1. 04 Apr, 2021 3 commits
    • Linus Torvalds's avatar
      Linux 5.12-rc6 · e49d033b
      Linus Torvalds authored
      e49d033b
    • Zheyu Ma's avatar
      firewire: nosy: Fix a use-after-free bug in nosy_ioctl() · 829933ef
      Zheyu Ma authored
      For each device, the nosy driver allocates a pcilynx structure.
      A use-after-free might happen in the following scenario:
      
       1. Open nosy device for the first time and call ioctl with command
          NOSY_IOC_START, then a new client A will be malloced and added to
          doubly linked list.
       2. Open nosy device for the second time and call ioctl with command
          NOSY_IOC_START, then a new client B will be malloced and added to
          doubly linked list.
       3. Call ioctl with command NOSY_IOC_START for client A, then client A
          will be readded to the doubly linked list. Now the doubly linked
          list is messed up.
       4. Close the first nosy device and nosy_release will be called. In
          nosy_release, client A will be unlinked and freed.
       5. Close the second nosy device, and client A will be referenced,
          resulting in UAF.
      
      The root cause of this bug is that the element in the doubly linked list
      is reentered into the list.
      
      Fix this bug by adding a check before inserting a client.  If a client
      is already in the linked list, don't insert it.
      
      The following KASAN report reveals it:
      
         BUG: KASAN: use-after-free in nosy_release+0x1ea/0x210
         Write of size 8 at addr ffff888102ad7360 by task poc
         CPU: 3 PID: 337 Comm: poc Not tainted 5.12.0-rc5+ #6
         Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
         Call Trace:
           nosy_release+0x1ea/0x210
           __fput+0x1e2/0x840
           task_work_run+0xe8/0x180
           exit_to_user_mode_prepare+0x114/0x120
           syscall_exit_to_user_mode+0x1d/0x40
           entry_SYSCALL_64_after_hwframe+0x44/0xae
      
         Allocated by task 337:
           nosy_open+0x154/0x4d0
           misc_open+0x2ec/0x410
           chrdev_open+0x20d/0x5a0
           do_dentry_open+0x40f/0xe80
           path_openat+0x1cf9/0x37b0
           do_filp_open+0x16d/0x390
           do_sys_openat2+0x11d/0x360
           __x64_sys_open+0xfd/0x1a0
           do_syscall_64+0x33/0x40
           entry_SYSCALL_64_after_hwframe+0x44/0xae
      
         Freed by task 337:
           kfree+0x8f/0x210
           nosy_release+0x158/0x210
           __fput+0x1e2/0x840
           task_work_run+0xe8/0x180
           exit_to_user_mode_prepare+0x114/0x120
           syscall_exit_to_user_mode+0x1d/0x40
           entry_SYSCALL_64_after_hwframe+0x44/0xae
      
         The buggy address belongs to the object at ffff888102ad7300 which belongs to the cache kmalloc-128 of size 128
         The buggy address is located 96 bytes inside of 128-byte region [ffff888102ad7300, ffff888102ad7380)
      
      [ Modified to use 'list_empty()' inside proper lock  - Linus ]
      
      Link: https://lore.kernel.org/lkml/1617433116-5930-1-git-send-email-zheyuma97@gmail.com/
      
      Reported-and-tested-by: default avatar马哲宇 (Zheyu Ma) <zheyuma97@gmail.com>
      Signed-off-by: default avatarZheyu Ma <zheyuma97@gmail.com>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      829933ef
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://github.com/openrisc/linux · 2023a53b
      Linus Torvalds authored
      Pull OpenRISC fix from Stafford Horne:
       "Fix duplicate header include in Litex SOC driver"
      
      * tag 'for-linus' of git://github.com/openrisc/linux:
        soc: litex: Remove duplicated header file inclusion
      2023a53b
  2. 03 Apr, 2021 17 commits
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-04-03' of git://git.kernel.dk/linux-block · d83e98f9
      Linus Torvalds authored
      POull io_uring fix from Jens Axboe:
       "Just fixing a silly braino in a previous patch, where we'd end up
        failing to compile if CONFIG_BLOCK isn't enabled.
      
        Not that a lot of people do that, but kernel bot spotted it and it's
        probably prudent to just flush this out now before -rc6.
      
        Sorry about that, none of my test compile configs have !CONFIG_BLOCK"
      
      * tag 'io_uring-5.12-2021-04-03' of git://git.kernel.dk/linux-block:
        io_uring: fix !CONFIG_BLOCK compilation failure
      d83e98f9
    • Zhen Lei's avatar
      soc: litex: Remove duplicated header file inclusion · 1683f7de
      Zhen Lei authored
      
      
      The header file <linux/errno.h> is already included above and can be
      removed here.
      Signed-off-by: default avatarZhen Lei <thunder.leizhen@huawei.com>
      Signed-off-by: default avatarMateusz Holenko <mholenko@antmicro.com>
      Signed-off-by: default avatarStafford Horne <shorne@gmail.com>
      1683f7de
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v5.12-rc2-fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · 8e29be34
      Linus Torvalds authored
      Pull gfs2 fixes from Andreas Gruenbacher:
       "Two more gfs2 fixes"
      
      * tag 'gfs2-v5.12-rc2-fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: report "already frozen/thawed" errors
        gfs2: Flag a withdraw if init_threads() fails
      8e29be34
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 7fd7d5c2
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
       "A handful of fixes for 5.12:
      
         - fix a stack tracing regression related to "const register asm"
           variables, which have unexpected behavior.
      
         - ensure the value to be written by put_user() is evaluated before
           enabling access to userspace memory..
      
         - align the exception vector table correctly, so we don't rely on the
           firmware's handling of unaligned accesses.
      
         - build fix to make NUMA depend on MMU, which triggered on some
           randconfigs"
      
      * tag 'riscv-for-linus-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Make NUMA depend on MMU
        riscv: remove unneeded semicolon
        riscv,entry: fix misaligned base for excp_vect_table
        riscv: evaluate put_user() arg before enabling user access
        riscv: Drop const annotation for sp
      7fd7d5c2
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.12-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 9c2ef23e
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Fix a bug on pseries where spurious wakeups from H_PROD would prevent
        partition migration from succeeding.
      
        Fix oopses seen in pcpu_alloc(), caused by parallel faults of the
        percpu mapping causing us to corrupt the protection key used for the
        mapping, and cause a fatal key fault.
      
        Thanks to Aneesh Kumar K.V, Murilo Opsfelder Araujo, and Nathan Lynch"
      
      * tag 'powerpc-5.12-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/mm/book3s64: Use the correct storage key value when calling H_PROTECT
        powerpc/pseries/mobility: handle premature return from H_JOIN
        powerpc/pseries/mobility: use struct for shared state
      9c2ef23e
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20210402' of... · fa161995
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20210402' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull Hyper-V fixes from Wei Liu:
       "One fix from Lu Yunlong for a double free in hvfb_probe"
      
      * tag 'hyperv-fixes-signed-20210402' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        video: hyperv_fb: Fix a double free in hvfb_probe
      fa161995
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.12-rc6' of... · f5664825
      Linus Torvalds authored
      Merge tag 'driver-core-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fix from Greg KH:
       "Here is a single driver core fix for a reported problem with differed
        probing. It has been in linux-next for a while with no reported
        problems"
      
      * tag 'driver-core-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        driver core: clear deferred probe reason on probe retry
      f5664825
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · a443930a
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are a few small driver char/misc changes for 5.12-rc6.
      
        Nothing major here, a few fixes for reported issues:
      
         - interconnect fixes for problems found
      
         - fbcon syzbot-found fix
      
         - extcon fixes
      
         - firmware stratix10 bugfix
      
         - MAINTAINERS file update.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
        mei: allow map and unmap of client dma buffer only for disconnected client
        MAINTAINERS: Add linux-phy list and patchwork
        interconnect: Fix kerneldoc warning
        firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
        extcon: Fix error handling in extcon_dev_register
        extcon: Add stubs for extcon_register_notifier_all() functions
        interconnect: core: fix error return code of icc_link_destroy()
        interconnect: qcom: msm8939: remove rpm-ids from non-RPM nodes
      a443930a
    • Linus Torvalds's avatar
      Merge tag 'staging-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 3e707eb6
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are two rtl8192e staging driver fixes for reported problems.
      
        Both of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8192e: Change state information from u16 to u8
        staging: rtl8192e: Fix incorrect source in memcpy()
      3e707eb6
    • Linus Torvalds's avatar
      Merge tag 'tty-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 0d2c5a9e
      Linus Torvalds authored
      Pull serial driver fix from Greg KH:
       "Here is a single serial driver fix for 5.12-rc6. Is is a revert of a
        change that showed up in 5.9 that has been reported to cause problems.
      
        It has been in linux-next for a while with no reported issues"
      
      * tag 'tty-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        soc: qcom-geni-se: Cleanup the code to remove proxy votes
      0d2c5a9e
    • Linus Torvalds's avatar
      Merge tag 'usb-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · de879a8d
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a few small USB driver fixes for 5.12-rc6 to resolve reported
        problems.
      
        They include:
      
         - a number of cdc-acm fixes for reported problems. It seems more
           people are using this driver lately...
      
         - dwc3 driver fixes for reported problems, and fixes for the fixes :)
      
         - dwc2 driver fixes for reported issues.
      
         - musb driver fix.
      
         - new USB quirk additions.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (23 commits)
        usb: dwc2: Prevent core suspend when port connection flag is 0
        usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
        usb: musb: Fix suspend with devices connected for a64
        usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
        usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
        usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
        USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
        USB: cdc-acm: do not log successful probe on later errors
        USB: cdc-acm: always claim data interface
        USB: cdc-acm: use negation for NULL checks
        USB: cdc-acm: clean up probe error labels
        USB: cdc-acm: drop redundant driver-data reset
        USB: cdc-acm: drop redundant driver-data assignment
        USB: cdc-acm: fix use-after-free after probe failure
        USB: cdc-acm: fix double free on probe failure
        USB: cdc-acm: downgrade message to debug
        USB: cdc-acm: untangle a circular dependency between callback and softint
        cdc-acm: fix BREAK rx code path adding necessary calls
        usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
        usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
        ...
      de879a8d
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 57fbdb15
      Linus Torvalds authored
      Pull SCSI fix from James Bottomley:
       "A single fix to iscsi for a rare race condition which can cause a
        kernel panic"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: iscsi: Fix race condition between login and sync thread
      57fbdb15
    • Jens Axboe's avatar
      io_uring: fix !CONFIG_BLOCK compilation failure · e82ad485
      Jens Axboe authored
      kernel test robot correctly pinpoints a compilation failure if
      CONFIG_BLOCK isn't set:
      
      fs/io_uring.c: In function '__io_complete_rw':
      >> fs/io_uring.c:2509:48: error: implicit declaration of function 'io_rw_should_reissue'; did you mean 'io_rw_reissue'? [-Werror=implicit-function-declaration]
          2509 |  if ((res == -EAGAIN || res == -EOPNOTSUPP) && io_rw_should_reissue(req)) {
               |                                                ^~~~~~~~~~~~~~~~~~~~
               |                                                io_rw_reissue
          cc1: some warnings being treated as errors
      
      Ensure that we have a stub declaration of io_rw_should_reissue() for
      !CONFIG_BLOCK.
      
      Fixes: 230d50d4
      
       ("io_uring: move reissue into regular IO path")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      e82ad485
    • Linus Torvalds's avatar
      Merge tag 'block-5.12-2021-04-02' of git://git.kernel.dk/linux-block · d93a0d43
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Remove comment that never came to fruition in 22 years of development
         (Christoph)
      
       - Remove unused request flag (Christoph)
      
       - Fix for null_blk fake timeout handling (Damien)
      
       - Fix for IOCB_NOWAIT being ignored for O_DIRECT on raw bdevs (Pavel)
      
       - Error propagation fix for multiple split bios (Yufen)
      
      * tag 'block-5.12-2021-04-02' of git://git.kernel.dk/linux-block:
        block: remove the unused RQF_ALLOCED flag
        block: update a few comments in uapi/linux/blkpg.h
        block: don't ignore REQ_NOWAIT for direct IO
        null_blk: fix command timeout completion handling
        block: only update parent bi_status when bio fail
      d93a0d43
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-04-02' of git://git.kernel.dk/linux-block · 1faccb63
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Nothing really major in here, and finally nothing really related to
        signals. A few minor fixups related to the threading changes, and some
        general fixes, that's it.
      
        There's the pending gdb-get-confused-about-arch, but that's more of a
        cosmetic issue, nothing that hinder use of it. And given that other
        archs will likely be affected by that oddity too, better to postpone
        any changes there until 5.13 imho"
      
      * tag 'io_uring-5.12-2021-04-02' of git://git.kernel.dk/linux-block:
        io_uring: move reissue into regular IO path
        io_uring: fix EIOCBQUEUED iter revert
        io_uring/io-wq: protect against sprintf overflow
        io_uring: don't mark S_ISBLK async work as unbounded
        io_uring: drop sqd lock before handling signals for SQPOLL
        io_uring: handle setup-failed ctx in kill_timeouts
        io_uring: always go for cancellation spin on exec
      1faccb63
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 0a84c2e4
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix an ACPI tables management issue, an issue related to the
        ACPI enumeration of devices and CPU wakeup in the ACPI processor
        driver.
      
        Specifics:
      
         - Ensure that the memory occupied by ACPI tables on x86 will always
           be reserved to prevent it from being allocated for other purposes
           which was possible in some cases (Rafael Wysocki).
      
         - Fix the ACPI device enumeration code to prevent it from attempting
           to evaluate the _STA control method for devices with unmet
           dependencies which is likely to fail (Hans de Goede).
      
         - Fix the handling of CPU0 wakeup in the ACPI processor driver to
           prevent CPU0 online failures from occurring (Vitaly Kuznetsov)"
      
      * tag 'acpi-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()
        ACPI: scan: Fix _STA getting called on devices with unmet dependencies
        ACPI: tables: x86: Reserve memory occupied by ACPI tables
      0a84c2e4
    • Linus Torvalds's avatar
      Merge tag 'pm-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 9314a0e9
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix a race condition and an ordering issue related to using
        device links in the runtime PM framework and two kerneldoc comments in
        cpufreq.
      
        Specifics:
      
         - Fix race condition related to the handling of supplier devices
           during consumer device probe and fix the order of decrementation of
           two related reference counters in the runtime PM core code handling
           supplier devices (Adrian Hunter).
      
         - Fix kerneldoc comments in cpufreq that have not been updated along
           with the functions documented by them (Geert Uytterhoeven)"
      
      * tag 'pm-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM: runtime: Fix race getting/putting suppliers at probe
        PM: runtime: Fix ordering in pm_runtime_get_suppliers()
        cpufreq: Fix scaling_{available,boost}_frequencies_show() comments
      9314a0e9
  3. 02 Apr, 2021 13 commits
  4. 01 Apr, 2021 7 commits
    • Sean Christopherson's avatar
      kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled · 6a3193cd
      Sean Christopherson authored
      Merge module sections only when using Clang LTO. With ld.bfd, merging
      sections does not appear to update the symbol tables for the module,
      e.g. 'readelf -s' shows the value that a symbol would have had, if
      sections were not merged. ld.lld does not show this problem.
      
      The stale symbol table breaks gdb's function disassembler, and presumably
      other things, e.g.
      
        gdb -batch -ex "file arch/x86/kvm/kvm.ko" -ex "disassemble kvm_init"
      
      reads the wrong bytes and dumps garbage.
      
      Fixes: dd277622
      
       ("kbuild: lto: merge module sections")
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Reviewed-by: default avatarSami Tolvanen <samitolvanen@google.com>
      Tested-by: default avatarSami Tolvanen <samitolvanen@google.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20210322234438.502582-1-seanjc@google.com
      6a3193cd
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 6905b1dc
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "It's a bit larger than I (and probably you) would like by the time we
        get to -rc6, but perhaps not entirely unexpected since the changes in
        the last merge window were larger than usual.
      
        x86:
         - Fixes for missing TLB flushes with TDP MMU
      
         - Fixes for race conditions in nested SVM
      
         - Fixes for lockdep splat with Xen emulation
      
         - Fix for kvmclock underflow
      
         - Fix srcdir != builddir builds
      
         - Other small cleanups
      
        ARM:
         - Fix GICv3 MMIO compatibility probing
      
         - Prevent guests from using the ARMv8.4 self-hosted tracing
           extension"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        selftests: kvm: Check that TSC page value is small after KVM_SET_CLOCK(0)
        KVM: x86: Prevent 'hv_clock->system_time' from going negative in kvm_guest_time_update()
        KVM: x86: disable interrupts while pvclock_gtod_sync_lock is taken
        KVM: x86: reduce pvclock_gtod_sync_lock critical sections
        KVM: SVM: ensure that EFER.SVME is set when running nested guest or on nested vmexit
        KVM: SVM: load control fields from VMCB12 before checking them
        KVM: x86/mmu: Don't allow TDP MMU to yield when recovering NX pages
        KVM: x86/mmu: Ensure TLBs are flushed for TDP MMU during NX zapping
        KVM: x86/mmu: Ensure TLBs are flushed when yielding during GFN range zap
        KVM: make: Fix out-of-source module builds
        selftests: kvm: make hardware_disable_test less verbose
        KVM: x86/vPMU: Forbid writing to MSR_F15H_PERF MSRs when guest doesn't have X86_FEATURE_PERFCTR_CORE
        KVM: x86: remove unused declaration of kvm_write_tsc()
        KVM: clean up the unused argument
        tools/kvm_stat: Add restart delay
        KVM: arm64: Fix CPU interface MMIO compatibility detection
        KVM: arm64: Disable guest access to trace filter controls
        KVM: arm64: Hide system instruction access to Trace registers
      6905b1dc
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-04-02' of git://anongit.freedesktop.org/drm/drm · a80314c3
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Things have settled down in time for Easter, a random smattering of
        small fixes across a few drivers.
      
        I'm guessing though there might be some i915 and misc fixes out there
        I haven't gotten yet, but since today is a public holiday here, I'm
        sending this early so I can have the day off, I'll see if more
        requests come in and decide what to do with them later.
      
        amdgpu:
         - Polaris idle power fix
         - VM fix
         - Vangogh S3 fix
         - Fixes for non-4K page sizes
      
        amdkfd:
         - dqm fence memory corruption fix
      
        tegra:
         - lockdep warning fix
         - runtine PM reference fix
         - display controller fix
         - PLL Fix
      
        imx:
         - memory leak in error path fix
         - LDB driver channel registration fix
         - oob array warning in LDB driver
      
        exynos
         - unused header file removal"
      
      * tag 'drm-fixes-2021-04-02' of git://anongit.freedesktop.org/drm/drm:
        drm/amdgpu: check alignment on CPU page for bo map
        drm/amdgpu: Set a suitable dev_info.gart_page_size
        drm/amdgpu/vangogh: don't check for dpm in is_dpm_running when in suspend
        drm/amdkfd: dqm fence memory corruption
        drm/tegra: sor: Grab runtime PM reference across reset
        drm/tegra: dc: Restore coupling of display controllers
        gpu: host1x: Use different lock classes for each client
        drm/tegra: dc: Don't set PLL clock to 0Hz
        drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
        drm/amd/pm: no need to force MCLK to highest when no display connected
        drm/exynos/decon5433: Remove the unused include statements
        drm/imx: imx-ldb: fix out of bounds array access warning
        drm/imx: imx-ldb: Register LDB channel1 when it is the only channel to be used
        drm/imx: fix memory leak when fails to init
      a80314c3
    • Dave Airlie's avatar
      Merge tag 'imx-drm-fixes-2021-04-01' of git://git.pengutronix.de/git/pza/linux into drm-fixes · 6fdb8e5a
      Dave Airlie authored
      
      
      drm/imx: imx-drm-core and imx-ldb fixes
      
      Fix a memory leak in an error path during DRM device initialization,
      fix the LDB driver to register channel 1 even if channel 0 is unused,
      and fix an out of bounds array access warning in the LDB driver.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Philipp Zabel <p.zabel@pengutronix.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/20210401092235.GA13586@pengutronix.de
      6fdb8e5a
    • Dave Airlie's avatar
      Merge tag 'drm/tegra/for-5.12-rc6' of ssh://git.freedesktop.org/git/tegra/linux into drm-fixes · a0497251
      Dave Airlie authored
      
      
      drm/tegra: Fixes for v5.12-rc6
      
      This contains a couple of fixes for various issues such as lockdep
      warnings, runtime PM references, coupled display controllers and
      misconfigured PLLs.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thierry Reding <thierry.reding@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20210401163352.3348296-1-thierry.reding@gmail.com
      a0497251
    • Steven Rostedt (VMware)'s avatar
      tracing: Fix stack trace event size · 9deb193a
      Steven Rostedt (VMware) authored
      Commit cbc3b92c fixed an issue to modify the macros of the stack trace
      event so that user space could parse it properly. Originally the stack
      trace format to user space showed that the called stack was a dynamic
      array. But it is not actually a dynamic array, in the way that other
      dynamic event arrays worked, and this broke user space parsing for it. The
      update was to make the array look to have 8 entries in it. Helper
      functions were added to make it parse it correctly, as the stack was
      dynamic, but was determined by the size of the event stored.
      
      Although this fixed user space on how it read the event, it changed the
      internal structure used for the stack trace event. It changed the array
      size from [0] to [8] (added 8 entries). This increased the size of the
      stack trace event by 8 words. The size reserved on the ring buffer was the
      size of the stack trace event plus the number of stack entries found in
      the stack trace. That commit caused the amount to be 8 more than what was
      needed because it did not expect the caller field to have any size. This
      produced 8 entries of garbage (and reading random data) from the stack
      trace event:
      
                <idle>-0       [002] d... 1976396.837549: <stack trace>
       => trace_event_raw_event_sched_switch
       => __traceiter_sched_switch
       => __schedule
       => schedule_idle
       => do_idle
       => cpu_startup_entry
       => secondary_startup_64_no_verify
       => 0xc8c5e150ffff93de
       => 0xffff93de
       => 0
       => 0
       => 0xc8c5e17800000000
       => 0x1f30affff93de
       => 0x00000004
       => 0x200000000
      
      Instead, subtract the size of the caller field from the size of the event
      to make sure that only the amount needed to store the stack trace is
      reserved.
      
      Link: https://lore.kernel.org/lkml/your-ad-here.call-01617191565-ext-9692@work.hours/
      
      Cc: stable@vger.kernel.org
      Fixes: cbc3b92c
      
       ("tracing: Set kernel_stack's caller size properly")
      Reported-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Tested-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Acked-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      9deb193a
    • Linus Torvalds's avatar
      Merge tag 'sound-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · ffd9fb54
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Things seem calming down, only usual device-specific fixes for
        HD-audio and USB-audio at this time"
      
      * tag 'sound-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8
        ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks
        ALSA: hda: Re-add dropped snd_poewr_change_state() calls
        ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
        ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
        ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
      ffd9fb54