| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Make sure to always NUL-terminate file names retrieved from the firmware
to avoid accessing data beyond the entry slab buffer and exposing it
through sysfs in case the firmware data is corrupt.
Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device")
Cc: stable@vger.kernel.org # 4.6
Cc: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211201132528.30025-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
An initialised kobject must be freed using kobject_put() to avoid
leaking associated resources (e.g. the object name).
Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed"
the leak in the first error path of the file registration helper but
left the second one unchanged. This "fix" would however result in a NULL
pointer dereference due to the release function also removing the never
added entry from the fw_cfg_entry_cache list. This has now been
addressed.
Fix the remaining kobject leak by restoring the common error path and
adding the missing kobject_put().
Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device")
Cc: stable@vger.kernel.org # 4.6
Cc: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211201132528.30025-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed"
a kobject leak in the file registration helper by properly calling
kobject_put() for the entry in case registration of the object fails
(e.g. due to a name collision).
This would however result in a NULL pointer dereference when the
release function tries to remove the never added entry from the
fw_cfg_entry_cache list.
Fix this by moving the list-removal out of the release function.
Note that the offending commit was one of the benign looking umn.edu
fixes which was reviewed but not reverted. [1][2]
[1] https://lore.kernel.org/r/202105051005.49BFABCE@keescook
[2] https://lore.kernel.org/all/YIg7ZOZvS3a8LjSv@kroah.com
Fixes: fe3c60684377 ("firmware: Fix a reference count leak.")
Cc: stable@vger.kernel.org # 5.8
Cc: Qiushi Wu <wu000273@umn.edu>
Cc: Kees Cook <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211201132528.30025-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Static variables do not need to be initialised to 0, because compilers
will initialise all uninitialised statics to 0. Thus, remove the
unneeded initializations.
Signed-off-by: Jason Wang <wangborong@cdjrlc.com>
Link: https://lore.kernel.org/r/20211212071838.304307-1-wangborong@cdjrlc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Use the sysfs_emit to replace sprintf. sprintf may cause
output defect in sysfs content, it is better to use new
added sysfs_emit function which knows the size of the
temporary buffer.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Link: https://lore.kernel.org/r/20211206104724.11559-1-yekai13@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The double `for' in the comment in line 81 is repeated. Remove one
of them from the comment.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Jason Wang <wangborong@cdjrlc.com>
Link: https://lore.kernel.org/r/20211212031657.41169-1-wangborong@cdjrlc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The help text for GOOGLE_FIRMWARE states that it should only be
enabled when building a kernel for Google's own servers. However,
many of the drivers dependent on it are also useful on Chromebooks or
on any platform using coreboot.
Update the help text to reflect this double duty.
Fixes: d384d6f43d1e ("firmware: google memconsole: Add coreboot support")
Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Link: https://lore.kernel.org/r/20180618225540.GD14131@decadent.org.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
binder.c uses <asm/cacheflush.h> instead of <linux/cacheflush.h>.
Hence change cacheflush header file to proper one.
This change also avoid warning from checkpatch that shown below:
WARNING: Use #include <linux/cacheflush.h> instead of <asm/cacheflush.h>
Signed-off-by: Ajith P V <ajithpv.linux@gmail.com>
Link: https://lore.kernel.org/r/20211215132018.31522-1-ajithpv.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Mathieu writes:
Coresight changes for v5.17
This pull request includes:
- A patch that uses devm_bitmap_zalloc() instead of the open-coded
equivalent.
- Work to make coresight complex configuration loadable via modules.
- Some coresight documentation updates.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
* tag 'coresight-next-v5.17' of gitolite.kernel.org:pub/scm/linux/kernel/git/coresight/linux:
coresight: core: Fix typo in a comment
Documentation: coresight: Update coresight configuration docs
coresight: configfs: Allow configfs to activate configuration
coresight: syscfg: Example CoreSight configuration loadable module
coresight: syscfg: Update load API for config loadable modules
coresight: configuration: Update API to permit dynamic load/unload
coresight: configuration: Update API to introduce load owner concept
Documentation: coresight: Fix documentation issue
coresight: Use devm_bitmap_zalloc when applicable
|
|
Moritz writes:
FPGA Manager changes for 5.17-rc1
Russ' patches rework the way we register FPGA managers, regions and
bridges by simplifying the functions into a single register call.
Nathan's patch addresses an unused variable warning that was introduced
by Russ' patches.
Yang's patch addresses a kernel doc warning.
All patches have been reviewed on the mailing list, and have been in the
last few linux-next releases (as part of our for-next branch) without issues.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
* tag 'fpga-for-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga:
fpga: region: fix kernel-doc
fpga: stratix10-soc: Do not use ret uninitialized in s10_probe()
fpga: region: Use standard dev_release for class driver
fpga: bridge: Use standard dev_release for class driver
fpga: mgr: Use standard dev_release for class driver
|
|
The qpnpint_irq_set_type() callback function configures the type
(edge vs level) and polarity (high, low, or both) of a particular
PMIC interrupt within a given peripheral. To do this, it reads
the three consecutive IRQ configuration registers, modifies the
specified IRQ bit within the register values, and finally writes
the three modified register values back to the PMIC. While a
spinlock is used to provide mutual exclusion on the SPMI bus
during the register read and write calls, there is no locking
around the overall read, modify, write sequence. This opens up
the possibility of a race condition if two tasks set the type of
a PMIC IRQ within the same peripheral simultaneously.
When the race condition is encountered, both tasks will read the
old value of the registers and IRQ bits set by one of the tasks
will be dropped upon the register write of the other task. This
then leads to PMIC IRQs being enabled with an incorrect type and
polarity configured. Such misconfiguration can lead to an IRQ
storm that overwhelms the system and causes it to crash.
This race condition and IRQ storm have been observed when using
a pair of pm8941-pwrkey devices to handle PMK8350 pwrkey and
resin interrupts. The independent devices probe asynchronously
in parallel and can simultaneously request and configure PMIC
IRQs in the same PMIC peripheral.
For a good case, the IRQ configuration calls end up serialized
due to timing deltas and the register read/write sequence looks
like this:
1. pwrkey probe: SPMI read(0x1311): 0x00, 0x00, 0x00
2. pwrkey probe: SPMI write(0x1311): 0x80, 0x80, 0x80
3. resin probe: SPMI read(0x1311): 0x80, 0x80, 0x80
4. resin probe: SPMI write(0x1311): 0xC0, 0xC0, 0xC0
The final register states after both devices have requested and
enabled their respective IRQs is thus:
0x1311: 0xC0
0x1312: 0xC0
0x1313: 0xC0
0x1314: 0x00
0x1315: 0xC0
For a bad case, the IRQ configuration calls end up occurring
simultaneously and the race condition is encountered. The
register read/write sequence then looks like this:
1. pwrkey probe: SPMI read(0x1311): 0x00, 0x00, 0x00
2. resin probe: SPMI read(0x1311): 0x00, 0x00, 0x00
3. pwrkey probe: SPMI write(0x1311): 0x80, 0x80, 0x80
4. resin probe: SPMI write(0x1311): 0x40, 0x40, 0x40
In this case, the final register states after both devices have
requested and enabled their respective IRQs is thus:
0x1311: 0x40
0x1312: 0x40
0x1313: 0x40
0x1314: 0x00
0x1315: 0xC0
This corresponds to the resin IRQ being configured for both
rising and falling edges, as expected. However, the pwrkey IRQ
is misconfigured as level type with both polarity high and low
set to disabled. The PMIC IRQ triggering hardware treats this
particular register configuration as if level low triggering is
enabled.
The raw pwrkey IRQ signal is low when the power key is not being
pressed. Thus, the pwrkey IRQ begins firing continuously in an
IRQ storm.
Fix the race condition by holding the spmi-pmic-arb spinlock for
the duration of the read, modify, write sequence performed in the
qpnpint_irq_set_type() function. Split the pmic_arb_read_cmd()
and pmic_arb_write_cmd() functions each into three parts so that
hardware register IO is decoupled from spinlock locking. This
allows a new function pmic_arb_masked_write() to be added which
locks the spinlock and then calls register IO functions to
perform SPMI read and write commands in a single atomic
operation.
Link: https://lore.kernel.org/r/20211118034719.28971-1-quic_collinsd@quicinc.com
Signed-off-by: David Collins <quic_collinsd@quicinc.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-7-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Add spmi support for MT8195.
Refine indent in spmi-mtk-pmif.c.
Link: https://lore.kernel.org/r/20211119034613.32489-5-james.lo@mediatek.com
Acked-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: James Lo <james.lo@mediatek.com>
Signed-off-by: Henry Chen <henryc.chen@mediatek.com>
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-6-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Add spmi support for MT6873/8192.
Refine indent in spmi-mtk-pmif.c.
Link: https://lore.kernel.org/r/20211119034613.32489-4-james.lo@mediatek.com
Acked-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: James Lo <james.lo@mediatek.com>
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-5-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This adds documentation for the SPMI controller found on Mediatek SoCs.
Link: https://lore.kernel.org/r/20211119034613.32489-3-james.lo@mediatek.com
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: James Lo <james.lo@mediatek.com>
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-4-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
'reg' is controller specific so we shouldn't even be specifying it here.
Just remove it.
Link: https://lore.kernel.org/r/20211119034613.32489-2-james.lo@mediatek.com
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: James Lo <james.lo@mediatek.com>
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-3-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
It's useful to know what particular device/component is having trouble
accessing the bus. Add the sid and address to error messages here so
that debugging is a little simpler.
Link: https://lore.kernel.org/r/20210920234849.3614036-1-swboyd@chromium.org
Cc: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Cc: satya priya <skakit@codeaurora.org>
Reviewed-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Reviewed-by: Satya Priya <skakit@codeaurora.org>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20211216190812.1574801-2-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Add support for EM919X modems, this modem series is based on SDX55
qcom chip.
It is mandatory to use the same ring for control+data and diag events.
Link: https://lore.kernel.org/r/20211123081541.648426-1-thomas.perrot@bootlin.com
Tested-by: Aleksander Morgado <aleksander@aleksander.es>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-11-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The find.h APIs are designed to be used only on unsigned long arguments.
This can technically result in a over-read, but it is harmless in this
case. Regardless, fix it to avoid the warning seen under -Warray-bounds,
which we'd like to enable globally:
In file included from ./include/linux/bitmap.h:9,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/wait.h:9,
from ./include/linux/wait_bit.h:8,
from ./include/linux/fs.h:6,
from ./include/linux/debugfs.h:15,
from drivers/bus/mhi/core/init.c:7:
drivers/bus/mhi/core/init.c: In function 'to_mhi_pm_state_str':
./include/linux/find.h:187:37: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'enum mhi_pm_state[1]' [-Warray-bounds]
187 | unsigned long val = *addr & GENMASK(size - 1, 0);
| ^~~~~
drivers/bus/mhi/core/init.c:80:51: note: while referencing 'state'
80 | const char *to_mhi_pm_state_str(enum mhi_pm_state state)
| ~~~~~~~~~~~~~~~~~~^~~~~
Link: https://lore.kernel.org/r/20211215232446.2069794-1-keescook@chromium.org
[mani: changed the variable name "bits" to "pm_state"]
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-10-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Add a new API "mhi_prepare_for_transfer_autoqueue" for using with client
drivers like QRTR to request MHI core to autoqueue buffers for the DL
channel along with starting both UL and DL channels.
So far, the "auto_queue" flag specified by the controller drivers in
channel definition served this purpose but this will be removed at some
point in future.
Cc: netdev@vger.kernel.org
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Co-developed-by: Loic Poulain <loic.poulain@linaro.org>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-9-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
During SYS_ERR condition, as a response to the MHI_RESET from host, some
devices tend to issue BHI interrupt without clearing the SYS_ERR state in
the device. This creates a race condition and causes a failure in booting
up the device.
The issue is seen on the Sierra Wireless EM9191 modem during SYS_ERR
handling in mhi_async_power_up(). Once the host detects that the device
is in SYS_ERR state, it issues MHI_RESET and waits for the device to
process the reset request. During this time, the device triggers the BHI
interrupt to the host without clearing SYS_ERR condition. So the host
starts handling the SYS_ERR condition again.
To fix this issue, let's register the IRQ handler only after handling the
SYS_ERR check to avoid getting spurious IRQs from the device.
Fixes: e18d4e9fa79b ("bus: mhi: core: Handle syserr during power_up")
Cc: stable@vger.kernel.org
Reported-by: Aleksander Morgado <aleksander@aleksander.es>
Tested-by: Aleksander Morgado <aleksander@aleksander.es>
Tested-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-8-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The 'wake-capable' entry in channel configuration is not set when
parsing the configuration specified by the controller driver. Add
the missing entry to ensure channel is correctly specified as a
'wake-capable' channel.
Link: https://lore.kernel.org/r/1638320491-13382-1-git-send-email-quic_bbhatt@quicinc.com
Fixes: 0cbf260820fa ("bus: mhi: core: Add support for registering MHI controllers")
Cc: stable@vger.kernel.org
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Bhaumik Bhatt <quic_bbhatt@quicinc.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-7-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The wrappers in include/linux/pci-dma-compat.h should go away.
Replace 'pci_set_dma_mask/pci_set_consistent_dma_mask' by an equivalent
and less verbose 'dma_set_mask_and_coherent()' call.
Link: https://lore.kernel.org/r/bb3dc436fe142309a2334549db782c5ebb80a2be.1625718497.git.christophe.jaillet@wanadoo.fr
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-6-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch fixes the below checkpatch warnings in MHI bus:
WARNING: Possible repeated word: 'events'
+ /* Process ctrl events events */
WARNING: Missing a blank line after declarations
+ struct mhi_buf_info info = { };
+ buf = kmalloc(len, GFP_KERNEL);
WARNING: Move const after static - use 'static const struct mhi_pm_transitions'
+static struct mhi_pm_transitions const dev_state_transitions[] = {
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-5-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The implementation for execution environment specific functionality
is spread out. Use macros that help determine the paths to be taken.
Link: https://lore.kernel.org/r/1636409978-31847-1-git-send-email-quic_bbhatt@quicinc.com
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-4-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
There is no reason for shutting down MHI ungracefully on freeze,
this causes the MHI host stack & device stack to not be aligned
anymore since the proper MHI reset sequence is not performed for
ungraceful shutdown.
Link: https://lore.kernel.org/r/1635268180-13699-1-git-send-email-loic.poulain@linaro.org
Fixes: 5f0c2ee1fe8d ("bus: mhi: pci-generic: Fix hibernation")
Cc: stable@vger.kernel.org
Suggested-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Reviewed-by: Hemant Kumar <hemantk@codeaurora.org>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-3-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Add new device ID 0xe0bf for T99W175.
This device ID is created because it is using Qualcomm SDX55 new base line.
Test evidence as below:
root@jbd-ThinkPad-P1-Gen-4:/dev# lspci -nn | grep Foxconn
0000:08:00.0 Wireless controller [0d40]: Foxconn International, Inc. Device [105b:e0bf]
root@jbd-ThinkPad-P1-Gen-4:/dev# cat wwan0at0 & echo -ne "ati\r" > wwan0at0
[2] 2977
root@jbd-ThinkPad-P1-Gen-4:/dev# ati
Manufacturer: Qualcomm
Model: T99W175
Revision: T99W175.F0.6.0.0.6.CC.005 1 [Oct 21 2021 10:00:00]
IMEI:
+GCAP: +CGSM
OK
Link: https://lore.kernel.org/r/20211029104918.3976-1-slark_xiao@163.com
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Slark Xiao <slark_xiao@163.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20211216081227.237749-2-manivannan.sadhasivam@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Kees writes:
lkdtm updates for v5.17-rc1
- Fix printk() usage during recursion (Ard Biesheuvel)
- Fix rodata section to actually have contents (Christophe Leroy)
- Add notes about lkdtm_kernel_info usage (Kees Cook)
- Avoid stack-entropy selftest when LKDTM is disabled (Misono Tomohiro)
* tag 'lkdtm-v5.17-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
lkdtm: avoid printk() in recursive_loop()
lkdtm: Note that lkdtm_kernel_info should be removed in the future
|
|
Exit with return code 4 if lkdtm is not available like other tests
in order to properly skip the test.
Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210805101236.1140381-1-misono.tomohiro@jp.fujitsu.com
|
|
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu
|
|
The recursive_loop() function is intended as a diagnostic to ensure that
exhausting the stack is caught and mitigated. Currently, it uses
pr_info() to ensure that the function has side effects that the compiler
cannot simply optimize away, so that the stack footprint does not get
reduced inadvertently.
The typical mitigation for stack overflow is to kill the task, and this
overflow may occur inside the call to pr_info(), which means it could be
holding the console lock when this happens. This means that the console
lock is never going to be released again, preventing the diagnostic
prints related to the stack overflow handling from being visible on the
console.
So let's replace the call to pr_info() with a call to
memzero_explicit(), which is not a 'magic' function name like memset()
or memcpy(), which the compiler may replace with plain loads and stores.
To ensure that the stack frames are nested rather than tail-called, put
the call to memzero_explicit() after the recursive call.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20211007081235.382697-1-ardb@kernel.org
|
|
As per Linus's request, remove lkdtm_kernel_info once sufficient
reporting exists in CI systems:
https://lore.kernel.org/lkml/CAHk-=wiFvfkoFixTapvvyPMN9pq5G-+Dys2eSyBa1vzDGAO5+A@mail.gmail.com
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
The double `the' in the comment in line 732 is repeated. Remove one
of them from the comment.
Signed-off-by: Jason Wang <wangborong@cdjrlc.com>
Link: https://lore.kernel.org/r/20211211090221.241529-1-wangborong@cdjrlc.com
[Fixed capital letter in title]
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
|
|
We need the fixes in here as well, and also resolve some merge conflicts
in:
drivers/misc/eeprom/at25.c
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
|
|
Pull USB fixes from Greg KH:
"Here are some small USB fixes for 5.16-rc5. They include:
- gadget driver fixes for reported issues
- xhci fixes for reported problems.
- config endpoint parsing fixes for where we got bitfields wrong
Most of these have been in linux-next, the remaining few were not, but
got lots of local testing in my systems and in some cloud testing
infrastructures"
* tag 'usb-5.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: core: config: using bit mask instead of individual bits
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
xhci: avoid race between disable slot command and host runtime suspend
xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property by default"
|
|
Pull char/misc driver fixes from Greg KH:
"Here are a bunch of small char/misc and other driver subsystem fixes.
Included in here are:
- iio driver fixes for reported problems
- phy driver fixes for a number of reported problems
- mhi resume bugfix for broken hardware
- nvmem driver fix
- rtsx driver fix for irq issues
- fastrpc packet parsing fix
All of these have been in linux-next for a while with no reported
issues"
* tag 'char-misc-5.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (33 commits)
bus: mhi: core: Add support for forced PM resume
iio: trigger: stm32-timer: fix MODULE_ALIAS
misc: rtsx: Avoid mangling IRQ during runtime PM
nvmem: eeprom: at25: fix FRAM byte_len
misc: fastrpc: fix improper packet size calculation
MAINTAINERS: add maintainer for Qualcomm FastRPC driver
bus: mhi: pci_generic: Fix device recovery failed issue
iio: adc: stm32: fix null pointer on defer_probe error
phy: HiSilicon: Fix copy and paste bug in error handling
dt-bindings: phy: zynqmp-psgtr: fix USB phy name
phy: ti: omap-usb2: Fix the kernel-doc style
phy: qualcomm: ipq806x-usb: Fix kernel-doc style
iio: at91-sama5d2: Fix incorrect sign extension
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: gyro: adxrs290: fix data signedness
phy: ti: tusb1210: Fix the kernel-doc warn
phy: qualcomm: usb-hsic: Fix the kernel-doc warn
phy: qualcomm: qmp: Add missing struct documentation
phy: mvebu-cp110-utmi: Fix kernel-doc warns
iio: ad7768-1: Call iio_trigger_notify_done() on error
...
|
|
Pull timer fixes from Thomas Gleixner:
"Two fixes for clock chip drivers:
- A regression fix for the Designware APB timer. A recent change to
the error checking code transformed the error condition wrongly so
it turned into a fail if good condition.
- Fix a clang build fail of the ARM architected timer driver"
* tag 'timers-urgent-2021-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clocksource/drivers/arm_arch_timer: Force inlining of erratum_set_next_event_generic()
clocksource/drivers/dw_apb_timer_of: Fix probe failure
|
|
Pull irq fixes from Thomas Gleixner:
"A set of interrupt chip driver fixes:
- Fix the multi vector MSI allocation on Armada 370XP
- Do interrupt acknowledgement correctly in the aspeed-scu driver
- Make the IPR register offset correct in the NVIC driver
- Make redistribution table flushing correct by issueing a SYNC
command to ensure that the invalidation command has been executed
- Plug a device tree node reference leak in the bcm7210-l2 driver
- Trivial fixes in the MIPS GIC and the Apple AIC drivers"
* tag 'irq-urgent-2021-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip/irq-bcm7120-l2: Add put_device() after of_find_device_by_node()
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/apple-aic: Mark aic_init_smp() as __init
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/mips-gic: Use bitfield helpers
irqchip/aspeed-scu: Replace update_bits with write_bits.
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
|
|
Pull scheduler fix from Thomas Gleixner:
"A single fix for the x86 scheduler topology:
Using cluster topology on hybrid CPUs, e.g. Alder Lake, biases the
scheduler towards the ATOM cluster as that has more total capacity.
Use selection based on CPU priority instead"
* tag 'sched-urgent-2021-12-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched,x86: Don't use cluster topology for x86 hybrid CPUs
|
|
Pull csky from Guo Ren:
"Only one fix for csky: fix fpu config macro"
* tag 'csky-for-linus-5.16-rc5' of git://github.com/c-sky/csky-linux:
csky: fix typo of fpu config macro
|
|
Using standard USB_EP_MAXP_MULT_MASK instead of individual bits for
extracting multiple-transactions bits from wMaxPacketSize value.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Pavel Hofman <pavel.hofman@ivitera.com>
Link: https://lore.kernel.org/r/20211210085219.16796-2-pavel.hofman@ivitera.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The checks performed by commit aed9d65ac327 ("USB: validate
wMaxPacketValue entries in endpoint descriptors") require that initial
value of the maxp variable contains both maximum packet size bits
(10..0) and multiple-transactions bits (12..11). However, the existing
code assings only the maximum packet size bits. This patch assigns all
bits of wMaxPacketSize to the variable.
Fixes: aed9d65ac327 ("USB: validate wMaxPacketValue entries in endpoint descriptors")
Cc: stable <stable@vger.kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Pavel Hofman <pavel.hofman@ivitera.com>
Link: https://lore.kernel.org/r/20211210085219.16796-1-pavel.hofman@ivitera.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Under some conditions, USB gadget devices can show allocated buffer
contents to a host. Fix this up by zero-allocating them so that any
extra data will all just be zeros.
Reported-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Tested-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Sometimes USB hosts can ask for buffers that are too large from endpoint
0, which should not be allowed. If this happens for OUT requests, stall
the endpoint, but for IN requests, trim the request size to the endpoint
buffer size.
Co-developed-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Pull SCSI fixes from James Bottomley:
"Four fixes, all in drivers.
Three are small and obvious, the qedi one is a bit larger but also
pretty obvious"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: qla2xxx: Format log strings only if needed
scsi: scsi_debug: Fix buffer size of REPORT ZONES command
scsi: qedi: Fix cmd_cleanup_cmpl counter mismatch issue
scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
|
|
Pull xfs fix from Darrick Wong:
"This fixes a race between a readonly remount process and other
processes that hold a file IOLOCK on files that previously experienced
copy on write, that could result in severe filesystem corruption if
the filesystem is then remounted rw.
I think this is fairly rare (since the only reliable reproducer I have
that fits the second criteria is the experimental xfs_scrub program),
but the race is clear, so we still need to fix this.
Summary:
- Fix a data corruption vector that can result from the ro remount
process failing to clear all speculative preallocations from files
and the rw remount process not noticing the incomplete cleanup"
* tag 'xfs-5.16-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: remove all COW fork extents when remounting readonly
|
|
Pull percpu fixes from Dennis Zhou:
"This contains a fix for SMP && !MMU archs for percpu which has been
tested by arm and sh. It seems in the past they have gotten away with
it due to mapping of vm functions to km functions, but this fell apart
a few releases ago and was just reported recently.
The other is just a minor dependency clean up.
I think queued up right now by Andrew is a fix in percpu that papers
of what seems to be a bug in hotplug for a special situation with
memoryless nodes. Michal Hocko is digging into it further"
* 'for-5.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu:
percpu_ref: Replace kernel.h with the necessary inclusions
percpu: km: ensure it is used with NOMMU (either UP or SMP)
|
|
Pull perf tools fixes from Arnaldo Carvalho de Melo:
- Prevent out-of-bounds access to per sample registers.
- Fix NULL vs IS_ERR_OR_NULL() checking on the python binding.
- Intel PT fixes, half of those are one-liners:
- Fix some PGE (packet generation enable/control flow packets) usage.
- Fix sync state when a PSB (synchronization) packet is found.
- Fix intel_pt_fup_event() assumptions about setting state type.
- Fix state setting when receiving overflow (OVF) packet.
- Fix next 'err' value, walking trace.
- Fix missing 'instruction' events with 'q' option.
- Fix error timestamp setting on the decoder error path.
* tag 'perf-tools-fixes-for-v5.16-2021-12-11' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
perf python: Fix NULL vs IS_ERR_OR_NULL() checking
perf intel-pt: Fix error timestamp setting on the decoder error path
perf intel-pt: Fix missing 'instruction' events with 'q' option
perf intel-pt: Fix next 'err' value, walking trace
perf intel-pt: Fix state setting when receiving overflow (OVF) packet
perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type
perf intel-pt: Fix sync state when a PSB (synchronization) packet is found
perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage
perf tools: Prevent out-of-bounds access to registers
|
|
Pull block fixes from Jens Axboe:
"A few block fixes that should go into this release:
- NVMe pull request:
- set ana_log_size to 0 after freeing ana_log_buf (Hou Tao)
- show subsys nqn for duplicate cntlids (Keith Busch)
- disable namespace access for unsupported metadata (Keith
Busch)
- report write pointer for a full zone as zone start + zone len
(Niklas Cassel)
- fix use after free when disconnecting a reconnecting ctrl
(Ruozhu Li)
- fix a list corruption in nvmet-tcp (Sagi Grimberg)
- Fix for a regression on DIO single bio async IO (Pavel)
- ioprio seteuid fix (Davidlohr)
- mtd fix that subsequently got reverted as it was broken, will get
re-done and submitted for the next round
- Two MD fixes via Song (Markus, zhangyue)"
* tag 'block-5.16-2021-12-10' of git://git.kernel.dk/linux-block:
Revert "mtd_blkdevs: don't scan partitions for plain mtdblock"
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
md: fix double free of mddev->private in autorun_array()
md: fix update super 1.0 on rdev size change
nvmet-tcp: fix possible list corruption for unexpected command failure
block: fix single bio async DIO error handling
nvme: fix use after free when disconnecting a reconnecting ctrl
nvme-multipath: set ana_log_size to 0 after free ana_log_buf
mtd_blkdevs: don't scan partitions for plain mtdblock
nvme: report write pointer for a full zone as zone start + zone len
nvme: disable namespace access for unsupported metadata
nvme: show subsys nqn for duplicate cntlids
|
|
Pull io_uring fixes from Jens Axboe:
"A few fixes that are all bound for stable:
- Two syzbot reports for io-wq that turned out to be separate fixes,
but ultimately very closely related
- io_uring task_work running on cancelations"
* tag 'io_uring-5.16-2021-12-10' of git://git.kernel.dk/linux-block:
io-wq: check for wq exit after adding new worker task_work
io_uring: ensure task_work gets run as part of cancelations
io-wq: remove spurious bit clear on task_work addition
|
Johan Hovold
Jason Wang
Kai Ye
Ben Hutchings
Ajith P V
Greg Kroah-Hartman
David Collins
James Lo
Stephen Boyd
Thomas Perrot
Kees Cook
Manivannan Sadhasivam
Bhaumik Bhatt
Christophe JAILLET
Bhaumik Bhatt
Loic Poulain
Slark Xiao
Misono Tomohiro
Christophe Leroy
Ard Biesheuvel
Linus Torvalds
Pavel Hofman