1. 24 Mar, 2023 8 commits
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 19a6b66c
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A fix to match the CSR ASID masking rules when passing ASIDs to
         firmware
      
       - Force GCC to use ISA 2.2, to avoid a host of compatibily issues
         between toolchains
      
      * tag 'riscv-for-linus-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Handle zicsr/zifencei issues between clang and binutils
        riscv: mm: Fix incorrect ASID argument when flushing TLB
      19a6b66c
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.3-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 24956974
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
      
       - fix build warning
      
       - avoid concurrent accesses to the Xen PV console ring page
      
      * tag 'for-linus-6.3-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        x86/PVH: avoid 32-bit build warning when obtaining VGA console info
        hvc/xen: prevent concurrent accesses to the shared ring
      24956974
    • Linus Torvalds's avatar
      Merge tag 'tag-chrome-platform-fixes-for-v6.3-rc4' of... · 4bae0ad1
      Linus Torvalds authored
      Merge tag 'tag-chrome-platform-fixes-for-v6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
      
      Pull chrome platform fix from Tzung-Bi Shih:
       "Fix a kernel data leak vulnerability"
      
      * tag 'tag-chrome-platform-fixes-for-v6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
        platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
      4bae0ad1
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · ed1407e7
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "A set of regular driver fixes"
      
      * tag 'i2c-for-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
        i2c: hisi: Only use the completion interrupt to finish the transfer
        i2c: hisi: Avoid redundant interrupts
        i2c: mxs: ensure that DMA buffers are safe for DMA
        i2c: imx-lpi2c: check only for enabled interrupt flags
        i2c: imx-lpi2c: clean rx/tx buffers upon new message
      ed1407e7
    • Linus Torvalds's avatar
      Merge tag 'net-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 608f1b13
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, wifi and bluetooth.
      
        Current release - regressions:
      
         - wifi: mt76: mt7915: add back 160MHz channel width support for
           MT7915
      
         - libbpf: revert poisoning of strlcpy, it broke uClibc-ng
      
        Current release - new code bugs:
      
         - bpf: improve the coverage of the "allow reads from uninit stack"
           feature to fix verification complexity problems
      
         - eth: am65-cpts: reset PPS genf adj settings on enable
      
        Previous releases - regressions:
      
         - wifi: mac80211: serialize ieee80211_handle_wake_tx_queue()
      
         - wifi: mt76: do not run mt76_unregister_device() on unregistered hw,
           fix null-deref
      
         - Bluetooth: btqcomsmd: fix command timeout after setting BD address
      
         - eth: igb: revert rtnl_lock() that causes a deadlock
      
         - dsa: mscc: ocelot: fix device specific statistics
      
        Previous releases - always broken:
      
         - xsk: add missing overflow check in xdp_umem_reg()
      
         - wifi: mac80211:
            - fix QoS on mesh interfaces
            - fix mesh path discovery based on unicast packets
      
         - Bluetooth:
            - ISO: fix timestamped HCI ISO data packet parsing
            - remove "Power-on" check from Mesh feature
      
         - usbnet: more fixes to drivers trusting packet length
      
         - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
      
         - Bluetooth: btintel: iterate only bluetooth device ACPI entries
      
         - eth: iavf: fix inverted Rx hash condition leading to disabled hash
      
         - eth: igc: fix the validation logic for taprio's gate list
      
         - dsa: tag_brcm: legacy: fix daisy-chained switches
      
        Misc:
      
         - bpf: adjust insufficient default bpf_jit_limit to account for
           growth of BPF use over the last 5 years
      
         - xdp: bpf_xdp_metadata() use EOPNOTSUPP as unique errno indicating
           no driver support"
      
      * tag 'net-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
        Bluetooth: HCI: Fix global-out-of-bounds
        Bluetooth: mgmt: Fix MGMT add advmon with RSSI command
        Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
        Bluetooth: L2CAP: Fix responding with wrong PDU type
        Bluetooth: btqcomsmd: Fix command timeout after setting BD address
        Bluetooth: btinel: Check ACPI handle for NULL before accessing
        net: mdio: thunder: Add missing fwnode_handle_put()
        net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case
        net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup()
        net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup()
        net: asix: fix modprobe "sysfs: cannot create duplicate filename"
        gve: Cache link_speed value from device
        tools: ynl: Fix genlmsg header encoding formats
        net: enetc: fix aggregate RMON counters not showing the ranges
        Bluetooth: Remove "Power-on" check from Mesh feature
        Bluetooth: Fix race condition in hci_cmd_sync_clear
        Bluetooth: btintel: Iterate only bluetooth device ACPI entries
        Bluetooth: ISO: fix timestamped HCI ISO data packet parsing
        Bluetooth: btusb: Remove detection of ISO packets over bulk
        Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet
        ...
      608f1b13
    • Linus Torvalds's avatar
      Merge tag 'for-6.3-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 28506304
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A few more fixes, the zoned accounting fix is spread across a few
        patches, preparatory and the actual fixes:
      
         - zoned mode:
            - fix accounting of unusable zone space
            - fix zone activation condition for DUP profile
            - preparatory patches
      
         - improved error handling of missing chunks
      
         - fix compiler warning"
      
      * tag 'for-6.3-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: zoned: drop space_info->active_total_bytes
        btrfs: zoned: count fresh BG region as zone unusable
        btrfs: use temporary variable for space_info in btrfs_update_block_group
        btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING
        btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile
        btrfs: fix compiler warning on SPARC/PA-RISC handling fscrypt_setup_filename
        btrfs: handle missing chunk mapping more gracefully
      28506304
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 6dd74c51
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Four small fixes, three in drivers.
      
        The core fix adds a UFS device to an existing quirk to avoid a huge
        delay on boot"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
        scsi: qla2xxx: Synchronize the IOCB count to be in order
        scsi: qla2xxx: Perform lockless command completion in abort path
        scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
      6dd74c51
    • Tzung-Bi Shih's avatar
      platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl · b20cf3f8
      Tzung-Bi Shih authored
      It is possible to peep kernel page's data by providing larger `insize`
      in struct cros_ec_command[1] when invoking EC host commands.
      
      Fix it by using zeroed memory.
      
      [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74
      
      Fixes: eda2e30c ("mfd / platform: cros_ec: Miscellaneous character device to talk with the EC")
      Signed-off-by: default avatarTzung-Bi Shih <tzungbi@kernel.org>
      Reviewed-by: default avatarGuenter Roeck <groeck@chromium.org>
      Link: https://lore.kernel.org/r/20230324010658.1082361-1-tzungbi@kernel.org
      b20cf3f8
  2. 23 Mar, 2023 24 commits
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 1b4ae19e
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2023-03-23
      
      We've added 8 non-merge commits during the last 13 day(s) which contain
      a total of 21 files changed, 238 insertions(+), 161 deletions(-).
      
      The main changes are:
      
      1) Fix verification issues in some BPF programs due to their stack usage
         patterns, from Eduard Zingerman.
      
      2) Fix to add missing overflow checks in xdp_umem_reg and return an error
         in such case, from Kal Conley.
      
      3) Fix and undo poisoning of strlcpy in libbpf given it broke builds for
         libcs which provided the former like uClibc-ng, from Jesus Sanchez-Palencia.
      
      4) Fix insufficient bpf_jit_limit default to avoid users running into hard
         to debug seccomp BPF errors, from Daniel Borkmann.
      
      5) Fix driver return code when they don't support a bpf_xdp_metadata kfunc
         to make it unambiguous from other errors, from Jesper Dangaard Brouer.
      
      6) Two BPF selftest fixes to address compilation errors from recent changes
         in kernel structures, from Alexei Starovoitov.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        xdp: bpf_xdp_metadata use EOPNOTSUPP for no driver support
        bpf: Adjust insufficient default bpf_jit_limit
        xsk: Add missing overflow check in xdp_umem_reg
        selftests/bpf: Fix progs/test_deny_namespace.c issues.
        selftests/bpf: Fix progs/find_vma_fail1.c build error.
        libbpf: Revert poisoning of strlcpy
        selftests/bpf: Tests for uninitialized stack reads
        bpf: Allow reads from uninit stack
      ====================
      
      Link: https://lore.kernel.org/r/20230323225221.6082-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1b4ae19e
    • Jakub Kicinski's avatar
      Merge tag 'for-net-2023-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth · 2e63a2df
      Jakub Kicinski authored
      Luiz Augusto von Dentz says:
      
      ====================
      bluetooth pull request for net:
      
       - Fix MGMT add advmon with RSSI command
       - L2CAP: Fix responding with wrong PDU type
       - Fix race condition in hci_cmd_sync_clear
       - ISO: Fix timestamped HCI ISO data packet parsing
       - HCI: Fix global-out-of-bounds
       - hci_sync: Resume adv with no RPA when active scan
      
      * tag 'for-net-2023-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
        Bluetooth: HCI: Fix global-out-of-bounds
        Bluetooth: mgmt: Fix MGMT add advmon with RSSI command
        Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
        Bluetooth: L2CAP: Fix responding with wrong PDU type
        Bluetooth: btqcomsmd: Fix command timeout after setting BD address
        Bluetooth: btinel: Check ACPI handle for NULL before accessing
        Bluetooth: Remove "Power-on" check from Mesh feature
        Bluetooth: Fix race condition in hci_cmd_sync_clear
        Bluetooth: btintel: Iterate only bluetooth device ACPI entries
        Bluetooth: ISO: fix timestamped HCI ISO data packet parsing
        Bluetooth: btusb: Remove detection of ISO packets over bulk
        Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet
        Bluetooth: hci_sync: Resume adv with no RPA when active scan
      ====================
      
      Link: https://lore.kernel.org/r/20230323202335.3380841-1-luiz.dentz@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2e63a2df
    • Jakub Kicinski's avatar
      Merge tag 'wireless-2023-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless · 4f44d326
      Jakub Kicinski authored
      Kalle Valo says:
      
      ====================
      wireless fixes for v6.3
      
      Third set of fixes for v6.3. mt76 has two kernel crash fixes and
      adding back 160 MHz channel support for mt7915. mac80211 has fixes for
      a race in transmit path and two mesh related fixes. iwlwifi also has
      fixes for races.
      
      * tag 'wireless-2023-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
        wifi: mac80211: fix mesh path discovery based on unicast packets
        wifi: mac80211: fix qos on mesh interfaces
        wifi: iwlwifi: mvm: protect TXQ list manipulation
        wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
        wifi: mac80211: Serialize ieee80211_handle_wake_tx_queue()
        wifi: mwifiex: mark OF related data as maybe unused
        wifi: mt76: connac: do not check WED status for non-mmio devices
        wifi: mt76: mt7915: add back 160MHz channel width support for MT7915
        wifi: mt76: do not run mt76_unregister_device() on unregistered hw
      ====================
      
      Link: https://lore.kernel.org/r/20230323110332.C4FE4C433D2@smtp.kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4f44d326
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v6.3-rc3-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · 1e760fa3
      Linus Torvalds authored
      Pull gfs2 fix from Andreas Gruenbacher:
      
       - Reinstate commit 970343cd ("GFS2: free disk inode which is
         deleted by remote node -V2") as reverting that commit could cause
         gfs2_put_super() to hang.
      
      * tag 'gfs2-v6.3-rc3-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        Reinstate "GFS2: free disk inode which is deleted by remote node -V2"
      1e760fa3
    • Sungwoo Kim's avatar
      Bluetooth: HCI: Fix global-out-of-bounds · bce56405
      Sungwoo Kim authored
      To loop a variable-length array, hci_init_stage_sync(stage) considers
      that stage[i] is valid as long as stage[i-1].func is valid.
      Thus, the last element of stage[].func should be intentionally invalid
      as hci_init0[], le_init2[], and others did.
      However, amp_init1[] and amp_init2[] have no invalid element, letting
      hci_init_stage_sync() keep accessing amp_init1[] over its valid range.
      This patch fixes this by adding {} in the last of amp_init1[] and
      amp_init2[].
      
      ==================================================================
      BUG: KASAN: global-out-of-bounds in hci_dev_open_sync (
      /v6.2-bzimage/net/bluetooth/hci_sync.c:3154
      /v6.2-bzimage/net/bluetooth/hci_sync.c:3343
      /v6.2-bzimage/net/bluetooth/hci_sync.c:4418
      /v6.2-bzimage/net/bluetooth/hci_sync.c:4609
      /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)
      Read of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032
      CPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04
      Workqueue: hci1 hci_power_on
      Call Trace:
       <TASK>
      dump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))
      print_report (/v6.2-bzimage/mm/kasan/report.c:307
        /v6.2-bzimage/mm/kasan/report.c:417)
      ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154
        /v6.2-bzimage/net/bluetooth/hci_sync.c:3343
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4418
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4609
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)
      kasan_report (/v6.2-bzimage/mm/kasan/report.c:184
        /v6.2-bzimage/mm/kasan/report.c:519)
      ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154
        /v6.2-bzimage/net/bluetooth/hci_sync.c:3343
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4418
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4609
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)
      hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154
        /v6.2-bzimage/net/bluetooth/hci_sync.c:3343
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4418
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4609
        /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)
      ? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)
      ? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190
        /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443
        /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781
        /v6.2-bzimage/kernel/locking/mutex.c:171
        /v6.2-bzimage/kernel/locking/mutex.c:285)
      ? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)
      hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485
        /v6.2-bzimage/net/bluetooth/hci_core.c:984)
      ? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)
      ? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)
      ? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62
        /v6.2-bzimage/lib/string.c:161)
      process_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)
      worker_thread (/v6.2-bzimage/./include/linux/list.h:292
        /v6.2-bzimage/kernel/workqueue.c:2437)
      ? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)
      kthread (/v6.2-bzimage/kernel/kthread.c:376)
      ? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)
      ret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)
       </TASK>
      The buggy address belongs to the variable:
      amp_init1+0x30/0x60
      The buggy address belongs to the physical page:
      page:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia
      flags: 0x200000000001000(reserved|node=0|zone=2)
      raw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000
      raw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000
      page dumped because: kasan: bad access detected
      Memory state around the buggy address:
       ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00
       ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
      >ffffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
                                                                   ^
       ffffffffaed1ab80: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 f9
       ffffffffaed1ac00: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 02 f9
      
      This bug is found by FuzzBT, a modified version of Syzkaller.
      Other contributors for this bug are Ruoyu Wu and Peng Hui.
      
      Fixes: d0b13706 ("Bluetooth: hci_sync: Rework init stages")
      Signed-off-by: default avatarSungwoo Kim <iam@sung-woo.kim>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      bce56405
    • Howard Chung's avatar
      Bluetooth: mgmt: Fix MGMT add advmon with RSSI command · 1a0291f8
      Howard Chung authored
      The MGMT command: MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI uses variable
      length argument. This causes host not able to register advmon with rssi.
      
      This patch has been locally tested by adding monitor with rssi via
      btmgmt on a kernel 6.1 machine.
      Reviewed-by: default avatarArchie Pusaka <apusaka@chromium.org>
      Fixes: b338d917 ("Bluetooth: Implement support for Mesh")
      Signed-off-by: default avatarHoward Chung <howardchung@google.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      1a0291f8
    • Zheng Wang's avatar
      Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work · 1e9ac114
      Zheng Wang authored
      In btsdio_probe, &data->work was bound with btsdio_work.In
      btsdio_send_frame, it was started by schedule_work.
      
      If we call btsdio_remove with an unfinished job, there may
      be a race condition and cause UAF bug on hdev.
      
      Fixes: ddbaf13e ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
      Signed-off-by: default avatarZheng Wang <zyytlz.wz@163.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      1e9ac114
    • Luiz Augusto von Dentz's avatar
      Bluetooth: L2CAP: Fix responding with wrong PDU type · 9aa9d947
      Luiz Augusto von Dentz authored
      L2CAP_ECRED_CONN_REQ shall be responded with L2CAP_ECRED_CONN_RSP not
      L2CAP_LE_CONN_RSP:
      
      L2CAP LE EATT Server - Reject - run
        Listening for connections
        New client connection with handle 0x002a
        Sending L2CAP Request from client
        Client received response code 0x15
        Unexpected L2CAP response code (expected 0x18)
      L2CAP LE EATT Server - Reject - test failed
      
      > ACL Data RX: Handle 42 flags 0x02 dlen 26
            LE L2CAP: Enhanced Credit Connection Request (0x17) ident 1 len 18
              PSM: 39 (0x0027)
              MTU: 64
              MPS: 64
              Credits: 5
              Source CID: 65
              Source CID: 66
              Source CID: 67
              Source CID: 68
              Source CID: 69
      < ACL Data TX: Handle 42 flags 0x00 dlen 16
            LE L2CAP: LE Connection Response (0x15) ident 1 len 8
              invalid size
              00 00 00 00 00 00 06 00
      
      L2CAP LE EATT Server - Reject - run
        Listening for connections
        New client connection with handle 0x002a
        Sending L2CAP Request from client
        Client received response code 0x18
      L2CAP LE EATT Server - Reject - test passed
      
      Fixes: 15f02b91 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      9aa9d947
    • Stephan Gerhold's avatar
      Bluetooth: btqcomsmd: Fix command timeout after setting BD address · 5d44ab9e
      Stephan Gerhold authored
      On most devices using the btqcomsmd driver (e.g. the DragonBoard 410c
      and other devices based on the Qualcomm MSM8916/MSM8909/... SoCs)
      the Bluetooth firmware seems to become unresponsive for a while after
      setting the BD address. On recent kernel versions (at least 5.17+)
      this often causes timeouts for subsequent commands, e.g. the HCI reset
      sent by the Bluetooth core during initialization:
      
          Bluetooth: hci0: Opcode 0x c03 failed: -110
      
      Unfortunately this behavior does not seem to be documented anywhere.
      Experimentation suggests that the minimum necessary delay to avoid
      the problem is ~150us. However, to be sure add a sleep for > 1ms
      in case it is a bit longer on other firmware versions.
      
      Older kernel versions are likely also affected, although perhaps with
      slightly different errors or less probability. Side effects can easily
      hide the issue in most cases, e.g. unrelated incoming interrupts that
      cause the necessary delay.
      
      Fixes: 1511cc75 ("Bluetooth: Introduce Qualcomm WCNSS SMD based HCI driver")
      Signed-off-by: default avatarStephan Gerhold <stephan.gerhold@kernkonzept.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      5d44ab9e
    • Kiran K's avatar
      Bluetooth: btinel: Check ACPI handle for NULL before accessing · 902160cd
      Kiran K authored
      Older platforms and Virtual platforms which doesn't have support for
      bluetooth device in ACPI firmware will not have valid ACPI handle.
      Check for validity of handle before accessing.
      
      dmesg log from simics environment (virtual platform):
      
      BUG: unable to handle kernel NULL pointer dereference at
      0000000000000018
      IP: acpi_ns_walk_namespace+0x5c/0x278
      PGD 0 P4D 0
      Oops: 0000 [#1] SMP PTI
      Modules linked in: bnep intel_powerclamp coretemp kvm_intel
      kvm irqbypass intel_cstate input_leds joydev serio_raw mac_hid
      btusb(OE) btintel(OE) bluetooth(OE) lpc_ich compat(OE) ecdh_generic
      i7core_edac i5500_temp shpchp binfmt_misc sch_fq_codel parport_pc ppdev
      lp parport ip_tables x_tables autofs4 hid_generic usbhid hid e1000e
      psmouse ahci pata_acpi libahci ptp pps_core floppy
      CPU: 0 PID: 35 Comm: kworker/u3:0 Tainted: G           OE
      4.15.0-140-generic #144-Ubuntu
      Hardware name: Simics Simics, BIOS Simics 01/01/2011
      Workqueue: hci0 hci_power_on [bluetooth]
      RIP: 0010:acpi_ns_walk_namespace+0x5c/0x278
      RSP: 0000:ffffaa9c0049bba8 EFLAGS: 00010246
      RAX: 0000000000000001 RBX: 0000000000001001 RCX: 0000000000000010
      RDX: ffffffff92ea7e27 RSI: ffffffff92ea7e10 RDI: 00000000000000c8
      RBP: ffffaa9c0049bbf8 R08: 0000000000000000 R09: ffffffffc05b39d0
      R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
      R13: 0000000000000000 R14: ffffffffc05b39d0 R15: ffffaa9c0049bc70
      FS:  0000000000000000(0000) GS:ffff8be73fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000018 CR3: 0000000075f0e000 CR4: 00000000000006f0
      
      Fixes: 294d749b ("Bluetooth: btintel: Iterate only bluetooth device ACPI entries")
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      902160cd
    • Nathan Chancellor's avatar
      riscv: Handle zicsr/zifencei issues between clang and binutils · e89c2e81
      Nathan Chancellor authored
      There are two related issues that appear in certain combinations with
      clang and GNU binutils.
      
      The first occurs when a version of clang that supports zicsr or zifencei
      via '-march=' [1] (i.e, >= 17.x) is used in combination with a version
      of GNU binutils that do not recognize zicsr and zifencei in the
      '-march=' value (i.e., < 2.36):
      
        riscv64-linux-gnu-ld: -march=rv64i2p0_m2p0_a2p0_c2p0_zicsr2p0_zifencei2p0: Invalid or unknown z ISA extension: 'zifencei'
        riscv64-linux-gnu-ld: failed to merge target specific data of file fs/efivarfs/file.o
        riscv64-linux-gnu-ld: -march=rv64i2p0_m2p0_a2p0_c2p0_zicsr2p0_zifencei2p0: Invalid or unknown z ISA extension: 'zifencei'
        riscv64-linux-gnu-ld: failed to merge target specific data of file fs/efivarfs/super.o
      
      The second occurs when a version of clang that does not support zicsr or
      zifencei via '-march=' (i.e., <= 16.x) is used in combination with a
      version of GNU as that defaults to a newer ISA base spec, which requires
      specifying zicsr and zifencei in the '-march=' value explicitly (i.e, >=
      2.38):
      
        ../arch/riscv/kernel/kexec_relocate.S: Assembler messages:
        ../arch/riscv/kernel/kexec_relocate.S:147: Error: unrecognized opcode `fence.i', extension `zifencei' required
        clang-12: error: assembler command failed with exit code 1 (use -v to see invocation)
      
      This is the same issue addressed by commit 6df2a016 ("riscv: fix
      build with binutils 2.38") (see [2] for additional information) but
      older versions of clang miss out on it because the cc-option check
      fails:
      
        clang-12: error: invalid arch name 'rv64imac_zicsr_zifencei', unsupported standard user-level extension 'zicsr'
        clang-12: error: invalid arch name 'rv64imac_zicsr_zifencei', unsupported standard user-level extension 'zicsr'
      
      To resolve the first issue, only attempt to add zicsr and zifencei to
      the march string when using the GNU assembler 2.38 or newer, which is
      when the default ISA spec was updated, requiring these extensions to be
      specified explicitly. LLVM implements an older version of the base
      specification for all currently released versions, so these instructions
      are available as part of the 'i' extension. If LLVM's implementation is
      updated in the future, a CONFIG_AS_IS_LLVM condition can be added to
      CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI.
      
      To resolve the second issue, use version 2.2 of the base ISA spec when
      using an older version of clang that does not support zicsr or zifencei
      via '-march=', as that is the spec version most compatible with the one
      clang/LLVM implements and avoids the need to specify zicsr and zifencei
      explicitly due to still being a part of 'i'.
      
      [1]: https://github.com/llvm/llvm-project/commit/22e199e6afb1263c943c0c0d4498694e15bf8a16
      [2]: https://lore.kernel.org/ZAxT7T9Xy1Fo3d5W@aurel32.net/
      
      Cc: stable@vger.kernel.org
      Link: https://github.com/ClangBuiltLinux/linux/issues/1808Co-developed-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Signed-off-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Acked-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Link: https://lore.kernel.org/r/20230313-riscv-zicsr-zifencei-fiasco-v1-1-dd1b7840a551@kernel.orgSigned-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      e89c2e81
    • Bob Peterson's avatar
      Reinstate "GFS2: free disk inode which is deleted by remote node -V2" · 260595b4
      Bob Peterson authored
      It turns out that reverting commit 970343cd ("GFS2: free disk inode
      which is deleted by remote node -V2") causes a regression related to
      evicting inodes that were unlinked on a different cluster node.
      
      We could also have simply added a call to d_mark_dontcache() to function
      gfs2_try_evict(), but the original pre-revert code is better tested and
      proven.
      
      This reverts commit 445cb127.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      260595b4
    • Linus Torvalds's avatar
      Merge tag 'zonefs-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs · 9fd6ba54
      Linus Torvalds authored
      Pull zonefs fixes from Damien Le Moal:
      
       - Silence a false positive smatch warning about an uninitialized
         variable
      
       - Fix an error message to provide more useful information about invalid
         zone append write results
      
      * tag 'zonefs-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
        zonefs: Fix error message in zonefs_file_dio_append()
        zonefs: Prevent uninitialized symbol 'size' warning
      9fd6ba54
    • Liang He's avatar
      net: mdio: thunder: Add missing fwnode_handle_put() · b1de5c78
      Liang He authored
      In device_for_each_child_node(), we should add fwnode_handle_put()
      when break out of the iteration device_for_each_child_node()
      as it will automatically increase and decrease the refcounter.
      
      Fixes: 379d7ac7 ("phy: mdio-thunder: Add driver for Cavium Thunder SoC MDIO buses.")
      Signed-off-by: default avatarLiang He <windhl@126.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b1de5c78
    • Jakub Kicinski's avatar
      Merge tag 'mlx5-fixes-2023-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · fb63d217
      Jakub Kicinski authored
      Saeed Mahameed says:
      
      ====================
      mlx5 fixes 2023-03-21
      
      This series provides bug fixes to mlx5 driver.
      
      * tag 'mlx5-fixes-2023-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux:
        net/mlx5: E-Switch, Fix an Oops in error handling code
        net/mlx5: Read the TC mapping of all priorities on ETS query
        net/mlx5e: Overcome slow response for first macsec ASO WQE
        net/mlx5e: Initialize link speed to zero
        net/mlx5: Fix steering rules cleanup
        net/mlx5e: Block entering switchdev mode with ns inconsistency
        net/mlx5e: Set uplink rep as NETNS_LOCAL
      ====================
      
      Link: https://lore.kernel.org/r/20230321211135.47711-1-saeed@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fb63d217
    • Jakub Kicinski's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 3e212b0b
      Jakub Kicinski authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2023-03-21 (ice)
      
      This series contains updates to ice driver only.
      
      Piotr sets first_desc field for proper handling of Flow Director
      packets.
      
      Michal moves error checking for VF earlier in function to properly return
      error before other checks/reporting; he also corrects VSI filter removal to
      be done during VSI removal and not rebuild.
      
      * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        ice: remove filters only if VSI is deleted
        ice: check if VF exists before mode check
        ice: fix rx buffers handling for flow director packets
      ====================
      
      Link: https://lore.kernel.org/r/20230321183641.2849726-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      3e212b0b
    • Jakub Kicinski's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · cad4fb02
      Jakub Kicinski authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2023-03-21 (iavf, i40e)
      
      This series contains updates to iavf and i40e drivers.
      
      Stefan Assmann adds check, and return, if driver has already gone
      through remove to prevent hang for iavf.
      
      Radoslaw adds zero initialization to ensure Flow Director packets are
      populated with correct values for i40e.
      
      * '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        i40e: fix flow director packet filter programming
        iavf: fix hang on reboot with ice
      ====================
      
      Link: https://lore.kernel.org/r/20230321183548.2849671-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      cad4fb02
    • Arınç ÜNAL's avatar
      net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case · 407b508b
      Arınç ÜNAL authored
      Move setting the ssc_delta variable to under the PHY_INTERFACE_MODE_TRGMII
      case as it's only needed when trgmii is used.
      
      Fixes: b8f126a8 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
      Signed-off-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Link: https://lore.kernel.org/r/20230320190520.124513-3-arinc.unal@arinc9.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      407b508b
    • Arınç ÜNAL's avatar
      net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() · fdcc8ccd
      Arınç ÜNAL authored
      Move lowering the TRGMII Tx clock driving to mt7530_setup(), after setting
      the core clock, as seen on the U-Boot MediaTek ethernet driver.
      
      Move the code which looks like it lowers the TRGMII Rx clock driving to
      after the TRGMII Tx clock driving is lowered. This is run after lowering
      the Tx clock driving on the U-Boot MediaTek ethernet driver as well.
      
      This way, the switch should consume less power regardless of port 6 being
      used.
      
      Update the comment explaining mt7530_pad_clk_setup().
      
      Tested rgmii and trgmii modes of port 6 and rgmii mode of port 5 on MCM
      MT7530 on MT7621AT Unielec U7621-06 and standalone MT7530 on MT7623NI
      Bananapi BPI-R2.
      
      Fixes: b8f126a8 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
      Link: https://source.denx.de/u-boot/u-boot/-/blob/29a48bf9ccba45a5e560bb564bbe76e42629325f/drivers/net/mtk_eth.c#L682Tested-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Signed-off-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Link: https://lore.kernel.org/r/20230320190520.124513-2-arinc.unal@arinc9.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fdcc8ccd
    • Arınç ÜNAL's avatar
      net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() · 8f058a6e
      Arınç ÜNAL authored
      Split the code that enables and disables TRGMII clocks and core clock.
      Move enabling and disabling core clock to mt7530_pll_setup() as it's
      supposed to be run there.
      
      Add 20 ms delay before enabling the core clock as seen on the U-Boot
      MediaTek ethernet driver.
      
      Change the comment for enabling and disabling TRGMII clocks as the code
      seems to affect both TXC and RXC.
      
      Tested rgmii and trgmii modes of port 6 and rgmii mode of port 5 on MCM
      MT7530 on MT7621AT Unielec U7621-06 and standalone MT7530 on MT7623NI
      Bananapi BPI-R2.
      
      Fixes: b8f126a8 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
      Link: https://source.denx.de/u-boot/u-boot/-/blob/29a48bf9ccba45a5e560bb564bbe76e42629325f/drivers/net/mtk_eth.c#L589Tested-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Signed-off-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Link: https://lore.kernel.org/r/20230320190520.124513-1-arinc.unal@arinc9.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8f058a6e
    • Grant Grundler's avatar
      net: asix: fix modprobe "sysfs: cannot create duplicate filename" · 8eac0095
      Grant Grundler authored
      "modprobe asix ; rmmod asix ; modprobe asix" fails with:
         sysfs: cannot create duplicate filename \
         	'/devices/virtual/mdio_bus/usb-003:004'
      
      Issue was originally reported by Anton Lundin on 2022-06-22 (link below).
      
      Chrome OS team hit the same issue in Feb, 2023 when trying to find
      work arounds for other issues with AX88172 devices.
      
      The use of devm_mdiobus_register() with usbnet devices results in the
      MDIO data being associated with the USB device. When the asix driver
      is unloaded, the USB device continues to exist and the corresponding
      "mdiobus_unregister()" is NOT called until the USB device is unplugged
      or unauthorized. So the next "modprobe asix" will fail because the MDIO
      phy sysfs attributes still exist.
      
      The 'easy' (from a design PoV) fix is to use the non-devm variants of
      mdiobus_* functions and explicitly manage this use in the asix_bind
      and asix_unbind function calls. I've not explored trying to fix usbnet
      initialization so devm_* stuff will work.
      
      Fixes: e532a096 ("net: usb: asix: ax88772: add phylib support")
      Reported-by: default avatarAnton Lundin <glance@acc.umu.se>
      Link: https://lore.kernel.org/netdev/20220623063649.GD23685@pengutronix.de/T/Tested-by: default avatarEizan Miyamoto <eizan@chromium.org>
      Signed-off-by: default avatarGrant Grundler <grundler@chromium.org>
      Link: https://lore.kernel.org/r/20230321170539.732147-1-grundler@chromium.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8eac0095
    • Joshua Washington's avatar
      gve: Cache link_speed value from device · 68c3e4fc
      Joshua Washington authored
      The link speed is never changed for the uptime of a VM, and the current
      implementation sends an admin queue command for each call. Admin queue
      command invocations have nontrivial overhead (e.g., VM exits), which can
      be disruptive to users if triggered frequently. Our telemetry data shows
      that there are VMs that make frequent calls to this admin queue command.
      Caching the result of the original admin queue command would eliminate
      the need to send multiple admin queue commands on subsequent calls to
      retrieve link speed.
      
      Fixes: 7e074d5a ("gve: Enable Link Speed Reporting in the driver.")
      Signed-off-by: default avatarJoshua Washington <joshwash@google.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20230321172332.91678-1-joshwash@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      68c3e4fc
    • Donald Hunter's avatar
      tools: ynl: Fix genlmsg header encoding formats · 758d29fb
      Donald Hunter authored
      The pack strings use 'b' signed char for cmd and version but struct
      genlmsghdr defines them as unsigned char. Use 'B' instead.
      
      Fixes: 4e4480e8 ("tools: ynl: move the cli and netlink code around")
      Signed-off-by: default avatarDonald Hunter <donald.hunter@gmail.com>
      Link: https://lore.kernel.org/r/20230319193803.97453-1-donald.hunter@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      758d29fb
    • Vladimir Oltean's avatar
      net: enetc: fix aggregate RMON counters not showing the ranges · c79493c3
      Vladimir Oltean authored
      When running "ethtool -S eno0 --groups rmon" without an explicit "--src
      emac|pmac" argument, the kernel will not report
      rx-rmon-etherStatsPkts64to64Octets, rx-rmon-etherStatsPkts65to127Octets,
      etc. This is because on ETHTOOL_MAC_STATS_SRC_AGGREGATE, we do not
      populate the "ranges" argument.
      
      ocelot_port_get_rmon_stats() does things differently and things work
      there. I had forgotten to make sure that the code is structured the same
      way in both drivers, so do that now.
      
      Fixes: cf52bd23 ("net: enetc: add support for MAC Merge statistics counters")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20230321232831.1200905-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c79493c3
  3. 22 Mar, 2023 8 commits
    • Brian Gix's avatar
      Bluetooth: Remove "Power-on" check from Mesh feature · 52dd5e96
      Brian Gix authored
      The Bluetooth mesh experimental feature enable was requiring the
      controller to be powered off in order for the Enable to work. Mesh is
      supposed to be enablable regardless of the controller state, and created
      an unintended requirement that the mesh daemon be started before the
      classic bluetoothd daemon.
      
      Fixes: af6bcc19 ("Bluetooth: Add experimental wrapper for MGMT based mesh")
      Signed-off-by: default avatarBrian Gix <brian.gix@gmail.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      52dd5e96
    • Min Li's avatar
      Bluetooth: Fix race condition in hci_cmd_sync_clear · 1c66bee4
      Min Li authored
      There is a potential race condition in hci_cmd_sync_work and
      hci_cmd_sync_clear, and could lead to use-after-free. For instance,
      hci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync
      The entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and
      causing kernel panic when it is used in 'hci_cmd_sync_work'.
      
      Here's the call trace:
      
      dump_stack_lvl+0x49/0x63
      print_report.cold+0x5e/0x5d3
      ? hci_cmd_sync_work+0x282/0x320
      kasan_report+0xaa/0x120
      ? hci_cmd_sync_work+0x282/0x320
      __asan_report_load8_noabort+0x14/0x20
      hci_cmd_sync_work+0x282/0x320
      process_one_work+0x77b/0x11c0
      ? _raw_spin_lock_irq+0x8e/0xf0
      worker_thread+0x544/0x1180
      ? poll_idle+0x1e0/0x1e0
      kthread+0x285/0x320
      ? process_one_work+0x11c0/0x11c0
      ? kthread_complete_and_exit+0x30/0x30
      ret_from_fork+0x22/0x30
      </TASK>
      
      Allocated by task 266:
      kasan_save_stack+0x26/0x50
      __kasan_kmalloc+0xae/0xe0
      kmem_cache_alloc_trace+0x191/0x350
      hci_cmd_sync_queue+0x97/0x2b0
      hci_update_passive_scan+0x176/0x1d0
      le_conn_complete_evt+0x1b5/0x1a00
      hci_le_conn_complete_evt+0x234/0x340
      hci_le_meta_evt+0x231/0x4e0
      hci_event_packet+0x4c5/0xf00
      hci_rx_work+0x37d/0x880
      process_one_work+0x77b/0x11c0
      worker_thread+0x544/0x1180
      kthread+0x285/0x320
      ret_from_fork+0x22/0x30
      
      Freed by task 269:
      kasan_save_stack+0x26/0x50
      kasan_set_track+0x25/0x40
      kasan_set_free_info+0x24/0x40
      ____kasan_slab_free+0x176/0x1c0
      __kasan_slab_free+0x12/0x20
      slab_free_freelist_hook+0x95/0x1a0
      kfree+0xba/0x2f0
      hci_cmd_sync_clear+0x14c/0x210
      hci_unregister_dev+0xff/0x440
      vhci_release+0x7b/0xf0
      __fput+0x1f3/0x970
      ____fput+0xe/0x20
      task_work_run+0xd4/0x160
      do_exit+0x8b0/0x22a0
      do_group_exit+0xba/0x2a0
      get_signal+0x1e4a/0x25b0
      arch_do_signal_or_restart+0x93/0x1f80
      exit_to_user_mode_prepare+0xf5/0x1a0
      syscall_exit_to_user_mode+0x26/0x50
      ret_from_fork+0x15/0x30
      
      Fixes: 6a98e383 ("Bluetooth: Add helper for serialized HCI command execution")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMin Li <lm0963hack@gmail.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      1c66bee4
    • Kiran K's avatar
      Bluetooth: btintel: Iterate only bluetooth device ACPI entries · 294d749b
      Kiran K authored
      Current flow interates over entire ACPI table entries looking for
      Bluetooth Per Platform Antenna Gain(PPAG) entry. This patch iterates
      over ACPI entries relvant to Bluetooth device only.
      
      Fixes: c585a92b ("Bluetooth: btintel: Set Per Platform Antenna Gain(PPAG)")
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      294d749b
    • Pauli Virtanen's avatar
      Bluetooth: ISO: fix timestamped HCI ISO data packet parsing · 2f10e40a
      Pauli Virtanen authored
      Use correct HCI ISO data packet header struct when the packet has
      timestamp. The timestamp, when present, goes before the other fields
      (Core v5.3 4E 5.4.5), so the structs are not compatible.
      
      Fixes: ccf74f23 ("Bluetooth: Add BTPROTO_ISO socket type")
      Signed-off-by: default avatarPauli Virtanen <pav@iki.fi>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      2f10e40a
    • Luiz Augusto von Dentz's avatar
      Bluetooth: btusb: Remove detection of ISO packets over bulk · efe375b7
      Luiz Augusto von Dentz authored
      This removes the code introduced by
      14202eff as hci_recv_frame is now able
      to detect ACL packets that are in fact ISO packets.
      
      Fixes: 14202eff ("Bluetooth: btusb: Detect if an ACL packet is in fact an ISO packet")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      efe375b7
    • Luiz Augusto von Dentz's avatar
      Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet · 876e7810
      Luiz Augusto von Dentz authored
      Because some transports don't have a dedicated type for ISO packets
      (see 14202eff) they may use ACL type
      when in fact they are ISO packets.
      
      In the past this was left for the driver to detect such thing but it
      creates a problem when using the likes of btproxy when used by a VM as
      the host would not be aware of the connection the guest is doing it
      won't be able to detect such behavior, so this make bt_recv_frame
      detect when it happens as it is the common interface to all drivers
      including guest VMs.
      
      Fixes: 14202eff ("Bluetooth: btusb: Detect if an ACL packet is in fact an ISO packet")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      876e7810
    • Zhengping Jiang's avatar
      Bluetooth: hci_sync: Resume adv with no RPA when active scan · 3c44a431
      Zhengping Jiang authored
      The address resolution should be disabled during the active scan,
      so all the advertisements can reach the host. The advertising
      has to be paused before disabling the address resolution,
      because the advertising will prevent any changes to the resolving
      list and the address resolution status. Skipping this will cause
      the hci error and the discovery failure.
      
      According to the bluetooth specification:
      "7.8.44 LE Set Address Resolution Enable command
      
      This command shall not be used when:
      - Advertising (other than periodic advertising) is enabled,
      - Scanning is enabled, or
      - an HCI_LE_Create_Connection, HCI_LE_Extended_Create_Connection, or
        HCI_LE_Periodic_Advertising_Create_Sync command is outstanding."
      
      If the host is using RPA, the controller needs to generate RPA for
      the advertising, so the advertising must remain paused during the
      active scan.
      
      If the host is not using RPA, the advertising can be resumed after
      disabling the address resolution.
      
      Fixes: 9afc675e ("Bluetooth: hci_sync: allow advertise when scan without RPA")
      Signed-off-by: default avatarZhengping Jiang <jiangzp@google.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      3c44a431
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · fff5a5e7
      Linus Torvalds authored
      Pull ARM fix from Russell King:
       "Just one fix for now to eliminate a KASAN false positive"
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9290/1: uaccess: Fix KASAN false-positives
      fff5a5e7