1. 10 Jun, 2021 2 commits
    • Aharon Landau's avatar
      RDMA/mlx5: Delete right entry from MR signature database · 6466f03f
      Aharon Landau authored
      The value mr->sig is stored in the entry upon mr allocation, however, ibmr
      is wrongly entered here as "old", therefore, xa_cmpxchg() does not replace
      the entry with NULL, which leads to the following trace:
      
       WARNING: CPU: 28 PID: 2078 at drivers/infiniband/hw/mlx5/main.c:3643 mlx5_ib_stage_init_cleanup+0x4d/0x60 [mlx5_ib]
       Modules linked in: nvme_rdma nvme_fabrics nvme_core 8021q garp mrp bonding bridge stp llc rfkill rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_tad
       CPU: 28 PID: 2078 Comm: reboot Tainted: G               X --------- ---  5.13.0-0.rc2.19.el9.x86_64 #1
       Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.9.1 12/07/2018
       RIP: 0010:mlx5_ib_stage_init_cleanup+0x4d/0x60 [mlx5_ib]
       Code: 8d bb 70 1f 00 00 be 00 01 00 00 e8 9d 94 ce da 48 3d 00 01 00 00 75 02 5b c3 0f 0b 5b c3 0f 0b 48 83 bb b0 20 00 00 00 74 d5 <0f> 0b eb d1 4
       RSP: 0018:ffffa8db06d33c90 EFLAGS: 00010282
       RAX: 0000000000000000 RBX: ffff97f890a44000 RCX: ffff97f900ec0160
       RDX: 0000000000000000 RSI: 0000000080080001 RDI: ffff97f890a44000
       RBP: ffffffffc0c189b8 R08: 0000000000000001 R09: 0000000000000000
       R10: 0000000000000001 R11: 0000000000000300 R12: ffff97f890a44000
       R13: ffffffffc0c36030 R14: 00000000fee1dead R15: 0000000000000000
       FS:  00007f0d5a8a3b40(0000) GS:ffff98077fb80000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 0000555acbf4f450 CR3: 00000002a6f56002 CR4: 00000000001706e0
       Call Trace:
        mlx5r_remove+0x39/0x60 [mlx5_ib]
        auxiliary_bus_remove+0x1b/0x30
        __device_release_driver+0x17a/0x230
        device_release_driver+0x24/0x30
        bus_remove_device+0xdb/0x140
        device_del+0x18b/0x3e0
        mlx5_detach_device+0x59/0x90 [mlx5_core]
        mlx5_unload_one+0x22/0x60 [mlx5_core]
        shutdown+0x31/0x3a [mlx5_core]
        pci_device_shutdown+0x34/0x60
        device_shutdown+0x15b/0x1c0
        __do_sys_reboot.cold+0x2f/0x5b
        ? vfs_writev+0xc7/0x140
        ? handle_mm_fault+0xc5/0x290
        ? do_writev+0x6b/0x110
        do_syscall_64+0x40/0x80
        entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Fixes: e6fb246c ("RDMA/mlx5: Consolidate MR destruction to mlx5_ib_dereg_mr()")
      Link: https://lore.kernel.org/r/f3f585ea0db59c2a78f94f65eedeafc5a2374993.1623309971.git.leonro@nvidia.comSigned-off-by: default avatarAharon Landau <aharonl@nvidia.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      6466f03f
    • Maor Gottlieb's avatar
      RDMA: Verify port when creating flow rule · 2adcb4c5
      Maor Gottlieb authored
      Validate port value provided by the user and with that remove no longer
      needed validation by the driver.  The missing check in the mlx5_ib driver
      could cause to the below oops.
      
      Call trace:
        _create_flow_rule+0x2d4/0xf28 [mlx5_ib]
        mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib]
        ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs]
        ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs]
        ib_uverbs_cmd_verbs.isra.7+0xb28/0xc50 [ib_uverbs]
        ib_uverbs_ioctl+0x158/0x1d0 [ib_uverbs]
        do_vfs_ioctl+0xd0/0xaf0
        ksys_ioctl+0x84/0xb4
        __arm64_sys_ioctl+0x28/0xc4
        el0_svc_common.constprop.3+0xa4/0x254
        el0_svc_handler+0x84/0xa0
        el0_svc+0x10/0x26c
       Code: b9401260 f9615681 51000400 8b001c20 (f9403c1a)
      
      Fixes: 436f2ad0 ("IB/core: Export ib_create/destroy_flow through uverbs")
      Link: https://lore.kernel.org/r/faad30dc5219a01727f47db3dc2f029d07c82c00.1623309971.git.leonro@nvidia.comReviewed-by: default avatarMark Bloch <markb@mellanox.com>
      Signed-off-by: default avatarMaor Gottlieb <maorg@nvidia.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      2adcb4c5
  2. 08 Jun, 2021 1 commit
  3. 03 Jun, 2021 2 commits
  4. 02 Jun, 2021 1 commit
    • Kamal Heib's avatar
      RDMA/ipoib: Fix warning caused by destroying non-initial netns · a3e74fb9
      Kamal Heib authored
      After the commit 5ce2dced ("RDMA/ipoib: Set rtnl_link_ops for ipoib
      interfaces"), if the IPoIB device is moved to non-initial netns,
      destroying that netns lets the device vanish instead of moving it back to
      the initial netns, This is happening because default_device_exit() skips
      the interfaces due to having rtnl_link_ops set.
      
      Steps to reporoduce:
        ip netns add foo
        ip link set mlx5_ib0 netns foo
        ip netns delete foo
      
      WARNING: CPU: 1 PID: 704 at net/core/dev.c:11435 netdev_exit+0x3f/0x50
      Modules linked in: xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT
      nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack
      nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun d
       fuse
      CPU: 1 PID: 704 Comm: kworker/u64:3 Tainted: G S      W  5.13.0-rc1+ #1
      Hardware name: Dell Inc. PowerEdge R630/02C2CP, BIOS 2.1.5 04/11/2016
      Workqueue: netns cleanup_net
      RIP: 0010:netdev_exit+0x3f/0x50
      Code: 48 8b bb 30 01 00 00 e8 ef 81 b1 ff 48 81 fb c0 3a 54 a1 74 13 48
      8b 83 90 00 00 00 48 81 c3 90 00 00 00 48 39 d8 75 02 5b c3 <0f> 0b 5b
      c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 1f 44 00
      RSP: 0018:ffffb297079d7e08 EFLAGS: 00010206
      RAX: ffff8eb542c00040 RBX: ffff8eb541333150 RCX: 000000008010000d
      RDX: 000000008010000e RSI: 000000008010000d RDI: ffff8eb440042c00
      RBP: ffffb297079d7e48 R08: 0000000000000001 R09: ffffffff9fdeac00
      R10: ffff8eb5003be000 R11: 0000000000000001 R12: ffffffffa1545620
      R13: ffffffffa1545628 R14: 0000000000000000 R15: ffffffffa1543b20
      FS:  0000000000000000(0000) GS:ffff8ed37fa00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00005601b5f4c2e8 CR3: 0000001fc8c10002 CR4: 00000000003706e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       ops_exit_list.isra.9+0x36/0x70
       cleanup_net+0x234/0x390
       process_one_work+0x1cb/0x360
       ? process_one_work+0x360/0x360
       worker_thread+0x30/0x370
       ? process_one_work+0x360/0x360
       kthread+0x116/0x130
       ? kthread_park+0x80/0x80
       ret_from_fork+0x22/0x30
      
      To avoid the above warning and later on the kernel panic that could happen
      on shutdown due to a NULL pointer dereference, make sure to set the
      netns_refund flag that was introduced by commit 3a5ca857 ("can: dev:
      Move device back to init netns on owning netns delete") to properly
      restore the IPoIB interfaces to the initial netns.
      
      Fixes: 5ce2dced ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces")
      Link: https://lore.kernel.org/r/20210525150134.139342-1-kamalheib1@gmail.comSigned-off-by: default avatarKamal Heib <kamalheib1@gmail.com>
      Reviewed-by: default avatarLeon Romanovsky <leonro@nvidia.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      a3e74fb9
  5. 30 May, 2021 5 commits
    • Linus Torvalds's avatar
      Linux 5.13-rc4 · 8124c8a6
      Linus Torvalds authored
      8124c8a6
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · b90e90f4
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "This is a bit larger than usual at rc4 time. The reason is due to
        Lee's work of fixing newly reported build warnings.
      
        The rest is fixes as usual"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (22 commits)
        MAINTAINERS: adjust to removing i2c designware platform data
        i2c: s3c2410: fix possible NULL pointer deref on read message after write
        i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset
        i2c: i801: Don't generate an interrupt on bus reset
        i2c: mpc: implement erratum A-004447 workaround
        powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
        powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
        dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag
        i2c: busses: i2c-stm32f4: Remove incorrectly placed ' ' from function name
        i2c: busses: i2c-st: Fix copy/paste function misnaming issues
        i2c: busses: i2c-pnx: Provide descriptions for 'alg_data' data structure
        i2c: busses: i2c-ocores: Place the expected function names into the documentation headers
        i2c: busses: i2c-eg20t: Fix 'bad line' issue and provide description for 'msgs' param
        i2c: busses: i2c-designware-master: Fix misnaming of 'i2c_dw_init_master()'
        i2c: busses: i2c-cadence: Fix incorrectly documented 'enum cdns_i2c_slave_mode'
        i2c: busses: i2c-ali1563: File headers are not good candidates for kernel-doc
        i2c: muxes: i2c-arb-gpio-challenge: Demote non-conformant kernel-doc headers
        i2c: busses: i2c-nomadik: Fix formatting issue pertaining to 'timeout'
        i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
        i2c: I2C_HISI should depend on ACPI
        ...
      b90e90f4
    • Linus Torvalds's avatar
      Merge tag 'seccomp-fixes-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 9a76c0ee
      Linus Torvalds authored
      Pull seccomp fixes from Kees Cook:
       "This fixes a hard-to-hit race condition in the addfd user_notif
        feature of seccomp, visible since v5.9.
      
        And a small documentation fix"
      
      * tag 'seccomp-fixes-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        seccomp: Refactor notification handler to prepare for new semantics
        Documentation: seccomp: Fix user notification documentation
      9a76c0ee
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 9d68fe84
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
       "A handful of RISC-V related fixes:
      
         - avoid errors when the stack tracing code is tracing itself.
      
         - resurrect the memtest= kernel command line argument on RISC-V,
           which was briefly enabled during the merge window before a
           refactoring disabled it.
      
         - build fix and some warning cleanups"
      
      * tag 'riscv-for-linus-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: kexec: Fix W=1 build warnings
        riscv: kprobes: Fix build error when MMU=n
        riscv: Select ARCH_USE_MEMTEST
        riscv: stacktrace: fix the riscv stacktrace when CONFIG_FRAME_POINTER enabled
      9d68fe84
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.13-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 75b9c727
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "This week's pile mitigates some decades-old problems in how extent
        size hints interact with realtime volumes, fixes some failures in
        online shrink, and fixes a problem where directory and symlink
        shrinking on extremely fragmented filesystems could fail.
      
        The most user-notable change here is to point users at our (new) IRC
        channel on OFTC. Freedom isn't free, it costs folks like you and me;
        and if you don't kowtow, they'll expel everyone and take over your
        channel. (Ok, ok, that didn't fit the song lyrics...)
      
        Summary:
      
         - Fix a bug where unmapping operations end earlier than expected,
           which can cause chaos on multi-block directory and symlink shrink
           operations.
      
         - Fix an erroneous assert that can trigger if we try to transition a
           bmap structure from btree format to extents format with zero
           extents. This was exposed by xfs/538"
      
      * tag 'xfs-5.13-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: bunmapi has unnecessary AG lock ordering issues
        xfs: btree format inode forks can have zero extents
        xfs: add new IRC channel to MAINTAINERS
        xfs: validate extsz hints against rt extent size when rtinherit is set
        xfs: standardize extent size hint validation
        xfs: check free AG space when making per-AG reservations
      75b9c727
  6. 29 May, 2021 16 commits
    • Sargun Dhillon's avatar
      seccomp: Refactor notification handler to prepare for new semantics · ddc47391
      Sargun Dhillon authored
      This refactors the user notification code to have a do / while loop around
      the completion condition. This has a small change in semantic, in that
      previously we ignored addfd calls upon wakeup if the notification had been
      responded to, but instead with the new change we check for an outstanding
      addfd calls prior to returning to userspace.
      
      Rodrigo Campos also identified a bug that can result in addfd causing
      an early return, when the supervisor didn't actually handle the
      syscall [1].
      
      [1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/
      
      Fixes: 7cf97b12 ("seccomp: Introduce addfd ioctl to seccomp user notifier")
      Signed-off-by: default avatarSargun Dhillon <sargun@sargun.me>
      Acked-by: default avatarTycho Andersen <tycho@tycho.pizza>
      Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Tested-by: default avatarRodrigo Campos <rodrigo@kinvolk.io>
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/20210517193908.3113-3-sargun@sargun.me
      ddc47391
    • Linus Torvalds's avatar
      Merge tag 'thermal-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux · df8c66c4
      Linus Torvalds authored
      Pull thermal fixes from Daniel Lezcano:
      
       - Fix uninitialized error code value for the SPMI adc driver (Yang
         Yingliang)
      
       - Fix kernel doc warning (Yang Li)
      
       - Fix wrong read-write thermal trip point initialization (Srinivas
         Pandruvada)
      
      * tag 'thermal-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux:
        thermal/drivers/qcom: Fix error code in adc_tm5_get_dt_channel_data()
        thermal/ti-soc-thermal: Fix kernel-doc
        thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
      df8c66c4
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · f956cb99
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some tiny char/misc driver fixes for 5.13-rc4.
      
        Nothing huge here, just some tiny fixes for reported issues:
      
         - two interconnect driver fixes
      
         - kgdb build warning fix for gcc-11
      
         - hgafb regression fix
      
         - soundwire driver fix
      
         - mei driver fix
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        mei: request autosuspend after sending rx flow control
        kgdb: fix gcc-11 warnings harder
        video: hgafb: correctly handle card detect failure during probe
        soundwire: qcom: fix handling of qcom,ports-block-pack-mode
        interconnect: qcom: Add missing MODULE_DEVICE_TABLE
        interconnect: qcom: bcm-voter: add a missing of_node_put()
      f956cb99
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.13-rc4' of... · e1a9e3db
      Linus Torvalds authored
      Merge tag 'driver-core-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are three small driver core / debugfs fixes for 5.13-rc4:
      
         - debugfs fix for incorrect "lockdown" mode for selinux accesses
      
         - two device link changes, one bugfix and one cleanup
      
        All of these have been in linux-next for over a week with no reported
        problems"
      
      * tag 'driver-core-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        drivers: base: Reduce device link removal code duplication
        drivers: base: Fix device link removal
        debugfs: fix security_locked_down() call for SELinux
      e1a9e3db
    • Linus Torvalds's avatar
      Merge tag 'staging-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 494b99f7
      Linus Torvalds authored
      Pull staging and IIO driver fixes from Greg KH:
       "Here are some small IIO and staging driver fixes for reported issues
        for 5.13-rc4.
      
        Nothing major here, tiny changes for reported problems, full details
        are in the shortlog if people are curious.
      
        All have been in linux-next for a while with no reported problems"
      
      * tag 'staging-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        iio: adc: ad7793: Add missing error code in ad7793_setup()
        iio: adc: ad7923: Fix undersized rx buffer.
        iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()
        iio: dac: ad5770r: Put fwnode in error case during ->probe()
        iio: gyro: fxas21002c: balance runtime power in error path
        staging: emxx_udc: fix loop in _nbu2ss_nuke()
        staging: iio: cdc: ad7746: avoid overwrite of num_channels
        iio: adc: ad7192: handle regulator voltage error first
        iio: adc: ad7192: Avoid disabling a clock that was never enabled.
        iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
        iio: adc: ad7124: Fix missbalanced regulator enable / disable on error.
      494b99f7
    • Linus Torvalds's avatar
      Merge tag 'tty-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 3837f9a0
      Linus Torvalds authored
      Pull tty / serial driver fixes from Greg KH:
       "Here are some small fixes for reported problems for tty and serial
        drivers for 5.13-rc4.
      
        They consist of:
      
         - 8250 bugfixes and new device support
      
         - lockdown security mode fixup
      
         - syzbot found problems fixed
      
         - 8250_omap fix for interrupt storm
      
         - revert of 8250_omap driver fix as it caused worse problem than the
           original issue
      
        All but the last patch have been in linux-next for a while, the last
        one is a revert of a problem found in linux-next with the 8250_omap
        driver change"
      
      * tag 'tty-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        Revert "serial: 8250: 8250_omap: Fix possible interrupt storm"
        serial: 8250_pci: handle FL_NOIRQ board flag
        serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
        serial: 8250_pci: Add support for new HPE serial device
        serial: 8250: 8250_omap: Fix possible interrupt storm
        serial: 8250: Use BIT(x) for UART_{CAP,BUG}_*
        serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART
        serial: 8250_dw: Add device HID for new AMD UART controller
        serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
        serial: core: fix suspicious security_locked_down() call
        serial: tegra: Fix a mask operation that is always true
      3837f9a0
    • Linus Torvalds's avatar
      Merge tag 'usb-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 523d0b1e
      Linus Torvalds authored
      Pull USB / Thunderbolt fixes from Greg KH:
       "Here are a number of tiny USB and Thunderbolt driver fixes for
        5.13-rc4.
      
        They consist of:
      
         - thunderbolt fixes for some NVM bound issues
      
         - xhci fixes for reported problems
      
         - control-request fixups
      
         - documentation build warning fixes
      
         - new usb-serial driver device ids
      
         - typec bugfixes for reported issues
      
         - usbfs warning fixups (could be triggered from userspace)
      
         - other tiny fixes for reported problems.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits)
        xhci: Fix 5.12 regression of missing xHC cache clearing command after a Stall
        xhci: fix giving back URB with incorrect status regression in 5.12
        usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
        usb: typec: tcpm: Respond Not_Supported if no snk_vdo
        usb: typec: tcpm: Properly interrupt VDM AMS
        USB: trancevibrator: fix control-request direction
        usb: Restore the usb_header label
        usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header
        usb: typec: ucsi: Clear pending after acking connector change
        usb: typec: mux: Fix matching with typec_altmode_desc
        misc/uss720: fix memory leak in uss720_probe
        usb: dwc3: gadget: Properly track pending and queued SG
        USB: usbfs: Don't WARN about excessively large memory allocations
        thunderbolt: usb4: Fix NVM read buffer bounds and offset issue
        thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
        usb: chipidea: udc: assign interrupt number to USB gadget structure
        usb: cdnsp: Fix lack of removing request from pending list.
        usb: cdns3: Fix runtime PM imbalance on error
        USB: serial: pl2303: add device id for ADLINK ND-6530 GC
        USB: serial: ti_usb_3410_5052: add startech.com device id
        ...
      523d0b1e
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 22447828
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "ARM fixes:
      
         - Another state update on exit to userspace fix
      
         - Prevent the creation of mixed 32/64 VMs
      
         - Fix regression with irqbypass not restarting the guest on failed
           connect
      
         - Fix regression with debug register decoding resulting in
           overlapping access
      
         - Commit exception state on exit to usrspace
      
         - Fix the MMU notifier return values
      
         - Add missing 'static' qualifiers in the new host stage-2 code
      
        x86 fixes:
      
         - fix guest missed wakeup with assigned devices
      
         - fix WARN reported by syzkaller
      
         - do not use BIT() in UAPI headers
      
         - make the kvm_amd.avic parameter bool
      
        PPC fixes:
      
         - make halt polling heuristics consistent with other architectures
      
        selftests:
      
         - various fixes
      
         - new performance selftest memslot_perf_test
      
         - test UFFD minor faults in demand_paging_test"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (44 commits)
        selftests: kvm: fix overlapping addresses in memslot_perf_test
        KVM: X86: Kill off ctxt->ud
        KVM: X86: Fix warning caused by stale emulation context
        KVM: X86: Use kvm_get_linear_rip() in single-step and #DB/#BP interception
        KVM: x86/mmu: Fix comment mentioning skip_4k
        KVM: VMX: update vcpu posted-interrupt descriptor when assigning device
        KVM: rename KVM_REQ_PENDING_TIMER to KVM_REQ_UNBLOCK
        KVM: x86: add start_assignment hook to kvm_x86_ops
        KVM: LAPIC: Narrow the timer latency between wait_lapic_expire and world switch
        selftests: kvm: do only 1 memslot_perf_test run by default
        KVM: X86: Use _BITUL() macro in UAPI headers
        KVM: selftests: add shared hugetlbfs backing source type
        KVM: selftests: allow using UFFD minor faults for demand paging
        KVM: selftests: create alias mappings when using shared memory
        KVM: selftests: add shmem backing source type
        KVM: selftests: refactor vm_mem_backing_src_type flags
        KVM: selftests: allow different backing source types
        KVM: selftests: compute correct demand paging size
        KVM: selftests: simplify setup_demand_paging error handling
        KVM: selftests: Print a message if /dev/kvm is missing
        ...
      22447828
    • Linus Torvalds's avatar
      Merge tag 's390-5.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 866c4b8a
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
       "Fix races in vfio-ccw request handling"
      
      * tag 's390-5.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        vfio-ccw: Serialize FSM IDLE state with I/O completion
        vfio-ccw: Reset FSM state to IDLE inside FSM
        vfio-ccw: Check initialized flag in cp_init()
      866c4b8a
    • Paolo Bonzini's avatar
      selftests: kvm: fix overlapping addresses in memslot_perf_test · 000ac429
      Paolo Bonzini authored
      vm_create allocates memory and maps it close to GPA.  This memory
      is separate from what is allocated in subsequent calls to
      vm_userspace_mem_region_add, so it is incorrect to pass the
      test memory size to vm_create_default.  Just pass a small
      fixed amount of memory which can be used later for page table,
      otherwise GPAs are already allocated at MEM_GPA and the
      test aborts.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      000ac429
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 6799d4f2
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Ten small fixes, all in drivers"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
        scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
        scsi: vmw_pvscsi: Set correct residual data length
        scsi: bnx2fc: Return failure if io_req is already in ABTS processing
        scsi: aic7xxx: Remove multiple definition of globals
        scsi: aic7xxx: Restore several defines for aic7xxx firmware build
        scsi: target: iblock: Fix smp_processor_id() BUG messages
        scsi: libsas: Use _safe() loop in sas_resume_port()
        scsi: target: tcmu: Fix xarray RCU warning
        scsi: target: core: Avoid smp_processor_id() in preemptible code
      6799d4f2
    • Linus Torvalds's avatar
      Merge tag 'block-5.13-2021-05-28' of git://git.kernel.dk/linux-block · 0217a27e
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request (Christoph):
            - fix a memory leak in nvme_cdev_add (Guoqing Jiang)
            - fix inline data size comparison in nvmet_tcp_queue_response (Hou
              Pu)
            - fix false keep-alive timeout when a controller is torn down
              (Sagi Grimberg)
            - fix a nvme-tcp Kconfig dependency (Sagi Grimberg)
            - short-circuit reconnect retries for FC (Hannes Reinecke)
            - decode host pathing error for connect (Hannes Reinecke)
      
       - MD pull request (Song):
            - Fix incorrect chunk boundary assert (Christoph)
      
       - Fix s390/dasd verification panic (Stefan)
      
      * tag 'block-5.13-2021-05-28' of git://git.kernel.dk/linux-block:
        nvmet: fix false keep-alive timeout when a controller is torn down
        nvmet-tcp: fix inline data size comparison in nvmet_tcp_queue_response
        nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
        md/raid5: remove an incorrect assert in in_chunk_boundary
        s390/dasd: add missing discipline function
        nvme-fabrics: decode host pathing error for connect
        nvme-fc: short-circuit reconnect retries
        nvme: fix potential memory leaks in nvme_cdev_add
      0217a27e
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.13-2021-05-28' of git://git.kernel.dk/linux-block · b3dbbae6
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "A few minor fixes:
      
         - Fix an issue with hashed wait removal on exit (Zqiang, Pavel)
      
         - Fix a recent data race introduced in this series (Marco)"
      
      * tag 'io_uring-5.13-2021-05-28' of git://git.kernel.dk/linux-block:
        io_uring: fix data race to avoid potential NULL-deref
        io-wq: Fix UAF when wakeup wqe in hash waitqueue
        io_uring/io-wq: close io-wq full-stop gap
      b3dbbae6
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-05-29' of git://anongit.freedesktop.org/drm/drm · 567d1fd8
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Pretty quiet this week, couple of amdgpu, one i915, and a few misc otherwise.
      
        ttm:
         - prevent irrelevant swapout
      
        amdgpu:
         - MultiGPU fan fix
         - VCN powergating fixes
      
        amdkfd:
         - Fix SDMA register offset error
      
        meson:
         - fix shutdown crash
      
        i915:
         - Re-enable LTTPR non-transparent LT mode for DPCD_REV < 1.4"
      
      * tag 'drm-fixes-2021-05-29' of git://anongit.freedesktop.org/drm/drm:
        drm/ttm: Skip swapout if ttm object is not populated
        drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4
        drm/meson: fix shutdown crash when component not probed
        drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate
        drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate
        drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate
        drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate
        drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
        drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
        drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
        drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error
        drm/amd/pm: correct MGpuFanBoost setting
      567d1fd8
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.13-2021-05-28' of... · f289d990
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.13-2021-05-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix error checking of BPF prog attachment in 'perf stat'.
      
       - Fix getting maximum number of fds in the vendor events JSON parser.
      
       - Move debug initialization earlier, fixing a segfault in some cases.
      
       - Fix eventcode of power10 JSON events.
      
      * tag 'perf-tools-fixes-for-v5.13-2021-05-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf vendor events powerpc: Fix eventcode of power10 JSON events
        perf stat: Fix error check for bpf_program__attach
        perf debug: Move debug initialization earlier
        perf jevents: Fix getting maximum number of fds
      f289d990
    • Linus Torvalds's avatar
      Merge tag '5.13-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6 · 7c0ec89d
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three SMB3 fixes.
      
        Two for stable, and the other fixes a problem pointed out with a
        recently added ioctl"
      
      * tag '5.13-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: change format of CIFS_FULL_KEY_DUMP ioctl
        cifs: fix string declarations and assignments in tracepoints
        cifs: set server->cipher_type to AES-128-CCM for SMB3.0
      7c0ec89d
  7. 28 May, 2021 13 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 5ff2756a
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
      "Stable fixes:
         - Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
         - Fix Oops in xs_tcp_send_request() when transport is disconnected
         - Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
      
        Bugfixes:
         - Fix instances where signal_pending() should be fatal_signal_pending()
         - fix an incorrect limit in filelayout_decode_layout()
         - Fixes for the SUNRPC backlogged RPC queue
         - Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
         - Revert commit 586a0787 ("Clean up rpcrdma_prepare_readch()")"
      
      * tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        nfs: Remove trailing semicolon in macros
        xprtrdma: Revert 586a0787
        NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
        NFS: Clean up reset of the mirror accounting variables
        NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
        NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
        SUNRPC: More fixes for backlog congestion
        SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected
        NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
        SUNRPC in case of backlog, hand free slots directly to waiting task
        pNFS/NFSv4: Remove redundant initialization of 'rd_size'
        NFS: fix an incorrect limit in filelayout_decode_layout()
        fs/nfs: Use fatal_signal_pending instead of signal_pending
      5ff2756a
    • Linus Torvalds's avatar
      Merge tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · fc683f96
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A slightly high volume at this time due to pending ASoC fixes.
      
        While there are a few generic simple-card fixes for regressions, most
        of the changes are device-specific fixes: ASoC Intel SOF, codec
        clocks, other codec / platform fixes as well as usual HD-audio and
        USB-audio"
      
      * tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (37 commits)
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8
        ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340
        ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static
        ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i
        ALSA: hda/realtek: Headphone volume is controlled by Front mixer
        ALSA: usb-audio: scarlett2: Improve driver startup messages
        ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
        ALSA: usb-audio: fix control-request direction
        ASoC: qcom: lpass-cpu: Use optional clk APIs
        ASoC: cs35l33: fix an error code in probe()
        ASoC: SOF: Intel: hda: don't send DAI_CONFIG IPC for older firmware
        ASoC: fsl: fix SND_SOC_IMX_RPMSG dependency
        ASoC: cs42l52: Minor tidy up of error paths
        ASoC: cs35l32: Add missing regmap use_single config
        ASoC: cs35l34: Add missing regmap use_single config
        ASoC: cs42l73: Add missing regmap use_single config
        ASoC: cs53l30: Add missing regmap use_single config
        ...
      fc683f96
    • Linus Torvalds's avatar
      Merge tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 8508b97a
      Linus Torvalds authored
      Pull clang feature fixes from Kees Cook:
      
       - Correctly pass stack frame size checking under LTO (Nick Desaulniers)
      
       - Avoid CFI mismatches by checking initcall_t types (Marco Elver)
      
      * tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        Makefile: LTO: have linker check -Wframe-larger-than
        init: verify that function is initcall_t at compile-time
      8508b97a
    • Linus Torvalds's avatar
      Merge tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · afdd1470
      Linus Torvalds authored
      Pull MIPS fixes from Thomas Bogendoerfer:
      
       - fix function/preempt trace hangs
      
       - a few build fixes
      
      * tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
        MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
        MIPS: launch.h: add include guard to prevent build errors
        MIPS: alchemy: xxs1500: add gpio-au1000.h header file
      afdd1470
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-5.13-2' of... · a3d2ec9d
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      KVM/arm64 fixes for 5.13, take #2
      
      - Another state update on exit to userspace fix
      - Prevent the creation of mixed 32/64 VMs
      a3d2ec9d
    • Wanpeng Li's avatar
      KVM: X86: Kill off ctxt->ud · b35491e6
      Wanpeng Li authored
      ctxt->ud is consumed only by x86_decode_insn(), we can kill it off by
      passing emulation_type to x86_decode_insn() and dropping ctxt->ud
      altogether. Tracking that info in ctxt for literally one call is silly.
      Suggested-by: default avatarSean Christopherson <seanjc@google.com>
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <1622160097-37633-2-git-send-email-wanpengli@tencent.com>
      b35491e6
    • Wanpeng Li's avatar
      KVM: X86: Fix warning caused by stale emulation context · da6393cd
      Wanpeng Li authored
      Reported by syzkaller:
      
        WARNING: CPU: 7 PID: 10526 at linux/arch/x86/kvm//x86.c:7621 x86_emulate_instruction+0x41b/0x510 [kvm]
        RIP: 0010:x86_emulate_instruction+0x41b/0x510 [kvm]
        Call Trace:
         kvm_mmu_page_fault+0x126/0x8f0 [kvm]
         vmx_handle_exit+0x11e/0x680 [kvm_intel]
         vcpu_enter_guest+0xd95/0x1b40 [kvm]
         kvm_arch_vcpu_ioctl_run+0x377/0x6a0 [kvm]
         kvm_vcpu_ioctl+0x389/0x630 [kvm]
         __x64_sys_ioctl+0x8e/0xd0
         do_syscall_64+0x3c/0xb0
         entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Commit 4a1e10d5 ("KVM: x86: handle hardware breakpoints during emulation())
      adds hardware breakpoints check before emulation the instruction and parts of
      emulation context initialization, actually we don't have the EMULTYPE_NO_DECODE flag
      here and the emulation context will not be reused. Commit c8848cee ("KVM: x86:
      set ctxt->have_exception in x86_decode_insn()) triggers the warning because it
      catches the stale emulation context has #UD, however, it is not during instruction
      decoding which should result in EMULATION_FAILED. This patch fixes it by moving
      the second part emulation context initialization into init_emulate_ctxt() and
      before hardware breakpoints check. The ctxt->ud will be dropped by a follow-up
      patch.
      
      syzkaller source: https://syzkaller.appspot.com/x/repro.c?x=134683fdd00000
      
      Reported-by: syzbot+71271244f206d17f6441@syzkaller.appspotmail.com
      Fixes: 4a1e10d5 (KVM: x86: handle hardware breakpoints during emulation)
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <1622160097-37633-1-git-send-email-wanpengli@tencent.com>
      da6393cd
    • Yuan Yao's avatar
      KVM: X86: Use kvm_get_linear_rip() in single-step and #DB/#BP interception · e87e46d5
      Yuan Yao authored
      The kvm_get_linear_rip() handles x86/long mode cases well and has
      better readability, __kvm_set_rflags() also use the paired
      function kvm_is_linear_rip() to check the vcpu->arch.singlestep_rip
      set in kvm_arch_vcpu_ioctl_set_guest_debug(), so change the
      "CS.BASE + RIP" code in kvm_arch_vcpu_ioctl_set_guest_debug() and
      handle_exception_nmi() to this one.
      Signed-off-by: default avatarYuan Yao <yuan.yao@intel.com>
      Message-Id: <20210526063828.1173-1-yuan.yao@linux.intel.com>
      Reviewed-by: default avatarSean Christopherson <seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      e87e46d5
    • Sargun Dhillon's avatar
      Documentation: seccomp: Fix user notification documentation · aac90292
      Sargun Dhillon authored
      The documentation had some previously incorrect information about how
      userspace notifications (and responses) were handled due to a change
      from a previously proposed patchset.
      Signed-off-by: default avatarSargun Dhillon <sargun@sargun.me>
      Acked-by: default avatarTycho Andersen <tycho@tycho.pizza>
      Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Fixes: 6a21cc50 ("seccomp: add a return code to trap to userspace")
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/20210517193908.3113-2-sargun@sargun.me
      aac90292
    • Lukas Bulwahn's avatar
      MAINTAINERS: adjust to removing i2c designware platform data · 8aa0ae43
      Lukas Bulwahn authored
      Commit 5a517b5b ("i2c: designware: Get rid of legacy platform data")
      removes ./include/linux/platform_data/i2c-designware.h, but misses to
      adjust the SYNOPSYS DESIGNWARE I2C DRIVER section in MAINTAINERS.
      
      Hence, ./scripts/get_maintainer.pl --self-test=patterns complains:
      
        warning: no file matches F: include/linux/platform_data/i2c-designware.h
      
      Remove the file entry to this removed file as well.
      Signed-off-by: default avatarLukas Bulwahn <lukas.bulwahn@gmail.com>
      Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: default avatarWolfram Sang <wsa@kernel.org>
      8aa0ae43
    • Kajol Jain's avatar
      perf vendor events powerpc: Fix eventcode of power10 JSON events · 8fc4e4aa
      Kajol Jain authored
      Fixed the eventcode values in the power10 JSON event files to prepend
      "0x" since these are hexadecimal values.
      
      The patch also changes the event description of the PM_EXEC_STALL_LOAD_FINISH
      and PM_EXEC_STALL_NTC_FLUSH event and move some events to correct files.
      
      Fixes: 32daa5d7 ("perf vendor events: Initial JSON/events list for power10 platform")
      Signed-off-by: default avatarKajol Jain <kjain@linux.ibm.com>
      Reviewed-by: default avatarPaul A. Clarke <pc@us.ibm.com>
      Tested-by: default avatarNageswara R Sastry <rnsastry@linux.ibm.com>
      Cc: Athira Jajeev <atrajeev@linux.vnet.ibm.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
      Cc: linuxppc-dev@lists.ozlabs.org
      Link: http://lore.kernel.org/lkml/20210525063723.1191514-1-kjain@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      8fc4e4aa
    • Greg Kroah-Hartman's avatar
      Revert "serial: 8250: 8250_omap: Fix possible interrupt storm" · 56dde68f
      Greg Kroah-Hartman authored
      This reverts commit 31fae7c8.
      
      Tony writes:
      	I just noticed this causes the following regression in Linux
      	next when pressing a key on uart console after boot at least on
      	omap3. This seems to happen on serial_port_in(port, UART_RX) in
      	the quirk handling.
      
      So let's drop this.
      
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/r/YLCCJzkkB4N7LTQS@atomide.com
      Fixes: 31fae7c8 ("serial: 8250: 8250_omap: Fix possible interrupt storm")
      Reported-by: default avatarTony Lindgren <tony@atomide.com>
      Cc: Jan Kiszka <jan.kiszka@siemens.com>
      Cc: Vignesh Raghavendra <vigneshr@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      56dde68f
    • Krzysztof Kozlowski's avatar
      i2c: s3c2410: fix possible NULL pointer deref on read message after write · 24990423
      Krzysztof Kozlowski authored
      Interrupt handler processes multiple message write requests one after
      another, till the driver message queue is drained.  However if driver
      encounters a read message without preceding START, it stops the I2C
      transfer as it is an invalid condition for the controller.  At least the
      comment describes a requirement "the controller forces us to send a new
      START when we change direction".  This stop results in clearing the
      message queue (i2c->msg = NULL).
      
      The code however immediately jumped back to label "retry_write" which
      dereferenced the "i2c->msg" making it a possible NULL pointer
      dereference.
      
      The Coverity analysis:
      1. Condition !is_msgend(i2c), taking false branch.
         if (!is_msgend(i2c)) {
      
      2. Condition !is_lastmsg(i2c), taking true branch.
         } else if (!is_lastmsg(i2c)) {
      
      3. Condition i2c->msg->flags & 1, taking true branch.
         if (i2c->msg->flags & I2C_M_RD) {
      
      4. write_zero_model: Passing i2c to s3c24xx_i2c_stop, which sets i2c->msg to NULL.
         s3c24xx_i2c_stop(i2c, -EINVAL);
      
      5. Jumping to label retry_write.
         goto retry_write;
      
      6. var_deref_model: Passing i2c to is_msgend, which dereferences null i2c->msg.
         if (!is_msgend(i2c)) {"
      
      All previous calls to s3c24xx_i2c_stop() in this interrupt service
      routine are followed by jumping to end of function (acknowledging
      the interrupt and returning).  This seems a reasonable choice also here
      since message buffer was entirely emptied.
      
      Addresses-Coverity: Explicit null dereferenced
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarWolfram Sang <wsa@kernel.org>
      24990423