1. 24 Jul, 2021 8 commits
  2. 23 Jul, 2021 19 commits
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.14-rc3' of git://github.com/ceph/ceph-client · 704f4cba
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A subtle deadlock on lock_rwsem (marked for stable) and rbd fixes for
        a -rc1 regression.
      
        Also included a rare WARN condition tweak"
      
      * tag 'ceph-for-5.14-rc3' of git://github.com/ceph/ceph-client:
        rbd: resurrect setting of disk->private_data in rbd_init_disk()
        ceph: don't WARN if we're still opening a session to an MDS
        rbd: don't hold lock_rwsem while running_list is being drained
        rbd: always kick acquire on "acquired" and "released" notifications
      704f4cba
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 05daae0f
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix deadloop in ring buffer because of using stale "read" variable
      
       - Fix synthetic event use of field_pos as boolean and not an index
      
       - Fixed histogram special var "cpu" overriding event fields called
         "cpu"
      
       - Cleaned up error prone logic in alloc_synth_event()
      
       - Removed call to synchronize_rcu_tasks_rude() when not needed
      
       - Removed redundant initialization of a local variable "ret"
      
       - Fixed kernel crash when updating tracepoint callbacks of different
         priorities.
      
      * tag 'trace-v5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracepoints: Update static_call before tp_funcs when adding a tracepoint
        ftrace: Remove redundant initialization of variable ret
        ftrace: Avoid synchronize_rcu_tasks_rude() call when not necessary
        tracing: Clean up alloc_synth_event()
        tracing/histogram: Rename "cpu" to "common_cpu"
        tracing: Synthetic event field_pos is an index not a boolean
        tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
      05daae0f
    • Linus Torvalds's avatar
      Merge tag 'm68k-for-v5.14-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k · 1af09ed5
      Linus Torvalds authored
      Pull m68k fix from Geert Uytterhoeven:
      
       - Fix a Mac defconfig regression due to the IDE -> ATA switch
      
      * tag 'm68k-for-v5.14-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
        m68k: MAC should select HAVE_PATA_PLATFORM
      1af09ed5
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · ec6badfb
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix a recently broken Kconfig dependency and ACPI device
        reference counting in an iterator macro.
      
        Specifics:
      
         - Fix recently broken Kconfig dependency for the ACPI table override
           via built-in initrd (Robert Richter)
      
         - Fix ACPI device reference counting in the for_each_acpi_dev_match()
           helper macro to avoid use-after-free (Andy Shevchenko)"
      
      * tag 'acpi-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: utils: Fix reference counting in for_each_acpi_dev_match()
        ACPI: Kconfig: Fix table override from built-in initrd
      ec6badfb
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.14-rc3' of... · 1d597682
      Linus Torvalds authored
      Merge tag 'driver-core-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are two small driver core fixes to resolve some reported problems
        for 5.14-rc3. They include:
      
         - aux bus memory leak fix
      
         - unneeded warning message removed when removing a device link.
      
        Both have been in linux-next with no reported problems"
      
      * tag 'driver-core-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        driver core: Prevent warning when removing a device link from unregistered consumer
        driver core: auxiliary bus: Fix memory leak when driver_register() fail
      1d597682
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 8072911b
      Linus Torvalds authored
      Pull char/misc fixes from Greg KH:
       "Here are some small char/misc driver fixes for 5.14-rc3.
      
        Included in here are:
      
         - MAINTAINERS file updates for two changes in different driver
           subsystems
      
         - mhi bus bugfixes
      
         - nds32 bugfix that resolves a reported problem
      
        All have been in linux-next with no reported problems"
      
      * tag 'char-misc-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        nds32: fix up stack guard gap
        MAINTAINERS: Change ACRN HSM driver maintainer
        MAINTAINERS: Update for VMCI driver
        bus: mhi: pci_generic: Fix inbound IPCR channel
        bus: mhi: core: Validate channel ID when processing command completions
        bus: mhi: pci_generic: Apply no-op for wake using sideband wake boolean
      8072911b
    • Linus Torvalds's avatar
      Merge tag 'usb-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 74738c55
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some USB fixes for 5.14-rc3 to resolve a bunch of tiny
        problems reported. Included in here are:
      
         - dtsi revert to resolve a problem which broke android systems that
           relied on the dts name to find the USB controller device.
      
           People are still working out the "real" solution for this, but for
           now the revert is needed.
      
         - core USB fix for pipe calculation found by syzbot
      
         - typec fixes
      
         - gadget driver fixes
      
         - new usb-serial device ids
      
         - new USB quirks
      
         - xhci fixes
      
         - usb hub fixes for power management issues reported
      
         - other tiny fixes
      
        All have been in linux-next with no reported problems"
      
      * tag 'usb-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (27 commits)
        USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
        Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
        usb: cdc-wdm: fix build error when CONFIG_WWAN_CORE is not set
        Revert "arm64: dts: qcom: Harmonize DWC USB3 DT nodes name"
        usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
        usb: dwc2: Skip clock gating on Samsung SoCs
        usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
        usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode.
        usb: phy: Fix page fault from usb_phy_uevent
        usb: xhci: avoid renesas_usb_fw.mem when it's unusable
        usb: gadget: u_serial: remove WARN_ON on null port
        usb: dwc3: avoid NULL access of usb_gadget_driver
        usb: max-3421: Prevent corruption of freed memory
        usb: gadget: Fix Unbalanced pm_runtime_enable in tegra_xudc_probe
        MAINTAINERS: repair reference in USB IP DRIVER FOR HISILICON KIRIN 970
        usb: typec: stusb160x: Don't block probing of consumer of "connector" nodes
        usb: typec: stusb160x: register role switch before interrupt registration
        USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
        usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI
        usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
        ...
      74738c55
    • Linus Torvalds's avatar
      Merge tag 'sound-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · e7562a00
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes, mostly covering device-specific
        regressions and bugs over ASoC, HD-audio and USB-audio, while
        the ALSA PCM core received a few additional fixes for the
        possible (new and old) regressions"
      
      * tag 'sound-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (29 commits)
        ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
        ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
        ALSA: pcm: Fix mmap without buffer preallocation
        ALSA: pcm: Fix mmap capability check
        ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID
        ASoC: ti: j721e-evm: Check for not initialized parent_clk_id
        ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup
        ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine
        ALSA: hdmi: Expose all pins on MSI MS-7C94 board
        ALSA: sb: Fix potential ABBA deadlock in CSP driver
        ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend
        ASoC: amd: reverse stop sequence for stoneyridge platform
        ASoC: soc-pcm: add a flag to reverse the stop sequence
        ASoC: codecs: wcd938x: setup irq during component bind
        ASoC: dt-bindings: renesas: rsnd: Fix incorrect 'port' regex schema
        ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
        ASoC: codecs: wcd938x: make sdw dependency explicit in Kconfig
        ASoC: SOF: Intel: Update ADL descriptor to use ACPI power states
        ASoC: rt5631: Fix regcache sync errors on resume
        ALSA: pcm: Call substream ack() method upon compat mmap commit
        ...
      e7562a00
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-utils' · 0b8a53a8
      Rafael J. Wysocki authored
      * acpi-utils:
        ACPI: utils: Fix reference counting in for_each_acpi_dev_match()
      0b8a53a8
    • Steven Rostedt (VMware)'s avatar
      tracepoints: Update static_call before tp_funcs when adding a tracepoint · 352384d5
      Steven Rostedt (VMware) authored
      Because of the significant overhead that retpolines pose on indirect
      calls, the tracepoint code was updated to use the new "static_calls" that
      can modify the running code to directly call a function instead of using
      an indirect caller, and this function can be changed at runtime.
      
      In the tracepoint code that calls all the registered callbacks that are
      attached to a tracepoint, the following is done:
      
      	it_func_ptr = rcu_dereference_raw((&__tracepoint_##name)->funcs);
      	if (it_func_ptr) {
      		__data = (it_func_ptr)->data;
      		static_call(tp_func_##name)(__data, args);
      	}
      
      If there's just a single callback, the static_call is updated to just call
      that callback directly. Once another handler is added, then the static
      caller is updated to call the iterator, that simply loops over all the
      funcs in the array and calls each of the callbacks like the old method
      using indirect calling.
      
      The issue was discovered with a race between updating the funcs array and
      updating the static_call. The funcs array was updated first and then the
      static_call was updated. This is not an issue as long as the first element
      in the old array is the same as the first element in the new array. But
      that assumption is incorrect, because callbacks also have a priority
      field, and if there's a callback added that has a higher priority than the
      callback on the old array, then it will become the first callback in the
      new array. This means that it is possible to call the old callback with
      the new callback data element, which can cause a kernel panic.
      
      	static_call = callback1()
      	funcs[] = {callback1,data1};
      	callback2 has higher priority than callback1
      
      	CPU 1				CPU 2
      	-----				-----
      
         new_funcs = {callback2,data2},
                     {callback1,data1}
      
         rcu_assign_pointer(tp->funcs, new_funcs);
      
        /*
         * Now tp->funcs has the new array
         * but the static_call still calls callback1
         */
      
      				it_func_ptr = tp->funcs [ new_funcs ]
      				data = it_func_ptr->data [ data2 ]
      				static_call(callback1, data);
      
      				/* Now callback1 is called with
      				 * callback2's data */
      
      				[ KERNEL PANIC ]
      
         update_static_call(iterator);
      
      To prevent this from happening, always switch the static_call to the
      iterator before assigning the tp->funcs to the new array. The iterator will
      always properly match the callback with its data.
      
      To trigger this bug:
      
        In one terminal:
      
          while :; do hackbench 50; done
      
        In another terminal
      
          echo 1 > /sys/kernel/tracing/events/sched/sched_waking/enable
          while :; do
              echo 1 > /sys/kernel/tracing/set_event_pid;
              sleep 0.5
              echo 0 > /sys/kernel/tracing/set_event_pid;
              sleep 0.5
         done
      
      And it doesn't take long to crash. This is because the set_event_pid adds
      a callback to the sched_waking tracepoint with a high priority, which will
      be called before the sched_waking trace event callback is called.
      
      Note, the removal to a single callback updates the array first, before
      changing the static_call to single callback, which is the proper order as
      the first element in the array is the same as what the static_call is
      being changed to.
      
      Link: https://lore.kernel.org/io-uring/4ebea8f0-58c9-e571-fd30-0ce4f6f09c70@samba.org/
      
      Cc: stable@vger.kernel.org
      Fixes: d25e37d8 ("tracepoint: Optimize using static_call()")
      Reported-by: default avatarStefan Metzmacher <metze@samba.org>
      tested-by: default avatarStefan Metzmacher <metze@samba.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      352384d5
    • Colin Ian King's avatar
      ftrace: Remove redundant initialization of variable ret · 3b1a8f45
      Colin Ian King authored
      The variable ret is being initialized with a value that is never
      read, it is being updated later on. The assignment is redundant and
      can be removed.
      
      Link: https://lkml.kernel.org/r/20210721120915.122278-1-colin.king@canonical.com
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      3b1a8f45
    • Nicolas Saenz Julienne's avatar
      ftrace: Avoid synchronize_rcu_tasks_rude() call when not necessary · 68e83498
      Nicolas Saenz Julienne authored
      synchronize_rcu_tasks_rude() triggers IPIs and forces rescheduling on
      all CPUs. It is a costly operation and, when targeting nohz_full CPUs,
      very disrupting (hence the name). So avoid calling it when 'old_hash'
      doesn't need to be freed.
      
      Link: https://lkml.kernel.org/r/20210721114726.1545103-1-nsaenzju@redhat.comSigned-off-by: default avatarNicolas Saenz Julienne <nsaenzju@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      68e83498
    • Steven Rostedt (VMware)'s avatar
      tracing: Clean up alloc_synth_event() · 9528c195
      Steven Rostedt (VMware) authored
      alloc_synth_event() currently has the following code to initialize the
      event fields and dynamic_fields:
      
      	for (i = 0, j = 0; i < n_fields; i++) {
      		event->fields[i] = fields[i];
      
      		if (fields[i]->is_dynamic) {
      			event->dynamic_fields[j] = fields[i];
      			event->dynamic_fields[j]->field_pos = i;
      			event->dynamic_fields[j++] = fields[i];
      			event->n_dynamic_fields++;
      		}
      	}
      
      1) It would make more sense to have all fields keep track of their
         field_pos.
      
      2) event->dynmaic_fields[j] is assigned twice for no reason.
      
      3) We can move updating event->n_dynamic_fields outside the loop, and just
         assign it to j.
      
      This combination makes the code much cleaner.
      
      Link: https://lkml.kernel.org/r/20210721195341.29bb0f77@oasis.local.homeSigned-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      9528c195
    • Steven Rostedt (VMware)'s avatar
      tracing/histogram: Rename "cpu" to "common_cpu" · 1e3bac71
      Steven Rostedt (VMware) authored
      Currently the histogram logic allows the user to write "cpu" in as an
      event field, and it will record the CPU that the event happened on.
      
      The problem with this is that there's a lot of events that have "cpu"
      as a real field, and using "cpu" as the CPU it ran on, makes it
      impossible to run histograms on the "cpu" field of events.
      
      For example, if I want to have a histogram on the count of the
      workqueue_queue_work event on its cpu field, running:
      
       ># echo 'hist:keys=cpu' > events/workqueue/workqueue_queue_work/trigger
      
      Gives a misleading and wrong result.
      
      Change the command to "common_cpu" as no event should have "common_*"
      fields as that's a reserved name for fields used by all events. And
      this makes sense here as common_cpu would be a field used by all events.
      
      Now we can even do:
      
       ># echo 'hist:keys=common_cpu,cpu if cpu < 100' > events/workqueue/workqueue_queue_work/trigger
       ># cat events/workqueue/workqueue_queue_work/hist
       # event histogram
       #
       # trigger info: hist:keys=common_cpu,cpu:vals=hitcount:sort=hitcount:size=2048 if cpu < 100 [active]
       #
      
       { common_cpu:          0, cpu:          2 } hitcount:          1
       { common_cpu:          0, cpu:          4 } hitcount:          1
       { common_cpu:          7, cpu:          7 } hitcount:          1
       { common_cpu:          0, cpu:          7 } hitcount:          1
       { common_cpu:          0, cpu:          1 } hitcount:          1
       { common_cpu:          0, cpu:          6 } hitcount:          2
       { common_cpu:          0, cpu:          5 } hitcount:          2
       { common_cpu:          1, cpu:          1 } hitcount:          4
       { common_cpu:          6, cpu:          6 } hitcount:          4
       { common_cpu:          5, cpu:          5 } hitcount:         14
       { common_cpu:          4, cpu:          4 } hitcount:         26
       { common_cpu:          0, cpu:          0 } hitcount:         39
       { common_cpu:          2, cpu:          2 } hitcount:        184
      
      Now for backward compatibility, I added a trick. If "cpu" is used, and
      the field is not found, it will fall back to "common_cpu" and work as
      it did before. This way, it will still work for old programs that use
      "cpu" to get the actual CPU, but if the event has a "cpu" as a field, it
      will get that event's "cpu" field, which is probably what it wants
      anyway.
      
      I updated the tracefs/README to include documentation about both the
      common_timestamp and the common_cpu. This way, if that text is present in
      the README, then an application can know that common_cpu is supported over
      just plain "cpu".
      
      Link: https://lkml.kernel.org/r/20210721110053.26b4f641@oasis.local.home
      
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: stable@vger.kernel.org
      Fixes: 8b7622bf ("tracing: Add cpu field for hist triggers")
      Reviewed-by: default avatarTom Zanussi <zanussi@kernel.org>
      Reviewed-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      1e3bac71
    • Steven Rostedt (VMware)'s avatar
      tracing: Synthetic event field_pos is an index not a boolean · 3b13911a
      Steven Rostedt (VMware) authored
      Performing the following:
      
       ># echo 'wakeup_lat s32 pid; u64 delta; char wake_comm[]' > synthetic_events
       ># echo 'hist:keys=pid:__arg__1=common_timestamp.usecs' > events/sched/sched_waking/trigger
       ># echo 'hist:keys=next_pid:pid=next_pid,delta=common_timestamp.usecs-$__arg__1:onmatch(sched.sched_waking).trace(wakeup_lat,$pid,$delta,prev_comm)'\
            > events/sched/sched_switch/trigger
       ># echo 1 > events/synthetic/enable
      
      Crashed the kernel:
      
       BUG: kernel NULL pointer dereference, address: 000000000000001b
       #PF: supervisor read access in kernel mode
       #PF: error_code(0x0000) - not-present page
       PGD 0 P4D 0
       Oops: 0000 [#1] PREEMPT SMP
       CPU: 7 PID: 0 Comm: swapper/7 Not tainted 5.13.0-rc5-test+ #104
       Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016
       RIP: 0010:strlen+0x0/0x20
       Code: f6 82 80 2b 0b bc 20 74 11 0f b6 50 01 48 83 c0 01 f6 82 80 2b 0b bc
        20 75 ef c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <80> 3f 00 74 10
        48 89 f8 48 83 c0 01 80 38 9 f8 c3 31
       RSP: 0018:ffffaa75000d79d0 EFLAGS: 00010046
       RAX: 0000000000000002 RBX: ffff9cdb55575270 RCX: 0000000000000000
       RDX: ffff9cdb58c7a320 RSI: ffffaa75000d7b40 RDI: 000000000000001b
       RBP: ffffaa75000d7b40 R08: ffff9cdb40a4f010 R09: ffffaa75000d7ab8
       R10: ffff9cdb4398c700 R11: 0000000000000008 R12: ffff9cdb58c7a320
       R13: ffff9cdb55575270 R14: ffff9cdb58c7a000 R15: 0000000000000018
       FS:  0000000000000000(0000) GS:ffff9cdb5aa00000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 000000000000001b CR3: 00000000c0612006 CR4: 00000000001706e0
       Call Trace:
        trace_event_raw_event_synth+0x90/0x1d0
        action_trace+0x5b/0x70
        event_hist_trigger+0x4bd/0x4e0
        ? cpumask_next_and+0x20/0x30
        ? update_sd_lb_stats.constprop.0+0xf6/0x840
        ? __lock_acquire.constprop.0+0x125/0x550
        ? find_held_lock+0x32/0x90
        ? sched_clock_cpu+0xe/0xd0
        ? lock_release+0x155/0x440
        ? update_load_avg+0x8c/0x6f0
        ? enqueue_entity+0x18a/0x920
        ? __rb_reserve_next+0xe5/0x460
        ? ring_buffer_lock_reserve+0x12a/0x3f0
        event_triggers_call+0x52/0xe0
        trace_event_buffer_commit+0x1ae/0x240
        trace_event_raw_event_sched_switch+0x114/0x170
        __traceiter_sched_switch+0x39/0x50
        __schedule+0x431/0xb00
        schedule_idle+0x28/0x40
        do_idle+0x198/0x2e0
        cpu_startup_entry+0x19/0x20
        secondary_startup_64_no_verify+0xc2/0xcb
      
      The reason is that the dynamic events array keeps track of the field
      position of the fields array, via the field_pos variable in the
      synth_field structure. Unfortunately, that field is a boolean for some
      reason, which means any field_pos greater than 1 will be a bug (in this
      case it was 2).
      
      Link: https://lkml.kernel.org/r/20210721191008.638bce34@oasis.local.home
      
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: stable@vger.kernel.org
      Fixes: bd82631d ("tracing: Add support for dynamic strings to synthetic events")
      Reviewed-by: default avatarTom Zanussi <zanussi@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      3b13911a
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-07-23' of git://anongit.freedesktop.org/drm/drm · 8baef638
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Regular fixes - a bunch of amdgpu fixes are the main thing mostly for
        the new gpus. There is also some i915 reverts for older changes that
        were having some unwanted side effects. One nouveau fix for a report
        regressions, and otherwise just some misc fixes.
      
        core:
         - fix for non-drm ioctls on drm fd
      
        panel:
         - avoid double free
      
        ttm:
         - refcounting fix
         - NULL checks
      
        amdgpu:
         - Yellow Carp updates
         - Add some Yellow Carp DIDs
         - Beige Goby updates
         - CIK 10bit 4K regression fix
         - GFX10 golden settings updates
         - eDP panel regression fix
         - Misc display fixes
         - Aldebaran fix
         - fix COW checks
      
        nouveau:
         - init BO GEM fields
      
        i915:
         - revert async command parsing
         - revert fence error propogation
         - GVT fix for shadow ppgtt
      
        vc4:
         - fix interrupt handling"
      
      * tag 'drm-fixes-2021-07-23' of git://anongit.freedesktop.org/drm/drm: (34 commits)
        drm/panel: raspberrypi-touchscreen: Prevent double-free
        drm/amdgpu - Corrected the video codecs array name for yellow carp
        drm/amd/display: Fix ASSR regression on embedded panels
        drm/amdgpu: add yellow carp pci id (v2)
        drm/amdgpu: update yellow carp external rev_id handling
        drm/amd/pm: Support board calibration on aldebaran
        drm/amd/display: change zstate allow msg condition
        drm/amd/display: Populate dtbclk entries for dcn3.02/3.03
        drm/amd/display: Line Buffer changes
        drm/amd/display: Remove MALL function from DCN3.1
        drm/amd/display: Only set default brightness for OLED
        drm/amd/display: Update bounding box for DCN3.1
        drm/amd/display: Query VCO frequency from register for DCN3.1
        drm/amd/display: Populate socclk entries for dcn3.02/3.03
        drm/amd/display: Fix max vstartup calculation for modes with borders
        drm/amd/display: implement workaround for riommu related hang
        drm/amd/display: Fix comparison error in dcn21 DML
        drm/i915: Correct the docs for intel_engine_cmd_parser
        drm/ttm: add missing NULL checks
        drm/ttm: Force re-init if ttm_global_init() fails
        ...
      8baef638
    • Linus Torvalds's avatar
      Merge tag 'fallthrough-fixes-clang-5.14-rc3' of... · e08100fe
      Linus Torvalds authored
      Merge tag 'fallthrough-fixes-clang-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull fallthrough fix from Gustavo Silva:
       "Fix a fall-through warning when building with -Wimplicit-fallthrough
        on PowerPC"
      
      * tag 'fallthrough-fixes-clang-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        powerpc/pasemi: Fix fall-through warning for Clang
      e08100fe
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2021-07-22' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · 2e41a669
      Dave Airlie authored
      Short summary of fixes pull:
      
       * Return -ENOTTY for non-DRM ioctls
       * amdgpu: Fix COW checks
       * nouveau: init BO GME fields
       * panel: Avoid double free
       * ttm: Fix refcounting in ttm_global_init(); NULL checks
       * vc4: Fix interrupt handling
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thomas Zimmermann <tzimmermann@suse.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/YPlbkmH6S4VAHP9j@linux-uq9g.fritz.box
      2e41a669
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2021-07-22' of... · 36ebaeb4
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2021-07-22' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      Couple reverts from Jason getting rid of asynchronous command parsing
      and fence error propagation and a GVT fix of shadow ppgtt invalidation
      with proper D3 state tracking from Colin.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/YPl1sIyruD0U5Orl@intel.com
      36ebaeb4
  3. 22 Jul, 2021 13 commits
    • Linus Torvalds's avatar
      Merge tag 'array-bounds-fixes-5.14-rc3' of... · 9bead1b5
      Linus Torvalds authored
      Merge tag 'array-bounds-fixes-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull array bounds warning fix from Gustavo Silva:
       "Fix a couple of out-of-bounds warnings in the media subsystem.
      
        This is part of the ongoing efforts to globally enable -Warray-bounds"
      
      * tag 'array-bounds-fixes-5.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
      9bead1b5
    • Greg Kroah-Hartman's avatar
      Merge tag 'usb-serial-5.14-rc3' of... · 1d1b97d5
      Greg Kroah-Hartman authored
      Merge tag 'usb-serial-5.14-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus
      
      Johan writes:
      
      USB-serial fixes for 5.14-rc3
      
      Here are some new device ids and a device-id comment fix.
      
      All have been in linux-next with no reported issues.
      
      * tag 'usb-serial-5.14-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
        USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
        USB: serial: cp210x: fix comments for GE CS1000
        USB: serial: option: add support for u-blox LARA-R6 family
      1d1b97d5
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 9f42f674
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "A pair of arm64 fixes for -rc3. The straightforward one is a fix to
        our firmware calling stub, which accidentally started corrupting the
        link register on machines with SVE. Since these machines don't really
        exist yet, it wasn't spotted in -next.
      
        The other fix is a revert-and-a-bit of a patch originally intended to
        allow PTE-level huge mappings for the VMAP area on 32-bit PPC 8xx. A
        side-effect of this change was that our pXd_set_huge() implementations
        could be replaced with generic dummy functions depending on the levels
        of page-table being used, which in turn broke the boot if we fail to
        create the linear mapping as a result of using these functions to
        operate on the pgd. Huge thanks to Michael Ellerman for modifying the
        revert so as not to regress PPC 8xx in terms of functionality.
      
        Anyway, that's the background and it's also available in the commit
        message along with Link tags pointing at all of the fun.
      
        Summary:
      
         - Fix hang when issuing SMC on SVE-capable system due to
           clobbered LR
      
         - Fix boot failure due to missing block mappings with folded
           page-table"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        Revert "mm/pgtable: add stubs for {pmd/pub}_{set/clear}_huge"
        arm64: smccc: Save lr before calling __arm_smccc_sve_check()
      9f42f674
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20210722' of... · 7c14e4d6
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20210722' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyperv fixes from Wei Liu:
      
       - bug fix from Haiyang for vmbus CPU assignment
      
       - revert of a bogus patch that went into 5.14-rc1
      
      * tag 'hyperv-fixes-signed-20210722' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        Revert "x86/hyperv: fix logical processor creation"
        Drivers: hv: vmbus: Fix duplicate CPU assignments within a device
      7c14e4d6
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 4784dc99
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix type of bind option flag in af_xdp, from Baruch Siach.
      
       2) Fix use after free in bpf_xdp_link_release(), from Xuan Zhao.
      
       3) PM refcnt imbakance in r8152, from Takashi Iwai.
      
       4) Sign extension ug in liquidio, from Colin Ian King.
      
       5) Mising range check in s390 bpf jit, from Colin Ian King.
      
       6) Uninit value in caif_seqpkt_sendmsg(), from Ziyong Xuan.
      
       7) Fix skb page recycling race, from Ilias Apalodimas.
      
       8) Fix memory leak in tcindex_partial_destroy_work, from Pave Skripkin.
      
       9) netrom timer sk refcnt issues, from Nguyen Dinh Phi.
      
      10) Fix data races aroun tcp's tfo_active_disable_stamp, from Eric
          Dumazet.
      
      11) act_skbmod should only operate on ethernet packets, from Peilin Ye.
      
      12) Fix slab out-of-bpunds in fib6_nh_flush_exceptions(),, from Psolo
          Abeni.
      
      13) Fix sparx5 dependencies, from Yajun Deng.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (74 commits)
        dpaa2-switch: seed the buffer pool after allocating the swp
        net: sched: cls_api: Fix the the wrong parameter
        net: sparx5: fix unmet dependencies warning
        net: dsa: tag_ksz: dont let the hardware process the layer 4 checksum
        net: dsa: ensure linearized SKBs in case of tail taggers
        ravb: Remove extra TAB
        ravb: Fix a typo in comment
        net: dsa: sja1105: make VID 4095 a bridge VLAN too
        tcp: disable TFO blackhole logic by default
        sctp: do not update transport pathmtu if SPP_PMTUD_ENABLE is not set
        net: ixp46x: fix ptp build failure
        ibmvnic: Remove the proper scrq flush
        selftests: net: add ESP-in-UDP PMTU test
        udp: check encap socket in __udp_lib_err
        sctp: update active_key for asoc when old key is being replaced
        r8169: Avoid duplicate sysfs entry creation error
        ixgbe: Fix packet corruption due to missing DMA sync
        Revert "qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()"
        ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
        fsl/fman: Add fibre support
        ...
      4784dc99
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 5e09e197
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - Use kref to fix KASAN splats triggered during card removal
      
       - Don't allocate IDA for OF aliases
      
      * tag 'mmc-v5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: core: Don't allocate IDA for OF aliases
        mmc: core: Use kref in place of struct mmc_blk_data::usage
      5e09e197
    • Haoran Luo's avatar
      tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. · 67f0d6d9
      Haoran Luo authored
      The "rb_per_cpu_empty()" misinterpret the condition (as not-empty) when
      "head_page" and "commit_page" of "struct ring_buffer_per_cpu" points to
      the same buffer page, whose "buffer_data_page" is empty and "read" field
      is non-zero.
      
      An error scenario could be constructed as followed (kernel perspective):
      
      1. All pages in the buffer has been accessed by reader(s) so that all of
      them will have non-zero "read" field.
      
      2. Read and clear all buffer pages so that "rb_num_of_entries()" will
      return 0 rendering there's no more data to read. It is also required
      that the "read_page", "commit_page" and "tail_page" points to the same
      page, while "head_page" is the next page of them.
      
      3. Invoke "ring_buffer_lock_reserve()" with large enough "length"
      so that it shot pass the end of current tail buffer page. Now the
      "head_page", "commit_page" and "tail_page" points to the same page.
      
      4. Discard current event with "ring_buffer_discard_commit()", so that
      "head_page", "commit_page" and "tail_page" points to a page whose buffer
      data page is now empty.
      
      When the error scenario has been constructed, "tracing_read_pipe" will
      be trapped inside a deadloop: "trace_empty()" returns 0 since
      "rb_per_cpu_empty()" returns 0 when it hits the CPU containing such
      constructed ring buffer. Then "trace_find_next_entry_inc()" always
      return NULL since "rb_num_of_entries()" reports there's no more entry
      to read. Finally "trace_seq_to_user()" returns "-EBUSY" spanking
      "tracing_read_pipe" back to the start of the "waitagain" loop.
      
      I've also written a proof-of-concept script to construct the scenario
      and trigger the bug automatically, you can use it to trace and validate
      my reasoning above:
      
        https://github.com/aegistudio/RingBufferDetonator.git
      
      Tests has been carried out on linux kernel 5.14-rc2
      (2734d6c1), my fixed version
      of kernel (for testing whether my update fixes the bug) and
      some older kernels (for range of affected kernels). Test result is
      also attached to the proof-of-concept repository.
      
      Link: https://lore.kernel.org/linux-trace-devel/YPaNxsIlb2yjSi5Y@aegistudio/
      Link: https://lore.kernel.org/linux-trace-devel/YPgrN85WL9VyrZ55@aegistudio
      
      Cc: stable@vger.kernel.org
      Fixes: bf41a158 ("ring-buffer: make reentrant")
      Suggested-by: default avatarLinus Torvalds <torvalds@linuxfoundation.org>
      Signed-off-by: default avatarHaoran Luo <www@aegistudio.net>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      67f0d6d9
    • Ioana Ciornei's avatar
      dpaa2-switch: seed the buffer pool after allocating the swp · 7aaa0f31
      Ioana Ciornei authored
      Any interraction with the buffer pool (seeding a buffer, acquire one) is
      made through a software portal (SWP, a DPIO object).
      There are circumstances where the dpaa2-switch driver probes on a DPSW
      before any DPIO devices have been probed. In this case, seeding of the
      buffer pool will lead to a panic since no SWPs are initialized.
      
      To fix this, seed the buffer pool after making sure that the software
      portals have been probed and are ready to be used.
      
      Fixes: 0b1b7137 ("staging: dpaa2-switch: handle Rx path on control interface")
      Signed-off-by: default avatarIoana Ciornei <ioana.ciornei@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7aaa0f31
    • Maxime Ripard's avatar
      drm/panel: raspberrypi-touchscreen: Prevent double-free · 7bbcb919
      Maxime Ripard authored
      The mipi_dsi_device allocated by mipi_dsi_device_register_full() is
      already free'd on release.
      
      Fixes: 2f733d61 ("drm/panel: Add support for the Raspberry Pi 7" Touchscreen.")
      Signed-off-by: default avatarMaxime Ripard <maxime@cerno.tech>
      Reviewed-by: default avatarSam Ravnborg <sam@ravnborg.org>
      Link: https://patchwork.freedesktop.org/patch/msgid/20210720134525.563936-9-maxime@cerno.tech
      7bbcb919
    • Yajun Deng's avatar
      net: sched: cls_api: Fix the the wrong parameter · 9d85a6f4
      Yajun Deng authored
      The 4th parameter in tc_chain_notify() should be flags rather than seq.
      Let's change it back correctly.
      
      Fixes: 32a4f5ec ("net: sched: introduce chain object to uapi")
      Signed-off-by: default avatarYajun Deng <yajun.deng@linux.dev>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d85a6f4
    • Randy Dunlap's avatar
      net: sparx5: fix unmet dependencies warning · 98c5b13f
      Randy Dunlap authored
      WARNING: unmet direct dependencies detected for PHY_SPARX5_SERDES
        Depends on [n]: (ARCH_SPARX5 || COMPILE_TEST [=n]) && OF [=y] && HAS_IOMEM [=y]
        Selected by [y]:
        - SPARX5_SWITCH [=y] && NETDEVICES [=y] && ETHERNET [=y] && NET_VENDOR_MICROCHIP [=y] && NET_SWITCHDEV [=y] && HAS_IOMEM [=y] && OF [=y]
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Cc: Lars Povlsen <lars.povlsen@microchip.com>
      Cc: Steen Hegelund <Steen.Hegelund@microchip.com>
      Cc: UNGLinuxDriver@microchip.com
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      98c5b13f
    • Alexander Tsoy's avatar
      ALSA: usb-audio: Add registration quirk for JBL Quantum headsets · b0084afd
      Alexander Tsoy authored
      These devices has two interfaces, but only the second interface
      contains the capture endpoint, thus quirk is required to delay the
      registration until the second interface appears.
      Tested-by: default avatarJakub Fišer <jakub@ufiseru.cz>
      Signed-off-by: default avatarAlexander Tsoy <alexander@tsoy.me>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20210721235605.53741-1-alexander@tsoy.meSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      b0084afd
    • David S. Miller's avatar
      Merge branch 'ksz-dsa-fixes' · 5ca096db
      David S. Miller authored
      Lino Sanfilippo says:
      
      ====================
      Fixes for KSZ DSA switch
      
      These patches fix issues I encountered while using a KSZ9897 as a DSA
      switch with a broadcom GENET network device as the DSA master device.
      
      PATCH 1 fixes an invalid access to an SKB in case it is scattered.
      PATCH 2 fixes incorrect hardware checksum calculation caused by the DSA
      tag.
      
      Changes in v2:
      - instead of linearizing the SKBs only for KSZ switches ensure linearized
        SKBs for all tail taggers by clearing the feature flags NETIF_F_HW_SG and
        NETIF_F_FRAGLIST (suggested by Vladimir Oltean)
      
      The patches have been tested with a KSZ9897 and apply against net-next.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5ca096db