Variables off and len typed as uint32 in rndis_query function
are controlled by incoming RNDIS response message thus their
value may be manipulated. Setting off to a unexpectetly large
value will cause the sum with len and 8 to overflow and pass
the implemented validation step. Consequently the response
pointer will be referring to a location past the expected
buffer boundaries allowing information leakage e.g. via
RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
Fixes: ddda086240 ("USB: rndis_host, various cleanups")
Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We want to fail if the PCS is not available, not if it is available. Fix
this condition.
Fixes: 5d93cfcf73 ("net: dpaa: Convert to phylink")
Reported-by: Christian Zigotzky <info@xenosoft.de>
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Current code uses per_cpu pointer to get the lmtst_id mapped to
the core on which aura_free() is executed. Using per_cpu pointer
without preemption disable causing mismatch between lmtst_id and
core on which pointer gets freed. This patch fixes the issue by
disabling preemption around aura_free.
Fixes: ef6c8da71e ("octeontx2-pf: cn10K: Reserve LMTST lines per core")
Signed-off-by: Sunil Goutham <sgoutham@marvell.com>
Signed-off-by: Geetha sowjanya <gakula@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Otherwise we would dereference a NULL aggregator pointer when calling
__set_agg_ports_ready on the line below.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Use signed integer in ipv6_skip_exthdr() called from nf_confirm().
Reported by static analysis tooling, patch from Florian Westphal.
2) Missing set type checks in nf_tables: Validate that set declaration
matches the an existing set type, otherwise bail out with EEXIST.
Currently, nf_tables silently accepts the re-declaration with a
different type but it bails out later with EINVAL when the user adds
entries to the set. This fix is relatively large because it requires
two preparation patches that are included in this batch.
3) Do not ignore updates of timeout and gc_interval parameters in
existing sets.
4) Fix a hang when 0/0 subnets is added to a hash:net,port,net type of
ipset. Except hash:net,port,net and hash:net,iface, the set types don't
support 0/0 and the auxiliary functions rely on this fact. So 0/0 needs
a special handling in hash:net,port,net which was missing (hash:net,iface
was not affected by this bug), from Jozsef Kadlecsik.
5) When adding/deleting large number of elements in one step in ipset,
it can take a reasonable amount of time and can result in soft lockup
errors. This patch is a complete rework of the previous version in order
to use a smaller internal batch limit and at the same time removing
the external hard limit to add arbitrary number of elements in one step.
Also from Jozsef Kadlecsik.
Except for patch #1, which fixes a bug introduced in the previous net-next
development cycle, anything else has been broken for several releases.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmOyzdUACgkQxWXV+ddt
WDt4qhAAqZZ7Tldx3kVKN6ExBfcDoimeQPPZmmMnL7A7POQyATtyBHCcu9ymj6Z6
tuUqYcj7h4ydeHjL0AvaskpV1ALkfopkOA9KWAE2m1lyu4qclF6tSEJl7AKyCft7
g4UyBpCFcnml/by0JeErHMJoxUz/AADYfW/wbyM/XvH2IiODJWf4mMWzJaL+t+GP
rkJe9OgtmKEVZ2h5Gvdfnw4CrYm/Ds7CfG0UntpwIHvQBLHcms+OvFDSxRKZHxGs
kt4u/b589AgL+8xNQrpfWfUQf9Zev2c+ekatU3ibi+c67XRtv45kHwsJvqaX+gmV
+AaBI0GrQDdHXPNU22nmXeIi7tb3JnI/Vy6GHNkopIzdWkIiEtRu8hkVARhRxle7
Z1WEAWgzPj2QerwmWrgk2TedxF1KD5J0jEJlNaNN7Dh3T8Fu5YjediQVf6mbKhkM
yFUd0OBAlGNhEqq42ObH6TUYsqbzGk58EYaHGzBDa6QbA/yEfHaFwSqRstg/X3gv
7WxImSq67KN0SkZZDMszZxzfEehXK9nmxoIfgo0/WGaYMSCxzBs6Xh17SJl9bhiE
7Cee5dfiHamrYZF6oGpolP/FoZx68yPJXRmfEUQARTrMvF7cE62hjLLUjU7OgW9m
GeLoFDq9bAh3OC4aEPdqyyu3Bh2yOfMPwpCO1wMk9I/tsIvR8mY=
=+EpE
-----END PGP SIGNATURE-----
Merge tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
"First batch of regression and regular fixes:
- regressions:
- fix error handling after conversion to qstr for paths
- fix raid56/scrub recovery caused by uninitialized variable
after conversion to error bitmaps
- restore qgroup backref lookup behaviour after recent
refactoring
- fix leak of device lists at module exit time
- fix resolving backrefs for inline extent followed by prealloc
- reset defrag ioctl buffer on memory allocation error"
* tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: fix fscrypt name leak after failure to join log transaction
btrfs: scrub: fix uninitialized return value in recover_scrub_rbio
btrfs: fix resolving backrefs for inline extent followed by prealloc
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
btrfs: restore BTRFS_SEQ_LAST when looking up qgroup backref lookup
btrfs: fix leak of fs devices after removing btrfs module
btrfs: fix an error handling path in btrfs_defrag_leaves()
btrfs: fix an error handling path in btrfs_rename()
syzbot is reporting hung task at do_user_addr_fault() [1], for there is
a silent deadlock between PG_locked bit and ni_lock lock.
Since filemap_update_page() calls filemap_read_folio() after calling
folio_trylock() which will set PG_locked bit, ntfs_truncate() must not
call truncate_setsize() which will wait for PG_locked bit to be cleared
when holding ni_lock lock.
Link: https://lore.kernel.org/all/00000000000060d41f05f139aa44@google.com/
Link: https://syzkaller.appspot.com/bug?extid=bed15dbf10294aa4f2ae [1]
Reported-by: syzbot <syzbot+bed15dbf10294aa4f2ae@syzkaller.appspotmail.com>
Debugged-by: Linus Torvalds <torvalds@linux-foundation.org>
Co-developed-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 4342306f0f ("fs/ntfs3: Add file operations and implementation")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
After
b3e34a47f9 ("x86/kexec: fix memory leak of elf header buffer"),
freeing image->elf_headers in the error path of crash_load_segments()
is not needed because kimage_file_post_load_cleanup() will take
care of that later. And not clearing it could result in a double-free.
Drop the superfluous vfree() call at the error path of
crash_load_segments().
Fixes: b3e34a47f9 ("x86/kexec: fix memory leak of elf header buffer")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Baoquan He <bhe@redhat.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20221122115122.13937-1-tiwai@suse.de
If v4 READDIR operation hits a mountpoint and gets back an error,
then it will include that entry in the reply and set RDATTR_ERROR for it
to the error.
That's fine for "normal" exported filesystems, but on the v4root, we
need to be more careful to only expose the existence of dentries that
lead to exports.
If the mountd upcall times out while checking to see whether a
mountpoint on the v4root is exported, then we have no recourse other
than to fail the whole operation.
Cc: Steve Dickson <steved@redhat.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
Reported-by: JianHong Yin <yin-jianhong@163.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: <stable@vger.kernel.org>
Commit 62d89a7d49 ("video: fbdev: matroxfb: set maxvram of vbG200eW to
the same as vbG200 to avoid black screen") accidently decreases the
maximum memory size for the Matrox G200eW (102b:0532) from 8 MB to 1 MB
by missing one zero. This caused the driver initialization to fail with
the messages below, as the minimum required VRAM size is 2 MB:
[ 9.436420] matroxfb: Matrox MGA-G200eW (PCI) detected
[ 9.444502] matroxfb: cannot determine memory size
[ 9.449316] matroxfb: probe of 0000:0a:03.0 failed with error -1
So, add the missing 0 to make it the intended 16 MB. Successfully tested on
the Dell PowerEdge R910/0KYD3D, BIOS 2.10.0 08/29/2013, that the warning is
gone.
While at it, add a leading 0 to the maxdisplayable entry, so it’s aligned
properly. The value could probably also be increased from 8 MB to 16 MB, as
the G200 uses the same values, but I have not checked any datasheet.
Note, matroxfb is obsolete and superseded by the maintained DRM driver
mga200, which is used by default on most systems where both drivers are
available. Therefore, on most systems it was only a cosmetic issue.
Fixes: 62d89a7d49 ("video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen")
Link: https://lore.kernel.org/linux-fbdev/972999d3-b75d-5680-fcef-6e6905c52ac5@suse.de/T/#mb6953a9995ebd18acc8552f99d6db39787aec775
Cc: it+linux-fbdev@molgen.mpg.de
Cc: Z. Liu <liuzx@knownsec.com>
Cc: Rich Felker <dalias@libc.org>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Helge Deller <deller@gmx.de>
When adding/deleting large number of elements in one step in ipset, it can
take a reasonable amount of time and can result in soft lockup errors. The
patch 5f7b51bf09 ("netfilter: ipset: Limit the maximal range of
consecutive elements to add/delete") tried to fix it by limiting the max
elements to process at all. However it was not enough, it is still possible
that we get hung tasks. Lowering the limit is not reasonable, so the
approach in this patch is as follows: rely on the method used at resizing
sets and save the state when we reach a smaller internal batch limit,
unlock/lock and proceed from the saved state. Thus we can avoid long
continuous tasks and at the same time removed the limit to add/delete large
number of elements in one step.
The nfnl mutex is held during the whole operation which prevents one to
issue other ipset commands in parallel.
Fixes: 5f7b51bf09 ("netfilter: ipset: Limit the maximal range of consecutive elements to add/delete")
Reported-by: syzbot+9204e7399656300bf271@syzkaller.appspotmail.com
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The hash:net,port,net set type supports /0 subnets. However, the patch
commit 5f7b51bf09 titled "netfilter: ipset: Limit the maximal range
of consecutive elements to add/delete" did not take into account it and
resulted in an endless loop. The bug is actually older but the patch
5f7b51bf09 brings it out earlier.
Handle /0 subnets properly in hash:net,port,net set types.
Fixes: 5f7b51bf09 ("netfilter: ipset: Limit the maximal range of consecutive elements to add/delete")
Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
There is an issue with the checking of the return value of
'of_get_mac_address', which returns 0 on success and negative value on
failure. The driver interpretated the result the opposite way. Therefore
if there was a MAC address defined in the DT, then the driver was
generating a random MAC address otherwise it would use address 0.
Fix this by checking correctly the return value of 'of_get_mac_address'
Fixes: b74ef9f9cb ("net: sparx5: Do not use mac_addr uninitialized in mchp_sparx5_probe()")
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix W=1 kernel-doc warning:
net/sched/sch_htb.c:214: warning: expecting prototype for htb_classify(). Prototype was for HTB_DIRECT() instead
by moving the HTB_DIRECT() macro above the function.
Add kernel-doc notation for function parameters as well.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jamal Hadi Salim says:
====================
net: dont intepret cls results when asked to drop
It is possible that an error in processing may occur in tcf_classify() which
will result in res.classid being some garbage value. Example of such a code path
is when the classifier goes into a loop due to bad policy. See patch 1/2
for a sample splat.
While the core code reacts correctly and asks the caller to drop the packet
(by returning TC_ACT_SHOT) some callers first intepret the res.class as
a pointer to memory and end up dropping the packet only after some activity with
the pointer. There is likelihood of this resulting in an exploit. So lets fix
all the known qdiscs that behave this way.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
If asked to drop a packet via TC_ACT_SHOT it is unsafe to assume
res.class contains a valid pointer
Fixes: b0188d4dbe ("[NET_SCHED]: sch_atm: Lindent")
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
of_irq_find_parent() returns a node pointer with refcount incremented,
We should use of_node_put() on it when not needed anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 96868dce64 ("gpio/sifive: Add GPIO driver for SiFive SoCs")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
- Fix a use-after-free on the perf syscall's error path
- A potential integer overflow fix in amd_core_pmu_init()
- Fix the cgroup events tracking after the context handling rewrite
- Return the proper value from the inherit_event() function on error
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmOxotcACgkQEsHwGGHe
VUqN0g//fCMUbsO/TRfDavqFMdAYi93EHWwd2I8KUDd2TPKY6KA2gQndw8aEvAF8
iO/zO0osD0+23ANmpLBIGuyrM41UqiG+U/Q70++t/0yaD4nYegcpIamg518MEAK9
HxP4Gl3A9Yy4QbcOgLGq+ouOvUljJAB3jhPc+KsWmgxsLrua4JZeEgIwNm/4yLOG
cgetqX7l1A5ASPxU3MO+wSyjEHVIq6rA6y3HllpIHLYy5/TyvkhNZiykAxRn8Exy
yznyYkifNUfCh0TOusMLmK5qR/UFPbGbZfxBlw8ni9sIocsz02U3N4XOwBPVgi8x
2OVyH1j+cZUuBuk4AH39FmaFDe/PZxFiYvInH/Y1vmS5uqi5v7hn23VLxqykPbdw
Drz/vo7YiuPvM3R1ibf0yXN53mn+zMzKFRYRQwPWN6c1ocxEltaeaDcRsLhh8ql+
RM2mKVvWjELRuFWQpV8KCKuEpCz/niQ/8wvwXCxtPyJt9wiTPu4+j7K+p27T7FQR
33zPSGgN/nCuVEBOIsyi3B7zzIoRy0l3nM6tOTZXM/TVFhLyda0fJUV6Ydi39CGy
Mf1FnLd+9nrR+Oqinh/DzJ5nqoSrSxPV9FXRu+0bMsYD+lbiMtOZFw8VaQzxR1gD
dUOve8zUgQAusdvGeJU1+iOmdAxbiSS9s3pqw7G+d+O4a/x7PBE=
=M9iU
-----END PGP SIGNATURE-----
Merge tag 'perf_urgent_for_v6.2_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Borislav Petkov:
- Pass only an initialized perf event attribute to the LSM hook
- Fix a use-after-free on the perf syscall's error path
- A potential integer overflow fix in amd_core_pmu_init()
- Fix the cgroup events tracking after the context handling rewrite
- Return the proper value from the inherit_event() function on error
* tag 'perf_urgent_for_v6.2_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/core: Call LSM hook after copying perf_event_attr
perf: Fix use-after-free in error path
perf/x86/amd: fix potential integer overflow on shift of a int
perf/core: Fix cgroup events tracking
perf core: Return error pointer if inherit_event() fails to find pmu_ctx
functionality like the rethunks and not only kgdb
- Remove __init section markings of two functions which are referenced by a
function in the .text section
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmOxoToACgkQEsHwGGHe
VUoozA//b2pOA7baV5AudIBRZiKK3Tgviy3JfnGuiBMEI9gKQhzkefWQxk4X7hLA
+b4UIdQMTLHuUqNPpQYgazW6Sb7HS6TqdTww6MNKKrb3ngnGFI+q6ERuoVyvxTeR
dv9jtU79aqXTc5n2xpEtL2e2aZCmTQyDo853gq8o50Zji2mdSCdizMJzkfzVTZbI
oXpqyTlpIP2csos9C9w6HXDshF5Papll6CLoxfafm/bakICKTfYO53pK9nWl/Kre
beDLPuYiY1nHKFTEApyPp4qEGYVaUfxXHDL7taTLxHcoAh2UQgTdMfJthZGLN+M4
0wgG+oK51I9vULcaIBQ95Qsonl/c7hMx/P2r22XR42hozAkrb8/vQsZD28SJTBlG
Sqc+ptzTWB0NfNpbvVQAbMLWTghK1fDcPplHDTmVqcFAtDyBMQymXMTnl9eujyBW
GJmOEAqPb6n9oAfCkERIGCoca3ebDA4hJsYmfxCx+c03Pcr9A1h3zxdGbfl2tazO
s5un3uK+dSTZKVufQZBpjl7dtqBDNzQX7JVjkKS2ql4i9M9DmbPPagRAnGirxFlR
WwRWRa9hcM6Jtg5UoH7Go7NW6PQzHFb1/BOqLnNuvq5hCBAB5ae+24+WE4ZNgbcj
KtpnwRrwpjEltLBhfb+atwpvO+zieB575lNLeUCcbk3/Qjm1AuE=
=ZQnP
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v6.2_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
- Two fixes to correct how kprobes handles INT3 now that they're added
by other functionality like the rethunks and not only kgdb
- Remove __init section markings of two functions which are referenced
by a function in the .text section
* tag 'x86_urgent_for_v6.2_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
x86/calldepth: Fix incorrect init section references
- i915 fixes for newer platforms
- i915 locking rework to not give up in vm eviction fallback path too
early
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEb4nG6jLu8Y5XI+PfTA9ye/CYqnEFAmOxgj0ACgkQTA9ye/CY
qnHzQBAAjClbEPHJd0gz9znJ+zhLT2z9uXqj0s3PX6ipFnctqnsP8Lwb1g3tPc46
RHB8VY0/3kjaorqM1m0UtFsFQzrt8rp14dYlT5Xl7bdtO4ovRyrCG6ySSdrDA8yH
/GaFretNVhIl2ERgOgbTkYSfFBBg/rY4M8mvUzICJmi7W73B8jcMS1aoN2PQuGUU
lwE51qPqyOTO6G6Lhlan8T70MdDdD0o5JYKHD5Gwc2bQB0Gny6Vj6/bKN8AiFP3U
X+WMu7Sj7hRif7rB7dDks7naE5DAo7DaBuew9RwuuTSqyME14CeZzqD1i7OQi/Dw
drLlzMwruvFM5sGhPyAwuB+Xx1VNAnnVdEJAJiOJmxqHilUJ3tlVmkJfAmOmLpNL
TUp7gqER0MJ3Xog2PehkHtbKMhAwnruvZc/C4oidO1tOXXL651+Ttqz1nlKJF9gE
VBBR7GsSI1fg34L7KtcOVOK4aoPKuzkL7DBCkcOePiaZB115Oke29bBD2UiSBcgE
s35kCYTdEad67R7kpoqv9cw6ZnXxfa8xb+zCszCbzXQLFBms315//WHAlqttibp/
Qn8N+3hmX7N6ELBVLkHUkAmSvAzV5A4XE1cLypQztOTWswOoDXBBtxW32Z90vX9o
uhQrEasjQlR2oWsjnz0WmjiR2go4dXpSBr9ycRO5L4lCXNEAggQ=
=0nPr
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2023-01-01' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Daniel Vetter:
"I'm just back from the mountains, and Dave is out at the beach and
should be back in a week again. Just i915 fixes and since Rodrigo
bothered to make the pull last week I figured I should warm up gpg and
forward this in a nice signed tag as a new years present!
- i915 fixes for newer platforms
- i915 locking rework to not give up in vm eviction fallback path too
early"
* tag 'drm-fixes-2023-01-01' of git://anongit.freedesktop.org/drm/drm:
drm/i915/dsi: fix MIPI_BKLT_EN_1 native GPIO index
drm/i915/dsi: add support for ICL+ native MIPI GPIO sequence
drm/i915/uc: Fix two issues with over-size firmware files
drm/i915: improve the catch-all evict to handle lock contention
drm/i915: Remove __maybe_unused from mtl_info
drm/i915: fix TLB invalidation for Gen12.50 video and compute engines
As stated in marvell-orion-mdio.txt deleted in commit 0781434af8
("dt-bindings: net: orion-mdio: Convert to JSON schema") if
'interrupts' property is present, width of 'reg' should be 0x84.
Otherwise, width of 'reg' should be 0x4. Fix 'examples:' and add
constraints checking whether 'interrupts' property is present
and validate it against fixed values in reg.
Signed-off-by: Michał Grzelak <mig@semihalf.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This property has always been supported by the Linux driver; see
commit 9f93ac8d40 ("net-next: stmmac: Add dwmac-sun8i"). In fact, the
original driver submission includes the phy-supply code but no mention
of it in the binding, so the omission appears to be accidental. In
addition, the property is documented in the binding for the previous
hardware generation, allwinner,sun7i-a20-gmac.
Document phy-supply in the binding to fix devicetree validation for the
25+ boards that already use this property.
Fixes: 0441bde003 ("dt-bindings: net-next: Add DT bindings documentation for Allwinner dwmac-sun8i")
Acked-by: Rob Herring <robh@kernel.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
It is now possible for a system to have more than 32 endpoints. As
a result, registers related to endpoint suspend are parameterized,
with 32 endpoints represented in one more registers.
In ipa_interrupt_suspend_control(), the IPA_SUSPEND_EN register
offset is determined properly, but the bit mask used still assumes
the number of enpoints won't exceed 32. This is a bug. Fix it.
Fixes: f298ba785e ("net: ipa: add a parameter to suspend registers")
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Po-Hsu Lin says:
====================
selftests: net: fix for arp_ndisc_evict_nocarrier test
This patchset will fix a false-positive issue caused by the command in
cleanup_v6() of the arp_ndisc_evict_nocarrier test.
Also, it will make the test to return a non-zero value for any failure
reported in the test for us to avoid false-negative results.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Return non-zero return value if there is any failure reported in this
script during the test. Otherwise it can only reflect the status of
the last command.
Fixes: f86ca07eb5 ("selftests: net: add arp_ndisc_evict_nocarrier")
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The cleanup_v6() will cause the arp_ndisc_evict_nocarrier script exit
with 255 (No such file or directory), even the tests are good:
# selftests: net: arp_ndisc_evict_nocarrier.sh
# run arp_evict_nocarrier=1 test
# RTNETLINK answers: File exists
# ok
# run arp_evict_nocarrier=0 test
# RTNETLINK answers: File exists
# ok
# run all.arp_evict_nocarrier=0 test
# RTNETLINK answers: File exists
# ok
# run ndisc_evict_nocarrier=1 test
# ok
# run ndisc_evict_nocarrier=0 test
# ok
# run all.ndisc_evict_nocarrier=0 test
# ok
not ok 1 selftests: net: arp_ndisc_evict_nocarrier.sh # exit=255
This is because it's trying to modify the parameter for ipv4 instead.
Also, tests for ipv6 (run_ndisc_evict_nocarrier_enabled() and
run_ndisc_evict_nocarrier_disabled() are working on veth1, reflect
this fact in cleanup_v6().
Fixes: f86ca07eb5 ("selftests: net: add arp_ndisc_evict_nocarrier")
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Now that phylink no longer calls phy_get_rate_matching with
PHY_INTERFACE_MODE_NA, phys no longer need to support it. Remove the
documentation mandating support.
Fixes: 7642cc28fd ("net: phylink: fix PHY validation with rate adaption")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Christian Marangi says:
====================
net: dsa: qca8k: multiple fix on mdio read/write
Due to some problems in reading the Documentation and elaborating it
some wrong assumption were done. The error was reported and notice only
now due to how things are setup in the code flow.
First 2 patch fix mgmt eth where the lenght calculation is very
confusing and in step of word size. (the related commit description have
an extensive description about how this mess works)
Last 3 patch revert the broken mdio cache and apply a correct version
that should still save some extra mdio in phy poll secnario.
These 5 patch fix each related problem and apply what the Documentation
actually say.
Changes v2:
- Add cover letter
- Fix typo in revert patch
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Improve mdio master read/write by using singe mii read/write lo/hi.
In a read and write we need to poll the mdio master regs in a busy loop
to check for a specific bit present in the upper half of the reg. We can
ignore the other half since it won't contain useful data. This will save
an additional useless read for each read and write operation.
In a read operation the returned data is present in the mdio master reg
lower half. We can ignore the other half since it won't contain useful
data. This will save an additional useless read for each read operation.
In a read operation it's needed to just set the hi half of the mdio
master reg as the lo half will be replaced by the result. This will save
an additional useless write for each read operation.
Tested-by: Ronald Wahl <ronald.wahl@raritan.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
It may be useful to read/write just the lo or hi half of a reg.
This is especially useful for phy poll with the use of mdio master.
The mdio master reg is composed by the first 16 bit related to setup and
the other half with the returned data or data to write.
Refactor the mii function to permit single mii read/write of lo or hi
half of the reg.
Tested-by: Ronald Wahl <ronald.wahl@raritan.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 2481d206fa.
The Documentation is very confusing about the topic.
The cache logic for hi and lo is wrong and actually miss some regs to be
actually written.
What the Documentation actually intended was that it's possible to skip
writing hi OR lo if half of the reg is not needed to be written or read.
Revert the change in favor of a better and correct implementation.
Reported-by: Ronald Wahl <ronald.wahl@raritan.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.18+
Signed-off-by: David S. Miller <davem@davemloft.net>
It was discovered that MGMT_DATA2 can contain up to 28 bytes of data
instead of the 12 bytes written in the Documentation by accounting the
limit of 16 bytes declared in Documentation subtracting the first 4 byte
in the packet header.
Update the define with the real world value.
Tested-by: Ronald Wahl <ronald.wahl@raritan.com>
Fixes: c2ee8181fd ("net: dsa: tag_qca: add define for handling mgmt Ethernet packet")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.18+
Signed-off-by: David S. Miller <davem@davemloft.net>
The assumption that Documentation was right about how this value work was
wrong. It was discovered that the length value of the mgmt header is in
step of word size.
As an example to process 4 byte of data the correct length to set is 2.
To process 8 byte 4, 12 byte 6, 16 byte 8...
Odd values will always return the next size on the ack packet.
(length of 3 (6 byte) will always return 8 bytes of data)
This means that a value of 15 (0xf) actually means reading/writing 32 bytes
of data instead of 16 bytes. This behaviour is totally absent and not
documented in the switch Documentation.
In fact from Documentation the max value that mgmt eth can process is
16 byte of data while in reality it can process 32 bytes at once.
To handle this we always round up the length after deviding it for word
size. We check if the result is odd and we round another time to align
to what the switch will provide in the ack packet.
The workaround for the length limit of 15 is still needed as the length
reg max value is 0xf(15)
Reported-by: Ronald Wahl <ronald.wahl@raritan.com>
Tested-by: Ronald Wahl <ronald.wahl@raritan.com>
Fixes: 90386223f4 ("net: dsa: qca8k: add support for larger read/write size with mgmt Ethernet")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.18+
Signed-off-by: David S. Miller <davem@davemloft.net>
- Fix broken BuildID
- Add srcrpm-pkg to the help message
- Fix the option order for modpost built with musl libc
- Fix the build dependency of rpm-pkg for openSUSE
-----BEGIN PGP SIGNATURE-----
iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmOwNaYVHG1hc2FoaXJv
eUBrZXJuZWwub3JnAAoJED2LAQed4NsGWHYP/2Z9bU6pCBlzL4JN6ksS8RAEjfAr
SiNg03Imr3n77b6Pa+dqVFZhiYoa3trqeHnDvz3ldaGEQ7vWmyd0WydGOoudtXD6
rUij3Z0YyoSPH4kwzNdZwmHXTJaU471P5MBVA63q3nY4I/ihWu18rPXIGTS/sXxK
wSu126h1HxLf9NJFZoeZPgo5p31M8G8PM6Nxy2YTMyG/ClSaRpccpBiSImZMZiCK
cMWH92rASl3ZQx49kyZqGLe6Nx1dl5E5mynL/k8rJrdRd5tbt06Pq9MGapQlntwe
PcRFn0l3PzJ5dADrhpiVXakA0BPpauvNvIiQCAVfT3B7J+cdUftYphEtR3wwNXKI
b75zQwdeLkPI5Y+e4Jlp5H/gr71ltiW3cST6yBdOoYuYxSFf6VqQjL4G4l7X8sWh
KxUFv9Y2L3thZdYlY5Arc/iQQoHpS+7XBpRi7P5TC5/mZY7pFwUqawKXIgIGPpPx
5i9jxClhs+6lgfsO6SZ4TiQnN0OU5AMi+VNG5R7f4RGdVMHztHXdKTPeZOJ9kYrq
i2j+x6XoVs+MCNosS5OA820C5XM5b4XyOBOp6gcswP9ykViUOhqhGeBBHPNmTuXq
inqJZe4rwJoX6VrB5dgCxds9kEyXEuaONUhLTpx6mTkF6iSmM2iDYQ88y24BIo9z
syAga8KipXSMfytu
=yoFP
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
- Fix broken BuildID
- Add srcrpm-pkg to the help message
- Fix the option order for modpost built with musl libc
- Fix the build dependency of rpm-pkg for openSUSE
* tag 'kbuild-fixes-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
fixdep: remove unneeded <stdarg.h> inclusion
kbuild: sort single-targets alphabetically again
kbuild: rpm-pkg: add libelf-devel as alternative for BuildRequires
kbuild: Fix running modpost with musl libc
kbuild: add a missing line for help message
.gitignore: ignore *.rpm
arch: fix broken BuildID for arm64 and riscv
kconfig: Add static text for search information in help menu
A single fix to address an issue with wake from suspend with PCS
adapters, from Adam.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY6+JYAAKCRDdoc3SxdoY
dlYQAP0fABQ/yloLqTw11Lw0PNr3X8sVlI+l5QiOArmo9p2wvgEAqMP1bZVKlfp0
eSL10uDUxxuub69rK1v65wAIm4vp7AE=
=gsn6
-----END PGP SIGNATURE-----
Merge tag 'ata-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata
Pull ata fix from Damien Le Moal:
"A single fix to address an issue with wake from suspend with PCS
adapters, from Adam"
* tag 'ata-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
ata: ahci: Fix PCS quirk application for suspend
- Add ACPI IRQ override quirks for Asus ExpertBook B2502, Lenovo
14ALC7, and XMG Core 15 (Hans de Goede, Adrian Freund, Erik
Schumacher).
- Adjust ACPI video detection fallback path to prevent non-operational
ACPI backlight devices from being created on systems where the native
driver does not detect a suitable panel (Mario Limonciello).
- Fix Apple GMUX backlight detection (Hans de Goede).
- Add a low-power S0 idle (S0ix) handling quirk for HP Elitebook 865
and stop using AMD-specific low-power S0 idle code path for systems
with Rembrandt chips and newer (Mario Limonciello).
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmOvEHkSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxamEP90CinO50RUcM6foz9G1phgtgTov3Y/M8
tvA+yymLUHN2UWmtbpLDQp1/xlCTRpZnfouzbkAzlgByMpk5xTmIT8/9gI+EjjPy
zzT8UIbaXI3EkYXCcTkikx3n6Y5N8l3Un3Ro83cUNMHiU/PjYWvfSG/lNaCiqz2n
kLuwOtbeOa3S+5VB4D4Lx6Cg6e+Q0zGGV6dXm22dSbjATDsbUelHf+uK3+dU4jc1
6cLCNrB5W30FGExmh7M9BgbQ/P4GYctUp3YWtXaDYJyl5lRYr0rd09qriLA6vmwd
gb++i8f3ThyB2ha7Hq61atvWU5F5LuGKMdQTUlbdgtGujFuBchj2Yo9RtdWC0m1/
qAVh0PnfpjgltHIroYy6+E2sNIanhpHh22LrqcXuVQgEeI7lc9c3OdJHUPJscyhg
HfDJkuvqvvl7j9gHLsJL5LPvwVEOco3oSrlmFTMBNdzx4Owd5ikhu4M0R6jbGmqQ
HO56Tne1TryFq8OoyzGTp9EJydfqjUc2TQ9TIq/Qdx2dCkMD9mKDf2AS0rBmXyzA
FICOYJPSwKKonjPFuAk3ujTLeVll0CZc76DG3ZFqBi3shZP7SAWZjiINdD/WrpyH
T5f9afOkCkFNO26mtdUOKp5+XuQMTsUYrvrlHp/c+ef37mc1nmkKPjpE81+1Ewqj
yvEDmlDKw3Q=
=rSWr
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These are new ACPI IRQ override quirks, low-power S0 idle (S0ix)
support adjustments and ACPI backlight handling fixes, mostly for
platforms using AMD chips.
Specifics:
- Add ACPI IRQ override quirks for Asus ExpertBook B2502, Lenovo
14ALC7, and XMG Core 15 (Hans de Goede, Adrian Freund, Erik
Schumacher).
- Adjust ACPI video detection fallback path to prevent
non-operational ACPI backlight devices from being created on
systems where the native driver does not detect a suitable panel
(Mario Limonciello).
- Fix Apple GMUX backlight detection (Hans de Goede).
- Add a low-power S0 idle (S0ix) handling quirk for HP Elitebook 865
and stop using AMD-specific low-power S0 idle code path for systems
with Rembrandt chips and newer (Mario Limonciello)"
* tag 'acpi-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+
ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
ACPI: video: Fix Apple GMUX backlight detection
ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
ACPI: resource: do IRQ override on Lenovo 14ALC7
ACPI: resource: do IRQ override on XMG Core 15
ACPI: video: Don't enable fallback path for creating ACPI backlight by default
drm/amd/display: Report to ACPI video if no panels were found
ACPI: video: Allow GPU drivers to report no panels
Just a few small fixes:
- A regression fix for HDMI audio on HD-audio AMD codecs
- Fixes for LINE6 MIDI handling
- HD-audio quirk for Dell laptops
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmOu9vEOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9M0w/9HX0lDRiw/SPYayqRGmVgM46PxfAPGMFvRzII
jmOUcCtu1zdG155IIASAAjAwaqxpGn2rhuq8SlVPAkWD/v/YvSU88AE8u9Oa/jpA
74pccAULN0xIB8ms0NOAE9myYC18U14V6rfAIORs10uHuETgbXsn6CrlIn/ccHXK
6ha5+F5TZqPDBggHaBfdRFXkkyrxGW4YQK95bOm0t4YqR4Y0Ff/zeU12dXWJfzyy
8NE7i/P/ncmcwR8/vHkKMNv79NVABRlYgHbD49i7ArhNHeEMl7aAKQYg4e6KkhHA
4xi0L8I6N4a2nyIij17CKpSh1I71DuxpmvLxQRV08bHRENcP625qd4/qCkakPHcO
Yxs6DNHtHXB8jsDCbNayCW01tt9dXc39HI96e37I9pbi25XcmA7s5qbiYqwqWwE0
g0MPF3alaQU6jOeidRtKjslhBWCFrltP3ziBa6dLhqoIamagOW6AsSFuRbAhjEUN
e+jvgeVPv/Z2C9eHkBdvKB1+a10gYYzlxMjKkFd8wU5MP9eDgSx8j1gwrxDtZqJR
sAEGbLmroiCHjqMsLref1oSkKAOcjFo+PfCBvr2myd5NGE7OucnsDhiMegw4pieQ
3UHRhyjt1U6MlK46iqxvHh8tZLErEd/8+Fe6oVH1VgLXv+hasnaQnUwBXt18un/h
CW8zyR4=
=mGy9
-----END PGP SIGNATURE-----
Merge tag 'sound-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Just a few small fixes:
- A regression fix for HDMI audio on HD-audio AMD codecs
- Fixes for LINE6 MIDI handling
- HD-audio quirk for Dell laptops"
* tag 'sound-6.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/hdmi: Static PCM mapping again with AMD HDMI codecs
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
Merge ACPI resource handling quirks and ACPI backlight handling fixes
for 6.2-rc2:
- Add ACPI IRQ override quirks for Asus ExpertBook B2502, Lenovo
14ALC7, and XMG Core 15 (Hans de Goede, Adrian Freund, Erik
Schumacher).
- Adjust ACPI video detection fallback path to prevent non-operational
ACPI backlight devices from being created on systems where the native
driver does not detect a suitable panel (Mario Limonciello).
- Fix Apple GMUX backlight detection (Hans de Goede).
* acpi-resource:
ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
ACPI: resource: do IRQ override on Lenovo 14ALC7
ACPI: resource: do IRQ override on XMG Core 15
* acpi-video:
ACPI: video: Fix Apple GMUX backlight detection
ACPI: video: Don't enable fallback path for creating ACPI backlight by default
drm/amd/display: Report to ACPI video if no panels were found
ACPI: video: Allow GPU drivers to report no panels
Make the struct irq_chip const, flag it as IRQCHIP_IMMUTABLE, add the
new helper functions, and call the appropriate gpiolib functions.
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Remove the irq_chip from pmic_eic structure,
use the various calls by defining the statically
irq_chip structure.
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Remove the irq_chip from pmic_eic structure,
use the various calls by defining the statically
irq_chip structure.
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
There is a variable pinctrl declared without initializer. And then
has the case (switch operation chose the default case) to directly
use this uninitialized value, this is not a safe behavior. So here
initialize the pinctrl as 0 to avoid this issue.
This is reported by Coverity.
Fixes: 13c5d4ce80 ("gpio: pca953x: Add support for PCAL6534")
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Commit 8eb1f71e7a ("gpiolib: consolidate GPIO lookups") refactors
fwnode_get_named_gpiod() and gpiod_get_index() into a unified
gpiod_find_and_request() helper.
The old functions both initialized their local lookupflags variable to
GPIO_LOOKUP_FLAGS_DEFAULT, but the new code leaves it uninitialized.
This is a problem for at least ACPI platforms, where acpi_find_gpio()
only does a bunch of *lookupflags |= GPIO_* statements and thus relies
on the variable being initialized.
The variable not being initialized leads to:
1. Potentially the wrong flags getting used
2. The check for conflicting lookup flags in gpiod_configure_flags():
"multiple pull-up, pull-down or pull-disable enabled, invalid config"
sometimes triggering, making the GPIO unavailable
Restore the initialization of lookupflags to GPIO_LOOKUP_FLAGS_DEFAULT
to fix this.
Fixes: 8eb1f71e7a ("gpiolib: consolidate GPIO lookups")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Mikulas Patocka