]> git.baikalelectronics.ru Git - kernel.git/log
kernel.git
2 years agomemremap: remove support for external pgmap refcounts
Christoph Hellwig [Thu, 28 Oct 2021 15:10:17 +0000 (17:10 +0200)]
memremap: remove support for external pgmap refcounts

[ Upstream commit 29502878ab2e730790bd166529855311b3f6f5b7 ]

No driver is left using the external pgmap refcount, so remove the
code to support it.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Link: https://lore.kernel.org/r/20211028151017.50234-1-hch@lst.de
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agolib/test_hmm: avoid accessing uninitialized pages
Miaohe Lin [Thu, 9 Jun 2022 13:08:35 +0000 (21:08 +0800)]
lib/test_hmm: avoid accessing uninitialized pages

[ Upstream commit 1d45adc415ba3ed8dd36b7a6a6a210616c455529 ]

If make_device_exclusive_range() fails or returns pages marked for
exclusive access less than required, remaining fields of pages will left
uninitialized.  So dmirror_atomic_map() will access those yet
uninitialized fields of pages.  To fix it, do dmirror_atomic_map() iff all
pages are marked for exclusive access (we will break if mapped is less
than required anyway) so we won't access those uninitialized fields of
pages.

Link: https://lkml.kernel.org/r/20220609130835.35110-1-linmiaohe@huawei.com
Fixes: 42ee4beb23cd ("mm: selftests for exclusive device memory")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoclk: mediatek: reset: Fix written reset bit offset
Rex-BC Chen [Mon, 23 May 2022 09:33:29 +0000 (17:33 +0800)]
clk: mediatek: reset: Fix written reset bit offset

[ Upstream commit 76d645ac3936017403a10f6982ae4bb970e86926 ]

Original assert/deassert bit is BIT(0), but it's more resonable to modify
them to BIT(id % 32) which is based on id.

This patch will not influence any previous driver because the reset is
only used for thermal. The id (MT8183_INFRACFG_AO_THERM_SW_RST) is 0.

Fixes: 992fce56fe57 ("clk: reset: Modify reset-controller driver")
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Link: https://lore.kernel.org/r/20220523093346.28493-3-rex-bc.chen@mediatek.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoiio: accel: bma400: Reordering of header files
Jagath Jog J [Thu, 5 May 2022 13:30:13 +0000 (19:00 +0530)]
iio: accel: bma400: Reordering of header files

[ Upstream commit 723acdffeea4d44e52fdd6477b47f1419ee4b7de ]

Reordering of header files and removing the iio/sysfs.h since
custom attributes are not being used in the driver.

Signed-off-by: Jagath Jog J <jagathjog1996@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220505133021.22362-3-jagathjog1996@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoplatform/chrome: cros_ec: Always expose last resume result
Stephen Boyd [Tue, 14 Jun 2022 07:57:26 +0000 (00:57 -0700)]
platform/chrome: cros_ec: Always expose last resume result

[ Upstream commit 7cdf4ce4d73c61a4571ce3da99dd9f66e1666a54 ]

The last resume result exposing logic in cros_ec_sleep_event()
incorrectly requires S0ix support, which doesn't work on ARM based
systems where S0ix doesn't exist. That's because cros_ec_sleep_event()
only reports the last resume result when the EC indicates the last sleep
event was an S0ix resume. On ARM systems, the last sleep event is always
S3 resume, but the EC can still detect sleep hang events in case some
other part of the AP is blocking sleep.

Always expose the last resume result if the EC supports it so that this
works on all devices regardless of S0ix support. This fixes sleep hang
detection on ARM based chromebooks like Trogdor.

Cc: Rajat Jain <rajatja@chromium.org>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Tzung-Bi Shih <tzungbi@kernel.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Fixes: e8a936107ac9 ("platform/chrome: Add support for v1 of host sleep event")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220614075726.2729987-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoiio: accel: bma400: Fix the scale min and max macro values
Jagath Jog J [Thu, 5 May 2022 13:30:12 +0000 (19:00 +0530)]
iio: accel: bma400: Fix the scale min and max macro values

[ Upstream commit dea93f1f63a967a67aed82a5a2534b5a8f39f471 ]

Changing the scale macro values to match the bma400 sensitivity
for 1 LSB of all the available ranges.

Fixes: 180c5df27836 ("iio: accel: Add driver for the BMA400")
Signed-off-by: Jagath Jog J <jagathjog1996@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220505133021.22362-2-jagathjog1996@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix no logout on delete for N2N
Quinn Tran [Wed, 8 Jun 2022 11:58:46 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Fix no logout on delete for N2N

[ Upstream commit 65a2e58888b5e3fa785e3e326f84426927ccf8a3 ]

The driver failed to send implicit logout on session delete. For edif, this
failed to flush any lingering SA index in FW.

Set a flag to turn on implicit logout early in the session recovery to make
sure the logout will go out in case of error.

Link: https://lore.kernel.org/r/20220608115849.16693-8-njavali@marvell.com
Fixes: 03d1f5917d23 ("scsi: qla2xxx: edif: Add N2N support for EDIF")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix session thrash
Quinn Tran [Wed, 8 Jun 2022 11:58:45 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Fix session thrash

[ Upstream commit de1e91d0a9657ecf378f774ef7d1b580468b680d ]

Current code prematurely sends out PRLI before authentication application
has given the OK to do so. This causes PRLI failure and session teardown.

Prevents PRLI from going out before authentication app gives the OK.

Link: https://lore.kernel.org/r/20220608115849.16693-7-njavali@marvell.com
Fixes: dda82a9f9c54 ("scsi: qla2xxx: edif: Reduce connection thrash")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Tear down session if keys have been removed
Quinn Tran [Wed, 8 Jun 2022 11:58:44 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Tear down session if keys have been removed

[ Upstream commit 056eecacf8fa5899ada64eabc596fc39272b65ea ]

If all keys for a session have been deleted, trigger a session teardown.

Link: https://lore.kernel.org/r/20220608115849.16693-6-njavali@marvell.com
Fixes: 4f4dee94f0b7 ("scsi: qla2xxx: edif: Add key update")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix no login after app start
Quinn Tran [Wed, 8 Jun 2022 11:58:43 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Fix no login after app start

[ Upstream commit 59720fe130242bf4d6295a0547d8fbc2799fd022 ]

The scenario is this: User loaded driver but has not started authentication
app. All sessions to secure device will exhaust all login attempts, fail,
and in stay in deleted state. Then some time later the app is started. The
driver will replenish the login retry count, trigger delete to prepare for
secure login. After deletion, relogin is triggered.

For the session that is already deleted, the delete trigger is a no-op. If
none of the sessions trigger a relogin, no progress is made.

Add a relogin trigger.

Link: https://lore.kernel.org/r/20220608115849.16693-5-njavali@marvell.com
Fixes: 397c4e69bdb0 ("scsi: qla2xxx: edif: Add start + stop bsgs")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Reduce disruption due to multiple app start
Quinn Tran [Wed, 8 Jun 2022 11:58:42 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Reduce disruption due to multiple app start

[ Upstream commit 759d8b07b03e47c17225684fcf7d1e1ecccaad4f ]

Multiple app start can trigger a session bounce. Make driver skip over
session teardown if app start is seen more than once.

Link: https://lore.kernel.org/r/20220608115849.16693-4-njavali@marvell.com
Fixes: 397c4e69bdb0 ("scsi: qla2xxx: edif: Add start + stop bsgs")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Send LOGO for unexpected IKE message
Quinn Tran [Wed, 8 Jun 2022 11:58:41 +0000 (04:58 -0700)]
scsi: qla2xxx: edif: Send LOGO for unexpected IKE message

[ Upstream commit b4ecf0b44671c1189e898da104eabfcc3b31cea2 ]

If the session is down and the local port continues to receive AUTH ELS
messages, the driver needs to send back LOGO so that the remote device
knows to tear down its session. Terminate and clean up the AUTH ELS
exchange followed by a passthrough LOGO.

Link: https://lore.kernel.org/r/20220608115849.16693-3-njavali@marvell.com
Fixes: ce4d4dd912f3 ("scsi: qla2xxx: edif: Reject AUTH ELS on session down")
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonetfilter: xtables: Bring SPDX identifier back
Thomas Gleixner [Mon, 6 Jun 2022 15:23:45 +0000 (17:23 +0200)]
netfilter: xtables: Bring SPDX identifier back

[ Upstream commit 6947c0102dce2591a59f8957c8c22f88fc255360 ]

Commit cdb51be7ebd5 ("License cleanup: add SPDX license identifier to
uapi header files with a license") added the correct SPDX identifier to
include/uapi/linux/netfilter/xt_IDLETIMER.h.

A subsequent commit removed it for no reason and reintroduced the UAPI
license incorrectness as the file is now missing the UAPI exception
again.

Add it back and remove the GPLv2 boilerplate while at it.

Fixes: c4e9d501ee48 ("netfilter: xtables: Add snapshot of hardidletimer target")
Cc: Manoj Basapathi <manojbm@codeaurora.org>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agousb: xhci: tegra: Fix error check
Tang Bin [Tue, 24 May 2022 12:14:04 +0000 (20:14 +0800)]
usb: xhci: tegra: Fix error check

[ Upstream commit c5ce6d429ca4de913ccd5520a693c00901767c56 ]

In the function tegra_xusb_powerdomain_init(),
dev_pm_domain_attach_by_name() may return NULL in some cases,
so IS_ERR() doesn't meet the requirements. Thus fix it.

Fixes: 68a1ffbd2edd ("usb: xhci: tegra: Add genpd support")
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Link: https://lore.kernel.org/r/20220524121404.18376-1-tangbin@cmss.chinamobile.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agousb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()
Tang Bin [Wed, 25 May 2022 13:53:32 +0000 (21:53 +0800)]
usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()

[ Upstream commit f7de7dca8d8674a2afdf7f64af8a0244d3938be8 ]

dev_pm_domain_attach_by_name() may return NULL in some cases,
so IS_ERR() doesn't meet the requirements. Thus fix it.

Fixes: f4e304b872e7 ("usb: gadget: Add UDC driver for tegra XUSB device mode controller")
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Link: https://lore.kernel.org/r/20220525135332.23144-1-tangbin@cmss.chinamobile.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agousb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
Miaoqian Lin [Fri, 3 Jun 2022 14:12:30 +0000 (18:12 +0400)]
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe

[ Upstream commit 4e0a6ddcef6ac66de178e427553ef4c6e94630f0 ]

of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Fixes: 0775db4aa75f ("USB: ohci-nxp: Use isp1301 driver")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220603141231.979-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agousb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
Miaoqian Lin [Thu, 2 Jun 2022 11:08:49 +0000 (15:08 +0400)]
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe

[ Upstream commit a85254b1d7fccb4deffaeb29cad6e729c9decb5c ]

of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.

Fixes: 2c9458645465 ("USB: powerpc: Workaround for the PPC440EPX USBH_23 errata [take 3]")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220602110849.58549-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agofpga: altera-pr-ip: fix unsigned comparison with less than zero
Marco Pagani [Thu, 9 Jun 2022 14:05:19 +0000 (16:05 +0200)]
fpga: altera-pr-ip: fix unsigned comparison with less than zero

[ Upstream commit ca40a222c28b48f313a55849cc51498b4eebc985 ]

Fix the "comparison with less than zero" warning reported by
cppcheck for the unsigned (size_t) parameter count of the
alt_pr_fpga_write() function.

Fixes: c9b9911b9216 ("fpga pr ip: Core driver support for Altera Partial Reconfiguration IP")
Reviewed-by: Tom Rix <trix@redhat.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Marco Pagani <marpagan@redhat.com>
Link: https://lore.kernel.org/r/20220609140520.42662-1-marpagan@redhat.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoPCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()
Miaoqian Lin [Wed, 1 Jun 2022 04:12:58 +0000 (08:12 +0400)]
PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()

[ Upstream commit 8471a82334a92448f8de17b82b95c70deff5a2ca ]

of_get_child_by_name() returns a node pointer with refcount incremented, so
we should use of_node_put() on it when we don't need it anymore.

Add missing of_node_put() to avoid refcount leak.

Fixes: 0721416cb55c ("PCI: mediatek-gen3: Add INTx support")
Link: https://lore.kernel.org/r/20220601041259.56185-1-linmq006@gmail.com
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Miles Chen <miles.chen@mediatek.com>
Acked-by: Jianjun Wang <jianjun.wang@mediatek.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
Uwe Kleine-König [Tue, 7 Jun 2022 15:24:55 +0000 (17:24 +0200)]
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path

[ Upstream commit ad37428dbb6d4ca0d889738b75d548769dba20f7 ]

For all but one error path clk_disable_unprepare() is already there. Add
it to the one location where it's missing.

Fixes: 41c587e5b65a ("mtd: st_spi_fsm: Handle clk_prepare_enable/clk_disable_unprepare.")
Fixes: 70b1bf6ee44c ("mtd: st_spi_fsm: Obtain and use EMI clock")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220607152458.232847-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
Miaoqian Lin [Sun, 5 Jun 2022 07:07:23 +0000 (11:07 +0400)]
mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset

[ Upstream commit 93860ba81ec7b2b5835a4e9c9e46eb9f5873dfc4 ]

of_find_node_by_path() returns a node pointer with refcount incremented,
we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Fixes: 4fae4be93fb1 ("mtd: parsers: ofpart: support BCM4908 fixed partitions")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220605070726.5979-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: partitions: Fix refcount leak in parse_redboot_of
Miaoqian Lin [Thu, 26 May 2022 11:06:49 +0000 (15:06 +0400)]
mtd: partitions: Fix refcount leak in parse_redboot_of

[ Upstream commit 9f7825a193035127e3d4e7138cee4bffbec471a1 ]

of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Fixes: f0e4c7650b8f ("mtd: partitions: redboot: seek fis-index-block in the right node")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220526110652.64849-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
Duoming Zhou [Tue, 24 May 2022 04:48:41 +0000 (12:48 +0800)]
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release

[ Upstream commit 547cd1c887cfdcb2541a9c1acd96020fb17ab18c ]

There is a deadlock between sm_release and sm_cache_flush_work
which is a work item. The cancel_work_sync in sm_release will
not return until sm_cache_flush_work is finished. If we hold
mutex_lock and use cancel_work_sync to wait the work item to
finish, the work item also requires mutex_lock. As a result,
the sm_release will be blocked forever. The race condition is
shown below:

    (Thread 1)             |   (Thread 2)
sm_release                 |
  mutex_lock(&ftl->mutex)  | sm_cache_flush_work
                           |   mutex_lock(&ftl->mutex)
  cancel_work_sync         |   ...

This patch moves del_timer_sync and cancel_work_sync out of
mutex_lock in order to mitigate deadlock.

Fixes: 046e09730c73 ("mtd: Add new SmartMedia/xD FTL")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220524044841.10517-1-duoming@zju.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoHID: cp2112: prevent a buffer overflow in cp2112_xfer()
Harshit Mogalapalli [Wed, 8 Jun 2022 12:26:09 +0000 (05:26 -0700)]
HID: cp2112: prevent a buffer overflow in cp2112_xfer()

[ Upstream commit cccca11076db996f62cdfb6ab3b5f661e60b0216 ]

Smatch warnings:
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()
'data->block[1]' too small (33 vs 255)
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too
small (64 vs 255)

The 'read_length' variable is provided by 'data->block[0]' which comes
from user and it(read_length) can take a value between 0-255. Add an
upper bound to 'read_length' variable to prevent a buffer overflow in
memcpy().

Fixes: 73c1d83d8ef9 ("HID: cp2112: Fix I2C_BLOCK_DATA transactions")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoPCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
Miaoqian Lin [Thu, 2 Jun 2022 03:19:08 +0000 (07:19 +0400)]
PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()

[ Upstream commit 1732fe4cfc58cd8b4a2e44a53e5498b3095fd86d ]

pm_runtime_enable() will increase power disable depth.  If
dw_pcie_ep_init() fails, we should use pm_runtime_disable() to balance it
with pm_runtime_enable().

Add missing pm_runtime_disable() for tegra_pcie_config_ep().

Fixes: ae0487c2a0af ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194")
Link: https://lore.kernel.org/r/20220602031910.55859-1-linmq006@gmail.com
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoPCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
Miaoqian Lin [Sun, 5 Jun 2022 05:51:23 +0000 (09:51 +0400)]
PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()

[ Upstream commit 3a316bacc03ccbfca5ffee9b65072f7188de44df ]

of_get_next_child() returns a node pointer with refcount incremented, so we
should use of_node_put() on it when we don't need it anymore.

mc_pcie_init_irq_domains() only calls of_node_put() in the normal path,
missing it in some error paths.  Add missing of_node_put() to avoid
refcount leak.

Fixes: db397b62ce90 ("PCI: microchip: Add Microchip PolarFire PCIe controller driver")
Link: https://lore.kernel.org/r/20220605055123.59127-1-linmq006@gmail.com
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agophy: samsung: exynosautov9-ufs: correct TSRV register configurations
Chanho Park [Fri, 3 Jun 2022 05:05:36 +0000 (14:05 +0900)]
phy: samsung: exynosautov9-ufs: correct TSRV register configurations

[ Upstream commit d5bf8d20f9cfb254cc5032a5e9fbeefb7f454896 ]

For exynos auto v9's UFS MPHY, We should use 0x50 offset of TSRV register
configurations. So, it must be

s/PHY_TRSV_REG_CFG/PHY_TRSV_REG_CFG_AUTOV9/g

Fixes: 3505444e22fa ("phy: samsung-ufs: support exynosauto ufs phy driver")
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220603050536.61957-1-chanho61.park@samsung.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoKVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported
Sean Christopherson [Sun, 1 May 2022 22:07:28 +0000 (00:07 +0200)]
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported

[ Upstream commit 1164e667cfe2c6cbccd04a5b05be9a03c4f1dc2c ]

If NRIPS is supported in hardware but disabled in KVM, set next_rip to
the next RIP when advancing RIP as part of emulating INT3 injection.
There is no flag to tell the CPU that KVM isn't using next_rip, and so
leaving next_rip is left as is will result in the CPU pushing garbage
onto the stack when vectoring the injected event.

Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Fixes: 397076fd8c2e ("KVM: SVM: Emulate nRIP feature when reinjecting INT3")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Message-Id: <cd328309a3b88604daa2359ad56f36cb565ce2d4.1651440202.git.maciej.szmigiero@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoKVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
Sean Christopherson [Sun, 1 May 2022 22:07:27 +0000 (00:07 +0200)]
KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"

[ Upstream commit 84654a9e8e2d3441e7f1d1499f5fdfbde07e0d5d ]

Unwind the RIP advancement done by svm_queue_exception() when injecting
an INT3 ultimately "fails" due to the CPU encountering a VM-Exit while
vectoring the injected event, even if the exception reported by the CPU
isn't the same event that was injected.  If vectoring INT3 encounters an
exception, e.g. #NP, and vectoring the #NP encounters an intercepted
exception, e.g. #PF when KVM is using shadow paging, then the #NP will
be reported as the event that was in-progress.

Note, this is still imperfect, as it will get a false positive if the
INT3 is cleanly injected, no VM-Exit occurs before the IRET from the INT3
handler in the guest, the instruction following the INT3 generates an
exception (directly or indirectly), _and_ vectoring that exception
encounters an exception that is intercepted by KVM.  The false positives
could theoretically be solved by further analyzing the vectoring event,
e.g. by comparing the error code against the expected error code were an
exception to occur when vectoring the original injected exception, but
SVM without NRIPS is a complete disaster, trying to make it 100% correct
is a waste of time.

Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Fixes: 397076fd8c2e ("KVM: SVM: Emulate nRIP feature when reinjecting INT3")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Message-Id: <450133cf0a026cb9825a2ff55d02cb136a1cb111.1651440202.git.maciej.szmigiero@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix n2n login retry for secure device
Quinn Tran [Tue, 7 Jun 2022 04:46:26 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Fix n2n login retry for secure device

[ Upstream commit 8505365a3970a51bf5feb90f1915c0f84157c57c ]

After initiator has burned up all login retries, target authentication
application begins to run. This triggers a link bounce on target side.
Initiator will attempt another login. Due to N2N, the PRLI [nvme | fcp] can
fail because of the mode mismatch with target. This patch add a few more
login retries to revive the connection.

Link: https://lore.kernel.org/r/20220607044627.19563-11-njavali@marvell.com
Fixes: 03d1f5917d23 ("scsi: qla2xxx: edif: Add N2N support for EDIF")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix n2n discovery issue with secure target
Quinn Tran [Tue, 7 Jun 2022 04:46:25 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Fix n2n discovery issue with secure target

[ Upstream commit a59e57c4fb317ed7908fe395b45bd3bce8cc6f07 ]

User failed to see disk via n2n topology. Driver used up all login retries
before authentication application started. When authentication application
started, driver did not have enough login retries to connect securely. On
app_start, driver will reset the login retry attempt count.

Link: https://lore.kernel.org/r/20220607044627.19563-10-njavali@marvell.com
Fixes: 03d1f5917d23 ("scsi: qla2xxx: edif: Add N2N support for EDIF")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Add retry for ELS passthrough
Quinn Tran [Tue, 7 Jun 2022 04:46:23 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Add retry for ELS passthrough

[ Upstream commit fd992c16a0ca4fa00449a9877a92026414e5cfe3 ]

Relating to EDIF, when sending IKE message, updating key or deleting key,
driver can encounter IOCB queue full. Add additional retries to reduce
higher level recovery.

Link: https://lore.kernel.org/r/20220607044627.19563-8-njavali@marvell.com
Fixes: 4f4dee94f0b7 ("scsi: qla2xxx: edif: Add key update")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application
Quinn Tran [Tue, 7 Jun 2022 04:46:22 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application

[ Upstream commit 2585e3fef5d7b05c9615566ff014a8e437540d52 ]

Notify authentication application of a NPIV deletion event is about to
occur. This allows app to perform cleanup.

Link: https://lore.kernel.org/r/20220607044627.19563-7-njavali@marvell.com
Fixes: 32a78f1ccafb ("scsi: qla2xxx: edif: Add detection of secure device")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix inconsistent check of db_flags
Quinn Tran [Tue, 26 Oct 2021 11:54:10 +0000 (04:54 -0700)]
scsi: qla2xxx: edif: Fix inconsistent check of db_flags

[ Upstream commit 60d8b66763bc18105edb5f1534dd4e2790e8b184 ]

db_flags field is a bit field. Replace value check with bit flag check.

Link: https://lore.kernel.org/r/20211026115412.27691-12-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Reduce connection thrash
Quinn Tran [Tue, 26 Oct 2021 11:54:08 +0000 (04:54 -0700)]
scsi: qla2xxx: edif: Reduce connection thrash

[ Upstream commit dda82a9f9c5499a270d38860dfd6a2ae11d1949d ]

On ipsec start by remote port, target port may use RSCN to trigger
initiator to relogin. If driver is already in the process of a relogin,
then ignore the RSCN and allow the current relogin to continue. This
reduces thrashing of the connection.

Link: https://lore.kernel.org/r/20211026115412.27691-10-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Fix potential stuck session in sa update
Quinn Tran [Tue, 7 Jun 2022 04:46:21 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Fix potential stuck session in sa update

[ Upstream commit ae226ca8b6a26d7f39898e4350678e1feabbb3af ]

When a thread is in the process of reestablish a session, a flag is set to
prevent multiple threads/triggers from doing the same task. This flag was
left on, and any attempt to relogin was locked out. Clear this flag if the
attempt has failed.

Link: https://lore.kernel.org/r/20220607044627.19563-6-njavali@marvell.com
Fixes: 4f4dee94f0b7 ("scsi: qla2xxx: edif: Add key update")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoscsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
Quinn Tran [Tue, 7 Jun 2022 04:46:17 +0000 (21:46 -0700)]
scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing

[ Upstream commit 3dc520a3e6298ba4982273fdc837132cf91c709d ]

This patch uses GFFID switch command to scan whether remote device is
Target or Initiator mode.  Based on that info, driver will not pass up
Initiator info to authentication application. This helps reduce unnecessary
stress for authentication application to deal with unused connections.

Link: https://lore.kernel.org/r/20220607044627.19563-2-njavali@marvell.com
Fixes: 397c4e69bdb0 ("scsi: qla2xxx: edif: Add start + stop bsgs")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoof: check previous kernel's ima-kexec-buffer against memory bounds
Vaibhav Jain [Tue, 31 May 2022 04:14:46 +0000 (09:44 +0530)]
of: check previous kernel's ima-kexec-buffer against memory bounds

[ Upstream commit 0ac0f36313846e053328c0725b216b6416f27e37 ]

Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the previous kernel.
The panic is usually of the form below:

$ sudo kexec --initrd initrd vmlinux --append='mem=16G'

<snip>
 BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000
 Faulting instruction address: 0xc000000000837974
 Oops: Kernel access of bad area, sig: 11 [#1]
<snip>
 NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0
 LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160
 Call Trace:
 [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160
 [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108
 [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120
 [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0
 [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec
 [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0
 [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64
 Instruction dump:
 f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330
 7c0802a6 fb610198 7c9b2378 f80101d0 <a12400002c090001 40820614 e9240010
 ---[ end trace 0000000000000000 ]---

Fix this issue by checking returned PFN range of previous kernel's
ima-kexec-buffer with page_is_ram() to ensure correct memory bounds.

Fixes: 1e39c393fe73 ("powerpc: ima: get the kexec buffer passed by the previous kernel")
Cc: Frank Rowand <frowand.list@gmail.com>
Cc: Prakhar Srivastava <prsriva@linux.microsoft.com>
Cc: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Cc: Rob Herring <robh@kernel.org>
Cc: Ritesh Harjani <ritesh.list@gmail.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220531041446.3334259-1-vaibhav@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: rawnand: meson: Fix a potential double free issue
Christophe JAILLET [Fri, 20 May 2022 16:41:40 +0000 (18:41 +0200)]
mtd: rawnand: meson: Fix a potential double free issue

[ Upstream commit 5e53443dc70aef3086f90a8223f04f1e6080bddb ]

When meson_nfc_nand_chip_cleanup() is called, it will call:
meson_nfc_free_buffer(&meson_chip->nand);
nand_cleanup(&meson_chip->nand);

nand_cleanup() in turn will call nand_detach() which calls the
.detach_chip() which is here meson_nand_detach_chip().

meson_nand_detach_chip() already calls meson_nfc_free_buffer(), so we
could double free some memory.

Fix it by removing the unneeded explicit call to meson_nfc_free_buffer().

Fixes: a8b6ef1f6111 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Liang Yang <liang.yang@amlogic.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/ec15c358b8063f7c50ff4cd628cf0d2e14e43f49.1653064877.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: maps: Fix refcount leak in ap_flash_init
Miaoqian Lin [Mon, 23 May 2022 14:32:55 +0000 (18:32 +0400)]
mtd: maps: Fix refcount leak in ap_flash_init

[ Upstream commit e4083a149d6d078934365063006fb2fae44f64bc ]

of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Fixes: e5bea735e41c ("mtd: physmap_of: add a hook for Versatile write protection")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220523143255.4376-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomtd: maps: Fix refcount leak in of_flash_probe_versatile
Miaoqian Lin [Mon, 23 May 2022 14:02:05 +0000 (18:02 +0400)]
mtd: maps: Fix refcount leak in of_flash_probe_versatile

[ Upstream commit 88b2d021c6b0d976bc6935af509a2d1223c51c9a ]

of_find_matching_node_and_match() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Fixes: e5bea735e41c ("mtd: physmap_of: add a hook for Versatile write protection")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220523140205.48625-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoclk: renesas: r9a06g032: Fix UART clkgrp bitsel
Ralph Siemsen [Wed, 18 May 2022 18:25:27 +0000 (14:25 -0400)]
clk: renesas: r9a06g032: Fix UART clkgrp bitsel

[ Upstream commit 7f09bf779b976fae46d343e6bed1fd6a841fd7b6 ]

There are two UART clock groups, each having a mux to select its
upstream clock source. The register/bit definitions for accessing these
two muxes appear to have been reversed since introduction. Correct them
so as to match the hardware manual.

Fixes: 3e94d2dd1bd0 ("clk: renesas: Renesas R9A06G032 clock driver")
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Phil Edworthy <phil.edworthy@renesas.com>
Link: https://lore.kernel.org/r/20220518182527.1693156-1-ralph.siemsen@linaro.org
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoHID: amd_sfh: Don't show client init failed as error when discovery fails
Mario Limonciello [Thu, 12 May 2022 18:18:48 +0000 (13:18 -0500)]
HID: amd_sfh: Don't show client init failed as error when discovery fails

[ Upstream commit c0a5c3ff676c60f3343c78e233e0f843047dedfb ]

When sensor discovery fails, this means that the system doesn't have
any sensors connected and a user should only be notified at most one time.
A message is already displayed at WARN level of "failed to discover,
sensors not enabled".  It's pointless to show that the client init failed
at ERR level for the same condition.

Check the return code and don't display this message in those conditions.

Fixes: 432a5bd3fc29 ("HID: amd_sfh: Add support for sensor discovery")
Reported-by: David Chang <David.Chang@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowireguard: allowedips: don't corrupt stack when detecting overflow
Jason A. Donenfeld [Tue, 2 Aug 2022 12:56:12 +0000 (14:56 +0200)]
wireguard: allowedips: don't corrupt stack when detecting overflow

[ Upstream commit a313fee039f0afc9f1aef49a19d5bf4418eeffc3 ]

In case push_rcu() and related functions are buggy, there's a
WARN_ON(len >= 128), which the selftest tries to hit by being tricky. In
case it is hit, we shouldn't corrupt the kernel's stack, though;
otherwise it may be hard to even receive the report that it's buggy. So
conditionalize the stack write based on that WARN_ON()'s return value.

Note that this never *actually* happens anyway. The WARN_ON() in the
first place is bounded by IS_ENABLED(DEBUG), and isn't expected to ever
actually hit. This is just a debugging sanity check.

Additionally, hoist the constant 128 into a named enum,
MAX_ALLOWEDIPS_BITS, so that it's clear why this value is chosen.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjJZGA6w_DxA+k7Ejbqsq+uGK==koPai3sqdsfJqemvag@mail.gmail.com/
Fixes: 4dff5496e367 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowireguard: ratelimiter: use hrtimer in selftest
Jason A. Donenfeld [Tue, 2 Aug 2022 12:56:10 +0000 (14:56 +0200)]
wireguard: ratelimiter: use hrtimer in selftest

[ Upstream commit 7b7e1450ae6fac31a006bdfaa60210378e388cff ]

Using msleep() is problematic because it's compared against
ratelimiter.c's ktime_get_coarse_boottime_ns(), which means on systems
with slow jiffies (such as UML's forced HZ=100), the result is
inaccurate. So switch to using schedule_hrtimeout().

However, hrtimer gives us access only to the traditional posix timers,
and none of the _COARSE variants. So now, rather than being too
imprecise like jiffies, it's too precise.

One solution would be to give it a large "range" value, but this will
still fire early on a loaded system. A better solution is to align the
timeout to the actual coarse timer, and then round up to the nearest
tick, plus change.

So add the timeout to the current coarse time, and then
schedule_hrtimer() until the absolute computed time.

This should hopefully reduce flakes in CI as well. Note that we keep the
retry loop in case the entire function is running behind, because the
test could still be scheduled out, by either the kernel or by the
hypervisor's kernel, in which case restarting the test and hoping to not
be scheduled out still helps.

Fixes: 4dff5496e367 ("net: WireGuard secure network tunnel")
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet: usb: make USB_RTL8153_ECM non user configurable
Maciej Żenczykowski [Sat, 30 Jul 2022 23:01:13 +0000 (16:01 -0700)]
net: usb: make USB_RTL8153_ECM non user configurable

[ Upstream commit 393d732987d7de3aa5051cb9a15837c353c2147c ]

This refixes:

    commit f6744f38a132f6d047f669b5158819f16669d002
    nt: usb: USB_RTL8153_ECM should not default to y

    In general, device drivers should not be enabled by default.

which basically broke the commit it claimed to fix, ie:

    commit 13b8ecadfa38a638366dcd4d9bf46f6ced9fc218
    r8153_ecm: avoid to be prior to r8152 driver

    Avoid r8153_ecm is compiled as built-in, if r8152 driver is compiled
    as modules. Otherwise, the r8153_ecm would be used, even though the
    device is supported by r8152 driver.

this commit amounted to:

drivers/net/usb/Kconfig:

+config USB_RTL8153_ECM
+       tristate "RTL8153 ECM support"
+       depends on USB_NET_CDCETHER && (USB_RTL8152 || USB_RTL8152=n)
+       default y
+       help
+         This option supports ECM mode for RTL8153 ethernet adapter, when
+         CONFIG_USB_RTL8152 is not set, or the RTL8153 device is not
+         supported by r8152 driver.

drivers/net/usb/Makefile:

-obj-$(CONFIG_USB_NET_CDCETHER) += cdc_ether.o r8153_ecm.o
+obj-$(CONFIG_USB_NET_CDCETHER) += cdc_ether.o
+obj-$(CONFIG_USB_RTL8153_ECM)  += r8153_ecm.o

And as can be seen it pulls a piece of the cdc_ether driver out into
a separate config option to be able to make this piece modular in case
cdc_ether is builtin, while r8152 is modular.

While in general, device drivers should indeed not be enabled by default:
this isn't a device driver per say, but rather this is support code for
the CDCETHER (ECM) driver, and should thus be enabled if it is enabled.

See also email thread at:
  https://www.spinics.net/lists/netdev/msg767649.html

In:
  https://www.spinics.net/lists/netdev/msg768284.html

Jakub wrote:
  And when we say "removed" we can just hide it from what's prompted
  to the user (whatever such internal options are called)? I believe
  this way we don't bring back Marek's complaint.

Side note: these incorrect defaults will result in Android 13
on 5.15 GKI kernels lacking USB_RTL8153_ECM support while having
USB_NET_CDCETHER (luckily we also have USB_RTL8150 and USB_RTL8152,
so it's probably only an issue for very new RTL815x hardware with
no native 5.15 driver).

Fixes: f6744f38a132f6d0 ("nt: usb: USB_RTL8153_ECM should not default to y")
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hayes Wang <hayeswang@realtek.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Link: https://lore.kernel.org/r/20220730230113.4138858-1-zenczykowski@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agodccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
Hangyu Hua [Fri, 29 Jul 2022 11:00:27 +0000 (19:00 +0800)]
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock

[ Upstream commit ef5b8b1023ce1607eb90497fd7cf92e30b79e59e ]

In the case of sk->dccps_qpolicy == DCCPQ_POLICY_PRIO, dccp_qpolicy_full
will drop a skb when qpolicy is full. And the lock in dccp_sendmsg is
released before sock_alloc_send_skb and then relocked after
sock_alloc_send_skb. The following conditions may lead dccp_qpolicy_push
to add skb to an already full sk_write_queue:

thread1--->lock
thread1--->dccp_qpolicy_full: queue is full. drop a skb
thread1--->unlock
thread2--->lock
thread2--->dccp_qpolicy_full: queue is not full. no need to drop.
thread2--->unlock
thread1--->lock
thread1--->dccp_qpolicy_push: add a skb. queue is full.
thread1--->unlock
thread2--->lock
thread2--->dccp_qpolicy_push: add a skb!
thread2--->unlock

Fix this by moving dccp_qpolicy_full.

Fixes: bc2fb404a31d ("[DCCP]: Set TX Queue Length Bounds via Sysctl")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220729110027.40569-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet: ionic: fix error check for vlan flags in ionic_set_nic_features()
Jian Shen [Fri, 29 Jul 2022 10:17:55 +0000 (18:17 +0800)]
net: ionic: fix error check for vlan flags in ionic_set_nic_features()

[ Upstream commit 279d81b48bc4f2c1ef79b9321390df803937cb7e ]

The prototype of input features of ionic_set_nic_features() is
netdev_features_t, but the vlan_flags is using the private
definition of ionic drivers. It should use the variable
ctx.cmd.lif_setattr.features, rather than features to check
the vlan flags. So fixes it.

Fixes: 1c7e71712563 ("ionic: Add the basic NDO callbacks for netdev support")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Guangbin Huang <huangguangbin2@huawei.com>
Acked-by: Shannon Nelson <snelson@pensando.io>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet: rose: fix netdev reference changes
Eric Dumazet [Fri, 29 Jul 2022 09:12:32 +0000 (09:12 +0000)]
net: rose: fix netdev reference changes

[ Upstream commit 454cbcf7e5d1b20dc48d7d45e0d473bffb64eac9 ]

Bernard reported that trying to unload rose module would lead
to infamous messages:

unregistered_netdevice: waiting for rose0 to become free. Usage count = xx

This patch solves the issue, by making sure each socket referring to
a netdevice holds a reference count on it, and properly releases it
in rose_release().

rose_dev_first() is also fixed to take a device reference
before leaving the rcu_read_locked section.

Following patch will add ref_tracker annotations to ease
future bug hunting.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Bernard Pidoux <f6bvp@free.fr>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Bernard Pidoux <f6bvp@free.fr>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonetdevsim: Avoid allocation warnings triggered from user space
Jakub Kicinski [Tue, 26 Jul 2022 21:36:05 +0000 (14:36 -0700)]
netdevsim: Avoid allocation warnings triggered from user space

[ Upstream commit c839ad3b739800a5de91e1b7fb2bf53064a3aff3 ]

We need to suppress warnings from sily map sizes. Also switch
from GFP_USER to GFP_KERNEL_ACCOUNT, I'm pretty sure I misunderstood
the flags when writing this code.

Fixes: c80225d11804 ("netdevsim: bpf: support fake map offload")
Reported-by: syzbot+ad24705d3fd6463b18c6@syzkaller.appspotmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220726213605.154204-1-kuba@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoiavf: Fix 'tc qdisc show' listing too many queues
Przemyslaw Patynowski [Wed, 15 Jun 2022 13:36:29 +0000 (15:36 +0200)]
iavf: Fix 'tc qdisc show' listing too many queues

[ Upstream commit c0b7b3fa90d73a0925c2ea843c6996b1522e5f5c ]

Fix tc qdisc show dev <ethX> root displaying too many fq_codel qdiscs.
tc_modify_qdisc, which is caller of ndo_setup_tc, expects driver to call
netif_set_real_num_tx_queues, which prepares qdiscs.
Without this patch, fq_codel qdiscs would not be adjusted to number of
queues on VF.
e.g.:
tc qdisc show dev <ethX>
qdisc mq 0: root
qdisc fq_codel 0: parent :4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent :3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
tc qdisc add dev <ethX> root mqprio num_tc 2 map 1 0 0 0 0 0 0 0 queues 1@0 1@1 hw 1 mode channel shaper bw_rlimit max_rate 5000Mbit 150Mbit
tc qdisc show dev <ethX>
qdisc mqprio 8003: root tc 2 map 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
             queues:(0:0) (1:1)
             mode:channel
             shaper:bw_rlimit   max_rate:5Gbit 150Mbit
qdisc fq_codel 0: parent 8003:4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent 8003:3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent 8003:2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent 8003:1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64

While after fix:
tc qdisc add dev <ethX> root mqprio num_tc 2 map 1 0 0 0 0 0 0 0 queues 1@0 1@1 hw 1 mode channel shaper bw_rlimit max_rate 5000Mbit 150Mbit
tc qdisc show dev <ethX> #should show 2, shows 4
qdisc mqprio 8004: root tc 2 map 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
             queues:(0:0) (1:1)
             mode:channel
             shaper:bw_rlimit   max_rate:5Gbit 150Mbit
qdisc fq_codel 0: parent 8004:2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: parent 8004:1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64

Fixes: 7fbba1f41411 ("i40evf: add ndo_setup_tc callback to i40evf")
Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Co-developed-by: Grzegorz Szczurek <grzegorzx.szczurek@intel.com>
Signed-off-by: Grzegorz Szczurek <grzegorzx.szczurek@intel.com>
Co-developed-by: Kiran Patil <kiran.patil@intel.com>
Signed-off-by: Kiran Patil <kiran.patil@intel.com>
Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Tested-by: Bharathi Sreenivas <bharathi.sreenivas@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoiavf: Fix max_rate limiting
Przemyslaw Patynowski [Mon, 13 Jun 2022 22:41:23 +0000 (18:41 -0400)]
iavf: Fix max_rate limiting

[ Upstream commit 036d0bff0d91707d6d6790d32cf4e3373e203799 ]

Fix max_rate option in TC, check for proper quanta boundaries.
Check for minimum value provided and if it fits expected 50Mbps
quanta.

Without this patch, iavf could send settings for max_rate limiting
that would be accepted from by PF even the max_rate option is less
than expected 50Mbps quanta. It results in no rate limiting
on traffic as rate limiting will be floored to 0.

Example:
tc qdisc add dev $vf root mqprio num_tc 3 map 0 2 1 queues \
2@0 2@2 2@4 hw 1 mode channel shaper bw_rlimit \
max_rate 50Mbps 500Mbps 500Mbps

Should limit TC0 to circa 50 Mbps

tc qdisc add dev $vf root mqprio num_tc 3 map 0 2 1 queues \
2@0 2@2 2@4 hw 1 mode channel shaper bw_rlimit \
max_rate 0Mbps 100Kbit 500Mbps

Should return error

Fixes: 7fbba1f41411 ("i40evf: add ndo_setup_tc callback to i40evf")
Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Signed-off-by: Jun Zhang <xuejun.zhang@intel.com>
Tested-by: Bharathi Sreenivas <bharathi.sreenivas@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: rtw88: check the return value of alloc_workqueue()
William Dean [Sat, 23 Jul 2022 06:37:56 +0000 (14:37 +0800)]
wifi: rtw88: check the return value of alloc_workqueue()

[ Upstream commit 8c03b230db075572dfce1899f8f9b3a75f5d9a33 ]

The function alloc_workqueue() in rtw_core_init() can fail, but
there is no check of its return value. To fix this bug, its return value
should be checked with new error handling code.

Fixes: 15678325112d6 ("rtw88: replace tx tasklet with work queue")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: William Dean <williamsukatube@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220723063756.2956189-1-williamsukatube@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonetdevsim: fib: Fix reference count leak on route deletion failure
Ido Schimmel [Thu, 28 Jul 2022 11:45:33 +0000 (14:45 +0300)]
netdevsim: fib: Fix reference count leak on route deletion failure

[ Upstream commit 16dfd75c97bc070650f293a71eee38500b7b1a2e ]

As part of FIB offload simulation, netdevsim stores IPv4 and IPv6 routes
and holds a reference on FIB info structures that in turn hold a
reference on the associated nexthop device(s).

In the unlikely case where we are unable to allocate memory to process a
route deletion request, netdevsim will not release the reference from
the associated FIB info structure, thereby preventing the associated
nexthop device(s) from ever being removed [1].

Fix this by scheduling a work item that will flush netdevsim's FIB table
upon route deletion failure. This will cause netdevsim to release its
reference from all the FIB info structures in its table.

Reported by Lucas Leong of Trend Micro Zero Day Initiative.

Fixes: 56f51c8d9d8b ("netdevsim: fib: Perform the route programming in a non-atomic context")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
Mike Manning [Mon, 25 Jul 2022 18:14:42 +0000 (19:14 +0100)]
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set

[ Upstream commit 08d51509b9f73c2685a2d4e53fd7d8a4d2151827 ]

The commit bcca38376a9d ("net: allow binding socket in a VRF when
there's an unbound socket") changed the inet socket lookup to avoid
packets in a VRF from matching an unbound socket. This is to ensure the
necessary isolation between the default and other VRFs for routing and
forwarding. VRF-unaware processes running in the default VRF cannot
access another VRF and have to be run with 'ip vrf exec <vrf>'. This is
to be expected with tcp_l3mdev_accept disabled, but could be reallowed
when this sysctl option is enabled. So instead of directly checking dif
and sdif in inet[6]_match, here call inet_sk_bound_dev_eq(). This
allows a match on unbound socket for non-zero sdif i.e. for packets in
a VRF, if tcp_l3mdev_accept is enabled.

Fixes: bcca38376a9d ("net: allow binding socket in a VRF when there's an unbound socket")
Signed-off-by: Mike Manning <mvrmanning@gmail.com>
Link: https://lore.kernel.org/netdev/a54c149aed38fded2d3b5fdb1a6c89e36a083b74.camel@lasnet.de/
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
Eric Dumazet [Fri, 13 May 2022 18:55:49 +0000 (11:55 -0700)]
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()

[ Upstream commit b6dd5eae77da5ad7a071ce769ee76a3922e46a7b ]

INET6_MATCH() runs without holding a lock on the socket.

We probably need to annotate most reads.

This patch makes INET6_MATCH() an inline function
to ease our changes.

v2: inline function only defined if IS_ENABLED(CONFIG_IPV6)
    Change the name to inet6_match(), this is no longer a macro.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoinet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
Eric Dumazet [Thu, 12 May 2022 16:56:01 +0000 (09:56 -0700)]
inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()

[ Upstream commit 9783869a6f8011f07141f790b4fd42a474c06e94 ]

INET_MATCH() runs without holding a lock on the socket.

We probably need to annotate most reads.

This patch makes INET_MATCH() an inline function
to ease our changes.

v2:

We remove the 32bit version of it, as modern compilers
should generate the same code really, no need to
try to be smarter.

Also make 'struct net *net' the first argument.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocrypto: hisilicon/sec - fix auth key size error
Kai Ye [Thu, 21 Jul 2022 02:18:31 +0000 (10:18 +0800)]
crypto: hisilicon/sec - fix auth key size error

[ Upstream commit 28fdbe40432d12ea1f011f089c4360614290e82a ]

The authentication algorithm supports a maximum of 128-byte keys.
The allocated key memory is insufficient.

Fixes: f50836e1f4d1 ("crypto: hisilicon - Add aead support on SEC2")
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocrypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
Pali Rohár [Tue, 19 Jul 2022 07:54:03 +0000 (09:54 +0200)]
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of

[ Upstream commit 4358bc484351d424c15134e9bc7c569df1f4e2d6 ]

Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically
loaded on platforms where inside-secure crypto HW is specified in device
tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of.

Fixes: 93692bb1edc7 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocrypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
Zhengchao Shao [Tue, 19 Jul 2022 04:23:23 +0000 (12:23 +0800)]
crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq

[ Upstream commit a093ad06fdf71dea193c5dc60006b33e38ac8c8e ]

The hpre encryption driver may be used to encrypt and decrypt packets
during the rx softirq, it is not allowed to use GFP_KERNEL.

Fixes: 5c552758e614 ("crypto: hisilicon - add HiSilicon HPRE accelerator")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet/mlx5: Adjust log_max_qp to be 18 at most
Maher Sanalla [Sun, 24 Jul 2022 08:28:21 +0000 (11:28 +0300)]
net/mlx5: Adjust log_max_qp to be 18 at most

[ Upstream commit d6a438023cd69c387b065d4bb2d4e41dc5e81a1e ]

The cited commit limited log_max_qp to be 17 due to FW capabilities.
Recently, it turned out that there are old FW versions that supported
more than 17, so the cited commit caused a degradation.

Thus, set the maximum log_max_qp back to 18 as it was before the
cited commit.

Fixes: 3c04dea24290 ("net/mlx5: Update log_max_qp value to be 17 at most")
Signed-off-by: Maher Sanalla <msanalla@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
Maxim Mikityanskiy [Thu, 26 May 2022 13:48:47 +0000 (16:48 +0300)]
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS

[ Upstream commit 2897b5550965e556d3abdc5e64dbe58f25dc7f02 ]

MLX5E_MAX_RQ_NUM_MTTS should be the maximum value, so that
MLX5_MTT_OCTW(MLX5E_MAX_RQ_NUM_MTTS) fits into u16. The current value of
1 << 17 results in MLX5_MTT_OCTW(1 << 17) = 1 << 16, which doesn't fit
into u16. This commit replaces it with the maximum value that still
fits u16.

Fixes: 83b2d755fa6a ("net/mlx5e: Derive Striding RQ size from MTU")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agonet/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version
Gal Pressman [Wed, 13 Jul 2022 10:57:03 +0000 (13:57 +0300)]
net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version

[ Upstream commit 19423a5ff91f3609f01bc42e07b4cce966bd39fb ]

The driver reports whether TX/RX TLS device offloads are supported, but
not which ciphers/versions, these should be handled by returning
-EOPNOTSUPP when .tls_dev_add() is called.

Remove the WARN_ON kernel trace when the driver gets a request to
offload a cipher/version that is not supported as it is expected.

Fixes: 78c1118ca47b ("net/mlx5e: Add kTLS TX HW offload support")
Signed-off-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: cedrus: hevc: Add check for invalid timestamp
Jernej Skrabec [Mon, 18 Jul 2022 16:56:49 +0000 (18:56 +0200)]
media: cedrus: hevc: Add check for invalid timestamp

[ Upstream commit 2986a7a5bcf61459d3bfa98b2e85219e336a9152 ]

Not all DPB entries will be used most of the time. Unused entries will
thus have invalid timestamps. They will produce negative buffer index
which is not specifically handled. This works just by chance in current
code. It will even produce bogus pointer, but since it's not used, it
won't do any harm.

Let's fix that brittle design by skipping writing DPB entry altogether
if timestamp is invalid.

Fixes: 08841d682c66 ("media: cedrus: Add HEVC/H.265 decoding support")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: libertas: Fix possible refcount leak in if_usb_probe()
Hangyu Hua [Mon, 20 Jun 2022 09:23:50 +0000 (17:23 +0800)]
wifi: libertas: Fix possible refcount leak in if_usb_probe()

[ Upstream commit ad2bd1adaeccda2bbce08ec4d840365f0671abf3 ]

usb_get_dev will be called before lbs_get_firmware_async which means that
usb_put_dev need to be called when lbs_get_firmware_async fails.

Fixes: 927f5e997ad1 ("libertas USB: convert to asynchronous firmware loading")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220620092350.39960-1-hbh25y@gmail.com
Link: https://lore.kernel.org/r/20220622113402.16969-1-colin.i.king@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
Jose Ignacio Tornos Martinez [Tue, 19 Jul 2022 15:35:42 +0000 (17:35 +0200)]
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue

[ Upstream commit 4d8c9121608c7067f68750d208a1e3a2b47d13df ]

After successfull station association, if station queues are disabled for
some reason, the related lists are not emptied. So if some new element is
added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old
one and produce a BUG like this:

[   46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).
[   46.535283] ------------[ cut here ]------------
[   46.535284] kernel BUG at lib/list_debug.c:26!
[   46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[   46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1
[   46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN       , BIOS A07 08/24/2012
[   46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f
[   46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1
[   46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286
[   46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000
[   46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff
[   46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666
[   46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388
[   46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0
[   46.666108] FS:  00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000
[   46.674331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0
[   46.687422] Call Trace:
[   46.689906]  <TASK>
[   46.691950]  iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]
[   46.697601]  ieee80211_queue_skb+0x4b3/0x720 [mac80211]
[   46.702973]  ? sta_info_get+0x46/0x60 [mac80211]
[   46.707703]  ieee80211_tx+0xad/0x110 [mac80211]
[   46.712355]  __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]
...

In order to avoid this problem, we must also remove the related lists when
station queues are disabled.

Fixes: 10f7adb0f1fef ("iwlwifi: mvm: support mac80211 TXQs model")
Reported-by: Takayuki Nagata <tnagata@redhat.com>
Reported-by: Petr Stourac <pstourac@redhat.com>
Tested-by: Petr Stourac <pstourac@redhat.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220719153542.81466-1-jtornosm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
Ammar Faizi [Mon, 25 Jul 2022 17:49:11 +0000 (20:49 +0300)]
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`

[ Upstream commit 1eed3f1803e12d3055f393a61e3bfdeceb4376eb ]

Commit d248abd379ab changes simple_write_to_buffer() with memdup_user()
but it forgets to change the value to be returned that came from
simple_write_to_buffer() call. It results in the following warning:

  warning: variable 'rc' is uninitialized when used here [-Wuninitialized]
           return rc;
                  ^~

Remove rc variable and just return the passed in length if the
memdup_user() succeeds.

Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: kernel test robot <lkp@intel.com>
Fixes: d248abd379abe1cf5dac2700fcedaea0d453c96d ("wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()")
Fixes: e176ba5ffdf8fc4c613b56a82614747a0c40f930 ("wil6210: debugfs interface to send raw WMI command")
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220724202452.61846-1-ammar.faizi@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoi2c: mux-gpmux: Add of_node_put() when breaking out of loop
Liang He [Fri, 22 Jul 2022 01:24:01 +0000 (09:24 +0800)]
i2c: mux-gpmux: Add of_node_put() when breaking out of loop

[ Upstream commit 5d2ccb853ecb774fb9fbb18646b0b9095045ea0a ]

In i2c_mux_probe(), we should call of_node_put() when breaking out
of for_each_child_of_node() which will automatically increase and
decrease the refcount.

Fixes: 084a8653c40a ("i2c: i2c-mux-gpmux: new driver")
Signed-off-by: Liang He <windhl@126.com>
Acked-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoi2c: cadence: Support PEC for SMBus block read
Lars-Peter Clausen [Sun, 17 Jul 2022 14:52:44 +0000 (16:52 +0200)]
i2c: cadence: Support PEC for SMBus block read

[ Upstream commit 36e8cd7fd92dc96003163833da031dd646cf22c4 ]

SMBus packet error checking (PEC) is implemented by appending one
additional byte of checksum data at the end of the message. This provides
additional protection and allows to detect data corruption on the I2C bus.

SMBus block reads support variable length reads. The first byte in the read
message is the number of available data bytes.

The combination of PEC and block read is currently not supported by the
Cadence I2C driver.
 * When PEC is enabled the maximum transfer length for block reads
   increases from 33 to 34 bytes.
 * The I2C core smbus emulation layer relies on the driver updating the
   `i2c_msg` `len` field with the number of received bytes. The updated
   length is used when checking the PEC.

Add support to the Cadence I2C driver for handling SMBus block reads with
PEC. To determine the maximum transfer length uses the initial `len` value
of the `i2c_msg`. When PEC is enabled this will be 2, when it is disabled
it will be 1.

Once a read transfer is done also increment the `len` field by the amount
of received data bytes.

This change has been tested with a UCM90320 PMBus power monitor, which
requires block reads to access certain data fields, but also has PEC
enabled by default.

Fixes: 961ab2152399 ("i2c: Add driver for Cadence I2C controller")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Tested-by: Shubhrajyoti Datta <Shubhrajyoti.datta@amd.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoBluetooth: hci_intel: Add check for platform_driver_register
Jiasheng Jiang [Fri, 3 Jun 2022 01:24:36 +0000 (09:24 +0800)]
Bluetooth: hci_intel: Add check for platform_driver_register

[ Upstream commit 7619ca71a796ff53cd557766ad403974506a8f46 ]

As platform_driver_register() could fail, it should be better
to deal with the return value in order to maintain the code
consisitency.

Fixes: 2e2a03b56451 ("Bluetooth: hci_intel: Add support for platform driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: pch_can: pch_can_error(): initialize errc before using it
Vincent Mailhol [Thu, 21 Jul 2022 16:00:32 +0000 (01:00 +0900)]
can: pch_can: pch_can_error(): initialize errc before using it

[ Upstream commit 34fb99374469e0509a508a0070ca013534fedd06 ]

After commit cafa6337968f, the variable errc is accessed before being
initialized, c.f. below W=2 warning:

| In function 'pch_can_error',
|     inlined from 'pch_can_poll' at drivers/net/can/pch_can.c:739:4:
| drivers/net/can/pch_can.c:501:29: warning: 'errc' may be used uninitialized [-Wmaybe-uninitialized]
|   501 |                 cf->data[6] = errc & PCH_TEC;
|       |                             ^
| drivers/net/can/pch_can.c: In function 'pch_can_poll':
| drivers/net/can/pch_can.c:484:13: note: 'errc' was declared here
|   484 |         u32 errc, lec;
|       |             ^~~~

Moving errc initialization up solves this issue.

Fixes: cafa6337968f ("can: pch_can: do not report txerr and rxerr during bus-off")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/all/20220721160032.9348-1-mailhol.vincent@wanadoo.fr
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: error: specify the values of data[5..7] of CAN error frames
Vincent Mailhol [Tue, 19 Jul 2022 14:35:48 +0000 (23:35 +0900)]
can: error: specify the values of data[5..7] of CAN error frames

[ Upstream commit 81eded254168b4348246351917c81fcf19baca4d ]

Currently, data[5..7] of struct can_frame, when used as a CAN error
frame, are defined as being "controller specific". Device specific
behaviours are problematic because it prevents someone from writing
code which is portable between devices.

As a matter of fact, data[5] is never used, data[6] is always used to
report TX error counter and data[7] is always used to report RX error
counter. can-utils also relies on this.

This patch updates the comment in the uapi header to specify that
data[5] is reserved (and thus should not be used) and that data[6..7]
are used for error counters.

Fixes: d5a7672aa56e ("[CAN]: Add PF_CAN core module")
Link: https://lore.kernel.org/all/20220719143550.3681-11-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: usb_8dev: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:47 +0000 (23:35 +0900)]
can: usb_8dev: do not report txerr and rxerr during bus-off

[ Upstream commit 04a035fb3b51fd50df8207fec61c2bb900e40fe1 ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: ffa5f743af83 ("can: usb_8dev: Add support for USB2CAN interface from 8 devices")
Link: https://lore.kernel.org/all/20220719143550.3681-10-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:46 +0000 (23:35 +0900)]
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off

[ Upstream commit 16652185defaf351050431bbca94b46d275591b9 ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: 36cbf363b7ce7 ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c")
Link: https://lore.kernel.org/all/20220719143550.3681-9-mailhol.vincent@wanadoo.fr
CC: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:45 +0000 (23:35 +0900)]
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off

[ Upstream commit f72bbce1922be7f9b62e11f468842f9c8783e1a5 ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: a55fe6fb9371 ("can: kvaser_usb: Add support for Kvaser USB hydra family")
Link: https://lore.kernel.org/all/20220719143550.3681-8-mailhol.vincent@wanadoo.fr
CC: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: sun4i_can: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:44 +0000 (23:35 +0900)]
can: sun4i_can: do not report txerr and rxerr during bus-off

[ Upstream commit 81c39d78121a341b9f5ceafdac563f3e6f20963c ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: 90c47af104f7 ("can: Allwinner A10/A20 CAN Controller support - Kernel module")
Link: https://lore.kernel.org/all/20220719143550.3681-7-mailhol.vincent@wanadoo.fr
CC: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: hi311x: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:43 +0000 (23:35 +0900)]
can: hi311x: do not report txerr and rxerr during bus-off

[ Upstream commit bbaa4e353342400b9198221b9672fa5746c7048e ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: 3a63790148fa ("can: hi311x: Add Holt HI-311x CAN driver")
Link: https://lore.kernel.org/all/20220719143550.3681-6-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: sja1000: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:41 +0000 (23:35 +0900)]
can: sja1000: do not report txerr and rxerr during bus-off

[ Upstream commit 0d3d2223a41410c4f427903442f6342c9d04969e ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: bd8147098710 ("can: sja1000: Consolidate and unify state change handling")
Link: https://lore.kernel.org/all/20220719143550.3681-4-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: rcar_can: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:40 +0000 (23:35 +0900)]
can: rcar_can: do not report txerr and rxerr during bus-off

[ Upstream commit 6265908c0b59da8753996cdc9ca89816bf480f44 ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: 10b0ea3236b0 ("can: add Renesas R-Car CAN driver")
Link: https://lore.kernel.org/all/20220719143550.3681-3-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agocan: pch_can: do not report txerr and rxerr during bus-off
Vincent Mailhol [Tue, 19 Jul 2022 14:35:39 +0000 (23:35 +0900)]
can: pch_can: do not report txerr and rxerr during bus-off

[ Upstream commit cafa6337968febc7a5ca915afca90940cb2ec4f8 ]

During bus off, the error count is greater than 255 and can not fit in
a u8.

Fixes: c597aefab4d8 ("pch_can: Add setting TEC/REC statistics processing")
Link: https://lore.kernel.org/all/20220719143550.3681-2-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agolibbpf: fix an snprintf() overflow check
Dan Carpenter [Tue, 19 Jul 2022 09:51:28 +0000 (12:51 +0300)]
libbpf: fix an snprintf() overflow check

[ Upstream commit 49e4da832d16ea4469708028731713e4b2d12ea0 ]

The snprintf() function returns the number of bytes it *would* have
copied if there were enough space.  So it can return > the
sizeof(gen->attach_target).

Fixes: da76868b0892 ("libbpf: Generate loader program out of BPF ELF file.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/r/YtZ+oAySqIhFl6/J@kili
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoselftests/bpf: fix a test for snprintf() overflow
Dan Carpenter [Tue, 19 Jul 2022 09:50:32 +0000 (12:50 +0300)]
selftests/bpf: fix a test for snprintf() overflow

[ Upstream commit b125b62e2fc3acfa96e8607005759672ce286a81 ]

The snprintf() function returns the number of bytes which *would*
have been copied if there were space.  In other words, it can be
> sizeof(pin_path).

Fixes: 0cafe40328e4 ("bpf: btf: Add BTF tests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/r/YtZ+aD/tZMkgOUw+@kili
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: p54: add missing parentheses in p54_flush()
Rustam Subkhankulov [Thu, 14 Jul 2022 13:48:31 +0000 (16:48 +0300)]
wifi: p54: add missing parentheses in p54_flush()

[ Upstream commit e081b3e2ff51d47b7850114b437be4d3231f7862 ]

The assignment of the value to the variable total in the loop
condition must be enclosed in additional parentheses, since otherwise,
in accordance with the precedence of the operators, the conjunction
will be performed first, and only then the assignment.

Due to this error, a warning later in the function after the loop may
not occur in the situation when it should.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: 4001ef149761 ("p54: implement flush callback")
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220714134831.106004-1-subkhankulov@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: p54: Fix an error handling path in p54spi_probe()
Christophe JAILLET [Sun, 12 Jun 2022 21:12:20 +0000 (23:12 +0200)]
wifi: p54: Fix an error handling path in p54spi_probe()

[ Upstream commit 98514c653855a0265c18b1341829def59ead2915 ]

If an error occurs after a successful call to p54spi_request_firmware(), it
must be undone by a corresponding release_firmware() as already done in
the error handling path of p54spi_request_firmware() and in the .remove()
function.

Add the missing call in the error handling path and remove it from
p54spi_request_firmware() now that it is the responsibility of the caller
to release the firmware

Fixes: 2c22b07710f2 ("p54spi: p54spi driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/297d2547ff2ee627731662abceeab9dbdaf23231.1655068321.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agowifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
Dan Carpenter [Fri, 15 Jul 2022 10:35:18 +0000 (13:35 +0300)]
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()

[ Upstream commit d248abd379abe1cf5dac2700fcedaea0d453c96d ]

The simple_write_to_buffer() function will succeed if even a single
byte is initialized.  However, we need to initialize the whole buffer
to prevent information leaks.  Just use memdup_user().

Fixes: e176ba5ffdf8 ("wil6210: debugfs interface to send raw WMI command")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/Ysg14NdKAZF/hcNG@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: staging: media: hantro: Fix typos
Sebastian Fricke [Sat, 26 Mar 2022 18:36:03 +0000 (19:36 +0100)]
media: staging: media: hantro: Fix typos

[ Upstream commit eaa6e1a451af9ebd739a863c44701b7ab6f0560a ]

Fix typos in comments within the Hantro driver.

Signed-off-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Reviewed-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: hevc: Embedded indexes in RPS
Benjamin Gaignard [Fri, 7 Jan 2022 15:54:55 +0000 (16:54 +0100)]
media: hevc: Embedded indexes in RPS

[ Upstream commit 2291d6838a34662897258cab017ac423cf0426b7 ]

Reference Picture Set lists provide indices of short and long term
reference in DBP array.
Fix Hantro to not do a look up in DBP entries.
Make documentation more clear about it.

[hverkuil: fix typo in commit log]

Signed-off-by: Benjamin Gaignard <benjamin.gaignard@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: hantro: Simplify postprocessor
Ezequiel Garcia [Tue, 16 Nov 2021 14:38:33 +0000 (14:38 +0000)]
media: hantro: Simplify postprocessor

[ Upstream commit 93051baac1c4d541e048ccad803dc2f768254f40 ]

Add a 'postprocessed' boolean property to struct hantro_fmt
to signal that a format is produced by the post-processor.
This will allow to introduce the G2 post-processor in a simple way.

Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: hantro: postproc: Fix motion vector space size
Ezequiel Garcia [Tue, 16 Nov 2021 14:38:31 +0000 (14:38 +0000)]
media: hantro: postproc: Fix motion vector space size

[ Upstream commit 00ba8014e457bcd327ddd171dab0d6784e07bce5 ]

When the post-processor hardware block is enabled, the driver
allocates an internal queue of buffers for the decoder enginer,
and uses the vb2 queue for the post-processor engine.

For instance, on a G1 core, the decoder engine produces NV12 buffers
and the post-processor engine can produce YUY2 buffers. The decoder
engine expects motion vectors to be appended to the NV12 buffers,
but this is only required for CODECs that need motion vectors,
such as H.264.

Fix the post-processor logic accordingly.

Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomedia: cedrus: h265: Fix flag name
Jernej Skrabec [Mon, 20 Jun 2022 17:55:11 +0000 (18:55 +0100)]
media: cedrus: h265: Fix flag name

[ Upstream commit 6b7b8fad26cb9619e55a3424f03fe878c364e70e ]

Bit 21 in register 0x24 (slice header info 1) actually represents
negated version of low delay flag. This can be seen in vendor Cedar
library source code. While this flag is not part of the standard, it can
be found in reference HEVC implementation.

Fix macro name and change it to flag.

Fixes: 08841d682c66 ("media: cedrus: Add HEVC/H.265 decoding support")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agofs: check FMODE_LSEEK to control internal pipe splicing
Jason A. Donenfeld [Wed, 29 Jun 2022 13:06:58 +0000 (15:06 +0200)]
fs: check FMODE_LSEEK to control internal pipe splicing

[ Upstream commit facedafecbc271c197c40322906d2d3b425bc891 ]

The original direct splicing mechanism from Jens required the input to
be a regular file because it was avoiding the special socket case. It
also recognized blkdevs as being close enough to a regular file. But it
forgot about chardevs, which behave the same way and work fine here.

This is an okayish heuristic, but it doesn't totally work. For example,
a few chardevs should be spliceable here. And a few regular files
shouldn't. This patch fixes this by instead checking whether FMODE_LSEEK
is set, which represents decently enough what we need rewinding for when
splicing to internal pipes.

Fixes: 384b281c128a ("[PATCH] splice: add direct fd <-> fd splicing support")
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agobpf: Fix subprog names in stack traces.
Alexei Starovoitov [Thu, 14 Jul 2022 21:16:37 +0000 (14:16 -0700)]
bpf: Fix subprog names in stack traces.

[ Upstream commit 252e7674d3ffd85e9fe2dd7a1990020513820a45 ]

The commit f52605560743 ("bpf: Improve the info.func_info and info.func_info_rec_size behavior")
accidently made bpf_prog_ksym_set_name() conservative for bpf subprograms.
Fixed it so instead of "bpf_prog_tag_F" the stack traces print "bpf_prog_tag_full_subprog_name".

Fixes: f52605560743 ("bpf: Improve the info.func_info and info.func_info_rec_size behavior")
Reported-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220714211637.17150-1-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoselftests: timers: clocksource-switch: fix passing errors from child
Wolfram Sang [Wed, 13 Jul 2022 20:46:17 +0000 (22:46 +0200)]
selftests: timers: clocksource-switch: fix passing errors from child

[ Upstream commit 20590c8d8f3358374c66716343d0a826fac48263 ]

The return value from system() is a waitpid-style integer. Do not return
it directly because with the implicit masking in exit() it will always
return 0. Access it with appropriate macros to really pass on errors.

Fixes: a7ffacd44428 ("selftests/timers: Add clocksource-switch test from timetest suite")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoselftests: timers: valid-adjtimex: build fix for newer toolchains
Wolfram Sang [Wed, 13 Jul 2022 20:46:13 +0000 (22:46 +0200)]
selftests: timers: valid-adjtimex: build fix for newer toolchains

[ Upstream commit 92f83690671df056f2628cecd4d07f405269cbef ]

Toolchains with an include file 'sys/timex.h' based on 3.18 will have a
'clock_adjtime' definition added, so it can't be static in the code:

valid-adjtimex.c:43:12: error: static declaration of ‘clock_adjtime’ follows non-static declaration

Fixes: db12473a5912 ("kselftests: timers: Add adjtimex SETOFFSET validity tests")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agolibbpf: Fix the name of a reused map
Anquan Wu [Tue, 12 Jul 2022 03:15:40 +0000 (11:15 +0800)]
libbpf: Fix the name of a reused map

[ Upstream commit 30990afe160fcb48b14c814b3203ad3f3fd4a85e ]

BPF map name is limited to BPF_OBJ_NAME_LEN.
A map name is defined as being longer than BPF_OBJ_NAME_LEN,
it will be truncated to BPF_OBJ_NAME_LEN when a userspace program
calls libbpf to create the map. A pinned map also generates a path
in the /sys. If the previous program wanted to reuse the map,
it can not get bpf_map by name, because the name of the map is only
partially the same as the name which get from pinned path.

The syscall information below show that map name "process_pinned_map"
is truncated to "process_pinned_".

    bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/process_pinned_map",
    bpf_fd=0, file_flags=0}, 144) = -1 ENOENT (No such file or directory)

    bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_HASH, key_size=4,
    value_size=4,max_entries=1024, map_flags=0, inner_map_fd=0,
    map_name="process_pinned_",map_ifindex=0, btf_fd=3, btf_key_type_id=6,
    btf_value_type_id=10,btf_vmlinux_value_type_id=0}, 72) = 4

This patch check that if the name of pinned map are the same as the
actual name for the first (BPF_OBJ_NAME_LEN - 1),
bpf map still uses the name which is included in bpf object.

Fixes: 9754e8a6c455 ("tools: libbpf: allow map reuse")
Signed-off-by: Anquan Wu <leiqi96@hotmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/OSZP286MB1725CEA1C95C5CB8E7CCC53FB8869@OSZP286MB1725.JPNP286.PROD.OUTLOOK.COM
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agotcp: make retransmitted SKB fit into the send window
Yonglong Li [Mon, 11 Jul 2022 09:47:18 +0000 (17:47 +0800)]
tcp: make retransmitted SKB fit into the send window

[ Upstream commit e789a0193d4e5fa67e66a7fd9502b4ee0c8eab65 ]

current code of __tcp_retransmit_skb only check TCP_SKB_CB(skb)->seq
in send window, and TCP_SKB_CB(skb)->seq_end maybe out of send window.
If receiver has shrunk his window, and skb is out of new window,  it
should retransmit a smaller portion of the payload.

test packetdrill script:
    0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
   +0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
   +0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0

   +0 connect(3, ..., ...) = -1 EINPROGRESS (Operation now in progress)
   +0 > S 0:0(0)  win 65535 <mss 1460,sackOK,TS val 100 ecr 0,nop,wscale 8>
 +.05 < S. 0:0(0) ack 1 win 6000 <mss 1000,nop,nop,sackOK>
   +0 > . 1:1(0) ack 1

   +0 write(3, ..., 10000) = 10000

   +0 > . 1:2001(2000) ack 1 win 65535
   +0 > . 2001:4001(2000) ack 1 win 65535
   +0 > . 4001:6001(2000) ack 1 win 65535

 +.05 < . 1:1(0) ack 4001 win 1001

and tcpdump show:
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 1:2001, ack 1, win 65535, length 2000
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 2001:4001, ack 1, win 65535, length 2000
192.168.226.67.55 > 192.0.2.1.8080: Flags [P.], seq 4001:5001, ack 1, win 65535, length 1000
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 5001:6001, ack 1, win 65535, length 1000
192.0.2.1.8080 > 192.168.226.67.55: Flags [.], ack 4001, win 1001, length 0
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 5001:6001, ack 1, win 65535, length 1000
192.168.226.67.55 > 192.0.2.1.8080: Flags [P.], seq 4001:5001, ack 1, win 65535, length 1000

when cient retract window to 1001, send window is [4001,5002],
but TLP send 5001-6001 packet which is out of send window.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/1657532838-20200-1-git-send-email-liyonglong@chinatelecom.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agodrm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
Jian Zhang [Tue, 12 Jul 2022 04:56:11 +0000 (13:56 +0900)]
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.

[ Upstream commit 0ac161712c2d5702140ba95afeb9f3a880ece609 ]

In exynos7_decon_resume, When it fails, we must use clk_disable_unprepare()
to free resource that have been used.

Fixes: b05d015aa4d2b ("drm/exynos: use DRM_DEV_ERROR to print out error
message")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jian Zhang <zhangjian210@huawei.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agoskmsg: Fix invalid last sg check in sk_msg_recvmsg()
Liu Jian [Tue, 28 Jun 2022 12:36:16 +0000 (20:36 +0800)]
skmsg: Fix invalid last sg check in sk_msg_recvmsg()

[ Upstream commit 2307767bbc55092907aa69f52c0180c140fbae26 ]

In sk_psock_skb_ingress_enqueue function, if the linear area + nr_frags +
frag_list of the SKB has NR_MSG_FRAG_IDS blocks in total, skb_to_sgvec
will return NR_MSG_FRAG_IDS, then msg->sg.end will be set to
NR_MSG_FRAG_IDS, and in addition, (NR_MSG_FRAG_IDS - 1) is set to the last
SG of msg. Recv the msg in sk_msg_recvmsg, when i is (NR_MSG_FRAG_IDS - 1),
the sk_msg_iter_var_next(i) will change i to 0 (not NR_MSG_FRAG_IDS), the
judgment condition "msg_rx->sg.start==msg_rx->sg.end" and
"i != msg_rx->sg.end" can not work.

As a result, the processed msg cannot be deleted from ingress_msg list.
But the length of all the sge of the msg has changed to 0. Then the next
recvmsg syscall will process the msg repeatedly, because the length of sge
is 0, the -EFAULT error is always returned.

Fixes: 38506f4bbc9d ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220628123616.186950-1-liujian56@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()
Liang He [Mon, 4 Jul 2022 08:34:21 +0000 (16:34 +0800)]
mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()

[ Upstream commit a227fe8bf041c0b599640977c7eb9cc844a3e439 ]

We should use of_node_put() for the reference 'np' returned by
of_get_child_by_name() which will increase the refcount.

Fixes: 16f019b556d0 ("mt76: add functions for parsing rate power limits from DT")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2 years agomediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
Liang He [Mon, 4 Jul 2022 08:34:20 +0000 (16:34 +0800)]
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()

[ Upstream commit b9d0cc5621982f0ff8ed23437aed1bafab0f7c34 ]

We should use of_node_put() for the reference 'np' returned by
of_get_child_by_name() which will increase the refcount.

Fixes: df608142a94e ("mt76: add common code shared between multiple chipsets")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>