNJOEU7OcrMVYvujln+s0T1uQZHKpLt+qBWD
Xc1diftZCIVsPHZ+EGRaUt/LQeNHxOAMt7fXWe6zE3ALIlxXiu+ZlzykdMsgpqZ5
MMuHzy36ZKOQMOx273aVb6fvEiUdqbX7lsCEkNVoM2/Z43LQ086nZGb4qxPkVaBh
ay2hN9wRuLrCmMjNKD3uQQK0G2DyPjjdSbTxjcNgelyztvCgxFgeusRjw8l3j6eM
xU7WzAiTrT/jYxx4qiXrCgfhH/kNAN2qSKiUeD/OCDMSURbv5RssRXAATGuXpV89
DzW5N+LuBcvLY7zFX7ga1yUjPNwWANtM1RqzB7w/WYAAF3FK+9TlAi5Cci6ptdPQ
fhqNcEOPmZE9a9zj5wRdG4HD5/lkGdRl+LBM+ksfWz2Fjk4iNO9fAgbPsznxeQVO
qmLR1aJ/4Fc5NodWEZuHArfYTlct2LLO1aVTDtLnBWvPidTrilA/X3miJZL1uQEK
QWQ/Lh+Cv50O263+gcuK1T7lBJRO1kHHxndJ3WHqiENSY5qEXvA=
=LTV+
-----END PGP SIGNATURE-----
Merge tag 'at91-fixes-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/at91/linux into arm/fixes
AT91 fixes for 6.1
It contains:
- signal name fix for a pin on SAMA7G5
- memory self-refresh fix for SAMA7G5 by avoid soft resetting AC
DLL which can introduce glitches in RAM controller and lead to
unexpected behavior
- led support fix for lan966x-pcb8291 board by enabling sgpio node
* tag 'at91-fixes-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/at91/linux:
ARM: at91: pm: avoid soft resetting AC DLL
ARM: dts: lan966x: Enable sgpio on pcb8291
ARM: dts: at91: sama7g5: fix signal name of pin PB2
Link: https://lore.kernel.org/r/20221110115411.180876-1-claudiu.beznea@microchip.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This fixes the APCS register region on IPQ8074 to not overlap
with adjacent nodes.
It lists the valid LDO modes on a variety of platforms, as this is not
required by the binding and implementation.
The reference clocks for the two UFS instances on SC8280XP are
corrected, to avoid relying on the state left by most versions of the
bootloader.
A number of issues are corrected with regards to the QMP PHY register
ranges on SC8280XP.
SC7280 gains a missing lpass reset region.
Lastly cluster idle is termporarily disabled on SM8250 to avoid issues
with booting the platform, until the last missing pieces lands.
-----BEGIN PGP SIGNATURE-----
iQJJBAABCAAzFiEEBd4DzF816k8JZtUlCx85Pw2ZrcUFAmNseJgVHGFuZGVyc3Nv
bkBrZXJuZWwub3JnAAoJEAsfOT8Nma3F3DAQAMvqqc9hkTDHpaRG24Wb0y1qesPJ
sF43AXotowJQIzTA6kflGB0ECcg0hSozpwi+wu0z9IZlxix5jovpr0Kxl5cbfsYQ
StaksT10Kc/Wmg0waA161RVUpXI8q8pw/fgi/xczYimrckLn2M+9T7/vlXxUlo8a
6eh648R4nWzuDDmulU1eoIjdYq/1aj2Vc/8ZXXwI1O2ZfjcJ2fH42XJAOYOAYGxU
AbXfN7DvYXmp4KDycwKRbOccmPKHXkBzYfSq+MOp1mZPuXFCVzvur2sRvd/ngiVJ
fBSWVmJIndxabkc0CFi+FGSurl1g+G9OHNIFzoNKX8OOw4bWvHRaNumOTazINVDv
ifx6/hrDlfCOiN5sJGrL2JUnsGtovfMECkXujwWo260anVj6mZetwd87FDeXRj7d
hlmbsMwvpD1mA+KBKgL/1jRaZn5aaJyUqlBpqTpCeVMMV6q7w9YhrXkT+PHoeokH
saB2n9TUykdwBASerwTOkMV+Hj1DSw1QPlu7Vs/E+G/7Q9GPjFIBtpBYKYlriDsO
rDwQeXbVZeYDTtXDneUeg73xMI5ic5JsLNw+CzrbXJbV8Eh27vs1Mfwq9mWS1slL
5SPW3vzl1BW9w4am5vEATxwosaP9ymukqHKgXZtBJv+EC7u93NlTEOS0GVAkcpNc
+pRHzjdloHe47r1C
=dJ0E
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmNyCNUACgkQmmx57+YA
GNlvoA/9Eujm8Yu3Z9BBkFnfDnPeT3wxA001k5j8OeXPMCFmxzMfn1Hu/ybQQ2bc
n1xMpxJ62/8Ye9KB87MK2UsBElt4p1tGsFKyuuHcZQc7gxTark1do2AujCx/KlCV
fhyb9rPZBy8D7k5gGtKVTcv8NSBvMmppWuoZUDYcPXaGqGgBfdu7OYr6rPJyvSns
9jxRd/VZg4euL2rcoKkn/MRkB2/P+b2KaLdeJ0DjKLAalqRmqLNHIpk97v25Bq1i
AR+IFs13s3qeWXe/JE/Uyv54mXpKtoKLt7IISMhKGsCkbvQzChEcw2IFvntThEtM
QRzG69HPxLioJmcegijqU3mmbYjQwjMaiwKcs0sHp6yYCdHT9W/bCwNXyvypdbW1
oPOFqF1lZeSFHadjI1Zl++M5SjW3cN95qsYItd+EMBUpJInoQDrkundO4b8A4sdS
RlHr8R06LdB6ylG0socId32lu93w/U4bLRXeZglT9ZdsFdww9Ncbpc8M8x554Kcr
ne8Ek8M7rKAQtXMbg28h8p+7Iijxggn+ZJOtUi0cB1ziin8Rzjedwfjryo8ShS7I
XUhzUzwNkPpZ+ljLj0AXo1qTR4ezMjuXPGTunXjmYl93FcZ7zqvieJyEHdp6IjNF
8/kUhQ2y9bCOT80otdKXYDBcuteo7td/zTsTiuBfBMjNSKte3KM=
=JYBF
-----END PGP SIGNATURE-----
Merge tag 'qcom-arm64-fixes-for-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/fixes
Qualcomm ARM64 DTS fixes for 6.1
This fixes the APCS register region on IPQ8074 to not overlap
with adjacent nodes.
It lists the valid LDO modes on a variety of platforms, as this is not
required by the binding and implementation.
The reference clocks for the two UFS instances on SC8280XP are
corrected, to avoid relying on the state left by most versions of the
bootloader.
A number of issues are corrected with regards to the QMP PHY register
ranges on SC8280XP.
SC7280 gains a missing lpass reset region.
Lastly cluster idle is termporarily disabled on SM8250 to avoid issues
with booting the platform, until the last missing pieces lands.
* tag 'qcom-arm64-fixes-for-6.1' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux:
arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state
arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280
arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size
arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes
arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers
arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers
arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers
arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy
arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock
arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
arm64: dts: qcom: sc8280xp-crd: Specify which LDO modes are allowed
arm64: dts: qcom: sa8295p-adp: Specify which LDO modes are allowed
arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
Revert "arm64: dts: qcom: msm8996: add missing TCSR syscon compatible"
arm64: dts: qcom: ipq8074: correct APCS register space size
Link: https://lore.kernel.org/r/20221110040635.795921-1-andersson@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Since DEFINE_RES_*() macros were converted to provide a compound literal
the user doesn't need to repeat it. Moreover, it may not be compiled.
Fixes: 52c4d11f1d ("resource: Convert DEFINE_RES_NAMED() to be compound literal")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221113191027.2327-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is a very narrow race between schedule() and task_call_func().
CPU0 CPU1
__schedule()
rq_lock();
prev_state = READ_ONCE(prev->__state);
if (... && prev_state) {
deactivate_tasl(rq, prev, ...)
prev->on_rq = 0;
task_call_func()
raw_spin_lock_irqsave(p->pi_lock);
state = READ_ONCE(p->__state);
smp_rmb();
if (... || p->on_rq) // false!!!
rq = __task_rq_lock()
ret = func();
next = pick_next_task();
rq = context_switch(prev, next)
prepare_lock_switch()
spin_release(&__rq_lockp(rq)->dep_map...)
So while the task is on it's way out, it still holds rq->lock for a
little while, and right then task_call_func() comes in and figures it
doesn't need rq->lock anymore (because the task is already dequeued --
but still running there) and then the __set_task_frozen() thing observes
it's holding rq->lock and yells murder.
Avoid this by waiting for p->on_cpu to get cleared, which guarantees
the task is fully finished on the old CPU.
( While arguably the fixes tag is 'wrong' -- none of the previous
task_call_func() users appears to care for this case. )
Fixes: f5d39b0208 ("freezer,sched: Rewrite core freezer logic")
Reported-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://lkml.kernel.org/r/Y1kdRNNfUeAU+FNl@hirez.programming.kicks-ass.net
These commits use WARN_ON_ONCE() and kill the offending processes when
deprecated and unknown flags are encountered:
commit c17a6ff932 ("rseq: Kill process when unknown flags are encountered in ABI structures")
commit 0190e4198e ("rseq: Deprecate RSEQ_CS_FLAG_NO_RESTART_ON_* flags")
The WARN_ON_ONCE() triggered by userspace input prevents use of
Syzkaller to fuzz the rseq system call.
Replace this WARN_ON_ONCE() by pr_warn_once() messages which contain
actually useful information.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Paul E. McKenney <paulmck@kernel.org>
Link: https://lkml.kernel.org/r/20221102130635.7379-1-mathieu.desnoyers@efficios.com
Commit 7d981405d0 ("soc: imx8m: change to use platform driver") ever
removed the dependency on bootloader for enabling OCOTP clock. It
helped to fix a kexec kernel hang issue. But unfortunately it caused
a regression on CAAM driver and got reverted.
This is the second try to enable the OCOTP clock by directly calling
clock API instead of indirectly enabling the clock via nvmem API.
Fixes: ac34de14ac ("Revert "soc: imx8m: change to use platform driver"")
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
- check kmalloc failures in Loongson64 kexec
- fix builds with clang-14
- fix char/int handling in pic32
-----BEGIN PGP SIGNATURE-----
iQJOBAABCAA4FiEEbt46xwy6kEcDOXoUeZbBVTGwZHAFAmNw8WkaHHRzYm9nZW5k
QGFscGhhLmZyYW5rZW4uZGUACgkQeZbBVTGwZHCdPQ//a3bRPpetxO3Feg4ETBxd
bsk4Zu9YEwwXzghBRAV09iAwuI/0sw79g8I49zAW1yOO5L0Y8UJGybpoxdhXEwhB
yX5yWrh+oM4ktwX5uJGD0r+q1GH4bqM245L08g0Ry3u19aux9LdhH3rMC4XZOb+Q
L6op6TALI+zv6O4+7RTY/kKxOds/So6D3ZuZUoy3DF0EYj8ij4eXQ8w/HNz/wYqo
tmgoYM6JT+E6jDRGFoMtj4bUnC1tt3aTBMYSiHw+fMTRFn7p/pWnMBMbsfN8WY4Q
qUTPTZj28s0azgWqar5yoGbVYqnDKEzTuSMxIScNlyf2jmOecC1WcEJIxqEOmRui
fPrBNffeR88bG1qofUeBE9ctoOqf20pcCUQrFYdCA51R6dDa1Pamn3gwql2Df6/Y
7AUSUSl/1mWQv4vt1+QQ87Jwi9nteJ7LomPspKBTRFE6okLa0XVVSViCDqrwS0lj
QgGdkgzSHn2wDd4+tc5NNDMhjW4df/u52+MH62J8S4CnextNtfMKacPuwidARABn
acT1oVkInUM5bBvEEuaK++tuFDixfse0eQSnUlq7FoIIjm0nKDUIYEWgClzFdJRT
i5ErRIFPTcJd2UUM1d8dQ9F8A/5q54UBHvDiTtD3Fet2+YqaFww+6FYid8qXWYkg
mW+DHzZaxyPrd8cV2v4Ka1M=
=OtmI
-----END PGP SIGNATURE-----
Merge tag 'mips-fixes_6.1_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fixes from Thomas Bogendoerfer:
- fix jump label branch range check
- check kmalloc failures in Loongson64 kexec
- fix builds with clang-14
- fix char/int handling in pic32
* tag 'mips-fixes_6.1_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: pic32: treat port as signed integer
MIPS: jump_label: Fix compat branch range check
mips: alchemy: gpio: Include the right header
MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
MIPS: fix duplicate definitions for exported symbols
mips: boot/compressed: use __NO_FORTIFY
- Force the use of SetVirtualAddressMap() on Ampera Altra arm64
machines, which crash in SetTime() if no virtual remapping is used
- Drop a spurious warning on misaligned runtime regions when using 16k
or 64k pages on arm64
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmNvduwACgkQw08iOZLZ
jySmkgv9GTFJUWJY1JWsQZf2OB+Ui2JAVCPJVbLGzDxWEFY/z+mgAcC6rJ6+T0Ju
9fNNBnFXeSq5bOPqGFcBOsLxHcP1KpNQHNKHjFUv9RovQGiMD29Fl3kT8XiuqtsB
SJcilTJs+J6umBOX+yQ1oho0P5eq/LkvDW3AFxzxrHAl/k9U0eePLIBAgIXS8Iuf
wZP3b2Bqt0z9b6JBFBKmXlLTC1WGdoVPmcXc2n+6O3c4MxUrZnbDk9Ou8vA1sCy5
JO4GlU0qvHercsZwcRRcdsKeQPpXIeDDOklUkicxsuYVhi7ipIfLdYsMwFkxGp22
IhXfxfV8OyJm71uD4z7EJAIgZibG86UQlh3Lib5846xYAGbZiUx3CaiiPBgHXgeV
PUy4FtYPlf0u8epC2QWKC3FGRIpkcAVwmZPnNvXV+NFg1wzd2B1dGFJajvCKfW93
joBsdWLUZABj5bNtSyLlaswT6gHt58w6PkHaqwi3mQaZs0oNt01iLbZCMy33y4A+
+jhAY/FE
=sWO/
-----END PGP SIGNATURE-----
Merge tag 'efi-fixes-for-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
Pull EFI fixes from Ard Biesheuvel:
- Force the use of SetVirtualAddressMap() on Ampera Altra arm64
machines, which crash in SetTime() if no virtual remapping is used
This is the first time we've added an SMBIOS based quirk on arm64,
but fortunately, we can just call a EFI protocol to grab the type #1
SMBIOS record when running in the stub, so we don't need all the
machinery we have in the kernel proper to parse SMBIOS data.
- Drop a spurious warning on misaligned runtime regions when using 16k
or 64k pages on arm64
* tag 'efi-fixes-for-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
arm64: efi: Fix handling of misaligned runtime regions and drop warning
arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines
Three small fixes, all in drivers. The sas one is in an unlikely
error leg, the debug one is to make it more standards conformant and
the ibmvfc one is to fix a user visible bug where a failover could
lose all paths to the device.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCY2+0+iYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishXfTAQCxqdCV
jb6MSs0IqB/EtTWYhq6znt6Tz4f544+esrtn+wEAxD5G8+6p7hbKi9GzPz4vLke4
sTT3xTOd4I2iLaaM3p0=
=v1jf
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Three small fixes, all in drivers.
The sas one is in an unlikely error leg, the debug one is to make it
more standards conformant and the ibmvfc one is to fix a user visible
bug where a failover could lose all paths to the device"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
scsi: ibmvfc: Avoid path failures during live migration
This contains a regression fix for the latest memalloc helper change.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNvXmoOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8xuw//fsXClcYR8PhY6TEMc1NvSJkVC0AsWNLQ3eMs
YpiEBgzHn99YPGZx5cIiTES1e3HI0OgibnWEvF60rizjPeDELL1mJLAuupxjwRsE
m1XsOuJ9AXDWdcwHZ/9Nh5A394El8fGo5au8IkOREMhHaMgwkWE7mVfl6h26qY8w
0F6//MLuFNEuyWXAeZk9QqtYUpfIBf8xBGFkL0fa5dtTQ0NsqwGmoQx/WArk7E6U
HrVL+x1mwZaK+8gSrbFdaAew8dxF1CAdk1XOVFiN8nvnN+Zvl7P1/WwU1u9FyAIC
tcV7zqklv4oKGH2iRZzT+3TGDT5HN0ylzMKc0EAuBGKgveuw1BUIJo9QZ7frturh
FCv/iOly1UP9lHFqoCrgBq4192gNwO2YNoLP3991iHVFliq9wS2Kk5QjGpVk49Z6
6ujZlq8lvGgf+9/dEwfAxQmd2GjGU1fcg86e8trrgFaE5ESphyLWposLEPAxVQ+6
EB1aeiLPrweS7IQ4qC6KHiS5tG6TZR3DUmKbjmwLB8+T/UALkcRY6wj8P0u9kUdH
XWLrKmUv2ExysR0Pd2Hu2dMm2XX3fs5WgAtfRYrcNT2zKUemhbwIYubBkd9F6deb
CMI8MomWOLC5KqEbNuOvMVOTavyPNFVh0LxVnwy2SK1rgxvwW1CfZaJFy1/noWqf
GK4AdhY=
=sSea
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull additional sound fix from Takashi Iwai:
"A regression fix for the latest memalloc helper change"
* tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: memalloc: Try dma_alloc_noncontiguous() at first
A relatively large collection of fixes and new platform quirks here,
they're all fairly minor though - the widest possible impact is the fix
to the use of prefixes on regulator names which would have broken any
device that integrates regulators with DAPM and was used in a system
where it had a name prefix assigning to it.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmNuPEsACgkQJNaLcl1U
h9B20wgAgLLJV/QRXtVczKYK8CkLQff07//BDyxPD/COLEe05QTc+WaPFNUqJKUv
mPmXg6br2TTDVdH+HSqeKc0yrz7o+2sLfJCZcDS3dF8lUE1X+/drhIFiuWnOwRmn
dmR7jAuJ0kPWbWsX/J0EyQlLe2vKrLq72Ila8IvUXtKVaVL2wQbVb2X8yb1bRlHs
nDj9dymIRori0fm6HAwNF7txgcL51sFy8hErAB3+qcp3mRYGSE/Xung6+Brzrpgp
eMGlrwp2xhWCKT1vvyEikhJWm+2QtWFsB0H2oURsMWboNhHqZbvN/1Lt8RuFIHLz
s3nkQUrJ9AtM0qVtR2jjm5qFK/fVog==
=8C2A
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.2-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.1
A relatively large collection of fixes and new platform quirks here,
they're all fairly minor though - the widest possible impact is the fix
to the use of prefixes on regulator names which would have broken any
device that integrates regulators with DAPM and was used in a system
where it had a name prefix assigning to it.
The latest fix for the non-contiguous memalloc helper changed the
allocation method for a non-IOMMU system to use only the fallback
allocator. This should have worked, but it caused a problem sometimes
when too many non-contiguous pages are allocated that can't be treated
by HD-audio controller.
As a quirk workaround, go back to the original strategy: use
dma_alloc_noncontiguous() at first, and apply the fallback only when
it fails, but only for non-IOMMU case.
We'll need a better fix in the fallback code as well, but this
workaround should paper over most cases.
Fixes: 9736a32513 ("ALSA: memalloc: Don't fall back for SG-buffer with IOMMU")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/CAHk-=wgSH5ubdvt76gNwa004ooZAEJL_1Q-Fyw5M2FDdqL==dg@mail.gmail.com
Link: https://lore.kernel.org/r/20221112084718.3305-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Several libata generic code fixes for rc5:
- Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
this command is mandatory for host-managed ZBC drives. The lack of
support for it in libata-scsi was causing issues with some
passthrough applications using ZBC drives (from Shin'ichiro).
- Fix the error path of libata-transport host, port, link and device
attributes initialization (from Yingliang).
- Prevent issuing new commands to a drive that is in the NCQ error
state and undergoing recovery (From Niklas). This bug went unnoticed
for a long time as commands issued to a drive in error state are
aborted immediately and retried by the scsi layer, hiding the useless
abort-and-retry sequence.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY2747wAKCRDdoc3SxdoY
dto2APwMUungXAkvlc+GuvSxkgbu/0ERcaATs9l5doYAcQ2jPQD/fE6gpSaE5e3X
RGm7egQrhkTUhoZnWmHtMdHCx2QgZQ4=
=Cj/q
-----END PGP SIGNATURE-----
Merge tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ata fixes from Damien Le Moal:
"Several libata generic code fixes for rc5:
- Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
this command is mandatory for host-managed ZBC drives.
The lack of support for it in libata-scsi was causing issues with
some passthrough applications using ZBC drives (from Shin'ichiro).
- Fix the error path of libata-transport host, port, link and device
attributes initialization (from Yingliang).
- Prevent issuing new commands to a drive that is in the NCQ error
state and undergoing recovery (From Niklas).
This bug went unnoticed for a long time as commands issued to a
drive in error state are aborted immediately and retried by the
scsi layer, hiding the useless abort-and-retry sequence"
* tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
ata: libata-core: do not issue non-internal commands once EH is pending
ata: libata-transport: fix error handling in ata_tdev_add()
ata: libata-transport: fix error handling in ata_tlink_add()
ata: libata-transport: fix error handling in ata_tport_add()
ata: libata-transport: fix double ata_host_put() in ata_tport_add()
ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
We're currently hitting the WARN_ON in mctp_i2c_flow_release:
if (midev->release_count > midev->i2c_lock_count) {
WARN_ONCE(1, "release count overflow");
This may be hit if we expire a flow before sending the first packet it
contains - as we will not be pairing the increment of release_count
(performed on flow release) with the i2c lock operation (only
performed on actual TX).
To fix this, only release a flow if we've encountered it previously (ie,
dev_flow_state does not indicate NEW), as we will mark the flow as
ACTIVE at the same time as accounting for the i2c lock operation. We
also need to add an INVALID flow state, to indicate when we've done the
release.
Fixes: f5b8abf9fc ("mctp i2c: MCTP I2C binding driver")
Reported-by: Jian Zhang <zhangjian.3032@bytedance.com>
Tested-by: Jian Zhang <zhangjian.3032@bytedance.com>
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Link: https://lore.kernel.org/r/20221110053135.329071-1-jk@codeconstruct.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
'aead_req' and 'aead_send' is allocated but not freed in default switch
case. This commit fixes the potential memory leak by freeing them under
the situation.
Note that the default cases here should never be reached as they'd
mean we allowed offloading an unsupported algorithm.
Fixes: ea7a9d88ba ("net/tls: Use cipher sizes structs")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Link: https://lore.kernel.org/r/20221110090329.2036382-1-liaoyu15@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
When stmmac_xdp_release() is called, there is a possibility that tx
function is still running on other queues which will lead to tx queue
timed out and reset adapter.
This commit ensure that tx function is not running xdp before release
flow continue to run.
Fixes: ac746c8520 ("net: stmmac: enhance XDP ZC driver level switching performance")
Signed-off-by: Song Yoong Siang <yoong.siang.song@intel.com>
Signed-off-by: Mohd Faizal Abdul Rahim <faizal.abdul.rahim@intel.com>
Signed-off-by: Noor Azura Ahmad Tarmizi <noor.azura.ahmad.tarmizi@intel.com>
Link: https://lore.kernel.org/r/20221110064552.22504-1-noor.azura.ahmad.tarmizi@linux.intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Current driver code will read device tree node information,
and set default values if there is no info provided.
This is not done in non-OF devices leading to SGMII fifo depths being
set to the smallest size.
This patch sets the value to the default value of the PHY as stated in the
PHY datasheet.
Fixes: 4dc08dcc9f ("net: phy: dp83867: introduce critical chip default init for non-of platform")
Signed-off-by: Michael Sit Wei Hong <michael.wei.hong.sit@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221110054938.925347-1-michael.wei.hong.sit@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
A problem about hinic create debugfs failed is triggered with the
following log given:
[ 931.419023] debugfs: Directory 'hinic' with parent '/' already present!
The reason is that hinic_module_init() returns pci_register_driver()
directly without checking its return value, if pci_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of hinic can never be created later.
hinic_module_init()
hinic_dbg_register_debugfs() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: 253ac3a979 ("hinic: add support to query sq info")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221110021642.80378-1-yuancan@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Afer commit 1fa5ae857b ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
use put_device() to give up the reference, so that the name can be
freed in kobject_cleanup() when the refcount is 0.
The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the
kfree() is removed. list_del() is called in mISDN_dsp_dev_release(),
so it need be initialized.
Fixes: 1fa5ae857b ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109132832.3270119-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
netdev is allocated in bgmac_alloc() with devm_alloc_etherdev() and will
be auto released in ->remove and ->probe failure path. Using free_netdev()
in bgmac_enet_remove() leads to double free.
Fixes: 34a5102c32 ("net: bgmac: allocate struct bgmac just once & don't copy it")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20221109150136.2991171-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Andrii Nakryiko says:
====================
bpf 2022-11-11
We've added 11 non-merge commits during the last 8 day(s) which contain
a total of 11 files changed, 83 insertions(+), 74 deletions(-).
The main changes are:
1) Fix strncpy_from_kernel_nofault() to prevent out-of-bounds writes,
from Alban Crequy.
2) Fix for bpf_prog_test_run_skb() to prevent wrong alignment,
from Baisong Zhong.
3) Switch BPF_DISPATCHER to static_call() instead of ftrace infra, with
a small build fix on top, from Peter Zijlstra and Nathan Chancellor.
4) Fix memory leak in BPF verifier in some error cases, from Wang Yufen.
5) 32-bit compilation error fixes for BPF selftests, from Pu Lehui and
Yang Jihong.
6) Ensure even distribution of per-CPU free list elements, from Xu Kuohai.
7) Fix copy_map_value() to track special zeroed out areas properly,
from Xu Kuohai.
* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
bpf: Fix offset calculation error in __copy_map_value and zero_map_value
bpf: Initialize same number of free nodes for each pcpu_freelist
selftests: bpf: Add a test when bpf_probe_read_kernel_str() returns EFAULT
maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
selftests/bpf: Fix test_progs compilation failure in 32-bit arch
selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms
bpf: Fix memory leaks in __check_func_call
bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE()
bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
bpf: Revert ("Fix dispatcher patchable function entry to 5 bytes nop")
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
====================
Link: https://lore.kernel.org/r/20221111231624.938829-1-andrii@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
introduced post-6.0 or which aren't considered serious enough to justify a
-stable backport.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY27xPAAKCRDdBJ7gKXxA
juFXAP4tSmfNDrT6khFhV0l4cS43bluErVNLh32RfXBqse8GYgEA5EPvZkOssLqY
86ejRXFgAArxYC4caiNURUQL+IASvQo=
=YVOx
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc hotfixes from Andrew Morton:
"22 hotfixes.
Eight are cc:stable and the remainder address issues which were
introduced post-6.0 or which aren't considered serious enough to
justify a -stable backport"
* tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (22 commits)
docs: kmsan: fix formatting of "Example report"
mm/damon/dbgfs: check if rm_contexts input is for a real context
maple_tree: don't set a new maximum on the node when not reusing nodes
maple_tree: fix depth tracking in maple_state
arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging
fs: fix leaked psi pressure state
nilfs2: fix use-after-free bug of ns_writer on remount
x86/traps: avoid KMSAN bugs originating from handle_bug()
kmsan: make sure PREEMPT_RT is off
Kconfig.debug: ensure early check for KMSAN in CONFIG_KMSAN_WARN
x86/uaccess: instrument copy_from_user_nmi()
kmsan: core: kmsan_in_runtime() should return true in NMI context
mm: hugetlb_vmemmap: include missing linux/moduleparam.h
mm/shmem: use page_mapping() to detect page cache for uffd continue
mm/memremap.c: map FS_DAX device memory as decrypted
Partly revert "mm/thp: carry over dirty bit when thp splits on pmd"
nilfs2: fix deadlock in nilfs_count_free_blocks()
mm/mmap: fix memory leak in mmap_region()
hugetlbfs: don't delete error page from pagecache
maple_tree: reorganize testing to restore module testing
...
- Another fix for rodata=full. Since rodata= is not a simple boolean on
arm64 (accepting 'full' as well), it got inadvertently broken by
changes in the core code. If rodata=on is the default and rodata=off
is passed on the kernel command line, rodata_full is never disabled.
- Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
explicit conversion to u32 (triggered by the AMPERE1 MIDR definition).
- Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
struct pt_regs type causing the BPF verifier to refuse to load a
tracing program which accesses pt_regs.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmNu1ZQACgkQa9axLQDI
XvHdaQ/+NmdLFZuAbajhpV3NTmiC6oJmPZ9oGKxtBRGoHmH6WxoyB1X3Dj9ZMGBc
qZ1mUohHHwf+xWtX85aPUx4aJKImFuqSOU4MF5gectzXFEr4jR2nx5CYBaRmG+0d
axAUHIID4xWozid79KFUR46myG9GhTv8EGMlrY9VKY2GsFSD/EtNTQZhq+ISc05N
SQAkHN3iiIJhitgTtxxA2jQ8sEOvq41N4VRj4trNUnAp5Gis4nnl9KGpcayN/60z
8/9IGwcaLpnQnlf74E74y53Tfq8ZHSpiNcl3J5Mk1eMNrbkFePakyH/OtpHHYiZ0
/Y1cqUqvK2oZODE1Ro4mBMFLq3+lFMedla5S0jZtjApYnJ8MmUqFQwvJHIn0K02h
oH1OstQtYLUINTF3k1+TaYnmFjenx1eOJ/tdLjkcgI9WFbAYcqu1Z4bcO0HR0fqj
7d7HKCElHg+KIQBTfDtLvO1lNRvdpZYWe5uN3ItzPpYqrah4haHPJXPxcxVChkMv
A445kWMX5pV7CTNzlkrGgWjWkF8EwJ+lgr/xASrpHPxW80cZ7b+eg2lFkU0fptsz
FoHdUduGDB91hHo/k0Adx2gaS37SNOcBczr/1xFcId1ZpcxWwuBM1JeEDz1ccRDR
P9qKykOn6sQ8ykQGDIlyY9Hgaz8KgihT2VDixRyY0NNGq0XO4LM=
=W6FH
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- Another fix for rodata=full. Since rodata= is not a simple boolean on
arm64 (accepting 'full' as well), it got inadvertently broken by
changes in the core code. If rodata=on is the default and rodata=off
is passed on the kernel command line, rodata_full is never disabled
- Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
explicit conversion to u32 (triggered by the AMPERE1 MIDR definition)
- Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
struct pt_regs type causing the BPF verifier to refuse to load a
tracing program which accesses pt_regs
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
arm64: fix rodata=full again
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)
Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()
Before commit e494f6a728 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)
Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.
However, after commit e494f6a728 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).
So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.
It is worth noting that, even before commit e494f6a728 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.
In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)
Fixes: e494f6a728 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuf4IQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgppvMD/9K2kFcAiD85QmRoIgwlIRM604KZ6aGXqk3
BjTavxfB+3DJcb82FHywBF5DC0sUtrBOTn7+DJpf13lb4L2DZY1lfLkRL7SKHSs5
o1z+1uLcBtZtGCq5M+yhpxbAzJ2kNWdRe+FutSA6wiz03ATXTwo2qE1MLaw1jxap
DowK08DUtLNaFNoEGdpW8iub9ql1OVWWZdOaxZmVJkdPWeWMD6Zaqwi/MeyNv0aY
KbVpYHa2AGxGY6+2krLpL09kqYlW++UvFsofM6RJrHTlLyBdYKvM2Z+Tv9I6w81s
ZerVl5srC2pVj1K0isO7A25GTVIVzI9im/GCzStNTasFtlzW85CwLEcDS8T679bY
I0P+Wl3ZoLJztChrcSufiAaOfJIichML7H3h/iEkSE51+9cBr42fqJO64dc+s/Bi
OGmaFowYgJgOClzpAJ2upd2aNu4sLiR2DUb3qdHDpcio9bfpIme1Do1yB94kRR//
yIFrs47PW+JumE90iKJPnDRHWrl3dVUK27MqkAWSBuvOkBjKxLBSVHIARs1lGWy1
25y4atEMaEYnvjC3ATwM0WX0LY+5jCVqOXyfMPAMmEZ7WDbER7FfGxnnmw/pwka7
D4CiSWn5H2Jp9Lq7HiblgYucXXNCPYgSx9JiXnY/KBpARaKUIXuTOq2PuJ/FW4UG
dsJap0W2rw==
=s8Z1
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
"Nothing major, just a few minor tweaks:
- Tweak for the TCP zero-copy io_uring self test (Pavel)
- Rather than use our internal cached value of number of CQ events
available, use what the user can see (Dylan)
- Fix a typo in a comment, added in this release (me)
- Don't allow wrapping while adding provided buffers (me)
- Fix a double poll race, and add a lockdep assertion for it too
(Pavel)"
* tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux:
io_uring/poll: lockdep annote io_poll_req_insert_locked
io_uring/poll: fix double poll req->flags races
io_uring: check for rollover of buffer ID when providing buffers
io_uring: calculate CQEs from the user visible value
io_uring: fix typo in io_uring.h comment
selftests/net: don't tests batched TCP io_uring zc
Function __copy_map_value and zero_map_value miscalculated copy offset,
resulting in possible copy of unwanted data to user or kernel.
Fix it.
Fixes: cc48755808 ("bpf: Add zero_map_value to zero map value with special fields")
Fixes: 4d7d7f69f4 ("bpf: Adapt copy_map_value for multiple offset case")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/bpf/20221111125620.754855-1-xukuohai@huaweicloud.com
pcpu_freelist_populate() initializes nr_elems / num_possible_cpus() + 1
free nodes for some CPUs, and then possibly one CPU with fewer nodes,
followed by remaining cpus with 0 nodes. For example, when nr_elems == 256
and num_possible_cpus() == 32, CPU 0~27 each gets 9 free nodes, CPU 28 gets
4 free nodes, CPU 29~31 get 0 free nodes, while in fact each CPU should get
8 nodes equally.
This patch initializes nr_elems / num_possible_cpus() free nodes for each
CPU firstly, then allocates the remaining free nodes by one for each CPU
until no free nodes left.
Fixes: e19494edab ("bpf: introduce percpu_freelist")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221110122128.105214-1-xukuohai@huawei.com
- fix memcpy warning about field-spanning write in zcrypt driver.
- minor updates to defconfigs.
- Remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
addon config file. It significantly decreases compile time and allows
quickly enabling that option into the current kernel config.
- Add kasan.config addon config file which allows to easily enable
KASAN into the current kernel config.
- binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
relocs on misaligned symbols") caused several link errors.
Always build relocatable kernel to avoid this problem.
- Raise the minimum clang version to 15.0.0 to avoid silent generation
of a corrupted code.
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCY2566RccYWdvcmRlZXZA
bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8M0nAQDRrcyOb3BILKYNlYkb9H8Cw/0x
TMl/zEqcjD14XBGXXAD+L6M9nNuWd8GKLYzE7AxEeQ80kAQLqUPGGxhjc09hqAI=
=gkiM
-----END PGP SIGNATURE-----
Merge tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Alexander Gordeev:
- fix memcpy warning about field-spanning write in zcrypt driver
- minor updates to defconfigs
- remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
addon config file. It significantly decreases compile time and allows
quickly enabling that option into the current kernel config
- add kasan.config addon config file which allows to easily enable
KASAN into the current kernel config
- binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
relocs on misaligned symbols") caused several link errors. Always
build relocatable kernel to avoid this problem
- raise the minimum clang version to 15.0.0 to avoid silent generation
of a corrupted code
* tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
scripts/min-tool-version.sh: raise minimum clang version to 15.0.0 for s390
s390: always build relocatable kernel
s390/configs: add kasan.config addon config file
s390/configs: move CONFIG_DEBUG_INFO_BTF into btf.config addon config
s390: update defconfigs
s390/zcrypt: fix warning about field-spanning write
Alban Crequy says:
====================
Hi,
This is v2 of the fix & selftest previously sent at:
https://lore.kernel.org/linux-mm/20221108195211.214025-1-flaniel@linux.microsoft.com/
Changes v1 to v2:
- add 'cc:stable', 'Fixes:' and review/ack tags
- update commitmsg and fix my email
- rebase on bpf tree and tag for bpf tree
Thanks!
====================
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
This commit tests previous fix of bpf_probe_read_kernel_str().
The BPF helper bpf_probe_read_kernel_str should return -EFAULT when
given a bad source pointer and the target buffer should only be modified
to make the string NULL terminated.
bpf_probe_read_kernel_str() was previously inserting a NULL before the
beginning of the dst buffer. This test should ensure that the
implementation stays correct for now on.
Without the fix, this test will fail as follows:
$ cd tools/testing/selftests/bpf
$ make
$ sudo ./test_progs --name=varlen
...
test_varlen:FAIL:check got 0 != exp 66
Signed-off-by: Alban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221110085614.111213-3-albancrequy@linux.microsoft.com
Changes v1 to v2:
- add ack tag
- fix my email
- rebase on bpf tree and tag for bpf tree
If a page fault occurs while copying the first byte, this function resets one
byte before dst.
As a consequence, an address could be modified and leaded to kernel crashes if
case the modified address was accessed later.
Fixes: b58294ead1 ("maccess: allow architectures to provide kernel probing directly")
Signed-off-by: Alban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Francis Laniel <flaniel@linux.microsoft.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org> [5.8]
Link: https://lore.kernel.org/bpf/20221110085614.111213-2-albancrequy@linux.microsoft.com
David S. Miller