In failure flow, the reference counter acquired was not released,
and the following error was reported:
drivers/infiniband/core/cm.c:3373 cm_lap_handler() warn: inconsistent
refcounting 'cm_id_priv->refcount.refs.counter':
Fixes: 7345201c39 ("IB/cm: Improve the calling of cm_init_av_for_lap and cm_init_av_by_path")
Link: https://lore.kernel.org/r/7615f23bbb5c5b66d03f6fa13e1c99d51dae6916.1642581448.git.leonro@nvidia.com
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
creates interacting with pool namespace-constrained OSD permissions
from Jeff (marked for stable).
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmH0FAkTHGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzixpkB/4ssxwtq8aP82Kh/WuS9qdtofWtZvOB
6BPJdxseWvVMk9Bw/bO6BrxHpHJJKbhPPxKkhJGliSi19kWJKC7FYbuDRp7ffj4Y
3UDiRaD5aQyjFi1rIrBjDb3dgA1dxdXH4EVAPf44dlRD7HjqaglVldFWSHxqH1RQ
v4eB9RYHzNZKuAFsXF4+bzwZXMWgzaMXDNA5AzgRb8Zb3I2K2xSsIxDHD8MHlw8v
BFX7QNobsxi9vjmENOmH8WcjWx8abtdNl0ndNmHcc3u2QyNEfRcdx8DIytQCVRSw
gCyQVLgZIiedeZ84D6jmQu+RR668ztH+X6/QWWj5eHh6YlvtyqTPnuHe
=VuFn
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-5.17-rc2' of git://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"A ZERO_SIZE_PTR dereference fix from Xiubo and two fixes for async
creates interacting with pool namespace-constrained OSD permissions
from Jeff (marked for stable)"
* tag 'ceph-for-5.17-rc2' of git://github.com/ceph/ceph-client:
ceph: set pool_ns in new inode layout for async creates
ceph: properly put ceph_string reference after async create attempt
ceph: put the requests/sessions when it fails to alloc memory
Fix by removing the extra asterisk.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Rohith Surabattula <rohiths@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Versions of Cortex-A510 before r0p3 are affected by a hardware erratum
where the hardware update of the dirty bit is not correctly ordered.
Add these cpus to the cpu_has_broken_dbm list.
Signed-off-by: James Morse <james.morse@arm.com>
Link: https://lore.kernel.org/r/20220125154040.549272-3-james.morse@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
The kernel test robot reports that commit c42ff46f97 ("ocfs2: simplify
subdirectory registration with register_sysctl()") is broken, and
results in kernel warning messages like
sysctl table check failed: fs/ocfs2/nm Not a file
sysctl table check failed: fs/ocfs2/nm No proc_handler
sysctl table check failed: fs/ocfs2/nm bogus .mode 0555
and in fact this was already reported back in linux-next, but nobody
seems to have reacted to that report. Possibly that original report
only ever made it to the lkp list.
The problem seems to be that the simplification didn't actually go far
enough, and should have converted the whole directory path to the final
sysctl file, rather than just the two first components.
So take that last step.
Fixes: c42ff46f97 ("ocfs2: simplify subdirectory registration with register_sysctl()")
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/all/20220128065310.GF8421@xsang-OptiPlex-9020/
Link: https://lists.01.org/hyperkitty/list/lkp@lists.01.org/thread/KQ2F6TPJWMDVEXJM4WTUC4DU3EH3YJVT/
Tested-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This pull request is providing arm64 definitions to support
TRBE Cortex-A510 erratas.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQFPBAABCgA5FiEEeTrpXvBwUkra1RYWo5FxFnwrV6EFAmHy7RkbHG1hdGhpZXUu
cG9pcmllckBsaW5hcm8ub3JnAAoJEKORcRZ8K1ehmvEH/2O01bctGwhEtg7wRxdu
b/pksZSJZkrTq7cUU/xRUzGEj38owoYb/QFle1+e1qMW8Lt5nI11xLLCuBxTTZFT
zazoYnHHciKK5kiQSCK1cN4hTjGfL0dn/cEUkwGMA9PX6B8jG+WvMEHYXZkebt5b
BV88QUNB5+S5PPZzF+UczLVQoZ1UmlwkoVyTpRQN97qunqOZ6C1esDgOeghAXTg4
EKni3tl7IkkuDDsWvg4ez4hvnYbCbPaMaFqVI81n1NGHl2fhsKAa3GXKzj+wiG8H
gQEXw0q8G8rxJ4Ik/K4/VApWGrqFFSCFCeho8GFqxputUkzGoCRZ1U6JPQIbFWrN
lJM=
=HLQt
-----END PGP SIGNATURE-----
Merge tag 'trbe-cortex-a510-errata' of gitolite.kernel.org:pub/scm/linux/kernel/git/coresight/linux into for-next/fixes
coresight: trbe: Workaround Cortex-A510 erratas
This pull request is providing arm64 definitions to support
TRBE Cortex-A510 erratas.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
* tag 'trbe-cortex-a510-errata' of gitolite.kernel.org:pub/scm/linux/kernel/git/coresight/linux:
arm64: errata: Add detection for TRBE trace data corruption
arm64: errata: Add detection for TRBE invalid prohibited states
arm64: errata: Add detection for TRBE ignored system register writes
arm64: Add Cortex-A510 CPU part definition
CYW43570 is a 3-antenna, 2x2 MIMO,802.11a/b/g/n/ac, PCIe 3.0 for WLAN.
It is BT/WIFI combo.
Signed-off-by: Soontak Lee <soontak.lee@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@infineon.com>
Signed-off-by: Ian Lin <ian.lin-ee@infineon.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211229035144.9205-1-ian.lin-ee@infineon.com
This is a second attempt at honering the country code send out by access
points. This was first added in commit b0b524f079 ("brcmfmac: use
ISO3166 country code and 0 rev as fallback").
Subsequently this was reverted in commit 151a7c12c4 ("Revert "brcmfmac:
use ISO3166 country code and 0 rev as fallback""), because it was causing
issues with AP mode on some brcmfmac models (specifically on BCM4359/9).
Many devices ship with a nvram ccode value of X2/XT/XU/XV/ALL which are
all special world-wide compatibility ccode-s. Most of these world-wide
ccode-s allow passive scan mode only for 2.4GHz channels 12-14,
only enabling them when an AP is seen on them.
But at least on brcmfmac43455 devices this is not working correctly, these
do not see accesspoints on channels 12-14 unless the ccode is changes to
a country where these channels are allowed.
Translating received country codes to an ISO3166 country code and 0 rev
ccreq fixes devices using a brcmfmac43455 with a X2/XT/XU/XV/ALL ccode
not seeing accesspoints on channels 12-14.
To avoid this causing issues on other brcmfmac models again, the
fallback is limited to only brcmfmac4345* chips this time.
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Soeren Moch <smoch@web.de>
Cc: Fabio Aiuto <fabioaiuto83@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Soeren Moch <smoch@web.de> # on BCM4359/9
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211218185643.158182-1-hdegoede@redhat.com
On resume from suspend the following chain of events can happen:
A rt5682_resume() -> mod_delayed_work() for jack_detect_work
B DAPM sequence starts ( DAPM is locked now)
A1. rt5682_jack_detect_handler() scheduled
- Takes both jdet_mutex and calibrate_mutex
- Calls in to rt5682_headset_detect() which tries to take DAPM lock, it
starts to wait for it as B path took it already.
B1. DAPM sequence reaches the "HP Amp", rt5682_hp_event() tries to take
the jdet_mutex, but it is locked in A1, so it waits.
Deadlock.
To solve the deadlock, drop the jdet_mutex, use the jack_detect_work to do
the jack removal handling, move the dapm lock up one level to protect the
most of the rt5682_jack_detect_handler(), but not the jack reporting as it
might trigger a DAPM sequence.
The rt5682_headset_detect() can be changed to static as well.
Fixes: 8deb34a90f ("ASoC: rt5682: fix the wrong jack type detected")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Link: https://lore.kernel.org/r/20220126100325.16513-1-peter.ujfalusi@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Correct size of iec_status array by changing it to the size of status
array of the struct snd_aes_iec958. This fixes out-of-bounds slab
read accesses made by memcpy() of the hdmi-codec driver. This problem
is reported by KASAN.
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Link: https://lore.kernel.org/r/20220112195039.1329-1-digetx@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
The recent fix for DPCM locking also covered the loop in
dpcm_be_disconnect() with the FE stream lock. This caused an
unexpected side effect, thought: calling debugfs_remove_recursive() in
the spinlock may lead to lockdep splats as the code there assumes the
SOFTIRQ-safe context.
For avoiding the problem, this patch changes the disconnection
procedure to two phases: at first, the matching entries are removed
from the linked list, then the resources are freed outside the lock.
Fixes: b7898396f4 ("ASoC: soc-pcm: Fix and cleanup DPCM locking")
Reported-and-tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20220119155249.26754-3-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
The recent change for DPCM locking caused spurious lockdep warnings.
Actually the warnings are false-positive, as those are triggered due
to the nested stream locks for FE and BE. Since both locks belong to
the same lock class, lockdep sees it as if a deadlock.
For fixing this, we need to take PCM stream locks for BE with the
nested lock primitives. Since currently snd_pcm_stream_lock*() helper
assumes only the top-level single locking, a new helper function
snd_pcm_stream_lock_irqsave_nested() is defined for a single-depth
nested lock, which is now used in the BE DAI trigger that is always
performed inside a FE stream lock.
Fixes: b2ae806630 ("ASoC: soc-pcm: serialize BE triggers")
Reported-and-tested-by: Hans de Goede <hdegoede@redhat.com>
Reported-and-tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/73018f3c-9769-72ea-0325-b3f8e2381e30@redhat.com
Link: https://lore.kernel.org/alsa-devel/9a0abddd-49e9-872d-2f00-a1697340f786@samsung.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20220119155249.26754-2-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
In the past we use dbi function of wifi mac to read/write
pci config space, but the function will be remove in new
chip. So use kernel api pci_read/write_config_byte instead.
Signed-off-by: Chin-Yen Lee <timlee@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220121075555.12457-2-pkshih@realtek.com
DIG, which is short for dynamic initial gain, is used to adjust gain to get
good RX performance. CCK PD feature, a mechanism that adjusts 802.11b CCK
packet detection(PD) power threshold based on environment noisy level in
order to avoid false alarm. Also, refine related variable naming.
Signed-off-by: Johnson Lin <johnson.lin@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220121075555.12457-1-pkshih@realtek.com
Call to dle_dfi_qempty might fail, leaving qempty.qempty untouched, which
is latter used to control the for loop. If that happens, it's not
initialized anywhere.
Initialize it so the loop doesn't iterate unless it's modified by the
call to dle_dfi_qempty.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220113094253.73370-1-ihuguet@redhat.com
Make stuffs related to channel be collected in channel_params,
and encapsulate the corresponding decision in get_channel_params().
Then, functions that takes channel_params can also notice subband type.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220113011042.6705-2-pkshih@realtek.com
For next chipset which can support 6G band, we add the handling
of ieee80211_supported_band for 6G band in advance. And a bitmap,
support_bands, is added to rtw89_chip_info to declare which
NL80211_BAND_* are supported. With the chipset's declaration,
we register the corresponding instances of ieee80211_supported_band
with wiphy.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220113011042.6705-1-pkshih@realtek.com
One mac_id is corresponding to one connected station, and port ID is a
ID of virtual interfaces. With proper mac_id and port ID, firmware and
hardware can handle a packet with correct context.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-12-pkshih@realtek.com
If a packet we are going to send is broadcast/multicast and certain STAs
are in sleep mode, a flag IEEE80211_TX_CTL_SEND_AFTER_DTIM is added to
txinfo. Then, this kind of packets must be sent via HIQ instead of regular
AC queues, because they should be sent right after beacon.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-11-pkshih@realtek.com
HIQ is short for high queue that is used to send broadcast/multicast
packets right after TBTT in AP mode. Two registers, DTIM and window size,
are configured accordingly.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-10-pkshih@realtek.com
The H2C_FUNC_MAC_FWROLE_MAINTAIN also maintains the roles of all connected
stations; not just the role of VIF. So, I correct the name, but don't
change the logic at all.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-9-pkshih@realtek.com
The h2c_join firmware command is used to indicate a station is connected,
and the assoc_cmac_tbl firmware command is used to set CMAC table
corresponding to a mac_id. Both commands must work in both station and AP
modes. Use the mac_id of rtw89_sta naturally and intuitively.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-8-pkshih@realtek.com
In station mode, mac_id of station is the same as rtwvif's one.
In AP mode, each station uses individual mac_id.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-7-pkshih@realtek.com
Update beacon content if TIM bitmap maintained by mac80211 is changed.
Since .set_tim must be atomic but driver uses mutex lock, we add a work.
Otherwise, kernel says "sched: RT throttling activated" and lock down.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-6-pkshih@realtek.com
This C2H notify driver the beacon count we send out. We don't handle the
content for now, so add a dummy handler to avoid messages, like
rtw89_pci 0000:03:00.0: c2h class 0 func 3 not support
C2H: 00000000: 01 03 01 3f 0f 00 00 00 80 0a 00 00 00 00 a0
rtw89_pci 0000:03:00.0: c2h class 0 func 3 not support
C2H: 00000000: 01 03 01 40 0f 00 00 00 00 03 20 00 00 00 a5
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-5-pkshih@realtek.com
Firmware sends out beacon content generated by mac80211, and then stations
can receive beacon and work with this AP properly. Also, we download
beacon content again if TIM is changed.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-4-pkshih@realtek.com
Since firmware transmits beacon by hardware SSN, driver does it with the
same setting, then packets in the air have continual sequence number.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220107034239.22002-3-pkshih@realtek.com
BA CAM is used to ACK peer's packets, so it must be established when
IEEE80211_AMPDU_RX_START, and free it by IEEE80211_AMPDU_RX_STOP.
The hardware can support two static BA CAM entries, so I implement a bitmap
and a struct to record which entry is used and its corresponding tid. Also,
the hardware can learn and create dynamic BA CAM entries automatically if
received packets don't match static BA CAM. That means it can still work if
we don't use H2C to set static BA CAM. An exception is tid=0 should be
always allocated in static BA CAM, so an existing static BA CAM will be
replaced if it is full and peer is going to establish a BA with tid=0.
The new firmware use new format of this H2C, so I upgrade it as well.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220104012052.6911-1-pkshih@realtek.com
We have three points to receive packets to mac80211 with three different
kinds of status. Many handlers are common and can be shared, so I move
them together, and I don't change the logic at all.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220103013623.17052-3-pkshih@realtek.com
We are planning to support more chipsets, e.g. 8852C. Before that, we
consider architecutre to handle multiple kinds of chipsets. Obviosuly,
based on original design, rtw89_core module will have large size even
if there is only one chipset under running. It is because all chipset
related things are put in rtw89_core now. To reduce such overhead, we
extract modules of rtw89 and adjust dependencies between modules.
The following assumes that 8852AE, 8852AU, and 8852CE are all supported,
we describe the difference before and after extraction.
[Before extraction]
-------------
|------------------------------------ | rtw89_usb |
V -------------
--------------------------------------- -------------
| rtw89_core (including 8852A, 8852C) | <--- | rtw89_pci |
--------------------------------------- -------------
The data of 8852A and 8852C are built in rtw89_core.
And rtw89_pci is the entry of 8852AE and 8852CE.
And rtw89_usb is the entry of 8852AU.
[After extraction]
------------- ----------------
|----------- | rtw89_usb | <-------- | rtw89_8852au |
| ------------- ----------------
V --------------- |
-------------- | | <---------------
| rtw89_core | <--- | rtw89_8852a |
-------------- | | <---------------
^ ^ --------------- |
| | ------------- ----------------
| | | | <-------- | rtw89_8852ae |
| |----------- | rtw89_pci | ----------------
| | | <-----------------
| ------------- |
| --------------- ----------------
|--------------- | rtw89_8852c | <------ | rtw89_8852ce |
--------------- ----------------
The data of 8852A/8852C is extracted to rtw89_8852a/rtw89_8852c.
And rtw89_pci/rtw89_usb handles only common flow of pci/usb bus.
Finally, 8852AE, 8852AU, and 8852CE have individual entry modules,
i.e. rtw89_8852ae, rtw89_8852au, and rtw89_8852ce correspondingly.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211221025828.25092-1-pkshih@realtek.com
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmHz0QsACgkQnJ2qBz9k
QNkN+AgA6XqWHKYyElfgJFt1UqaoNMz/Faz9H/+PKiBNSTf6/+67D+V7DFz6jJrv
dDwHNzfDg9kR+pbAAPwhl2jfnQoUlsr019Hrqa5HpWlj5geVpbdunYUzS2WOkwqD
/m+brcLgPdKb2uIysj6wOh9B7wa8V9ksl3EjQvvwaHaU0p1YLUqidVXucYvs8DUo
bgXNaj9GmeysxnmU+aILotWuuXH2vOP4Q2Uk4qz3rN6xW9eEXtpQ4y7gWBp/GA8y
Ia8FtFdQdvlSDOJYMdPOTBu5RB7gY9ElrapvVaWNYtCWI/jRv666nZsLaERYNhLN
uUsG4MWjYbOqW5XqFDbSOwbDqvMh5Q==
=mEFA
-----END PGP SIGNATURE-----
Merge tag 'fsnotify_for_v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull fsnotify fixes from Jan Kara:
"Fixes for userspace breakage caused by fsnotify changes ~3 years ago
and one fanotify cleanup"
* tag 'fsnotify_for_v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
fsnotify: fix fsnotify hooks in pseudo filesystems
fsnotify: invalidate dcache before IN_DELETE event
fanotify: remove variable set but not used
The atomic_inc() needs to be paired with an atomic_dec() on the error
path.
Fixes: 514aee660d ("RDMA: Globally allocate and release QP memory")
Link: https://lore.kernel.org/r/20220118091104.GA11671@kili
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Bernard Metzler <bmt@zurich.ibm.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Partially revert the commit mentioned in the Fixes line to make sure that
allocation and erasing multicast struct are locked.
BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]
BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579
Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529
CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247
__kasan_report mm/kasan/report.c:433 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:450
ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]
ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579
ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614
ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Currently the xarray search can touch a concurrently freeing mc as the
xa_for_each() is not surrounded by any lock. Rather than hold the lock for
a full scan hold it only for the effected items, which is usually an empty
list.
Fixes: 95fe51096b ("RDMA/ucma: Remove mc_list and rely on xarray")
Link: https://lore.kernel.org/r/1cda5fabb1081e8d16e39a48d3a4f8160cea88b8.1642491047.git.leonro@nvidia.com
Reported-by: syzbot+e3f96c43d19782dd14a7@syzkaller.appspotmail.com
Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
In RoCE we should use cma_iboe_set_mgid() and not cma_set_mgid to generate
the mgid, otherwise we will generate an IGMP for an incorrect address.
Fixes: b5de0c60cc ("RDMA/cma: Fix use after free race in roce multicast join")
Link: https://lore.kernel.org/r/913bc6783fd7a95fe71ad9454e01653ee6fb4a9a.1642491047.git.leonro@nvidia.com
Signed-off-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmHz0I4ACgkQnJ2qBz9k
QNkvkAf/fD0swq13rFWiMDo+Azj9BwdjTeK7kEhGBCw9rL3BchH+OTMgPmcdplTJ
uzXVyWZ98hsCBY4Aclu3Grcy1Cj9A3+JW9FqrWbwWy8t583DuaV31UL99AXb/4sH
xYAmMm9V9gO5ckIAffHzHcEyN+dHMj89zl8vAtxGnlwR6gZLE1wjB3AmWBlctJpE
bWQWCpuJsW+7o7ky5hIQ2hQWLxb5OejdYtLu6Su4tM86xfMwi3pB0tzilJ6jorAH
eH5LBt5pVDI+gYQY1WYoZTy4eQKM0lhVW3WplhbNJwkJUupNS5xCXFfwB8bUppwc
+hyGn5G3GJZ2Ya+xALO3GfS8fX9ESQ==
=dQRa
-----END PGP SIGNATURE-----
Merge tag 'fs_for_v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull udf and quota fixes from Jan Kara:
"Fixes for crashes in UDF when inode expansion fails and one quota
cleanup"
* tag 'fs_for_v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
quota: cleanup double word in comment
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
Currently, the dwmac-sun8i's stmmaceth clk isn't disabled even if the
the device has been runtime suspended. The reason is the driver gets
the "stmmaceth" clk as tx_clk and enabling it during probe. But
there's no other usage of tx_clk except preparing and enabling, so
we can remove tx_clk and its usage then rely on the common routine
stmmac_probe_config_dt() to prepare and enable the stmmaceth clk
during driver initialization, and benefit from the runtime pm feature
after probed.
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The tstats allocation is done in the accelerated ndo_init function but the
allocation is not tested to succeed.
The deallocation is not done in the accelerated ndo_uninit function.
Resolve issues by testing for an allocation failure and adding the
free_percpu in the uninit function.
Fixes: aa0616a9bd ("IB/hfi1: switch to core handling of rx/tx byte/packet counters")
Link: https://lore.kernel.org/r/1642287756-182313-5-git-send-email-mike.marciniszyn@cornelisnetworks.com
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
The following allocation with large txqueuelen will result in the
following warning:
Call Trace:
__alloc_pages_nodemask+0x283/0x2c0
kmalloc_large_node+0x3c/0xa0
__kmalloc_node+0x22a/0x2f0
hfi1_ipoib_txreq_init+0x19f/0x330 [hfi1]
hfi1_ipoib_setup_rn+0xd3/0x1a0 [hfi1]
rdma_init_netdev+0x5a/0x80 [ib_core]
ipoib_intf_init+0x6c/0x350 [ib_ipoib]
ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]
ipoib_add_one+0xbe/0x300 [ib_ipoib]
add_client_context+0x12c/0x1a0 [ib_core]
ib_register_client+0x147/0x190 [ib_core]
ipoib_init_module+0xdd/0x132 [ib_ipoib]
do_one_initcall+0x46/0x1c3
do_init_module+0x5a/0x220
load_module+0x14c5/0x17f0
__do_sys_init_module+0x13b/0x180
do_syscall_64+0x5b/0x1a0
entry_SYSCALL_64_after_hwframe+0x65/0xca
For ipoib, the txqueuelen is modified with the module parameter
send_queue_size.
Fix by changing to use kv versions of the same allocator to handle the
large allocations. The allocation embeds a hdr struct that is dma mapped.
Change that struct to a pointer to a kzalloced struct.
Cc: stable@vger.kernel.org
Fixes: d99dc602e2 ("IB/hfi1: Add functions to transmit datagram ipoib packets")
Link: https://lore.kernel.org/r/1642287756-182313-3-git-send-email-mike.marciniszyn@cornelisnetworks.com
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Stefan Schmidt says:
====================
pull-request: ieee802154 for net 2022-01-28
An update from ieee802154 for your *net* tree.
A bunch of fixes in drivers, all from Miquel Raynal.
Clarifying the default channel in hwsim, leak fixes in at86rf230 and ca8210 as
well as a symbol duration fix for mcr20a. Topping up the driver fixes with
better error codes in nl802154 and a cleanup in MAINTAINERS for an orphaned
driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The 'tail' and 'head' are 'unsigned int' type free-running count, when
'head' is overflow, the 'int i (= tail) < u32 head' will be false:
Only '- loop 0: idx = 63' result is shown, so it needs to use 'int' type
to compare, it can handle the overflow correctly.
typedef uint32_t u32;
int main()
{
u32 tail, head;
int stail, shead;
int i, loop;
tail = 0xffffffff;
head = 0x00000000;
for (i = tail, loop = 0; i < head; i++) {
unsigned int idx = i & 63;
printf("+ loop %d: idx = %u\n", loop++, idx);
}
stail = tail;
shead = head;
for (i = stail, loop = 0; i < shead; i++) {
unsigned int idx = i & 63;
printf("- loop %d: idx = %u\n", loop++, idx);
}
return 0;
}
Fixes: 5cdad90de6 ("gve: Batch AQ commands for creating and destroying queues.")
Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There is a spelling mistake in a dev_err message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Luiz Angelo Daros de Luca says:
====================
net: dsa: realtek: MDIO interface and RTL8367S,RTL8367RB-VB
The old realtek-smi driver was linking subdrivers into a single
realtek-smi.ko After this series, each subdriver will be an independent
module required by either realtek-smi (platform driver) or the new
realtek-mdio (mdio driver). Both interface drivers (SMI or MDIO) are
independent, and they might even work side-by-side, although it will be
difficult to find such device. The subdriver can be individually
selected but only at buildtime, saving some storage space for custom
embedded systems.
Existing realtek-smi devices continue to work untouched during the
tests. The realtek-smi was moved into a realtek subdirectory, but it
normally does not break things.
I couldn't identify a fixed relation between port numbers (0..9) and
external interfaces (0..2), and I'm not sure if it is fixed for each
chip version or a device configuration. Until there is more info about
it, there is a new port property "realtek,ext-int" that can inform the
external interface.
The rtl8365mb might now handle multiple CPU ports and extint ports not
used as CPU ports. RTL8367S has an SGMII external interface, but my test
device (TP-Link Archer C5v4) uses only the second RGMII interface. We
need a test device with more external ports to test these features.
The driver still cannot handle SGMII ports.
RTL8367RB-VB support was added using information from Frank Wunderlich
<frank-w@public-files.de> but I didn't test it myself.
The rtl8365mb was tested with a MDIO-connected RTL8367S (TP-Link Acher
C5v4) and a SMI-connected RTL8365MB-VC switch (Asus RT-AC88U)
The rtl8366rb subdriver was not tested with this patch series, but it
was only slightly touched. It would be nice to test it, especially in an
MDIO-connected switch.
Best,
Luiz
Changelog:
v1-v2)
- formatting fixes
- dropped the rtl8365mb->rtl8367c rename
- other suggestions
v2-v3)
* realtek-mdio.c:
- cleanup realtek-mdio.c (BUG_ON, comments and includes)
- check devm_regmap_init return code
- removed realtek,rtl8366s string from realtek-mdio
* realtek-smi.c:
- removed void* type cast
* rtl8365mb.c:
- using macros to identify EXT interfaces
- rename some extra extport->extint cases
- allow extint as non cpu (not tested)
- allow multple cpu ports (not tested)
- dropped cpu info from struct rtl8365mb
* dropped dt-bindings changes (dealing outside this series)
* formatting issues fixed
v3-v4)
* fix cover message numbering 0/13 -> 0/11
* use static for realtek_mdio_read_reg
- Reported-by: kernel test robot <lkp@intel.com>
* use dsa_switch_for_each_cpu_port
* mention realtek_smi_{variant,ops} to realtek_{variant,ops}
in commit message
v5) sent again v4 branch. Sorry
v4-v6)
- added support for RTL8367RB-VB
- cleanup mdio_{read,write}, removing misterious START_OP, checking and
returning errors
- renamed priv->phy_id to priv->mdio_addr
- duplicated priv->ds_ops into ds_ops_{smi,mdio}. ds_ops_smi must not
set
phy_read or else both dsa and this driver might free slave_mii.
Dropped
401fd75c92f37
- Map port to extint using code instead of device-tree property. Added
comment
about port number, port description and external interfaces. Dropped
'realtek,ext-int' device-tree property
- Redacted the non-cpu ext port commit message, not highlighting the
possibility of using multiple CPU ports as it was just a byproduct.
- In a possible case of multiple cpu ports, use the first one as the
trap port.
Dropped 'realtek,trap-port' device-tree property
- Some formatting fixes
- BUG: rtl8365mb_phy_mode_supported was still checking for a cpu port
and not
an external interface
- BUG: fix trapdoor masking for port>7. Got a compiler error with a
bigger
constant value
- WARN: completed kdoc for rtl8366rb_drop_untagged()
- WARN: removed marks from incomplete kdoc
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Trap door number is a 4-bit number divided in two regions (3 and 1-bit).
Both values were not masked properly. This bug does not affect supported
devices as they use up to port 7 (ext2). It would only be a problem if
the driver becomes compatible with 10-port switches like RTL8370MB and
RTL8310SR.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
