- Harden the ACPI device enumeration code against device ID length
overflows to address a Linux VM cash on Hyper-V (Dexuan Cui).
- Fix a mistake in the documentation of error type values for PCIe
errors (Qiuxu Zhuo).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmAB3ekSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxD/MP/Rh/63UD7NS3cP4qtVDOZKkm1R+qV8yx
3hE89f3FkGPgfiU88RISZWVA/1D/nBLhhwlH9AKDFMJ3tG7iazCen7VKtZToSoZ8
E97AqMZz2fgWxmqeKwLcjyHbkPavTD0YjtLpJswqEkhZ31MO64FKxuFcxRjxpIuA
2HpjfXhdUy0XP9NwitSDI7FOO1Z/eGRhLzODg+k5zFRwJKUFIzVsNR/vRMAATIW3
DUEA7Hq8AdjhZkd2P6u2rxFEK08Ry7BXprbYr09oD/fo1D6JItq5CYAtw45HQNVd
UoBP8IrAi9UGS6dpETIZiD2J5VBTA8Libu8nuXZRwmwtjQaDTpzTmqpPLinGJeqp
KGRIQkN9LXNRO6EsiBxL7kUV16Gp/N2dg/9/s0pzxGH3YN6avpdeUWdHvti41FbS
4GrQW50cTGwEXu8A5+9w9zplUsP5sqolRQCBD2vaMmKPMfXUKDBIbzSHXklCKSv6
tgcx+HQlF7u0nm7+D0SLTzr7yL01qIjxqFRU4Kr+s2onooSiko6N9troNBuQUxlz
bYTq45pCa9EvNV5KHcwh82ai1utOGgJYw045wxalqA5o2wAubu/Ny4mUuzGu7Rxr
NAkcaY4cWIXS2jd0Qb/QEK54BdPc8Se7g8UIiIvmpRQORt8mKPG7krNSeo8I1M8q
Tu/+yINHU0wh
=wOh5
-----END PGP SIGNATURE-----
Merge tag 'acpi-5.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These address a device ID bounds check error in the device enumeration
code and fix a mistake in the documentation.
Specifics:
- Harden the ACPI device enumeration code against device ID length
overflows to address a Linux VM cash on Hyper-V (Dexuan Cui).
- Fix a mistake in the documentation of error type values for PCIe
errors (Qiuxu Zhuo)"
* tag 'acpi-5.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Documentation: ACPI: EINJ: Fix error type values for PCIe errors
ACPI: scan: Harden acpi_device_add() against device ID overflows
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCYAGllQAKCRCAXGG7T9hj
vqEtAP9uws/W/JPcnsohK76hMcFAVxZCVdX7C3HvfW5tp6hqMgEAg9ic8sYiuHhn
6FouRu/ZXHJEg3PpS5W66yKNIYPvGgw=
=rR+L
-----END PGP SIGNATURE-----
Merge tag 'for-linus-5.11-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
- A series to fix a regression when running as a fully virtualized
guest on an old Xen hypervisor not supporting PV interrupt callbacks
for HVM guests.
- A patch to add support to query Xen resource sizes (setting was
possible already) from user mode.
* tag 'for-linus-5.11-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/xen: Fix xen_hvm_smp_init() when vector callback not available
x86/xen: Don't register Xen IPIs when they aren't going to be used
x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
xen: Set platform PCI device INTX affinity to CPU0
xen: Fix event channel callback via INTX/GSI
xen/privcmd: allow fetching resource sizes
- Fix address alignment handling for VT-D TLB invalidation
- Enable workarounds for buggy Qualcomm firmware on two more SoCs
- Drop duplicate #include
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmABZC4QHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNJ+bB/99sMIZ7yYAr6/eDRhxyrWVc2i0H2xO84wG
n5z1L775iEZYQk41fP8GnV5UAXdpHbIwuO3b90d7t6esp7ONvKKXGmhM/jXwbniQ
EnUwF1GBrucH8Uf8SQznxXWWKNg0IJj+XX2pO0nkpEsQRUwcnzBXJozMgLFlK7TB
FwCjDgbZzShEaGKH4G1S7v+jjCWulOB3hlWEvheI3dOubhO7Nh4/fwbj0HtUIwsT
ko2DkI4Ir2HGe2MPOGH9ZmSZKdCwcseCv4YXJkBkpZ6Aj/VAp3Ksoj5ajgyZ0mcq
PEctECYI2z+YQ7AbZA9toZn+SdUXAuAr8OyKku4GxxC6wpSZg5bg
=UrfM
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull iommu fixes from Will Deacon:
"Three IOMMU fixes for -rc4.
The main one is a change to the Intel IOMMU driver to fix the handling
of unaligned addresses when invalidating the TLB.
The fix itself is a bit ugly (the caller does a bunch of shifting
which is then effectively undone later in the callchain), but Lu has
patches to clean all of this up in 5.12.
Summary:
- Fix address alignment handling for VT-D TLB invalidation
- Enable workarounds for buggy Qualcomm firmware on two more SoCs
- Drop duplicate #include"
* tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
iommu/vt-d: Fix duplicate included linux/dma-map-ops.h
iommu: arm-smmu-qcom: Add sdm630/msm8998 compatibles for qcom quirks
iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev()
This is a pull request to add display support for new Ampere hardware.
It has no effect on older GPUs.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJgAR9DAAoJEAx081l5xIa+gfsP/jppVoxTr10HHdFEtb5mKdHM
B6e1a0ORjmCeBHswqEzJSppZ9PtxVYVRi8ZZg3npzlHQtzg1acGIkqBnbDS2QSIU
GH8Dp9A9gLesTbUT3FVxhwHxuF/e5FJKlOk/xBJnne6v8P+MVuY6QDD4+a6qYMZy
/w6NGEmv06JiFah5mwfrkU+WTZVj2x5Nrnmbo0P2FCHBAjftxCvdKw2GJiMwz/KV
wzyH79YdnnCc8WU7SGw0r/4h2QvzQ0F8M+rwkMsL4Ij0aB3k2bNESW2GQCs9pgHK
cQEIqXyos0KEGeQXeyb/PzdrroWAbi/18XDS0Jh34oj2bjshgnhyqShtPLI3KqmN
B+Y4F5dNvsb0Eh6zrmiLs4UQ7SFLhzkfgytxSlOhz5fGJap7fHImlBDhA9elYSPE
5V9WDesB9VBPs1d99hEsqzbsxJbaTt0QikC06XMObdaovYY/yJW+6Kl3+A9a7Tqi
YdAY7cqD/Zgl4ZenS7UGbrho9OnBSbXujysmDT9DbZLXECD5suU9yNl2Sfd+NzPK
YOHL3a8/IqNXjjMkciO6MCL6mM/k44rPf9MzYB0VmO/XHLvJtvCccTbuwTEPR6Oj
N/kMwKf3CsOb6talFyYDiUbv+C8U2QxCR6xZhJdOP0CP3HfS/cnqhZRrpa2NMZlI
dRANcYzRPKBEA/bJml5m
=uNfl
-----END PGP SIGNATURE-----
Merge tag 'topic/nouveau-ampere-modeset-2021-01-15' of git://anongit.freedesktop.org/drm/drm
Pull drm nouveau ampere display support from Dave Airlie:
"Ben has requested if we can include Ampere modesetting support under
fixes, it's for new GPUs and shouldn't affect existing hardware.
It's a bit bigger than just adding a PCI ID, but It has no effect on
older GPUs"
* tag 'topic/nouveau-ampere-modeset-2021-01-15' of git://anongit.freedesktop.org/drm/drm:
drm/nouveau/disp/ga10[24]: initial support
drm/nouveau/dmaobj/ga10[24]: initial support
drm/nouveau/i2c/ga10[024]: initial support
drm/nouveau/gpio/ga10[024]: initial support
drm/nouveau/bar/ga10[024]: initial support
drm/nouveau/mmu/ga10[024]: initial support
drm/nouveau/timer/ga10[024]: initial support
drm/nouveau/fb/ga10[024]: initial support
drm/nouveau/imem/ga10[024]: initial support
drm/nouveau/privring/ga10[024]: initial support
drm/nouveau/mc/ga10[024]: initial support
drm/nouveau/devinit/ga10[024]: initial support
drm/nouveau/bios/ga10[024]: initial support
drm/nouveau/pci/ga10[024]: initial support
drm/nouveau/core: recognise GA10[024]
Add myself as maintainer of qcom audio drivers, as Patrick
has very little time to look at the patches.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Banajit Goswami <bgoswami@codeaurora.org>
Acked-by: Patrick Lai <plai@codeaurora.org>
Link: https://lore.kernel.org/r/20210115165520.6023-1-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Right now io_flush_timeouts() checks if the current number of events
is equal to ->timeout.target_seq, but this will miss some timeouts if
there have been more than 1 event added since the last time they were
flushed (possible in io_submit_flush_completions(), for example). Fix
it by recording the last sequence at which timeouts were flushed so
that the number of events seen can be compared to the number of events
needed without overflow.
Signed-off-by: Marcelo Diop-Gonzalez <marcelo827@gmail.com>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The Ux500 platforms have some memory carveouts set aside for
communicating with the modem and for the initial secure software
(ISSW). These areas are protected by the memory controller
and will result in an external abort if accessed like common
read/write memory.
On the legacy boot loaders, these were set aside by using
cmdline arguments such as this:
mem=96M@0 mem_mtrace=15M@96M mem_mshared=1M@111M
mem_modem=16M@112M mali.mali_mem=32M@128M mem=96M@160M
hwmem=127M@256M mem_issw=1M@383M mem_ram_console=1M@384M
mem=638M@385M
Reserve the relevant areas in the device tree instead. The
"mali", "hwmem", "mem_ram_console" and the trailing 1MB at the
end of the memory reservations in the list are not relevant for
the upstream kernel as these are nowadays replaced with
upstream technologies such as CMA. The modem and ISSW
reservations are necessary.
This was manifested in a bug that surfaced in response to
commit 7fef431be9 ("mm/page_alloc: place pages to tail in __free_pages_core()")
which changes the behaviour of memory allocations
in such a way that the platform will sooner run into these
dangerous areas, with "Unhandled fault: imprecise external
abort (0xc06) at 0xb6fd83dc" or similar: the real reason
turns out to be that the PTE is pointing right into one of
the reserved memory areas. We were just lucky until now.
We need to augment the DB8500 and DB8520 SoCs similarly
and also create a new include for the DB9500 used in the
Snowball since this does not have a modem and thus does
not need the modem memory reservation, albeit it needs
the ISSW reservation.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Cc: David Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/r/20201213225517.3838501-1-linus.walleij@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node, however when control is
transferred from the middle of the loop, as in the case of a return
or break or goto, there is no decrement thus ultimately resulting in
a memory leak.
Fix a potential memory leak in arm-integrator-lm.c by inserting
of_node_put() before a return statement.
Issue found with Coccinelle.
Signed-off-by: Sumera Priyadarsini <sylphrenadin@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20200829174154.GA9319@Kaladin
Link: https://lore.kernel.org/r/20210112092549.251548-1-linus.walleij@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- Fix backlight pwm on imx6qdl-kontron-samx6i which is lost from
#pwm-cells conversion.
- Fix duplicated bus node name for i.MX8MN SoC.
- Fix reset register offset on LS1028A SoC.
- Rename MMC node aliases for imx6q-tbs2910 to keep the MMC device
index consistent with previous kernel version.
- Selecting ARM_GIC_V3 on non-CP15 processors to fix one build failure
with i.MX8M SoC driver.
- Fix typos with status property on imx6qdl-kontron-samx6i board.
- Fix duplicated regulator-name on imx6qdl-gw52xx board.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEEFmJXigPl4LoGSz08UFdYWoewfM4FAl/9n4AUHHNoYXduZ3Vv
QGtlcm5lbC5vcmcACgkQUFdYWoewfM5pmQf+O0hRAVWaMXk4SCs/CsQ4Z6XNPSfz
7DSnkz0Rg53uykv+oe57sryBHGI46vy/hJeD6/OX4XgnlxaKXwmdaE+sek85D01h
C/Gzg7lKDvr8vWKZcOzhTQhs9F+EuHSsS2zW9StUBBSlXx3r2h9f+kJOLihFwvQp
CCWU+eGXgRIqZme5tIX9tFqPP1PmNRfIbZWgLwx9e/foCMl64fJSIe45ik4WePeV
+WCB3xMP38q2bfhZQv164uIw8m5/nEb8dp9O+zNamy/RN1hQqRaq1sPAwrjcqs2z
whaVS3iaGRM/RyAdbxy1JCxM+yDNM0Vnby/txVgsEOE+a9mfl2D2upQ1NA==
=+e1G
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes
i.MX fixes for 5.11:
- Fix backlight pwm on imx6qdl-kontron-samx6i which is lost from
#pwm-cells conversion.
- Fix duplicated bus node name for i.MX8MN SoC.
- Fix reset register offset on LS1028A SoC.
- Rename MMC node aliases for imx6q-tbs2910 to keep the MMC device
index consistent with previous kernel version.
- Selecting ARM_GIC_V3 on non-CP15 processors to fix one build failure
with i.MX8M SoC driver.
- Fix typos with status property on imx6qdl-kontron-samx6i board.
- Fix duplicated regulator-name on imx6qdl-gw52xx board.
* tag 'imx-fixes-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status
ARM: imx: fix imx8m dependencies
ARM: dts: tbs2910: rename MMC node aliases
arm64: dts: ls1028a: fix the offset of the reset register
arm64: dts: imx8mn: Fix duplicate node name
ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight
Link: https://lore.kernel.org/r/20210112131224.GI28365@dragon
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Occasionally, we are seeing some SuperSpeed devices resumes right after
being directed to U3. This commits add 500us delay to ensure LFPS
detector is disabled before sending ACK to firmware.
[ 16.099363] tegra-xusb 70090000.usb: entering ELPG
[ 16.104343] tegra-xusb 70090000.usb: 2-1 isn't suspended: 0x0c001203
[ 16.114576] tegra-xusb 70090000.usb: not all ports suspended: -16
[ 16.120789] tegra-xusb 70090000.usb: entering ELPG failed
The register write passes through a few flop stages of 32KHz clock domain.
NVIDIA ASIC designer reviewed RTL and suggests 500us delay.
Cc: stable@vger.kernel.org
Signed-off-by: JC Kuo <jckuo@nvidia.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210115161907.2875631-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Once the command ring doorbell is rung the xHC controller will parse all
command TRBs on the command ring that have the cycle bit set properly.
If the driver just started writing the next command TRB to the ring when
hardware finished the previous TRB, then HW might fetch an incomplete TRB
as long as its cycle bit set correctly.
A command TRB is 16 bytes (128 bits) long.
Driver writes the command TRB in four 32 bit chunks, with the chunk
containing the cycle bit last. This does however not guarantee that
chunks actually get written in that order.
This was detected in stress testing when canceling URBs with several
connected USB devices.
Two consecutive "Set TR Dequeue pointer" commands got queued right
after each other, and the second one was only partially written when
the controller parsed it, causing the dequeue pointer to be set
to bogus values. This was seen as error messages:
"Mismatch between completed Set TR Deq Ptr command & xHCI internal state"
Solution is to add a write memory barrier before writing the cycle bit.
Cc: <stable@vger.kernel.org>
Tested-by: Ross Zwisler <zwisler@google.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210115161907.2875631-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The issue is that using SPI from a callback under the CCF lock will
deadlock, since this code uses clk_get_rate().
Fixes: c474b38665 ("spi: Add driver for Cadence SPI controller")
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Link: https://lore.kernel.org/r/20210114154217.51996-1-alexandru.ardelean@analog.com
Signed-off-by: Mark Brown <broonie@kernel.org>
If extended CSD was not available, the eMMC driver would incorrectly
set the block size to 0, as the data_sector_size field of ext_csd
was never initialized. This issue was exposed by commit 817046ecdd
("block: Align max_hw_sectors to logical blocksize") which caused
max_sectors and max_hw_sectors to be set to 0 after setting the block
size to 0, resulting in a kernel panic in bio_split when attempting
to read from the device. Fix it by only reading the block size from
ext_csd if it is available.
Fixes: a5075eb948 ("mmc: block: Allow disabling 512B sector size emulation")
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Link: https://linux-review.googlesource.com/id/If244d178da4d86b52034459438fec295b02d6e60
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210114201405.2934886-1-pcc@google.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
kmsg_dump_get_buffer() uses @syslog to determine if the syslog
prefix should be written to the buffer. However, when calculating
the maximum number of records that can fit into the buffer, it
always counts the bytes from the syslog prefix.
Use @syslog when calculating the maximum number of records that can
fit into the buffer.
Fixes: e2ae715d66 ("kmsg - kmsg_dump() use iterator to receive log buffer content")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20210113164413.1599-1-john.ogness@linutronix.de
Counting text lines in a record simply involves counting the number
of newline characters (+1). However, it is searching the full data
block for newline characters, even though the text data can be (and
often is) a subset of that area. Since the extra area in the data
block was never initialized, the result is that extra newlines may
be seen and counted.
Restrict newline searching to the text data length.
Fixes: b6cf8b3f33 ("printk: add lockless ringbuffer")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20210113144234.6545-1-john.ogness@linutronix.de
Add HD Audio Device PCI ID for the Intel Cometlake-R platform
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Kai-Chuan Hsieh <kaichuan.hsieh@canonical.com>
Link: https://lore.kernel.org/r/20210115031515.13100-1-kaichuan.hsieh@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The kbuild test robot reports that when building with W=1, GCC will warn
for a couple of missing prototypes in syscall.c:
| arch/arm64/kernel/syscall.c:157:6: warning: no previous prototype for 'do_el0_svc' [-Wmissing-prototypes]
| 157 | void do_el0_svc(struct pt_regs *regs)
| | ^~~~~~~~~~
| arch/arm64/kernel/syscall.c:164:6: warning: no previous prototype for 'do_el0_svc_compat' [-Wmissing-prototypes]
| 164 | void do_el0_svc_compat(struct pt_regs *regs)
| | ^~~~~~~~~~~~~~~~~
While this isn't a functional problem, as a general policy we should
include the prototype for functions wherever possible to catch any
accidental divergence between the prototype and implementation. Here we
can easily include <asm/exception.h>, so let's do so.
While there are a number of warnings elsewhere and some warnings enabled
under W=1 are of questionable benefit, this change helps to make the
code more robust as it evolved and reduces the noise somewhat, so it
seems worthwhile.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/202101141046.n8iPO3mw-lkp@intel.com
Link: https://lore.kernel.org/r/20210114124812.17754-1-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
GCC versions >= 4.9 and < 5.1 have been shown to emit memory references
beyond the stack pointer, resulting in memory corruption if an interrupt
is taken after the stack pointer has been adjusted but before the
reference has been executed. This leads to subtle, infrequent data
corruption such as the EXT4 problems reported by Russell King at the
link below.
Life is too short for buggy compilers, so raise the minimum GCC version
required by arm64 to 5.1.
Reported-by: Russell King <linux@armlinux.org.uk>
Suggested-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/r/20210105154726.GD1551@shell.armlinux.org.uk
Link: https://lore.kernel.org/r/20210112224832.10980-1-will@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
snd_seq_oss_synth_make_info() didn't check the error code from
snd_seq_oss_midi_make_info(), and this leads to the call of strlcpy()
with the uninitialized string as the source, which may lead to the
access over the limit.
Add the proper error check for avoiding the failure.
Reported-by: syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210115093428.15882-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Counter fixes
ti,eqep
- Remove floor interface as the device always wraps to 0.
IIO
adi,ad5504
- Fix inverted power state control.
bosch,bma255
- Fix a difference in part naming between dt-binding doc and the driver.
melexis,mlx90632
- Add a delay after reset command.
semtech,sx9310
- Off by one error.
- Fix an issue due to need to skip a value in a power of 2 series.
st,st_sensors
- Fix a possible infinite loop if data read is not define or reading it fails.
ti,am335x
- Remove a left over iio_kfifo_free after managed allocation conversion.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEEbilms4eEBlKRJoGxVIU0mcT0FogFAmAAwYcRHGppYzIzQGtl
cm5lbC5vcmcACgkQVIU0mcT0Fogmzw/+ISxGbk8nRSN6B/h5ldc8Cpz897H2TW0L
7xIygn9Kw5HlITP2VdyBgkU8Otz1/W0UJnUTp2SJqLZ126wYURn08ZeEHSwdsGCx
Im9di/QF3aBeb5c0D/dd31EVjWwfpvM2zjbHnzQxxn/5tncUCaNBpkBxguSCwh80
+e1MB7h+tCKnYnJ3htiServgjnMHwumN3bTyv5IRJiuYkdAgB3Cg8l00dIHZLP1a
hF5bV+1BiHBGiZYiFPVPFl0HuoLviudAqzFzGjHv7V4POGpBlpq5vjN0WjhhrXAs
Q60Nh3lgZtP/rHifCL9p8ty1yWvohQ91rcy5bauNuSqOj2IE7yLDsovU4blKhNNx
iallCMJB3OIPeGRqQsd8wym5lcVI5puY+8y9y1qXX6SHzR2JVa2ZCIvzC1tICNra
9qDnFrdZYPdodZkAFu6lAEZ3tFOzx/wMMVgOPvIXiZniVYtCIOtow5jzBgF6LKS6
PpOH/EmNJFhS1uqIiX2m5oYyolh8la4Y4Ly062T9EIAXt/noShu2pySgDI7Eu8ro
PtovWE0sVJ1p6MSOHlVfRNdvmQe2pAFxHJPj7TIveHNzQbKYGdjwa8NGVSjOlLDg
3XZe98HzTWtoORYF6s3fQN+MEEDFDteG4ysB78RU1pO3NeXqUCow2UyOVmALId15
M5rueMyrodQ=
=61oM
-----END PGP SIGNATURE-----
Merge tag 'iio-fixes-for-5.11a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
First set of IIO and counter fixes for the 5.11 cycle.
Counter fixes
ti,eqep
- Remove floor interface as the device always wraps to 0.
IIO
adi,ad5504
- Fix inverted power state control.
bosch,bma255
- Fix a difference in part naming between dt-binding doc and the driver.
melexis,mlx90632
- Add a delay after reset command.
semtech,sx9310
- Off by one error.
- Fix an issue due to need to skip a value in a power of 2 series.
st,st_sensors
- Fix a possible infinite loop if data read is not define or reading it fails.
ti,am335x
- Remove a left over iio_kfifo_free after managed allocation conversion.
* tag 'iio-fixes-for-5.11a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio:
iio: sx9310: Fix semtech,avg-pos-strength setting when > 16
iio: common: st_sensors: fix possible infinite loop in st_sensors_irq_thread
iio: ad5504: Fix setting power-down state
counter:ti-eqep: remove floor
drivers: iio: temperature: Add delay after the addressed reset command in mlx90632.c
iio: adc: ti_am335x_adc: remove omitted iio_kfifo_free()
dt-bindings: iio: accel: bma255: Fix bmc150/bmi055 compatible
iio: sx9310: Off by one in sx9310_read_thresh()
dma-buf:
- Fix a memory leak in CMAV heap
core:
- Fix format check for legacy pageflips
ttm:
- Pass correct address to dma_mapping_error()
- Use mutex in pool shrinker
i915:
- Allow the sysadmin to override security mitigations
- Restore clear-residual mitigations for ivb/byt
- Limit VFE threads based on GT
- GVT: fix vfio edid and full display detection
- Fix DSI DSC power refcounting
- Fix LPT CPU mode backlight takeover
- Disable RPM wakeref assertions during driver shutdown
- Fix DSI sequence sleeps
amdgpu:
- Update repo location in MAINTAINERS
- Add some new renoir PCI IDs
- Revert CRC UAPI changes
- Revert OLED display fix which cases clocking problems for some systems
- Misc vangogh fixes
- GFX fix for sienna cichlid
- DCN1.0 fix for pipe split
- Fix incorrect PSP command
amdkfd:
- Fix possible out of bounds read in vcrat creation
nouveau:
- irq handling fix
- expansion ROM fix
- hw init dpcd disable
- aux semaphore owner field fix
- vram heap sizing fix
- notifier at 0 is valid fix
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJgAQ/EAAoJEAx081l5xIa+KyIP/3xSMMMzzkYFii8yPeKjKavx
kpXzy0eMG5a/t0LGicfJbQxujE94BW2Y7MZPsKKyfs/PqPWCFM9NrmQK5/Dqg+Z8
R4lXC4+B/ha8Xhl+jK6UW5HLWRN24nB9uH1/oN0xV1WrhJDffdc85qh0Qm9AAaav
zfpXYu5s+37EMuw5u9jE51OWk9mmgwrpYjXH/SQ2eiSJ4UHeX8CE1b3WgRT8z7cP
hep43/6GQ+sczcL1Ekg1guaV/2q9dy+QliP5Z6rv/E9lzeoRQgb8O+Lf95f8yR3t
NSzXllS3Y5bUXzIRkNioTmfydmO6oFxY/1TBkfa08TSqveHJSGCtBb12WkDxSNO5
NRBXwHd+WBV6+8dX9Dmm3k/5C9LK9Y/rUI+yEwdE9Soh/frMOWtXA4PLn8p1XofA
rfLu5Y5mBR+c/r8rABefUSNaJZ+tl6vfpWSZ1WNyUi8gL+Rknpq5p+5OpX1TQSI+
BBPEKpLFyD0mr1de/SdW41lofFyIgUajVnClg26ynMOU6bkGOq+UWduw+cpDvUCS
2g2YYi+YXkCnZGwLg9NaXSM5N2JCJARRynncehuAl0F1frigPzy3F+Ty0mmlBa1O
WuYpbTsNJjDVP6kPNDv0/CYv/dnPb4PJczTq4SDwAtSkD3/SaAKh0jYK/NqGL9sM
Nk1psZTXjcbD/rzR/kX9
=hTNV
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2021-01-15' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Regular fixes for rc4, a bunch of fixes across i915, amdgpu and
nouveau here, along with a couple of TTM fixes, and dma-buf and one
core pageflip/modifier interaction fix.
One notable i915 fix is a HSW GT1 regression fix that has been
outstanding for quite a while. (Thanks to Matt Turner for kicking
Intel into getting it fixed).
dma-buf:
- Fix a memory leak in CMAV heap
core:
- Fix format check for legacy pageflips
ttm:
- Pass correct address to dma_mapping_error()
- Use mutex in pool shrinker
i915:
- Allow the sysadmin to override security mitigations
- Restore clear-residual mitigations for ivb/byt
- Limit VFE threads based on GT
- GVT: fix vfio edid and full display detection
- Fix DSI DSC power refcounting
- Fix LPT CPU mode backlight takeover
- Disable RPM wakeref assertions during driver shutdown
- Fix DSI sequence sleeps
amdgpu:
- Update repo location in MAINTAINERS
- Add some new renoir PCI IDs
- Revert CRC UAPI changes
- Revert OLED display fix which cases clocking problems for some systems
- Misc vangogh fixes
- GFX fix for sienna cichlid
- DCN1.0 fix for pipe split
- Fix incorrect PSP command
amdkfd:
- Fix possible out of bounds read in vcrat creation
nouveau:
- irq handling fix
- expansion ROM fix
- hw init dpcd disable
- aux semaphore owner field fix
- vram heap sizing fix
- notifier at 0 is valid fix"
* tag 'drm-fixes-2021-01-15' of git://anongit.freedesktop.org/drm/drm: (37 commits)
drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
drm/nouveau/mmu: fix vram heap sizing
drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
drm/nouveau/i2c/gk110-: disable hw-initiated dpcd reads
drm/nouveau/i2c/gk110: split out from i2c/gk104
drm/nouveau/privring: ack interrupts the same way as RM
drm/nouveau/bios: fix issue shadowing expansion ROMs
drm/amd/display: Fix to be able to stop crc calculation
Revert "drm/amd/display: Expose new CRC window property"
Revert "drm/amdgpu/disply: fix documentation warnings in display manager"
Revert "drm/amd/display: Fix unused variable warning"
drm/amdgpu: set power brake sequence
drm/amdgpu: add new device id for Renior
drm/amdgpu: add green_sardine device id (v2)
drm/amdgpu: fix vram type and bandwidth error for DDR5 and DDR4
drm/amdgpu/gfx10: add updated GOLDEN_TSC_COUNT_UPPER/LOWER register offsets for VGH
drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu()
Revert "drm/amd/display: Fixed Intermittent blue screen on OLED panel"
drm/amd/display: disable dcn10 pipe split by default
drm/amd/display: Add a missing DCN3.01 API mapping
...
The tracing_on option is supported by bootconfig entries, but the scripts to
convert from ftrace to a bootconfig and back were not updated.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCYAEA4RQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6ql1IAQDRIhEtOER8pCWC/MgRtX9sXgmHPtyr
OmGCbhlNNRohRQD+KKhtTORIUwqSQqItyuT/YWp7nEh25lLUC3a1LBD4Ugw=
=YZ7S
-----END PGP SIGNATURE-----
Merge tag 'trace-v5.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull bootconfig fix from Steven Rostedt:
"Update bootconf scripts for tracing_on option
The tracing_on option is supported by bootconfig entries, but the
scripts to convert from ftrace to a bootconfig and back were not
updated"
* tag 'trace-v5.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tools/bootconfig: Add tracing_on support to helper scripts
As requested, here's a tree with the non-Ampere-specific fixes split
out, as most of them are potentially relevant to already-supported
GPUs.
- irq handling fix
- expansion ROM fix
- hw init dpcd disable
- aux semaphore owner field fix
- vram heap sizing fix
- notifier at 0 is valid fix
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <skeggsb@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv4P90mcF_ByAh+ghz+ZVD2N2bPbD7xHYYArE1kYrvsGcQ@mail.gmail.com
While testing live partition mobility, we have observed occasional crashes
of the Linux partition. What we've seen is that during the live migration,
for specific configurations with large amounts of memory, slow network
links, and workloads that are changing memory a lot, the partition can end
up being suspended for 30 seconds or longer. This resulted in the following
scenario:
CPU 0 CPU 1
------------------------------- ----------------------------------
scsi_queue_rq migration_store
-> blk_mq_start_request -> rtas_ibm_suspend_me
-> blk_add_timer -> on_each_cpu(rtas_percpu_suspend_me
_______________________________________V
|
V
-> IPI from CPU 1
-> rtas_percpu_suspend_me
-> __rtas_suspend_last_cpu
-- Linux partition suspended for > 30 seconds --
-> for_each_online_cpu(cpu)
plpar_hcall_norets(H_PROD
-> scsi_dispatch_cmd
-> scsi_times_out
-> scsi_abort_command
-> queue_delayed_work
-> ibmvfc_queuecommand_lck
-> ibmvfc_send_event
-> ibmvfc_send_crq
- returns H_CLOSED
<- returns SCSI_MLQUEUE_HOST_BUSY
-> __blk_mq_requeue_request
-> scmd_eh_abort_handler
-> scsi_try_to_abort_cmd
- returns SUCCESS
-> scsi_queue_insert
Normally, the SCMD_STATE_COMPLETE bit would protect against the command
completion and the timeout, but that doesn't work here, since we don't
check that at all in the SCSI_MLQUEUE_HOST_BUSY path.
In this case we end up calling scsi_queue_insert on a request that has
already been queued, or possibly even freed, and we crash.
The patch below simply increases the default I/O timeout to avoid this race
condition. This is also the timeout value that nearly all IBM SAN storage
recommends setting as the default value.
Link: https://lore.kernel.org/r/1610463998-19791-1-git-send-email-brking@linux.vnet.ibm.com
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Using global sp_in_global directly to fix the following warning,
arch/riscv/kernel/stacktrace.c:31:3: warning: ‘register’ is not at beginning of declaration [-Wold-style-declaration]
31 | const register unsigned long current_sp = sp_in_global;
| ^~~~~
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
amd-drm-fixes-5.11-2021-01-14:
amdgpu:
- Update repo location in MAINTAINERS
- Add some new renoir PCI IDs
- Revert CRC UAPI changes
- Revert OLED display fix which cases clocking problems for some systems
- Misc vangogh fixes
- GFX fix for sienna cichlid
- DCN1.0 fix for pipe split
- Fix incorrect PSP command
amdkfd:
- Fix possible out of bounds read in vcrat creation
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210114201354.3998-1-alexander.deucher@amd.com
UEFI/RM no longer use IED scripts from the VBIOS, though they appear to
have been updated for use by the x86 VBIOS code, so we should be able to
continue using them for the moment.
Unfortunately, we require some hacks to do so, as the BeforeLinkTraining
IED script became a pointer to an array of scripts instead, without a
revbump of the relevant tables.
There's also some changes to SOR clock divider fiddling, which are
hopefully correct enough that things work as they should.
AFAIK, GA100 shouldn't have display, so it hasn't been added.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Fortunately, all the interrupts we need to bring up basic display support
are contained in a single leaf register, allowing this basic (but hackish)
implementation.
There's a bunch more invasive patches to come implementing all this in a
better/more complete way, but trying to get a minimal series out first.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
VPLL regs changed a bit. There's more stuff to do around these, but it's
less invasive to stick those changes into disp for now.
None of that belongs here anymore anyhow - fix that someday.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Forcing PRAMIN-shadowing off for GA100, as it requires display, and we don't
know if/where the fuse register for detecting its presence is.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
