1. 07 Apr, 2021 2 commits
    • Mike Marciniszyn's avatar
      IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS · 5de61a47
      Mike Marciniszyn authored
      A panic can result when AIP is enabled:
      
        BUG: unable to handle kernel NULL pointer dereference at 000000000000000
        PGD 0 P4D 0
        Oops: 0000 1 SMP PTI
        CPU: 70 PID: 981 Comm: systemd-udevd Tainted: G OE --------- - - 4.18.0-240.el8.x86_64 #1
        Hardware name: Intel Corporation S2600KP/S2600KP, BIOS SE5C610.86B.01.01.0005.101720141054 10/17/2014
        RIP: 0010:__bitmap_and+0x1b/0x70
        RSP: 0018:ffff99aa0845f9f0 EFLAGS: 00010246
        RAX: 0000000000000000 RBX: ffff8d5a6fc18000 RCX: 0000000000000048
        RDX: 0000000000000000 RSI: ffffffffc06336f0 RDI: ffff8d5a8fa67750
        RBP: 0000000000000079 R08: 0000000fffffffff R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffc06336f0
        R13: 00000000000000a0 R14: ffff8d5a6fc18000 R15: 0000000000000003
        FS: 00007fec137a5980(0000) GS:ffff8d5a9fa80000(0000) knlGS:0000000000000000
        CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 0000000000000000 CR3: 0000000a04b48002 CR4: 00000000001606e0
        Call Trace:
        hfi1_num_netdev_contexts+0x7c/0x110 [hfi1]
        hfi1_init_dd+0xd7f/0x1a90 [hfi1]
        ? pci_bus_read_config_dword+0x49/0x70
        ? pci_mmcfg_read+0x3e/0xe0
        do_init_one.isra.18+0x336/0x640 [hfi1]
        local_pci_probe+0x41/0x90
        pci_device_probe+0x105/0x1c0
        really_probe+0x212/0x440
        driver_probe_device+0x49/0xc0
        device_driver_attach+0x50/0x60
        __driver_attach+0x61/0x130
        ? device_driver_attach+0x60/0x60
        bus_for_each_dev+0x77/0xc0
        ? klist_add_tail+0x3b/0x70
        bus_add_driver+0x14d/0x1e0
        ? dev_init+0x10b/0x10b [hfi1]
        driver_register+0x6b/0xb0
        ? dev_init+0x10b/0x10b [hfi1]
        hfi1_mod_init+0x1e6/0x20a [hfi1]
        do_one_initcall+0x46/0x1c3
        ? free_unref_page_commit+0x91/0x100
        ? _cond_resched+0x15/0x30
        ? kmem_cache_alloc_trace+0x140/0x1c0
        do_init_module+0x5a/0x220
        load_module+0x14b4/0x17e0
        ? __do_sys_finit_module+0xa8/0x110
        __do_sys_finit_module+0xa8/0x110
        do_syscall_64+0x5b/0x1a0
      
      The issue happens when pcibus_to_node() returns NO_NUMA_NODE.
      
      Fix this issue by moving the initialization of dd->node to hfi1_devdata
      allocation and remove the other pcibus_to_node() calls in the probe path
      and use dd->node instead.
      
      Affinity logic is adjusted to use a new field dd->affinity_entry as a
      guard instead of dd->node.
      
      Fixes: 4730f4a6 ("IB/hfi1: Activate the dummy netdev")
      Link: https://lore.kernel.org/r/1617025700-31865-4-git-send-email-dennis.dalessandro@cornelisnetworks.com
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      5de61a47
    • Potnuri Bharat Teja's avatar
      RDMA/cxgb4: check for ipv6 address properly while destroying listener · 603c4690
      Potnuri Bharat Teja authored
      ipv6 bit is wrongly set by the below which causes fatal adapter lookup
      engine errors for ipv4 connections while destroying a listener.  Fix it to
      properly check the local address for ipv6.
      
      Fixes: 3408be14 ("RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server")
      Link: https://lore.kernel.org/r/20210331135715.30072-1-bharat@chelsio.comSigned-off-by: default avatarPotnuri Bharat Teja <bharat@chelsio.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      603c4690
  2. 01 Apr, 2021 1 commit
    • Md Haris Iqbal's avatar
      RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files · 7582207b
      Md Haris Iqbal authored
      KASAN detected the following BUG:
      
        BUG: KASAN: use-after-free in rtrs_clt_update_wc_stats+0x41/0x100 [rtrs_client]
        Read of size 8 at addr ffff88bf2fb4adc0 by task swapper/0/0
      
        CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           O      5.4.84-pserver #5.4.84-1+feature+linux+5.4.y+dbg+20201216.1319+b6b887b~deb10
        Hardware name: Supermicro H8QG6/H8QG6, BIOS 3.00       09/04/2012
        Call Trace:
         <IRQ>
         dump_stack+0x96/0xe0
         print_address_description.constprop.4+0x1f/0x300
         ? irq_work_claim+0x2e/0x50
         __kasan_report.cold.8+0x78/0x92
         ? rtrs_clt_update_wc_stats+0x41/0x100 [rtrs_client]
         kasan_report+0x10/0x20
         rtrs_clt_update_wc_stats+0x41/0x100 [rtrs_client]
         rtrs_clt_rdma_done+0xb1/0x760 [rtrs_client]
         ? lockdep_hardirqs_on+0x1a8/0x290
         ? process_io_rsp+0xb0/0xb0 [rtrs_client]
         ? mlx4_ib_destroy_cq+0x100/0x100 [mlx4_ib]
         ? add_interrupt_randomness+0x1a2/0x340
         __ib_process_cq+0x97/0x100 [ib_core]
         ib_poll_handler+0x41/0xb0 [ib_core]
         irq_poll_softirq+0xe0/0x260
         __do_softirq+0x127/0x672
         irq_exit+0xd1/0xe0
         do_IRQ+0xa3/0x1d0
         common_interrupt+0xf/0xf
         </IRQ>
        RIP: 0010:cpuidle_enter_state+0xea/0x780
        Code: 31 ff e8 99 48 47 ff 80 7c 24 08 00 74 12 9c 58 f6 c4 02 0f 85 53 05 00 00 31 ff e8 b0 6f 53 ff e8 ab 4f 5e ff fb 8b 44 24 04 <85> c0 0f 89 f3 01 00 00 48 8d 7b 14 e8 65 1e 77 ff c7 43 14 00 00
        RSP: 0018:ffffffffab007d58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffca
        RAX: 0000000000000002 RBX: ffff88b803d69800 RCX: ffffffffa91a8298
        RDX: 0000000000000007 RSI: dffffc0000000000 RDI: ffffffffab021414
        RBP: ffffffffab6329e0 R08: 0000000000000002 R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
        R13: 000000bf39d82466 R14: ffffffffab632aa0 R15: ffffffffab632ae0
         ? lockdep_hardirqs_on+0x1a8/0x290
         ? cpuidle_enter_state+0xe5/0x780
         cpuidle_enter+0x3c/0x60
         do_idle+0x2fb/0x390
         ? arch_cpu_idle_exit+0x40/0x40
         ? schedule+0x94/0x120
         cpu_startup_entry+0x19/0x1b
         start_kernel+0x5da/0x61b
         ? thread_stack_cache_init+0x6/0x6
         ? load_ucode_amd_bsp+0x6f/0xc4
         ? init_amd_microcode+0xa6/0xa6
         ? x86_family+0x5/0x20
         ? load_ucode_bsp+0x182/0x1fd
         secondary_startup_64+0xa4/0xb0
      
        Allocated by task 5730:
         save_stack+0x19/0x80
         __kasan_kmalloc.constprop.9+0xc1/0xd0
         kmem_cache_alloc_trace+0x15b/0x350
         alloc_sess+0xf4/0x570 [rtrs_client]
         rtrs_clt_open+0x3b4/0x780 [rtrs_client]
         find_and_get_or_create_sess+0x649/0x9d0 [rnbd_client]
         rnbd_clt_map_device+0xd7/0xf50 [rnbd_client]
         rnbd_clt_map_device_store+0x4ee/0x970 [rnbd_client]
         kernfs_fop_write+0x141/0x240
         vfs_write+0xf3/0x280
         ksys_write+0xba/0x150
         do_syscall_64+0x68/0x270
         entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
        Freed by task 5822:
         save_stack+0x19/0x80
         __kasan_slab_free+0x125/0x170
         kfree+0xe7/0x3f0
         kobject_put+0xd3/0x240
         rtrs_clt_destroy_sess_files+0x3f/0x60 [rtrs_client]
         rtrs_clt_close+0x3c/0x80 [rtrs_client]
         close_rtrs+0x45/0x80 [rnbd_client]
         rnbd_client_exit+0x10f/0x2bd [rnbd_client]
         __x64_sys_delete_module+0x27b/0x340
         do_syscall_64+0x68/0x270
         entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      When rtrs_clt_close is triggered, it iterates over all the present
      rtrs_clt_sess and triggers close on them. However, the call to
      rtrs_clt_destroy_sess_files is done before the rtrs_clt_close_conns. This
      is incorrect since during the initialization phase we allocate
      rtrs_clt_sess first, and then we go ahead and create rtrs_clt_con for it.
      
      If we free the rtrs_clt_sess structure before closing the rtrs_clt_con, it
      may so happen that an inflight IO completion would trigger the function
      rtrs_clt_rdma_done, which would lead to the above UAF case.
      
      Hence close the rtrs_clt_con connections first, and then trigger the
      destruction of session files.
      
      Fixes: 6a98d71d ("RDMA/rtrs: client: main functionality")
      Link: https://lore.kernel.org/r/20210325153308.1214057-12-gi-oh.kim@ionos.comSigned-off-by: default avatarMd Haris Iqbal <haris.iqbal@ionos.com>
      Signed-off-by: default avatarJack Wang <jinpu.wang@ionos.com>
      Signed-off-by: default avatarGioh Kim <gi-oh.kim@ionos.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      7582207b
  3. 28 Mar, 2021 9 commits
    • Linus Torvalds's avatar
      Linux 5.12-rc5 · a5e13c6d
      Linus Torvalds authored
      a5e13c6d
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.12-2020-03-28' of... · f9e2bb42
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.12-2020-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tooling fixes from Arnaldo Carvalho de Melo:
      
       - Avoid write of uninitialized memory when generating PERF_RECORD_MMAP*
         records.
      
       - Fix 'perf top' BPF support related crash with perf_event_paranoid=3 +
         kptr_restrict.
      
       - Validate raw event with sysfs exported format bits.
      
       - Fix waipid on SIGCHLD delivery bugs in 'perf daemon'.
      
       - Change to use bash for daemon test on Debian, where the default is
         dash and thus fails for use of bashisms in this test.
      
       - Fix memory leak in vDSO found using ASAN.
      
       - Remove now useless (due to the fact that BPF now supports static
         vars) failing sub test "BPF relocation checker".
      
       - Fix auxtrace queue conflict.
      
       - Sync linux/kvm.h with the kernel sources.
      
      * tag 'perf-tools-fixes-for-v5.12-2020-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf test: Change to use bash for daemon test
        perf record: Fix memory leak in vDSO found using ASAN
        perf test: Remove now useless failing sub test "BPF relocation checker"
        perf daemon: Return from kill functions
        perf daemon: Force waipid for all session on SIGCHLD delivery
        perf top: Fix BPF support related crash with perf_event_paranoid=3 + kptr_restrict
        perf pmu: Validate raw event with sysfs exported format bits
        perf synthetic events: Avoid write of uninitialized memory when generating PERF_RECORD_MMAP* records
        tools headers UAPI: Sync linux/kvm.h with the kernel sources
        perf synthetic-events: Fix uninitialized 'kernel_thread' variable
        perf auxtrace: Fix auxtrace queue conflict
      f9e2bb42
    • Linus Torvalds's avatar
      Merge tag 'auxdisplay-for-linus-v5.12-rc6' of git://github.com/ojeda/linux · 3fef15f8
      Linus Torvalds authored
      Pull auxdisplay fix from Miguel Ojeda:
       "Remove in_interrupt() usage (Sebastian Andrzej Siewior)"
      
      * tag 'auxdisplay-for-linus-v5.12-rc6' of git://github.com/ojeda/linux:
        auxdisplay: Remove in_interrupt() usage.
      3fef15f8
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 36a14638
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "Two fixes:
      
         - Fix build failure on Ubuntu with new GCC packages that turn
           on -fcf-protection
      
         - Fix SME memory encryption PTE encoding bug - AFAICT the code
           worked on 4K page sizes (level 1) but had the wrong shift at
           higher page level orders (level 2 and higher)"
      
      * tag 'x86-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/build: Turn off -fcf-protection for realmode targets
        x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()
      36a14638
    • Linus Torvalds's avatar
      Merge tag 'locking-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 47fbbc94
      Linus Torvalds authored
      Pull locking fix from Ingo Molnar:
       "Fix the non-debug mutex_lock_io_nested() method to map to
        mutex_lock_io() instead of mutex_lock().
      
        Right now nothing uses this API explicitly, but this is an
        accident waiting to happen"
      
      * tag 'locking-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/mutex: Fix non debug version of mutex_lock_io_nested()
      47fbbc94
    • Linus Torvalds's avatar
      Merge tag '5.12-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6 · 81b1d39f
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Five cifs/smb3 fixes, two for stable.
      
        Includes an important fix for encryption and an ACL fix, as well as a
        fix for possible reflink data corruption"
      
      * tag '5.12-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: fix cached file size problems in duplicate extents (reflink)
        cifs: Silently ignore unknown oplock break handle
        cifs: revalidate mapping when we open files for SMB1 POSIX
        cifs: Fix chmod with modefromsid when an older ACE already exists.
        cifs: Adjust key sizes and key generation routines for AES256 encryption
      81b1d39f
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-03-27' of git://git.kernel.dk/linux-block · b44d1ddc
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Use thread info versions of flag testing, as discussed last week.
      
       - The series enabling PF_IO_WORKER to just take signals, instead of
         needing to special case that they do not in a bunch of places. Ends
         up being pretty trivial to do, and then we can revert all the special
         casing we're currently doing.
      
       - Kill dead pointer assignment
      
       - Fix hashed part of async work queue trace
      
       - Fix sign extension issue for IORING_OP_PROVIDE_BUFFERS
      
       - Fix a link completion ordering regression in this merge window
      
       - Cancellation fixes
      
      * tag 'io_uring-5.12-2021-03-27' of git://git.kernel.dk/linux-block:
        io_uring: remove unsued assignment to pointer io
        io_uring: don't cancel extra on files match
        io_uring: don't cancel-track common timeouts
        io_uring: do post-completion chore on t-out cancel
        io_uring: fix timeout cancel return code
        Revert "signal: don't allow STOP on PF_IO_WORKER threads"
        Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"
        Revert "kernel: treat PF_IO_WORKER like PF_KTHREAD for ptrace/signals"
        Revert "signal: don't allow sending any signals to PF_IO_WORKER threads"
        kernel: stop masking signals in create_io_thread()
        io_uring: handle signals for IO threads like a normal thread
        kernel: don't call do_exit() for PF_IO_WORKER threads
        io_uring: maintain CQE order of a failed link
        io-wq: fix race around pending work on teardown
        io_uring: do ctx sqd ejection in a clear context
        io_uring: fix provide_buffers sign extension
        io_uring: don't skip file_end_write() on reissue
        io_uring: correct io_queue_async_work() traces
        io_uring: don't use {test,clear}_tsk_thread_flag() for current
      b44d1ddc
    • Linus Torvalds's avatar
      Merge tag 'block-5.12-2021-03-27' of git://git.kernel.dk/linux-block · abed516e
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Fix regression from this merge window with the xarray partition
         change, which allowed partition counts that overflow the u8 that
         holds the partition number (Ming)
      
       - Fix zone append warning (Johannes)
      
       - Segmentation count fix for multipage bvecs (David)
      
       - Partition scan fix (Chris)
      
      * tag 'block-5.12-2021-03-27' of git://git.kernel.dk/linux-block:
        block: don't create too many partitions
        block: support zone append bvecs
        block: recalculate segment count for multi-segment discards correctly
        block: clear GD_NEED_PART_SCAN later in bdev_disk_changed
      abed516e
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · e8cfe8fa
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Seven fixes, all in drivers (qla2xxx, mkt3sas, qedi, target,
        ibmvscsi).
      
        The most serious are the target pscsi oom and the qla2xxx revert which
        can otherwise cause a use after free"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
        scsi: target: pscsi: Avoid OOM in pscsi_map_sg()
        scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
        scsi: qedi: Fix error return code of qedi_alloc_global_queues()
        scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
        scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware
        scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops()
      e8cfe8fa
  4. 27 Mar, 2021 12 commits
  5. 26 Mar, 2021 16 commits
    • Steve French's avatar
      smb3: fix cached file size problems in duplicate extents (reflink) · cfc63fc8
      Steve French authored
      There were two problems (one of which could cause data corruption)
      that were noticed with duplicate extents (ie reflink)
      when debugging why various xfstests were being incorrectly skipped
      (e.g. generic/138, generic/140, generic/142). First, we were not
      updating the file size locally in the cache when extending a
      file due to reflink (it would refresh after actimeo expires)
      but xfstest was checking the size immediately which was still
      0 so caused the test to be skipped.  Second, we were setting
      the target file size (which could shrink the file) in all cases
      to the end of the reflinked range rather than only setting the
      target file size when reflink would extend the file.
      
      CC: <stable@vger.kernel.org>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      cfc63fc8
    • Vincent Whitchurch's avatar
      cifs: Silently ignore unknown oplock break handle · 219481a8
      Vincent Whitchurch authored
      Make SMB2 not print out an error when an oplock break is received for an
      unknown handle, similar to SMB1.  The debug message which is printed for
      these unknown handles may also be misleading, so fix that too.
      
      The SMB2 lease break path is not affected by this patch.
      
      Without this, a program which writes to a file from one thread, and
      opens, reads, and writes the same file from another thread triggers the
      below errors several times a minute when run against a Samba server
      configured with "smb2 leases = no".
      
       CIFS: VFS: \\192.168.0.1 No task to wake, unknown frame received! NumMids 2
       00000000: 424d53fe 00000040 00000000 00000012  .SMB@...........
       00000010: 00000001 00000000 ffffffff ffffffff  ................
       00000020: 00000000 00000000 00000000 00000000  ................
       00000030: 00000000 00000000 00000000 00000000  ................
      Signed-off-by: default avatarVincent Whitchurch <vincent.whitchurch@axis.com>
      Reviewed-by: default avatarTom Talpey <tom@talpey.com>
      Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      219481a8
    • Ronnie Sahlberg's avatar
      cifs: revalidate mapping when we open files for SMB1 POSIX · cee8f4f6
      Ronnie Sahlberg authored
      RHBZ: 1933527
      
      Under SMB1 + POSIX, if an inode is reused on a server after we have read and
      cached a part of a file, when we then open the new file with the
      re-cycled inode there is a chance that we may serve the old data out of cache
      to the application.
      This only happens for SMB1 (deprecated) and when posix are used.
      The simplest solution to avoid this race is to force a revalidate
      on smb1-posix open.
      Signed-off-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      cee8f4f6
    • Shyam Prasad N's avatar
      cifs: Fix chmod with modefromsid when an older ACE already exists. · 3bffbe9e
      Shyam Prasad N authored
      My recent fixes to cifsacl to maintain inherited ACEs had
      regressed modefromsid when an older ACL already exists.
      
      Found testing xfstest 495 with modefromsid mount option
      
      Fixes: f5065508 ("cifs: Retain old ACEs when converting between mode bits and ACL")
      Signed-off-by: default avatarShyam Prasad N <sprasad@microsoft.com>
      Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      3bffbe9e
    • Jens Axboe's avatar
      kernel: don't call do_exit() for PF_IO_WORKER threads · 10442994
      Jens Axboe authored
      Right now we're never calling get_signal() from PF_IO_WORKER threads, but
      in preparation for doing so, don't handle a fatal signal for them. The
      workers have state they need to cleanup when exiting, so just return
      instead of calling do_exit() on their behalf. The threads themselves will
      detect a fatal signal and do proper shutdown.
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      10442994
    • Linus Torvalds's avatar
      Merge tag 'for-5.12/dm-fixes-2' of... · 0f4498ce
      Linus Torvalds authored
      Merge tag 'for-5.12/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix DM verity target's optional argument processing.
      
       - Fix DM core's zoned model and zone sectors checks.
      
       - Fix spurious "detected capacity change" pr_info() when creating new
         DM device.
      
       - Fix DM ioctl out of bounds array access in handling of
         DM_LIST_DEVICES_CMD when no devices exist.
      
      * tag 'for-5.12/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm ioctl: fix out of bounds array access when no devices
        dm: don't report "detected capacity change" on device creation
        dm table: Fix zoned model check and zone sectors check
        dm verity: fix DM_VERITY_OPTS_MAX value
      0f4498ce
    • Mikulas Patocka's avatar
      dm ioctl: fix out of bounds array access when no devices · 4edbe1d7
      Mikulas Patocka authored
      If there are not any dm devices, we need to zero the "dev" argument in
      the first structure dm_name_list. However, this can cause out of
      bounds write, because the "needed" variable is zero and len may be
      less than eight.
      
      Fix this bug by reporting DM_BUFFER_FULL_FLAG if the result buffer is
      too small to hold the "nl->dev" value.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4edbe1d7
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 7931c531
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix a memory management regression in ACPICA, repair an ACPI
        blacklist entry damaged inadvertently during the 5.11 cycle and fix
        the bookkeeping of devices with the same primary device ID in the ACPI
        core.
      
        Specifics:
      
         - Make ACPICA use the same object cache consistently when allocating
           and freeing objects (Vegard Nossum)
      
         - Add a callback pointer removed inadvertently during the 5.11 cycle
           to the ACPI backlight blacklist entry for Sony VPCEH3U1E (Chris
           Chiu)
      
         - Make the ACPI device enumeration core use IDA for creating names of
           ACPI device objects with the same primary device ID to avoid using
           duplicate device object names in some cases (Andy Shevchenko)"
      
      * tag 'acpi-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPICA: Always create namespace nodes using acpi_ns_create_node()
        ACPI: scan: Use unique number for instance_no
        ACPI: video: Add missing callback back for Sony VPCEH3U1E
      7931c531
    • Linus Torvalds's avatar
      Merge tag 'pm-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 8a3cbdda
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix an issue related to device links in the runtime PM framework
        and debugfs usage in the Energy Model code.
      
        Specifics:
      
         - Modify the runtime PM device suspend to avoid suspending supplier
           devices before the consumer device's status changes to
           RPM_SUSPENDED (Rafael Wysocki)
      
         - Change the Energy Model code to prevent it from attempting to
           create its main debugfs directory too early (Lukasz Luba)"
      
      * tag 'pm-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM: EM: postpone creating the debugfs dir till fs_initcall
        PM: runtime: Defer suspending suppliers
      8a3cbdda
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · eb3991ef
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Too many fixes have accumulated in the soc tree, so this is a fairly
        large set. As usual, most of the fixes are for devicetree files, but
        there are also notable code changes for imx and omap regressions as
        well as some maintainer file updates.
      
        imx:
         - Fix an Ethernet issue on imx6ul-14x14-evk board that is caused by
           independent PHY reset.
      
         - Add missing `dma-coherent` property for LayerScape device trees to
           fix a kernel BUG report.
      
         - Use IRQCHIP_DECLARE for AVIC driver to fix a boot issue on i.MX25
           with fw_devlink=on.
      
         - Add missing I2C pinctrl entry for imx8mp-phyboard-pollux-rdk board
           to fix the broken I2C GPIO recovery support.
      
         - Add `fsl,use-minimum-ecc` property for imx6ull-myir-mys-6ulx-eval
           device tree to fix UBI filesystem mount failure.
      
        at91:
         - wrong phy address that blocks Ethernet use on boards with sama5d27
           SoM1
      
         - restrictive pin possibilities for sam9x60
      
        omap:
         - Fix ocp interconnect bus access error reporting for omap_l3_noc by
           setting IRQF_NO_THREAD
      
         - Fix changed mmc slot order regression by adding mmc aliases for
           am335x
      
         - Fix dra7 reboot regression caused by invalid pcie reset map
      
         - Fix smartreflex init regression caused by dropped legacy data
      
         - Fix ti-sysc driver warning on unbind if reset is not deasserted
      
         - Fix flakey reset deassert for dra7 iva
      
        stm32:
         - MAINTAINER file updates
      
        broadcom:
         - brcmstb SoC ID build fix
      
         - MAINTAINER file updates"
      
      * tag 'soc-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        MAINTAINERS: Add Alain Volmat as STM32 I2C/SMBUS maintainer
        MAINTAINERS: Remove Vincent Abriou for STM/STI DRM drivers.
        MAINTAINERS: Update some st.com email addresses to foss.st.com
        ARM: dts: imx6ull: fix ubi filesystem mount failed
        ARM: imx6ul-14x14-evk: Do not reset the Ethernet PHYs independently
        arm64: dts: imx8mp-phyboard-pollux-rdk: Add missing pinctrl entry
        arm64: dts: ls1012a: mark crypto engine dma coherent
        arm64: dts: ls1043a: mark crypto engine dma coherent
        arm64: dts: ls1046a: mark crypto engine dma coherent
        ARM: imx: avic: Convert to using IRQCHIP_DECLARE
        ARM: dts: at91: sam9x60: fix mux-mask to match product's datasheet
        ARM: dts: at91: sam9x60: fix mux-mask for PA7 so it can be set to A, B and C
        ARM: dts: at91-sama5d27_som1: fix phy address to 7
        soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7 iva
        bus: ti-sysc: Fix warning on unbind if reset is not deasserted
        ARM: OMAP2+: Fix smartreflex init regression after dropping legacy data
        soc: ti: omap-prm: Fix reboot issue with invalid pcie reset map for dra7
        MAINTAINERS: rectify BROADCOM PMB (POWER MANAGEMENT BUS) DRIVER
        ARM: dts: am33xx: add aliases for mmc interfaces
        bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
      eb3991ef
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 6c20f6df
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "This contains a small series with a more elegant fix of a problem
        which was originally fixed in rc2"
      
      * tag 'for-linus-5.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        Revert "xen: fix p2m size in dom0 for disabled memory hotplug case"
        xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on MEMORY_HOTPLUG
      6c20f6df
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-03-26' of git://anongit.freedesktop.org/drm/drm · f944d061
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "As expected last week things were overly quiet so this week things
        seem to have caught up. It still isn't too major.
      
        msm and amdgpu lead the size here, the msm fixes are pretty varied
        across the driver, the amdgpu one is mostly the S0ix fixes with some
        other minor ones. Otherwise there are a few i915 fixes and one each
        for nouveau, etnaviv and rcar-du.
      
        msm:
         - pll fixes
         - shutdown hook fix
         - runtime resume fix
         - clear_oob fix
         - kms locking fix
         - display aux retry fix
      
        rcar-du:
         - warn_on in encoder init fix
      
        etnaviv:
         - Use FOLL_FORCE and FOLL_LONGTERM
      
        i915:
         - DisplayPort LTTPR fixes around link training and limiting it
           according to supported spec version.
         - Fix enabled_planes bitmask to really represent only logically
           enabled planes.
         - Fix DSS CTL registers for ICL DSI transcoders
         - Fix the GT fence revocation runtime PM logic.
      
        nouveau:
         - cursor size regression fix
      
        amdgpu:
         - S0ix fixes
         - Add PCI ID
         - Polaris PCIe DPM fix
         - Display fix for high refresh rate monitors"
      
      * tag 'drm-fixes-2021-03-26' of git://anongit.freedesktop.org/drm/drm: (37 commits)
        drm/nouveau/kms/nve4-nv108: Limit cursors to 128x128
        drm/i915: Fix the GT fence revocation runtime PM logic
        drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x
        drm/amdgpu: Add additional Sienna Cichlid PCI ID
        drm/amd/pm: workaround for audio noise issue
        drm/i915/dsc: fix DSS CTL register usage for ICL DSI transcoders
        drm/i915: Fix enabled_planes bitmask
        drm/i915: Disable LTTPR support when the LTTPR rev < 1.4
        drm/i915: Disable LTTPR support when the DPCD rev < 1.4
        drm/i915/ilk-glk: Fix link training on links with LTTPRs
        drm/msm/disp/dpu1: icc path needs to be set before dpu runtime resume
        drm/amdgpu: skip kfd suspend/resume for S0ix
        drm/amdgpu: drop S0ix checks around CG/PG in suspend
        drm/amdgpu: skip CG/PG for gfx during S0ix
        drm/amdgpu: update comments about s0ix suspend/resume
        drm/amdgpu/swsmu: skip gfx cgpg on s0ix suspend
        drm/amdgpu: re-enable suspend phase 2 for S0ix
        drm/amdgpu: move s0ix check into amdgpu_device_ip_suspend_phase2 (v3)
        drm/amdgpu: clean up non-DC suspend/resume handling
        drm/amdgpu: don't evict vram on APUs for suspend to ram (v4)
        ...
      f944d061
    • Pavel Machek's avatar
      remove Dan Murphy from TI from MAINTAINERS · 57a90062
      Pavel Machek authored
      Dan's address bounces, and has been bouncing for some time as he moved
      to other projects.
      
      I believe TI should be more careful with this, and should assign
      alternate contacts for their drivers.
      
      Anyway what we can do now is to remove the obsolete address.
      Signed-off-by: default avatarPavel Machek <pavel@ucw.cz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57a90062
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-video' and 'acpi-scan' · e1db18b5
      Rafael J. Wysocki authored
      * acpi-video:
        ACPI: video: Add missing callback back for Sony VPCEH3U1E
      
      * acpi-scan:
        ACPI: scan: Use unique number for instance_no
      e1db18b5
    • Rafael J. Wysocki's avatar
      Merge branch 'pm-em' · 6f3a283c
      Rafael J. Wysocki authored
      * pm-em:
        PM: EM: postpone creating the debugfs dir till fs_initcall
      6f3a283c
    • Shyam Prasad N's avatar
      cifs: Adjust key sizes and key generation routines for AES256 encryption · 45a4546c
      Shyam Prasad N authored
      For AES256 encryption (GCM and CCM), we need to adjust the size of a few
      fields to 32 bytes instead of 16 to accommodate the larger keys.
      
      Also, the L value supplied to the key generator needs to be changed from
      to 256 when these algorithms are used.
      
      Keeping the ioctl struct for dumping keys of the same size for now.
      Will send out a different patch for that one.
      Signed-off-by: default avatarShyam Prasad N <sprasad@microsoft.com>
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      CC: <stable@vger.kernel.org> # v5.10+
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      45a4546c