]> Git Repo - linux.git/log
linux.git
2 years agox86/msi: Fix msi message data shadow struct
Reto Buerki [Thu, 7 Apr 2022 11:06:47 +0000 (13:06 +0200)]
x86/msi: Fix msi message data shadow struct

The x86 MSI message data is 32 bits in total and is either in
compatibility or remappable format, see Intel Virtualization Technology
for Directed I/O, section 5.1.2.

Fixes: 6285aa50736 ("x86/msi: Provide msi message shadow structs")
Co-developed-by: Adrian-Ken Rueegsegger <[email protected]>
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
Signed-off-by: Reto Buerki <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
2 years agofutex: add missing rtmutex.h include
Christian König [Thu, 7 Apr 2022 11:43:15 +0000 (13:43 +0200)]
futex: add missing rtmutex.h include

This isn't included here any more since the removal of ww_mutex.h from
seqlock.h which causes a build break.

Signed-off-by: Christian König <[email protected]>
Acked-by: Shashank Sharma <[email protected]>
Fixes: e84815cbbc76 ("seqlock: drop seqcount_ww_mutex_t")
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoseqlock: drop seqcount_ww_mutex_t
Christian König [Thu, 7 Apr 2022 08:20:55 +0000 (10:20 +0200)]
seqlock: drop seqcount_ww_mutex_t

Daniel pointed out that this series removes the last user of
seqcount_ww_mutex_t, so let's drop this.

Signed-off-by: Christian König <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Waiman Long <[email protected]>
Cc: Boqun Feng <[email protected]>
Cc: [email protected]
Acked-by: Peter Zijlstra (Intel) <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: drop seq count based update
Christian König [Mon, 4 Apr 2022 12:58:37 +0000 (14:58 +0200)]
dma-buf: drop seq count based update

This should be possible now since we don't have the distinction
between exclusive and shared fences any more.

The only possible pitfall is that a dma_fence would be reused during the
RCU grace period, but even that could be handled with a single extra check.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/ttm: remove bo->moving
Christian König [Tue, 23 Nov 2021 10:30:35 +0000 (11:30 +0100)]
drm/ttm: remove bo->moving

This is now handled by the DMA-buf framework in the dma_resv obj.

Also remove the workaround inside VMWGFX to update the moving fence.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/i915: drop bo->moving dependency
Christian König [Wed, 22 Dec 2021 10:23:56 +0000 (11:23 +0100)]
drm/i915: drop bo->moving dependency

That should now be handled by the common dma_resv framework.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Cc: [email protected]
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: wait for map to complete for static attachments
Christian König [Tue, 23 Nov 2021 08:58:36 +0000 (09:58 +0100)]
dma-buf: wait for map to complete for static attachments

We have previously done that in the individual drivers but it is
more defensive to move that into the common code.

Dynamic attachments should wait for map operations to complete by themselves.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: add DMA_RESV_USAGE_BOOKKEEP v3
Christian König [Tue, 9 Nov 2021 10:08:18 +0000 (11:08 +0100)]
dma-buf: add DMA_RESV_USAGE_BOOKKEEP v3

Add an usage for submissions independent of implicit sync but still
interesting for memory management.

v2: cleanup the kerneldoc a bit
v3: separate amdgpu changes from this

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoRDMA: use DMA_RESV_USAGE_KERNEL
Christian König [Mon, 4 Apr 2022 11:20:02 +0000 (13:20 +0200)]
RDMA: use DMA_RESV_USAGE_KERNEL

We only need to wait for kernel submissions here.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/radeon: use DMA_RESV_USAGE_KERNEL
Christian König [Mon, 4 Apr 2022 10:59:32 +0000 (12:59 +0200)]
drm/radeon: use DMA_RESV_USAGE_KERNEL

Always wait for kernel fences before kmap and not only for UVD kmaps.

Signed-off-by: Christian König <[email protected]>
Acked-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/amdgpu: use DMA_RESV_USAGE_KERNEL
Christian König [Mon, 4 Apr 2022 10:57:30 +0000 (12:57 +0200)]
drm/amdgpu: use DMA_RESV_USAGE_KERNEL

Wait only for kernel fences before kmap or UVD direct submission.

This also makes sure that we always wait in amdgpu_bo_kmap() even when
returning a cached pointer.

Signed-off-by: Christian König <[email protected]>
Acked-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: add DMA_RESV_USAGE_KERNEL v3
Christian König [Fri, 26 Nov 2021 13:12:42 +0000 (14:12 +0100)]
dma-buf: add DMA_RESV_USAGE_KERNEL v3

Add an usage for kernel submissions. Waiting for those are mandatory for
dynamic DMA-bufs.

As a precaution this patch also changes all occurrences where fences are
added as part of memory management in TTM, VMWGFX and i915 to use the
new value because it now becomes possible for drivers to ignore fences
with the WRITE usage.

v2: use "must" in documentation, fix whitespaces
v3: separate out some driver changes and better document why some
    changes should still be part of this patch.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf & drm/amdgpu: remove dma_resv workaround
Christian König [Tue, 23 Nov 2021 08:33:07 +0000 (09:33 +0100)]
dma-buf & drm/amdgpu: remove dma_resv workaround

Rework the internals of the dma_resv object to allow adding more than one
write fence and remember for each fence what purpose it had.

This allows removing the workaround from amdgpu which used a container for
this instead.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Cc: [email protected]
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: specify usage while adding fences to dma_resv obj v7
Christian König [Tue, 9 Nov 2021 10:08:18 +0000 (11:08 +0100)]
dma-buf: specify usage while adding fences to dma_resv obj v7

Instead of distingting between shared and exclusive fences specify
the fence usage while adding fences.

Rework all drivers to use this interface instead and deprecate the old one.

v2: some kerneldoc comments suggested by Daniel
v3: fix a missing case in radeon
v4: rebase on nouveau changes, fix lockdep and temporary disable warning
v5: more documentation updates
v6: separate internal dma_resv changes from this patch, avoids to
    disable warning temporary, rebase on upstream changes
v7: fix missed case in lima driver, minimize changes to i915_gem_busy_ioctl

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodma-buf: add enum dma_resv_usage v4
Christian König [Tue, 9 Nov 2021 10:08:18 +0000 (11:08 +0100)]
dma-buf: add enum dma_resv_usage v4

This change adds the dma_resv_usage enum and allows us to specify why a
dma_resv object is queried for its containing fences.

Additional to that a dma_resv_usage_rw() helper function is added to aid
retrieving the fences for a read or write userspace submission.

This is then deployed to the different query functions of the dma_resv
object and all of their users. When the write paratermer was previously
true we now use DMA_RESV_USAGE_WRITE and DMA_RESV_USAGE_READ otherwise.

v2: add KERNEL/OTHER in separate patch
v3: some kerneldoc suggestions by Daniel
v4: some more kerneldoc suggestions by Daniel, fix missing cases lost in
    the rebase pointed out by Bas.

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agommc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
Wolfram Sang [Mon, 4 Apr 2022 11:49:02 +0000 (13:49 +0200)]
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete

When HS400 tuning is complete and HS400 is going to be activated, we
have to keep the current number of TAPs and should not overwrite them
with a hardcoded value. This was probably a copy&paste mistake when
upporting HS400 support from the BSP.

Fixes: 26eb2607fa28 ("mmc: renesas_sdhi: add eMMC HS400 mode support")
Reported-by: Yoshihiro Shimoda <[email protected]>
Signed-off-by: Wolfram Sang <[email protected]>
Reviewed-by: Yoshihiro Shimoda <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Ulf Hansson <[email protected]>
2 years agodrm/sti: fix typos in comments
Julia Lawall [Mon, 14 Mar 2022 11:53:40 +0000 (12:53 +0100)]
drm/sti: fix typos in comments

Various spelling mistakes in comments.
Detected with the help of Coccinelle.

Signed-off-by: Julia Lawall <[email protected]>
Reviewed-by: Alain Volmat <[email protected]>
Signed-off-by: Philippe Cornu <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agox86/extable: Prefer local labels in .set directives
Nick Desaulniers [Tue, 29 Mar 2022 20:21:45 +0000 (13:21 -0700)]
x86/extable: Prefer local labels in .set directives

Bernardo reported an error that Nathan bisected down to
(x86_64) defconfig+LTO_CLANG_FULL+X86_PMEM_LEGACY.

    LTO     vmlinux.o
  ld.lld: error: <instantiation>:1:13: redefinition of 'found'
  .set found, 0
              ^

  <inline asm>:29:1: while in macro instantiation
  extable_type_reg reg=%eax, type=(17 | ((0) << 16))
  ^

This appears to be another LTO specific issue similar to what was folded
into commit 4b5305decc84 ("x86/extable: Extend extable functionality"),
where the `.set found, 0` in DEFINE_EXTABLE_TYPE_REG in
arch/x86/include/asm/asm.h conflicts with the symbol for the static
function `found` in arch/x86/kernel/pmem.c.

Assembler .set directive declare symbols with global visibility, so the
assembler may not rename such symbols in the event of a conflict. LTO
could rename static functions if there was a conflict in C sources, but
it cannot see into symbols defined in inline asm.

The symbols are also retained in the symbol table, regardless of LTO.

Give the symbols .L prefixes making them locally visible, so that they
may be renamed for LTO to avoid conflicts, and to drop them from the
symbol table regardless of LTO.

Fixes: 4b5305decc84 ("x86/extable: Extend extable functionality")
Reported-by: Bernardo Meurer Costa <[email protected]>
Debugged-by: Nathan Chancellor <[email protected]>
Signed-off-by: Nick Desaulniers <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Reviewed-by: Nathan Chancellor <[email protected]>
Tested-by: Nathan Chancellor <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agox86,bpf: Avoid IBT objtool warning
Peter Zijlstra [Mon, 28 Mar 2022 11:13:41 +0000 (13:13 +0200)]
x86,bpf: Avoid IBT objtool warning

Clang can inline emit_indirect_jump() and then folds constants, which
results in:

  | vmlinux.o: warning: objtool: emit_bpf_dispatcher()+0x6a4: relocation to !ENDBR: .text.__x86.indirect_thunk+0x40
  | vmlinux.o: warning: objtool: emit_bpf_dispatcher()+0x67d: relocation to !ENDBR: .text.__x86.indirect_thunk+0x40
  | vmlinux.o: warning: objtool: emit_bpf_tail_call_indirect()+0x386: relocation to !ENDBR: .text.__x86.indirect_thunk+0x20
  | vmlinux.o: warning: objtool: emit_bpf_tail_call_indirect()+0x35d: relocation to !ENDBR: .text.__x86.indirect_thunk+0x20

Suppress the optimization such that it must emit a code reference to
the __x86_indirect_thunk_array[] base.

Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
2 years agodrm: sti: fix spelling mistake: rejec -> rejection
Colin Ian King [Fri, 4 Oct 2019 08:27:06 +0000 (09:27 +0100)]
drm: sti: fix spelling mistake: rejec -> rejection

In other places of the driver the string hdmi_rejection_pll is
used instead of the truncated hdmi_rejec_pll, so use this string
instead to be consistent.

Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Philippe Cornu <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm: sti: don't use kernel-doc markers
Randy Dunlap [Sat, 26 Mar 2022 23:51:32 +0000 (16:51 -0700)]
drm: sti: don't use kernel-doc markers

Don't mark static functions as kernel-doc.

Prevents multiple kernel-doc build warnings:

drivers/gpu/drm/sti/sti_hdmi.c:187: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * HDMI interrupt handler threaded
drivers/gpu/drm/sti/sti_hdmi.c:219: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * HDMI interrupt handler
drivers/gpu/drm/sti/sti_hdmi.c:241: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Set hdmi active area depending on the drm display mode selected
drivers/gpu/drm/sti/sti_hdmi.c:262: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Overall hdmi configuration
drivers/gpu/drm/sti/sti_hdmi.c:340: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Helper to concatenate infoframe in 32 bits word
drivers/gpu/drm/sti/sti_hdmi.c:357: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Helper to write info frame
drivers/gpu/drm/sti/sti_hdmi.c:427: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Prepare and configure the AVI infoframe
drivers/gpu/drm/sti/sti_hdmi.c:470: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Prepare and configure the AUDIO infoframe
drivers/gpu/drm/sti/sti_hdmi.c:555: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
 * Software reset of the hdmi subsystem

Fixes: 5402626c83a2 ("drm: sti: add HDMI driver")
Signed-off-by: Randy Dunlap <[email protected]>
Cc: Aditya Srivastava <[email protected]>
Cc: Benjamin Gaignard <[email protected]>
Cc: Alain Volmat <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Daniel Vetter <[email protected]>
Acked-by: Alain Volmat <[email protected]>
Signed-off-by: Philippe Cornu <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agostm: ltdc: fix two incorrect NULL checks on list iterator
Xiaomeng Tong [Sun, 27 Mar 2022 05:53:55 +0000 (13:53 +0800)]
stm: ltdc: fix two incorrect NULL checks on list iterator

The two bugs are here:
if (encoder) {
if (bridge && bridge->timings)

The list iterator value 'encoder/bridge' will *always* be set and
non-NULL by drm_for_each_encoder()/list_for_each_entry(), so it is
incorrect to assume that the iterator value will be NULL if the
list is empty or no element is found.

To fix the bug, use a new variable '*_iter' as the list iterator,
while use the old variable 'encoder/bridge' as a dedicated pointer
to point to the found element.

Cc: [email protected]
Fixes: 99e360442f223 ("drm/stm: Fix bus_flags handling")
Signed-off-by: Xiaomeng Tong <[email protected]>
Acked-by: Raphael Gallais-Pou <[email protected]>
Signed-off-by: Philippe Cornu <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrivers: net: slip: fix NPD bug in sl_tx_timeout()
Duoming Zhou [Tue, 5 Apr 2022 13:22:06 +0000 (21:22 +0800)]
drivers: net: slip: fix NPD bug in sl_tx_timeout()

When a slip driver is detaching, the slip_close() will act to
cleanup necessary resources and sl->tty is set to NULL in
slip_close(). Meanwhile, the packet we transmit is blocked,
sl_tx_timeout() will be called. Although slip_close() and
sl_tx_timeout() use sl->lock to synchronize, we don`t judge
whether sl->tty equals to NULL in sl_tx_timeout() and the
null pointer dereference bug will happen.

   (Thread 1)                 |      (Thread 2)
                              | slip_close()
                              |   spin_lock_bh(&sl->lock)
                              |   ...
...                           |   sl->tty = NULL //(1)
sl_tx_timeout()               |   spin_unlock_bh(&sl->lock)
  spin_lock(&sl->lock);       |
  ...                         |   ...
  tty_chars_in_buffer(sl->tty)|
    if (tty->ops->..) //(2)   |
    ...                       |   synchronize_rcu()

We set NULL to sl->tty in position (1) and dereference sl->tty
in position (2).

This patch adds check in sl_tx_timeout(). If sl->tty equals to
NULL, sl_tx_timeout() will goto out.

Signed-off-by: Duoming Zhou <[email protected]>
Reviewed-by: Jiri Slaby <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
2 years agoMerge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Jakub Kicinski [Thu, 7 Apr 2022 04:58:49 +0000 (21:58 -0700)]
Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Alexei Starovoitov says:

====================
pull-request: bpf 2022-04-06

We've added 8 non-merge commits during the last 8 day(s) which contain
a total of 9 files changed, 139 insertions(+), 36 deletions(-).

The main changes are:

1) rethook related fixes, from Jiri and Masami.

2) Fix the case when tracing bpf prog is attached to struct_ops, from Martin.

3) Support dual-stack sockets in bpf_tcp_check_syncookie, from Maxim.

* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
  bpf: Adjust bpf_tcp_check_syncookie selftest to test dual-stack sockets
  bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
  bpf: selftests: Test fentry tracing a struct_ops program
  bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT
  rethook: Fix to use WRITE_ONCE() for rethook:: Handler
  selftests/bpf: Fix warning comparing pointer to 0
  bpf: Fix sparse warnings in kprobe_multi_resolve_syms
  bpftool: Explicit errno handling in skeletons
====================

Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
2 years agoscsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
Chandrakanth patil [Thu, 24 Mar 2022 09:47:11 +0000 (02:47 -0700)]
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan

The megaraid_sas driver supports single LUN for RAID devices. That is LUN
0. All other LUNs are unsupported. When a device scan on a logical target
with invalid LUN number is invoked through sysfs, that target ends up
getting removed.

Add LUN ID validation in the slave destroy function to avoid the target
deletion.

Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Chandrakanth patil <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: ufs: ufshpb: Fix a NULL check on list iterator
Xiaomeng Tong [Sun, 20 Mar 2022 15:07:33 +0000 (23:07 +0800)]
scsi: ufs: ufshpb: Fix a NULL check on list iterator

The list iterator is always non-NULL so the check 'if (!rgn)' is always
false and the dev_err() is never called. Move the check outside the loop
and determine if 'victim_rgn' is NULL, to fix this bug.

Link: https://lore.kernel.org/r/[email protected]
Fixes: 4b5f49079c52 ("scsi: ufs: ufshpb: L2P map management for HPB read")
Reviewed-by: Daejun Park <[email protected]>
Signed-off-by: Xiaomeng Tong <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: sd: Clean up gendisk if device_add_disk() failed
Wenchao Hao [Fri, 1 Apr 2022 01:10:19 +0000 (21:10 -0400)]
scsi: sd: Clean up gendisk if device_add_disk() failed

We forgot to call blk_cleanup_disk() when device_add_disk() failed.  This
would cause a memory leak of gendisk and sched_tags allocated in
elevator_init_mq()

Reference:https://syzkaller.appspot.com/x/log.txt?x=13b41dcb700000
Reported-and-tested-by: [email protected]
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Wenchao Hao <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: message: fusion: Remove redundant variable dmp
Colin Ian King [Fri, 18 Mar 2022 00:39:27 +0000 (00:39 +0000)]
scsi: message: fusion: Remove redundant variable dmp

Variable dmp is being assigned a value that is never read, the variable is
redundant and can be removed.

Cleans up clang scan build warning:
drivers/message/fusion/mptbase.c:6667:39: warning: Although
the value stored to 'dmp' is used in the enclosing expression,
the value is never actually read from 'dmp' [deadcode.DeadStores]

Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Nick Desaulniers <[email protected]>
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: mvsas: Add PCI ID of RocketRaid 2640
Alexey Galakhov [Wed, 9 Mar 2022 21:25:35 +0000 (22:25 +0100)]
scsi: mvsas: Add PCI ID of RocketRaid 2640

The HighPoint RocketRaid 2640 is a low-cost SAS controller based on Marvell
chip. The chip in question was already supported by the kernel, just the
PCI ID of this particular board was missing.

Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Alexey Galakhov <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: sd: sd_read_cpr() requires VPD pages
Martin K. Petersen [Wed, 2 Mar 2022 05:35:57 +0000 (00:35 -0500)]
scsi: sd: sd_read_cpr() requires VPD pages

As such it should be called inside the scsi_device_supports_vpd()
conditional.

Link: https://lore.kernel.org/r/[email protected]
Fixes: e815d36548f0 ("scsi: sd: add concurrent positioning ranges support")
Cc: Damien Le Moal <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Reviewed-by: Damien Le Moal <[email protected]>
Reviewed-by: Bart Van Assche <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: mpt3sas: Fail reset operation if config request timed out
Sreekanth Reddy [Tue, 5 Apr 2022 12:06:37 +0000 (17:36 +0530)]
scsi: mpt3sas: Fail reset operation if config request timed out

As part of controller reset operation the driver issues a config request
command. If this command gets times out, then fail the controller reset
operation instead of retrying it.

Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Sreekanth Reddy <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: sym53c500_cs: Stop using struct scsi_pointer
Finn Thain [Wed, 6 Apr 2022 09:05:39 +0000 (19:05 +1000)]
scsi: sym53c500_cs: Stop using struct scsi_pointer

This driver doesn't use SCp.ptr to save a SCSI command data pointer which
means "scsi pointer" is a complete misnomer here. Only a few members of
struct scsi_pointer are needed so move those to private command data.

Link: https://lore.kernel.org/r/accf71e293ba3aed6d18c8baeb405de8dfe7c935.1649235939.git.fthain@linux-m68k.org
Cc: Bart Van Assche <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Reviewed-by: Bart Van Assche <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Finn Thain <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: ufs: ufs-pci: Add support for Intel MTL
Adrian Hunter [Mon, 4 Apr 2022 05:50:38 +0000 (08:50 +0300)]
scsi: ufs: ufs-pci: Add support for Intel MTL

Add PCI ID and callbacks to support Intel Meteor Lake (MTL).

Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected] # v5.15+
Reviewed-by: Avri Altman <[email protected]>
Reviewed-by: Bart Van Assche <[email protected]>
Signed-off-by: Adrian Hunter <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: mpt3sas: Fix mpt3sas_check_same_4gb_region() kdoc comment
Damien Le Moal [Mon, 4 Apr 2022 05:00:41 +0000 (14:00 +0900)]
scsi: mpt3sas: Fix mpt3sas_check_same_4gb_region() kdoc comment

The start_addres argument of mpt3sas_check_same_4gb_region() was misnamed
in the function kdoc comment, resulting in the following warning when
compiling with W=1.

drivers/scsi/mpt3sas/mpt3sas_base.c:5728: warning: Function parameter or
member 'start_address' not described in 'mpt3sas_check_same_4gb_region'
drivers/scsi/mpt3sas/mpt3sas_base.c:5728: warning: Excess function
parameter 'reply_pool_start_address' description in
'mpt3sas_check_same_4gb_region'

Fix the argument name in the function kdoc comment to avoid it. While at
it, remove a useless blank line between the kdoc and function code.

Link: https://lore.kernel.org/r/[email protected]
Acked-by: Sreekanth Reddy <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoscsi: scsi_debug: Fix sdebug_blk_mq_poll() in_use_bm bitmap use
Damien Le Moal [Mon, 4 Apr 2022 04:55:47 +0000 (13:55 +0900)]
scsi: scsi_debug: Fix sdebug_blk_mq_poll() in_use_bm bitmap use

The in_use_bm bitmap of struct sdebug_queue should be accessed under
protection of the qc_lock spinlock. Make sure that this lock is taken
before calling find_first_bit() at the beginning of the function
sdebug_blk_mq_poll().

Link: https://lore.kernel.org/r/[email protected]
Fixes: 3fd07aecb750 ("scsi: scsi_debug: Fix qc_lock use in sdebug_blk_mq_poll()")
Acked-by: Douglas Gilbert <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
2 years agoMerge branch '5.18/scsi-queue' into 5.18/scsi-fixes
Martin K. Petersen [Thu, 7 Apr 2022 01:46:54 +0000 (21:46 -0400)]
Merge branch '5.18/scsi-queue' into 5.18/scsi-fixes

Pull the remaining commits from 5.18/scsi-queue into fixes.

Signed-off-by: Martin K. Petersen <[email protected]>
2 years agodt-bindings: display: panel: mipi-dbi-spi: Make width-mm/height-mm mandatory
Marek Vasut [Mon, 4 Apr 2022 19:21:05 +0000 (21:21 +0200)]
dt-bindings: display: panel: mipi-dbi-spi: Make width-mm/height-mm mandatory

Make the width-mm/height-mm panel properties mandatory
to correctly report the panel dimensions to the OS.

Fixes: 2f3468b82db97 ("dt-bindings: display: add bindings for MIPI DBI compatible SPI panels")
Signed-off-by: Marek Vasut <[email protected]>
Cc: Christoph Niedermaier <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Dmitry Osipenko <[email protected]>
Cc: Laurent Pinchart <[email protected]>
Cc: Noralf Trønnes <[email protected]>
Cc: Rob Herring <[email protected]>
Cc: Robert Foss <[email protected]>
Cc: Sam Ravnborg <[email protected]>
Cc: Thomas Zimmermann <[email protected]>
Cc: [email protected]
To: [email protected]
Acked-by: Noralf Trønnes <[email protected]>
Reviewed-by: Laurent Pinchart <[email protected]>
Acked-by: Rob Herring <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoMerge tag 'amd-drm-fixes-5.18-2022-04-06' of https://gitlab.freedesktop.org/agd5f...
Dave Airlie [Thu, 7 Apr 2022 00:23:22 +0000 (10:23 +1000)]
Merge tag 'amd-drm-fixes-5.18-2022-04-06' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-5.18-2022-04-06:

amdgpu:
- VCN 3.0 fixes
- DCN 3.1.5 fix
- Misc display fixes
- GC 10.3 golden register fix
- Suspend fix
- SMU 10 fix

amdkfd:
- Event fix

Signed-off-by: Dave Airlie <[email protected]>
From: Alex Deucher <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoMerge tag 'imx-drm-fixes-2022-04-06' of git://git.pengutronix.de/pza/linux into drm...
Dave Airlie [Thu, 7 Apr 2022 00:23:03 +0000 (10:23 +1000)]
Merge tag 'imx-drm-fixes-2022-04-06' of git://git.pengutronix.de/pza/linux into drm-fixes

drm/imx: error handling and debug output fixes

Catch an EDID allocation failure in imx-ldb, fix a leaked drm display
mode on DT parsing error in parallel-display, properly remove the
dw_hdmi bridge in case the component_add fails in dw_hdmi-imx, and
fix the IPU clock frequency debug printout in ipu-di.

Signed-off-by: Dave Airlie <[email protected]>
From: Philipp Zabel <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoMerge tag 'drm-misc-fixes-2022-03-24' of git://anongit.freedesktop.org/drm/drm-misc...
Dave Airlie [Thu, 7 Apr 2022 00:22:31 +0000 (10:22 +1000)]
Merge tag 'drm-misc-fixes-2022-03-24' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

 * drm/panel/ili9341: Fix optional regulator handling

Signed-off-by: Dave Airlie <[email protected]>
From: Thomas Zimmermann <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agoMerge tag 'amd-drm-next-5.18-2022-03-25' of https://gitlab.freedesktop.org/agd5f...
Dave Airlie [Thu, 7 Apr 2022 00:21:46 +0000 (10:21 +1000)]
Merge tag 'amd-drm-next-5.18-2022-03-25' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-next-5.18-2022-03-25:

amdgpu:
- GFX 10.3.7 fixes
- noretry updates
- VCN fixes
- TMDS fix
- zstate fix for freesync video
- DCN 3.1.5 fix
- Display stack size fix
- Audio fix
- DCN 3.1 pstate fix
- TMZ VCN fix
- APU passthrough fix
- Misc other fixes

amdkfd:
- Error handling fix
- xgmi p2p fix
- HWS VMIDs fix

Signed-off-by: Dave Airlie <[email protected]>
From: Alex Deucher <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agorandom: check for signals every PAGE_SIZE chunk of /dev/[u]random
Jason A. Donenfeld [Wed, 6 Apr 2022 00:36:16 +0000 (02:36 +0200)]
random: check for signals every PAGE_SIZE chunk of /dev/[u]random

In 1448769c9cdb ("random: check for signal_pending() outside of
need_resched() check"), Jann pointed out that we previously were only
checking the TIF_NOTIFY_SIGNAL and TIF_SIGPENDING flags if the process
had TIF_NEED_RESCHED set, which meant in practice, super long reads to
/dev/[u]random would delay signal handling by a long time. I tried this
using the below program, and indeed I wasn't able to interrupt a
/dev/urandom read until after several megabytes had been read. The bug
he fixed has always been there, and so code that reads from /dev/urandom
without checking the return value of read() has mostly worked for a long
time, for most sizes, not just for <= 256.

Maybe it makes sense to keep that code working. The reason it was so
small prior, ignoring the fact that it didn't work anyway, was likely
because /dev/random used to block, and that could happen for pretty
large lengths of time while entropy was gathered. But now, it's just a
chacha20 call, which is extremely fast and is just operating on pure
data, without having to wait for some external event. In that sense,
/dev/[u]random is a lot more like /dev/zero.

Taking a page out of /dev/zero's read_zero() function, it always returns
at least one chunk, and then checks for signals after each chunk. Chunk
sizes there are of length PAGE_SIZE. Let's just copy the same thing for
/dev/[u]random, and check for signals and cond_resched() for every
PAGE_SIZE amount of data. This makes the behavior more consistent with
expectations, and should mitigate the impact of Jann's fix for the
age-old signal check bug.

---- test program ----

  #include <unistd.h>
  #include <signal.h>
  #include <stdio.h>
  #include <sys/random.h>

  static unsigned char x[~0U];

  static void handle(int) { }

  int main(int argc, char *argv[])
  {
    pid_t pid = getpid(), child;
    signal(SIGUSR1, handle);
    if (!(child = fork())) {
      for (;;)
        kill(pid, SIGUSR1);
    }
    pause();
    printf("interrupted after reading %zd bytes\n", getrandom(x, sizeof(x), 0));
    kill(child, SIGTERM);
    return 0;
  }

Cc: Jann Horn <[email protected]>
Cc: Theodore Ts'o <[email protected]>
Signed-off-by: Jason A. Donenfeld <[email protected]>
2 years agoRevert "powerpc: Set max_mapnr correctly"
Kefeng Wang [Wed, 6 Apr 2022 14:57:58 +0000 (00:57 +1000)]
Revert "powerpc: Set max_mapnr correctly"

This reverts commit 602946ec2f90d5bd965857753880db29d2d9a1e9.

If CONFIG_HIGHMEM is enabled, no highmem will be added with max_mapnr
set to max_low_pfn, see mem_init():

  for (pfn = highmem_mapnr; pfn < max_mapnr; ++pfn) {
        ...
        free_highmem_page();
  }

Now that virt_addr_valid() has been fixed in the previous commit, we can
revert the change to max_mapnr.

Fixes: 602946ec2f90 ("powerpc: Set max_mapnr correctly")
Signed-off-by: Kefeng Wang <[email protected]>
Reviewed-by: Christophe Leroy <[email protected]>
Reported-by: Erhard F. <[email protected]>
[mpe: Update change log to reflect series reordering]
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agopowerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
Kefeng Wang [Wed, 6 Apr 2022 14:57:57 +0000 (00:57 +1000)]
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit

mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000.

Because of the way __pa() works we have:
  __pa(0x8000000000000000) == 0, and therefore
  virt_to_pfn(0x8000000000000000) == 0, and therefore
  virt_addr_valid(0x8000000000000000) == true

Which is wrong, virt_addr_valid() should be false for vmalloc space.
In fact all vmalloc addresses that alias with a valid PFN will return
true from virt_addr_valid(). That can cause bugs with hardened usercopy
as described below by Kefeng Wang:

  When running ethtool eth0 on 64-bit Book3E, a BUG occurred:

    usercopy: Kernel memory exposure attempt detected from SLUB object not in SLUB page?! (offset 0, size 1048)!
    kernel BUG at mm/usercopy.c:99
    ...
    usercopy_abort+0x64/0xa0 (unreliable)
    __check_heap_object+0x168/0x190
    __check_object_size+0x1a0/0x200
    dev_ethtool+0x2494/0x2b20
    dev_ioctl+0x5d0/0x770
    sock_do_ioctl+0xf0/0x1d0
    sock_ioctl+0x3ec/0x5a0
    __se_sys_ioctl+0xf0/0x160
    system_call_exception+0xfc/0x1f0
    system_call_common+0xf8/0x200

  The code shows below,

    data = vzalloc(array_size(gstrings.len, ETH_GSTRING_LEN));
    copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN))

  The data is alloced by vmalloc(), virt_addr_valid(ptr) will return true
  on 64-bit Book3E, which leads to the panic.

  As commit 4dd7554a6456 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va
  and __pa addresses") does, make sure the virt addr above PAGE_OFFSET in
  the virt_addr_valid() for 64-bit, also add upper limit check to make
  sure the virt is below high_memory.

  Meanwhile, for 32-bit PAGE_OFFSET is the virtual address of the start
  of lowmem, high_memory is the upper low virtual address, the check is
  suitable for 32-bit, this will fix the issue mentioned in commit
  602946ec2f90 ("powerpc: Set max_mapnr correctly") too.

On 32-bit there is a similar problem with high memory, that was fixed in
commit 602946ec2f90 ("powerpc: Set max_mapnr correctly"), but that
commit breaks highmem and needs to be reverted.

We can't easily fix __pa(), we have code that relies on its current
behaviour. So for now add extra checks to virt_addr_valid().

For 64-bit Book3S the extra checks are not necessary, the combination of
virt_to_pfn() and pfn_valid() should yield the correct result, but they
are harmless.

Signed-off-by: Kefeng Wang <[email protected]>
Reviewed-by: Christophe Leroy <[email protected]>
[mpe: Add additional change log detail]
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/i915/uncore: Warn on previous unclaimed accesses
Lucas De Marchi [Tue, 5 Apr 2022 00:11:49 +0000 (17:11 -0700)]
drm/i915/uncore: Warn on previous unclaimed accesses

Since gen6 we use FPGA_DBG register to detect unclaimed MMIO registers.
This register is in the display engine IP and can only ever detect
unclaimed accesses to registers in this area. However sometimes there
are reports of this triggering for registers in other areas, which
should not be possible.

Right now we always warn after the read/write of registers going through
unclaimed_reg_debug(). However places using __raw_uncore_* may be
triggering the unclaimed access and those being later accounted to a
different register. Let's warn both before and after the read/write
with a slightly different message, so it's clear if the register
reported in the warning is actually the culprit.

Commit dda960335e02 ("drm/i915: Just clear the mmiodebug before a
register access") attempted to solve the same issue by removing the
warning when if FPGA_DBG flags before the mmio read/write. However, it
doesn't solve it completely as FPGA_DBG may remain set when reading
registers outside display. So in the end the check after the mmio
read/write triggers the warning pointing to the wrong register.

Signed-off-by: Lucas De Marchi <[email protected]>
Reviewed-by: Matt Roper <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agofbdev: Fix unregistering of framebuffers without device
Thomas Zimmermann [Mon, 4 Apr 2022 19:44:02 +0000 (21:44 +0200)]
fbdev: Fix unregistering of framebuffers without device

OF framebuffers do not have an underlying device in the Linux
device hierarchy. Do a regular unregister call instead of hot
unplugging such a non-existing device. Fixes a NULL dereference.
An example error message on ppc64le is shown below.

  BUG: Kernel NULL pointer dereference on read at 0x00000060
  Faulting instruction address: 0xc00000000080dfa4
  Oops: Kernel access of bad area, sig: 11 [#1]
  LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
  [...]
  CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1
  NIP:  c00000000080dfa4 LR: c00000000080df9c CTR: c000000000797430
  REGS: c000000004132fe0 TRAP: 0300   Not tainted  (5.17.0-ae085d7f9365)
  MSR:  8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE>  CR: 28228282  XER: 20000000
  CFAR: c00000000000c80c DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0
  GPR00: c00000000080df9c c000000004133280 c00000000169d200 0000000000000029
  GPR04: 00000000ffffefff c000000004132f90 c000000004132f88 0000000000000000
  GPR08: c0000000015658f8 c0000000015cd200 c0000000014f57d0 0000000048228283
  GPR12: 0000000000000000 c00000003fffe300 0000000020000000 0000000000000000
  GPR16: 0000000000000000 0000000113fc4a40 0000000000000005 0000000113fcfb80
  GPR20: 000001000f7283b0 0000000000000000 c000000000e4a588 c000000000e4a5b0
  GPR24: 0000000000000001 00000000000a0000 c008000000db0168 c0000000021f6ec0
  GPR28: c0000000016d65a8 c000000004b36460 0000000000000000 c0000000016d64b0
  NIP [c00000000080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0
  [c000000004133280] [c00000000080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable)
  [c000000004133350] [c00000000080e4d0] remove_conflicting_framebuffers+0x60/0x150
  [c0000000041333a0] [c00000000080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0
  [c000000004133450] [c008000000e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm]
  [c000000004133490] [c008000000da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs]
  [...]
  [c000000004133db0] [c00000000002aaa0] system_call_exception+0x170/0x2d0
  [c000000004133e10] [c00000000000c3cc] system_call_common+0xec/0x250

The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug
firmware fb devices on forced removal"). Most firmware framebuffers
have an underlying platform device, which can be hot-unplugged
before loading the native graphics driver. OF framebuffers do not
(yet) have that device. Fix the code by unregistering the framebuffer
as before without a hot unplug.

Tested with 5.17 on qemu ppc64le emulation.

Signed-off-by: Thomas Zimmermann <[email protected]>
Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal")
Reported-by: Sudip Mukherjee <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Reviewed-by: Javier Martinez Canillas <[email protected]>
Tested-by: Sudip Mukherjee <[email protected]>
Cc: Zack Rusin <[email protected]>
Cc: Javier Martinez Canillas <[email protected]>
Cc: Hans de Goede <[email protected]>
Cc: [email protected] # v5.11+
Cc: Helge Deller <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Sam Ravnborg <[email protected]>
Cc: Zheyu Ma <[email protected]>
Cc: Xiyu Yang <[email protected]>
Cc: Zhen Lei <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Alex Deucher <[email protected]>
Cc: Tetsuo Handa <[email protected]>
Cc: Guenter Roeck <[email protected]>
Cc: [email protected]
Cc: [email protected]
Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrbd: set QUEUE_FLAG_STABLE_WRITES
Christoph Böhmwalder [Wed, 6 Apr 2022 19:04:45 +0000 (21:04 +0200)]
drbd: set QUEUE_FLAG_STABLE_WRITES

We want our pages not to change while they are being written.

Signed-off-by: Christoph Böhmwalder <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
2 years agodrbd: fix an invalid memory access caused by incorrect use of list iterator
Xiaomeng Tong [Wed, 6 Apr 2022 19:04:44 +0000 (21:04 +0200)]
drbd: fix an invalid memory access caused by incorrect use of list iterator

The bug is here:
idr_remove(&connection->peer_devices, vnr);

If the previous for_each_connection() don't exit early (no goto hit
inside the loop), the iterator 'connection' after the loop will be a
bogus pointer to an invalid structure object containing the HEAD
(&resource->connections). As a result, the use of 'connection' above
will lead to a invalid memory access (including a possible invalid free
as idr_remove could call free_layer).

The original intention should have been to remove all peer_devices,
but the following lines have already done the work. So just remove
this line and the unneeded label, to fix this bug.

Cc: [email protected]
Fixes: c06ece6ba6f1b ("drbd: Turn connection->volumes into connection->peer_devices")
Signed-off-by: Xiaomeng Tong <[email protected]>
Reviewed-by: Christoph Böhmwalder <[email protected]>
Reviewed-by: Lars Ellenberg <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
2 years agodrbd: Fix five use after free bugs in get_initial_state
Lv Yunlong [Wed, 6 Apr 2022 19:04:43 +0000 (21:04 +0200)]
drbd: Fix five use after free bugs in get_initial_state

In get_initial_state, it calls notify_initial_state_done(skb,..) if
cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),
the skb will be freed by nlmsg_free(skb).
Then get_initial_state will goto out and the freed skb will be used by
return value skb->len, which is a uaf bug.

What's worse, the same problem goes even further: skb can also be
freed in the notify_*_state_change -> notify_*_state calls below.
Thus 4 additional uaf bugs happened.

My patch lets the problem callee functions: notify_initial_state_done
and notify_*_state_change return an error code if errors happen.
So that the error codes could be propagated and the uaf bugs can be avoid.

v2 reports a compilation warning. This v3 fixed this warning and built
successfully in my local environment with no additional warnings.
v2: https://lore.kernel.org/patchwork/patch/1435218/

Fixes: a29728463b254 ("drbd: Backport the "events2" command")
Signed-off-by: Lv Yunlong <[email protected]>
Reviewed-by: Christoph Böhmwalder <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
2 years agobpf: Adjust bpf_tcp_check_syncookie selftest to test dual-stack sockets
Maxim Mikityanskiy [Wed, 6 Apr 2022 12:41:13 +0000 (15:41 +0300)]
bpf: Adjust bpf_tcp_check_syncookie selftest to test dual-stack sockets

The previous commit fixed support for dual-stack sockets in
bpf_tcp_check_syncookie. This commit adjusts the selftest to verify the
fixed functionality.

Signed-off-by: Maxim Mikityanskiy <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Arthur Fabre <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
2 years agobpf: Support dual-stack sockets in bpf_tcp_check_syncookie
Maxim Mikityanskiy [Wed, 6 Apr 2022 12:41:12 +0000 (15:41 +0300)]
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie

bpf_tcp_gen_syncookie looks at the IP version in the IP header and
validates the address family of the socket. It supports IPv4 packets in
AF_INET6 dual-stack sockets.

On the other hand, bpf_tcp_check_syncookie looks only at the address
family of the socket, ignoring the real IP version in headers, and
validates only the packet size. This implementation has some drawbacks:

1. Packets are not validated properly, allowing a BPF program to trick
   bpf_tcp_check_syncookie into handling an IPv6 packet on an IPv4
   socket.

2. Dual-stack sockets fail the checks on IPv4 packets. IPv4 clients end
   up receiving a SYNACK with the cookie, but the following ACK gets
   dropped.

This patch fixes these issues by changing the checks in
bpf_tcp_check_syncookie to match the ones in bpf_tcp_gen_syncookie. IP
version from the header is taken into account, and it is validated
properly with address family.

Fixes: 399040847084 ("bpf: add helper to check for a valid SYN cookie")
Signed-off-by: Maxim Mikityanskiy <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Reviewed-by: Tariq Toukan <[email protected]>
Acked-by: Arthur Fabre <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
2 years agodrm/i915/adlp: Fix register corruption after DDI clock enabling
Imre Deak [Wed, 23 Mar 2022 20:17:49 +0000 (22:17 +0200)]
drm/i915/adlp: Fix register corruption after DDI clock enabling

Accessing the DDI_BUF_CTL register without the port's DDI clock being
enabled (to set/clear the TypeC PHY ownership for the port) can lead to
a corrupted value read during any i915 register access right after the
DDI clock is enabled.

The root cause is the way clock synchronization works for this register,
controlled by the CHICKEN_DCPR_1 DDI_CLOCK_REG_ACCESS flag. Correctly
this flag should be cleared on ADLP (see the Bspec link below), however
after bootup the flag is set.

One easily reproducible issue is an unclaimed register access of the
PWR_WELL_CTL_DDI2 register, programmed right after DDI clock enabling to
enable the port's DDI_IO power well (see the HSDES, VLK links below).
With the correct setting above this problem can't be reproduced.

Bspec: 49189
HSDES: 18019028154
VLK: 28328, 28655

Cc: Jouni Högander <[email protected]>
Cc: Arthur J Runyan <[email protected]>
Signed-off-by: Imre Deak <[email protected]>
Acked-by: Arthur J Runyan <[email protected]>
Reviewed-by: Ville Syrjälä <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/amdgpu/smu10: fix SoC/fclk units in auto mode
Alex Deucher [Fri, 1 Apr 2022 15:08:48 +0000 (11:08 -0400)]
drm/amdgpu/smu10: fix SoC/fclk units in auto mode

SMU takes clock limits in Mhz units.  socclk and fclk were
using 10 khz units in some cases.  Switch to Mhz units.
Fixes higher than required SoC clocks.

Fixes: 97cf32996c46d9 ("drm/amd/pm: Removed fixed clock in auto mode DPM")
Reviewed-by: Paul Menzel <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amd/display: update dcn315 clock table read
Dmytro Laktyushkin [Wed, 30 Mar 2022 20:05:50 +0000 (16:05 -0400)]
drm/amd/display: update dcn315 clock table read

[Why & How]
Make dcn315 base its clock table off dcfclk rather than fclk.

This change also adds some sanity checking to make sure an
empty pmfw table does not result in invalid dal clocks.

Reviewed-by: Charlene Liu <[email protected]>
Acked-by: Qingqing Zhuo <[email protected]>
Signed-off-by: Dmytro Laktyushkin <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amdgpu/display: change pipe policy for DCN 2.1
Benjamin Marty [Wed, 23 Mar 2022 21:08:26 +0000 (22:08 +0100)]
drm/amdgpu/display: change pipe policy for DCN 2.1

Fixes crash on MST Hub disconnect.

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1849
Fixes: ee2698cf79cc ("drm/amd/display: Changed pipe split policy to allow for multi-display pipe split")
Signed-off-by: Benjamin Marty <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amd/display: Add configuration options for AUX wake work around.
Jimmy Kizito [Tue, 22 Mar 2022 23:12:47 +0000 (19:12 -0400)]
drm/amd/display: Add configuration options for AUX wake work around.

[Why]
Work around to try to wake unresponsive DP sinks may need to be adjusted
for certain sinks.

[How]
Add options to disable work around or adjust time spent trying to wake
unresponsive DPRX.

Tested-by: Daniel Wheeler <[email protected]>
Reviewed-by: Martin Leung <[email protected]>
Acked-by: Tom Chung <[email protected]>
Signed-off-by: Jimmy Kizito <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: remove assert for odm transition case
Eric Bernstein [Mon, 21 Mar 2022 14:42:34 +0000 (10:42 -0400)]
drm/amd/display: remove assert for odm transition case

Remove assert that will hit during odm transition case,
since this is a valid case.

Tested-by: Daniel Wheeler <[email protected]>
Reviewed-by: Alvin Lee <[email protected]>
Acked-by: Tom Chung <[email protected]>
Signed-off-by: Eric Bernstein <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amdgpu: don't use BACO for reset in S3
Alex Deucher [Fri, 25 Mar 2022 15:53:39 +0000 (11:53 -0400)]
drm/amdgpu: don't use BACO for reset in S3

Seems to cause a reboots or hangs on some systems.

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1924
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1953
Fixes: daf8de0874ab5b ("drm/amdgpu: always reset the asic in suspend (v2)")
Reviewed-by: Lijo Lazar <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
CHANDAN VURDIGERE NATARAJ [Tue, 29 Mar 2022 07:40:31 +0000 (13:10 +0530)]
drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw

[Why]
Below general protection fault observed when WebGL Aquarium is run for
longer duration. If drm debug logs are enabled and set to 0x1f then the
issue is observed within 10 minutes of run.

[  100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI
[  100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tainted: G        W         5.15.30 #12 d726c6a2d6ebe5cf9223931cbca6892f916fe18b
[  100.754419] RIP: 0010:CalculateSwathWidth+0x1f7/0x44f
[  100.767109] Code: 00 00 00 f2 42 0f 11 04 f0 48 8b 85 88 00 00 00 f2 42 0f 10 04 f0 48 8b 85 98 00 00 00 f2 42 0f 11 04 f0 48 8b 45 10 0f 57 c0 <f3> 42 0f 2a 04 b0 0f 57 c9 f3 43 0f 2a 0c b4 e8 8c e2 f3 ff 48 8b
[  100.781269] RSP: 0018:ffffa9230079eeb0 EFLAGS: 00010246
[  100.812528] RAX: 2d33302d32323032 RBX: 0000000000000500 RCX: 0000000000000000
[  100.819656] RDX: 0000000000000001 RSI: ffff99deb712c49c RDI: 0000000000000000
[  100.826781] RBP: ffffa9230079ef50 R08: ffff99deb712460c R09: ffff99deb712462c
[  100.833907] R10: ffff99deb7124940 R11: ffff99deb7124d70 R12: ffff99deb712ae44
[  100.841033] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa9230079f0a0
[  100.848159] FS:  00007af121212640(0000) GS:ffff99deba780000(0000) knlGS:0000000000000000
[  100.856240] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.861980] CR2: 0000209000fe1000 CR3: 000000011b18c000 CR4: 0000000000350ee0
[  100.869106] Call Trace:
[  100.871555]  <TASK>
[  100.873655]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[  100.878449]  CalculateSwathAndDETConfiguration+0x1a3/0x6dd
[  100.883937]  dml31_ModeSupportAndSystemConfigurationFull+0x2ce4/0x76da
[  100.890467]  ? kallsyms_lookup_buildid+0xc8/0x163
[  100.895173]  ? kallsyms_lookup_buildid+0xc8/0x163
[  100.899874]  ? __sprint_symbol+0x80/0x135
[  100.903883]  ? dm_update_plane_state+0x3f9/0x4d2
[  100.908500]  ? symbol_string+0xb7/0xde
[  100.912250]  ? number+0x145/0x29b
[  100.915566]  ? vsnprintf+0x341/0x5ff
[  100.919141]  ? desc_read_finalized_seq+0x39/0x87
[  100.923755]  ? update_load_avg+0x1b9/0x607
[  100.927849]  ? compute_mst_dsc_configs_for_state+0x7d/0xd5b
[  100.933416]  ? fetch_pipe_params+0xa4d/0xd0c
[  100.937686]  ? dc_fpu_end+0x3d/0xa8
[  100.941175]  dml_get_voltage_level+0x16b/0x180
[  100.945619]  dcn30_internal_validate_bw+0x10e/0x89b
[  100.950495]  ? dcn31_validate_bandwidth+0x68/0x1fc
[  100.955285]  ? resource_build_scaling_params+0x98b/0xb8c
[  100.960595]  ? dcn31_validate_bandwidth+0x68/0x1fc
[  100.965384]  dcn31_validate_bandwidth+0x9a/0x1fc
[  100.970001]  dc_validate_global_state+0x238/0x295
[  100.974703]  amdgpu_dm_atomic_check+0x9c1/0xbce
[  100.979235]  ? _printk+0x59/0x73
[  100.982467]  drm_atomic_check_only+0x403/0x78b
[  100.986912]  drm_mode_atomic_ioctl+0x49b/0x546
[  100.991358]  ? drm_ioctl+0x1c1/0x3b3
[  100.994936]  ? drm_atomic_set_property+0x92a/0x92a
[  100.999725]  drm_ioctl_kernel+0xdc/0x149
[  101.003648]  drm_ioctl+0x27f/0x3b3
[  101.007051]  ? drm_atomic_set_property+0x92a/0x92a
[  101.011842]  amdgpu_drm_ioctl+0x49/0x7d
[  101.015679]  __se_sys_ioctl+0x7c/0xb8
[  101.015685]  do_syscall_64+0x5f/0xb8
[  101.015690]  ? __irq_exit_rcu+0x34/0x96

[How]
It calles populate_dml_pipes which uses doubles to initialize.
Adding FPU protection avoids context switch and probable loss of vba context
as there is potential contention while drm debug logs are enabled.

Signed-off-by: CHANDAN VURDIGERE NATARAJ <[email protected]>
Reviewed-by: Rodrigo Siqueira <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amdkfd: Create file descriptor after client is added to smi_clients list
Lee Jones [Thu, 31 Mar 2022 12:21:17 +0000 (13:21 +0100)]
drm/amdkfd: Create file descriptor after client is added to smi_clients list

This ensures userspace cannot prematurely clean-up the client before
it is fully initialised which has been proven to cause issues in the
past.

Cc: Felix Kuehling <[email protected]>
Cc: Alex Deucher <[email protected]>
Cc: "Christian König" <[email protected]>
Cc: "Pan, Xinhui" <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Felix Kuehling <[email protected]>
Signed-off-by: Felix Kuehling <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amdgpu: Sync up header and implementation to use the same parameter names
Ma Jun [Wed, 23 Mar 2022 13:16:19 +0000 (21:16 +0800)]
drm/amdgpu: Sync up header and implementation to use the same parameter names

Sync up header and implementation to use the same parameter names
in function amdgpu_ring_init.
ring_size -> max_dw, prio -> hw_prio

Reviewed-by: Guchun Chen <[email protected]>
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Ma Jun <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amdgpu: fix incorrect GCR_GENERAL_CNTL address
Ruili Ji [Thu, 31 Mar 2022 04:19:00 +0000 (12:19 +0800)]
drm/amdgpu: fix incorrect GCR_GENERAL_CNTL address

gfx10.3.3/gfx10.3.6/gfx10.3.7 shall use 0x1580 address for GCR_GENERAL_CNTL

Acked-by: Prike Liang <[email protected]>
Acked-by: Yifan Zhang <[email protected]>
Reviewed-by: Aaron Liu <[email protected]>
Signed-off-by: Ruili Ji <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agoamd/display: set backlight only if required
Shirish S [Fri, 11 Mar 2022 15:00:17 +0000 (20:30 +0530)]
amd/display: set backlight only if required

[Why]
comparing pwm bl values (coverted) with user brightness(converted)
levels in commit_tail leads to continuous setting of backlight via dmub
as they don't to match.
This leads overdrive in queuing of commands to DMCU that sometimes lead
to depending on load on DMCU fw:

"[drm:dc_dmub_srv_wait_idle] *ERROR* Error waiting for DMUB idle: status=3"

[How]
Store last successfully set backlight value and compare with it instead
of pwm reads which is not what we should compare with.

Signed-off-by: Shirish S <[email protected]>
Reviewed-by: Harry Wentland <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/i915: Split i915_run_as_guest into x86 and non-x86
Casey Bowman [Thu, 31 Mar 2022 20:43:43 +0000 (13:43 -0700)]
drm/i915: Split i915_run_as_guest into x86 and non-x86

Split i915_run_as_guest() into a more arch-friendly function
as non-x86 builds do not support this functionality.

Signed-off-by: Casey Bowman <[email protected]>
Acked-by: Tvrtko Ursulin <[email protected]>
Signed-off-by: Lucas De Marchi <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/i915/display/psr: Use continuos full frame to handle frontbuffer invalidations
José Roberto de Souza [Tue, 5 Apr 2022 15:53:44 +0000 (08:53 -0700)]
drm/i915/display/psr: Use continuos full frame to handle frontbuffer invalidations

Instead of exit PSR when a frontbuffer invalidation happens, we can
enable the PSR2 selective fetch continuous full frame, that will keep
the panel updated like PSR was disabled but without keeping PSR active.

So as soon as the frontbuffer flush happens we can disable the
continuous full frame and start to do selective fetches much quicker
than the path that would enable PSR, that will wait a few frames
to actually activate PSR.

Also this approach has proven to fix some glitches found in Alderlake-P
when there are a lot of invalidations happening together with page
flips.

Some may ask why it is writing to CURSURFLIVE(), it is because
that is the way that hardware team provided us to poke display to
handle PSR updates, and it is being used since display 9.

v2:
- handling possible race conditions between frontbuffer rendering and
page flips

Reviewed-by: Jouni Högander <[email protected]>
Cc: Khaled Almahallawy <[email protected]>
Cc: Shawn C Lee <[email protected]>
Cc: Jouni Högander <[email protected]>
Cc: Mika Kahola <[email protected]>
Signed-off-by: José Roberto de Souza <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/i915/display/psr: Lock and unlock PSR around pipe updates
José Roberto de Souza [Tue, 5 Apr 2022 15:53:43 +0000 (08:53 -0700)]
drm/i915/display/psr: Lock and unlock PSR around pipe updates

Frontbuffer rendering and page flips can race with each other
and this can potentialy cause issues with PSR2 selective fetch.

And because pipe/crtc updates are time sentive we can't grab the
PSR lock after intel_pipe_update_start() and before
intel_pipe_update_end().

So here adding the lock and unlock functions and calls, the
proper PSR2 selective fetch handling will come in a separated patch.

v2:
- fixed new functions documentation

Reviewed-by: Jouni Högander <[email protected]>
Cc: Jouni Högander <[email protected]>
Cc: Mika Kahola <[email protected]>
Signed-off-by: José Roberto de Souza <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/i915/display/psr: Set partial frame enable when forcing full frame fetch
José Roberto de Souza [Tue, 5 Apr 2022 15:53:42 +0000 (08:53 -0700)]
drm/i915/display/psr: Set partial frame enable when forcing full frame fetch

Following up what was done in commit 804f46885317 ("drm/i915/psr: Set
"SF Partial Frame Enable" also on full update") and also setting
partial frame enable when psr_force_hw_tracking_exit() is called.

Also as PSR2_MAN_TRK_CTL is a double buffered registers do a RMW
is not a good idea so here also setting the man_trk_ctl_enable_bit()
that is required in TGL and only doing a register write.

v2:
- not doing a rmw

v3:
- removing the inline from functions that return PSR2_MAN_TRK_CTL
bits

Reviewed-by: Jouni Högander <[email protected]>
Cc: Jouni Högander <[email protected]>
Cc: Mika Kahola <[email protected]>
Signed-off-by: José Roberto de Souza <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/amd/display: Fix allocate_mst_payload assert on resume
Roman Li [Thu, 17 Mar 2022 23:55:05 +0000 (19:55 -0400)]
drm/amd/display: Fix allocate_mst_payload assert on resume

[Why]
On resume we do link detection for all non-MST connectors.
MST is handled separately. However the condition for telling
if connector is on mst branch is not enough for mst hub case.
Link detection for mst branch link leads to mst topology reset.
That causes assert in dc_link_allocate_mst_payload()

[How]
Use link type as indicator for mst link.

Reviewed-by: Wayne Lin <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Roman Li <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: Revert FEC check in validation
Martin Leung [Fri, 18 Mar 2022 15:12:36 +0000 (11:12 -0400)]
drm/amd/display: Revert FEC check in validation

why and how:
causes failure on install on certain machines

Reviewed-by: George Shen <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Martin Leung <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: Add work around for AUX failure on wake.
Jimmy Kizito [Wed, 9 Mar 2022 23:26:47 +0000 (18:26 -0500)]
drm/amd/display: Add work around for AUX failure on wake.

[Why]
When waking from low-power states, a DP sink may remain unresponsive to
AUX transactions.

[How]
Try to toggle DPCD SET_POWER register repeatedly (up to a maximum
timeout value) until DP sink becomes responsive.

Reviewed-by: Mustapha Ghaddar <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Jimmy Kizito <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: Clear optc false state when disable otg
Charlene Liu [Tue, 15 Mar 2022 20:42:33 +0000 (16:42 -0400)]
drm/amd/display: Clear optc false state when disable otg

[why]
when disable optc, need to clear the underflow status as well.

Reviewed-by: Chris Park <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Charlene Liu <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: Enable power gating before init_pipes
Roman Li [Tue, 15 Mar 2022 20:31:14 +0000 (16:31 -0400)]
drm/amd/display: Enable power gating before init_pipes

[Why]
In init_hw() we call init_pipes() before enabling power gating.
init_pipes() tries to power gate dsc but it may fail because
required force-ons are not released yet.
As a result with dsc config the following errors observed on resume:
"REG_WAIT timeout 1us * 1000 tries - dcn20_dsc_pg_control"
"REG_WAIT timeout 1us * 1000 tries - dcn20_dpp_pg_control"
"REG_WAIT timeout 1us * 1000 tries - dcn20_hubp_pg_control"

[How]
Move enable_power_gating_plane() before init_pipes() in init_hw()

Reviewed-by: Anthony Koo <[email protected]>
Reviewed-by: Eric Yang <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Roman Li <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/display: Remove redundant dsc power gating from init_hw
Roman Li [Tue, 15 Mar 2022 18:57:34 +0000 (14:57 -0400)]
drm/amd/display: Remove redundant dsc power gating from init_hw

[Why]
DSC Power down code has been moved from dcn31_init_hw into init_pipes()
Need to remove it from dcn10_init_hw() as well to avoid duplicated action
on dcn1.x/2.x

[How]
Remove DSC power down code from dcn10_init_hw()

Fixes: 8fa6f4c5715c ("drm/amd/display: fixed the DSC power off sequence during Driver PnP")
Reviewed-by: Anthony Koo <[email protected]>
Reviewed-by: Eric Yang <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Roman Li <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodma-buf/drivers: make reserving a shared slot mandatory v4
Christian König [Tue, 16 Nov 2021 14:20:45 +0000 (15:20 +0100)]
dma-buf/drivers: make reserving a shared slot mandatory v4

Audit all the users of dma_resv_add_excl_fence() and make sure they
reserve a shared slot also when only trying to add an exclusive fence.

This is the next step towards handling the exclusive fence like a
shared one.

v2: fix missed case in amdgpu
v3: and two more radeon, rename function
v4: add one more case to TTM, fix i915 after rebase

Signed-off-by: Christian König <[email protected]>
Reviewed-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/amd/display: Correct Slice reset calculation
Chris Park [Tue, 15 Mar 2022 16:21:43 +0000 (12:21 -0400)]
drm/amd/display: Correct Slice reset calculation

[Why]
Once DSC slice cannot fit pixel clock, we incorrectly
reset min slices to 0 and allow max slice to operate,
even when max slice itself cannot fit the pixel clock
properly.

[How]
Change the sequence such that we correctly determine
DSC is not possible when both min slices and max
slices cannot fit pixel clock per slice.

Reviewed-by: Wenjing Liu <[email protected]>
Acked-by: Alex Hung <[email protected]>
Signed-off-by: Chris Park <[email protected]>
Tested-by: Daniel Wheeler <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agodrm/amd/vcn: fix an error msg on vcn 3.0
tiancyin [Sun, 27 Mar 2022 11:07:13 +0000 (19:07 +0800)]
drm/amd/vcn: fix an error msg on vcn 3.0

Some video card has more than one vcn instance, passing 0 to
vcn_v3_0_pause_dpg_mode is incorrect.

Error msg:
Register(1) [mmUVD_POWER_STATUS] failed to reach value
0x00000001 != 0x00000002

Reviewed-by: James Zhu <[email protected]>
Signed-off-by: tiancyin <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
2 years agodrm/amdgpu/vcn3: send smu interface type
Boyuan Zhang [Thu, 24 Mar 2022 16:19:06 +0000 (12:19 -0400)]
drm/amdgpu/vcn3: send smu interface type

For VCN FW to detect ASIC type, in order to use different mailbox registers.

V2: simplify codes and fix format issue.

Signed-off-by: Boyuan Zhang <[email protected]>
Acked-by Huang Rui <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
2 years agospi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
Kamal Dasu [Mon, 28 Mar 2022 14:24:42 +0000 (10:24 -0400)]
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()

This fixes case where MSPI controller is used to access spi-nor
flash and BSPI block is not present.

Fixes: 5f195ee7d830 ("spi: bcm-qspi: Implement the spi_mem interface")
Signed-off-by: Kamal Dasu <[email protected]>
Acked-by: Florian Fainelli <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
2 years agospi: cadence-quadspi: fix protocol setup for non-1-1-X operations
Matthias Schiffer [Thu, 31 Mar 2022 11:08:19 +0000 (13:08 +0200)]
spi: cadence-quadspi: fix protocol setup for non-1-1-X operations

cqspi_set_protocol() only set the data width, but ignored the command
and address width (except for 8-8-8 DTR ops), leading to corruption of
all transfers using 1-X-X or X-X-X ops. Fix by setting the other two
widths as well.

While we're at it, simplify the code a bit by replacing the
CQSPI_INST_TYPE_* constants with ilog2().

Tested on a TI AM64x with a Macronix MX25U51245G QSPI flash with 1-4-4
read and write operations.

Signed-off-by: Matthias Schiffer <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
2 years agospi: core: add dma_map_dev for __spi_unmap_msg()
Vinod Koul [Wed, 6 Apr 2022 13:22:38 +0000 (18:52 +0530)]
spi: core: add dma_map_dev for __spi_unmap_msg()

Commit b470e10eb43f ("spi: core: add dma_map_dev for dma device") added
dma_map_dev for _spi_map_msg() but missed to add for unmap routine,
__spi_unmap_msg(), so add it now.

Fixes: b470e10eb43f ("spi: core: add dma_map_dev for dma device")
Cc: [email protected] # v5.14+
Signed-off-by: Vinod Koul <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
2 years agocdrom: remove unused variable
Enze Li [Fri, 1 Apr 2022 21:18:42 +0000 (22:18 +0100)]
cdrom: remove unused variable

The clang static analyzer reports the following warning,

File: drivers/cdrom/cdrom.c
Warning: line 1380, column 7
 Although the value stored to 'status' is used in enclosing
 expression, the value is never actually read from 'status'

Remove the unused variable to eliminate the warning.

Signed-off-by: Enze Li <[email protected]>
Link: https://lore.kernel.org/all/[email protected]
Signed-off-by: Phillip Potter <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jens Axboe <[email protected]>
2 years agomyri10ge: fix an incorrect free for skb in myri10ge_sw_tso
Xiaomeng Tong [Wed, 6 Apr 2022 03:55:56 +0000 (11:55 +0800)]
myri10ge: fix an incorrect free for skb in myri10ge_sw_tso

All remaining skbs should be released when myri10ge_xmit fails to
transmit a packet. Fix it within another skb_list_walk_safe.

Signed-off-by: Xiaomeng Tong <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
2 years agonet: usb: aqc111: Fix out-of-bounds accesses in RX fixup
Marcin Kozlowski [Wed, 6 Apr 2022 08:05:37 +0000 (10:05 +0200)]
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup

aqc111_rx_fixup() contains several out-of-bounds accesses that can be
triggered by a malicious (or defective) USB device, in particular:

 - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds,
   causing OOB reads and (on big-endian systems) OOB endianness flips.
 - A packet can overlap the metadata array, causing a later OOB
   endianness flip to corrupt data used by a cloned SKB that has already
   been handed off into the network stack.
 - A packet SKB can be constructed whose tail is far beyond its end,
   causing out-of-bounds heap data to be considered part of the SKB's
   data.

Found doing variant analysis. Tested it with another driver (ax88179_178a), since
I don't have a aqc111 device to test it, but the code looks very similar.

Signed-off-by: Marcin Kozlowski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
2 years agoqede: confirm skb is allocated before using
Jamie Bainbridge [Wed, 6 Apr 2022 11:19:19 +0000 (21:19 +1000)]
qede: confirm skb is allocated before using

qede_build_skb() assumes build_skb() always works and goes straight
to skb_reserve(). However, build_skb() can fail under memory pressure.
This results in a kernel panic because the skb to reserve is NULL.

Add a check in case build_skb() failed to allocate and return NULL.

The NULL return is handled correctly in callers to qede_build_skb().

Fixes: 8a8633978b842 ("qede: Add build_skb() support.")
Signed-off-by: Jamie Bainbridge <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
2 years agonet: ipv6mr: fix unused variable warning with CONFIG_IPV6_PIMSM_V2=n
Florian Westphal [Wed, 6 Apr 2022 10:04:45 +0000 (12:04 +0200)]
net: ipv6mr: fix unused variable warning with CONFIG_IPV6_PIMSM_V2=n

net/ipv6/ip6mr.c:1656:14: warning: unused variable 'do_wrmifwhole'

Move it to the CONFIG_IPV6_PIMSM_V2 scope where its used.

Fixes: 4b340a5a726d ("net: ip6mr: add support for passing full packet on wrong mif")
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
2 years agoMerge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net...
David S. Miller [Wed, 6 Apr 2022 14:03:50 +0000 (15:03 +0100)]
Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue

Tony Nguyen says:

====================
Intel Wired LAN Driver Updates 2022-04-05

Maciej Fijalkowski says:

We were solving issues around AF_XDP busy poll's not-so-usual scenarios,
such as very big busy poll budgets applied to very small HW rings. This
set carries the things that were found during that work that apply to
net tree.

One thing that was fixed for all in-tree ZC drivers was missing on ice
side all the time - it's about syncing RCU before destroying XDP
resources. Next one fixes the bit that is checked in ice_xsk_wakeup and
third one avoids false setting of DD bits on Tx descriptors.
====================

Signed-off-by: David S. Miller <[email protected]>
2 years agoDrivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
Andrea Parri (Microsoft) [Mon, 28 Mar 2022 15:44:57 +0000 (17:44 +0200)]
Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()

Following the recommendation in Documentation/memory-barriers.txt for
virtual machine guests.

Fixes: 8b6a877c060ed ("Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels")
Signed-off-by: Andrea Parri (Microsoft) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Wei Liu <[email protected]>
2 years agodrm/drm_modeset_helper_vtables.h: fix a typo
Sui Jingfeng [Wed, 6 Apr 2022 07:30:36 +0000 (15:30 +0800)]
drm/drm_modeset_helper_vtables.h: fix a typo

 change upate to update

Signed-off-by: Sui Jingfeng <[email protected]>
Signed-off-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2 years agodrm/vc4: hvs: Use pointer to HVS in HVS_READ and HVS_WRITE macros
Maxime Ripard [Thu, 31 Mar 2022 14:37:44 +0000 (16:37 +0200)]
drm/vc4: hvs: Use pointer to HVS in HVS_READ and HVS_WRITE macros

Those macros are really about the HVS itself, and thus its associated
structure vc4_hvs, rather than the entire (virtual) vc4 device.

Let's change those macros to use the hvs pointer directly, and change
the calling sites accordingly.

Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: kms: Ignore atomic_flush if we're disabled
Maxime Ripard [Thu, 31 Mar 2022 14:37:43 +0000 (16:37 +0200)]
drm/vc4: kms: Ignore atomic_flush if we're disabled

atomic_flush will be called for each CRTC even if they aren't enabled.

The whole code we have there will thus run without a properly affected
channel, which can then result in all sorts of weird behaviour.

Fortunately, the DRM_PLANE_COMMIT_ACTIVE_ONLY flag will skip the CRTC
atomic_begin and atomic_flush, and the planes atomic_update, if they
aren't enabled.

Our plane atomic_update is a nop, and atomic_begin will copy the current
HVS channel to the vc4_crtc structure for the interrupt handler to
consume, but the handler won't run if the CRTC is disabled. So in the
end, it will only skip our CRTC atomic_flush, which is what we want.

Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: hvs: Move the dlist setup to its own function
Maxime Ripard [Thu, 31 Mar 2022 14:37:42 +0000 (16:37 +0200)]
drm/vc4: hvs: Move the dlist setup to its own function

The vc4_hvs_update_dlist function mostly deals with setting up the
vblank events and setting up the dlist entry pointer to our current
active one.

We'll want to do the former separately from the vblank handling in later
patches, so let's move it to a function of its own.

Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: hvs: Remove dlist setup duplication
Maxime Ripard [Thu, 31 Mar 2022 14:37:41 +0000 (16:37 +0200)]
drm/vc4: hvs: Remove dlist setup duplication

Setting the DISPLISTx register needs to occur in every case, and we
don't need to protect the register using the event_lock, so we can just
move it after the if branches and simplify a bit the function.

Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: hvs: Store channel in variable
Maxime Ripard [Thu, 31 Mar 2022 14:37:40 +0000 (16:37 +0200)]
drm/vc4: hvs: Store channel in variable

The assigned_channel field of our vc4_crtc_state structure is accessed
multiple times in vc4_hvs_atomic_flush, so let's move it to a variable
that can be used in all those places.

Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: hvs: Fix frame count register readout
Maxime Ripard [Thu, 31 Mar 2022 14:37:39 +0000 (16:37 +0200)]
drm/vc4: hvs: Fix frame count register readout

In order to get the field currently being output, the driver has been
using the display FIFO frame count in the HVS, reading a 6-bit field at
the offset 12 in the DISPSTATx register.

While that field is indeed at that location for the FIFO 1 and 2, the
one for the FIFO0 is actually in the DISPSTAT1 register, at the offset
18.

Fixes: e538092cb15c ("drm/vc4: Enable precise vblank timestamping for interlaced modes.")
Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agodrm/vc4: kms: Take old state core clock rate into account
Maxime Ripard [Thu, 31 Mar 2022 14:37:38 +0000 (16:37 +0200)]
drm/vc4: kms: Take old state core clock rate into account

During a commit, the core clock, which feeds the HVS, needs to run at
a minimum of 500MHz.

While doing that commit, we can also change the mode to one that
requires a higher core clock, so we take the core clock rate associated
to that new state into account for that boost.

However, the old state also needs to be taken into account if it
requires a core clock higher that the new one and our 500MHz limit,
since it's still live in hardware at the beginning of our commit.

Fixes: 16e101051f32 ("drm/vc4: Increase the core clock based on HVS load")
Signed-off-by: Maxime Ripard <[email protected]>
Acked-by: Thomas Zimmermann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
2 years agoDrivers: hv: balloon: Disable balloon and hot-add accordingly
Boqun Feng [Fri, 25 Mar 2022 02:32:12 +0000 (10:32 +0800)]
Drivers: hv: balloon: Disable balloon and hot-add accordingly

Currently there are known potential issues for balloon and hot-add on
ARM64:

* Unballoon requests from Hyper-V should only unballoon ranges
that are guest page size aligned, otherwise guests cannot handle
because it's impossible to partially free a page. This is a
problem when guest page size > 4096 bytes.

* Memory hot-add requests from Hyper-V should provide the NUMA
node id of the added ranges or ARM64 should have a functional
memory_add_physaddr_to_nid(), otherwise the node id is missing
for add_memory().

These issues require discussions on design and implementation. In the
meanwhile, post_status() is working and essential to guest monitoring.
Therefore instead of disabling the entire hv_balloon driver, the
ballooning (when page size > 4096 bytes) and hot-add are disabled
accordingly for now. Once the issues are fixed, they can be re-enable in
these cases.

Signed-off-by: Boqun Feng <[email protected]>
Reviewed-by: Michael Kelley <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Wei Liu <[email protected]>
2 years agoDrivers: hv: balloon: Support status report for larger page sizes
Boqun Feng [Fri, 25 Mar 2022 02:32:11 +0000 (10:32 +0800)]
Drivers: hv: balloon: Support status report for larger page sizes

DM_STATUS_REPORT expects the numbers of pages in the unit of 4k pages
(HV_HYP_PAGE) instead of guest pages, so to make it work when guest page
sizes are larger than 4k, convert the numbers of guest pages into the
numbers of HV_HYP_PAGEs.

Note that the numbers of guest pages are still used for tracing because
tracing is internal to the guest kernel.

Reported-by: Vitaly Kuznetsov <[email protected]>
Signed-off-by: Boqun Feng <[email protected]>
Reviewed-by: Michael Kelley <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Wei Liu <[email protected]>
2 years agorandom: check for signal_pending() outside of need_resched() check
Jann Horn [Tue, 5 Apr 2022 16:39:31 +0000 (18:39 +0200)]
random: check for signal_pending() outside of need_resched() check

signal_pending() checks TIF_NOTIFY_SIGNAL and TIF_SIGPENDING, which
signal that the task should bail out of the syscall when possible. This
is a separate concept from need_resched(), which checks
TIF_NEED_RESCHED, signaling that the task should preempt.

In particular, with the current code, the signal_pending() bailout
probably won't work reliably.

Change this to look like other functions that read lots of data, such as
read_zero().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <[email protected]>
Signed-off-by: Jason A. Donenfeld <[email protected]>
2 years agorandom: do not allow user to keep crng key around on stack
Jason A. Donenfeld [Tue, 5 Apr 2022 14:40:51 +0000 (16:40 +0200)]
random: do not allow user to keep crng key around on stack

The fast key erasure RNG design relies on the key that's used to be used
and then discarded. We do this, making judicious use of
memzero_explicit().  However, reads to /dev/urandom and calls to
getrandom() involve a copy_to_user(), and userspace can use FUSE or
userfaultfd, or make a massive call, dynamically remap memory addresses
as it goes, and set the process priority to idle, in order to keep a
kernel stack alive indefinitely. By probing
/proc/sys/kernel/random/entropy_avail to learn when the crng key is
refreshed, a malicious userspace could mount this attack every 5 minutes
thereafter, breaking the crng's forward secrecy.

In order to fix this, we just overwrite the stack's key with the first
32 bytes of the "free" fast key erasure output. If we're returning <= 32
bytes to the user, then we can still return those bytes directly, so
that short reads don't become slower. And for long reads, the difference
is hopefully lost in the amortization, so it doesn't change much, with
that amortization helping variously for medium reads.

We don't need to do this for get_random_bytes() and the various
kernel-space callers, and later, if we ever switch to always batching,
this won't be necessary either, so there's no need to change the API of
these functions.

Cc: Theodore Ts'o <[email protected]>
Reviewed-by: Jann Horn <[email protected]>
Fixes: c92e040d575a ("random: add backtracking protection to the CRNG")
Fixes: 186873c549df ("random: use simpler fast key erasure flow on per-cpu keys")
Signed-off-by: Jason A. Donenfeld <[email protected]>
2 years agonet: phy: mscc-miim: reject clause 45 register accesses
Michael Walle [Tue, 5 Apr 2022 12:02:33 +0000 (14:02 +0200)]
net: phy: mscc-miim: reject clause 45 register accesses

The driver doesn't support clause 45 register access yet, but doesn't
check if the access is a c45 one either. This leads to spurious register
reads and writes. Add the check.

Fixes: 542671fe4d86 ("net: phy: mscc-miim: Add MDIO driver")
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Reviewed-by: Florian Fainelli <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
This page took 0.140253 seconds and 4 git commands to generate.