1. 22 Nov, 2020 4 commits
    • Linus Torvalds's avatar
      Merge tag 'staging-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · d27637ec
      Linus Torvalds authored
      Pull staging and IIO fixes from Greg KH:
       "Here are some small Staging and IIO driver fixes for 5.10-rc5. They
        include:
      
         - IIO fixes for reported regressions and problems
      
         - new device ids for IIO drivers
      
         - new device id for rtl8723bs driver
      
         - staging ralink driver Kconfig dependency fix
      
         - staging mt7621-pci bus resource fix
      
        All of these have been in linux-next all week with no reported issues"
      
      * tag 'staging-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode
        iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
        docs: ABI: testing: iio: stm32: remove re-introduced unsupported ABI
        iio: light: fix kconfig dependency bug for VCNL4035
        iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used
        iio/adc: ingenic: Fix battery VREF for JZ4770 SoC
        staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
        staging: ralink-gdma: fix kconfig dependency bug for DMA_RALINK
        staging: mt7621-pci: avoid to request pci bus resources
        iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout
        counter/ti-eqep: Fix regmap max_register
        iio: adc: stm32-adc: fix a regression when using dma and irq
        iio: adc: mediatek: fix unset field
        iio: cros_ec: Use default frequencies when EC returns invalid information
      d27637ec
    • Linus Torvalds's avatar
      Merge tag 'tty-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · de758035
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are some small tty/serial fixes for 5.10-rc5 that resolve some
        reported issues:
      
         - speakup crash when telling the kernel to use a device that isn't
           really there
      
         - imx serial driver fixes for reported problems
      
         - ar933x_uart driver fix for probe error handling path
      
        All have been in linux-next for a while with no reported issues"
      
      * tag 'tty-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: ar933x_uart: disable clk on error handling path in probe
        tty: serial: imx: keep console clocks always on
        speakup: Do not let the line discipline be used several times
        tty: serial: imx: fix potential deadlock
      de758035
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · a7f07fc1
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "A final set of miscellaneous bug fixes for ext4"
      
      * tag 'ext4_for_linus_fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix bogus warning in ext4_update_dx_flag()
        jbd2: fix kernel-doc markups
        ext4: drop fast_commit from /proc/mounts
      a7f07fc1
    • David Howells's avatar
      afs: Fix speculative status fetch going out of order wrt to modifications · a9e5c87c
      David Howells authored
      When doing a lookup in a directory, the afs filesystem uses a bulk
      status fetch to speculatively retrieve the statuses of up to 48 other
      vnodes found in the same directory and it will then either update extant
      inodes or create new ones - effectively doing 'lookup ahead'.
      
      To avoid the possibility of deadlocking itself, however, the filesystem
      doesn't lock all of those inodes; rather just the directory inode is
      locked (by the VFS).
      
      When the operation completes, afs_inode_init_from_status() or
      afs_apply_status() is called, depending on whether the inode already
      exists, to commit the new status.
      
      A case exists, however, where the speculative status fetch operation may
      straddle a modification operation on one of those vnodes.  What can then
      happen is that the speculative bulk status RPC retrieves the old status,
      and whilst that is happening, the modification happens - which returns
      an updated status, then the modification status is committed, then we
      attempt to commit the speculative status.
      
      This results in something like the following being seen in dmesg:
      
      	kAFS: vnode modified {100058:861} 8->9 YFS.InlineBulkStatus
      
      showing that for vnode 861 on volume 100058, we saw YFS.InlineBulkStatus
      say that the vnode had data version 8 when we'd already recorded version
      9 due to a local modification.  This was causing the cache to be
      invalidated for that vnode when it shouldn't have been.  If it happens
      on a data file, this might lead to local changes being lost.
      
      Fix this by ignoring speculative status updates if the data version
      doesn't match the expected value.
      
      Note that it is possible to get a DV regression if a volume gets
      restored from a backup - but we should get a callback break in such a
      case that should trigger a recheck anyway.  It might be worth checking
      the volume creation time in the volsync info and, if a change is
      observed in that (as would happen on a restore), invalidate all caches
      associated with the volume.
      
      Fixes: 5cf9dd55 ("afs: Prospectively look up extra files when doing a single lookup")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a9e5c87c
  2. 21 Nov, 2020 4 commits
  3. 20 Nov, 2020 14 commits
  4. 19 Nov, 2020 18 commits
    • Darrick J. Wong's avatar
      xfs: revert "xfs: fix rmap key and record comparison functions" · eb840907
      Darrick J. Wong authored
      This reverts commit 6ff646b2.
      
      Your maintainer committed a major braino in the rmap code by adding the
      attr fork, bmbt, and unwritten extent usage bits into rmap record key
      comparisons.  While XFS uses the usage bits *in the rmap records* for
      cross-referencing metadata in xfs_scrub and xfs_repair, it only needs
      the owner and offset information to distinguish between reverse mappings
      of the same physical extent into the data fork of a file at multiple
      offsets.  The other bits are not important for key comparisons for index
      lookups, and never have been.
      
      Eric Sandeen reports that this causes regressions in generic/299, so
      undo this patch before it does more damage.
      Reported-by: default avatarEric Sandeen <sandeen@sandeen.net>
      Fixes: 6ff646b2 ("xfs: fix rmap key and record comparison functions")
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      eb840907
    • Linus Torvalds's avatar
      Merge tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 4d02da97
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.10-rc5, including fixes from the WiFi
        (mac80211), can and bpf (including the strncpy_from_user fix).
      
        Current release - regressions:
      
         - mac80211: fix memory leak of filtered powersave frames
      
         - mac80211: free sta in sta_info_insert_finish() on errors to avoid
           sleeping in atomic context
      
         - netlabel: fix an uninitialized variable warning added in -rc4
      
        Previous release - regressions:
      
         - vsock: forward all packets to the host when no H2G is registered,
           un-breaking AWS Nitro Enclaves
      
         - net: Exempt multicast addresses from five-second neighbor lifetime
           requirement, decreasing the chances neighbor tables fill up
      
         - net/tls: fix corrupted data in recvmsg
      
         - qed: fix ILT configuration of SRC block
      
         - can: m_can: process interrupt only when not runtime suspended
      
        Previous release - always broken:
      
         - page_frag: Recover from memory pressure by not recycling pages
           allocating from the reserves
      
         - strncpy_from_user: Mask out bytes after NUL terminator
      
         - ip_tunnels: Set tunnel option flag only when tunnel metadata is
           present, always setting it confuses Open vSwitch
      
         - bpf, sockmap:
            - Fix partial copy_page_to_iter so progress can still be made
            - Fix socket memory accounting and obeying SO_RCVBUF
      
         - net: Have netpoll bring-up DSA management interface
      
         - net: bridge: add missing counters to ndo_get_stats64 callback
      
         - tcp: brr: only postpone PROBE_RTT if RTT is < current min_rtt
      
         - enetc: Workaround MDIO register access HW bug
      
         - net/ncsi: move netlink family registration to a subsystem init,
           instead of tying it to driver probe
      
         - net: ftgmac100: unregister NC-SI when removing driver to avoid
           crash
      
         - lan743x:
            - prevent interrupt storm on open
            - fix freeing skbs in the wrong context
      
         - net/mlx5e: Fix socket refcount leak on kTLS RX resync
      
         - net: dsa: mv88e6xxx: Avoid VLAN database corruption on 6097
      
         - fix 21 unset return codes and other mistakes on error paths, mostly
           detected by the Hulk Robot"
      
      * tag 'net-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (115 commits)
        fail_function: Remove a redundant mutex unlock
        selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
        lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
        net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()
        net/smc: fix matching of existing link groups
        ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module
        libbpf: Fix VERSIONED_SYM_COUNT number parsing
        net/mlx4_core: Fix init_hca fields offset
        atm: nicstar: Unmap DMA on send error
        page_frag: Recover from memory pressure
        net: dsa: mv88e6xxx: Wait for EEPROM done after HW reset
        mlxsw: core: Use variable timeout for EMAD retries
        mlxsw: Fix firmware flashing
        net: Have netpoll bring-up DSA management interface
        atl1e: fix error return code in atl1e_probe()
        atl1c: fix error return code in atl1c_probe()
        ah6: fix error return code in ah6_input()
        net: usb: qmi_wwan: Set DTR quirk for MR400
        can: m_can: process interrupt only when not runtime suspended
        can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery
        ...
      4d02da97
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 3be28e93
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "The last two weeks have been quiet here, just the usual smattering of
        long standing bug fixes.
      
        A collection of error case bug fixes:
      
         - Improper nesting of spinlock types in cm
      
         - Missing error codes and kfree()
      
         - Ensure dma_virt_ops users have the right kconfig symbols to work
           properly
      
         - Compilation failure of tools/testing"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        tools/testing/scatterlist: Fix test to compile and run
        IB/hfi1: Fix error return code in hfi1_init_dd()
        RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs
        RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device()
        RDMA/cm: Make the local_id_table xarray non-irq
      3be28e93
    • Theodore Ts'o's avatar
      ext4: drop fast_commit from /proc/mounts · 704c2317
      Theodore Ts'o authored
      The options in /proc/mounts must be valid mount options --- and
      fast_commit is not a mount option.  Otherwise, command sequences like
      this will fail:
      
          # mount /dev/vdc /vdc
          # mkdir -p /vdc/phoronix_test_suite /pts
          # mount --bind /vdc/phoronix_test_suite /pts
          # mount -o remount,nodioread_nolock /pts
          mount: /pts: mount point not mounted or bad option.
      
      And in the system logs, you'll find:
      
          EXT4-fs (vdc): Unrecognized mount option "fast_commit" or missing value
      
      Fixes: 995a3ed6 ("ext4: add fast_commit feature and handling for extended mount options")
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      704c2317
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · e6ea60ba
      Jakub Kicinski authored
      Alexei Starovoitov says:
      
      ====================
      1) libbpf should not attempt to load unused subprogs, from Andrii.
      
      2) Make strncpy_from_user() mask out bytes after NUL terminator, from Daniel.
      
      3) Relax return code check for subprograms in the BPF verifier, from Dmitrii.
      
      4) Fix several sockmap issues, from John.
      
      * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        fail_function: Remove a redundant mutex unlock
        selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL
        lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
        libbpf: Fix VERSIONED_SYM_COUNT number parsing
        bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list
        bpf, sockmap: Handle memory acct if skb_verdict prog redirects to self
        bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self
        bpf, sockmap: Use truesize with sk_rmem_schedule()
        bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect
        bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made
        selftests/bpf: Fix error return code in run_getsockopt_test()
        bpf: Relax return code check for subprograms
        tools, bpftool: Add missing close before bpftool net attach exit
        MAINTAINERS/bpf: Update Andrii's entry.
        selftests/bpf: Fix unused attribute usage in subprogs_unused test
        bpf: Fix unsigned 'datasec_id' compared with zero in check_pseudo_btf_id
        bpf: Fix passing zero to PTR_ERR() in bpf_btf_printf_prepare
        libbpf: Don't attempt to load unused subprog as an entry-point BPF program
      ====================
      
      Link: https://lore.kernel.org/r/20201119200721.288-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e6ea60ba
    • Chris Wilson's avatar
      drm/i915/gt: Fixup tgl mocs for PTE tracking · be33805c
      Chris Wilson authored
      Forcing mocs:1 [used for our winsys follows-pte mode] to be cached
      caused display glitches. Though it is documented as deprecated (and so
      likely behaves as uncached) use the follow-pte bit and force it out of
      L3 cache.
      
      Testcase: igt/kms_frontbuffer_tracking
      Testcase: igt/kms_big_fb
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Cc: Ayaz A Siddiqui <ayaz.siddiqui@intel.com>
      Cc: Lucas De Marchi <lucas.demarchi@intel.com>
      Cc: Matt Roper <matthew.d.roper@intel.com>
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Reviewed-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20201015122138.30161-4-chris@chris-wilson.co.uk
      (cherry picked from commit a04ac827)
      Fixes: 849c0fe9 ("drm/i915/gt: Initialize reserved and unspecified MOCS indices")
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      [Rodrigo: Updated Fixes tag]
      be33805c
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-5.10-2020-11-18' of... · f95dddc9
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-5.10-2020-11-18' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
      
      amd-drm-fixes-5.10-2020-11-18:
      
      amdgpu:
      - Pageflip fix for navi1x with 5 or 6 displays
      - Remove experimental flag for Arcturus
      - Fix regression in atomic commit tail rework
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexdeucher@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20201118213646.4015-1-alexander.deucher@amd.com
      f95dddc9
    • Luo Meng's avatar
      fail_function: Remove a redundant mutex unlock · 2801a5da
      Luo Meng authored
      Fix a mutex_unlock() issue where before copy_from_user() is
      not called mutex_locked.
      
      Fixes: 4b1a29a7 ("error-injection: Support fault injection framework")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarLuo Meng <luomeng12@huawei.com>
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Link: https://lore.kernel.org/bpf/160570737118.263807.8358435412898356284.stgit@devnote2
      2801a5da
    • Alexei Starovoitov's avatar
      Merge branch 'Fix bpf_probe_read_user_str() overcopying' · 14d6d86c
      Alexei Starovoitov authored
      Daniel Xu says:
      
      ====================
      
      6ae08ae3 ("bpf: Add probe_read_{user, kernel} and probe_read_{user,
      kernel}_str helpers") introduced a subtle bug where
      bpf_probe_read_user_str() would potentially copy a few extra bytes after
      the NUL terminator.
      
      This issue is particularly nefarious when strings are used as map keys,
      as seemingly identical strings can occupy multiple entries in a map.
      
      This patchset fixes the issue and introduces a selftest to prevent
      future regressions.
      
      v6 -> v7:
      * Add comments
      
      v5 -> v6:
      * zero-pad up to sizeof(unsigned long) after NUL
      
      v4 -> v5:
      * don't read potentially uninitialized memory
      
      v3 -> v4:
      * directly pass userspace pointer to prog
      * test more strings of different length
      
      v2 -> v3:
      * set pid filter before attaching prog in selftest
      * use long instead of int as bpf_probe_read_user_str() retval
      * style changes
      
      v1 -> v2:
      * add Fixes: tag
      * add selftest
      ====================
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      14d6d86c
    • Daniel Xu's avatar
      selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NUL · c8a36aed
      Daniel Xu authored
      Previously, bpf_probe_read_user_str() could potentially overcopy the
      trailing bytes after the NUL due to how do_strncpy_from_user() does the
      copy in long-sized strides. The issue has been fixed in the previous
      commit.
      
      This commit adds a selftest that ensures we don't regress
      bpf_probe_read_user_str() again.
      Signed-off-by: default avatarDaniel Xu <dxu@dxuuu.xyz>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Acked-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/bpf/4d977508fab4ec5b7b574b85bdf8b398868b6ee9.1605642949.git.dxu@dxuuu.xyz
      c8a36aed
    • Daniel Xu's avatar
      lib/strncpy_from_user.c: Mask out bytes after NUL terminator. · 6fa6d280
      Daniel Xu authored
      do_strncpy_from_user() may copy some extra bytes after the NUL
      terminator into the destination buffer. This usually does not matter for
      normal string operations. However, when BPF programs key BPF maps with
      strings, this matters a lot.
      
      A BPF program may read strings from user memory by calling the
      bpf_probe_read_user_str() helper which eventually calls
      do_strncpy_from_user(). The program can then key a map with the
      destination buffer. BPF map keys are fixed-width and string-agnostic,
      meaning that map keys are treated as a set of bytes.
      
      The issue is when do_strncpy_from_user() overcopies bytes after the NUL
      terminator, it can result in seemingly identical strings occupying
      multiple slots in a BPF map. This behavior is subtle and totally
      unexpected by the user.
      
      This commit masks out the bytes following the NUL while preserving
      long-sized stride in the fast path.
      
      Fixes: 6ae08ae3 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers")
      Signed-off-by: default avatarDaniel Xu <dxu@dxuuu.xyz>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Link: https://lore.kernel.org/bpf/21efc982b3e9f2f7b0379eed642294caaa0c27a7.1605642949.git.dxu@dxuuu.xyz
      6fa6d280
    • Linus Torvalds's avatar
      Merge tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · dda3f425
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Fixes for CVE-2020-4788.
      
        From Daniel's cover letter:
      
        IBM Power9 processors can speculatively operate on data in the L1
        cache before it has been completely validated, via a way-prediction
        mechanism. It is not possible for an attacker to determine the
        contents of impermissible memory using this method, since these
        systems implement a combination of hardware and software security
        measures to prevent scenarios where protected data could be leaked.
      
        However these measures don't address the scenario where an attacker
        induces the operating system to speculatively execute instructions
        using data that the attacker controls. This can be used for example to
        speculatively bypass "kernel user access prevention" techniques, as
        discovered by Anthony Steinhauser of Google's Safeside Project. This
        is not an attack by itself, but there is a possibility it could be
        used in conjunction with side-channels or other weaknesses in the
        privileged code to construct an attack.
      
        This issue can be mitigated by flushing the L1 cache between privilege
        boundaries of concern.
      
        This patch series flushes the L1 cache on kernel entry (patch 2) and
        after the kernel performs any user accesses (patch 3). It also adds a
        self-test and performs some related cleanups"
      
      * tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations
        selftests/powerpc: refactor entry and rfi_flush tests
        selftests/powerpc: entry flush test
        powerpc: Only include kup-radix.h for 64-bit Book3S
        powerpc/64s: flush L1D after user accesses
        powerpc/64s: flush L1D on kernel entry
        selftests/powerpc: rfi_flush: disable entry flush if present
      dda3f425
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa · 3494d588
      Linus Torvalds authored
      Pull xtensa fixes from Max Filippov:
      
       - fix placement of cache alias remapping area
      
       - disable preemption around cache alias management calls
      
       - add missing __user annotation to strncpy_from_user argument
      
      * tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: uaccess: Add missing __user to strncpy_from_user() prototype
        xtensa: disable preemption around cache alias management calls
        xtensa: fix TLBTEMP area placement
      3494d588
    • Thomas Zimmermann's avatar
      drm/vram-helper: Fix use of top-down placement · 01822dd1
      Thomas Zimmermann authored
      Commit 7053e0ea ("drm/vram-helper: stop using TTM placement flags")
      cleared the BO placement flags if top-down placement had been selected.
      Hence, BOs that were supposed to go into VRAM are now placed in a default
      location in system memory.
      
      Trying to scanout the incorrectly pinned BO results in displayed garbage
      and an error message.
      
      [  146.108127] ------------[ cut here ]------------
      [  146.1V08180] WARNING: CPU: 0 PID: 152 at drivers/gpu/drm/drm_gem_vram_helper.c:284 drm_gem_vram_offset+0x59/0x60 [drm_vram_helper]
      ...
      [  146.108591]  ast_cursor_page_flip+0x3e/0x150 [ast]
      [  146.108622]  ast_cursor_plane_helper_atomic_update+0x8a/0xc0 [ast]
      [  146.108654]  drm_atomic_helper_commit_planes+0x197/0x4c0
      [  146.108699]  drm_atomic_helper_commit_tail_rpm+0x59/0xa0
      [  146.108718]  commit_tail+0x103/0x1c0
      ...
      [  146.109302] ---[ end trace d901a1ba1d949036 ]---
      
      Fix the bug by keeping the placement flags. The top-down placement flag
      is stored in a separate variable.
      Signed-off-by: default avatarThomas Zimmermann <tzimmermann@suse.de>
      Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
      Fixes: 7053e0ea ("drm/vram-helper: stop using TTM placement flags")
      Reported-by: Pu Wen <puwen@hygon.cn> [for 5.10-rc1]
      Tested-by: default avatarPu Wen <puwen@hygon.cn>
      Cc: Christian König <christian.koenig@amd.com>
      Cc: Dave Airlie <airlied@redhat.com>
      Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Cc: Maxime Ripard <mripard@kernel.org>
      Cc: Thomas Zimmermann <tzimmermann@suse.de>
      Cc: David Airlie <airlied@linux.ie>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Cc: dri-devel@lists.freedesktop.org
      Link: https://patchwork.freedesktop.org/patch/msgid/20200921142536.4392-1-tzimmermann@suse.de
      (cherry picked from commit b8f8dbf6)
      [pulled into fixes from drm-next]
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      01822dd1
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 131ad0b6
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix recent regression in the APEI code and initialization issue
        in the ACPI fan driver.
      
        Specifics:
      
         - Make the APEI code avoid attempts to obtain logical addresses for
           registers located in the I/O address space to fix initialization
           issues (Aili Yao)
      
         - Fix sysfs attribute initialization in the ACPI fan driver (Guenter
           Roeck)"
      
      * tag 'acpi-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI, APEI, Fix error return value in apei_map_generic_address()
        ACPI: fan: Initialize performance state sysfs attribute
      131ad0b6
    • Linus Torvalds's avatar
      Merge tag 'pm-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 4ca35b4f
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix two issues in ARM cpufreq drivers and one cpuidle driver
        issue.
      
        Specifics:
      
         - Add missing RCU_NONIDLE() annotations to the Tegra cpuidle driver
           (Dmitry Osipenko)
      
         - Fix boot frequency computation in the tegra186 cpufreq driver (Jon
           Hunter)
      
         - Make the SCMI cpufreq driver register a dummy clock provider to
           avoid OPP addition failures (Sudeep Holla)"
      
      * tag 'pm-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: scmi: Fix OPP addition failure with a dummy clock provider
        cpufreq: tegra186: Fix get frequency callback
        cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE
      4ca35b4f
    • Linus Torvalds's avatar
      Merge tag 'spi-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · fee3c824
      Linus Torvalds authored
      Pull spi fixes from Mark Brown:
       "This is a relatively large set of fixes, the bulk of it being a series
        from Lukas Wunner which fixes confusion with the lifetime of driver
        data allocated along with the SPI controller structure that's been
        created as part of the conversion to devm APIs.
      
        The simplest fix, explained in detail in Lukas' commit message, is to
        move to a devm_ function for allocation of the controller and hence
        driver data in order to push the free of that after anything tries to
        reference the driver data in the remove path. This results in a
        relatively large diff due to the addition of a new function but isn't
        particularly complex.
      
        There's also a fix from Sven van Asbroeck which fixes yet more fallout
        from the conflicts between the various different places one can
        configure the polarity of GPIOs in modern systems.
      
        Otherwise everything is fairly small and driver specific"
      
      * tag 'spi-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: npcm-fiu: Don't leak SPI master in probe error path
        spi: dw: Set transfer handler before unmasking the IRQs
        spi: cadence-quadspi: Fix error return code in cqspi_probe
        spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
        spi: lpspi: Fix use-after-free on unbind
        spi: bcm-qspi: Fix use-after-free on unbind
        spi: bcm2835aux: Fix use-after-free on unbind
        spi: bcm2835: Fix use-after-free on unbind
        spi: Introduce device-managed SPI controller allocation
        spi: fsi: Fix transfer returning without finalizing message
        spi: fix client driver breakages when using GPIO descriptors
      fee3c824
    • Jakub Kicinski's avatar
      Merge branch 'net-smc-fixes-2020-11-18' · 90b49784
      Jakub Kicinski authored
      Karsten Graul says:
      
      ====================
      net/smc: fixes 2020-11-18
      
      Patch 1 fixes the matching of link groups because with SMC-Dv2 the vlanid
      should no longer be part of this matching. Patch 2 removes a sparse message.
      ====================
      
      Link: https://lore.kernel.org/r/20201118214038.24039-1-kgraul@linux.ibm.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      90b49784