- fix reset timing of Ilitek touchscreens
- update maintainer entry of DT binding of Mediatek 6779 keypad
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQST2eWILY88ieB2DOtAj56VGEWXnAUCYolIugAKCRBAj56VGEWX
nL6pAQDuLus7t4GLJrg63DS3RXpPII3f1IHMq5lNluqfek9BogEA27Ze2+7pbwMb
iwqrj1UuMTobD2YPbuuxJtiDW2ADOQw=
=e4+T
-----END PGP SIGNATURE-----
Merge tag 'input-for-v5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:
"A small fixup to ili210x touchscreen driver, and updated maintainer
entry for the device tree binding of Mediatek 6779 keypad:
- fix reset timing of Ilitek touchscreens
- update maintainer entry of DT binding of Mediatek 6779 keypad"
* tag 'input-for-v5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: ili210x - use one common reset implementation
Input: ili210x - fix reset timing
dt-bindings: input: mediatek,mt6779-keypad: update maintainer
Two patches both in drivers. The iscsi one is fixing the cpumask
issue you commented on and the ufs one is a late arriving fix for
conditions that can occur in Host Performance Booster reads.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCYojzeCYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishQA4AQCnLKFt
ZBRVnZEGYQrRMAHb63FGUXGW7WWZetItyyx3AgEAhrAEW9JXW+7frYFQHestqfZX
EQAryzurHbRZZhM3fCk=
=hvvM
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Two patches, both in drivers.
The iscsi one is fixing the cpumask issue you commented on and the ufs
one is a late arriving fix for conditions that can occur in Host
Performance Booster reads"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ufs: core: Fix referencing invalid rsp field
scsi: target: Fix incorrect use of cpumask_t
* Correctly expose GICv3 support even if no irqchip is created
so that userspace doesn't observe it changing pointlessly
(fixing a regression with QEMU)
* Don't issue a hypercall to set the id-mapped vectors when
protected mode is enabled (fix for pKVM in combination with
CPUs affected by Spectre-v3a)
x86: Five oneliners, of which the most interesting two are:
* a NULL pointer dereference on INVPCID executed with
paging disabled, but only if KVM is using shadow paging
* an incorrect bsearch comparison function which could truncate
the result and apply PMU event filtering incorrectly. This one
comes with a selftests update too.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmKH1qYUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMadgf9E1u5skRjtv+RWPbfs/v3irnirY/L
x5TaVb2yiPahNH5qgFL2xnJ9jCcCNlxxn5uKpEAi0JFrqc6uCS0Rh1TPfqEN0lLt
5PGJD2JSKXAWVRkObS3j5iZuQX4ZvDRY53eSQv6pdcU+evjTq1H5WZ83uciqo0J5
xilKEtUIpJ9o0ELw9BjAd3vlRlOPpveHq+48DJN7cO0L/eju9Lz9kqJQTE7WQato
SsmpXPNIaSlk3U3yWAfOYgzyVkZQW/JiKS++TfVr5VQMppbOI6bxo3UfDAygiA9e
9KZAWrwoXqDMNp9756Y6lfT7g8PblnXgOvTXa/cV+ypaeAuuTU/iBSLwxQ==
=gWsP
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"ARM:
- Correctly expose GICv3 support even if no irqchip is created so
that userspace doesn't observe it changing pointlessly (fixing a
regression with QEMU)
- Don't issue a hypercall to set the id-mapped vectors when protected
mode is enabled (fix for pKVM in combination with CPUs affected by
Spectre-v3a)
x86 (five oneliners, of which the most interesting two are):
- a NULL pointer dereference on INVPCID executed with paging
disabled, but only if KVM is using shadow paging
- an incorrect bsearch comparison function which could truncate the
result and apply PMU event filtering incorrectly. This one comes
with a selftests update too"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
KVM: x86: hyper-v: fix type of valid_bank_mask
KVM: Free new dirty bitmap if creating a new memslot fails
KVM: eventfd: Fix false positive RCU usage warning
selftests: kvm/x86: Verify the pmu event filter matches the correct event
selftests: kvm/x86: Add the helper function create_pmu_event_filter
kvm: x86/pmu: Fix the compare function used by the pmu event filter
KVM: arm64: Don't hypercall before EL2 init
KVM: arm64: vgic-v3: Consistently populate ID_AA64PFR0_EL1.GIC
KVM: x86/mmu: Update number of zapped pages even if page list is stable
- Fix a divider calculation brekaing boot on Broadcom bcm2835
- Fix HDMI output on Tanix TX6 mini board by reverting a patch
- Fix clk_set_rate_range() calls on at91 by considering the range
while calculating the divisor
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmKIcYMRHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSXijQ/+P3Wg6cMLM7/bJPbW9++KdxVXWQJo6bLg
9DBpM0PsVtW0mM+wqpQGMBZ/q8OUYkPR9CcQGeGk3mPXkVEtGk98ET9g12+tVGfx
mMtzizuunZ2VFEH5hIKkh2KFvdZOVHeJ7b3y7nICYLRX6i+SIRmhDZsyDnmS49QY
EUc1bk/H91p/r3xm77QL2g88xDkyL59qM+farAuZZHlUt/hV3tT6evm5Eh5f3LVq
M0TqhXGin3TnJ9B5m/B1YvMOsYss9A73WSbg5mUES8DI5GBpdiTUSUSrKc9R7+z/
Ci+uWfJQcN8yb3tNDmBII51M1V669DvYBkH5SW8F0dQ1llCLwo0Q9iwSzgDpsEyh
Ci4IL7osAYLtZODMxSujrg8Aqgn37ZKWMAipHpDSAZdU6OWSXh8d+R8VmT8O710H
IKBbzDFyw2BEk1GTBZn9jRCrUjB/zmzqoxd8TMlAvXKAxESjSloT05hxgdx7A19k
wiw8CIjGkRd2dgmG2AOR8/C2bDgRVd45YWZ5JTwC92N01owqVSdAJkb8w6J5Kzzm
CS403Qh//yKD+wREAM3uHGLzAFU7zen64kznYm4zHyKrXYM9RpnHrg8N1jCgrDbE
XqfMMwGBipTVqj01ptMTRzAWmKVYm4EyyoEilZ9OU8nTmF4bC0qWyinIEcLcE9Pc
Tn3B4aPa6sw=
=ZPHj
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"Three clk driver fixes to close out the release
- Fix a divider calculation breaking boot on Broadcom bcm2835
- Fix HDMI output on Tanix TX6 mini board by reverting a patch
- Fix clk_set_rate_range() calls on at91 by considering the range
while calculating the divisor"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: at91: generated: consider range when calculating best rate
Revert "clk: sunxi-ng: sun6i-rtc: Add support for H6"
clk: bcm2835: fix bcm2835_clock_choose_div
dma-buf:
- ioctl userspace use fix
- fix dma-buf sysfs name generation
core:
- dp/mst leak fix
amdgpu:
- suspend/resume regression fix
i915:
- fix for #5806: GPU hangs and display artifacts on 5.18-rc3 on Intel GM45
- reject DMC with out-of-spec MMIO
- correctly mark guilty contexts on GuC reset.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmKH+IYACgkQDHTzWXnE
hr5ThQ/+KkEJbqyrrqQxTEdCyoyLxKZYp/4Y0SMbOFXNxe/gD0IItf8brWKBBQ32
uKiIZti8JRPVhOqq5fPa/c+IlLwocZtgmc5OlZaefvo0AFFB4TlhgoJ3H0q7zNvz
ZQBotGtAt3dhKWfJxsCtaa21CXXFEzVyA5nC189zfkercwc65UAplLi59rhdIm+l
3a8MYPIg7uS95eik1emx4u+4Us5rr/6doMeV1aPKpB+nHJSNm1QfCzKh4OumgbYA
R0b0PM03/JDv7QkxtGqX25VoFBUcVyQIrNl7YOVYA2V7RP2Wf3ZC7DgAG7pfjxar
MuKl9NpjVTnRx+8QMNBb11GrV2rv0Hg4OzEIB5kjqyf49h4rqFia53gOyz1JI/Qm
7VzFwUQVPlRu9JbWoMqStnsrUnRvMh5qI8cpbuOYOfHMLStf1+EiTrNe+C+WFbNh
Is6He4/jwzqOXsBIFtOFdVu7TepJkJINs7Soxwtu7T8MePyv3L9UTrD5faoZo/zZ
fsBo/4NQmT9Jvie5FyWm/v4gdbUfTHgXZ29dAlUwfWkgRx6EdLkO/KjeSBGoW5DI
vkXPhEzJRhaNcK7S/colegaKw0mdhkISTuWcZD6g3HSylexU7VKKcZ5/teR4kEfj
IY0OMZwV7NtuqblCviCWSKl/t9K+kshsQTIsD2MKZCy4bapP9S8=
=4EoW
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2022-05-21' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Few final fixes for 5.18, one amdgpu, core dp mst leak fix, dma-buf
two fixes, and i915 has a few fixes, one for a regression on older
GM45 chipsets,
dma-buf:
- ioctl userspace use fix
- fix dma-buf sysfs name generation
core:
- dp/mst leak fix
amdgpu:
- suspend/resume regression fix
i915:
- fix for #5806: GPU hangs and display artifacts on Intel GM45
- reject DMC with out-of-spec MMIO
- correctly mark guilty contexts on GuC reset"
* tag 'drm-fixes-2022-05-21' of git://anongit.freedesktop.org/drm/drm:
drm/i915: Use i915_gem_object_ggtt_pin_ww for reloc_iomap
drm/amd: Don't reset dGPUs if the system is going to s2idle
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
i915/guc/reset: Make __guc_reset_context aware of guilty engines
drm/i915/dmc: Add MMIO range restrictions
dma-buf: ensure unique directory name for dmabuf stats
DMA_BUF_SET_NAME defines and a directory name generation fix for dmabuf
stats
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCYodCAgAKCRDj7w1vZxhR
xWqzAP4nXxgBKfl2x0Iok+fefnzzQJWbobh9yw+z2h7o7hUwLwEA0L3Ji5+m7QEL
zicBRRoaebuix5g9suIMjFDlS326Twk=
=feeb
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2022-05-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Fix for a memory leak in dp_mst, a (userspace) build fix for
DMA_BUF_SET_NAME defines and a directory name generation fix for dmabuf
stats
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20220520072408.cpjzy2taugagvrh7@houat
Norbert reported that it's possible to race sys_perf_event_open() such
that the looser ends up in another context from the group leader,
triggering many WARNs.
The move_group case checks for races against itself, but the
!move_group case doesn't, seemingly relying on the previous
group_leader->ctx == ctx check. However, that check is racy due to not
holding any locks at that time.
Therefore, re-check the result after acquiring locks and bailing
if they no longer match.
Additionally, clarify the not_move_group case from the
move_group-vs-move_group race.
Fixes: f63a8daa58 ("perf: Fix event->ctx locking")
Reported-by: Norbert Slusarek <nslusarek@gmx.net>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- fix bitops logic in gpio-vf610
- return an error if the user tries to use inverted polarity in gpio-mvebu
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmKHzUoACgkQEacuoBRx
13LXZQ/9GjDPr4Wgb4jmBvLfiVOGz2DIsWB4Hg0Yurb/rhspCjVt0SicSAx5goty
ZLNkOxMT0l3vRvmwu+s7CgVq8puqVkwrLc4HgR8K6tX0OGY09B+q0ZnUJ5F1VVUM
3TFl2OS+zjnkDbTtWijVse8Pa5vAJj6pCNiUIiaLVObsRfo5XPhl8eCZMFYvvrv7
okKIhgfzI6GKX9IGJTubmxlCl6kp3ovmk2oswXAeQbSdWvb9g64ucqFdnkXuwFfm
p+y+VtE5XzsCvrgeavE9SQ1Vs2VpVOA5Ls1KKx5ZBjSFdguFturo8NtRt69BviCA
MYPlLcHH7n5RlV6i7o/11RRNHW2cCoAZqTlCbb+e0wIFGCtKUQEZZbhVzWc1PEhZ
gRzI2d7ytWW0qfpGmUpwx0+vRImk02F47/+kNvjhjoAmrvPdN7q1BnMllLyly6VX
usOJVGPmKKolZNT4sds8FVqKQOxhbboya8rp4kU36kmpZ05OFocSquoQ1Yd2YM86
YVkUS4y7SL91SacIJFDrgs5/V2O6il5Ezp2C86ktXKfgDtKsuTRrKrsUfqFSVS9X
afRjmk5UGVjjPYy6/cocUEibezBshy6MmQslXDs8pcnVZB1BLPn7PzhKhpQnVgdx
9yuyb9zHR9qkmltoOXnJnw7T2ED2mUvpKN0KmpOHgVRTHTmY0YQ=
=cAai
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
- fix bitops logic in gpio-vf610
- return an error if the user tries to use inverted polarity in
gpio-mvebu
* tag 'gpio-fixes-for-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmKHsGETHGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi6Q8B/97dkJamfa0rfcenW8qnb6Rx2DI6QmE
vEV2et8Qvrjxr9s10ylTaiH7veYG5Cgb986ufDN1Af52uDx1VdW7TOz4cD7Umx8G
QsjzviREL3VfN7Ag3WY0SsI5cjQ/iRJfjMJx/fB4G5bMkor1ouH32sQNtmcVLS6D
HHQZqVL7xP0ORV0lFvBns5EVUCsLHAKjoPGiLprmm7lwlhOo3e60WHBbBHTD9Isc
SrO8Gz5QiHYyVS6eksgYOZj0Tg5qLFKtKWXXxb1nyF8fLHcQU0S/zicf4AQKDj7i
5HOagl3S3Gmu+0g/wnWF9YyG3yoTVgfEfZ38XAh1rlwJJOkb1rbeFKAb
=tZDh
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-5.18-rc8' of https://github.com/ceph/ceph-client
Pull ceph fix from Ilya Dryomov:
"A fix for a nasty use-after-free, marked for stable"
* tag 'ceph-for-5.18-rc8' of https://github.com/ceph/ceph-client:
libceph: fix misleading ceph_osdc_cancel_request() comment
libceph: fix potential use-after-free on linger ping and resends
* A fix for the fu540-c000 device tree to avoid a schema check failure
on the DMA node name.
* A fix to the PolarFire SOC device tree for a typo.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAmKHsFQTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQRUeD/9NsN9LzFlRKMVCWGcx+ek5lH0Paw7y
12NFVUa06u1VlBwzrKfWgRN3OzHT8Kt3kTcn82RV7KUpzG5S9OZy9rSv+c4o9wR3
EtQw4JcSd4X4gIBtVhwqefLPcoufXK1rezH9rcYG7o1cQsd0Lhu81yQxXUf9fFvC
glOweeE/A5WrYo1NA/FXW/HZVcgjt0QEMhwRDhy0UZFcr6yKc3hE+OBPOTx2dILN
1bMbTAWBILFnjA2HMFe2xrC+wqMXBNIO8DCAb5cig5IdIAfsRTI4IjcmtYJHOXQO
APJ20vS83gx2+xznP3fYC4sum1bS5ewAaO3rtERpiaFsY2XVv0nHFxM0/ZTRil/c
ug+dwI+hzFHPAQ+MtNMbMcNXJO8je5VBODb/MLJiPeir3582eoc5Ov1N6E1zF2wM
ryCWh8s7OSgfTPYn89SsRRW0Pb8Smq81MIKD0KsnYaxAyQPQagd2aDgMO46pB59O
KI75ztHbdI5eDJhJZnC+K8oZ3GbUULYNhkx0KzGEDtV52H+JknEsWmeb0Qf2uPFs
sEjGGrDnCYpze50GARIIJQ0m04DgVsmuUmLwabwxvnCGkWD0tf1jruhAndONDNjl
KDexMirtpw7e7qgMly9HXigwDcpHXb4zCz3Q7VMvORFymUTyxCcdcMTJOvICZHCv
OX3S2/h72HnQmQ==
=hRBq
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-5.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- fix the fu540-c000 device tree to avoid a schema check failure on the
DMA node name
- fix typo in the PolarFire SOC device tree
* tag 'riscv-for-linus-5.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: dts: microchip: fix gpio1 reg property typo
riscv: dts: sifive: fu540-c000: align dma node name with dtschema
- Add missing write barrier to publish MTE tags before a pte update
- Fix kexec relocation clobbering its own data structures
- Fix stolen time crash if a timer IRQ fires during CPU hotplug
-----BEGIN PGP SIGNATURE-----
iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmKHXRMQHHdpbGxAa2Vy
bmVsLm9yZwAKCRC3rHDchMFjNESjB/4gUtPdyHqzfcKbTghQArnwETQ5VbGMNsPb
RTdDHqesQZjq0mhht4gV4/GyojrE6P4plTWyYGSjOGAMyuANUlQy5vyVdsbE3zm4
631x/NEEWI0HbGxErZE/CBxFgz2b3JIb84Le0eOd3pMCmaqgVmrEzdRrmpw72Y32
HLngL2PC1JKI2F5dec5F3sBCNRxz5gO9N7ej/0rf/xYVaqRE73cjMMZ9M6oFTt6u
RX5i6I2c08vXXCmEkWZHnWtBNHZxgf818qfAFa3F9PRyAv+kltUO/hT373yvrBsI
3Bf+20TPWS0Ee7fogArbcrVd2NonEqYfN39l/krcvAsimJybdEjv
=sWa3
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Three arm64 fixes for -rc8/final.
The MTE and stolen time fixes have been doing the rounds for a little
while, but review and testing feedback was ongoing until earlier this
week. The kexec fix showed up on Monday and addresses a failure
observed under Qemu.
Summary:
- Add missing write barrier to publish MTE tags before a pte update
- Fix kexec relocation clobbering its own data structures
- Fix stolen time crash if a timer IRQ fires during CPU hotplug"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mte: Ensure the cleared tags are visible before setting the PTE
arm64: kexec: load from kimage prior to clobbering
arm64: paravirt: Use RCU read locks to guard stolen_time
With shadow paging enabled, the INVPCID instruction results in a call
to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the
invlpg callback is not set and the result is a NULL pointer dereference.
Fix it trivially by checking for mmu->invlpg before every call.
There are other possibilities:
- check for CR0.PG, because KVM (like all Intel processors after P5)
flushes guest TLB on CR0.PG changes so that INVPCID/INVLPG are a
nop with paging disabled
- check for EFER.LMA, because KVM syncs and flushes when switching
MMU contexts outside of 64-bit mode
All of these are tricky, go for the simple solution. This is CVE-2022-1789.
Reported-by: Yongkang Jia <kangel@zju.edu.cn>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In kvm_hv_flush_tlb(), valid_bank_mask is declared as unsigned long,
but is used as u64, which is wrong for i386, and has been spotted by
LKP after applying "KVM: x86: hyper-v: replace bitmap_weight() with
hweight64()"
https://lore.kernel.org/lkml/20220510154750.212913-12-yury.norov@gmail.com/
But it's wrong even without that patch because now bitmap_weight()
dereferences a word after valid_bank_mask on i386.
>> include/asm-generic/bitops/const_hweight.h:21:76: warning: right shift count >= width of type
+[-Wshift-count-overflow]
21 | #define __const_hweight64(w) (__const_hweight32(w) + __const_hweight32((w) >> 32))
| ^~
include/asm-generic/bitops/const_hweight.h:10:16: note: in definition of macro '__const_hweight8'
10 | ((!!((w) & (1ULL << 0))) + \
| ^
include/asm-generic/bitops/const_hweight.h:20:31: note: in expansion of macro '__const_hweight16'
20 | #define __const_hweight32(w) (__const_hweight16(w) + __const_hweight16((w) >> 16))
| ^~~~~~~~~~~~~~~~~
include/asm-generic/bitops/const_hweight.h:21:54: note: in expansion of macro '__const_hweight32'
21 | #define __const_hweight64(w) (__const_hweight32(w) + __const_hweight32((w) >> 32))
| ^~~~~~~~~~~~~~~~~
include/asm-generic/bitops/const_hweight.h:29:49: note: in expansion of macro '__const_hweight64'
29 | #define hweight64(w) (__builtin_constant_p(w) ? __const_hweight64(w) : __arch_hweight64(w))
| ^~~~~~~~~~~~~~~~~
arch/x86/kvm/hyperv.c:1983:36: note: in expansion of macro 'hweight64'
1983 | if (hc->var_cnt != hweight64(valid_bank_mask))
| ^~~~~~~~~
CC: Borislav Petkov <bp@alien8.de>
CC: Dave Hansen <dave.hansen@linux.intel.com>
CC: H. Peter Anvin <hpa@zytor.com>
CC: Ingo Molnar <mingo@redhat.com>
CC: Jim Mattson <jmattson@google.com>
CC: Joerg Roedel <joro@8bytes.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Sean Christopherson <seanjc@google.com>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: Vitaly Kuznetsov <vkuznets@redhat.com>
CC: Wanpeng Li <wanpengli@tencent.com>
CC: kvm@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: x86@kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Message-Id: <20220519171504.1238724-1-yury.norov@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix a goof in kvm_prepare_memory_region() where KVM fails to free the
new memslot's dirty bitmap during a CREATE action if
kvm_arch_prepare_memory_region() fails. The logic is supposed to detect
if the bitmap was allocated and thus needs to be freed, versus if the
bitmap was inherited from the old memslot and thus needs to be kept. If
there is no old memslot, then obviously the bitmap can't have been
inherited
The bug was exposed by commit 86931ff720 ("KVM: x86/mmu: Do not create
SPTEs for GFNs that exceed host.MAXPHYADDR"), which made it trivally easy
for syzkaller to trigger failure during kvm_arch_prepare_memory_region(),
but the bug can be hit other ways too, e.g. due to -ENOMEM when
allocating x86's memslot metadata.
The backtrace from kmemleak:
__vmalloc_node_range+0xb40/0xbd0 mm/vmalloc.c:3195
__vmalloc_node mm/vmalloc.c:3232 [inline]
__vmalloc+0x49/0x50 mm/vmalloc.c:3246
__vmalloc_array mm/util.c:671 [inline]
__vcalloc+0x49/0x70 mm/util.c:694
kvm_alloc_dirty_bitmap virt/kvm/kvm_main.c:1319
kvm_prepare_memory_region virt/kvm/kvm_main.c:1551
kvm_set_memslot+0x1bd/0x690 virt/kvm/kvm_main.c:1782
__kvm_set_memory_region+0x689/0x750 virt/kvm/kvm_main.c:1949
kvm_set_memory_region virt/kvm/kvm_main.c:1962
kvm_vm_ioctl_set_memory_region virt/kvm/kvm_main.c:1974
kvm_vm_ioctl+0x377/0x13a0 virt/kvm/kvm_main.c:4528
vfs_ioctl fs/ioctl.c:51
__do_sys_ioctl fs/ioctl.c:870
__se_sys_ioctl fs/ioctl.c:856
__x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
And the relevant sequence of KVM events:
ioctl(3, KVM_CREATE_VM, 0) = 4
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0,
flags=KVM_MEM_LOG_DIRTY_PAGES,
guest_phys_addr=0x10000000000000,
memory_size=4096,
userspace_addr=0x20fe8000}
) = -1 EINVAL (Invalid argument)
Fixes: 244893fa28 ("KVM: Dynamically allocate "new" memslots from the get-go")
Cc: stable@vger.kernel.org
Reported-by: syzbot+8606b8a9cc97a63f1c87@syzkaller.appspotmail.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220518003842.1341782-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The driver doesn't take struct pwm_state::polarity into account when
configuring the hardware, so refuse requests for inverted polarity.
Fixes: 757642f9a5 ("gpio: mvebu: Add limited PWM support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
For gpio controller contain register PDDR, when set one target bit,
current logic will clear all other bits, this is wrong. Use operator
'|=' to fix it.
Fixes: 659d8a6231 ("gpio: vf610: add imx7ulp support")
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Add a test to demonstrate that when the guest programs an event select
it is matched correctly in the pmu event filter and not inadvertently
filtered. This could happen on AMD if the high nybble[1] in the event
select gets truncated away only leaving the bottom byte[2] left for
matching.
This is a contrived example used for the convenience of demonstrating
this issue, however, this can be applied to event selects 0x28A (OC
Mode Switch) and 0x08A (L1 BTB Correction), where 0x08A could end up
being denied when the event select was only set up to deny 0x28A.
[1] bits 35:32 in the event select register and bits 11:8 in the event
select.
[2] bits 7:0 in the event select register and bits 7:0 in the event
select.
Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Message-Id: <20220517051238.2566934-3-aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add a helper function that creates a pmu event filter given an event
list. Currently, a pmu event filter can only be created with the same
hard coded event list. Add a way to create one given a different event
list.
Also, rename make_pmu_event_filter to alloc_pmu_event_filter to clarify
it's purpose given the introduction of create_pmu_event_filter.
No functional changes intended.
Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Message-Id: <20220517051238.2566934-2-aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When returning from the compare function the u64 is truncated to an
int. This results in a loss of the high nybble[1] in the event select
and its sign if that nybble is in use. Switch from using a result that
can end up being truncated to a result that can only be: 1, 0, -1.
[1] bits 35:32 in the event select register and bits 11:8 in the event
select.
Fixes: 7ff775aca4 ("KVM: x86/pmu: Use binary search to check filtered events")
Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220517051238.2566934-1-aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmJ+I2QACgkQxycdCkmx
i6d2HQ//ZZQ/F2J4waL2O0a06abf2KYNjrW09LF+mElYeoxrZu1b2cpXvyZz+dXY
AVmD6x+pXUCar2fCIpBN1EDjcNfj4itzt2z5ED52KQ1u3eS4bobug7fM7TzHPH9a
ZwWEg5+fkukuWCL6/Iy5LbnIQruwwePMDjF1Ukgqgu+H4dGzmpSB19amsk7KixhF
LYCu0AYnqM+lH8VfLlXtqopjBpTkcLzslf7Yoi8cpxqAO8UlAxM7wg0U1KJAe2Ty
HZ3Mgjq2o8VteJlo/YguuAZyConNxmIsDH2Q2ZC+JHi0rJ2AdEUgZTbv7JGztPWH
xQ91TDXMH4pJUbHF2ifGzuKfcFZwNcqfWxsqZek8q36xlrUh9K2t6JvGHicp1xSB
2wLFRCMR5DAxGHtc6hoyxmB9P1STuZocFzF/5gCs1KYScJYUzGW1sBSN85imIRKM
kZjS4zCxcK/SKU2E6Al9KzwMJrP08jcyW4gd47wmqLmdTy4jUiHXKMKyiTX5UDx0
kHPFGk51yx7UwoWqe9g5jMlfIcPnkgZC2ms+pZX1uoQKKtF3qzp/S1Pszd99OQgX
tQPKt5IaUR9a6xkoMTcsfXD3f1lCT5Ao1dIu70PzdtiTo5XGbtBzDozCMP573Vad
ecU49KMde9tgYElET1cV9kXfsxIiHI9ENyIM25zZwp4bcqhBGiE=
=ZT3l
-----END PGP SIGNATURE-----
Merge tag 'v5.18-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"Fix a regression in a recent fix to qcom-rng"
* tag 'v5.18-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
Fix referencing sense data when it is invalid. When the length of the data
segment is 0, there is no valid information in the rsp field, so
ufshpb_rsp_upiu() is returned without additional operation.
Link: https://lore.kernel.org/r/252651381.41652940482659.JavaMail.epsvc@epcpadp4
Fixes: 4b5f49079c ("scsi: ufs: ufshpb: L2P map management for HPB read")
Acked-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Daejun Park <daejun7.park@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Fixes dtbs_check warnings like:
dma@3000000: $nodename:0: 'dma@3000000' does not match '^dma-controller(@.*)?$'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Link: https://lore.kernel.org/r/20220407193856.18223-1-krzysztof.kozlowski@linaro.org
Fixes: c5ab54e994 ("riscv: dts: add support for PDMA device of HiFive Unleashed Rev A00")
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Rewrite the cache flush code for PA8800/PA8900 CPUs to flush using the virtual
address of user and kernel pages instead of using tmpalias flushes. Testing
showed, that tmpalias flushes don't work reliable on PA8800/PA8900 CPUs.
Fix flush code to allow 32-bit kernels to run on 64-bit capable machines, e.g.
a 32-bit kernel on C3700 machines.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCYoZDMAAKCRD3ErUQojoP
XzUAAQDtNB0FFsAtbeDrM+cQTJGZjB5cVbsSvRDwQR4MQjEfKwEAz7o6Qy3WPRmM
tPov2dzXFSvt0H2iHFSp8iXM9uMzkw8=
=B/Cd
-----END PGP SIGNATURE-----
Merge tag 'for-5.18/parisc-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc architecture fixes from Helge Deller:
"We had two big outstanding issues after v5.18-rc6:
a) 32-bit kernels on 64-bit machines (e.g. on a C3700 which is able
to run 32- and 64-bit kernels) failed early in userspace.
b) 64-bit kernels on PA8800/PA8900 CPUs (e.g. in a C8000) showed
random userspace segfaults. We assumed that those problems were
caused by the tmpalias flushes.
Dave did a lot of testing and reorganization of the current flush code
and fixed the 32-bit cache flushing. For PA8800/PA8900 CPUs he
switched the code to flush using the virtual address of user and
kernel pages instead of using tmpalias flushes. The tmpalias flushes
don't seem to work reliable on such CPUs.
We tested the patches on a wide range machines (715/64, B160L, C3000,
C3700, C8000, rp3440) and they have been in for-next without any
conflicts.
Summary:
- Rewrite the cache flush code for PA8800/PA8900 CPUs to flush using
the virtual address of user and kernel pages instead of using
tmpalias flushes. Testing showed, that tmpalias flushes don't work
reliably on PA8800/PA8900 CPUs
- Fix flush code to allow 32-bit kernels to run on 64-bit capable
machines, e.g. a 32-bit kernel on C3700 machines"
* tag 'for-5.18/parisc-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix patch code locking and flushing
parisc: Rewrite cache flush code for PA8800/PA8900
parisc: Disable debug code regarding cache flushes in handle_nadtlb_fault()
Two further fixes for Spectre-BHB from Ard for Cortex A15 and
to use the wide branch instruction for Thumb2.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAmKGSkoACgkQ9OeQG+St
rGRvOQ/9HRdpL1sSRGh3zYU3g9aTZURuqYlVn4nqcbsmDVN37sCqwfhG7Lcb97Di
ykFP7oizj0/MGUr30xTNyoEEF4RdJXYgwPUV7I9QZt5NBXHVFKPcYeHUAfg1BXn7
ClILk3ibL15MFxahpFGTUm970cWUhGMku5NjFTCo16qj2TbbUWibdNY2/FhABL63
Dbn/0/kQrZJLkMDMQ8HwslpDBABa0iHGK7yN6O8viUtZy5r3Og2c4D2Te6wiAOxv
FtPFkMb/1TXMPx8207gSlZcGUdhwpidsv/ILd+GOuaPCELoZ2C1vHWaw0ol9w2VQ
KLsMqBAr5uPpvEqm5ocrhU3SJATLU8rvqDDd10MbgJP97XdDGvgV3GIE81DUpQiH
9tICTLChNoSxOTAMwKYZNMfp108nLDvFVR/4uzcIu8PdzW31zU3IG3pCN38DDyew
chVnlW1iTFPE504oX/LfvQZt4gqYYCPxgCU7cRm8yYSJ3fWAbzzkdTmfCOzi5rrm
GM3zCoKc91Z0RlRhcn1meOoHlDh+wXU4arDEdPw4cBPg7KyzwfuuGJv8rvpJWnnH
TlJuadtr5/5q/5CH8gONx2Sjo8hQOG9WcC1iNR7IsAI3M2fbZMOnyKOD/njAY+O4
kHgFI0kmWAWa9PaCfjCvzQ2jMzFFBRnocNSxMPoeM5E3GP8NA2A=
=TN14
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"Two further fixes for Spectre-BHB from Ard for Cortex A15 and to use
the wide branch instruction for Thumb2"
* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
- Fix an altmode in the Ocelot driver
- Fix the IES control pins in the Mediatek MT8365 driver
- Fix the UART2 function pin assignments in the
Sunxi (AMLogic) driver
- Fix the signal name of the PA2 SPI pin in the Sunxi
(AMLogic) driver
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmKGO24ACgkQQRCzN7AZ
XXMETQ//TJIdBbNkl52AMg6jwwp6Nq9yiXCu9WMPfGCkc6EPejAZPnkEmf2ylzSr
N6zuSY4q0ItHGVVGNd3iXp7T4Ptu3S8xP/KeXV01CKjWny8/DniPpbmtAmgRPHLv
tH8Z2jwc4ckOyjklDTJS63dgnnO5EbUERjBhY2RpIvwWyNo5FYeFV5cwaHWvdtns
4pnDcaCrSQ56MTLGGNG6uk5zOvfg+sjrR/XpbrtoQZgPpUW5IEBzDhYOAtq7wM8K
3h5qXFsB4mdI7KGwa33Qgtiwurf5kIlT9HfhoR1BEg6ZotDxC7gkKDzey3C9FWEb
8p8txg8vVNwpvaw5YpNE7U2SbZjSTnCtME5NAQb4BsoP8E99LBK/68ipW2DzklsS
V98OZznilh6FZ6cA9GXrfLE2i8Xqpr1WD1yJnvvvS+m6ZCuRbrFv3IF2lOKvs8FK
M4sUjPQiZsw/jS5ffOnRTXf7EXE3pWY7nM9JAkcMEZNiKZftJt8Qbw0l/KUP37UQ
cAj1yXBYxSxp8iJbZ7Mf2aNPKsF2tcZl4ASw76Yr2EEdro6JgxuXQvshGaPdEnzd
lg0rpbtVNYXkZ4JlF7HSYszdMPjI9zEPNlLY93LMnTpFqYjSwHwAGWdcv7yIn5F2
Ywvf5awL+5gCfXlHbX9pBXVZo3iIwl0+3vL9nL+wSKlMliCsYfM=
=MGmM
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v5.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
- Fix an altmode in the Ocelot driver
- Fix the IES control pins in the Mediatek MT8365 driver
- Sunxi (AMLogic) driver:
- Fix the UART2 function pin assignments
- Fix the signal name of the PA2 SPI pin
* tag 'pinctrl-v5.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: sunxi: f1c100s: Fix signal name comment for PA2 SPI pin
pinctrl: sunxi: fix f1c100s uart2 function
pinctrl: mediatek: mt8365: fix IES control pins
pinctrl: ocelot: Fix for lan966x alt mode
netfilter subtrees.
Notably this reverts a recent TCP/DCCP netns-related change
to address a possible UaF.
Current release - regressions:
- tcp: revert "tcp/dccp: get rid of inet_twsk_purge()"
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown
Previous releases - regressions:
- netfilter: flowtable: fix TCP flow teardown
- can: revert "can: m_can: pci: use custom bit timings for Elkhart Lake"
- xfrm: check encryption module availability consistency
- eth: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
- eth: mlx5: initialize flow steering during driver probe
- eth: ice: fix crash when writing timestamp on RX rings
Previous releases - always broken:
- mptcp: fix checksum byte order
- eth: lan966x: fix assignment of the MAC address
- eth: mlx5: remove HW-GRO from reported features
- eth: ftgmac100: disable hardware checksum on AST2600
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmKGAYYSHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOkrt8P/2GyYNQT7q0h3Plsxc/m1tIUCPiERROE
zIU0R2QVc64xpkMISeVb3YYpa3eqhtQsNWgt7Xsr1NRXBmyx60dvGpS81w8Gnxuo
ruA7SxnH6OA0usviiYPmeGP9emvCEkO5YRW5kxl1Cpum19yNxjfZKJ6ARk0IDp/D
C1S91PYtF9s25Yytrlpv9lVVBvTHQxg2EQocZHxO+7/j2O8jJP/NAYltpVaRNC2W
gLcOWTAujrjAfpdsBhJsWXv4dTCQOAgnIXYP9P1JdFMAZtkXoYQUjaXP7dsaAXHw
iE9FBRkqDKVhj94CxR6VPOSo0kVvOuBfkc1eJeZ74lvahkHBq4EyiVCo6/JhNQTd
/bi/mTeUlI9yYyu/j9lMDy4CwOuiB69Dl4vNR/G5C1rF7l1vQkZr50pnD96MePwu
9fR5+ipZsDhj5c77OMiraqnnOyWXVtD2YCZCCw80a9/aWG4zxcIDtnNQIfqAACvx
0wNgG2bPSKRablytep1Qs84Vvupaa1cC2eTBbA+6LzQqk3CR9/YMUSD6MXitxQyD
RJYbm5QMqdW2QH8zE21E+8wzIPeN9m66lJFppuntuB+I/CHWAnP/CmdbWysR3FQ+
5ZisPh4PUqb1VIzGKUbym/D9FB20Vc8zq6oQa8LqiIOODUrxQMg3F2O43OWsYsn3
TDNCwo5BQ/Z8
=C848
-----END PGP SIGNATURE-----
Merge tag 'net-5.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from can, xfrm and netfilter subtrees.
Notably this reverts a recent TCP/DCCP netns-related change to address
a possible UaF.
Current release - regressions:
- tcp: revert "tcp/dccp: get rid of inet_twsk_purge()"
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in
ifdown
Previous releases - regressions:
- netfilter: flowtable: fix TCP flow teardown
- can: revert "can: m_can: pci: use custom bit timings for Elkhart
Lake"
- xfrm: check encryption module availability consistency
- eth: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf()
- eth: mlx5: initialize flow steering during driver probe
- eth: ice: fix crash when writing timestamp on RX rings
Previous releases - always broken:
- mptcp: fix checksum byte order
- eth: lan966x: fix assignment of the MAC address
- eth: mlx5: remove HW-GRO from reported features
- eth: ftgmac100: disable hardware checksum on AST2600"
* tag 'net-5.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (50 commits)
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
ptp: ocp: change sysfs attr group handling
selftests: forwarding: fix missing backslash
netfilter: nf_tables: disable expression reduction infra
netfilter: flowtable: move dst_check to packet path
netfilter: flowtable: fix TCP flow teardown
net: ftgmac100: Disable hardware checksum on AST2600
igb: skip phy status check where unavailable
nfc: pn533: Fix buggy cleanup order
mptcp: Do TCP fallback on early DSS checksum failure
mptcp: fix checksum byte order
net: af_key: check encryption module availability consistency
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5: Drain fw_reset when removing device
net/mlx5e: CT: Fix setting flow_source for smfs ct tuples
net/mlx5e: CT: Fix support for GRE tuples
net/mlx5e: Remove HW-GRO from reported features
net/mlx5e: Properly block HW GRO when XDP is enabled
net/mlx5e: Properly block LRO when XDP is enabled
net/mlx5e: Block rx-gro-hw feature in switchdev mode
...
It turned out that polling period for MMC_SEND_OP_COND, that currently is
set to 1ms, still isn't sufficient. In particular a Micron eMMC on a
Beaglebone platform, is reported to sometimes fail to initialize.
Additional test, shows that extending the period to 4ms is working fine, so
let's make that change.
Reported-by: Jean Rene Dawin <jdawin@math.uni-bielefeld.de>
Tested-by: Jean Rene Dawin <jdawin@math.uni-bielefeld.de>
Fixes: 1760fdb6fe (mmc: core: Restore (almost) the busy polling for MMC_SEND_OP_COND")
Fixes: 76bfc7ccc2 ("mmc: core: adjust polling interval for CMD1")
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20220517101046.27512-1-ulf.hansson@linaro.org
When removing short term pins, I've changed the the batch buffer
pinning for relocation to use __i915_vma_pin, because
i915_gem_object_ggtt_pin_ww was destroying the old vma. This
caused regressions, because the functions are not identical.
Fix the regressions by calling i915_gem_object_ggtt_pin_ww() again
on ggtt-only platforms, but only if the batch can be pinned without
being moved.
Fixes: b5cfe6f7a6 ("drm/i915: Remove short-term pins from execbuf, v6.")
Cc: Matthew Auld <matthew.auld@intel.com>
Reported-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Acked-by: Matthew Auld <matthew.auld@intel.com>
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5806
Link: https://patchwork.freedesktop.org/patch/msgid/20220511115219.46507-1-maarten.lankhorst@linux.intel.com
(cherry picked from commit 451374eef6)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
It is possible to stack bridges on top of each other. Consider the
following which makes use of an Ethernet switch:
br1
/ \
/ \
/ \
br0.11 wlan0
|
br0
/ | \
p1 p2 p3
br0 is offloaded to the switch. Above br0 is a vlan interface, for
vlan 11. This vlan interface is then a slave of br1. br1 also has a
wireless interface as a slave. This setup trunks wireless lan traffic
over the copper network inside a VLAN.
A frame received on p1 which is passed up to the bridge has the
skb->offload_fwd_mark flag set to true, indicating that the switch has
dealt with forwarding the frame out ports p2 and p3 as needed. This
flag instructs the software bridge it does not need to pass the frame
back down again. However, the flag is not getting reset when the frame
is passed upwards. As a result br1 sees the flag, wrongly interprets
it, and fails to forward the frame to wlan0.
When passing a frame upwards, clear the flag. This is the Rx
equivalent of br_switchdev_frame_unmark() in br_dev_xmit().
Fixes: f1c2eddf4c ("bridge: switchdev: Use an helper to clear forward mark")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20220518005840.771575-1-andrew@lunn.ch
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
In the detach path, the driver calls sysfs_remove_group() for the
groups it believes has been registered. However, if the group was
never previously registered, then this causes a splat.
Instead, compute the groups that should be registered in advance,
and then call sysfs_create_groups(), which registers them all at once.
Update the error handling appropriately.
Fixes: c205d53c49 ("ptp: ocp: Add firmware capability bits for feature gating")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Link: https://lore.kernel.org/r/20220517214600.10606-1-jonathan.lemon@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Fix missing backslash, introduced in f62c5acc80. Causes all tests to
not be installed.
Fixes: f62c5acc80 ("selftests/net/forwarding: add missing tests to Makefile")
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Acked-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://lore.kernel.org/r/20220518151630.2747773-1-troglobit@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
1) Reduce number of hardware offload retries from flowtable datapath
which might hog system with retries, from Felix Fietkau.
2) Skip neighbour lookup for PPPoE device, fill_forward_path() already
provides this and set on destination address from fill_forward_path for
PPPoE device, also from Felix.
4) When combining PPPoE on top of a VLAN device, set info->outdev to the
PPPoE device so software offload works, from Felix.
5) Fix TCP teardown flowtable state, races with conntrack gc might result
in resetting the state to ESTABLISHED and the time to one day. Joint
work with Oz Shlomo and Sven Auhagen.
6) Call dst_check() from flowtable datapath to check if dst is stale
instead of doing it from garbage collector path.
7) Disable register tracking infrastructure, either user-space or
kernel need to pre-fetch keys inconditionally, otherwise register
tracking assumes data is already available in register that might
not well be there, leading to incorrect reductions.
* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: nf_tables: disable expression reduction infra
netfilter: flowtable: move dst_check to packet path
netfilter: flowtable: fix TCP flow teardown
netfilter: nft_flow_offload: fix offload with pppoe + vlan
net: fix dev_fill_forward_path with pppoe + bridge
netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
netfilter: flowtable: fix excessive hw offload attempts after failure
====================
Link: https://lore.kernel.org/r/20220518213841.359653-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmKFewwQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpj66D/9jiwdcF1A0A4L2S7VF/Yes7/dakMD6p3X4
nSGwpPDkKL7PvbJKgJJWaEyETVVP/fCug8FXMxWg+ACO+qjgKxPj285caO/3BSti
+VkuF6+29hQ/3yS6KQ9R5bV9u5EoFoyaydOtfso5jhtbC1u6mzNQnR8HjiQwfF4G
AAs9evt/r2pZzvxvu7QKvZz8dFeZciGYIe1TuyfuId4AX3XDOYuMZRULypImG/Cv
g9yZNapU3I6XrnZXiSLAPy8qoAxRESlEBfkCCS9s5bCMHvcjBhwsEIl5QbzGPAOw
JF07x0BpQXhWyOPEIIjoQuL68aEaZJ2VQCnz/p+zcikgJGL2gqcy9FaQtrrCPNEd
bcGXjyHjjZZvkzexatb3Yv2Y6VPPXnrAnk8RJaVehqLh/p8BN/TNUtkIMHCFkoTl
utTOWLG3ac8a5F06O7lI3CO2mCDRuz0BuodSahTj4GfZIy+KWPM1OSuTr7Yd0Y47
TZvS/HblkDDAHN/H1GVKSV+yWkZIRUNit2t0TVeEDK2HMaasf8gPkvdmiaLpSoDw
GAU0ZN0TrOGsnuO75TT3Iata/7zqGLQNYYgGuSvOqzht8o8ADN0nfLxoXSdKGrfe
rBoGdrln3YuAXhM7oKORbXhbY70IAeHkWvzMmgPc7uJvja8l0GDS1TS9DfBES/vM
ufPc4ugJcg==
=Mlwp
-----END PGP SIGNATURE-----
Merge tag 'block-5.18-2022-05-18' of git://git.kernel.dk/linux-block
Pull block fix from Jens Axboe:
"Just a small fix for a missing fifo time assigment for the head
insertion case in mq-deadline"
* tag 'block-5.18-2022-05-18' of git://git.kernel.dk/linux-block:
block/mq-deadline: Set the fifo_time member also if inserting at head
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmKFMZgUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXO/xhAAsjl2W83UdTQZk5i+LfoxGNxxt9O7
iqCbm3qJa0UI352uI/+pDM1+vufg3QBVBSXcgiVS3UHB05w6TQTuYUUnbmsqv7he
oZm5LcV5GzrNm+dmCgdY8bybMLBzhWFQ9aJsXSybmzErooSTCiAA/ALTfN9IfqhQ
JJatS3EL/gmJ9fDbzJNFzwIFWGpDrxUO/mk3gGTMvLHMSwN5snv9WRAKMTcIFK+W
W7ItUBnqJjnaoIscQUOH4sNVVy88mqqeduefPpYVOd08skWLWqh7SGFWmuq8Cdt8
yS+Hk5K2q0mnO5gDkVhZDfvexXom/vKnLahw5RNZS6mcfO+x3SBhn+VdPHCpOzfi
/NVXm9rpwt6/GIAb8vCPximeHD9mbq3HGfpdBBSaT7oilDQI2zAVw1T16fRqypvL
2GZYqGQIfLOXywtPLPu4geJ3oG7nhBpVtTuOzGWA6ZwTRXRpfYtgYKELYq1qfF4X
fBK95S1dMKYQUd74/E2Kw052Uynx/QxjTpNryuNdkHn0ipPtZ9Nqm9LWN2Ep/Z4u
1dwt+a/w+k9IEKJe0h6L0Voy8a4/mODLu7JaSk5Rujbo7LNguQPKadeNbvUsSSdz
MCTa4l+9Pk+20ClujZPo2QwHoixWCKn55Y+mMh6EXFeNEe8ita0b7LkSUcNLaT1D
QqeD+42G4TkbZuw=
=6+XM
-----END PGP SIGNATURE-----
Merge tag 'audit-pr-20220518' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit fix from Paul Moore:
"A single audit patch to fix a problem where a task's audit_context was
not being properly reset with io_uring"
* tag 'audit-pr-20220518' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit,io_uring,io-wq: call __audit_uring_exit for dummy contexts
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmKFMdEUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXOdehAAj2o4/c45n8R5VJK6e7Ft60J1arE4
rueclzHcBzcdJ2gVhFYeNO3sPitqaOvO5t3WRPbzIuwswOFdMPETeI5MyziGceLX
eIqyu77cLHvp+9vLxoK4b+lwR8RJOEl3GAdmQ3jFWk4wd9UjpXuxgrTh7mR8QeWB
VHC9CphZtEmlL2TUEhTiD0iU1VLazQkNm3PEw7ydNZiGlnSLfkDzuxaIrktncgRn
J7HivBkNj1LKj7CK8M0bNN0KEfzcw8FOD25tWO54kHx/tZ/ey33JxmamX6QKcpkL
tRb1rK14bSPPkTFrAbKv1JpfzAcq0g5MtS9HqWVucCF9iPmWHOleX3BQCyVtd3mv
F1G46EeMLCiBTVS3j/P7n+dlGyy2Z0YOTZBM1el8aN+m1mX+WMLe+TG3/0eOEVHj
+zvf9K1rxzsptq5ris+NjsHj/afiGr2fBKQL2C/DvYS1s0h/aRr04eUY1CqgHguw
r8VMm+kqQdk+0XXrdnpynv0PKF5nqNdvK1omESoy96WsBG0p6uZt9xE3ldNoliFl
pjerJaozqqd/rf1b+xUdtrX/nx1eqCLGt29BfPyGWM/wCZSR+kbGRKEhDtci9xIx
kTBy6b/5UmP8JIC8sFHhFaRRaoGVq8Okx6agAxltMXu9eAsWJuN93hU3fGt3Dwki
SnuC2Q+oqr015KY=
=pG2a
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20220518' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fix from Paul Moore:
"A single SELinux patch to fix an error path that was doing the wrong
thing with respect to freeing memory"
* tag 'selinux-pr-20220518' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: fix bad cleanup on error in hashtab_duplicate()
Pull ARM SoC fixes from Arnd Bergmann:
"The SoC bug fixes have calmed down sufficiently, there is one minor
update for the MAINTAINERS file, and few bug fixes for dts
descriptions:
- Updates to the BananaPi R2-Pro (rk3568) dts to match production
hardware rather than the prototype version.
- Qualcomm sm8250 soundwire gets disabled on some machines to avoid
crashes
- A number of aspeed SoC specific fixes, addressing incorrect pin
cotrol settings, some values in the romed8hm board, and a revert
for an accidental removal of a DT node"
* 'arm/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
MAINTAINERS: omap: remove me as a maintainer
ARM: dts: aspeed: Add video engine to g6
ARM: dts: aspeed: romed8hm3: Fix GPIOB0 name
ARM: dts: aspeed: romed8hm3: Add lm25066 sense resistor values
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
ARM: dts: aspeed-g6: add FWQSPI group in pinctrl dtsi
dt-bindings: pinctrl: aspeed-g6: add FWQSPI function/group
pinctrl: pinctrl-aspeed-g6: add FWQSPI function-group
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
arm64: dts: qcom: sm8250: don't enable rx/tx macro by default
arm64: dts: rockchip: Add gmac1 and change network settings of bpi-r2-pro
arm64: dts: rockchip: Change io-domains of bpi-r2-pro
Pull misc fixes from Al Viro:
"vhost race fix and a percpu_ref_init-caused cgroup double-free fix.
The latter had manifested as buggered struct mount refcounting - those
are also using percpu data structures, but anything that does percpu
allocations could be hit"
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
Fix double fget() in vhost_net_set_backend()
percpu_ref_init(): clean ->percpu_count_ref on failure
The patch has been on list for a while but as it was posted as part of a
thread it was missed.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmKFH38PHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpPk0H/1daPO2HrzU4gYIr1U5RfCoJnhbanJSo2FXa
aXalnj44u3vpqsJ/y9dbz+81IgaX0JewAir6b3+t7E9F66AFaK1lqC1YzmGYYxQw
QTwi/bF5sAAg/Cozdm4RAQbPZqy34vD0d/DoGtlZgfQQrYim0e9v/T51OuhEsha2
dTTIVbODOZ+qtRZ7yIqlDLV6bKtHJ9DLpiY61w8rdf2rebdtW5ZPHd8qfi2btDz8
HbHASwPjOy7+P9b7EzuUmy7PCQXqsin3o2gZlncvQUJ2W7PNiGfaLWwsf2B1HcCG
g5ZyedF6m3ElJmUKqLRAzdphNbpBDPSCx7byRlVzMOWq3pjEnIU=
=6Z4B
-----END PGP SIGNATURE-----
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Pull mlx5 fix from Michael Tsirkin:
"One last minute fixup
The patch has been on list for a while but as it was posted as part of
a thread it was missed"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
vdpa/mlx5: Use consistent RQT size
Rename ili251x_hardware_reset() to ili210x_hardware_reset(), change its
parameter from struct device * to struct gpio_desc *, and use it as one
single consistent reset implementation all over the driver. Also increase
the minimum reset duration to 12ms, to make sure the reset is really
within the spec.
Signed-off-by: Marek Vasut <marex@denx.de>
Link: https://lore.kernel.org/r/20220518210423.106555-1-marex@denx.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
According to Ilitek "231x & ILI251x Programming Guide" Version: 2.30
"2.1. Power Sequence", "T4 Chip Reset and discharge time" is minimum
10ms and "T2 Chip initial time" is maximum 150ms. Adjust the reset
timings such that T4 is 12ms and T2 is 160ms to fit those figures.
This prevents sporadic touch controller start up failures when some
systems with at least ILI251x controller boot, without this patch
the systems sometimes fail to communicate with the touch controller.
Fixes: 201f3c8035 ("Input: ili210x - add reset GPIO support")
Signed-off-by: Marek Vasut <marex@denx.de>
Link: https://lore.kernel.org/r/20220518204901.93534-1-marex@denx.de
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
An A+A configuration on ASUS ROG Strix G513QY proves that the ASIC
reset for handling aborted suspend can't work with s2idle.
This functionality was introduced in commit daf8de0874 ("drm/amdgpu:
always reset the asic in suspend (v2)"). A few other commits have
gone on top of the ASIC reset, but this still doesn't work on the A+A
configuration in s2idle.
Avoid doing the reset on dGPUs specifically when using s2idle.
Fixes: daf8de0874 ("drm/amdgpu: always reset the asic in suspend (v2)")
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2008
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
cancel_request() never guaranteed that after its return the OSD
client would be completely done with the OSD request. The callback
(if specified) can still be invoked and a ref can still be held.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
request_reinit() is not only ugly as the comment rightfully suggests,
but also unsafe. Even though it is called with osdc->lock held for
write in all cases, resetting the OSD request refcount can still race
with handle_reply() and result in use-after-free. Taking linger ping
as an example:
handle_timeout thread handle_reply thread
down_read(&osdc->lock)
req = lookup_request(...)
...
finish_request(req) # unregisters
up_read(&osdc->lock)
__complete_request(req)
linger_ping_cb(req)
# req->r_kref == 2 because handle_reply still holds its ref
down_write(&osdc->lock)
send_linger_ping(lreq)
req = lreq->ping_req # same req
# cancel_linger_request is NOT
# called - handle_reply already
# unregistered
request_reinit(req)
WARN_ON(req->r_kref != 1) # fires
request_init(req)
kref_init(req->r_kref)
# req->r_kref == 1 after kref_init
ceph_osdc_put_request(req)
kref_put(req->r_kref)
# req->r_kref == 0 after kref_put, req is freed
<further req initialization/use> !!!
This happens because send_linger_ping() always (re)uses the same OSD
request for watch ping requests, relying on cancel_linger_request() to
unregister it from the OSD client and rip its messages out from the
messenger. send_linger() does the same for watch/notify registration
and watch reconnect requests. Unfortunately cancel_request() doesn't
guarantee that after it returns the OSD client would be completely done
with the OSD request -- a ref could still be held and the callback (if
specified) could still be invoked too.
The original motivation for request_reinit() was inability to deal with
allocation failures in send_linger() and send_linger_ping(). Switching
to using osdc->req_mempool (currently only used by CephFS) respects that
and allows us to get rid of request_reinit().
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
Descriptor table is a shared resource; two fget() on the same descriptor
may return different struct file references. get_tap_ptr_ring() is
called after we'd found (and pinned) the socket we'll be using and it
tries to find the private tun/tap data structures associated with it.
Redoing the lookup by the same file descriptor we'd used to get the
socket is racy - we need to same struct file.
Thanks to Jason for spotting a braino in the original variant of patch -
I'd missed the use of fd == -1 for disabling backend, and in that case
we can end up with sock == NULL and sock != oldsock.
Cc: stable@kernel.org
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
