1. 19 Mar, 2023 22 commits
  2. 18 Mar, 2023 4 commits
    • Sakari Ailus's avatar
      media: v4l: subdev: Make link validation safer · 55f1ecb1
      Sakari Ailus authored
      Link validation currently accesses invalid pointers if the link passed to
      it is not between two sub-devices. This is of course a driver bug.
      
      Ignore the error but print a warning message, as this is how it used to
      work previously.
      
      Fixes: a6b995ed ("media: subdev: use streams in v4l2_subdev_link_validate()")
      Reported-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
      Tested-by: default avatarHans de Goede <hdegoede@redhat.com>
      Reviewed-by: default avatarTomi Valkeinen <tomi.valkeinen@ideasonboard.com>
      Reviewed-by: default avatarLaurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      55f1ecb1
    • Tomi Valkeinen's avatar
      media: subdev: Fix validation state lockdep issue · 53077915
      Tomi Valkeinen authored
      The new subdev state code has a possible deadlock scenario during link
      validation when the pipeline contains subdevs that support state and
      that do not support state.
      
      The current code locks the states of the subdevs on both ends of the
      link when starting the link validation, locking the sink side first,
      then the source. If either (or both) of the subdevs does not support
      state, nothing is done for that subdev at this point, and instead the
      locking is handled the old way, i.e. the subdev's ops do the locking
      internally.
      
      The issue arises when the sink doesn't support state, but source does,
      so the validation code locks the source for the duration of the
      validation, and then the sink is locked only when the get_fmt op is
      called. So lockdep sees the source locked first, then the sink.
      
      Later, when the streaming is started, the sink's s_stream op is called,
      which probably takes the subdev's lock. The op then calls the source's
      s_stream, which takes the source's lock. So, the sink is locked first,
      then the source.
      
      Note that link validation and stream starting is not done at the same
      time, so an actual deadlock should never happen. However, it's still a
      clear bug.
      
      Fix this by locking the subdev states only if both subdevs support
      state. In other words, we have two scenarios:
      
      1. Both subdevs support state. Lock sink first, then source, and keep
         the locks while validating the link.
      2. At least one of the subdevs do not support state. Take the lock only
         for the duration of the operation (get_fmt or looking at the
         routing), and release after the op is done.
      
      Obviously 1. is better, as we have a more consistent view of the states
      of the subdevs during validation. 2. is how it has been so far, so it's
      no worse than this used to be.
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ideasonboard.com>
      Signed-off-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      53077915
    • Arnd Bergmann's avatar
      media: i2c: imx290: fix conditional function definitions · b928db94
      Arnd Bergmann authored
      The runtime suspend/resume functions are only referenced from the
      dev_pm_ops, but they use the old SET_RUNTIME_PM_OPS() helper
      that requires a __maybe_unused annotation to avoid a warning:
      
      drivers/media/i2c/imx290.c:1082:12: error: unused function 'imx290_runtime_resume' [-Werror,-Wunused-function]
      static int imx290_runtime_resume(struct device *dev)
                 ^
      drivers/media/i2c/imx290.c:1090:12: error: unused function 'imx290_runtime_suspend' [-Werror,-Wunused-function]
      static int imx290_runtime_suspend(struct device *dev)
                 ^
      
      Convert this to the new RUNTIME_PM_OPS() helper that so this
      is not required. To improve this further, also use the pm_ptr()
      helper that lets the dev_pm_ops get dropped entirely when
      CONFIG_PM is disabled.
      
      A related mistake happened in the of_match_ptr() macro here, which
      like SET_RUNTIME_PM_OPS() requires the match table to be marked
      as __maybe_unused, though I could not reproduce building this without
      CONFIG_OF. Remove the of_match_ptr() here as there is no point in
      dropping the match table in configurations without CONFIG_OF.
      
      Fixes: 02852c01 ("media: i2c: imx290: Initialize runtime PM before subdev")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      b928db94
    • Javier Martinez Canillas's avatar
      media: Revert "venus: firmware: Correct non-pix start and end addresses" · b0d944bc
      Javier Martinez Canillas authored
      This reverts commit a837e516, which broke
      probing of the venus driver, at least on the SC7180 SoC HP X2 Chromebook:
      
        [   11.455782] qcom-venus aa00000.video-codec: Adding to iommu group 11
        [   11.506980] qcom-venus aa00000.video-codec: non legacy binding
        [   12.143432] qcom-venus aa00000.video-codec: failed to reset venus core
        [   12.156440] qcom-venus: probe of aa00000.video-codec failed with error -110
      
      Matthias Kaehlcke also reported that the same change caused a regression in
      SC7180 and sc7280, that prevents AOSS from entering sleep mode during system
      suspend. So let's revert this commit for now to fix both issues.
      
      Fixes: a837e516 ("venus: firmware: Correct non-pix start and end addresses")
      Reported-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Signed-off-by: default avatarJavier Martinez Canillas <javierm@redhat.com>
      Signed-off-by: default avatarStanimir Varbanov <stanimir.k.varbanov@gmail.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      b0d944bc
  3. 12 Mar, 2023 12 commits
    • Linus Torvalds's avatar
      Linux 6.3-rc2 · eeac8ede
      Linus Torvalds authored
      eeac8ede
    • Hector Martin's avatar
      wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" · 79d1ed5c
      Hector Martin authored
      This reverts part of commit 015b8cc5 ("wifi: cfg80211: Fix use after
      free for wext")
      
      This commit broke WPA offload by unconditionally clearing the crypto
      modes for non-WEP connections. Drop that part of the patch.
      Signed-off-by: default avatarHector Martin <marcan@marcan.st>
      Reported-by: default avatarIlya <me@0upti.me>
      Reported-and-tested-by: default avatarJanne Grunau <j@jannau.net>
      Reviewed-by: default avatarEric Curtin <ecurtin@redhat.com>
      Fixes: 015b8cc5 ("wifi: cfg80211: Fix use after free for wext")
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/linux-wireless/ZAx0TWRBlGfv7pNl@kroah.com/T/#m11e6e0915ab8fa19ce8bc9695ab288c0fe018edfSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      79d1ed5c
    • Linus Torvalds's avatar
      Merge tag 'tpm-v6.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd · c4ecd87f
      Linus Torvalds authored
      Pull tpm fixes from Jarkko Sakkinen:
       "Two additional bug fixes for v6.3"
      
      * tag 'tpm-v6.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
        tpm: disable hwrng for fTPM on some AMD designs
        tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
      c4ecd87f
    • Mario Limonciello's avatar
      tpm: disable hwrng for fTPM on some AMD designs · f1324bbc
      Mario Limonciello authored
      AMD has issued an advisory indicating that having fTPM enabled in
      BIOS can cause "stuttering" in the OS.  This issue has been fixed
      in newer versions of the fTPM firmware, but it's up to system
      designers to decide whether to distribute it.
      
      This issue has existed for a while, but is more prevalent starting
      with kernel 6.1 because commit b006c439 ("hwrng: core - start
      hwrng kthread also for untrusted sources") started to use the fTPM
      for hwrng by default. However, all uses of /dev/hwrng result in
      unacceptable stuttering.
      
      So, simply disable registration of the defective hwrng when detecting
      these faulty fTPM versions.  As this is caused by faulty firmware, it
      is plausible that such a problem could also be reproduced by other TPM
      interactions, but this hasn't been shown by any user's testing or reports.
      
      It is hypothesized to be triggered more frequently by the use of the RNG
      because userspace software will fetch random numbers regularly.
      
      Intentionally continue to register other TPM functionality so that users
      that rely upon PCR measurements or any storage of data will still have
      access to it.  If it's found later that another TPM functionality is
      exacerbating this problem a module parameter it can be turned off entirely
      and a module parameter can be introduced to allow users who rely upon
      fTPM functionality to turn it on even though this problem is present.
      
      Link: https://www.amd.com/en/support/kb/faq/pa-410
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=216989
      Link: https://lore.kernel.org/all/20230209153120.261904-1-Jason@zx2c4.com/
      Fixes: b006c439 ("hwrng: core - start hwrng kthread also for untrusted sources")
      Cc: stable@vger.kernel.org
      Cc: Jarkko Sakkinen <jarkko@kernel.org>
      Cc: Thorsten Leemhuis <regressions@leemhuis.info>
      Cc: James Bottomley <James.Bottomley@hansenpartnership.com>
      Tested-by: reach622@mailcuk.com
      Tested-by: default avatarBell <1138267643@qq.com>
      Co-developed-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarMario Limonciello <mario.limonciello@amd.com>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      f1324bbc
    • Morten Linderud's avatar
      tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address · 80a6c216
      Morten Linderud authored
      tpm_read_log_acpi() should return -ENODEV when no eventlog from the ACPI
      table is found. If the firmware vendor includes an invalid log address
      we are unable to map from the ACPI memory and tpm_read_log() returns -EIO
      which would abort discovery of the eventlog.
      
      Change the return value from -EIO to -ENODEV when acpi_os_map_iomem()
      fails to map the event log.
      
      The following hardware was used to test this issue:
          Framework Laptop (Pre-production)
          BIOS: INSYDE Corp, Revision: 3.2
          TPM Device: NTC, Firmware Revision: 7.2
      
      Dump of the faulty ACPI TPM2 table:
          [000h 0000   4]                    Signature : "TPM2"    [Trusted Platform Module hardware interface Table]
          [004h 0004   4]                 Table Length : 0000004C
          [008h 0008   1]                     Revision : 04
          [009h 0009   1]                     Checksum : 2B
          [00Ah 0010   6]                       Oem ID : "INSYDE"
          [010h 0016   8]                 Oem Table ID : "TGL-ULT"
          [018h 0024   4]                 Oem Revision : 00000002
          [01Ch 0028   4]              Asl Compiler ID : "ACPI"
          [020h 0032   4]        Asl Compiler Revision : 00040000
      
          [024h 0036   2]               Platform Class : 0000
          [026h 0038   2]                     Reserved : 0000
          [028h 0040   8]              Control Address : 0000000000000000
          [030h 0048   4]                 Start Method : 06 [Memory Mapped I/O]
      
          [034h 0052  12]            Method Parameters : 00 00 00 00 00 00 00 00 00 00 00 00
          [040h 0064   4]           Minimum Log Length : 00010000
          [044h 0068   8]                  Log Address : 000000004053D000
      
      Fixes: 0cf577a0 ("tpm: Fix handling of missing event log")
      Tested-by: default avatarErkki Eilonen <erkki@bearmetal.eu>
      Signed-off-by: default avatarMorten Linderud <morten@linderud.pw>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      80a6c216
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.3-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 2e545d69
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
      
       - Fix a crash if mount time quotacheck fails when there are inodes
         queued for garbage collection.
      
       - Fix an off by one error when discarding folios after writeback
         failure.
      
      * tag 'xfs-6.3-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: fix off-by-one-block in xfs_discard_folio()
        xfs: quotacheck failure can race with background inode inactivation
      2e545d69
    • Linus Torvalds's avatar
      Merge tag 'staging-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 13423166
      Linus Torvalds authored
      Pull staging driver fixes and removal from Greg KH:
       "Here are four small staging driver fixes, and one big staging driver
        deletion for 6.3-rc2.
      
        The fixes are:
      
         - rtl8192e driver fixes for where the driver was attempting to
           execute various programs directly from the disk for unknown reasons
      
         - rtl8723bs driver fixes for issues found by Hans in testing
      
        The deleted driver is the removal of the r8188eu wireless driver as
        now in 6.3-rc1 we have a "real" wifi driver for one that includes
        support for many many more devices than this old driver did. So it's
        time to remove it as it is no longer needed. The maintainers of this
        driver all have acked its removal. Many thanks to them over the years
        for working to clean it up and keep it working while the real driver
        was being developed.
      
        All of these have been in linux-next this week with no reported
        problems"
      
      * tag 'staging-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: r8188eu: delete driver
        staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
        staging: rtl8723bs: Fix key-store index handling
        staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
        staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
      13423166
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v6.3_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d3d0cac6
      Linus Torvalds authored
      Pull x86 fix from Borislav Petkov:
       "A single erratum fix for AMD machines:
      
         - Disable XSAVES on AMD Zen1 and Zen2 machines due to an erratum. No
           impact to anything as those machines will fallback to XSAVEC which
           is equivalent there"
      
      * tag 'x86_urgent_for_v6.3_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/CPU/AMD: Disable XSAVES on AMD family 0x17
      d3d0cac6
    • Linus Torvalds's avatar
      Merge tag 'kernel.fork.v6.3-rc2' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux · f5eded1f
      Linus Torvalds authored
      Pull clone3 fix from Christian Brauner:
       "A simple fix for the clone3() system call.
      
        The CLONE_NEWTIME allows the creation of time namespaces. The flag
        reuses a bit from the CSIGNAL bits that are used in the legacy clone()
        system call to set the signal that gets sent to the parent after the
        child exits.
      
        The clone3() system call doesn't rely on CSIGNAL anymore as it uses a
        dedicated .exit_signal field in struct clone_args. So we blocked all
        CSIGNAL bits in clone3_args_valid(). When CLONE_NEWTIME was introduced
        and reused a CSIGNAL bit we forgot to adapt clone3_args_valid()
        causing CLONE_NEWTIME with clone3() to be rejected. Fix this"
      
      * tag 'kernel.fork.v6.3-rc2' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
        selftests/clone3: test clone3 with CLONE_NEWTIME
        fork: allow CLONE_NEWTIME in clone3 flags
      f5eded1f
    • Linus Torvalds's avatar
      Merge tag 'vfs.misc.v6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping · 3b11717f
      Linus Torvalds authored
      Pull vfs fixes from Christian Brauner:
      
       - When allocating pages for a watch queue failed, we didn't return an
         error causing userspace to proceed even though all subsequent
         notifcations would be lost. Make sure to return an error.
      
       - Fix a misformed tree entry for the idmapping maintainers entry.
      
       - When setting file leases from an idmapped mount via
         generic_setlease() we need to take the idmapping into account
         otherwise taking a lease would fail from an idmapped mount.
      
       - Remove two redundant assignments, one in splice code and the other in
         locks code, that static checkers complained about.
      
      * tag 'vfs.misc.v6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping:
        filelocks: use mount idmapping for setlease permission check
        fs/locks: Remove redundant assignment to cmd
        splice: Remove redundant assignment to ret
        MAINTAINERS: repair a malformed T: entry in IDMAPPED MOUNTS
        watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
      3b11717f
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 40d0c090
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Bug fixes and regressions for ext4, the most serious of which is a
        potential deadlock during directory renames that was introduced during
        the merge window discovered by a combination of syzbot and lockdep"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: zero i_disksize when initializing the bootloader inode
        ext4: make sure fs error flag setted before clear journal error
        ext4: commit super block if fs record error when journal record without error
        ext4, jbd2: add an optimized bmap for the journal inode
        ext4: fix WARNING in ext4_update_inline_data
        ext4: move where set the MAY_INLINE_DATA flag is set
        ext4: Fix deadlock during directory rename
        ext4: Fix comment about the 64BIT feature
        docs: ext4: modify the group desc size to 64
        ext4: fix another off-by-one fsmap error on 1k block filesystems
        ext4: fix RENAME_WHITEOUT handling for inline directories
        ext4: make kobj_type structures constant
        ext4: fix cgroup writeback accounting with fs-layer encryption
      40d0c090
    • Linus Torvalds's avatar
      cpumask: relax sanity checking constraints · e7304080
      Linus Torvalds authored
      The cpumask_check() was unnecessarily tight, and causes problems for the
      users of cpumask_next().
      
      We have a number of users that take the previous return value of one of
      the bit scanning functions and subtract one to keep it in "range".  But
      since the scanning functions end up returning up to 'small_cpumask_bits'
      instead of the tighter 'nr_cpumask_bits', the range really needs to be
      using that widened form.
      
      [ This "previous-1" behavior is also the reason we have all those
        comments about /* -1 is a legal arg here. */ and separate checks for
        that being ok.  So we could have just made "small_cpumask_bits-1"
        be a similar special "don't check this" value.
      
        Tetsuo Handa even suggested a patch that only does that for
        cpumask_next(), since that seems to be the only actual case that
        triggers, but that all makes it even _more_ magical and special. So
        just relax the check ]
      
      One example of this kind of pattern being the 'c_start()' function in
      arch/x86/kernel/cpu/proc.c, but also duplicated in various forms on
      other architectures.
      
      Reported-by: syzbot+96cae094d90877641f32@syzkaller.appspotmail.com
      Link: https://syzkaller.appspot.com/bug?extid=96cae094d90877641f32Reported-by: default avatarTetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
      Link: https://lore.kernel.org/lkml/c1f4cc16-feea-b83c-82cf-1a1f007b7eb9@I-love.SAKURA.ne.jp/
      Fixes: 596ff4a0 ("cpumask: re-introduce constant-sized cpumask optimizations")
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e7304080
  4. 11 Mar, 2023 2 commits