-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAl+4JHgACgkQnJ2qBz9k
QNlXOQf/YHs4q4HgBI0tsStS/U4xFtmY77Rcm1pllqH6BZPBg1vRpzfh7hZvIPMa
GceTcMAX4OmG6++fRzVgNDIuem3Jl0oDCm++pWPev+S/V06PuTu36viuFWJ3e/5g
0wDLYXRj4dRUiQtjbSkI7LAgIX1wbTANOKSZeaKFYaGHfEcFm1GkHUuHzEBVX1Jw
bRpaod3ikmjoaoI6TTZlKKnrKksSw6F5wHUiHu2ZHdZ6kQ36elwHFu8QXJCzkZ7F
F9vt4IIKq6xzEVdwDXAPjsFkPp2B4Bz+AgcSpoitg/2L5hc2d/kxgI4zvpXY8TGs
hpW6YPXEXIjhHjKX22f99ThI4BqXww==
=bBTT
-----END PGP SIGNATURE-----
Merge tag 'fsnotify_for_v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull fanotify fix from Jan Kara:
"A single fanotify fix from Amir"
* tag 'fsnotify_for_v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
fanotify: fix logic of reporting name info with watched parent
- Fix typos in seccomp selftests on powerpc and sh (Kees Cook)
- Fix PF_SUPERPRIV audit marking in seccomp and ptrace (Mickaël Salaün)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl+4FQgACgkQiXL039xt
wCYERA/8Cwb8p8PWbtOq6uUKsZ4kJQuMZee3crP+LM0B1a427hOCSuezoDtOY1wO
N7IEOr3ipHxoxZ1Zf2Ln4lGyktxlwzA8pqlGZyqR5zFIl+0HArbXdAfcRMcaeqUp
eSV30CNBD5XfGLc2R5s1qHnrshVBJFebCpgMfSCOQQWMpZ51nnaoFN8N8iSEx6PN
kYHC1C1WX5g3vtKo29xS2Y7KCThMOXvcNI7eFpVD0C4ZwEr8lywbTTzBBhXUIGBX
6NoNOV7kVxIjNLQ8x17F1OacrC6h4ZzNTl4MEYnMZ/Mw0NVB3MvoHQohwW+Y98Rf
97sPQPZjYeJ6xURolRsWX+kvXC7PyLYvfldsQi00QDfdc6RGu0pnsG4UuivsldlY
OhswE9Q/KKHmzXiHnZBmcw4NcSyhZiL3LYB1VZl3jDobeOhVKyHw72vo8Zrhhz8A
ksCDg3vNvOo/x2iH9GSUG4Fjk8coXRif8P6lH5Btw6V+x9ZlFiaW5WbSbP0G3PzJ
zS5nPu8PE6Sm70XlRn0BbRmIjV9AhEZqNNZoOsndrbR86klH6WolyCB4ifj2MKuR
ZwbeDblUrYyRne/Ll9XGQVDSFv8J5phxtDQM0phiGK0jOsvXqbl8RvlckCKqBwm0
7VgtEumU5vJTx01avrXw86Sj7B2IR4M1nTgpwWJ2EVs9U98Emew=
=1Mse
-----END PGP SIGNATURE-----
Merge tag 'seccomp-v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull seccomp fixes from Kees Cook:
"This gets the seccomp selftests running again on powerpc and sh, and
fixes an audit reporting oversight noticed in both seccomp and ptrace.
- Fix typos in seccomp selftests on powerpc and sh (Kees Cook)
- Fix PF_SUPERPRIV audit marking in seccomp and ptrace (Mickaël
Salaün)"
* tag 'seccomp-v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
selftests/seccomp: sh: Fix register names
selftests/seccomp: powerpc: Fix typo in macro variable name
seccomp: Set PF_SUPERPRIV when checking capability
ptrace: Set PF_SUPERPRIV when checking capability
Fixes for two fairly obscure but annoying when triggered races in
iSCSI.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCX7gmiiYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishcJeAP4v9I6j
fh/0E3tU+Hb8ZerNoD8p2q7vdxeKkihXWw5/EwEA2SoFW6VNTrJdhUq1+hJ1QWOR
Awrex3uy1m11ETLgIcM=
=A1lM
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Fixes for two fairly obscure but annoying when triggered races in
iSCSI"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: target: iscsi: Fix cmd abort fabric stop race
scsi: libiscsi: Fix NOP race condition
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl+4DAwQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgphdOD/9xOEnYPuekvVH9G9nyNd//Q9fPArG2+j6V
/MCnze07GNtDt7z15oR+T07hKXmf+Ejh4nu3JJ6MUNfe/47hhJqHSxRHU6+PJCjk
hPrsaTsDedxxLEDiLmvhXnUPzfVzJtefxVAAaKikWOb3SBqLdh7xTFSlor1HbRBl
Zk4d343cjBDYfvSSt/zMWDzwwvramdz7rJnnPMKXITu64ITL5314vuK2YVZmBOet
YujSah7J8FL1jKhiG1Iw5rayd2Q3smnHWIEQ+lvW6WiTvMJMLOxif2xNF4/VEZs1
CBGJUQt42LI6QGEzRBHohcefZFuPGoxnduSzHCOIhh7d6+k+y9mZfsPGohr3g9Ov
NotXpVonnA7GbRqzo1+IfBRve7iRONdZ3/LBwyRmqav4I4jX68wXBNH5IDpVR0Sn
c31avxa/ZL7iLIBx32enp0/r3mqNTQotEleSLUdyJQXAZTyG2INRhjLLXTqSQ5BX
oVp0fZzKCwsr6HCPZpXZ/f2G7dhzuF0ghoceC02GsOVooni22gdVnQj+AWNus398
e+wcimT4MX6AHNFxO2aUtJow0KWWZRzC1p5Mxu/9W3YiMtJiC0YOGePfSqiTqX0g
Uk0H5dOAgBUQrAsusf7bKr0K6W25yEk/JipxhWqi0rC71x42mLTsCT1wxSCvLwqs
WxhdtVKroQ==
=7PAe
-----END PGP SIGNATURE-----
Merge tag 'io_uring-5.10-2020-11-20' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
"Mostly regression or stable fodder:
- Disallow async path resolution of /proc/self
- Tighten constraints for segmented async buffered reads
- Fix double completion for a retry error case
- Fix for fixed file life times (Pavel)"
* tag 'io_uring-5.10-2020-11-20' of git://git.kernel.dk/linux-block:
io_uring: order refnode recycling
io_uring: get an active ref_node from files_data
io_uring: don't double complete failed reissue request
mm: never attempt async page lock if we've transferred data already
io_uring: handle -EOPNOTSUPP on path resolution
proc: don't allow async path resolution of /proc/self components
It looks like the seccomp selftests was never actually built for sh.
This fixes it, though I don't have an environment to do a runtime test
of it yet.
Fixes: 0bb605c2c7 ("sh: Add SECCOMP_FILTER")
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/lkml/a36d7b48-6598-1642-e403-0c77a86f416d@physik.fu-berlin.de
Signed-off-by: Kees Cook <keescook@chromium.org>
A typo sneaked into the powerpc selftest. Fix the name so it builds again.
Fixes: 46138329fa ("selftests/seccomp: powerpc: Fix seccomp return value testing")
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/lkml/87y2ix2895.fsf@mpe.ellerman.id.au
Signed-off-by: Kees Cook <keescook@chromium.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCX7dYpAAKCRCAXGG7T9hj
vqRpAQDiOASJZyPTwbB3kW7EPIyMz5kZgeJUyX4BEBUOR0g3CAEA/Qz9ZE9h9h3l
YIXs9LDGQJ0pOl04wOzjte57AjzGoAM=
=B9Bu
-----END PGP SIGNATURE-----
Merge tag 'for-linus-5.10b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fix from Juergen Gross:
"A single fix for avoiding WARN splats when booting a Xen guest with
nosmt"
* tag 'for-linus-5.10b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/xen: don't unbind uninitialized lock_kicker_irq
- Fix boot when intel iommu initialisation fails under TXT (tboot)
- Fix intel iommu compilation error when DMAR is enabled without ATS
- Temporarily update IOMMU MAINTAINERs entry
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAl+3p6gQHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNPowCADBKq5PBRwqIM1tmntRu5rePf/WuB1BotlJ
cUUR8dIxFDvKMeGvN4mDbn/5jjL1+TlD7sQqFh+gcWJ9tImpAMzp1ENbg71isl5o
Ej21X9YhjfiIsKpTrNGxcetCkYaR2tp8Z4/WzSQaO+IGB578dQ9VwiwSnDyFdWUb
1Qcj712ainYvKjbq4NyL80lPm9v43OV8QZ73WeelzBjE2UcDFAV0Xl4BIX8uuGtv
I1x03JfgzmzhVBmpj5HUGPsSopMDdo5K4vlcqscqSqvBY90iHD5fgRF4ZatTjR1t
PVM/1+c9vdJIWSxSt1hsB8DPtqXVOvGjzrLW/h63rxyWsISwkAq0
=DNX/
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull iommu fixes from Will Deacon:
"Two straightforward vt-d fixes:
- Fix boot when intel iommu initialisation fails under TXT (tboot)
- Fix intel iommu compilation error when DMAR is enabled without ATS
and temporarily update IOMMU MAINTAINERs entry"
* tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
MAINTAINERS: Temporarily add myself to the IOMMU entry
iommu/vt-d: Fix compile error with CONFIG_PCI_ATS not set
iommu/vt-d: Avoid panic if iommu init fails in tboot system
- sdhci-of-arasan: Stabilize communication by fixing tap value configs
- sdhci-pci: Use SDR25 timing for HS mode for BYT-based Intel HWs
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAl+3nr8XHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCmbSQ//QkzuRoGDX9OuCorTF5FbesZk
5dKPjxPcZy+EbMPegEZkH8hIEpHWgiwnUt4UjN7TbxsPsdpEXzws+ChY1mvdID0o
K1Uj1bl4ngKHDiLgFChwoLvVPpbK9H0SMV4tosymBnhBpsVE4MfYSRd68ZP2EIXh
9YpP4SJYBfMqhPpvddqA4o4qzYLgAG5NhOTmsp1HvAE2nrDZ5UclrJRVzIu+zd0m
nGP9Jbh+ygGF3GpYOYgg6KawBe9MnTwThY7yBDt7K5Qad+WXvXQ/wJ23hfNs3+0a
S17uSF29Ymd8X6Na8mSjNvZIN2bsDjxj/yy1VnQRebQR0jzzbb0ebBSXpjNWJiZ7
xLj9YJLiNNEu7eFRp4/9zFI5r5y1VxqV8bAuuLIa0HMEdKEq6aia2JxLEznnD1TA
ZQZoe916UiEnMSVrkdu8rkg4hnzmAngc4DxJMrE4AeRInQevA0dLdwpma8Vn0cIb
HIEd9U5Oz83emM+ongQTW5EF1NhKuHqtxACmCNIFBMrZ/T9PT3Qgq4yhOSEx/GOg
+tegTFumlz8LduwQekMdEdUp8BDlVdRlsEvqg1A4CtXmZ2lFG2NCQVjJXNxMCT+E
Mh6+Pv8XojVPLBhkTh4WmE6MaOEwSdknzR+UJ2tKB5Pa7iyJT1nD4/T4jKp2/HNn
qgqO2W5LWuOn/oLaalI=
=kfSz
-----END PGP SIGNATURE-----
Merge tag 'mmc-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
"A couple of MMC fixes:
- sdhci-of-arasan: Stabilize communication by fixing tap value configs
- sdhci-pci: Use SDR25 timing for HS mode for BYT-based Intel HWs"
* tag 'mmc-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: sdhci-of-arasan: Issue DLL reset explicitly
mmc: sdhci-of-arasan: Use Mask writes for Tap delays
mmc: sdhci-of-arasan: Allow configuring zero tap values
mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers
A collection of small fixes: the only core change is a minor error
code handling in the control API, and all the rest are device-specific
fixes, mostly quirks, fixups and ASoC Intel fixes.
It looks boring, and good so.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl+2wKcOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9ELBAAjjNoPsqs+Bw9AFORMch23vXXLiQscsz5FMWy
gWTDlyvVoYvjEhkQ+b2EWY61c63Un6gCWiSOJrDh6J1mou+I/8iJ2oGgpVV7DNNx
sRW6yaOYs+dpymIoCsYAJadxEdfaaAItoFL0y8/um/kRpOpLSXpNCBuwKMMYziXA
HPjOQQv9KuUoY2qXQTDJdIzznwwSmX/6B/IPzi0dtgZ8J04izOd5gFd9MVCTbNi6
kjxw1h5j1hdLiOIDUiomunHRnNfYoTdQwDcdCPi+JOU6hZHEBjyDwG3pPm/lVsJf
PsJJWUcEQrR8c17vxsXt2Dh+SlGJNqBUXhqTy+3cef6NUJ0U4FCGMW28zRWrf753
27tSdpxFh24ghvCfzsJAtki5XqJmpnp1xChHY1/9D1bz6FtmFbL5kykdg25jY0Fr
z4mkogWfc74GE3jYg+l7KbjNb4iV45u13hJ9bXXD8YVbLtLIJF20euwMJ5jGImOM
E+WCy73QKq0C+2w476pZLr3mnEUmXRheMhkwYuPjow7g+QGMs3ivLoku2kWOR4OY
Bhd6nClyfixadf0/W8LKVacS3h3HIOeyMm+qQo09zOlhoyPxW32K/ug06ugLOSPQ
0lD1H209yjBtIoTJcw00Q4hSe35+WwOPWoBpRZRWCiRksr7rH97KKmFdvII8wwTY
n2dxu8c=
=E7Lw
-----END PGP SIGNATURE-----
Merge tag 'sound-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes: the only core change is a minor error
code handling in the control API, and all the rest are device-specific
fixes, mostly quirks, fixups and ASoC Intel fixes.
It looks boring, and good so"
* tag 'sound-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: mixart: Fix mutex deadlock
ALSA: hda/ca0132: Fix compile warning without PCI
ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock
ALSA: usb-audio: Add delay quirk for all Logitech USB devices
ASoC: Intel: catpt: Correct clock selection for dai trigger
ASoC: Intel: catpt: Skip position update for unprepared streams
ASoC: qcom: lpass-platform: Fix memory leak
ASoC: Intel: KMB: Fix S24_LE configuration
ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid
ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo
ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
ASoC: rt1015: increase the time to detect BCLK
ALSA: ctl: fix error path at adding user-defined element set
ALSA: hda/realtek - HP Headset Mic can't detect after boot
ALSA: hda/realtek - Add supported mute Led for HP
ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button
ASoC: rt1015: add delay to fix pop noise from speaker
core:
- vram helper TTM regression fix
amdgpu:
- Pageflip fix for navi1x with 5 or 6 displays
- Remove experimental flag for Arcturus
- Fix regression in atomic commit tail rework
i915:
- Fix tgl power gating issue
- Memory leak fixes
- Selftest fixes
- Display bpc fix
- Fix TGL MOCS for PTE tracking
dw-hdmi:
- probing fix
sun4i:
- probing fix
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJftx+jAAoJEAx081l5xIa+iP0P+gJuMX12yISdXJ4u/VdZCEGO
SZ2taoqgpnYtd0SiYUgh436yNOB9KsZZLm/413k3vj4Rx+Dm7Fm9MfTu8cVn63pd
qS51CGwTGUOp3E+Zc94qqMWgQqg/oqSA9NeWy7Q/kOP5H2Ic3dBWyjiVUdzVlN55
V7X8ac6rsgOfvRq7f8QxWgEHf9WMM+890euFmTbc2/YK7bbdDZt5eckuJsf1rfuk
PJKUQHi2YmtaQoNb16ctOkCLmTeFjK626OpO4zFFDQxElCVSxNnC85CqV2gYUOI5
NqjBrLISDeHB6omBdDp8U08Los7y6j+0C6xL78ZV/OErEbb5h9TvdhOHgPDJS7uf
KN/LLcEE/S7gmmYcP6osA4bsBGXumHkR7VuctLwEOc2lXCF6eJs2zc1m69Yo68kD
z7+OkCPLZd4nZ2sJoBt4MhA+jGFb4pIyRTlBMDeJUo+i6Hn4eJeE7gJJNYRM6Ief
DVBgVQxS4qyN0HGf7QlgpnJhcZ1xW06t4yGPzMO1gCPOt+gzzP2d5KWF9hJaRSwX
foSkSwoiEXA6OjZb/uoKxAxbp+292P9au70L2y7mruvScyKBAhUOuNmuF4j9jZQ+
WkHE0YgGfMxbCYugnFizyiW7r9kDjYGUIOMFyron1T8n16CWfDuw5Ih7tAtcEtti
QWWRRyF0vZzuS22v2QPB
=ZJKB
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2020-11-20-2' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Weekly fixes pull.
This contains some fixes for sun4i/dw-hdmi probing, then amdgpu
enables arcturus hw without experimental flag and two other fixes and
a group of i915 fixes.
It also has a backported from next fix for the warn on reported in
ast/drm_gem_vram_helper code in the merge window. There's a separate
report which initially looked to be the same problem, but I'm going to
chase that up next week a bit more as I don't think the bisect landed
anywhere useful.
Summary:
core:
- vram helper TTM regression fix
amdgpu:
- Pageflip fix for navi1x with 5 or 6 displays
- Remove experimental flag for Arcturus
- Fix regression in atomic commit tail rework
i915:
- Fix tgl power gating issue
- Memory leak fixes
- Selftest fixes
- Display bpc fix
- Fix TGL MOCS for PTE tracking
dw-hdmi:
- probing fix
sun4i:
- probing fix"
* tag 'drm-fixes-2020-11-20-2' of git://anongit.freedesktop.org/drm/drm:
drm/i915/gt: Fixup tgl mocs for PTE tracking
drm/vram-helper: Fix use of top-down placement
drm/i915/gt: Remember to free the virtual breadcrumbs
drm/i915: Handle max_bpc==16
drm/amd/display: Always get CRTC updated constant values inside commit tail
drm/sun4i: backend: Fix probe failure with multiple backends
drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind()
drm/i915/selftests: Fix wrong return value of perf_request_latency()
drm/i915/selftests: Fix wrong return value of perf_series_engines()
drm/i915: Avoid memory leak with more than 16 workarounds on a list
drm/i915/tgl: Fix Media power gate sequence.
drm/amdgpu: remove experimental flag from arcturus
drm/amd/display: Add missing pflip irq for dcn2.0
drm/i915/gvt: return error when failing to take the module reference
drm: bridge: dw-hdmi: Avoid resetting force in the detect function
drm/i915/gvt: Set ENHANCED_FRAME_CAP bit
drm/i915/gvt: Temporarily disable vfio_edid for BXT/APL
- Memory leak fixes (Tvrtko, Chris)
- Selftest fixes (Zhang)
- Display bpc fix (Ville)
- Fix TGL MOCS for PTE tracking (Chris)
GVT Fixes: It temporarily disables VFIO edid
feature on BXT/APL until its virtual display is really fixed to make
it work properly. And fixes for DPCD 1.2 and error return in taking
module reference.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAl+21pYACgkQ+mJfZA7r
E8rUwQf/fkEuJVUXcAf5z59xVkGyxd+PIcOnNyo1sfF0NlwFYG2RSmo/iK2skpKQ
SlCtbP53+nfQaMQ7G780hR6nzut7hHHo+fKW4IUdXg3sH0gH3CowVrsSqTClLmGt
gFxn/qqoUUsUTppf7iC+c4DpQ6MaUzy603/AnIT6rq25BkI6mY1acATcAMmrGXYc
zyvYncywr6hfrt6m+GLYnWbvyuX/WBmDuDM1h8lgccfikE3am91ctCHJuz5ldfM/
9ZjrYQ0R8Doo48OgUGlniexqkz/R9uoAtvETNmgkMKmA9FMzt9pFTLR40ANyLl8e
y4VIBw9CeEySLA/LNi+xjWdLftxgSg==
=OAFl
-----END PGP SIGNATURE-----
Merge tag 'drm-intel-fixes-2020-11-19' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Fix tgl power gating issue (Rodrigo)
- Memory leak fixes (Tvrtko, Chris)
- Selftest fixes (Zhang)
- Display bpc fix (Ville)
- Fix TGL MOCS for PTE tracking (Chris)
GVT Fixes: It temporarily disables VFIO edid
feature on BXT/APL until its virtual display is really fixed to make
it work properly. And fixes for DPCD 1.2 and error return in taking
module reference.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20201119203417.GA1795798@intel.com
sun4i shared with arm-soc
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCX7YvLgAKCRDj7w1vZxhR
xWKWAP93/nBmycoRvdhrpa516drBZ//VqaXNqXUmuMTlCokX8QEAzuKr2nEFWLut
mN6wNUWJyQko6dGtAlE9MZlVGDeROwc=
=YRSO
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2020-11-19' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
two patches to fix dw-hdmi bind and detection code, and one fix for
sun4i shared with arm-soc
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20201119083939.ddj3saipyg5iwvb4@gilmour
can and bpf (including the strncpy_from_user fix).
Current release - regressions:
- mac80211: fix memory leak of filtered powersave frames
- mac80211: free sta in sta_info_insert_finish() on errors to avoid
sleeping in atomic context
- netlabel: fix an uninitialized variable warning added in -rc4
Previous release - regressions:
- vsock: forward all packets to the host when no H2G is registered,
un-breaking AWS Nitro Enclaves
- net: Exempt multicast addresses from five-second neighbor lifetime
requirement, decreasing the chances neighbor tables fill up
- net/tls: fix corrupted data in recvmsg
- qed: fix ILT configuration of SRC block
- can: m_can: process interrupt only when not runtime suspended
Previous release - always broken:
- page_frag: Recover from memory pressure by not recycling pages
allocating from the reserves
- strncpy_from_user: Mask out bytes after NUL terminator
- ip_tunnels: Set tunnel option flag only when tunnel metadata is
present, always setting it confuses Open vSwitch
- bpf, sockmap:
- Fix partial copy_page_to_iter so progress can still be made
- Fix socket memory accounting and obeying SO_RCVBUF
- net: Have netpoll bring-up DSA management interface
- net: bridge: add missing counters to ndo_get_stats64 callback
- tcp: brr: only postpone PROBE_RTT if RTT is < current min_rtt
- enetc: Workaround MDIO register access HW bug
- net/ncsi: move netlink family registration to a subsystem init,
instead of tying it to driver probe
- net: ftgmac100: unregister NC-SI when removing driver to avoid crash
- lan743x: prevent interrupt storm on open
- lan743x: fix freeing skbs in the wrong context
- net/mlx5e: Fix socket refcount leak on kTLS RX resync
- net: dsa: mv88e6xxx: Avoid VLAN database corruption on 6097
- fix 21 unset return codes and other mistakes on error paths,
mostly detected by the Hulk Robot
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAl+226AACgkQMUZtbf5S
IruE1w/+JX3CqJwGIqyzyhwVshNaKxmX9gAOMJzkckjEohn8932zPaNq7kbmNYqt
5QsJoou3cXjFeoIEAkQA5fqR4stTZpZMnLO+7JnxxQ0vb2YBN+tIGQRNCnmd1Q0h
u9gb5+5AdORdlmk3E7oC8v50dzQRfboJXLEEZTo2uGJwUgLlEAiqTSV2w4YDHMhL
JtgtWA/fraL0CUc2WMoxuimg9NirbRuMijsU6+d/yExzznDpdoho/qsxL+Odu1NF
hSdaKirA8B8ml0pOd/b4mj+fm4+lKyXZBfSyLx4Ki1TqluEMLzDp7gQPRnU6yyJm
AOu4zsKxx6qitOX2qLQCNlEpkQp6LA2N2Zb1orliUV3Bsq2DJRhU35FgLcghtdRP
GTRSdKHr2BvMScOZ7dQo8l4TqVc3e/khSZDRGdvpsM275Dt0JyS/l7yAWxunPqMb
+/483/s75OuBRO57ULLJ/hR02TG37g/Jv5sI0sG/7oDpGfnulinQX+fxy9izyTEM
KYl0mAPSqhb6RcjE0YXWG0rhJN6FSvc/lwPQHjq8wPSkwEdD/FTb6/eYqbXDi1ld
UTYhFpkh1PQrwct14eSScMeJqTsNKvG0VV39/uZLZCzcqa3yOY5+oTzwaCFlMsy3
a5yGGxqoh7/FTM8t1ml21is9uZ31LAQEnNTMPv69pZPwAv5G5yE=
=SRwI
-----END PGP SIGNATURE-----
Merge tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Networking fixes for 5.10-rc5, including fixes from the WiFi
(mac80211), can and bpf (including the strncpy_from_user fix).
Current release - regressions:
- mac80211: fix memory leak of filtered powersave frames
- mac80211: free sta in sta_info_insert_finish() on errors to avoid
sleeping in atomic context
- netlabel: fix an uninitialized variable warning added in -rc4
Previous release - regressions:
- vsock: forward all packets to the host when no H2G is registered,
un-breaking AWS Nitro Enclaves
- net: Exempt multicast addresses from five-second neighbor lifetime
requirement, decreasing the chances neighbor tables fill up
- net/tls: fix corrupted data in recvmsg
- qed: fix ILT configuration of SRC block
- can: m_can: process interrupt only when not runtime suspended
Previous release - always broken:
- page_frag: Recover from memory pressure by not recycling pages
allocating from the reserves
- strncpy_from_user: Mask out bytes after NUL terminator
- ip_tunnels: Set tunnel option flag only when tunnel metadata is
present, always setting it confuses Open vSwitch
- bpf, sockmap:
- Fix partial copy_page_to_iter so progress can still be made
- Fix socket memory accounting and obeying SO_RCVBUF
- net: Have netpoll bring-up DSA management interface
- net: bridge: add missing counters to ndo_get_stats64 callback
- tcp: brr: only postpone PROBE_RTT if RTT is < current min_rtt
- enetc: Workaround MDIO register access HW bug
- net/ncsi: move netlink family registration to a subsystem init,
instead of tying it to driver probe
- net: ftgmac100: unregister NC-SI when removing driver to avoid
crash
- lan743x:
- prevent interrupt storm on open
- fix freeing skbs in the wrong context
- net/mlx5e: Fix socket refcount leak on kTLS RX resync
- net: dsa: mv88e6xxx: Avoid VLAN database corruption on 6097
- fix 21 unset return codes and other mistakes on error paths, mostly
detected by the Hulk Robot"
* tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (115 commits)
fail_function: Remove a redundant mutex unlock
selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()
net/smc: fix matching of existing link groups
ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module
libbpf: Fix VERSIONED_SYM_COUNT number parsing
net/mlx4_core: Fix init_hca fields offset
atm: nicstar: Unmap DMA on send error
page_frag: Recover from memory pressure
net: dsa: mv88e6xxx: Wait for EEPROM done after HW reset
mlxsw: core: Use variable timeout for EMAD retries
mlxsw: Fix firmware flashing
net: Have netpoll bring-up DSA management interface
atl1e: fix error return code in atl1e_probe()
atl1c: fix error return code in atl1c_probe()
ah6: fix error return code in ah6_input()
net: usb: qmi_wwan: Set DTR quirk for MR400
can: m_can: process interrupt only when not runtime suspended
can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery
...
A collection of error case bug fixes
- Improper nesting of spinlock types in cm
- Missing error codes and kfree()
- Ensure dma_virt_ops users have the right kconfig symbols to work
properly
- Compilation failure of tools/testing
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAl+2vPwACgkQOG33FX4g
mxppSg//Z8+BoRgv26dqbug8lm9lvIeo3LprpZi+UXrR4ns2503bGN0TB/cgLjml
5eMrFN/Wgg8ntB15nOTqcWx+F3vCG+Jli4pKxfZM45VDauB4MYUS/npQRaxUgJuJ
vzidl0j4atsa4OwYFn8xEKPrtp4/e/c+uIXtHgnwI+HYGhCTSdMPJbrd7Fg6R0ls
wyGXXO5X5naLoYUq8NXbGmmEm/EFKqePGKqbdZSUkIY/sPRyvdTqt6n5k3rt8/i+
38QohnijagXzc9mOv3jvUnBL6K9nRmmMIetkZdYiCymRjLh/kYEOBlcwqAjroE88
1xDOk4O+zpw5FAlJH2UQItTWApUBhiUMQSY67/tbVCzgUzyQrDCtS11za8PexcIM
B6RcXBdlyQU1Q+qwzppP9kGY0MD9XVez0ZSGHXuLty/BKpeEfGcr16p/eYOT/DHi
0sogMoRL10a9ppOsUziIT4BYigW1INw1KUCfz2fUAEnvytoxhnhbAb4UuCoEpx1a
SWRdfpsdNOGqcFL6VGJ9GBUi4Qh5MSzcKcGg9AEQC/0L/aH3QVM53/Qaqy1xH1W8
ghHOr2k0xWuZ6KDDz8t/VdTIYg0hqUosNjEwiLqcSVE6eUzDrje7cO/fgQHo98ak
fcgH+lDT6Nee8dtXYPkqXsKIiLYKowKAFwxL66HDJr2Q6lTRIDY=
=oIS7
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"The last two weeks have been quiet here, just the usual smattering of
long standing bug fixes.
A collection of error case bug fixes:
- Improper nesting of spinlock types in cm
- Missing error codes and kfree()
- Ensure dma_virt_ops users have the right kconfig symbols to work
properly
- Compilation failure of tools/testing"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
tools/testing/scatterlist: Fix test to compile and run
IB/hfi1: Fix error return code in hfi1_init_dd()
RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs
RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device()
RDMA/cm: Make the local_id_table xarray non-irq
Alexei Starovoitov says:
====================
1) libbpf should not attempt to load unused subprogs, from Andrii.
2) Make strncpy_from_user() mask out bytes after NUL terminator, from Daniel.
3) Relax return code check for subprograms in the BPF verifier, from Dmitrii.
4) Fix several sockmap issues, from John.
* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
fail_function: Remove a redundant mutex unlock
selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
libbpf: Fix VERSIONED_SYM_COUNT number parsing
bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list
bpf, sockmap: Handle memory acct if skb_verdict prog redirects to self
bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self
bpf, sockmap: Use truesize with sk_rmem_schedule()
bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect
bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made
selftests/bpf: Fix error return code in run_getsockopt_test()
bpf: Relax return code check for subprograms
tools, bpftool: Add missing close before bpftool net attach exit
MAINTAINERS/bpf: Update Andrii's entry.
selftests/bpf: Fix unused attribute usage in subprogs_unused test
bpf: Fix unsigned 'datasec_id' compared with zero in check_pseudo_btf_id
bpf: Fix passing zero to PTR_ERR() in bpf_btf_printf_prepare
libbpf: Don't attempt to load unused subprog as an entry-point BPF program
====================
Link: https://lore.kernel.org/r/20201119200721.288-1-alexei.starovoitov@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Forcing mocs:1 [used for our winsys follows-pte mode] to be cached
caused display glitches. Though it is documented as deprecated (and so
likely behaves as uncached) use the follow-pte bit and force it out of
L3 cache.
Testcase: igt/kms_frontbuffer_tracking
Testcase: igt/kms_big_fb
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ayaz A Siddiqui <ayaz.siddiqui@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20201015122138.30161-4-chris@chris-wilson.co.uk
(cherry picked from commit a04ac82736)
Fixes: 849c0fe9e8 ("drm/i915/gt: Initialize reserved and unspecified MOCS indices")
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
[Rodrigo: Updated Fixes tag]
Fix a mutex_unlock() issue where before copy_from_user() is
not called mutex_locked.
Fixes: 4b1a29a7f5 ("error-injection: Support fault injection framework")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/bpf/160570737118.263807.8358435412898356284.stgit@devnote2
Daniel Xu says:
====================
6ae08ae3de ("bpf: Add probe_read_{user, kernel} and probe_read_{user,
kernel}_str helpers") introduced a subtle bug where
bpf_probe_read_user_str() would potentially copy a few extra bytes after
the NUL terminator.
This issue is particularly nefarious when strings are used as map keys,
as seemingly identical strings can occupy multiple entries in a map.
This patchset fixes the issue and introduces a selftest to prevent
future regressions.
v6 -> v7:
* Add comments
v5 -> v6:
* zero-pad up to sizeof(unsigned long) after NUL
v4 -> v5:
* don't read potentially uninitialized memory
v3 -> v4:
* directly pass userspace pointer to prog
* test more strings of different length
v2 -> v3:
* set pid filter before attaching prog in selftest
* use long instead of int as bpf_probe_read_user_str() retval
* style changes
v1 -> v2:
* add Fixes: tag
* add selftest
====================
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Previously, bpf_probe_read_user_str() could potentially overcopy the
trailing bytes after the NUL due to how do_strncpy_from_user() does the
copy in long-sized strides. The issue has been fixed in the previous
commit.
This commit adds a selftest that ensures we don't regress
bpf_probe_read_user_str() again.
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/4d977508fab4ec5b7b574b85bdf8b398868b6ee9.1605642949.git.dxu@dxuuu.xyz
do_strncpy_from_user() may copy some extra bytes after the NUL
terminator into the destination buffer. This usually does not matter for
normal string operations. However, when BPF programs key BPF maps with
strings, this matters a lot.
A BPF program may read strings from user memory by calling the
bpf_probe_read_user_str() helper which eventually calls
do_strncpy_from_user(). The program can then key a map with the
destination buffer. BPF map keys are fixed-width and string-agnostic,
meaning that map keys are treated as a set of bytes.
The issue is when do_strncpy_from_user() overcopies bytes after the NUL
terminator, it can result in seemingly identical strings occupying
multiple slots in a BPF map. This behavior is subtle and totally
unexpected by the user.
This commit masks out the bytes following the NUL while preserving
long-sized stride in the fast path.
Fixes: 6ae08ae3de ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers")
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/21efc982b3e9f2f7b0379eed642294caaa0c27a7.1605642949.git.dxu@dxuuu.xyz
From Daniel's cover letter:
IBM Power9 processors can speculatively operate on data in the L1 cache
before it has been completely validated, via a way-prediction mechanism. It
is not possible for an attacker to determine the contents of impermissible
memory using this method, since these systems implement a combination of
hardware and software security measures to prevent scenarios where
protected data could be leaked.
However these measures don't address the scenario where an attacker induces
the operating system to speculatively execute instructions using data that
the attacker controls. This can be used for example to speculatively bypass
"kernel user access prevention" techniques, as discovered by Anthony
Steinhauser of Google's Safeside Project. This is not an attack by itself,
but there is a possibility it could be used in conjunction with
side-channels or other weaknesses in the privileged code to construct an
attack.
This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern.
This patch series flushes the L1 cache on kernel entry (patch 2) and after the
kernel performs any user accesses (patch 3). It also adds a self-test and
performs some related cleanups.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl+2aqETHG1wZUBlbGxl
cm1hbi5pZC5hdQAKCRBR6+o8yOGlgG+hD/4njSFct2amqWfqDYR9b2OykWmnMQXn
geookk5SbItQF7vh1q2SVA6r43s5ZAxgD5fezx4LgG6p3QU39+Tr0RhzUUHWMPDV
UNGZK6x/N/GSYeq0bqvMHmVwS0FDjPE8nOtA8Hn2T9mUUsu9G0okpgYPLnEu6rb1
gIyS35zlLBh9obi3MfJzyln/AmCE7hdonKRtLAxvGiERJAyfAG757lrdjrwavyHy
mwz+XPl5PF88jfO5cbcZT9gNHmZZPzVsOVwNcstCh2FcwuePv9dWe1pxsBxxKqP5
UXceXPcKM7VlRNmehimq7q/hfbget4RJGGKYPNXeKHOo6yfy7lJPiQV4h+5z2pSs
SPP2fQQPq0aubmcO23CXFtZl4WRHQ4pax6opepnpIfC2vZ0HLXJtPrhMKcbFJNTo
qPis6HWQPpIuI6l4MJfs+YO9ETxCR31Yd28qFAfPFoHlnQZTfx6NPhw8HKxTbSh2
Svr4X6Y14j3UsQgLTCArCXWAG/hlfRwxDZJ4AvR9EU0HJGDyZ45Y+LTD1N8bbsny
zcYfPqWGPIanLcNPNFYIQwDZo7ff08KdmngUvf/Q9om60mP1hsPJMHf6VhPXj4fC
2TZ11fORssSlBSNtIkFkbjEG+aiWtWnz3fN3uSyT50rgGwtDHJzVzLiUWHlZKcxW
X73YdxuT8fqQwg==
=Yibq
-----END PGP SIGNATURE-----
Merge tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"Fixes for CVE-2020-4788.
From Daniel's cover letter:
IBM Power9 processors can speculatively operate on data in the L1
cache before it has been completely validated, via a way-prediction
mechanism. It is not possible for an attacker to determine the
contents of impermissible memory using this method, since these
systems implement a combination of hardware and software security
measures to prevent scenarios where protected data could be leaked.
However these measures don't address the scenario where an attacker
induces the operating system to speculatively execute instructions
using data that the attacker controls. This can be used for example to
speculatively bypass "kernel user access prevention" techniques, as
discovered by Anthony Steinhauser of Google's Safeside Project. This
is not an attack by itself, but there is a possibility it could be
used in conjunction with side-channels or other weaknesses in the
privileged code to construct an attack.
This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern.
This patch series flushes the L1 cache on kernel entry (patch 2) and
after the kernel performs any user accesses (patch 3). It also adds a
self-test and performs some related cleanups"
* tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations
selftests/powerpc: refactor entry and rfi_flush tests
selftests/powerpc: entry flush test
powerpc: Only include kup-radix.h for 64-bit Book3S
powerpc/64s: flush L1D after user accesses
powerpc/64s: flush L1D on kernel entry
selftests/powerpc: rfi_flush: disable entry flush if present
- fix placement of cache alias remapping area
- disable preemption around cache alias management calls
- add missing __user annotation to strncpy_from_user argument
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAl+2VswTHGpjbXZia2Jj
QGdtYWlsLmNvbQAKCRBR+cyR+D+gRF8kEACGXrZHeIOaw9AXsBznUcXP3yx2o5jO
Sff2fe2qR20pxfw9dfS2+r8MlVvyD8fwuTd3LCV8RscM2WGestFFOkqGl+LZH1Za
0Px7cEzZvMWWd8qwrvshEzlAb2swYObmnXUj81A59FXSihbyuB+C1kcehXIQfM8Q
KTEswWkKf+8Zkk39clkz5TYsrlg3l2H+x7CkGps6+bhh8l9CJEePZs7yKsIKA1sK
zvIqg3RrLi2DOIAwwfThqI/RGN6qjJbyGo2JZm9Bcg2AYWjNNDvE41nJiY8aQNc9
EYGNSPTznJBEpWtIAAxThRwVKVe4BTzwZZq6Ri19lJBKPqJi165o/vLqeoo4HfZp
UYQ+OhX/ga6KUZybR/srHU/Cr3aLecqnYIyHput1tZW/ZNX9hdThG6z+D4vScMir
LwTIqxBGMJ8P+jklfR/miiR4l927aM76IJJOtAdsBRMQVCGVs/f9CO1W09YaNa6z
VD6Pd5n0Y8W/c/Sr/tz9JuAHVOvyVhwZdy8jBlDn+WHKuNByzS/XVInbdYf6ojXd
MgYIC4VcIEEkB9EcWZqsKvo+ZNT4e/PiyaVC8nX4IEh0OB3wmUDHm4dlrLIwmjGj
WCrgizQm3h2DKWIntGSJOnBWAsQI/c289Xm8xVbvZ3eb7tq3PXuve1+XwPANIlWk
TnGD1jSA+ISmBQ==
=T/hd
-----END PGP SIGNATURE-----
Merge tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa
Pull xtensa fixes from Max Filippov:
- fix placement of cache alias remapping area
- disable preemption around cache alias management calls
- add missing __user annotation to strncpy_from_user argument
* tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa:
xtensa: uaccess: Add missing __user to strncpy_from_user() prototype
xtensa: disable preemption around cache alias management calls
xtensa: fix TLBTEMP area placement
Commit 7053e0eab4 ("drm/vram-helper: stop using TTM placement flags")
cleared the BO placement flags if top-down placement had been selected.
Hence, BOs that were supposed to go into VRAM are now placed in a default
location in system memory.
Trying to scanout the incorrectly pinned BO results in displayed garbage
and an error message.
[ 146.108127] ------------[ cut here ]------------
[ 146.1V08180] WARNING: CPU: 0 PID: 152 at drivers/gpu/drm/drm_gem_vram_helper.c:284 drm_gem_vram_offset+0x59/0x60 [drm_vram_helper]
...
[ 146.108591] ast_cursor_page_flip+0x3e/0x150 [ast]
[ 146.108622] ast_cursor_plane_helper_atomic_update+0x8a/0xc0 [ast]
[ 146.108654] drm_atomic_helper_commit_planes+0x197/0x4c0
[ 146.108699] drm_atomic_helper_commit_tail_rpm+0x59/0xa0
[ 146.108718] commit_tail+0x103/0x1c0
...
[ 146.109302] ---[ end trace d901a1ba1d949036 ]---
Fix the bug by keeping the placement flags. The top-down placement flag
is stored in a separate variable.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Christian König <christian.koenig@amd.com>
Fixes: 7053e0eab4 ("drm/vram-helper: stop using TTM placement flags")
Reported-by: Pu Wen <puwen@hygon.cn> [for 5.10-rc1]
Tested-by: Pu Wen <puwen@hygon.cn>
Cc: Christian König <christian.koenig@amd.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Link: https://patchwork.freedesktop.org/patch/msgid/20200921142536.4392-1-tzimmermann@suse.de
(cherry picked from commit b8f8dbf649)
[pulled into fixes from drm-next]
Signed-off-by: Dave Airlie <airlied@redhat.com>
- Make the APEI code avoid attempts to obtain logical addresses for
registers located in the I/O address space to fix initialization
issues (Aili Yao).
- Fix sysfs attribute initialization in the ACPI fan driver (Guenter
Roeck).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl+2rTASHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxPVcP/3O/5KJDCRSTcEwDtXhzONlDKHiAlYk6
q5VURqxDhNpxI58OAB+0X67YAlz3BVNR2c67Teje7+pIdlFsmQrXVoPSUdZqc/H9
pZUc/iJsQRBzPnDGRLp4SEzTZzZp+7tlFfqM68X4ya9+2zBfqTFEWZTaF6UfSPEN
lWm5IA8i5CPsb7BtB9NdRQPK692r6b1QyvAfwbjOQ5DwRjj7ibfzBtiuqk5NQwWN
Ox+N+lmdJs3tGK41mU+Ic842TfMt5MgxLM1Ft6c8FgL+hQ4lyNUNOjUzVhv+DU54
RJNMxcgKSO//S5Yb0TPknjppDi0LTQHD5uo5+lDTOrfySRaXSl9uh2natF4D23ED
nBhpzacgG2wDqELRDAe5opeSGWithcNgor3Aazca1Yh1UTEUW5Zy9edmHyHgvqIL
ejFfhWAtR2ju3yD3tn6QA6Za/wOS5rhQ/tgOgaGy9OS76HPihxEM/Sship/ny8td
zbXLvfiZUTim5b3MfaGI3vx+GUPHRcyjJ3YCgvD1nmFwozD1Y+n+xR0iZoE9mQr5
AccgSfWyoGrWEEbuLqkbwN9BQoNgutoP5wck2HTM+YJjjiEKnxk2BatTlZY6/Pgj
Au/rWWqRCSwjl6U84qBHHwDZf270RMNBIi5mOWCUphMwg87JqA5HjYdJ7n3s+MAH
mqfDNU6vQOfX
=OxrX
-----END PGP SIGNATURE-----
Merge tag 'acpi-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These fix recent regression in the APEI code and initialization issue
in the ACPI fan driver.
Specifics:
- Make the APEI code avoid attempts to obtain logical addresses for
registers located in the I/O address space to fix initialization
issues (Aili Yao)
- Fix sysfs attribute initialization in the ACPI fan driver (Guenter
Roeck)"
* tag 'acpi-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI, APEI, Fix error return value in apei_map_generic_address()
ACPI: fan: Initialize performance state sysfs attribute
- Add missing RCU_NONIDLE() annotations to the Tegra cpuidle
driver (Dmitry Osipenko).
- Fix boot frequency computation in the tegra186 cpufreq driver (Jon
Hunter).
- Make the SCMI cpufreq driver register a dummy clock provider to
avoid OPP addition failures (Sudeep Holla).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl+2rNoSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRx8dgP/371AuIG1MKSFaWfgJnkDuaQN+/jFzXW
fkGWOwgdRm2Pwkcpldb5Nve7icz1TQc2JxZQZY8ZPYAjekmDWlBj4NFEp9FS0+Wk
nqFL46L3rotWv+YZ6Fr7cjjFXdI/RMDE3806zKv5+J/vxMlsKQdAMmppGHLS2fq1
GKzcSqKfGqeIhFStPrfGaeOc+jQfkqqnTBikfrhLKPusMWF+b3VO841SmqETVYpK
D7GJYWlmMKYf+kHzTJeAhuIsH4Uy0f50iXgeW7WBh6ANfumC+Yzk0IklS4TbxD1U
kI2CW35NyIIqa9LsFHwUVNBLWf0rxtL8vIOuIgffZ6ph8rRzkKkAPqk/T8/dW4/8
jB6SLTvK+NcSbwHQByQ/nnwvfTPgUdFB6HZwjKSWGIew5PLIydh20p3WAQINQCBI
mRQqQ5Y9ORvMavZAQf6IaTY1bEDVBxlVlFYgbRg+6YZ5BS8hofWHOt8XAH/ppajO
AxcC2U+fWt5LfDgFO9QsDnhhJB0sMA9TTuq31Zqpn0jfgB1O2n1SQsq4ywGoiXef
FSaN9qunOcTkksSp32/H1LUS0Ndzeo+y7Z8XtbtQ9FoshtqyQIW1mKjfX5U5a3uz
sq89D3XXhfjSmNlleMkfmr9wayDif0/wQLlBe/ehls+ZSo6V6Ea8d2kcysY51eXu
xl6H9E0hWz22
=Hko0
-----END PGP SIGNATURE-----
Merge tag 'pm-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix two issues in ARM cpufreq drivers and one cpuidle driver
issue.
Specifics:
- Add missing RCU_NONIDLE() annotations to the Tegra cpuidle driver
(Dmitry Osipenko)
- Fix boot frequency computation in the tegra186 cpufreq driver (Jon
Hunter)
- Make the SCMI cpufreq driver register a dummy clock provider to
avoid OPP addition failures (Sudeep Holla)"
* tag 'pm-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: scmi: Fix OPP addition failure with a dummy clock provider
cpufreq: tegra186: Fix get frequency callback
cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE
This is a relatively large set of fixes, the bulk of it being a series
from Lukas Wunner which fixes confusion with the lifetime of driver data
allocated along with the SPI controller structure that's been created as
part of the conversion to devm APIs. The simplest fix, explained in
detail in Lukas' commit message, is to move to a devm_ function for
allocation of the controller and hence driver data in order to push the
free of that after anything tries to reference the driver data in the
remove path. This results in a relatively large diff due to the
addition of a new function but isn't particularly complex.
There's also a fix from sven van Asbroeck which fixes yet more fallout
from the conflicts between the various different places one can
configure the polarity of GPIOs in modern systems.
Otherwise everything is fairly small and driver specific.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAl+2qqsACgkQJNaLcl1U
h9DN/gf+P85QtRuWq8hGt9cEywwvPXdYEifxlJuevO+RIzyrI7y6hc2AqmQ/ek2Q
kRU39CVLzrm+P8GRX/K6wL8sSQmBVJSt25aWwYKiygidh4eFqmDKC5y/yQY+VIoW
/MvFpdFOENDbAjRRK3l5x9BdwXsNPadjl7Ts2FGyjsBOOEWdXf9fApXju7oVHGki
oDc35Z5o1DdwTdTD5B/uKP2VmevbrEmBceGZttaSUjyO4kJ9ehe+kJ1DuBu9QrTN
GDu/J7oijbtYYfRi6DeMjVfUvvNK9c+6TQay91j0c6ZNW5TuYkZ0XS1vbpjwshQg
wWPxA+uQ4YelNgRQ4H+PhzOKo0zv4A==
=oG9R
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"This is a relatively large set of fixes, the bulk of it being a series
from Lukas Wunner which fixes confusion with the lifetime of driver
data allocated along with the SPI controller structure that's been
created as part of the conversion to devm APIs.
The simplest fix, explained in detail in Lukas' commit message, is to
move to a devm_ function for allocation of the controller and hence
driver data in order to push the free of that after anything tries to
reference the driver data in the remove path. This results in a
relatively large diff due to the addition of a new function but isn't
particularly complex.
There's also a fix from Sven van Asbroeck which fixes yet more fallout
from the conflicts between the various different places one can
configure the polarity of GPIOs in modern systems.
Otherwise everything is fairly small and driver specific"
* tag 'spi-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: npcm-fiu: Don't leak SPI master in probe error path
spi: dw: Set transfer handler before unmasking the IRQs
spi: cadence-quadspi: Fix error return code in cqspi_probe
spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
spi: lpspi: Fix use-after-free on unbind
spi: bcm-qspi: Fix use-after-free on unbind
spi: bcm2835aux: Fix use-after-free on unbind
spi: bcm2835: Fix use-after-free on unbind
spi: Introduce device-managed SPI controller allocation
spi: fsi: Fix transfer returning without finalizing message
spi: fix client driver breakages when using GPIO descriptors
Karsten Graul says:
====================
net/smc: fixes 2020-11-18
Patch 1 fixes the matching of link groups because with SMC-Dv2 the vlanid
should no longer be part of this matching. Patch 2 removes a sparse message.
====================
Link: https://lore.kernel.org/r/20201118214038.24039-1-kgraul@linux.ibm.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Sparse complaints 3 times about:
net/smc/smc_ib.c:203:52: warning: incorrect type in argument 1 (different address spaces)
net/smc/smc_ib.c:203:52: expected struct net_device const *dev
net/smc/smc_ib.c:203:52: got struct net_device [noderef] __rcu *const ndev
Fix that by using the existing and validated ndev variable instead of
accessing attr->ndev directly.
Fixes: 5102eca903 ("net/smc: Use rdma_read_gid_l2_fields to L2 fields")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
With the multi-subnet support of SMC-Dv2 the match for existing link
groups should not include the vlanid of the network device.
Set ini->smcd_version accordingly before the call to smc_conn_create()
and use this value in smc_conn_create() to skip the vlanid check.
Fixes: 5c21c4ccaf ("net/smc: determine accepted ISM devices")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
A collection of driver specific fixes, mostly for x86 systems (or CODECs
used mostly on x86) and all for relatively minor issues, the biggest one
being fixing S24_LE format on Keem Bay systems.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAl+2peUACgkQJNaLcl1U
h9COxAf/aq+7DrGjU1umHPD/zfS3ppjmN1hNCHBxqiCm1U9SBbBLGlnDMMcPqFQR
wS8SKdDfhKONA7q7fhGDvvFZd07r9HzIFra+9HVjuc5ouKlPkoETF8uDfXqAdOkM
sXkffe45Wh9DqWIPZOng8ZpKVGW6v3oUCAMrlx53t9LUT9Sd8oQrhsx3nwgr/CUb
SmZiBFF5kWpK8CgG82PuDlCHEnsI4SEatYqHtEMYRBfE0K8fzROye7e7WCKBsb/8
QaDf1RrQ599GXLMVJzbFsXpybBwaaP7LWkKCDHfQbAeKZ6EAWH0agbvUq2X1H2nm
/a3Th5SgL6Vm6KXYvIFGHyTq8rbPLg==
=OkNz
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v5.10-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v5.11
A collection of driver specific fixes, mostly for x86 systems (or CODECs
used mostly on x86) and all for relatively minor issues, the biggest one
being fixing S24_LE format on Keem Bay systems.
Mostly core fixes here, one set from Michał Mirosław which cleans up
some issues introduced as part of the coupled regulators work, one
memory leak during probe and two due to regulators which have an input
supply name and regulator name which are identical, which is very
unusual. There's also a fix for our handling of the similarly unusual
case where we can't determine if a regulator is enabled during boot.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAl+2rrIACgkQJNaLcl1U
h9BaJwf+OYQtWUrn7QgM3kceZBrMh8zOZs20aM78gYZW1HgEqnvULHUQn7yh84MP
M17BXdV2/cJZhUhDzwGimBOXpU7uYPy4Wglfoz6q/TpIPnQUDGXPLhmYB6+zJjJy
VCm2rb0Mk1WOkH5RhNV16vikq4R+FbY5kV6kIYMjaLx9iaDjxEqPmz988VbEEyWN
MUi4V890CiWCzj9WlrVJOxFM90VNuLwlq3ecfLwLmFyH68JC+2TCC6fTFiH1MHD3
JB1p5JVU+2VgRtGDB9u58HJJZKSgHMs8snm+bdiDfnHRe0+hSkr5VSJSxNCpSbuW
sjOV9kE0gDO09DsZGM0jhi6sT98iBw==
=34Nk
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"Mostly core fixes here, one set from Michał Mirosław which cleans up
some issues introduced as part of the coupled regulators work, one
memory leak during probe and two due to regulators which have an input
supply name and regulator name which are identical, which is very
unusual.
There's also a fix for our handling of the similarly unusual case
where we can't determine if a regulator is enabled during boot"
* tag 'regulator-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: ti-abb: Fix array out of bound read access on the first transition
regulator: workaround self-referent regulators
regulator: avoid resolve_supply() infinite recursion
regulator: fix memory leak with repeated set_machine_constraints()
regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200}
regulator: core: don't disable regulator if is_enabled return error.
IPV6=m
NF_DEFRAG_IPV6=y
ld: net/ipv6/netfilter/nf_conntrack_reasm.o: in function
`nf_ct_frag6_gather':
net/ipv6/netfilter/nf_conntrack_reasm.c:462: undefined reference to
`ipv6_frag_thdr_truncated'
Netfilter is depending on ipv6 symbol ipv6_frag_thdr_truncated. This
dependency is forcing IPV6=y.
Remove this dependency by moving ipv6_frag_thdr_truncated out of ipv6. This
is the same solution as used with a similar issues: Referring to
commit 70b095c843 ("ipv6: remove dependency of nf_defrag_ipv6 on ipv6
module")
Fixes: 9d9e937b1c ("ipv6/netfilter: Discard first fragment not including all headers")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Georg Kohmann <geokohma@cisco.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Link: https://lore.kernel.org/r/20201119095833.8409-1-geokohma@cisco.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
prevent wrong temperature leading to a critical shutdown (Peter
Ujfalusi)
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEGn3N4YVz0WNVyHskqDIjiipP6E8FAl+2TDEACgkQqDIjiipP
6E8QdAf+Oywmk7h/SuD3tCsZimVQui03OJ1uuhgz//xNsCLhLGYa9KMNydhgCT56
hzecDbgH6Hmh1NC/PiMdAOUsZkJUkoFRX89RCm9JsQoCqzOVlCguLI+LdmU0IBLC
phFnQPff/eWbezk03hilb+rKWpYt/NmiUH7suH7drXZzCCIEB1EET+td2qHL0rXZ
A+a1sPHoO6cdRuNimFJSV/C9V7ICDZDVBKJGWoh1VXVIid7wfgLEARuLAl45us3l
yOzgRtlihWnOQ45VLPEXy6yMMSC1PnOiYmcCY0Oal0rxEbLz8JzXoM6Ojl5OpS7n
xcQcl7ja3zEjguV2jD9CYt/BCplEyA==
=vpbm
-----END PGP SIGNATURE-----
Merge tag 'thermal-v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux
Pull thermal fix from Daniel Lezcano:
"Disable the CPU PM notifier for OMAP4430 for suspend in order to
prevent wrong temperature leading to a critical shutdown (Peter
Ujfalusi)"
* tag 'thermal-v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux:
thermal: ti-soc-thermal: Disable the CPU PM notifier for OMAP4430
The code change for switching to non-atomic mode brought the
unexpected mutex deadlock in get_msg(). It converted the spinlock
with the existing mutex, but there were calls with the already holding
the mutex. Since the only place that needs the extra lock is the code
path from snd_mixart_send_msg(), remove the mutex lock in get_msg()
and apply in the caller side for fixing the mutex deadlock.
Fixes: 8d3a8b5cb5 ("ALSA: mixart: Use nonatomic PCM ops")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201119121440.18945-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
We remove "other info" from "readelf -s --wide" output when
parsing GLOBAL_SYM_COUNT variable, which was added in [1].
But we don't do that for VERSIONED_SYM_COUNT and it's failing
the check_abi target on powerpc Fedora 33.
The extra "other info" wasn't problem for VERSIONED_SYM_COUNT
parsing until commit [2] added awk in the pipe, which assumes
that the last column is symbol, but it can be "other info".
Adding "other info" removal for VERSIONED_SYM_COUNT the same
way as we did for GLOBAL_SYM_COUNT parsing.
[1] aa915931ac ("libbpf: Fix readelf output parsing for Fedora")
[2] 746f534a48 ("tools/libbpf: Avoid counting local symbols in ABI check")
Fixes: 746f534a48 ("tools/libbpf: Avoid counting local symbols in ABI check")
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20201118211350.1493421-1-jolsa@kernel.org
pseries|pnv_setup_rfi_flush already does the count cache flush setup, and
we just added entry and uaccess flushes. So the name is not very accurate
any more. In both platforms we then also immediately setup the STF flush.
Rename them to _setup_security_mitigations and fold the STF flush in.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
For simplicity in backporting, the original entry_flush test contained
a lot of duplicated code from the rfi_flush test. De-duplicate that code.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Add a test modelled on the RFI flush test which counts the number
of L1D misses doing a simple syscall with the entry flush on and off.
For simplicity of backporting, this test duplicates a lot of code from
rfi_flush. We clean that up in the next patch.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
In kup.h we currently include kup-radix.h for all 64-bit builds, which
includes Book3S and Book3E. The latter doesn't make sense, Book3E
never uses the Radix MMU.
This has worked up until now, but almost by accident, and the recent
uaccess flush changes introduced a build breakage on Book3E because of
the bad structure of the code.
So disentangle things so that we only use kup-radix.h for Book3S. This
requires some more stubs in kup.h and fixing an include in
syscall_64.c.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
IBM Power9 processors can speculatively operate on data in the L1 cache
before it has been completely validated, via a way-prediction mechanism. It
is not possible for an attacker to determine the contents of impermissible
memory using this method, since these systems implement a combination of
hardware and software security measures to prevent scenarios where
protected data could be leaked.
However these measures don't address the scenario where an attacker induces
the operating system to speculatively execute instructions using data that
the attacker controls. This can be used for example to speculatively bypass
"kernel user access prevention" techniques, as discovered by Anthony
Steinhauser of Google's Safeside Project. This is not an attack by itself,
but there is a possibility it could be used in conjunction with
side-channels or other weaknesses in the privileged code to construct an
attack.
This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern. This patch flushes the L1 cache after user accesses.
This is part of the fix for CVE-2020-4788.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
IBM Power9 processors can speculatively operate on data in the L1 cache
before it has been completely validated, via a way-prediction mechanism. It
is not possible for an attacker to determine the contents of impermissible
memory using this method, since these systems implement a combination of
hardware and software security measures to prevent scenarios where
protected data could be leaked.
However these measures don't address the scenario where an attacker induces
the operating system to speculatively execute instructions using data that
the attacker controls. This can be used for example to speculatively bypass
"kernel user access prevention" techniques, as discovered by Anthony
Steinhauser of Google's Safeside Project. This is not an attack by itself,
but there is a possibility it could be used in conjunction with
side-channels or other weaknesses in the privileged code to construct an
attack.
This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern. This patch flushes the L1 cache on kernel entry.
This is part of the fix for CVE-2020-4788.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
We are about to add an entry flush. The rfi (exit) flush test measures
the number of L1D flushes over a syscall with the RFI flush enabled and
disabled. But if the entry flush is also enabled, the effect of enabling
and disabling the RFI flush is masked.
If there is a debugfs entry for the entry flush, disable it during the RFI
flush and restore it later.
Reported-by: Spoorthy S <spoorts2@in.ibm.com>
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
CONFIG_PCI=n leads to a compile warning like:
sound/pci/hda/patch_ca0132.c:8214:10: warning: no case matching constant switch condition '0'
due to the missed handling of QUIRK_NONE in ca0132_mmio_init().
Fix it.
Fixes: bf2aa9ccc8 ("ALSA: hda/ca0132 - Cleanup ca0132_mmio_init function.")
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20201119120404.16833-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
