1. 21 Jul, 2020 6 commits
    • Serge Semin's avatar
      serial: 8250_mtk: Fix high-speed baud rates clamping · 551e553f
      Serge Semin authored
      Commit 7b668c06 ("serial: 8250: Fix max baud limit in generic 8250
      port") fixed limits of a baud rate setting for a generic 8250 port.
      In other words since that commit the baud rate has been permitted to be
      within [uartclk / 16 / UART_DIV_MAX; uartclk / 16], which is absolutely
      normal for a standard 8250 UART port. But there are custom 8250 ports,
      which provide extended baud rate limits. In particular the Mediatek 8250
      port can work with baud rates up to "uartclk" speed.
      
      Normally that and any other peculiarity is supposed to be handled in a
      custom set_termios() callback implemented in the vendor-specific
      8250-port glue-driver. Currently that is how it's done for the most of
      the vendor-specific 8250 ports, but for some reason for Mediatek a
      solution has been spread out to both the glue-driver and to the generic
      8250-port code. Due to that a bug has been introduced, which permitted the
      extended baud rate limit for all even for standard 8250-ports. The bug
      has been fixed by the commit 7b668c06 ("serial: 8250: Fix max baud
      limit in generic 8250 port") by narrowing the baud rates limit back down to
      the normal bounds. Unfortunately by doing so we also broke the
      Mediatek-specific extended bauds feature.
      
      A fix of the problem described above is twofold. First since we can't get
      back the extended baud rate limits feature to the generic set_termios()
      function and that method supports only a standard baud rates range, the
      requested baud rate must be locally stored before calling it and then
      restored back to the new termios structure after the generic set_termios()
      finished its magic business. By doing so we still use the
      serial8250_do_set_termios() method to set the LCR/MCR/FCR/etc. registers,
      while the extended baud rate setting procedure will be performed later in
      the custom Mediatek-specific set_termios() callback. Second since a true
      baud rate is now fully calculated in the custom set_termios() method we
      need to locally update the port timeout by calling the
      uart_update_timeout() function. After the fixes described above are
      implemented in the 8250_mtk.c driver, the Mediatek 8250-port should
      get back to normally working with extended baud rates.
      
      Link: https://lore.kernel.org/linux-serial/20200701211337.3027448-1-danielwinkler@google.com
      
      Fixes: 7b668c06 ("serial: 8250: Fix max baud limit in generic 8250 port")
      Reported-by: default avatarDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: default avatarSerge Semin <Sergey.Semin@baikalelectronics.ru>
      Cc: stable <stable@vger.kernel.org>
      Tested-by: default avatarClaire Chang <tientzu@chromium.org>
      Link: https://lore.kernel.org/r/20200714124113.20918-1-Sergey.Semin@baikalelectronics.ruSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      551e553f
    • Yang Yingliang's avatar
      serial: 8250: fix null-ptr-deref in serial8250_start_tx() · f4c23a14
      Yang Yingliang authored
      I got null-ptr-deref in serial8250_start_tx():
      
      [   78.114630] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
      [   78.123778] Mem abort info:
      [   78.126560]   ESR = 0x86000007
      [   78.129603]   EC = 0x21: IABT (current EL), IL = 32 bits
      [   78.134891]   SET = 0, FnV = 0
      [   78.137933]   EA = 0, S1PTW = 0
      [   78.141064] user pgtable: 64k pages, 48-bit VAs, pgdp=00000027d41a8600
      [   78.147562] [0000000000000000] pgd=00000027893f0003, p4d=00000027893f0003, pud=00000027893f0003, pmd=00000027c9a20003, pte=0000000000000000
      [   78.160029] Internal error: Oops: 86000007 [#1] SMP
      [   78.164886] Modules linked in: sunrpc vfat fat aes_ce_blk crypto_simd cryptd aes_ce_cipher crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce ses enclosure sg sbsa_gwdt ipmi_ssif spi_dw_mmio sch_fq_codel vhost_net tun vhost vhost_iotlb tap ip_tables ext4 mbcache jbd2 ahci hisi_sas_v3_hw libahci hisi_sas_main libsas hns3 scsi_transport_sas hclge libata megaraid_sas ipmi_si hnae3 ipmi_devintf ipmi_msghandler br_netfilter bridge stp llc nvme nvme_core xt_sctp sctp libcrc32c dm_mod nbd
      [   78.207383] CPU: 11 PID: 23258 Comm: null-ptr Not tainted 5.8.0-rc6+ #48
      [   78.214056] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B210.01 03/12/2020
      [   78.222888] pstate: 80400089 (Nzcv daIf +PAN -UAO BTYPE=--)
      [   78.228435] pc : 0x0
      [   78.230618] lr : serial8250_start_tx+0x160/0x260
      [   78.235215] sp : ffff800062eefb80
      [   78.238517] x29: ffff800062eefb80 x28: 0000000000000fff
      [   78.243807] x27: ffff800062eefd80 x26: ffff202fd83b3000
      [   78.249098] x25: ffff800062eefd80 x24: ffff202fd83b3000
      [   78.254388] x23: ffff002fc5e50be8 x22: 0000000000000002
      [   78.259679] x21: 0000000000000001 x20: 0000000000000000
      [   78.264969] x19: ffffa688827eecc8 x18: 0000000000000000
      [   78.270259] x17: 0000000000000000 x16: 0000000000000000
      [   78.275550] x15: ffffa68881bc67a8 x14: 00000000000002e6
      [   78.280841] x13: ffffa68881bc67a8 x12: 000000000000c539
      [   78.286131] x11: d37a6f4de9bd37a7 x10: ffffa68881cccff0
      [   78.291421] x9 : ffffa68881bc6000 x8 : ffffa688819daa88
      [   78.296711] x7 : ffffa688822a0f20 x6 : ffffa688819e0000
      [   78.302002] x5 : ffff800062eef9d0 x4 : ffffa68881e707a8
      [   78.307292] x3 : 0000000000000000 x2 : 0000000000000002
      [   78.312582] x1 : 0000000000000001 x0 : ffffa688827eecc8
      [   78.317873] Call trace:
      [   78.320312]  0x0
      [   78.322147]  __uart_start.isra.9+0x64/0x78
      [   78.326229]  uart_start+0xb8/0x1c8
      [   78.329620]  uart_flush_chars+0x24/0x30
      [   78.333442]  n_tty_receive_buf_common+0x7b0/0xc30
      [   78.338128]  n_tty_receive_buf+0x44/0x2c8
      [   78.342122]  tty_ioctl+0x348/0x11f8
      [   78.345599]  ksys_ioctl+0xd8/0xf8
      [   78.348903]  __arm64_sys_ioctl+0x2c/0xc8
      [   78.352812]  el0_svc_common.constprop.2+0x88/0x1b0
      [   78.357583]  do_el0_svc+0x44/0xd0
      [   78.360887]  el0_sync_handler+0x14c/0x1d0
      [   78.364880]  el0_sync+0x140/0x180
      [   78.368185] Code: bad PC value
      
      SERIAL_PORT_DFNS is not defined on each arch, if it's not defined,
      serial8250_set_defaults() won't be called in serial8250_isa_init_ports(),
      so the p->serial_in pointer won't be initialized, and it leads a null-ptr-deref.
      Fix this problem by calling serial8250_set_defaults() after init uart port.
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20200721143852.4058352-1-yangyingliang@huawei.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f4c23a14
    • Johan Hovold's avatar
      serial: tegra: drop bogus NULL tty-port checks · 707631ce
      Johan Hovold authored
      The struct tty_port is part of the uart state and will never be NULL in
      the receive helpers. Drop the bogus NULL checks and rename the
      pointer-variables "port" to differentiate them from struct tty_struct
      pointers (which can be NULL).
      
      Fixes: 962963e4 ("serial: tegra: Switch to using struct tty_port")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarThierry Reding <treding@nvidia.com>
      Link: https://lore.kernel.org/r/20200710135947.2737-3-johan@kernel.orgSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      707631ce
    • Johan Hovold's avatar
      serial: tegra: fix CREAD handling for PIO · b374c562
      Johan Hovold authored
      Commit 33ae787b ("serial: tegra: add support to ignore read") added
      support for dropping input in case CREAD isn't set, but for PIO the
      ignore_status_mask wasn't checked until after the character had been
      put in the receive buffer.
      
      Note that the NULL tty-port test is bogus and will be removed by a
      follow-on patch.
      
      Fixes: 33ae787b ("serial: tegra: add support to ignore read")
      Cc: stable <stable@vger.kernel.org>     # 5.4
      Cc: Shardar Shariff Md <smohammed@nvidia.com>
      Cc: Krishna Yarlagadda <kyarlagadda@nvidia.com>
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarThierry Reding <treding@nvidia.com>
      Link: https://lore.kernel.org/r/20200710135947.2737-2-johan@kernel.orgSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b374c562
    • Helmut Grohne's avatar
      tty: xilinx_uartps: Really fix id assignment · 22a82fa7
      Helmut Grohne authored
      The problems started with the revert (18cc7ac8). The
      cdns_uart_console.index is statically assigned -1. When the port is
      registered, Linux assigns consecutive numbers to it. It turned out that
      when using ttyPS1 as console, the index is not updated as we are reusing
      the same cdns_uart_console instance for multiple ports. When registering
      ttyPS0, it gets updated from -1 to 0, but when registering ttyPS1, it
      already is 0 and not updated.
      
      That led to 2ae11c46. It assigns the index prior to registering
      the uart_driver once. Unfortunately, that ended up breaking the
      situation where the probe order does not match the id order. When using
      the same device tree for both uboot and linux, it is important that the
      serial0 alias points to the console. So some boards reverse those
      aliases. This was reported by Jan Kiszka. The proposed fix was reverting
      the index assignment and going back to the previous iteration.
      
      However such a reversed assignement (serial0 -> uart1, serial1 -> uart0)
      was already partially broken by the revert (18cc7ac8). While the
      ttyPS device works, the kmsg connection is already broken and kernel
      messages go missing. Reverting the id assignment does not fix this.
      
      >From the xilinx_uartps driver pov (after reverting the refactoring
      commits), there can be only one console. This manifests in static
      variables console_pprt and cdns_uart_console. These variables are not
      properly linked and can go out of sync. The cdns_uart_console.index is
      important for uart_add_one_port. We call that function for each port -
      one of which hopefully is the console. If it isn't, the CON_ENABLED flag
      is not set and console_port is cleared. The next cdns_uart_probe call
      then tries to register the next port using that same cdns_uart_console.
      
      It is important that console_port and cdns_uart_console (and its index
      in particular) stay in sync. The index assignment implemented by
      Shubhrajyoti Datta is correct in principle. It just may have to happen a
      second time if the first cdns_uart_probe call didn't encounter the
      console device. And we shouldn't change the index once the console uart
      is registered.
      Reported-by: default avatarShubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
      Reported-by: default avatarJan Kiszka <jan.kiszka@web.de>
      Link: https://lore.kernel.org/linux-serial/f4092727-d8f5-5f91-2c9f-76643aace993@siemens.com/
      Fixes: 18cc7ac8 ("Revert "serial: uartps: Register own uart console and driver structures"")
      Fixes: 2ae11c46 ("tty: xilinx_uartps: Fix missing id assignment to the console")
      Fixes: 76ed2e10 ("Revert "tty: xilinx_uartps: Fix missing id assignment to the console"")
      Signed-off-by: default avatarHelmut Grohne <helmut.grohne@intenta.de>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20200713073227.GA3805@laureti-devSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      22a82fa7
    • Tetsuo Handa's avatar
      vt: Reject zero-sized screen buffer size. · ce684552
      Tetsuo Handa authored
      syzbot is reporting general protection fault in do_con_write() [1] caused
      by vc->vc_screenbuf == ZERO_SIZE_PTR caused by vc->vc_screenbuf_size == 0
      caused by vc->vc_cols == vc->vc_rows == vc->vc_size_row == 0 caused by
      fb_set_var() from ioctl(FBIOPUT_VSCREENINFO) on /dev/fb0 , for
      gotoxy(vc, 0, 0) from reset_terminal() from vc_init() from vc_allocate()
       from con_install() from tty_init_dev() from tty_open() on such console
      causes vc->vc_pos == 0x10000000e due to
      ((unsigned long) ZERO_SIZE_PTR) + -1U * 0 + (-1U << 1).
      
      I don't think that a console with 0 column or 0 row makes sense. And it
      seems that vc_do_resize() does not intend to allow resizing a console to
      0 column or 0 row due to
      
        new_cols = (cols ? cols : vc->vc_cols);
        new_rows = (lines ? lines : vc->vc_rows);
      
      exception.
      
      Theoretically, cols and rows can be any range as long as
      0 < cols * rows * 2 <= KMALLOC_MAX_SIZE is satisfied (e.g.
      cols == 1048576 && rows == 2 is possible) because of
      
        vc->vc_size_row = vc->vc_cols << 1;
        vc->vc_screenbuf_size = vc->vc_rows * vc->vc_size_row;
      
      in visual_init() and kzalloc(vc->vc_screenbuf_size) in vc_allocate().
      
      Since we can detect cols == 0 or rows == 0 via screenbuf_size = 0 in
      visual_init(), we can reject kzalloc(0). Then, vc_allocate() will return
      an error, and con_write() will not be called on a console with 0 column
      or 0 row.
      
      We need to make sure that integer overflow in visual_init() won't happen.
      Since vc_do_resize() restricts cols <= 32767 and rows <= 32767, applying
      1 <= cols <= 32767 and 1 <= rows <= 32767 restrictions to vc_allocate()
      will be practically fine.
      
      This patch does not touch con_init(), for returning -EINVAL there
      does not help when we are not returning -ENOMEM.
      
      [1] https://syzkaller.appspot.com/bug?extid=017265e8553724e514e8Reported-and-tested-by: default avatarsyzbot <syzbot+017265e8553724e514e8@syzkaller.appspotmail.com>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20200712111013.11881-1-penguin-kernel@I-love.SAKURA.ne.jpSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ce684552
  2. 19 Jul, 2020 10 commits
    • Linus Torvalds's avatar
      Linux 5.8-rc6 · ba47d845
      Linus Torvalds authored
      ba47d845
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-2020-07-19' of... · 92188b41
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into master
      
      Pull perf tooling fixes from Arnaldo Carvalho de Melo:
      
       - Update hashmap.h from libbpf and kvm.h from x86's kernel UAPI.
      
       - Set opt->set in libsubcmd's OPT_CALLBACK_SET(). This fixes
         'perf record --switch-output-event event-name' usage"
      
      * tag 'perf-tools-fixes-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        tools arch kvm: Sync kvm headers with the kernel sources
        perf tools: Sync hashmap.h with libbpf's
        libsubcmd: Fix OPT_CALLBACK_SET()
      92188b41
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2020-07-19' of... · efb9666e
      Linus Torvalds authored
      Merge tag 'x86-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master
      
      Pull x86 fixes from Thomas Gleixner:
       "A pile of fixes for x86:
      
         - Fix the I/O bitmap invalidation on XEN PV, which was overlooked in
           the recent ioperm/iopl rework. This caused the TSS and XEN's I/O
           bitmap to get out of sync.
      
         - Use the proper vectors for HYPERV.
      
         - Make disabling of stack protector for the entry code work with GCC
           builds which enable stack protector by default. Removing the option
           is not sufficient, it needs an explicit -fno-stack-protector to
           shut it off.
      
         - Mark check_user_regs() noinstr as it is called from noinstr code.
           The missing annotation causes it to be placed in the text section
           which makes it instrumentable.
      
         - Add the missing interrupt disable in exc_alignment_check()
      
         - Fixup a XEN_PV build dependency in the 32bit entry code
      
         - A few fixes to make the Clang integrated assembler happy
      
         - Move EFI stub build to the right place for out of tree builds
      
         - Make prepare_exit_to_usermode() static. It's not longer called from
           ASM code"
      
      * tag 'x86-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/boot: Don't add the EFI stub to targets
        x86/entry: Actually disable stack protector
        x86/ioperm: Fix io bitmap invalidation on Xen PV
        x86: math-emu: Fix up 'cmp' insn for clang ias
        x86/entry: Fix vectors to IDTENTRY_SYSVEC for CONFIG_HYPERV
        x86/entry: Add compatibility with IAS
        x86/entry/common: Make prepare_exit_to_usermode() static
        x86/entry: Mark check_user_regs() noinstr
        x86/traps: Disable interrupts in exc_aligment_check()
        x86/entry/32: Fix XEN_PV build dependency
      efb9666e
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2020-07-19' of... · 66e4b636
      Linus Torvalds authored
      Merge tag 'timers-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master
      
      Pull timer fixes from Thomas Gleixner:
       "Two fixes for the timer wheel:
      
         - A timer which is already expired at enqueue time can set the
           base->next_expiry value backwards. As a consequence base->clk can
           be set back as well. This can lead to timers expiring early. Add a
           sanity check to prevent this.
      
         - When a timer is queued with an expiry time beyond the wheel
           capacity then it should be queued in the bucket of the last wheel
           level which is expiring last.
      
           The code adjusted the expiry time to the maximum wheel capacity,
           which is only correct when the wheel clock is 0. Aside of that the
           check whether the delta is larger than wheel capacity does not
           check the delta, it checks the expiry value itself. As a result
           timers can expire at random.
      
           Fix this by checking the right variable and adjust expiry time so
           it becomes base->clock plus capacity which places it into the
           outmost bucket in the last wheel level"
      
      * tag 'timers-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timer: Fix wheel index calculation on last level
        timer: Prevent base->clk from moving backward
      66e4b636
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2020-07-19' of... · 43768f7c
      Linus Torvalds authored
      Merge tag 'sched-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master
      
      Pull scheduler fixes from Thomas Gleixner:
       "A set of scheduler fixes:
      
         - Plug a load average accounting race which was introduced with a
           recent optimization casing load average to show bogus numbers.
      
         - Fix the rseq CPU id initialization for new tasks. sched_fork() does
           not update the rseq CPU id so the id is the stale id of the parent
           task, which can cause user space data corruption.
      
         - Handle a 0 return value of task_h_load() correctly in the load
           balancer, which does not decrease imbalance and therefore pulls
           until the maximum number of loops is reached, which might be all
           tasks just created by a fork bomb"
      
      * tag 'sched-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: handle case of task_h_load() returning 0
        sched: Fix unreliable rseq cpu_id for new tasks
        sched: Fix loadavg accounting race
      43768f7c
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2020-07-19' of... · 9413cd77
      Linus Torvalds authored
      Merge tag 'irq-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master
      
      Pull irq fixes from Thomas Gleixner:
       "Two fixes for the interrupt subsystem:
      
         - Make the handling of the firmware node consistent and do not free
           the node after the domain has been created successfully. The core
           code stores a pointer to it which can lead to a use after free or
           double free.
      
           This used to "work" because the pointer was not stored when the
           initial code was written, but at some point later it was required
           to store it. Of course nobody noticed that the existing users break
           that way.
      
         - Handle affinity setting on inactive interrupts correctly when
           hierarchical irq domains are enabled.
      
           When interrupts are inactive with the modern hierarchical irqdomain
           design, the interrupt chips are not necessarily in a state where
           affinity changes can be handled. The legacy irq chip design allowed
           this because interrupts are immediately fully initialized at
           allocation time. X86 has a hacky workaround for this, but other
           implementations do not.
      
           This cased malfunction on GIC-V3. Instead of playing whack a mole
           to find all affected drivers, change the core code to store the
           requested affinity setting and then establish it when the interrupt
           is allocated, which makes the X86 hack go away"
      
      * tag 'irq-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/affinity: Handle affinity setting on inactive interrupts correctly
        irqdomain/treewide: Keep firmware node unconditionally allocated
      9413cd77
    • Linus Torvalds's avatar
      Merge tag 'usb-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb into master · ce20d7bf
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a few small USB fixes, and one thunderbolt fix, for 5.8-rc6.
      
        Nothing huge in here, just the normal collection of gadget, dwc2/3,
        serial, and other minor USB driver fixes and id additions. Full
        details are in the shortlog.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: serial: iuu_phoenix: fix memory corruption
        USB: c67x00: fix use after free in c67x00_giveback_urb
        usb: gadget: function: fix missing spinlock in f_uac1_legacy
        usb: gadget: udc: atmel: fix uninitialized read in debug printk
        usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable()
        usb: dwc2: Fix shutdown callback in platform
        usb: cdns3: trace: fix some endian issues
        usb: cdns3: ep0: fix some endian issues
        usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
        usb: gadget: fix langid kernel-doc warning in usbstring.c
        usb: dwc3: pci: add support for the Intel Jasper Lake
        usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant
        usb: chipidea: core: add wakeup support for extcon
        USB: serial: option: add Quectel EG95 LTE modem
        thunderbolt: Fix path indices used in USB3 tunnel discovery
        USB: serial: ch341: add new Product ID for CH340
        USB: serial: option: add GosunCn GM500 series
        USB: serial: cypress_m8: enable Simply Automated UPB PIM
      ce20d7bf
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.8-6' of git://git.infradead.org/users/hch/dma-mapping into master · 8c18fc63
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
       "Ensure we always have fully addressable memory in the dma coherent
        pool (Nicolas Saenz Julienne)"
      
      * tag 'dma-mapping-5.8-6' of git://git.infradead.org/users/hch/dma-mapping:
        dma-pool: do not allocate pool memory from CMA
        dma-pool: make sure atomic pool suits device
        dma-pool: introduce dma_guess_pool()
        dma-pool: get rid of dma_in_atomic_pool()
        dma-direct: provide function to check physical memory area validity
      8c18fc63
    • Arvind Sankar's avatar
      x86/boot: Don't add the EFI stub to targets · da05b143
      Arvind Sankar authored
      vmlinux-objs-y is added to targets, which currently means that the EFI
      stub gets added to the targets as well. It shouldn't be added since it
      is built elsewhere.
      
      This confuses Makefile.build which interprets the EFI stub as a target
      	$(obj)/$(objtree)/drivers/firmware/efi/libstub/lib.a
      and will create drivers/firmware/efi/libstub/ underneath
      arch/x86/boot/compressed, to hold this supposed target, if building
      out-of-tree. [0]
      
      Fix this by pulling the stub out of vmlinux-objs-y into efi-obj-y.
      
      [0] See scripts/Makefile.build near the end:
          # Create directories for object files if they do not exist
      Signed-off-by: default avatarArvind Sankar <nivedita@alum.mit.edu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Link: https://lkml.kernel.org/r/20200715032631.1562882-1-nivedita@alum.mit.edu
      da05b143
    • Kees Cook's avatar
      x86/entry: Actually disable stack protector · 58ac3154
      Kees Cook authored
      Some builds of GCC enable stack protector by default. Simply removing
      the arguments is not sufficient to disable stack protector, as the stack
      protector for those GCC builds must be explicitly disabled. Remove the
      argument removals and add -fno-stack-protector. Additionally include
      missed x32 argument updates, and adjust whitespace for readability.
      
      Fixes: 20355e5f ("x86/entry: Exclude low level entry code from sanitizing")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Link: https://lkml.kernel.org/r/202006261333.585319CA6B@keescook
      58ac3154
  3. 18 Jul, 2020 6 commits
  4. 17 Jul, 2020 18 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.8-3' of git://git.linux-nfs.org/projects/anna/linux-nfs into master · 6a70f89c
      Linus Torvalds authored
      Pull NFS client fixes from Anna Schumaker:
       "A few more NFS client bugfixes for Linux 5.8:
      
        NFS:
         - Fix interrupted slots by using the SEQUENCE operation
      
        SUNRPC:
         - revert d03727b2 to fix unkillable IOs
      
        xprtrdma:
         - Fix double-free in rpcrdma_ep_create()
         - Fix recursion into rpcrdma_xprt_disconnect()
         - Fix return code from rpcrdma_xprt_connect()
         - Fix handling of connect errors
         - Fix incorrect header size calculations"
      
      * tag 'nfs-for-5.8-3' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        SUNRPC reverting d03727b2 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
        xprtrdma: fix incorrect header size calculations
        NFS: Fix interrupted slots by sending a solo SEQUENCE operation
        xprtrdma: Fix handling of connect errors
        xprtrdma: Fix return code from rpcrdma_xprt_connect()
        xprtrdma: Fix recursion into rpcrdma_xprt_disconnect()
        xprtrdma: Fix double-free in rpcrdma_ep_create()
      6a70f89c
    • Linus Torvalds's avatar
      Merge tag 'arm-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc into master · 630c183b
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "This time there are a number of actual code fixes, plus a small set of
        device tree issues getting addressed:
      
        Renesas:
      
          - one defconfig cleanup to allow a later Kconfig change
      
        Intel socfpga:
      
          - enable QSPI devices on some machines
      
          - fix DTC validation warnings
      
        TI OMAP:
      
          - Two DEBUG_ATOMIC_SLEEP fixes for ti-sysc interconnect target
            module driver
      
          - A regression fix for ti-sysc no-idle handling that caused issues
            compared to earlier platform data based booting
      
          - A fix for memory leak for omap_hwmod_allocate_module
      
          - Fix d_can driver probe for am437x
      
        NXP i.MX:
      
          - A couple of fixes on i.MX platform device registration code to
            stop the use of invalid IRQ 0.
      
          - Fix a regression seen on ls1021a platform, caused by commit
            52102a3b ("soc: imx: move cpu code to drivers/soc/imx").
      
          - Fix a misconfiguration of audio SSI on imx6qdl-gw551x board.
      
        Amlogic Meson:
      
          - misc DT fixes
      
          - SoC ID fixes to detect all chips correctly"
      
      * tag 'arm-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema
        ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
        arm64: dts: stratix10: increase QSPI reg address in nand dts file
        arm64: dts: stratix10: add status to qspi dts node
        arm64: dts: agilex: add status to qspi dts node
        ARM: dts: Fix dcan driver probe failed on am437x platform
        ARM: OMAP2+: Fix possible memory leak in omap_hwmod_allocate_module
        arm64: defconfig: Enable CONFIG_PCIE_RCAR_HOST
        soc: imx: check ls1021a
        ARM: imx: Remove imx_add_imx_dma() unused irq_err argument
        ARM: imx: Provide correct number of resources when registering gpio devices
        ARM: dts: imx6qdl-gw551x: fix audio SSI
        bus: ti-sysc: Do not disable on suspend for no-idle
        bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk
        bus: ti-sysc: Fix wakeirq sleeping function called from invalid context
        ARM: dts: meson: Align L2 cache-controller nodename with dtschema
        arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency
        arm64: dts: meson: add missing gxl rng clock
        soc: amlogic: meson-gx-socinfo: Fix S905X3 and S905D3 ID's
      630c183b
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into master · a570f419
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "A batch of arm64 fixes.
      
        Although the diffstat is a bit larger than we'd usually have at this
        stage, a decent amount of it is the addition of comments describing
        our syscall tracing behaviour, and also a sweep across all the modular
        arm64 PMU drivers to make them rebust against unloading and unbinding.
      
        There are a couple of minor things kicking around at the moment (CPU
        errata and module PLTs for very large modules), but I'm not expecting
        any significant changes now for us in 5.8.
      
         - Fix kernel text addresses for relocatable images booting using EFI
           and with KASLR disabled so that they match the vmlinux ELF binary.
      
         - Fix unloading and unbinding of PMU driver modules.
      
         - Fix generic mmiowb() when writeX() is called from preemptible
           context (reported by the riscv folks).
      
         - Fix ptrace hardware single-step interactions with signal handlers,
           system calls and reverse debugging.
      
         - Fix reporting of 64-bit x0 register for 32-bit tasks via
           'perf_regs'.
      
         - Add comments describing syscall entry/exit tracing ABI"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        drivers/perf: Prevent forced unbinding of PMU drivers
        asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible()
        arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
        arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter()
        arm64: syscall: Expand the comment about ptrace and syscall(-1)
        arm64: ptrace: Add a comment describing our syscall entry/exit trap ABI
        arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
        arm64: ptrace: Override SPSR.SS when single-stepping is enabled
        arm64: ptrace: Consistently use pseudo-singlestep exceptions
        drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling
        efi/libstub/arm64: Retain 2MB kernel Image alignment if !KASLR
      a570f419
    • Thomas Gleixner's avatar
      genirq/affinity: Handle affinity setting on inactive interrupts correctly · baedb87d
      Thomas Gleixner authored
      Setting interrupt affinity on inactive interrupts is inconsistent when
      hierarchical irq domains are enabled. The core code should just store the
      affinity and not call into the irq chip driver for inactive interrupts
      because the chip drivers may not be in a state to handle such requests.
      
      X86 has a hacky workaround for that but all other irq chips have not which
      causes problems e.g. on GIC V3 ITS.
      
      Instead of adding more ugly hacks all over the place, solve the problem in
      the core code. If the affinity is set on an inactive interrupt then:
      
          - Store it in the irq descriptors affinity mask
          - Update the effective affinity to reflect that so user space has
            a consistent view
          - Don't call into the irq chip driver
      
      This is the core equivalent of the X86 workaround and works correctly
      because the affinity setting is established in the irq chip when the
      interrupt is activated later on.
      
      Note, that this is only effective when hierarchical irq domains are enabled
      by the architecture. Doing it unconditionally would break legacy irq chip
      implementations.
      
      For hierarchial irq domains this works correctly as none of the drivers can
      have a dependency on affinity setting in inactive state by design.
      
      Remove the X86 workaround as it is not longer required.
      
      Fixes: 02edee15 ("x86/apic/vector: Ignore set_affinity call for inactive interrupts")
      Reported-by: default avatarAli Saidi <alisaidi@amazon.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Tested-by: default avatarAli Saidi <alisaidi@amazon.com>
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/20200529015501.15771-1-alisaidi@amazon.com
      Link: https://lkml.kernel.org/r/877dv2rv25.fsf@nanos.tec.linutronix.de
      baedb87d
    • Frederic Weisbecker's avatar
      timer: Fix wheel index calculation on last level · e2a71bde
      Frederic Weisbecker authored
      When an expiration delta falls into the last level of the wheel, that delta
      has be compared against the maximum possible delay and reduced to fit in if
      necessary.
      
      However instead of comparing the delta against the maximum, the code
      compares the actual expiry against the maximum. Then instead of fixing the
      delta to fit in, it sets the maximum delta as the expiry value.
      
      This can result in various undesired outcomes, the worst possible one
      being a timer expiring 15 days ahead to fire immediately.
      
      Fixes: 500462a9 ("timers: Switch to a non-cascading wheel")
      Signed-off-by: default avatarFrederic Weisbecker <frederic@kernel.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Link: https://lkml.kernel.org/r/20200717140551.29076-2-frederic@kernel.org
      e2a71bde
    • Olga Kornievskaia's avatar
      SUNRPC reverting d03727b2 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") · 65caafd0
      Olga Kornievskaia authored
      Reverting commit d03727b2 "NFSv4 fix CLOSE not waiting for
      direct IO compeletion". This patch made it so that fput() by calling
      inode_dio_done() in nfs_file_release() would wait uninterruptably
      for any outstanding directIO to the file (but that wait on IO should
      be killable).
      
      The problem the patch was also trying to address was REMOVE returning
      ERR_ACCESS because the file is still opened, is supposed to be resolved
      by server returning ERR_FILE_OPEN and not ERR_ACCESS.
      Signed-off-by: default avatarOlga Kornievskaia <kolga@netapp.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      65caafd0
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master · 4ebf8d76
      Linus Torvalds authored
      Pull io_uring fix from Jens Axboe:
       "Fix for a case where, with automatic buffer selection, we can leak the
        buffer descriptor for recvmsg"
      
      * tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block:
        io_uring: fix recvmsg memory leak with buffer selection
      4ebf8d76
    • Linus Torvalds's avatar
      Merge tag 'block-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master · c9ea87dc
      Linus Torvalds authored
      Pull block fix from Jens Axboe:
       "Single NVMe multipath capacity fix"
      
      * tag 'block-5.8-2020-07-17' of git://git.kernel.dk/linux-block:
        nvme: explicitly update mpath disk capacity on revalidation
      c9ea87dc
    • Linus Torvalds's avatar
      Merge tag 'fuse-fixes-5.8-rc6' of... · 0dd68a34
      Linus Torvalds authored
      Merge tag 'fuse-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse into master
      
      Pull fuse fixes from Miklos Szeredi:
      
       - two regressions in this cycle caused by the conversion of writepage
         list to an rb_tree
      
       - two regressions in v5.4 cause by the conversion to the new mount API
      
       - saner behavior of fsconfig(2) for the reconfigure case
      
       - an ancient issue with FS_IOC_{GET,SET}FLAGS ioctls
      
      * tag 'fuse-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
        fuse: don't ignore errors from fuse_writepages_fill()
        fuse: clean up condition for writepage sending
        fuse: reject options on reconfigure via fsconfig(2)
        fuse: ignore 'data' argument of mount(..., MS_REMOUNT)
        fuse: use ->reconfigure() instead of ->remount_fs()
        fuse: fix warning in tree_insert() and clean up writepage insertion
        fuse: move rb_erase() before tree_insert()
      0dd68a34
    • Linus Torvalds's avatar
      Merge tag 'ovl-fixes-5.8-rc6' of... · 44fea373
      Linus Torvalds authored
      Merge tag 'ovl-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs into master
      
      Pull overlayfs fixes from Miklos Szeredi:
      
       - fix a regression introduced in v4.20 in handling a regenerated
         squashfs lower layer
      
       - two regression fixes for this cycle, one of which is Oops inducing
      
       - miscellaneous issues
      
      * tag 'ovl-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: fix lookup of indexed hardlinks with metacopy
        ovl: fix unneeded call to ovl_change_flags()
        ovl: fix mount option checks for nfs_export with no upperdir
        ovl: force read-only sb on failure to create index dir
        ovl: fix regression with re-formatted lower squashfs
        ovl: fix oops in ovl_indexdir_cleanup() with nfs_export=on
        ovl: relax WARN_ON() when decoding lower directory file handle
        ovl: remove not used argument in ovl_check_origin
        ovl: change ovl_copy_up_flags static
        ovl: inode reference leak in ovl_is_inuse true case.
      44fea373
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v5.8-rc5' of... · 33b9108f
      Linus Torvalds authored
      Merge tag 'spi-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into master
      
      Pull spi fixes from Mark Brown:
       "A couple of small driver specific fixes for fairly minor issues"
      
      * tag 'spi-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
        spi: mediatek: use correct SPI_CFG2_REG MACRO
      33b9108f
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v5.8-rc5' of... · 8da822e8
      Linus Torvalds authored
      Merge tag 'regulator-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator into master
      
      Pull regulator fixes from Mark Brown:
       "The more substantial fix here is the rename of the da903x driver which
        fixes a collision with the parent MFD driver name which caused issues
        when things were built as modules.
      
        There's also a fix for a mislableled regulator on the pmi8994 which is
        quite important for systems with that device"
      
      * tag 'regulator-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        MAINTAINERS: remove obsolete entry after file renaming
        regulator: rename da903x to da903x-regulator
        regulator: qcom_smd: Fix pmi8994 label
      8da822e8
    • Linus Torvalds's avatar
      Merge tag 'regmap-fix-v5.8-rc5' of... · ee436955
      Linus Torvalds authored
      Merge tag 'regmap-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into master
      
      Pull regmap fixes from Mark Brown:
       "A couple of substantial fixes here, one from Doug which fixes the
        debugfs code for MMIO regmaps (fortunately not the common case) and
        one from Marc fixing lookups of multiple regmaps for the same device
        (a very unusual case).
      
        There's also a fix for Kconfig to ensure we enable SoundWire properly"
      
      * tag 'regmap-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap: debugfs: Don't sleep while atomic for fast_io regmaps
        regmap: add missing dependency on SoundWire
        regmap: dev_get_regmap_match(): fix string comparison
      ee436955
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid into master · 60541fb6
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - linked list race condition fix in hid-steam driver from Rodrigo Rivas
         Costa
      
       - assorted deviceID-specific quirks and other small cosmetic cleanups
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        HID: logitech-hidpp: avoid repeated "multiplier = " log messages
        HID: logitech: Use HIDPP_RECEIVER_INDEX instead of 0xff
        HID: quirks: Ignore Simply Automated UPB PIM
        HID: apple: Disable Fn-key key-re-mapping on clone keyboards
        MAINTAINERS: update uhid and hid-wiimote entry
        HID: steam: fixes race in handling device list.
        HID: magicmouse: do not set up autorepeat
        HID: alps: support devices with report id 2
        HID: quirks: Always poll Obins Anne Pro 2 keyboard
        HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
      60541fb6
    • Palmer Dabbelt's avatar
      RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw · 38b7c2a3
      Palmer Dabbelt authored
      While digging through the recent mmiowb preemption issue it came up that
      we aren't actually preventing IO from crossing a scheduling boundary.
      While it's a bit ugly to overload smp_mb__after_spinlock() with this
      behavior, it's what PowerPC is doing so there's some precedent.
      Signed-off-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      38b7c2a3
    • Arnd Bergmann's avatar
      Merge tag 'socfpga_fixes_for_v5.8_v2' of... · 2648298a
      Arnd Bergmann authored
      Merge tag 'socfpga_fixes_for_v5.8_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux into arm/fixes
      
      arm/arm64: dts: socfpga: fixes for v5.8
      - Add status = "okay" in QSPI
      - Increase QSPI size in reg property
      - Fix dtschema for SoCFPGA platforms
      
      * tag 'socfpga_fixes_for_v5.8_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux:
        arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema
        ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
        arm64: dts: stratix10: increase QSPI reg address in nand dts file
        arm64: dts: stratix10: add status to qspi dts node
        arm64: dts: agilex: add status to qspi dts node
      
      Link: https://lore.kernel.org/r/20200717155758.18233-1-dinguyen@kernel.orgSigned-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      2648298a
    • Arnd Bergmann's avatar
      Merge tag 'renesas-fixes-for-v5.8-tag1' of... · f7d96b86
      Arnd Bergmann authored
      Merge tag 'renesas-fixes-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel into arm/fixes
      
      Renesas fixes for v5.8
      
        - Replace CONFIG_PCIE_RCAR by CONFIG_PCIE_RCAR_HOST in the defconfig,
          to unblock a planned Kconfig change.
      
      * tag 'renesas-fixes-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel:
        arm64: defconfig: Enable CONFIG_PCIE_RCAR_HOST
      
      Link: https://lore.kernel.org/r/20200717100523.15418-1-geert+renesas@glider.beSigned-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      f7d96b86
    • Linus Torvalds's avatar
      Merge tag 'sound-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound into master · a238ac2d
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "No surprise here, just a few device-specific small fixes: two fixes
        for USB LINE6 and one for USB-audio drivers wrt syzkaller fuzzer
        issues, while the rest are all HD-audio Realtek quirks"
      
      * tag 'sound-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek - fixup for yet another Intel reference board
        ALSA: hda/realtek - Enable Speaker for ASUS UX563
        ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
        ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256
        ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289
        ALSA: hda/realtek - change to suitable link model for ASUS platform
        ALSA: usb-audio: Fix race against the error recovery URB submission
        ALSA: line6: Sync the pending work cancel at disconnection
        ALSA: line6: Perform sanity check for each URB creation
      a238ac2d