commit ab3bed80f9d34641966eaa329fc7b296a21dab07 Author: Greg Kroah-Hartman Date: Fri Apr 16 11:46:39 2021 +0200 Linux 5.4.113 Tested-by: Shuah Khan Tested-by: Jason Self Tested-by: Florian Fainelli Tested-by: Hulk Robot Tested-by: Jon Hunter Link: https://lore.kernel.org/r/20210415144413.055232956@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman commit 94371b6c5553ffb0ee728016a8378614d3b2ce17 Author: Juergen Gross Date: Mon Apr 12 08:28:45 2021 +0200 xen/events: fix setting irq affinity The backport of upstream patch 25da4618af240fbec61 ("xen/events: don't unmask an event channel when an eoi is pending") introduced a regression for stable kernels 5.10 and older: setting IRQ affinity for IRQs related to interdomain events would no longer work, as moving the IRQ to its new cpu was not included in the irq_ack callback for those events. Fix that by adding the needed call. Note that kernels 5.11 and later don't need the explicit moving of the IRQ to the target cpu in the irq_ack callback, due to a rework of the affinity setting in kernel 5.11. Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman commit 4ea6097986c4b4ca5a5d5b19c75386fda3360e54 Author: Arnaldo Carvalho de Melo Date: Fri Mar 5 10:02:09 2021 -0300 perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches commit 77d02bd00cea9f1a87afe58113fa75b983d6c23a upstream. Noticed on a debian:experimental mips and mipsel cross build build environment: perfbuilder@ec265a086e9b:~$ mips-linux-gnu-gcc --version | head -1 mips-linux-gnu-gcc (Debian 10.2.1-3) 10.2.1 20201224 perfbuilder@ec265a086e9b:~$ CC /tmp/build/perf/util/map.o util/map.c: In function 'map__new': util/map.c:109:5: error: '%s' directive output may be truncated writing between 1 and 2147483645 bytes into a region of size 4096 [-Werror=format-truncation=] 109 | "%s/platforms/%s/arch-%s/usr/lib/%s", | ^~ In file included from /usr/mips-linux-gnu/include/stdio.h:867, from util/symbol.h:11, from util/map.c:2: /usr/mips-linux-gnu/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' output 32 or more bytes (assuming 4294967321) into a destination of size 4096 67 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 68 | __bos (__s), __fmt, __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Since we have the lenghts for what lands in that place, use it to give the compiler more info and make it happy. Signed-off-by: Arnaldo Carvalho de Melo Cc: Anders Roxell Signed-off-by: Greg Kroah-Hartman commit d462247bb2747e6b71b1d06440e7c46a4f50fea2 Author: Chris Wilson Date: Thu Aug 20 22:25:01 2020 +0100 perf tools: Use %zd for size_t printf formats on 32-bit commit 20befbb1080307e70c7893ef9840d32e3ef8ac45 upstream. A couple of trivial fixes for using %zd for size_t in the code supporting the ZSTD compression library. Signed-off-by: Chris Wilson Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: Alexey Budankov Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lore.kernel.org/lkml/20200820212501.24421-1-chris@chris-wilson.co.uk Signed-off-by: Arnaldo Carvalho de Melo Cc: Anders Roxell Signed-off-by: Greg Kroah-Hartman commit 2715a4c0dc349dd9753cbd69306ba8600f952888 Author: Jiri Olsa Date: Sun Jan 12 20:22:59 2020 +0100 perf tools: Use %define api.pure full instead of %pure-parser commit fc8c0a99223367b071c83711259d754b6bb7a379 upstream. bison deprecated the "%pure-parser" directive in favor of "%define api.pure full". The api.pure got introduced in bison 2.3 (Oct 2007), so it seems safe to use it without any version check. Signed-off-by: Jiri Olsa Cc: Adrian Hunter Cc: Clark Williams Cc: Jiri Olsa Cc: Namhyung Kim Cc: Ravi Bangoria Cc: Thomas Gleixner Link: http://lore.kernel.org/lkml/20200112192259.GA35080@krava Signed-off-by: Arnaldo Carvalho de Melo Cc: Anders Roxell Signed-off-by: Greg Kroah-Hartman commit 799f02f0dfc4f0232d37901126e582900c822939 Author: Saravana Kannan Date: Thu Apr 1 21:03:40 2021 -0700 driver core: Fix locking bug in deferred_probe_timeout_work_func() commit eed6e41813deb9ee622cd9242341f21430d7789f upstream. list_for_each_entry_safe() is only useful if we are deleting nodes in a linked list within the loop. It doesn't protect against other threads adding/deleting nodes to the list in parallel. We need to grab deferred_probe_mutex when traversing the deferred_probe_pending_list. Cc: stable@vger.kernel.org Fixes: 25b4e70dcce9 ("driver core: allow stopping deferred probe after init") Signed-off-by: Saravana Kannan Link: https://lore.kernel.org/r/20210402040342.2944858-2-saravanak@google.com Signed-off-by: Greg Kroah-Hartman commit cc59b872f2e1995b8cc819b9445c1198bfe83b2d Author: Florian Westphal Date: Wed Apr 7 21:38:57 2021 +0200 netfilter: x_tables: fix compat match/target pad out-of-bound write commit b29c457a6511435960115c0f548c4360d5f4801d upstream. xt_compat_match/target_from_user doesn't check that zeroing the area to start of next rule won't write past end of allocated ruleset blob. Remove this code and zero the entire blob beforehand. Reported-by: syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com Reported-by: Andy Nguyen Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman commit 8119a2b42028c7ab722aad73cd21efd8c0e580e2 Author: Pavel Begunkov Date: Fri Nov 20 17:10:28 2020 +0000 block: don't ignore REQ_NOWAIT for direct IO [ Upstream commit f8b78caf21d5bc3fcfc40c18898f9d52ed1451a5 ] If IOCB_NOWAIT is set on submission, then that needs to get propagated to REQ_NOWAIT on the block side. Otherwise we completely lose this information, and any issuer of IOCB_NOWAIT IO will potentially end up blocking on eg request allocation on the storage side. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 2d71bffbe9a0f2b25d4ba03df21bddd5dbdfa9cc Author: Zihao Yu Date: Wed Mar 17 16:17:25 2021 +0800 riscv,entry: fix misaligned base for excp_vect_table [ Upstream commit ac8d0b901f0033b783156ab2dc1a0e73ec42409b ] In RV64, the size of each entry in excp_vect_table is 8 bytes. If the base of the table is not 8-byte aligned, loading an entry in the table will raise a misaligned exception. Although such exception will be handled by opensbi/bbl, this still causes performance degradation. Signed-off-by: Zihao Yu Reviewed-by: Anup Patel Signed-off-by: Palmer Dabbelt Signed-off-by: Sasha Levin commit 90b71ae8e5cf8b868b6a4de55c3cdf878cedfee3 Author: Matthew Wilcox (Oracle) Date: Thu Apr 1 07:46:49 2021 -0400 idr test suite: Create anchor before launching throbber [ Upstream commit 094ffbd1d8eaa27ed426feb8530cb1456348b018 ] The throbber could race with creation of the anchor entry and cause the IDR to have zero entries in it, which would cause the test to fail. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Sasha Levin commit b9299c2bf55472da7225266a7d15287bbf620ee4 Author: Matthew Wilcox (Oracle) Date: Thu Apr 1 07:44:48 2021 -0400 idr test suite: Take RCU read lock in idr_find_test_1 [ Upstream commit 703586410da69eb40062e64d413ca33bd735917a ] When run on a single CPU, this test would frequently access already-freed memory. Due to timing, this bug never showed up on multi-CPU tests. Reported-by: Chris von Recklinghausen Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Sasha Levin commit cde89079ce463e088aaf54e074906939d2467621 Author: Matthew Wilcox (Oracle) Date: Wed Mar 31 14:59:19 2021 -0400 radix tree test suite: Register the main thread with the RCU library [ Upstream commit 1bb4bd266cf39fd2fa711f2d265c558b92df1119 ] Several test runners register individual worker threads with the RCU library, but neglect to register the main thread, which can lead to objects being freed while the main thread is in what appears to be an RCU critical section. Reported-by: Chris von Recklinghausen Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Sasha Levin commit f5b60f26e36be6ae266d7731c41bf01c5b35019c Author: Yufen Yu Date: Wed Mar 31 07:53:59 2021 -0400 block: only update parent bi_status when bio fail [ Upstream commit 3edf5346e4f2ce2fa0c94651a90a8dda169565ee ] For multiple split bios, if one of the bio is fail, the whole should return error to application. But we found there is a race between bio_integrity_verify_fn and bio complete, which return io success to application after one of the bio fail. The race as following: split bio(READ) kworker nvme_complete_rq blk_update_request //split error=0 bio_endio bio_integrity_endio queue_work(kintegrityd_wq, &bip->bip_work); bio_integrity_verify_fn bio_endio //split bio __bio_chain_endio if (!parent->bi_status) nvme_irq blk_update_request //parent error=7 req_bio_endio bio->bi_status = 7 //parent bio parent->bi_status = 0 parent->bi_end_io() // return bi_status=0 The bio has been split as two: split and parent. When split bio completed, it depends on kworker to do endio, while bio_integrity_verify_fn have been interrupted by parent bio complete irq handler. Then, parent bio->bi_status which have been set in irq handler will overwrite by kworker. In fact, even without the above race, we also need to conside the concurrency beteen mulitple split bio complete and update the same parent bi_status. Normally, multiple split bios will be issued to the same hctx and complete from the same irq vector. But if we have updated queue map between multiple split bios, these bios may complete on different hw queue and different irq vector. Then the concurrency update parent bi_status may cause the final status error. Suggested-by: Keith Busch Signed-off-by: Yufen Yu Reviewed-by: Ming Lei Link: https://lore.kernel.org/r/20210331115359.1125679-1-yuyufen@huawei.com Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 5b8f89685a9a4af58feb6a999af23933ce20df94 Author: Dmitry Osipenko Date: Tue Mar 2 16:15:06 2021 +0300 drm/tegra: dc: Don't set PLL clock to 0Hz [ Upstream commit f8fb97c915954fc6de6513cdf277103b5c6df7b3 ] RGB output doesn't allow to change parent clock rate of the display and PCLK rate is set to 0Hz in this case. The tegra_dc_commit_state() shall not set the display clock to 0Hz since this change propagates to the parent clock. The DISP clock is defined as a NODIV clock by the tegra-clk driver and all NODIV clocks use the CLK_SET_RATE_PARENT flag. This bug stayed unnoticed because by default PLLP is used as the parent clock for the display controller and PLLP silently skips the erroneous 0Hz rate changes because it always has active child clocks that don't permit rate changes. The PLLP isn't acceptable for some devices that we want to upstream (like Samsung Galaxy Tab and ASUS TF700T) due to a display panel clock rate requirements that can't be fulfilled by using PLLP and then the bug pops up in this case since parent clock is set to 0Hz, killing the display output. Don't touch DC clock if pclk=0 in order to fix the problem. Signed-off-by: Dmitry Osipenko Signed-off-by: Thierry Reding Signed-off-by: Sasha Levin commit db162d8d7d080efac5483067d73aa2db11fa9d09 Author: Bob Peterson Date: Thu Mar 25 08:51:13 2021 -0400 gfs2: report "already frozen/thawed" errors [ Upstream commit ff132c5f93c06bd4432bbab5c369e468653bdec4 ] Before this patch, gfs2's freeze function failed to report an error when the target file system was already frozen as it should (and as generic vfs function freeze_super does. Similarly, gfs2's thaw function failed to report an error when trying to thaw a file system that is not frozen, as vfs function thaw_super does. The errors were checked, but it always returned a 0 return code. This patch adds the missing error return codes to gfs2 freeze and thaw. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher Signed-off-by: Sasha Levin commit 3c89c724041210ba68a477265354c35a4e09a967 Author: Arnd Bergmann Date: Wed Mar 24 17:47:41 2021 +0100 drm/imx: imx-ldb: fix out of bounds array access warning [ Upstream commit 33ce7f2f95cabb5834cf0906308a5cb6103976da ] When CONFIG_OF is disabled, building with 'make W=1' produces warnings about out of bounds array access: drivers/gpu/drm/imx/imx-ldb.c: In function 'imx_ldb_set_clock.constprop': drivers/gpu/drm/imx/imx-ldb.c:186:8: error: array subscript -22 is below array bounds of 'struct clk *[4]' [-Werror=array-bounds] Add an error check before the index is used, which helps with the warning, as well as any possible other error condition that may be triggered at runtime. The warning could be fixed by adding a Kconfig depedency on CONFIG_OF, but Liu Ying points out that the driver may hit the out-of-bounds problem at runtime anyway. Signed-off-by: Arnd Bergmann Reviewed-by: Liu Ying Signed-off-by: Philipp Zabel Signed-off-by: Sasha Levin commit e1ff1c6bbe4b17a1f9ecb2c53cacf70a09007246 Author: Suzuki K Poulose Date: Tue Mar 23 12:06:30 2021 +0000 KVM: arm64: Disable guest access to trace filter controls [ Upstream commit a354a64d91eec3e0f8ef0eed575b480fd75b999c ] Disable guest access to the Trace Filter control registers. We do not advertise the Trace filter feature to the guest (ID_AA64DFR0_EL1: TRACE_FILT is cleared) already, but the guest can still access the TRFCR_EL1 unless we trap it. This will also make sure that the guest cannot fiddle with the filtering controls set by a nvhe host. Cc: Marc Zyngier Cc: Will Deacon Cc: Mark Rutland Cc: Catalin Marinas Signed-off-by: Suzuki K Poulose Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20210323120647.454211-3-suzuki.poulose@arm.com Signed-off-by: Sasha Levin commit 2012f9f754444ef7c624e5a6e2d1008d84c94dc1 Author: Suzuki K Poulose Date: Tue Mar 23 12:06:29 2021 +0000 KVM: arm64: Hide system instruction access to Trace registers [ Upstream commit 1d676673d665fd2162e7e466dcfbe5373bfdb73e ] Currently we advertise the ID_AA6DFR0_EL1.TRACEVER for the guest, when the trace register accesses are trapped (CPTR_EL2.TTA == 1). So, the guest will get an undefined instruction, if trusts the ID registers and access one of the trace registers. Lets be nice to the guest and hide the feature to avoid unexpected behavior. Even though this can be done at KVM sysreg emulation layer, we do this by removing the TRACEVER from the sanitised feature register field. This is fine as long as the ETM drivers can handle the individual trace units separately, even when there are differences among the CPUs. Cc: Will Deacon Cc: Catalin Marinas Cc: Mark Rutland Signed-off-by: Suzuki K Poulose Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20210323120647.454211-2-suzuki.poulose@arm.com Signed-off-by: Sasha Levin commit cc678e2f372eef83e2070cf3e4246cbf46ba1ab8 Author: Jia-Ju Bai Date: Mon Mar 8 15:09:15 2021 +0200 interconnect: core: fix error return code of icc_link_destroy() [ Upstream commit 715ea61532e731c62392221238906704e63d75b6 ] When krealloc() fails and new is NULL, no error return code of icc_link_destroy() is assigned. To fix this bug, ret is assigned with -ENOMEM hen new is NULL. Reported-by: TOTE Robot Signed-off-by: Jia-Ju Bai Link: https://lore.kernel.org/r/20210306132857.17020-1-baijiaju1990@gmail.com Signed-off-by: Georgi Djakov Signed-off-by: Sasha Levin