aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-11-19drm/i915/gt: Fixup tgl mocs for PTE trackingChris Wilson1-2/+3
Forcing mocs:1 [used for our winsys follows-pte mode] to be cached caused display glitches. Though it is documented as deprecated (and so likely behaves as uncached) use the follow-pte bit and force it out of L3 cache. Testcase: igt/kms_frontbuffer_tracking Testcase: igt/kms_big_fb Signed-off-by: Chris Wilson <[email protected]> Cc: Ayaz A Siddiqui <[email protected]> Cc: Lucas De Marchi <[email protected]> Cc: Matt Roper <[email protected]> Cc: Ville Syrjälä <[email protected]> Cc: Joonas Lahtinen <[email protected]> Reviewed-by: Ville Syrjälä <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] (cherry picked from commit a04ac827366594c7244f60e9be79fcb404af69f0) Fixes: 849c0fe9e831 ("drm/i915/gt: Initialize reserved and unspecified MOCS indices") Signed-off-by: Rodrigo Vivi <[email protected]> [Rodrigo: Updated Fixes tag]
2020-11-20Merge tag 'amd-drm-fixes-5.10-2020-11-18' of ↵Dave Airlie3-7/+8
git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.10-2020-11-18: amdgpu: - Pageflip fix for navi1x with 5 or 6 displays - Remove experimental flag for Arcturus - Fix regression in atomic commit tail rework Signed-off-by: Dave Airlie <[email protected]> From: Alex Deucher <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19fail_function: Remove a redundant mutex unlockLuo Meng1-2/+3
Fix a mutex_unlock() issue where before copy_from_user() is not called mutex_locked. Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework") Reported-by: Hulk Robot <[email protected]> Signed-off-by: Luo Meng <[email protected]> Signed-off-by: Masami Hiramatsu <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Masami Hiramatsu <[email protected]> Link: https://lore.kernel.org/bpf/160570737118.263807.8358435412898356284.stgit@devnote2
2020-11-19Merge branch 'Fix bpf_probe_read_user_str() overcopying'Alexei Starovoitov4-2/+123
Daniel Xu says: ==================== 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers") introduced a subtle bug where bpf_probe_read_user_str() would potentially copy a few extra bytes after the NUL terminator. This issue is particularly nefarious when strings are used as map keys, as seemingly identical strings can occupy multiple entries in a map. This patchset fixes the issue and introduces a selftest to prevent future regressions. v6 -> v7: * Add comments v5 -> v6: * zero-pad up to sizeof(unsigned long) after NUL v4 -> v5: * don't read potentially uninitialized memory v3 -> v4: * directly pass userspace pointer to prog * test more strings of different length v2 -> v3: * set pid filter before attaching prog in selftest * use long instead of int as bpf_probe_read_user_str() retval * style changes v1 -> v2: * add Fixes: tag * add selftest ==================== Signed-off-by: Alexei Starovoitov <[email protected]>
2020-11-19selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes after NULDaniel Xu2-0/+96
Previously, bpf_probe_read_user_str() could potentially overcopy the trailing bytes after the NUL due to how do_strncpy_from_user() does the copy in long-sized strides. The issue has been fixed in the previous commit. This commit adds a selftest that ensures we don't regress bpf_probe_read_user_str() again. Signed-off-by: Daniel Xu <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Song Liu <[email protected]> Acked-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/bpf/4d977508fab4ec5b7b574b85bdf8b398868b6ee9.1605642949.git.dxu@dxuuu.xyz
2020-11-19lib/strncpy_from_user.c: Mask out bytes after NUL terminator.Daniel Xu2-2/+27
do_strncpy_from_user() may copy some extra bytes after the NUL terminator into the destination buffer. This usually does not matter for normal string operations. However, when BPF programs key BPF maps with strings, this matters a lot. A BPF program may read strings from user memory by calling the bpf_probe_read_user_str() helper which eventually calls do_strncpy_from_user(). The program can then key a map with the destination buffer. BPF map keys are fixed-width and string-agnostic, meaning that map keys are treated as a set of bytes. The issue is when do_strncpy_from_user() overcopies bytes after the NUL terminator, it can result in seemingly identical strings occupying multiple slots in a BPF map. This behavior is subtle and totally unexpected by the user. This commit masks out the bytes following the NUL while preserving long-sized stride in the fast path. Fixes: 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers") Signed-off-by: Daniel Xu <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Link: https://lore.kernel.org/bpf/21efc982b3e9f2f7b0379eed642294caaa0c27a7.1605642949.git.dxu@dxuuu.xyz
2020-11-19Merge tag 'powerpc-cve-2020-4788' of ↵Linus Torvalds23-147/+693
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Fixes for CVE-2020-4788. From Daniel's cover letter: IBM Power9 processors can speculatively operate on data in the L1 cache before it has been completely validated, via a way-prediction mechanism. It is not possible for an attacker to determine the contents of impermissible memory using this method, since these systems implement a combination of hardware and software security measures to prevent scenarios where protected data could be leaked. However these measures don't address the scenario where an attacker induces the operating system to speculatively execute instructions using data that the attacker controls. This can be used for example to speculatively bypass "kernel user access prevention" techniques, as discovered by Anthony Steinhauser of Google's Safeside Project. This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack. This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern. This patch series flushes the L1 cache on kernel entry (patch 2) and after the kernel performs any user accesses (patch 3). It also adds a self-test and performs some related cleanups" * tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations selftests/powerpc: refactor entry and rfi_flush tests selftests/powerpc: entry flush test powerpc: Only include kup-radix.h for 64-bit Book3S powerpc/64s: flush L1D after user accesses powerpc/64s: flush L1D on kernel entry selftests/powerpc: rfi_flush: disable entry flush if present
2020-11-19Merge tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensaLinus Torvalds4-5/+22
Pull xtensa fixes from Max Filippov: - fix placement of cache alias remapping area - disable preemption around cache alias management calls - add missing __user annotation to strncpy_from_user argument * tag 'xtensa-20201119' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: uaccess: Add missing __user to strncpy_from_user() prototype xtensa: disable preemption around cache alias management calls xtensa: fix TLBTEMP area placement
2020-11-20drm/vram-helper: Fix use of top-down placementThomas Zimmermann1-1/+1
Commit 7053e0eab473 ("drm/vram-helper: stop using TTM placement flags") cleared the BO placement flags if top-down placement had been selected. Hence, BOs that were supposed to go into VRAM are now placed in a default location in system memory. Trying to scanout the incorrectly pinned BO results in displayed garbage and an error message. [ 146.108127] ------------[ cut here ]------------ [ 146.1V08180] WARNING: CPU: 0 PID: 152 at drivers/gpu/drm/drm_gem_vram_helper.c:284 drm_gem_vram_offset+0x59/0x60 [drm_vram_helper] ... [ 146.108591] ast_cursor_page_flip+0x3e/0x150 [ast] [ 146.108622] ast_cursor_plane_helper_atomic_update+0x8a/0xc0 [ast] [ 146.108654] drm_atomic_helper_commit_planes+0x197/0x4c0 [ 146.108699] drm_atomic_helper_commit_tail_rpm+0x59/0xa0 [ 146.108718] commit_tail+0x103/0x1c0 ... [ 146.109302] ---[ end trace d901a1ba1d949036 ]--- Fix the bug by keeping the placement flags. The top-down placement flag is stored in a separate variable. Signed-off-by: Thomas Zimmermann <[email protected]> Reviewed-by: Christian König <[email protected]> Fixes: 7053e0eab473 ("drm/vram-helper: stop using TTM placement flags") Reported-by: Pu Wen <[email protected]> [for 5.10-rc1] Tested-by: Pu Wen <[email protected]> Cc: Christian König <[email protected]> Cc: Dave Airlie <[email protected]> Cc: Maarten Lankhorst <[email protected]> Cc: Maxime Ripard <[email protected]> Cc: Thomas Zimmermann <[email protected]> Cc: David Airlie <[email protected]> Cc: Daniel Vetter <[email protected]> Cc: [email protected] Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] (cherry picked from commit b8f8dbf6495850b0babc551377bde754b7bc0eea) [pulled into fixes from drm-next] Signed-off-by: Dave Airlie <[email protected]>
2020-11-19Merge tag 'acpi-5.10-rc5' of ↵Linus Torvalds2-0/+5
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix recent regression in the APEI code and initialization issue in the ACPI fan driver. Specifics: - Make the APEI code avoid attempts to obtain logical addresses for registers located in the I/O address space to fix initialization issues (Aili Yao) - Fix sysfs attribute initialization in the ACPI fan driver (Guenter Roeck)" * tag 'acpi-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI, APEI, Fix error return value in apei_map_generic_address() ACPI: fan: Initialize performance state sysfs attribute
2020-11-19Merge tag 'pm-5.10-rc5' of ↵Linus Torvalds3-14/+29
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix two issues in ARM cpufreq drivers and one cpuidle driver issue. Specifics: - Add missing RCU_NONIDLE() annotations to the Tegra cpuidle driver (Dmitry Osipenko) - Fix boot frequency computation in the tegra186 cpufreq driver (Jon Hunter) - Make the SCMI cpufreq driver register a dummy clock provider to avoid OPP addition failures (Sudeep Holla)" * tag 'pm-5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: scmi: Fix OPP addition failure with a dummy clock provider cpufreq: tegra186: Fix get frequency callback cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE
2020-11-19Merge tag 'spi-fix-v5.10-rc4' of ↵Linus Torvalds10-76/+115
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "This is a relatively large set of fixes, the bulk of it being a series from Lukas Wunner which fixes confusion with the lifetime of driver data allocated along with the SPI controller structure that's been created as part of the conversion to devm APIs. The simplest fix, explained in detail in Lukas' commit message, is to move to a devm_ function for allocation of the controller and hence driver data in order to push the free of that after anything tries to reference the driver data in the remove path. This results in a relatively large diff due to the addition of a new function but isn't particularly complex. There's also a fix from Sven van Asbroeck which fixes yet more fallout from the conflicts between the various different places one can configure the polarity of GPIOs in modern systems. Otherwise everything is fairly small and driver specific" * tag 'spi-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: npcm-fiu: Don't leak SPI master in probe error path spi: dw: Set transfer handler before unmasking the IRQs spi: cadence-quadspi: Fix error return code in cqspi_probe spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe spi: lpspi: Fix use-after-free on unbind spi: bcm-qspi: Fix use-after-free on unbind spi: bcm2835aux: Fix use-after-free on unbind spi: bcm2835: Fix use-after-free on unbind spi: Introduce device-managed SPI controller allocation spi: fsi: Fix transfer returning without finalizing message spi: fix client driver breakages when using GPIO descriptors
2020-11-19Merge branch 'net-smc-fixes-2020-11-18'Jakub Kicinski3-5/+7
Karsten Graul says: ==================== net/smc: fixes 2020-11-18 Patch 1 fixes the matching of link groups because with SMC-Dv2 the vlanid should no longer be part of this matching. Patch 2 removes a sparse message. ==================== Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2020-11-19net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()Karsten Graul1-3/+3
Sparse complaints 3 times about: net/smc/smc_ib.c:203:52: warning: incorrect type in argument 1 (different address spaces) net/smc/smc_ib.c:203:52: expected struct net_device const *dev net/smc/smc_ib.c:203:52: got struct net_device [noderef] __rcu *const ndev Fix that by using the existing and validated ndev variable instead of accessing attr->ndev directly. Fixes: 5102eca9039b ("net/smc: Use rdma_read_gid_l2_fields to L2 fields") Signed-off-by: Karsten Graul <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]>
2020-11-19net/smc: fix matching of existing link groupsKarsten Graul2-2/+4
With the multi-subnet support of SMC-Dv2 the match for existing link groups should not include the vlanid of the network device. Set ini->smcd_version accordingly before the call to smc_conn_create() and use this value in smc_conn_create() to skip the vlanid check. Fixes: 5c21c4ccafe8 ("net/smc: determine accepted ISM devices") Signed-off-by: Karsten Graul <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]>
2020-11-19Merge tag 'asoc-fix-v5.10-rc4' of ↵Takashi Iwai8-10/+57
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v5.11 A collection of driver specific fixes, mostly for x86 systems (or CODECs used mostly on x86) and all for relatively minor issues, the biggest one being fixing S24_LE format on Keem Bay systems.
2020-11-19Merge tag 'regulator-fix-v5.10-rc4' of ↵Linus Torvalds3-24/+44
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "Mostly core fixes here, one set from Michał Mirosław which cleans up some issues introduced as part of the coupled regulators work, one memory leak during probe and two due to regulators which have an input supply name and regulator name which are identical, which is very unusual. There's also a fix for our handling of the similarly unusual case where we can't determine if a regulator is enabled during boot" * tag 'regulator-fix-v5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: ti-abb: Fix array out of bound read access on the first transition regulator: workaround self-referent regulators regulator: avoid resolve_supply() infinite recursion regulator: fix memory leak with repeated set_machine_constraints() regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} regulator: core: don't disable regulator if is_enabled return error.
2020-11-19ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 moduleGeorg Kohmann4-33/+32
IPV6=m NF_DEFRAG_IPV6=y ld: net/ipv6/netfilter/nf_conntrack_reasm.o: in function `nf_ct_frag6_gather': net/ipv6/netfilter/nf_conntrack_reasm.c:462: undefined reference to `ipv6_frag_thdr_truncated' Netfilter is depending on ipv6 symbol ipv6_frag_thdr_truncated. This dependency is forcing IPV6=y. Remove this dependency by moving ipv6_frag_thdr_truncated out of ipv6. This is the same solution as used with a similar issues: Referring to commit 70b095c843266 ("ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module") Fixes: 9d9e937b1c8b ("ipv6/netfilter: Discard first fragment not including all headers") Reported-by: Randy Dunlap <[email protected]> Reported-by: kernel test robot <[email protected]> Signed-off-by: Georg Kohmann <[email protected]> Acked-by: Pablo Neira Ayuso <[email protected]> Acked-by: Randy Dunlap <[email protected]> # build-tested Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2020-11-19Merge tag 'thermal-v5.10-rc5' of ↵Linus Torvalds1-2/+16
git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux Pull thermal fix from Daniel Lezcano: "Disable the CPU PM notifier for OMAP4430 for suspend in order to prevent wrong temperature leading to a critical shutdown (Peter Ujfalusi)" * tag 'thermal-v5.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: thermal: ti-soc-thermal: Disable the CPU PM notifier for OMAP4430
2020-11-19ALSA: mixart: Fix mutex deadlockTakashi Iwai1-3/+2
The code change for switching to non-atomic mode brought the unexpected mutex deadlock in get_msg(). It converted the spinlock with the existing mutex, but there were calls with the already holding the mutex. Since the only place that needs the extra lock is the code path from snd_mixart_send_msg(), remove the mutex lock in get_msg() and apply in the caller side for fixing the mutex deadlock. Fixes: 8d3a8b5cb57d ("ALSA: mixart: Use nonatomic PCM ops") Reported-by: Dan Carpenter <[email protected]> Cc: <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]>
2020-11-19xfs: don't allow NOWAIT DIO across extent boundariesDave Chinner1-0/+29
Jens has reported a situation where partial direct IOs can be issued and completed yet still return -EAGAIN. We don't want this to report a short IO as we want XFS to complete user DIO entirely or not at all. This partial IO situation can occur on a write IO that is split across an allocated extent and a hole, and the second mapping is returning EAGAIN because allocation would be required. The trivial reproducer: $ sudo xfs_io -fdt -c "pwrite 0 4k" -c "pwrite -V 1 -b 8k -N 0 8k" /mnt/scr/foo wrote 4096/4096 bytes at offset 0 4 KiB, 1 ops; 0.0001 sec (27.509 MiB/sec and 7042.2535 ops/sec) pwrite: Resource temporarily unavailable $ The pwritev2(0, 8kB, RWF_NOWAIT) call returns EAGAIN having done the first 4kB write: xfs_file_direct_write: dev 259:1 ino 0x83 size 0x1000 offset 0x0 count 0x2000 iomap_apply: dev 259:1 ino 0x83 pos 0 length 8192 flags WRITE|DIRECT|NOWAIT (0x31) ops xfs_direct_write_iomap_ops caller iomap_dio_rw actor iomap_dio_actor xfs_ilock_nowait: dev 259:1 ino 0x83 flags ILOCK_SHARED caller xfs_ilock_for_iomap xfs_iunlock: dev 259:1 ino 0x83 flags ILOCK_SHARED caller xfs_direct_write_iomap_begin xfs_iomap_found: dev 259:1 ino 0x83 size 0x1000 offset 0x0 count 8192 fork data startoff 0x0 startblock 24 blockcount 0x1 iomap_apply_dstmap: dev 259:1 ino 0x83 bdev 259:1 addr 102400 offset 0 length 4096 type MAPPED flags DIRTY Here the first iomap loop has mapped the first 4kB of the file and issued the IO, and we enter the second iomap_apply loop: iomap_apply: dev 259:1 ino 0x83 pos 4096 length 4096 flags WRITE|DIRECT|NOWAIT (0x31) ops xfs_direct_write_iomap_ops caller iomap_dio_rw actor iomap_dio_actor xfs_ilock_nowait: dev 259:1 ino 0x83 flags ILOCK_SHARED caller xfs_ilock_for_iomap xfs_iunlock: dev 259:1 ino 0x83 flags ILOCK_SHARED caller xfs_direct_write_iomap_begin And we exit with -EAGAIN out because we hit the allocate case trying to make the second 4kB block. Then IO completes on the first 4kB and the original IO context completes and unlocks the inode, returning -EAGAIN to userspace: xfs_end_io_direct_write: dev 259:1 ino 0x83 isize 0x1000 disize 0x1000 offset 0x0 count 4096 xfs_iunlock: dev 259:1 ino 0x83 flags IOLOCK_SHARED caller xfs_file_dio_aio_write There are other vectors to the same problem when we re-enter the mapping code if we have to make multiple mappinfs under NOWAIT conditions. e.g. failing trylocks, COW extents being found, allocation being required, and so on. Avoid all these potential problems by only allowing IOMAP_NOWAIT IO to go ahead if the mapping we retrieve for the IO spans an entire allocated extent. This avoids the possibility of subsequent mappings to complete the IO from triggering NOWAIT semantics by any means as NOWAIT IO will now only enter the mapping code once per NOWAIT IO. Reported-and-tested-by: Jens Axboe <[email protected]> Signed-off-by: Dave Chinner <[email protected]> Reviewed-by: Darrick J. Wong <[email protected]> Signed-off-by: Darrick J. Wong <[email protected]>
2020-11-19libbpf: Fix VERSIONED_SYM_COUNT number parsingJiri Olsa1-0/+2
We remove "other info" from "readelf -s --wide" output when parsing GLOBAL_SYM_COUNT variable, which was added in [1]. But we don't do that for VERSIONED_SYM_COUNT and it's failing the check_abi target on powerpc Fedora 33. The extra "other info" wasn't problem for VERSIONED_SYM_COUNT parsing until commit [2] added awk in the pipe, which assumes that the last column is symbol, but it can be "other info". Adding "other info" removal for VERSIONED_SYM_COUNT the same way as we did for GLOBAL_SYM_COUNT parsing. [1] aa915931ac3e ("libbpf: Fix readelf output parsing for Fedora") [2] 746f534a4809 ("tools/libbpf: Avoid counting local symbols in ABI check") Fixes: 746f534a4809 ("tools/libbpf: Avoid counting local symbols in ABI check") Signed-off-by: Jiri Olsa <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
2020-11-19Merge tag 'nvme-5.10-2020-11-19' of git://git.infradead.org/nvme into block-5.10Jens Axboe3-13/+33
Pull NVMe fixes from Christoph: "nvme fixes for 5.10 - Doorbell Buffer freeing fix (Minwoo Im) - CSE log leak fix (Keith Busch)" * tag 'nvme-5.10-2020-11-19' of git://git.infradead.org/nvme: nvme: fix memory leak freeing command effects nvme: directly cache command effects log nvme: free sq/cq dbbuf pointers when dbbuf set fails
2020-11-19HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiverHans de Goede2-0/+26
Some users are pairing the Dinovo keyboards with the MX5000 or MX5500 receivers, instead of with the Dinovo receivers. The receivers are mostly the same (and the air protocol obviously is compatible) but currently the Dinovo receivers are handled by hid-lg.c while the MX5x00 receivers are handled by logitech-dj.c. When using a Dinovo keyboard, with its builtin touchpad, through logitech-dj.c then the touchpad stops working because when asking the receiver for paired devices, we get only 1 paired device with a device_type of REPORT_TYPE_KEYBOARD. And since we don't see a paired mouse, we have nowhere to send mouse-events to, so we drop them. Extend the existing fix for the Dinovo Edge for this to also cover the Dinovo Mini keyboard and also add a mapping to logitech-hidpp for the Media key on the Dinovo Mini, so that that keeps working too. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1811424 Fixes: f2113c3020ef ("HID: logitech-dj: add support for Logitech Bluetooth Mini-Receiver") Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Benjamin Tissoires <[email protected]>
2020-11-19HID: logitech-dj: Fix an error in mse_bluetooth_descriptorHans de Goede1-1/+1
Fix an error in the mouse / INPUT(2) descriptor used for quad/bt2.0 combo receivers. Replace INPUT with INPUT (Data,Var,Abs) for the field for the 4 extra buttons which share their report-byte with the low-res hwheel. This is likely a copy and paste error. I've verified that the new 0x81, 0x02 value matches both the mouse descriptor for the currently supported MX5000 / MX5500 receivers, as well as the INPUT(2) mouse descriptors for the Dinovo receivers for which support is being worked on. Cc: [email protected] Fixes: f2113c3020ef ("HID: logitech-dj: add support for Logitech Bluetooth Mini-Receiver") Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Benjamin Tissoires <[email protected]>
2020-11-19drm/vc4: hdmi: Disable Wifi FrequenciesMaxime Ripard2-0/+29
There's cross-talk on the RPi4 between the 2.4GHz channels used by the WiFi chip and some resolutions, most notably 1440p at 60Hz. In such a case, we can either reject entirely the mode, or lower slightly the pixel frequency to remove the overlap. Let's go for the latter. Signed-off-by: Maxime Ripard <[email protected]> Acked-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19dt-bindings: display: Add a property to deal with WiFi coexistenceMaxime Ripard1-0/+6
The RaspberryPi4 has both a WiFi chip and HDMI outputs capable of doing 4k. Unfortunately, the 1440p resolution at 60Hz has a TMDS rate on the HDMI cable right in the middle of the first Wifi channel. Add a property to our HDMI controller, that could be reused by other similar HDMI controllers, to allow the OS to take whatever measure is necessary to avoid that crosstalk. Signed-off-by: Maxime Ripard <[email protected]> Reviewed-by: Nicolas Saenz Julienne <[email protected]> Reviewed-by: Rob Herring <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19Revert "iommu/vt-d: Take CONFIG_PCI_ATS into account"Thomas Gleixner1-2/+0
This reverts commit 8986f223bd777a73119f5d593c15b4d630ff49bb. The proper fix is queued in Will's tree now Signed-off-by: Thomas Gleixner <[email protected]>
2020-11-19drm/vc4: kms: Document the muxing corner casesMaxime Ripard1-0/+22
We've had a number of muxing corner-cases with specific ways to reproduce them, so let's document them to make sure they aren't lost and introduce regressions later on. Signed-off-by: Maxime Ripard <[email protected]> Tested-by: Hoegeun Kwon <[email protected]> Reviewed-by: Hoegeun Kwon <[email protected]> Acked-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: kms: Split the HVS muxing check in a separate functionMaxime Ripard1-3/+15
The code that assigns HVS channels during atomic_check is starting to grow a bit big, let's move it into a separate function. Signed-off-by: Maxime Ripard <[email protected]> Tested-by: Hoegeun Kwon <[email protected]> Reviewed-by: Hoegeun Kwon <[email protected]> Reviewed-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: kms: Rename NUM_CHANNELSMaxime Ripard1-3/+3
The NUM_CHANNELS define has a pretty generic name and was right before the function using it. Let's move to something that makes the hardware-specific nature more obvious, and to a more appropriate place. Signed-off-by: Maxime Ripard <[email protected]> Tested-by: Hoegeun Kwon <[email protected]> Reviewed-by: Hoegeun Kwon <[email protected]> Reviewed-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: kms: Remove useless defineMaxime Ripard1-1/+0
NUM_OUTPUTS isn't used anymore, let's remove it. Signed-off-by: Maxime Ripard <[email protected]> Tested-by: Hoegeun Kwon <[email protected]> Reviewed-by: Hoegeun Kwon <[email protected]> Reviewed-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: kms: Switch to drmm_add_action_or_resetMaxime Ripard1-2/+2
Even though it was pointed in the review by Daniel, and I thought to have fixed it while applying the patches, but it turns out I forgot to commit the fixes in the process. Properly fix it this time. Fixes: dcda7c28bff2 ("drm/vc4: kms: Add functions to create the state objects") Signed-off-by: Maxime Ripard <[email protected]> Reviewed-by: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: hdmi: Block odd horizontal timingsMaxime Ripard2-0/+15
The FIFO between the pixelvalve and the HDMI controller runs at 2 pixels per clock cycle, and cannot deal with odd timings. Let's reject any mode with such timings. Signed-off-by: Maxime Ripard <[email protected]> Reviewed-by: Dave Stevenson <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19drm/vc4: hdmi: Make sure our clock rate is within limitsMaxime Ripard1-0/+15
The HDMI controller cannot go above a certain pixel rate limit depending on the generations, but that limit is only enforced in mode_valid at the moment, which means that we won't advertise modes that exceed that limit, but the userspace is still free to try to setup a mode that would. Implement atomic_check to make sure we check it in that scenario too. Signed-off-by: Maxime Ripard <[email protected]> Reviewed-by: Dave Stevenson <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2020-11-19Merge branch 'acpi-fan'Rafael J. Wysocki1-0/+1
* acpi-fan: ACPI: fan: Initialize performance state sysfs attribute
2020-11-19Merge branch 'pm-cpuidle'Rafael J. Wysocki1-2/+2
* pm-cpuidle: cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE
2020-11-19powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigationsDaniel Axtens4-9/+11
pseries|pnv_setup_rfi_flush already does the count cache flush setup, and we just added entry and uaccess flushes. So the name is not very accurate any more. In both platforms we then also immediately setup the STF flush. Rename them to _setup_security_mitigations and fold the STF flush in. Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19selftests/powerpc: refactor entry and rfi_flush testsDaniel Axtens6-120/+96
For simplicity in backporting, the original entry_flush test contained a lot of duplicated code from the rfi_flush test. De-duplicate that code. Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19selftests/powerpc: entry flush testDaniel Axtens3-1/+200
Add a test modelled on the RFI flush test which counts the number of L1D misses doing a simple syscall with the entry flush on and off. For simplicity of backporting, this test duplicates a lot of code from rfi_flush. We clean that up in the next patch. Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19powerpc: Only include kup-radix.h for 64-bit Book3SMichael Ellerman3-6/+11
In kup.h we currently include kup-radix.h for all 64-bit builds, which includes Book3S and Book3E. The latter doesn't make sense, Book3E never uses the Radix MMU. This has worked up until now, but almost by accident, and the recent uaccess flush changes introduced a build breakage on Book3E because of the bad structure of the code. So disentangle things so that we only use kup-radix.h for Book3S. This requires some more stubs in kup.h and fixing an include in syscall_64.c. Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19powerpc/64s: flush L1D after user accessesNicholas Piggin13-90/+233
IBM Power9 processors can speculatively operate on data in the L1 cache before it has been completely validated, via a way-prediction mechanism. It is not possible for an attacker to determine the contents of impermissible memory using this method, since these systems implement a combination of hardware and software security measures to prevent scenarios where protected data could be leaked. However these measures don't address the scenario where an attacker induces the operating system to speculatively execute instructions using data that the attacker controls. This can be used for example to speculatively bypass "kernel user access prevention" techniques, as discovered by Anthony Steinhauser of Google's Safeside Project. This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack. This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern. This patch flushes the L1 cache after user accesses. This is part of the fix for CVE-2020-4788. Signed-off-by: Nicholas Piggin <[email protected]> Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19powerpc/64s: flush L1D on kernel entryNicholas Piggin11-2/+200
IBM Power9 processors can speculatively operate on data in the L1 cache before it has been completely validated, via a way-prediction mechanism. It is not possible for an attacker to determine the contents of impermissible memory using this method, since these systems implement a combination of hardware and software security measures to prevent scenarios where protected data could be leaked. However these measures don't address the scenario where an attacker induces the operating system to speculatively execute instructions using data that the attacker controls. This can be used for example to speculatively bypass "kernel user access prevention" techniques, as discovered by Anthony Steinhauser of Google's Safeside Project. This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack. This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern. This patch flushes the L1 cache on kernel entry. This is part of the fix for CVE-2020-4788. Signed-off-by: Nicholas Piggin <[email protected]> Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19selftests/powerpc: rfi_flush: disable entry flush if presentRussell Currey1-6/+29
We are about to add an entry flush. The rfi (exit) flush test measures the number of L1D flushes over a syscall with the RFI flush enabled and disabled. But if the entry flush is also enabled, the effect of enabling and disabling the RFI flush is masked. If there is a debugfs entry for the entry flush, disable it during the RFI flush and restore it later. Reported-by: Spoorthy S <[email protected]> Signed-off-by: Russell Currey <[email protected]> Signed-off-by: Daniel Axtens <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
2020-11-19ALSA: hda/ca0132: Fix compile warning without PCITakashi Iwai1-0/+2
CONFIG_PCI=n leads to a compile warning like: sound/pci/hda/patch_ca0132.c:8214:10: warning: no case matching constant switch condition '0' due to the missed handling of QUIRK_NONE in ca0132_mmio_init(). Fix it. Fixes: bf2aa9ccc8e5 ("ALSA: hda/ca0132 - Cleanup ca0132_mmio_init function.") Reported-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]>
2020-11-19MAINTAINERS: Temporarily add myself to the IOMMU entryWill Deacon1-0/+1
Joerg is recovering from an injury, so temporarily add myself to the IOMMU MAINTAINERS entry so that I'm more likely to get CC'd on patches while I help to look after the tree for him. Suggested-by: Joerg Roedel <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Will Deacon <[email protected]>
2020-11-19iommu/vt-d: Fix compile error with CONFIG_PCI_ATS not setLu Baolu1-1/+3
Fix the compile error below (CONFIG_PCI_ATS not set): drivers/iommu/intel/dmar.c: In function ‘vf_inherit_msi_domain’: drivers/iommu/intel/dmar.c:338:59: error: ‘struct pci_dev’ has no member named ‘physfn’; did you mean ‘is_physfn’? 338 | dev_set_msi_domain(&pdev->dev, dev_get_msi_domain(&pdev->physfn->dev)); | ^~~~~~ | is_physfn Fixes: ff828729be44 ("iommu/vt-d: Cure VF irqdomain hickup") Reported-by: Geert Uytterhoeven <[email protected]> Signed-off-by: Lu Baolu <[email protected]> Cc: Thomas Gleixner <[email protected]> Link: https://lore.kernel.org/linux-iommu/CAMuHMdXA7wfJovmfSH2nbAhN0cPyCiFHodTvg4a8Hm9rx5Dj-w@mail.gmail.com/ Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Will Deacon <[email protected]>
2020-11-19Merge tag 'x86-urgent-2020-11-15' of ↵Will Deacon3-14/+21
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into for-next/iommu/fixes Pull in x86 fixes from Thomas, as they include a change to the Intel DMAR code on which we depend: * tag 'x86-urgent-2020-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: iommu/vt-d: Cure VF irqdomain hickup x86/platform/uv: Fix copied UV5 output archtype x86/platform/uv: Drop last traces of uv_flush_tlb_others
2020-11-19ARM: dts: dra76x: m_can: fix order of clocksMarc Kleine-Budde1-2/+2
According to the bosch,m_can.yaml bindings the first clock shall be the "hclk", while the second clock "cclk". This patch fixes the order accordingly. Fixes: 0adbe832f21a ("ARM: dts: dra76x: Add MCAN node") Cc: Faiz Abbas <[email protected]> Cc: Tony Lindgren <[email protected]> Cc: [email protected] Signed-off-by: Marc Kleine-Budde <[email protected]> Signed-off-by: Tony Lindgren <[email protected]>
2020-11-19bus: ti-sysc: suppress err msg for timers used as clockevent/sourceGrygorii Strashko1-1/+1
GP Timers used as clockevent/source are not available for ti-sysc bus and handled by Kernel timekeeping core. Now ti-sysc produces error message every time such timer is detected: "ti-sysc: probe of 48040000.target-module failed with error -16" Such messages are not necessary, so suppress them by returning -ENXIO instead of -EBUSY. Fixes: 6cfcd5563b4f ("clocksource/drivers/timer-ti-dm: Fix suspend and resume for am3 and am4") Signed-off-by: Grygorii Strashko <[email protected]> Signed-off-by: Tony Lindgren <[email protected]>