There is more information available in the SCSI logging mechanism than
in the SCSI ftrace event output, e.g. ASC and ASCQ sense codes. Hence
enable the SCSI logging mechanism. For more information about this
mechanism, see also the documentation of the scsi_logging_level
parameter on https://www.kernel.org/doc/html/v6.1/scsi/scsi-parameters.html
and also
https://github.com/torvalds/linux/blob/master/drivers/scsi/scsi_logging.h.
Bug: 268210743
Test: adb shell 'echo -1 > /sys/module/scsi_mod/parameters/scsi_logging_level && dmesg -w'
Change-Id: Ia0f048c3646714c62461d54271de1822377e61d8
Signed-off-by: Bart Van Assche <bvanassche@google.com>
LTS v5.15.91 commit b03f7ed9af ("scsi: ufs: core: Fix
devfreq deadlocks") didn't apply cleanly and it led to a
probable merge conflict which broke DB845c (sdm845).
Bug: 146449535
Fixes: e3d8fe0993 (Merge 5.15.91 into android14-5.15)
Change-Id: I308d6425f49e924dad412d5b5a93dc71c1881cbf
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
This reverts commit 3ce7942d7b.
UFS G4 patchseries broke RB5 (sm8250). Reverting a minimal
set of patches to get the device booting again.
Bug: 146449535
Change-Id: I26a755402561c6ec445a514f5b59f40d7e207cef
Suggested-by: Bart Van Assche <bvanassche@google.com>
Suggested-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
This reverts commit ac7823b077.
UFS G4 patchseries broke RB5 (sm8250). Reverting a minimal
set of patches to get the device booting again.
Bug: 146449535
Change-Id: I33155982effdcedcbf836e5355fbed646236ea48
Suggested-by: Bart Van Assche <bvanassche@google.com>
Suggested-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
The HOST_PAGE_PENDING_RECLAIM and HOST_PAGE_NEED_POISONING flags are now
no longer used, remove them.
Bug: 229972313
Bug: 238945523
Change-Id: Ib88a22c486f9c5eab95f0763ff949426f883be83
Signed-off-by: Quentin Perret <qperret@google.com>
The __pkvm_teardown_vm hypercall can take a long time. According to my
measurement on Pixel 6, up to 150+ms. The vast majority of that time is
spent walking the guest stage-2 page-table to put its pages in the
'pending reclaim' state, which was introduced to allow poisoning the
pages asynchronously. Given that pKVM is fundamentally non-preemptible,
those 150+ms are not acceptable.
In order to spread the work in multiple smaller sections, let's split the
teardown procedure in two. A first hypercall will be used to place a VM
in a 'dying' state after all the required sanity checks have been done
(e.g. checking that no vCPUs are currently loaded). Once in a dying
state, the hypervisor will deny any attempt to load vCPUs and run the
VM, but accept requests to reclaim guest pages. Once all guest pages have
been reclaimed, the host can issue a second hypercall to finalize the
teardown, which will free the handle and return all pages used to store
guest metadata at EL2 back to EL1.
This was tested on Pixel 6 with android14-6.1, and concurrently running
a memory intensive benchmark on the host and a large protected guest.
The length of EL2 periods have been measured by parsing pKVM traces and
the results showed that all outliers of 200+us have been entirely
eliminated.
Bug: 229972313
Bug: 238945523
Change-Id: Iaa426a964e1f7a5e48e9365aaec4700a62b3b776
Signed-off-by: Quentin Perret <qperret@google.com>
When a guest relinquishes a page to the host (because of e.g.
balooning), it issues a hypercall where the hypervisor puts the page in
the 'pending reclaim' state. It is then the host's responsibility to
call the reclaim hypercall to trigger the page poisoning before dropping
the GUP pin.
In order to reduce dependencies on the 'pending reclaim' state which
will be reworked very soon, rework the relinquish path to poison the
pages synchronously, hence removing the need for the host to issue a
reclaim call. The page ownership is now synchronously returned to the
host on the back of the relinquish hcall.
Bug: 229972313
Bug: 238945523
Change-Id: I85fd3485308209357bcdeb855de07da227fac0fe
Signed-off-by: Quentin Perret <qperret@google.com>
This reverts commit fe0be0c1c4.
Reason for revert: Appears to be the root-cause behind b/267581040
Change-Id: I51ac488de4326d39c7e33f37764cba0b65b84caf
Signed-off-by: Will Deacon <willdeacon@google.com>
commit a23039c7306f53416ba35d230201398ea34f4640 upstream.
Some selftests depend on information provided by the CPUID instruction.
To support this dependency the selftests implement private wrappers for
CPUID.
Duplication of the CPUID wrappers should be avoided.
Both gcc and clang/LLVM provide __cpuid_count() macros but neither
the macro nor its header file are available in all the compiler
versions that need to be supported by the selftests. __cpuid_count()
as provided by gcc is available starting with gcc v4.4, so it is
not available if the latest tests need to be run in all the
environments required to support kernels v4.9 and v4.14 that
have the minimal required gcc v3.2.
Duplicate gcc's __cpuid_count() macro to provide a centrally defined
macro for __cpuid_count() to help eliminate the duplicate CPUID wrappers
while continuing to compile in older environments.
Suggested-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Cc: Kyle Huey <me@kylehuey.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e89908201e2509354c40158b517945bf3d645812 upstream.
ARRAY_SIZE is defined in several selftests. Remove definitions from
individual test files and include header file for the define instead.
ARRAY_SIZE define is added in a separate patch to prepare for this
change.
Remove ARRAY_SIZE from vm tests and pickup the one defined in
kselftest.h.
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Cc: Kyle Huey <me@kylehuey.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 066b34aa5461f6072dbbecb690f4fe446b736ebf upstream.
tools/include/linux/kernel.h and kselftest_harness.h are missing
ifndef guard around ARRAY_SIZE define. Fix them to avoid duplicate
define errors during compile when another file defines it. This
problem was found when compiling selftests that include a header
with ARRAY_SIZE define.
ARRAY_SIZE is defined in several selftests. There are about 25+
duplicate defines in various selftests source and header files.
Add ARRAY_SIZE to kselftest.h in preparation for removing duplicate
ARRAY_SIZE defines from individual test files.
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Cc: Kyle Huey <me@kylehuey.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3afee2118132e93e5f6fa636dfde86201a860ab3 upstream.
This event is just specified for SCO and eSCO link types.
On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR
of an existing LE connection, LE link type and a status that triggers the
second case of the packet processing a NULL pointer dereference happens,
as conn->link is NULL.
Signed-off-by: Soenke Huster <soenke.huster@eknoes.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Ovidiu Panait <ovidiu.panait@eng.windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e400ad8b7e6a1b9102123c6240289a811501f7d9 upstream.
Old, circa 2002 chipsets have a bug: they don't go idle when they are
supposed to. So, a workaround was added to slow the CPU down and
ensure that the CPU waits a bit for the chipset to actually go idle.
This workaround is ancient and has been in place in some form since
the original kernel ACPI implementation.
But, this workaround is very painful on modern systems. The "inl()"
can take thousands of cycles (see Link: for some more detailed
numbers and some fun kernel archaeology).
First and foremost, modern systems should not be using this code.
Typical Intel systems have not used it in over a decade because it is
horribly inferior to MWAIT-based idle.
Despite this, people do seem to be tripping over this workaround on
AMD system today.
Limit the "dummy wait" workaround to Intel systems. Keep Modern AMD
systems from tripping over the workaround. Remotely modern Intel
systems use intel_idle instead of this code and will, in practice,
remain unaffected by the dummy wait.
Reported-by: K Prateek Nayak <kprateek.nayak@amd.com>
Suggested-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Tested-by: K Prateek Nayak <kprateek.nayak@amd.com>
Link: https://lore.kernel.org/all/20220921063638.2489-1-kprateek.nayak@amd.com/
Link: https://lkml.kernel.org/r/20220922184745.3252932-1-dave.hansen@intel.com
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a408f33e895e455f16cf964cb5cd4979b658db7b upstream.
When online resizing is performed twice consecutively, the error message
"Superblock checksum does not match superblock" is displayed for the
second time. Here's the reproducer:
mkfs.ext4 -F /dev/sdb 100M
mount /dev/sdb /tmp/test
resize2fs /dev/sdb 5G
resize2fs /dev/sdb 6G
To solve this issue, we moved the update of the checksum after the
es->s_overhead_clusters is updated.
Fixes: 026d0d27c488 ("ext4: reduce computation of overhead during resize")
Fixes: de394a86658f ("ext4: update s_overhead_clusters in the superblock during an on-line resize")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20221117040341.1380702-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1417f59ac0b02130ee56c0c50794b9b257be3d17 ]
If the function sdma_load_context() fails, the sdma_desc will be
freed, but the allocated desc->bd is forgot to be freed.
We already met the sdma_load_context() failure case and the log as
below:
[ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready
...
In this case, the desc->bd will not be freed without this change.
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Reviewed-by: Sascha Hauer <s.hauer@pengutronix.de>
Link: https://lore.kernel.org/r/20221130090800.102035-1-hui.wang@canonical.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ccf1e1626d37745d0a697db67407beec9ae9d4b8 ]
Make sure calibration values are defined to prevent potential kernel
crashes. This fixes a hypothetical issue for virtual or clone devices
inspired by a similar fix for DS4.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a3d81bc1eaef48e34dd0b9b48eefed9e02a06451 ]
The following kernel panic can be triggered when a task with pid=1 attaches
a prog that attempts to send killing signal to itself, also see [1] for more
details:
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x100/0x178 lib/dump_stack.c:106
panic+0x2c4/0x60f kernel/panic.c:275
do_exit.cold+0x63/0xe4 kernel/exit.c:789
do_group_exit+0xd4/0x2a0 kernel/exit.c:950
get_signal+0x2460/0x2600 kernel/signal.c:2858
arch_do_signal_or_restart+0x78/0x5d0 arch/x86/kernel/signal.c:306
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
So skip task with pid=1 in bpf_send_signal_common() to avoid the panic.
[1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com
Signed-off-by: Hao Sun <sunhao.th@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/bpf/20230106084838.12690-1-sunhao.th@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ef10d57936ead5e817ef7cea6a87531085e77773 ]
There is no "no-emmc" property, so intention for SD/SDIO only nodes was
to use "no-mmc".
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b025b4f5c288e29bbea421613a5b4eacf9261fbb ]
"make dtbs_check":
arch/arm64/boot/dts/freescale/fsl-ls1012a-qds.dtb: pca9547@77: $nodename:0: 'pca9547@77' does not match '^(i2c-?)?mux'
From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
arch/arm64/boot/dts/freescale/fsl-ls1012a-qds.dtb: pca9547@77: Unevaluated properties are not allowed ('#address-cells', '#size-cells', 'i2c@4' were unexpected)
From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
...
Fix this by renaming PCA954x nodes to "i2c-mux", to match the I2C bus
multiplexer/switch DT bindings and the Generic Names Recommendation in
the Devicetree Specification.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 42825d1f269355d63554ab3c3762611e4d8053e9 ]
"make dtbs_check":
arch/arm/boot/dts/vf610-zii-dev-rev-b.dtb: tca9548@70: $nodename:0: 'tca9548@70' does not match '^(i2c-?)?mux'
From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
arch/arm/boot/dts/vf610-zii-dev-rev-b.dtb: tca9548@70: Unevaluated properties are not allowed ('#address-cells', '#size-cells', 'i2c@0', 'i2c@1', 'i2c@2', 'i2c@3', 'i2c@4' were unexpected)
From schema: /scratch/geert/linux/linux-renesas/Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
...
Fix this by renaming PCA9548 nodes to "i2c-mux", to match the I2C bus
multiplexer/switch DT bindings and the Generic Names Recommendation in
the Devicetree Specification.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f78985f9f58380eec37f82c8a2c765aa7670fc29 ]
"make dtbs_check":
arch/arm/boot/dts/imx53-ppd.dtb: i2c-switch@70: $nodename:0: 'i2c-switch@70' does not match '^(i2c-?)?mux'
From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
arch/arm/boot/dts/imx53-ppd.dtb: i2c-switch@70: Unevaluated properties are not allowed ('#address-cells', '#size-cells', 'i2c@0', 'i2c@1', 'i2c@2', 'i2c@3', 'i2c@4', 'i2c@5', 'i2c@6', 'i2c@7' were unexpected)
From schema: Documentation/devicetree/bindings/i2c/i2c-mux-pca954x.yaml
Fix this by renaming the PCA9547 node to "i2c-mux", to match the I2C bus
multiplexer/switch DT bindings and the Generic Names Recommendation in
the Devicetree Specification.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Currently pKVM modules can only restrict the host stage-2 permissions of
some pages with no way of relaxing them later on. Also, modules lack the
ability to unmap pages from the host without mapping them in the
hypervisor as they only have access to the host-to-hyp-donation path.
In order to give modules more flexibility, make the
hyp_protect_host_page() function a lot more generic by allowing it to
relax permissions as well as "map" with !R!W!X.
Bug: 264070847
Change-Id: Id6751fe147ea8b86a416a1c3326a2d75f04b623d
Signed-off-by: Quentin Perret <qperret@google.com>
In order to let vendor pKVM modules change the permission of host pages,
introduce a new concept of module-owned pages. This flag is stored in
the vmemmap so it can be set for pages that have been unmapped from the
host and for which the stage-2 PTEs are invalid.
Bug: 264070847
Change-Id: Ic831d3873cf7d31a2bd9f411306d657cc2f4db01
Signed-off-by: Quentin Perret <qperret@google.com>
We will soon need to fetch part of the page state outside of invalid
PTE entries, so provide the input address to the get_page_state()
helper.
Bug: 264070847
Change-Id: I02e0c7538a15cad8e63591bfab67c6de125631fe
Signed-off-by: Quentin Perret <qperret@google.com>
scripts/gen_gki_modules_headers.sh:
Add an option to only keep unique symbols during the
symbol list prep phase as for header generation symbol
list needs to be unique union of all vendor symbol
lists in an ascending order.
This reduces the array size and improves the lookup
time for the binary search.
Bug: 232430739
Test: TH
Fixes: 0a903fe828 ("ANDROID: GKI: Header generation fix and improvements")
Change-Id: Ib6868f5a8eb0b3713e192bec111804e993e3d085
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add description of sysfs files
Test: none
Bug: 210958368
Change-Id: I8ddb678e0e0f1dbbcfb9455d6e17b726337d585c
Signed-off-by: Paul Lawrence <paullawrence@google.com>
This reverts commit dc855f8bdf.
Support existing users of ext4 who upgrade kernel version
Test: runs
Bug: 210958368
Change-Id: I06ad3c7870b67080dfd6d72917751b20193a4fd6
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Need to use the tracepoint_consume_skb symbol at module driver
This used on our vendor hook, the android_vh_ptype_head.
It's a debugging feature to trace packet flow when skb is freed.
We just traced at kfree_skb only before,
But we need tracing skb at consume_skb too, for analyze to more complex mobile network issues.
Bug: 244504166
Link: https://lore.kernel.org/lkml/20220617200021.02ad8ffc@kernel.org/T
Signed-off-by: Soukjin Bae <soukjin.bae@samsung.com>
Change-Id: Icffa3e7d2045156691a7711c5f19b309f8356261
(cherry picked from commit d1b29856cad674e59a182e45983ed1abf4f5489d)
(cherry picked from commit 70a5111957fe6a6742eb443626c44c613572d52c)
It is expected for hyp events to be used in hot paths. We then need to
reduce the overhead of having the events placed even when they are
disabled. Moving the variable enabling event tracing into a read-only
section increase the chance of sharing a cache line with immutable
objects and as a consequence making it less likely to get a cache miss.
A RW mapping alias must then be made with the fixmap to turn on and off
events.
Bug: 229972309
Change-Id: Ib15bb3fd16b3adb9a889a730b701fd26171c9d37
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Changes in 5.15.91
memory: tegra: Remove clients SID override programming
memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe()
memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe()
dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG
arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property
ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency'
ARM: dts: imx7d-pico: Use 'clock-frequency'
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux
ARM: imx: add missing of_node_put()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity
soc: imx8m: Fix incorrect check for of_clk_get_by_name()
reset: uniphier-glue: Use reset_control_bulk API
reset: uniphier-glue: Fix possible null-ptr-deref
EDAC/highbank: Fix memory leak in highbank_mc_probe()
firmware: arm_scmi: Harden shared memory access in fetch_response
firmware: arm_scmi: Harden shared memory access in fetch_notification
tomoyo: fix broken dependency on *.conf.default
RDMA/core: Fix ib block iterator counter overflow
IB/hfi1: Reject a zero-length user expected buffer
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Immediately remove invalid memory from hardware
IB/hfi1: Remove user expected buffer invalidate race
affs: initialize fsdata in affs_truncate()
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
arm64: dts: qcom: msm8992: Don't use sfpb mutex
arm64: dts: qcom: msm8992-libra: Add CPU regulators
arm64: dts: qcom: msm8992-libra: Fix the memory map
phy: ti: fix Kconfig warning and operator precedence
NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
amd-xgbe: Delay AN timeout during KR training
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
net: nfc: Fix use-after-free in local_cleanup()
net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
net: enetc: avoid deadlock in enetc_tx_onestep_tstamp()
sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb
gpio: use raw spinlock for gpio chip shadowed data
gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock
gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
pinctrl/rockchip: Use temporary variable for struct device
pinctrl/rockchip: add error handling for pull/drive register getters
pinctrl: rockchip: fix reading pull type on rk3568
net: stmmac: Fix queue statistics reading
net/sched: sch_taprio: fix possible use-after-free
l2tp: Serialize access to sk_user_data with sk_callback_lock
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
l2tp: convert l2tp_tunnel_list to idr
l2tp: close all race conditions in l2tp_tunnel_register()
octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
net: usb: sr9700: Handle negative len
net: mdio: validate parameter addr in mdiobus_get_phy()
HID: check empty report_list in hid_validate_values()
HID: check empty report_list in bigben_probe()
net: stmmac: fix invalid call to mdiobus_get_phy()
pinctrl: rockchip: fix mux route data for rk3568
HID: revert CHERRY_MOUSE_000C quirk
usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
net: ipa: disable ipa interrupt during suspend
net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT
net: mlx5: eliminate anonymous module_init & module_exit
drm/panfrost: fix GENERIC_ATOMIC64 dependency
dmaengine: Fix double increment of client_count in dma_chan_get()
net: macb: fix PTP TX timestamp failure due to packet padding
virtio-net: correctly enable callback during start_xmit
l2tp: prevent lockdep issue in l2tp_tunnel_register()
HID: betop: check shape of output reports
cifs: fix potential deadlock in cache_refresh_path()
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
phy: phy-can-transceiver: Skip warning if no "max-bitrate"
drm/amd/display: fix issues with driver unload
nvme-pci: fix timeout request state check
tcp: avoid the lookup process failing to get sk in ehash table
octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
ptdma: pt_core_execute_cmd() should use spinlock
device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
w1: fix deadloop in __w1_remove_master_device()
w1: fix WARNING after calling w1_process()
driver core: Fix test_async_probe_init saves device in wrong array
selftests/net: toeplitz: fix race on tpacket_v3 block close
net: dsa: microchip: ksz9477: port map correction in ALU table entry register
thermal/core: Remove duplicate information when an error occurs
thermal/core: Rename 'trips' to 'num_trips'
thermal: Validate new state in cur_state_store()
thermal/core: fix error code in __thermal_cooling_device_register()
thermal: core: call put_device() only after device_register() fails
net: stmmac: enable all safety features by default
tcp: fix rate_app_limited to default to 1
scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace
cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
kcsan: test: don't put the expect array on the stack
cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist
ASoC: fsl_micfil: Correct the number of steps on SX controls
net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
drm: Add orientation quirk for Lenovo ideapad D330-10IGL
s390/debug: add _ASM_S390_ prefix to header guard
s390: expicitly align _edata and _end symbols on page boundary
perf/x86/msr: Add Emerald Rapids
perf/x86/intel/uncore: Add Emerald Rapids
cpufreq: armada-37xx: stop using 0 as NULL pointer
ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
spi: spidev: remove debug messages that access spidev->spi without locking
KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id
r8152: add vendor/device ID pair for Microsoft Devkit
platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
lockref: stop doing cpu_relax in the cmpxchg loop
firmware: coreboot: Check size of table entry and use flex-array
drm/i915: Allow switching away via vga-switcheroo if uninitialized
Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID"
drm/i915: Remove unused variable
x86: ACPI: cstate: Optimize C3 entry on AMD CPUs
fs: reiserfs: remove useless new_opts in reiserfs_remount
sysctl: add a new register_sysctl_init() interface
kernel/panic: move panic sysctls to its own file
panic: unset panic_on_warn inside panic()
ubsan: no need to unset panic_on_warn in ubsan_epilogue()
kasan: no need to unset panic_on_warn in end_report()
exit: Add and use make_task_dead.
objtool: Add a missing comma to avoid string concatenation
hexagon: Fix function name in die()
h8300: Fix build errors from do_exit() to make_task_dead() transition
csky: Fix function name in csky_alignment() and die()
ia64: make IA64_MCA_RECOVERY bool instead of tristate
panic: Separate sysctl logic from CONFIG_SMP
exit: Put an upper limit on how often we can oops
exit: Expose "oops_count" to sysfs
exit: Allow oops_limit to be disabled
panic: Consolidate open-coded panic_on_warn checks
panic: Introduce warn_limit
panic: Expose "warn_count" to sysfs
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
drm/amdgpu: complete gfxoff allow signal during suspend without delay
scsi: hpsa: Fix allocation size for scsi_host_alloc()
KVM: SVM: fix tsc scaling cache logic
module: Don't wait for GOING modules
tracing: Make sure trace_printk() can output as soon as it can be used
trace_events_hist: add check for return value of 'create_hist_field'
ftrace/scripts: Update the instructions for ftrace-bisect.sh
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
i2c: mv64xxx: Remove shutdown method from driver
i2c: mv64xxx: Add atomic_xfer method to driver
ksmbd: add smbd max io size parameter
ksmbd: add max connections parameter
ksmbd: do not sign response to session request for guest login
ksmbd: downgrade ndr version error message to debug
ksmbd: limit pdu length size according to connection status
ovl: fail on invalid uid/gid mapping at copy up
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation
thermal: intel: int340x: Protect trip temperature from concurrent updates
ipv6: fix reachability confirmation with proxy_ndp
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
EDAC/device: Respect any driver-supplied workqueue polling value
EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
net: mana: Fix IRQ name - add PCI and queue number
scsi: ufs: core: Fix devfreq deadlocks
i2c: designware: use casting of u64 in clock multiplication to avoid overflow
netlink: prevent potential spectre v1 gadgets
net: fix UaF in netns ops registration error path
drm/i915/selftest: fix intel_selftest_modify_policy argument types
netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
netlink: annotate data races around nlk->portid
netlink: annotate data races around dst_portid and dst_group
netlink: annotate data races around sk_state
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
netrom: Fix use-after-free of a listening socket.
net/sched: sch_taprio: do not schedule in taprio_reset()
sctp: fail if no bound addresses can be used for a given scope
riscv/kprobe: Fix instruction simulation of JALR
nvme: fix passthrough csi check
gpio: mxc: Unlock on error path in mxc_flip_edge()
ravb: Rename "no_ptp_cfg_active" and "ptp_cfg_active" variables
net: ravb: Fix lack of register setting after system resumed for Gen3
net: ravb: Fix possible hang if RIS2_QFF1 happen
net: mctp: mark socks as dead on unhash, prevent re-add
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: mdio-mux-meson-g12a: force internal PHY off on mux switch
treewide: fix up files incorrectly marked executable
tools: gpio: fix -c option of gpio-event-mon
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
cpufreq: Move to_gov_attr_set() to cpufreq.h
cpufreq: governor: Use kobject release() method to free dbs_data
kbuild: Allow kernel installation packaging to override pkg-config
block: fix and cleanup bio_check_ro
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
netfilter: conntrack: unify established states for SCTP paths
perf/x86/amd: fix potential integer overflow on shift of a int
Linux 5.15.91
Change-Id: I3349d802533097ac86e5c680fbd40c00c9719ec7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a44b7651489f26271ac784b70895e8a85d0cebf4 upstream.
An SCTP endpoint can start an association through a path and tear it
down over another one. That means the initial path will not see the
shutdown sequence, and the conntrack entry will remain in ESTABLISHED
state for 5 days.
By merging the HEARTBEAT_ACKED and ESTABLISHED states into one
ESTABLISHED state, there remains no difference between a primary or
secondary path. The timeout for the merged ESTABLISHED state is set to
210 seconds (hb_interval * max_path_retrans + rto_max). So, even if a
path doesn't see the shutdown sequence, it will expire in a reasonable
amount of time.
With this change in place, there is now more than one state from which
we can transition to ESTABLISHED, COOKIE_ECHOED and HEARTBEAT_SENT, so
handle the setting of ASSURED bit whenever a state change has happened
and the new state is ESTABLISHED. Removed the check for dir==REPLY since
the transition to ESTABLISHED can happen only in the reply direction.
Fixes: 9fb9cbb108 ("[NETFILTER]: Add nf_conntrack subsystem.")
Signed-off-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5fa55950729d0762a787451dc52862c3f850f859 upstream.
Baoquan reported that after triggering a crash the subsequent crash-kernel
fails to boot about half of the time. It triggers a NULL pointer
dereference in the periodic tick code.
This happens because the legacy timer interrupt (IRQ0) is resent in
software which happens in soft interrupt (tasklet) context. In this context
get_irq_regs() returns NULL which leads to the NULL pointer dereference.
The reason for the resend is a spurious APIC interrupt on the IRQ0 vector
which is captured and leads to a resend when the legacy timer interrupt is
enabled. This is wrong because the legacy PIC interrupts are level
triggered and therefore should never be resent in software, but nothing
ever sets the IRQ_LEVEL flag on those interrupts, so the core code does not
know about their trigger type.
Ensure that IRQ_LEVEL is set when the legacy PCI interrupts are set up.
Fixes: a4633adcdb ("[PATCH] genirq: add genirq sw IRQ-retrigger")
Reported-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Baoquan He <bhe@redhat.com>
Link: https://lore.kernel.org/r/87mt6rjrra.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d5ea4fece4508bf8e72b659cd22fa4840d8d61e5 upstream.
Add HOSTPKG_CONFIG to allow tooling that builds the kernel to override
what pkg-config and parameters are used.
Signed-off-by: Chun-Tse Shao <ctshao@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
[swboyd@chromium.org: Drop certs/Makefile hunk that doesn't
apply because pkg-config isn't used there, add dtc/Makefile hunk to
fix dtb builds]
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a85ee6401a47ae3fc64ba506cacb3e7873823c65 upstream.
The struct dbs_data embeds a struct gov_attr_set and
the struct gov_attr_set embeds a kobject. Since every kobject must have
a release() method and we can't use kfree() to free it directly,
so introduce cpufreq_dbs_data_release() to release the dbs_data via
the kobject::release() method. This fixes the calltrace like below:
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x34
WARNING: CPU: 12 PID: 810 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100
Modules linked in:
CPU: 12 PID: 810 Comm: sh Not tainted 5.16.0-next-20220120-yocto-standard+ #536
Hardware name: Marvell OcteonTX CN96XX board (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object+0xb8/0x100
lr : debug_print_object+0xb8/0x100
sp : ffff80001dfcf9a0
x29: ffff80001dfcf9a0 x28: 0000000000000001 x27: ffff0001464f0000
x26: 0000000000000000 x25: ffff8000090e3f00 x24: ffff80000af60210
x23: ffff8000094dfb78 x22: ffff8000090e3f00 x21: ffff0001080b7118
x20: ffff80000aeb2430 x19: ffff800009e8f5e0 x18: 0000000000000000
x17: 0000000000000002 x16: 00004d62e58be040 x15: 013590470523aff8
x14: ffff8000090e1828 x13: 0000000001359047 x12: 00000000f5257d14
x11: 0000000000040591 x10: 0000000066c1ffea x9 : ffff8000080d15e0
x8 : ffff80000a1765a8 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff800009e8c000 x4 : ffff800009e8c760 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0001474ed040
Call trace:
debug_print_object+0xb8/0x100
__debug_check_no_obj_freed+0x1d0/0x25c
debug_check_no_obj_freed+0x24/0xa0
kfree+0x11c/0x440
cpufreq_dbs_governor_exit+0xa8/0xac
cpufreq_exit_governor+0x44/0x90
cpufreq_set_policy+0x29c/0x570
store_scaling_governor+0x110/0x154
store+0xb0/0xe0
sysfs_kf_write+0x58/0x84
kernfs_fop_write_iter+0x12c/0x1c0
new_sync_write+0xf0/0x18c
vfs_write+0x1cc/0x220
ksys_write+0x74/0x100
__arm64_sys_write+0x28/0x3c
invoke_syscall.constprop.0+0x58/0xf0
do_el0_svc+0x70/0x170
el0_svc+0x54/0x190
el0t_64_sync_handler+0xa4/0x130
el0t_64_sync+0x1a0/0x1a4
irq event stamp: 189006
hardirqs last enabled at (189005): [<ffff8000080849d0>] finish_task_switch.isra.0+0xe0/0x2c0
hardirqs last disabled at (189006): [<ffff8000090667a4>] el1_dbg+0x24/0xa0
softirqs last enabled at (188966): [<ffff8000080106d0>] __do_softirq+0x4b0/0x6a0
softirqs last disabled at (188957): [<ffff80000804a618>] __irq_exit_rcu+0x108/0x1a4
[ rjw: Because can be freed by the gov_attr_set_put() in
cpufreq_dbs_governor_exit() now, it is also necessary to put the
invocation of the governor ->exit() callback into the new
cpufreq_dbs_data_release() function. ]
Fixes: c443563036 ("cpufreq: governor: New sysfs show/store callbacks for governor tunables")
Signed-off-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 677d85e1a1ee69fa05ccea83847309484be3781c ]
Following line should listen for a rising edge and exit after the first
one since '-c 1' is provided.
# gpio-event-mon -n gpiochip1 -o 0 -r -c 1
It works with kernel 4.19 but it doesn't work with 5.10. In 5.10 the
above command doesn't exit after the first rising edge it keep listening
for an event forever. The '-c 1' is not taken into an account.
The problem is in commit 62757c32d5 ("tools: gpio: add multi-line
monitoring to gpio-event-mon").
Before this commit the iterator 'i' in monitor_device() is used for
counting of the events (loops). In the case of the above command (-c 1)
we should start from 0 and increment 'i' only ones and hit the 'break'
statement and exit the process. But after the above commit counting
doesn't start from 0, it start from 1 when we listen on one line.
It is because 'i' is used from one more purpose, counting of lines
(num_lines) and it isn't restore to 0 after following code
for (i = 0; i < num_lines; i++)
gpiotools_set_bit(&values.mask, i);
Restore the initial value of the iterator to 0 in order to allow counting
of loops to work for any cases.
Fixes: 62757c32d5 ("tools: gpio: add multi-line monitoring to gpio-event-mon")
Signed-off-by: Ivo Borisov Shopov <ivoshopov@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
[Bartosz: tweak the commit message]
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
