git.somdevices.com Git - linux.git/log

MGS-6145 [#imx-2455] fix the QueryIdle fail when no weston

When GPU hardware become idle, FE address will fall into
last wait-link loop, Wait-link has 2 instructions,
each instruction is 8 bytes, the valid offset is [0, 16],
Original programming is wrong to test FE not in idle
with last wait-link + 16.

Signed-off-by: Jiyu Yang <jiyu.yang@nxp.com>

MLK-25468: seco_mu: hook v2x reset event

after get v2x reset event, return error at read
v2x reset after system enter ks1.

Signed-off-by: Frank Li <Frank.Li@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

Fixed the "vgHardware" case.

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

Move the suspend semaphore inside the suspend/resume routines.

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

The suspend will acquire the global semaphore, and a later gcvPOWER_ON_AUTO
determined by a new commit will wait for global semaphore until a GPU resume
(power ON) release the global semaphore, then the gcvPOWER_ON_AUTO will
continue to run. But during the stress test, the sequence might change.
For example:
1. GPU goes to suspend; if a new commit comes then gcvPOWER_ON_AUTO will
wait for global semaphore.
2. GPU goes to resume, a global power ON will release the global semaphore,
gcvPOWER_ON_AUTO acquire the global semaphore successfully but will release
it by itself because gcvPOWER_ON_AUTO is not a global state and it won't
occupy a global semaphore.
3. The next GPU suspend will also acquire the global semaphore successfully.
As the GPU suspend and gcvPOWER_ON_AUTO are in two threads, there is a certain
probability that suspend is executed first, then gcvPOWER_ON_AUTO, so that the
later GPU stall (from suspend) will occur at the same time with new
commit abd will cause the GPU hang.

Suggested-by: Zhe Pan <Zhe.Pan@verisilicon.com>
Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

Put GPU into suspend instead of idle. Suspend will also disable internal clocks.

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

Remove the unneded hack, I never run into that code and see it really
works.

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

No need to power on during suspend.
1. If the GPU core is already on, then no change performed.
2. If the GPU core is already in idle/suspend/power_off it means the
   Stall has already been done.
   No need to power it on again and put into idle state again.
3. If the GPU core is in idle and we want to put into suspend or
   power_off, that will be handled inside the
   gckHARDWARE_SetPowerState().

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

MGS-6197 [#imx-2532] GPU crash when changing gpu_govern mode

Add gckGALDEVICE_Suspend() and gckGALDEVICE_Resume() to be used by both
gpu_suspend/gpu_resume as well as by gpu_govern_store.
The suspendSemaphore will take care that those are kept running on race.

Signed-off-by: Nicușor Cîțu <nicusor.citu@nxp.com>

LF-3548-2: ASoC: fsl_easrc_m2m: Fix issue with double kfree

The pointer need to be NULL after kfree to avoid kernel dummp
in second kfree for same pointer.

[ 9285.401707] Call trace:
[ 9285.404171] kfree+0x388/0x3fc
[ 9285.407238] fsl_easrc_ioctl+0xf4/0xf80

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Peng Zhang <peng.zhang_8@nxp.com>

LF-3548-1: ASoC: fsl_asrc_m2m: Fix issue with double kfree

The pointer need to be NULL after kfree to avoid kernel dummp
in second kfree for same pointer.

[ 9285.401707] Call trace:
[ 9285.404171] kfree+0x388/0x3fc
[ 9285.407238] fsl_easrc_ioctl+0xf4/0xf80

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Peng Zhang <peng.zhang_8@nxp.com>

LF-3750 [#imx-2544] fix Out-of-bounds access

fix coverity issue CID 12329075 Out-of-bounds access
Signed-off-by: Jiyu Yang <jiyu.yang@nxp.com>

MLK-25465-2: arm64: dts: imx8mn-ddr4-evk: update vdd_soc in suspend to 0.75v

To match with the latest datasheet, besides, correct vdd_soc to buck1
instead of buck2. But this patch should be no any impact since uboot
has already done the same thing. Anyway correct it, since rohm driver
has this ability now and could be indepedent of uboot in the future.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Jacky Bai <ping.bai@nxp.com>

MLK-25465-1: arm64: dts: imx8mn-evk: update vdd_soc in suspend to 0.75v

To match with the latest datasheet, besides, correct vdd_soc to buck1
instead of buck2. But this patch should be no any impact since uboot
has already done the same thing. Anyway correct it, since pca9450 driver
has this ability now and could be indepedent of uboot in the future.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Jacky Bai <ping.bai@nxp.com>

M865SW-742: media: isi: add status checking when open video device

Add ISI stream status checking when user try to open it.

Signed-off-by: Guoniu.zhou <guoniu.zhou@nxp.com>
Reviewed-by: Robby Cai <robby.cai@nxp.com>

MLK-25482: watchdog: imx2_wdt: clear WDOG_HW_RUNNING before suspend

For watchdog_ping_work is not freezable so that it maybe scheduled before
imx2_wdt_resume where watchdog clock is on, hence, kernel will hang in
imx2_wdt_ping with clock disabled, and then watchdog reset happen.
Prevent the above case by clearing WDOG_HW_RUNNING before suspend, and
restore it with ping in imx2_wdt_resume.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Jacky Bai <ping.bai@nxp.com>

LF-2861 media: mx6s_capture: Fix Coverity Issue: 17695 Dereference before null check

Fix dereference before NULL check issue

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2860 media: mxc_capture: Fix Coverity Issue: 17691 Dereference before null check

Fix dereference before NULL check issue

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2859 media: mxc_capture: Fix Coverity Issue: 17678 Dereference before null check

Fix issue for dereference before NULL check

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2858 media: ipu: Fix Coverity Issue: 17676 Dereference before null check

Fix issue for dereference before NULL check

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2856 media: ipu: Fix Coverity Issue: 17672 Dereference before null check

Fixed dereference before NULL check issue

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2855 media: camera: Fix Coverity Issue: 17397 Unsigned compared against 0

remove the comparison against 0 which is not necessary

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2853 media: camera: Fix Coverity Issue: 17391 Unsigned compared against 0

remove the comparison against 0 which is not necessary

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2488 media: mxc_capture: Fix Coverity Issue:11024996 Unchecked return value

Add return value check for fb_set_var

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2088 media: epdc: Fix Coverity Issue:17663 Sizeof not portable

Use sizeof(u32) instead of sizeof(u32 *)

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

LF-2085 media: epdc: Fix Coverity Issue:17286 Unused value

Fixed unused value issue

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed-by: G.n. Zhou <guoniu.zhou@nxp.com>

Merge tag 'v5.10.35' into lf-5.10.y

This is the 5.10.35 stable release

* tag 'v5.10.35': (174 commits)
  Linux 5.10.35
  vfio: Depend on MMU
  perf/core: Fix unconditional security_locked_down() call
  ...

Signed-off-by: Jason Liu <jason.hui.liu@nxp.com>

Linux 5.10.35

Tested-By: Patrick McCormick <pmccormick@digitalocean.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Fox Chen <foxhlchen@gmail.com>
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Jason Self <jason@bluehome.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Hulk Robot <hulkrobot@huawei.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Link: https://lore.kernel.org/r/20210505112326.195493232@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

vfio: Depend on MMU

commit b2b12db53507bc97d96f6b7cb279e831e5eafb00 upstream.

VFIO_IOMMU_TYPE1 does not compile with !MMU:

../drivers/vfio/vfio_iommu_type1.c: In function 'follow_fault_pfn':
../drivers/vfio/vfio_iommu_type1.c:536:22: error: implicit declaration of function 'pte_write'; did you mean 'vfs_write'? [-Werror=implicit-function-declaration]

So require it.

Suggested-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Message-Id: <0-v1-02cb5500df6e+78-vfio_no_mmu_jgg@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf/core: Fix unconditional security_locked_down() call

commit 08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b upstream.

Currently, the lockdown state is queried unconditionally, even though
its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in
attr.sample_type. While that doesn't matter in case of the Lockdown LSM,
it causes trouble with the SELinux's lockdown hook implementation.

SELinux implements the locked_down hook with a check whether the current
task's type has the corresponding "lockdown" class permission
("integrity" or "confidentiality") allowed in the policy. This means
that calling the hook when the access control decision would be ignored
generates a bogus permission check and audit record.

Fix this by checking sample_type first and only calling the hook when
its result would be honored.

Fixes: b0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality mode")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Link: https://lkml.kernel.org/r/20210224215628.192519-1-omosnace@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

platform/x86: thinkpad_acpi: Correct thermal sensor allocation

commit 6759e18e5cd8745a5dfc5726e4a3db5281ec1639 upstream.

On recent Thinkpad platforms it was reported that temp sensor 11 was
always incorrectly displaying 66C. It turns out the reason for this is
that this location in EC RAM is not a temperature sensor but is the
power supply ID (offset 0xC2).

Based on feedback from the Lenovo firmware team the EC RAM version can
be determined and for the current version (3) only the 0x78 to 0x7F
range is used for temp sensors. I don't have any details for earlier
versions so I have left the implementation unaltered there.

Note - in this block only 0x78 and 0x79 are officially designated (CPU &
GPU sensors). The use of the other locations in the block will vary from
platform to platform; but the existing logic to detect a sensor presence
holds.

Signed-off-by: Mark Pearson <markpearson@lenovo.com>
Link: https://lore.kernel.org/r/20210407212015.298222-1-markpearson@lenovo.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: Add reset-resume quirk for WD19's Realtek Hub

commit ca91fd8c7643d93bfc18a6fec1a0d3972a46a18a upstream.

Realtek Hub (0bda:5487) in Dell Dock WD19 sometimes fails to work
after the system resumes from suspend with remote wakeup enabled
device connected:
[ 1947.640907] hub 5-2.3:1.0: hub_ext_port_status failed (err = -71)
[ 1947.641208] usb 5-2.3-port5: cannot disable (err = -71)
[ 1947.641401] hub 5-2.3:1.0: hub_ext_port_status failed (err = -71)
[ 1947.641450] usb 5-2.3-port4: cannot reset (err = -71)

Information of this hub:
T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=480  MxCh= 5
D:  Ver= 2.10 Cls=09(hub  ) Sub=00 Prot=02 MxPS=64 #Cfgs=  1
P:  Vendor=0bda ProdID=5487 Rev= 1.47
S:  Manufacturer=Dell Inc.
S:  Product=Dell dock
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  0mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=01 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   1 Ivl=256ms
I:* If#= 0 Alt= 1 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=02 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   1 Ivl=256ms

The failure results from the ETIMEDOUT by chance when turning on
the suspend feature for the specified port of the hub. The port
seems to be in an unknown state so the hub_activate during resume
fails the hub_port_status, then the hub will fail to work.

The quirky hub needs the reset-resume quirk to function correctly.

Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chris Chiu <chris.chiu@canonical.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210420174651.6202-1-chris.chiu@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet

commit 8f23fe35ff1e5491b4d279323a8209a31f03ae65 upstream.

This is another branded 8153 device that doesn't work well with LPM
enabled:
[ 400.597506] r8152 5-1.1:1.0 enx482ae3a2a6f0: Tx status -71

So disable LPM to resolve the issue.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1922651
Link: https://lore.kernel.org/r/20210412135455.791971-1-kai.heng.feng@canonical.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX

commit 64f40f9be14106e7df0098c427cb60be645bddb7 upstream.

ToneLab EX guitar pedal device requires the same quirk like ToneLab ST
for supporting the MIDI.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=212593
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210407144549.1530-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ovl: allow upperdir inside lowerdir

commit 708fa01597fa002599756bf56a96d0de1677375c upstream.

Commit 146d62e5a586 ("ovl: detect overlapping layers") made sure we don't
have overlapping layers, but it also broke the arguably valid use case of

mount -olowerdir=/,upperdir=/subdir,..

where upperdir overlaps lowerdir on the same filesystem. This has been
causing regressions.

Revert the check, but only for the specific case where upperdir and/or
workdir are subdirectories of lowerdir. Any other overlap (e.g. lowerdir
is subdirectory of upperdir, etc) case is crazy, so leave the check in
place for those.

Overlaps are detected at lookup time too, so reverting the mount time check
should be safe.

Fixes: 146d62e5a586 ("ovl: detect overlapping layers")
Cc: <stable@vger.kernel.org> # v5.2
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ovl: fix leaked dentry

commit eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41 upstream.

Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in
ovl_lookup()"), overlayfs doesn't put temporary dentry when there is a
metacopy error, which leads to dentry leaks when shutting down the related
superblock:

  overlayfs: refusing to follow metacopy origin for (/file0)
  ...
  BUG: Dentry (____ptrval____){i=3f33,n=file3}  still in use (1) [unmount of overlay overlay]
  ...
  WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d
  CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1
  ...
  RIP: 0010:umount_check.cold+0x107/0x14d
  ...
  Call Trace:
   d_walk+0x28c/0x950
   ? dentry_lru_isolate+0x2b0/0x2b0
   ? __kasan_slab_free+0x12/0x20
   do_one_tree+0x33/0x60
   shrink_dcache_for_umount+0x78/0x1d0
   generic_shutdown_super+0x70/0x440
   kill_anon_super+0x3e/0x70
   deactivate_locked_super+0xc4/0x160
   deactivate_super+0xfa/0x140
   cleanup_mnt+0x22e/0x370
   __cleanup_mnt+0x1a/0x30
   task_work_run+0x139/0x210
   do_exit+0xb0c/0x2820
   ? __kasan_check_read+0x1d/0x30
   ? find_held_lock+0x35/0x160
   ? lock_release+0x1b6/0x660
   ? mm_update_next_owner+0xa20/0xa20
   ? reacquire_held_locks+0x3f0/0x3f0
   ? __sanitizer_cov_trace_const_cmp4+0x22/0x30
   do_group_exit+0x135/0x380
   __do_sys_exit_group.isra.0+0x20/0x20
   __x64_sys_exit_group+0x3c/0x50
   do_syscall_64+0x45/0x70
   entry_SYSCALL_64_after_hwframe+0x44/0xae
  ...
  VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds.  Have a nice day...

This fix has been tested with a syzkaller reproducer.

Cc: Amir Goldstein <amir73il@gmail.com>
Cc: <stable@vger.kernel.org> # v5.8+
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()")
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210329164907.2133175-1-mic@digikod.net
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

nvme-pci: set min_align_mask

commit: 3d2d861eb03e8ee96dc430a54361c900cbe28afd

The PRP addressing scheme requires all PRP entries except for the
first one to have a zero offset into the NVMe controller pages (which
can be different from the Linux PAGE_SIZE). Use the min_align_mask
device parameter to ensure that swiotlb does not change the address
of the buffer modulo the device page size to ensure that the PRPs
won't be malformed.

Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: respect min_align_mask

commit: 1f221a0d0dbf0e48ef3a9c62871281d6a7819f05

swiotlb: respect min_align_mask

Respect the min_align_mask in struct device_dma_parameters in swiotlb.

There are two parts to it:
1) for the lower bits of the alignment inside the io tlb slot, just
    extent the size of the allocation and leave the start of the slot
     empty
2) for the high bits ensure we find a slot that matches the high bits
    of the alignment to avoid wasting too much memory

Based on an earlier patch from Jianxiong Gao <jxgao@google.com>.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single

commit: 16fc3cef33a04632ab6b31758abdd77563a20759

swiotlb_tbl_map_single currently nevers sets a tlb_addr that is not
aligned to the tlb bucket size. But we're going to add such a case
soon, for which this adjustment would be bogus.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: refactor swiotlb_tbl_map_single

commit: 26a7e094783d482f3e125f09945a5bb1d867b2e6

Split out a bunch of a self-contained helpers to make the function easier
to follow.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: clean up swiotlb_tbl_unmap_single

commit: ca10d0f8e530600ec63c603dbace2c30927d70b7

swiotlb: clean up swiotlb_tbl_unmap_single

Remove a layer of pointless indentation, replace a hard to follow
ternary expression with a plain if/else.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: factor out a nr_slots helper

commit: c32a77fd18780a5192dfb6eec69f239faebf28fd

Factor out a helper to find the number of slots for a given size.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: factor out an io_tlb_offset helper

commit: c7fbeca757fe74135d8b6a4c8ddaef76f5775d68

Replace the very genericly named OFFSET macro with a little inline
helper that hardcodes the alignment to the only value ever passed.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

swiotlb: add a IO_TLB_SIZE define

commit: b5d7ccb7aac3895c2138fe0980a109116ce15eff

Add a new IO_TLB_SIZE define instead open coding it using
IO_TLB_SHIFT all over.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Jianxiong Gao <jxgao@google.com>
Tested-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

driver core: add a min_align_mask field to struct device_dma_parameters

commit: 36950f2da1ea4cb683be174f6f581e25b2d33e71

Some devices rely on the address offset in a page to function
correctly (NVMe driver as an example). These devices may use
a different page size than the Linux kernel. The address offset
has to be preserved upon mapping, and in order to do so, we
need to record the page_offset_mask first.

Signed-off-by: Jianxiong Gao <jxgao@google.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tools/cgroup/slabinfo.py: updated to work on current kernel

[ Upstream commit 1974c45dd7745e999b9387be3d8fdcb27a5b1721 ]

slabinfo.py script does not work with actual kernel version.

First, it was unable to recognise SLUB susbsytem, and when I specified
it manually it failed again with

  AttributeError: 'struct page' has no member 'obj_cgroups'

.. and then again with

  File "tools/cgroup/memcg_slabinfo.py", line 221, in main
    memcg.kmem_caches.address_of_(),
  AttributeError: 'struct mem_cgroup' has no member 'kmem_caches'

Link: https://lkml.kernel.org/r/cec1a75e-43b4-3d64-2084-d9f98fda037f@virtuozzo.com
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Tested-by: Roman Gushchin <guro@fb.com>
Acked-by: Roman Gushchin <guro@fb.com>
Cc: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

perf ftrace: Fix access to pid in array when setting a pid filter

[ Upstream commit 671b60cb6a897a5b3832fe57657152f2c3995e25 ]

Command 'perf ftrace -v -- ls' fails in s390 (at least 5.12.0rc6).

The root cause is a missing pointer dereference which causes an
array element address to be used as PID.

Fix this by extracting the PID.

Output before:
  # ./perf ftrace -v -- ls
  function_graph tracer is used
  write '-263732416' to tracing/set_ftrace_pid failed: Invalid argument
  failed to set ftrace pid
  #

Output after:
   ./perf ftrace -v -- ls
   function_graph tracer is used
   # tracer: function_graph
   #
   # CPU  DURATION                  FUNCTION CALLS
   # |     |   |                     |   |   |   |
   4)               |  rcu_read_lock_sched_held() {
   4)   0.552 us    |    rcu_lockdep_current_cpu_online();
   4)   6.124 us    |  }

Reported-by: Alexander Schmidt <alexschm@de.ibm.com>
Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Heiko Carstens <hca@linux.ibm.com>
Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Link: http://lore.kernel.org/lkml/20210421120400.2126433-1-tmricht@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

capabilities: require CAP_SETFCAP to map uid 0

[ Upstream commit db2e718a47984b9d71ed890eb2ea36ecf150de18 ]

cap_setfcap is required to create file capabilities.

Since commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities"),
a process running as uid 0 but without cap_setfcap is able to work
around this as follows: unshare a new user namespace which maps parent
uid 0 into the child namespace.

While this task will not have new capabilities against the parent
namespace, there is a loophole due to the way namespaced file
capabilities are represented as xattrs.  File capabilities valid in
userns 1 are distinguished from file capabilities valid in userns 2 by
the kuid which underlies uid 0.  Therefore the restricted root process
can unshare a new self-mapping namespace, add a namespaced file
capability onto a file, then use that file capability in the parent
namespace.

To prevent that, do not allow mapping parent uid 0 if the process which
opened the uid_map file does not have CAP_SETFCAP, which is the
capability for setting file capabilities.

As a further wrinkle: a task can unshare its user namespace, then open
its uid_map file itself, and map (only) its own uid.  In this case we do
not have the credential from before unshare, which was potentially more
restricted.  So, when creating a user namespace, we record whether the
creator had CAP_SETFCAP.  Then we can use that during map_write().

With this patch:

1. Unprivileged user can still unshare -Ur

   ubuntu@caps:~$ unshare -Ur
   root@caps:~# logout

2. Root user can still unshare -Ur

   ubuntu@caps:~$ sudo bash
   root@caps:/home/ubuntu# unshare -Ur
   root@caps:/home/ubuntu# logout

3. Root user without CAP_SETFCAP cannot unshare -Ur:

   root@caps:/home/ubuntu# /sbin/capsh --drop=cap_setfcap --
   root@caps:/home/ubuntu# /sbin/setcap cap_setfcap=p /sbin/setcap
   unable to set CAP_SETFCAP effective capability: Operation not permitted
   root@caps:/home/ubuntu# unshare -Ur
   unshare: write failed /proc/self/uid_map: Operation not permitted

Note: an alternative solution would be to allow uid 0 mappings by
processes without CAP_SETFCAP, but to prevent such a namespace from
writing any file capabilities.  This approach can be seen at [1].

Background history: commit 95ebabde382 ("capabilities: Don't allow
writing ambiguous v3 file capabilities") tried to fix the issue by
preventing v3 fscaps to be written to disk when the root uid would map
to the same uid in nested user namespaces.  This led to regressions for
various workloads.  For example, see [2].  Ultimately this is a valid
use-case we have to support meaning we had to revert this change in
3b0c2d3eaa83 ("Revert 95ebabde382c ("capabilities: Don't allow writing
ambiguous v3 file capabilities")").

Link: https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=2021-04-15/setfcap-nsfscaps-v4
Link: https://github.com/containers/buildah/issues/3071
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Andrew G. Morgan <morgan@kernel.org>
Tested-by: Christian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

perf data: Fix error return code in perf_data__create_dir()

[ Upstream commit f2211881e737cade55e0ee07cf6a26d91a35a6fe ]

Although 'ret' has been initialized to -1, but it will be reassigned by
the "ret = open(...)" statement in the for loop. So that, the value of
'ret' is unknown when asprintf() failed.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210415083417.3740-1-thunder.leizhen@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

net: qrtr: Avoid potential use after free in MHI send

commit 47a017f33943278570c072bc71681809b2567b3a upstream.

It is possible that the MHI ul_callback will be invoked immediately
following the queueing of the skb for transmission, leading to the
callback decrementing the refcount of the associated sk and freeing the
skb.

As such the dereference of skb and the increment of the sk refcount must
happen before the skb is queued, to avoid the skb to be used after free
and potentially the sk to drop its last refcount..

Fixes: 6e728f321393 ("net: qrtr: Add MHI transport layer")
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

bpf: Fix leakage of uninitialized bpf stack under speculation

commit 801c6058d14a82179a7ee17a4b532cac6fad067f upstream.

The current implemented mechanisms to mitigate data disclosure under
speculation mainly address stack and map value oob access from the
speculative domain. However, Piotr discovered that uninitialized BPF
stack is not protected yet, and thus old data from the kernel stack,
potentially including addresses of kernel structures, could still be
extracted from that 512 bytes large window. The BPF stack is special
compared to map values since it's not zero initialized for every
program invocation, whereas map values /are/ zero initialized upon
their initial allocation and thus cannot leak any prior data in either
domain. In the non-speculative domain, the verifier ensures that every
stack slot read must have a prior stack slot write by the BPF program
to avoid such data leaking issue.

However, this is not enough: for example, when the pointer arithmetic
operation moves the stack pointer from the last valid stack offset to
the first valid offset, the sanitation logic allows for any intermediate
offsets during speculative execution, which could then be used to
extract any restricted stack content via side-channel.

Given for unprivileged stack pointer arithmetic the use of unknown
but bounded scalars is generally forbidden, we can simply turn the
register-based arithmetic operation into an immediate-based arithmetic
operation without the need for masking. This also gives the benefit
of reducing the needed instructions for the operation. Given after
the work in 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic
mask"), the aux->alu_limit already holds the final immediate value for
the offset register with the known scalar. Thus, a simple mov of the
immediate to AX register with using AX as the source for the original
instruction is sufficient and possible now in this case.

Reported-by: Piotr Krysiuk <piotras@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

bpf: Fix masking negation logic upon negative dst register

commit b9b34ddbe2076ade359cd5ce7537d5ed019e9807 upstream.

The negation logic for the case where the off_reg is sitting in the
dst register is not correct given then we cannot just invert the add
to a sub or vice versa. As a fix, perform the final bitwise and-op
unconditionally into AX from the off_reg, then move the pointer from
the src to dst and finally use AX as the source for the original
pointer arithmetic operation such that the inversion yields a correct
result. The single non-AX mov in between is possible given constant
blinding is retaining it as it's not an immediate based operation.

Fixes: 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

igb: Enable RSS for Intel I211 Ethernet Controller

commit 6e6026f2dd2005844fb35c3911e8083c09952c6c upstream.

The Intel I211 Ethernet Controller supports 2 Receive Side Scaling (RSS)
queues. It should not be excluded from having this feature enabled.

Via commit c883de9fd787 ("igb: rename igb define to be more generic")
E1000_MRQC_ENABLE_RSS_4Q was renamed to E1000_MRQC_ENABLE_RSS_MQ to
indicate that this is a generic bit flag to enable queues and not
a flag that is specific to devices that support 4 queues

The bit flag enables 2, 4 or 8 queues appropriately depending on the part.

Tested with a multicore CPU and frames were then distributed as expected.

This issue appears to have been introduced because of confusion caused
by the prior name.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Tested-by: David Switzer <david.switzer@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net: usb: ax88179_178a: initialize local variables before use

commit bd78980be1a68d14524c51c4b4170782fada622b upstream.

Use memset to initialize local array in drivers/net/usb/ax88179_178a.c, and
also set a local u16 and u32 variable to 0. Fixes a KMSAN found uninit-value bug
reported by syzbot at:
https://syzkaller.appspot.com/bug?id=00371c73c72f72487c1d0bfe0cc9d00de339d5aa

Reported-by: syzbot+4993e4a0e237f1b53747@syzkaller.appspotmail.com
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

netfilter: conntrack: Make global sysctls readonly in non-init netns

commit 2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 upstream.

These sysctls point to global variables:
- NF_SYSCTL_CT_MAX (&nf_conntrack_max)
- NF_SYSCTL_CT_EXPECT_MAX (&nf_ct_expect_max)
- NF_SYSCTL_CT_BUCKETS (&nf_conntrack_htable_size_user)

Because their data pointers are not updated to point to per-netns
structures, they must be marked read-only in a non-init_net ns.
Otherwise, changes in any net namespace are reflected in (leaked into)
all other net namespaces. This problem has existed since the
introduction of net namespaces.

The current logic marks them read-only only if the net namespace is
owned by an unprivileged user (other than init_user_ns).

Commit d0febd81ae77 ("netfilter: conntrack: re-visit sysctls in
unprivileged namespaces") "exposes all sysctls even if the namespace is
unpriviliged." Since we need to mark them readonly in any case, we can
forego the unprivileged user check altogether.

Fixes: d0febd81ae77 ("netfilter: conntrack: re-visit sysctls in unprivileged namespaces")
Signed-off-by: Jonathon Reinhart <Jonathon.Reinhart@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mips: Do not include hi and lo in clobber list for R6

commit 1d7ba0165d8206ac073f7ac3b14fc0836b66eae7 upstream.

From [1]
"GCC 10 (PR 91233) won't silently allow registers that are not
architecturally available to be present in the clobber list anymore,
resulting in build failure for mips*r6 targets in form of:
...
.../sysdep.h:146:2: error: the register ‘lo’ cannot be clobbered in ‘asm’ for the current target
146 | __asm__ volatile ( \
| ^~~~~~~

This is because base R6 ISA doesn't define hi and lo registers w/o DSP
extension. This patch provides the alternative clobber list for r6 targets
that won't include those registers."

Since kernel 5.4 and mips support for generic vDSO [2], the kernel fail to
build for mips r6 cpus with gcc 10 for the same reason as glibc.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=020b2a97bb15f807c0482f0faee2184ed05bcad8
[2] '24640f233b46 ("mips: Add support for generic vDSO")'

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

MLK-23277: 8qm: Fix SW workaround for i.MX8QM TKT340553

Current workaround is looping uselessly on the address
range doing a _tlbi(vmalle1is) which is harmful for
the system performance and buggy as the instruction is
flushing the entire TLB and there is no benefit of
redoing it more than once. Also fix missing barriers.

Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
Signed-off-by: Marouen Ghodhbane <marouen.ghodhbane@nxp.com>
Reviewed-by: Jason Liu <jason.hui.liu@nxp.com>

MA-18519 drm/imx: lcdifv3: Enable axi clock before access register

Without axi clock, lcdif register access will cause system hang.
This issue happens when this driver built as module.

Signed-off-by: Jindong Yue <jindong.yue@nxp.com>
Reviewed-by: Sandor Yu <Sandor.yu@nxp.com>

MLK-25314 arm64: imx8dxl: add all lpspi nodes

Add lpspi1 definition.
Add the missing lpspi0~2 interrupt definitions for imx8dxl.

Signed-off-by: pferrao <pedro.ferrao@strypes.pt>
Signed-off-by: Clark Wang <xiaoning.wang@nxp.com>
Reviewed-by: Han Xu <han.xu@nxp.com>

MLK-25382: arm64: dts: fix the wrong pinctrl pad settings for lpspi

Correct the pad settings, the bit 2,3 should be reserved.

Signed-off-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Clark Wang <xiaoning.wang@nxp.com>

LF-2090: spi: spi-fsl-qspi: fix dereference null return value issue

dereference null return value issue found by coverity, #18373, CWE-476.
Check if variable res is null first to fix the issue.

Signed-off-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Frank Li <frank.li@nxp.com>

LF-3626: mtd: nand: gpmi: fix the explicit null dereference issue

A potiential null pointer dereference issue may occur in
gpmi_nfc_exec_op(), found by coverity, CID 9000785.

In the for loop, if loop continues in NAND_OP_CMD_INSTR case, the desc
pointer may leave as null, so move the pointer sanity check outside the
loop.

Signed-off-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Frank Li <frank.li@nxp.com>

LF-3622: mtd: nand: gpmi: fix the unintentional integer overflow issue

cast the variable from int to loff_t to avoid potential overflow issue,
reported by coverity. CID 17332.

Signed-off-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Frank Li <frank.li@nxp.com>

MPSDK-172 remoteproc: imx_rproc: Re-building communication channels when a remote crashes

When the crash of a remote proc is detected, the physical communication
channels may get corrupted or reset, and it will impact the subsequent
transfers of rpmsg message. So the communication channels should be
re-built when a remote crash is detected.

Signed-off-by: Shenwei Wang <shenwei.wang@nxp.com>
Reviewed-by: Frank Li <frank.li@nxp.com>

Linux 5.10.34

Tested-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Fox Chen <foxhlchen@gmail.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20210430141910.693887691@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mei: me: add Alder Lake P device id.

commit 0df74278faedf20f9696bf2755cf0ce34afa4c3a upstream.

Add Alder Lake P device ID.

Cc: <stable@vger.kernel.org>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Link: https://lore.kernel.org/r/20210414045200.3498241-1-tomas.winkler@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()

commit e7020bb068d8be50a92f48e36b236a1a1ef9282e upstream.

Analogically to what we did in 2800aadc18a6 ("iwlwifi: Fix softirq/hardirq
disabling in iwl_pcie_enqueue_hcmd()"), we must apply the same fix to
iwl_pcie_gen2_enqueue_hcmd(), as it's being called from exactly the same
contexts.

Reported-by: Heiner Kallweit <hkallweit1@gmail.com
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2104171112390.18270@cbobk.fhfr.pm
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

dpaa2-mac: remove erroneous symlink

Remove a symlink which was left in the tree by mistake.

Fixes: 64e7f931c2ae ("dpaa2-mac: probe standalone DPMAC objects")
Reported-by: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>

dpaa2-mac: fix unused label warning

When the CONFIG_FSL_DPAA2_MAC_NETDEVS Kconfig is not enabled, the
free_netdev label is not used, thus a warning is generated.
Fix this by moving the label under the #ifdef Kconfig.

Fixes: 64e7f931c2ae ("dpaa2-mac: probe standalone DPMAC objects")
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>

LF-3724-9: ASoC: fsl_sai: Set proper burst size for multi-fifo case

multi fifo sdma script needs the maxburst = words_per_fifo * pins
And the update the watermark level accordingly.

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

LF-3756-3: ASoC: fsl_ssi: switch back to imx-pcm-dma

Switch back to imx-pcm-dma,as the power control is handled
by dma driver already, the special imx-pcm-dma-v2 can be dropped

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

LF-3756-2: ASoC: fsl_micfil: switch back to imx-pcm-dma

switch back to imx-pcm-dma, as the power control is handled
by dma driver already, the special imx-pcm-dma-v2 can be dropped

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

LF-3756-1: ASoC: fsl_xcvr: Switch back to imx-pcm-dma

Switch back to imx-pcm-dma, as the power control is handled
by dma driver already, the special imx-pcm-dma-v2 can be dropped.

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

Revert "MLK-23906-2: ASoC: fsl_aud2htx: Switch to imx-pcm-dma-v2"

This reverts commit f6625709b86e35165e833bd8d56974e2d468a5a2.

imx-pcm-dma v2 is not needed because power enablement flow is
changed in dma driver, so switch back to imx-pcm-dma

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

Revert "LF-601-1: ASoC: fsl_esai: Switch to imx-pcm-dma-v2"

This reverts commit 9a96d4da3a5354b357e4a10dac91b8cbeeab17b7.

imx-pcm-dma v2 is not needed because power enablement flow is
changed in dma driver, so switch back to imx-pcm-dma

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

Revert "LF-601-2: ASoC: fsl_esai: add chan_name for dma_params"

This reverts commit 264bc03866dd204e111ad9634af9f0245a69512c.

imx-pcm-dma v2 is not needed because power enablement flow is
changed in dma driver, so switch back to imx-pcm-dma

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

Revert "ASoC: fsl: add imx-pcm-dma v2 platform driver (part 2)"

This reverts commit 035ebd96faf8ed8ed74fd18c61d7e469f5277a3f.

imx-pcm-dma v2 is not needed because power enablement flow is
changed in dma driver, so switch back to imx-pcm-dma

Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Robin Gong <yibin.gong@nxp.com>

MLK-25473-5: dmaengine: imx-sdma: change to sdma_load_script in resume

Change to sdma_load_script instead of sdma_get_firmware to load firmware.
Otherwise, below warning log may come out during suspend/resume:

[ 3199.782909] imx-sdma 30e10000.dma-controller: firmware found.
[ 3199.788740] imx-sdma 30e10000.dma-controller: failed to load firmware

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>

MLK-25473-4: dmaengine: imx-sdma: fix kernel hang at spi probe

spi driver would request dma channel and free dma channel if -EPROBE_DEFER
happen after request dma channel, then kernel hang in free dma channel
since sdma hardware not initialized including clock. Directly ignore to
touch any hardware in this case.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>

MLK-25473-3 dmaengine: imx-sdma: split request firmware from runtime

split request_firmware from sdma_runtime_resume, because in nfs case,
request_firmware may trigger sleep which cause kernel below complain during
runtime_get_sync in atmoic case like audio record. Actually, only one time
for request_firmware after kernel boot, split it from runtime resume and
only load_scripts instead 'request_firmware + load_script'.

[   63.115924] BUG: scheduling while atomic: arecord/613/0x00000002
[   63.121970] Modules linked in:
[   63.125031] CPU: 3 PID: 613 Comm: arecord Not tainted 5.10.31-104197-ged911ffb5e2f #339
[   63.133033] Hardware name: NXP i.MX8MPlus EVK board (DT)
[   63.138343] Call trace:
[   63.140795]  dump_backtrace+0x0/0x1c8
[   63.144458]  show_stack+0x14/0x60
[   63.147775]  dump_stack+0xd0/0x128
[   63.151178]  __schedule_bug+0x54/0x78
[   63.154843]  __schedule+0x5c8/0x690
[   63.158332]  schedule+0x6c/0x108
[   63.161560]  rpc_wait_bit_killable+0x24/0xa8
[   63.165831]  __wait_on_bit+0xa4/0xe0
[   63.169405]  out_of_line_wait_on_bit+0x8c/0xb0
[   63.173848]  __rpc_execute+0x138/0x338
[   63.177596]  rpc_execute+0x88/0xa8
[   63.180998]  rpc_run_task+0x154/0x1a8
[   63.184661]  rpc_call_sync+0x54/0xa8
[   63.188239]  nfs3_rpc_wrapper+0x50/0xd0
[   63.192074]  nfs3_proc_access+0x7c/0xe0
[   63.195910]  nfs_do_access+0xa0/0x1b8
[   63.199571]  nfs_permission+0xac/0x1b0
[   63.203321]  inode_permission+0xdc/0x170
[   63.207243]  link_path_walk+0x1f4/0x350
[   63.211078]  path_openat+0x80/0xd50
[   63.214565]  do_file_open_root+0xa4/0x150
[   63.218576]  file_open_root+0xf4/0x178
[   63.222326]  kernel_read_file_from_path_initns+0xb0/0x138
[   63.227726]  _request_firmware+0x39c/0x588
[   63.231821]  request_firmware+0x44/0x68
[   63.235659]  sdma_runtime_resume+0x1a0/0x280
[   63.239929]  pm_generic_runtime_resume+0x28/0x40
[   63.244546]  __genpd_runtime_resume+0x2c/0x80
[   63.248902]  genpd_runtime_resume+0x130/0x1e8
[   63.253260]  __rpm_callback+0xd8/0x150
[   63.257008]  rpm_callback+0x24/0x98
[   63.260498]  rpm_resume+0x338/0x4b0
[   63.263986]  __pm_runtime_resume+0x38/0x88
[   63.268082]  sdma_prep_dma_cyclic+0x264/0x290

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>

MLK-25473-2: dmaengine: imx-sdma: enlarge the autosuspend time

For the largest period size 64KB, the dma transfer time is about 8 sec.
Enlarge it for auto suspend timeout value.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>

MLK-25473-1 dmaengine: imx-sdma: Revert "MLK-25465-6 dmaengine: imx-sdma: fix the long dma transfer timing grater than 2s"

This reverts commit ec4de359d4a2bafa24b8078dce4c9979a477de39.
pm_runtime_forbid/pm_runtime_allow may cause the next running dma channel
stopped(runtime_suspend) after the last channel terminated, because all
channel share the same pm_runtime. Revert it to use autosuspend and
increase the autosuspend delay to 8s instead.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>

LF-3705-2: caam: imx8m: change to use of_match_node in run_descriptor_deco0

LF-3705-1 provides imx8m_machine_match to match i.MX8M{Q,M,N,P}, so
change to use to of_match_node which can simplify the code.

Signed-off-by: Alice Guo <alice.guo@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>

LF-3705-1: caam: imx8m: fix the built-in caam driver cannot match soc_id

drivers/soc/imx/soc-imx8m.c is probed later than the caam driver so that
return -EPROBE_DEFER is needed after calling soc_device_match() in
drivers/crypto/caam/ctrl.c. For i.MX8M, soc_device_match returning NULL
can be considered that the SoC device has not been probed yet, so it
returns -EPROBE_DEFER directly.

Fixes: 6375d33dce9a ("soc: imx8m: change to use platform driver")
Signed-off-by: Alice Guo <alice.guo@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>

LF-3760 media: csi: fill in colorspace

filling in colorspace, this also fixed v4l2 compliance test issue.

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed by: G.n. Zhou <guoniu.zhou@nxp.com>

net: enetc: fix link error again

A link time bug that I had fixed before has come back now that
another sub-module was added to the enetc driver:

ERROR: modpost: "enetc_ierb_register_pf" [drivers/net/ethernet/freescale/enetc/fsl-enetc.ko] undefined!

The problem is that the enetc Makefile is not actually used for
the ierb module if that is the only built-in driver in there
and everything else is a loadable module.

Fix it by always entering the directory this time, regardless
of which symbols are configured. This should reliably fix the
problem and prevent it from coming back another time.

Fixes: 112463ddbe82 ("net: dsa: felix: fix link error")
Fixes: e7d48e5fbf30 ("net: enetc: add a mini driver for the Integrated Endpoint Register Block")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 74c97ea3b61e4ce149444f904ee8d4fc7073505b)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

net: enetc: automatically select IERB module

Now that enetc supports flow control we have to make sure the settings in
the IERB are correct. Therefore, we actually depend on the enetc-ierb
module. Previously it was possible that this module was disabled while the
enetc was enabled. Fix it by automatically select the enetc-ierb module.

Fixes: e7d48e5fbf30 ("net: enetc: add a mini driver for the Integrated Endpoint Register Block")
Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 1b8caefaf4f063fdc43e4078384d38ce96147b35)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

net: enetc: add support for flow control

In the ENETC receive path, a frame received by the MAC is first stored
in a 256KB 'FIFO' memory, then transferred to DRAM when enqueuing it to
the RX ring. The FIFO is a shared resource for all ENETC ports, but
every port keeps track of its own memory utilization, on RX and on TX.

There is a setting for RX rings through which they can either operate in
'lossy' mode (where the lack of a free buffer causes an immediate
discard of the frame) or in 'lossless' mode (where the lack of a free
buffer in the ring makes the frame stay longer in the FIFO).

In turn, when the memory utilization of the FIFO exceeds a certain
margin, the MAC can be configured to emit PAUSE frames.

There is enough FIFO memory to buffer up to 3 MTU-sized frames per RX
port while not jeopardizing the other use cases (jumbo frames), and
also not consume bytes from the port TX allocations. Also, 3 MTU-sized
frames worth of memory is enough to ensure zero loss for 64 byte packets
at 1G line rate.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit a8648887880f90137f0893aeb1a0abef30858c01)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

arm64: dts: ls1028a: declare the Integrated Endpoint Register Block node

Add a node describing the address in the SoC memory space for the IERB.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit b764dc6cc1ba8b82d844bbcfe97e1d432a2dca5b)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

net: enetc: add a mini driver for the Integrated Endpoint Register Block

The NXP ENETC is a 4-port Ethernet controller which 'smells' to
operating systems like 4 distinct PCIe PFs with SR-IOV, each PF having
its own driver instance, but in fact there are some hardware resources
which are shared between all ports, like for example the 256 KB SRAM
FIFO between the MACs and the Host Transfer Agent which DMAs frames to
DRAM.

To hide the stuff that cannot be neatly exposed per port, the hardware
designers came up with this idea of having a dedicated register block
which is supposed to be populated by the bootloader, and contains
everything configuration-related: MAC addresses, FIFO partitioning, etc.

When a port is reset using PCIe Function Level Reset, its defaults are
transferred from the IERB configuration. Most of the time, the settings
made through the IERB are read-only in the port's memory space (if they
are even visible), so they cannot be modified at runtime.

Linux doesn't have any advanced FIFO partitioning requirements at all,
but when reading through the hardware manual, it became clear that, even
though there are many good 'recommendations' for default values, many of
them were not actually put in practice on LS1028A. So we end up with a
default configuration that:

(a) does not have enough TX and RX byte credits to support the max MTU
    of 9600 (which the Linux driver claims already) properly (at full speed)
(b) allows the FIFO to be overrun with RX traffic, potentially
    overwriting internal data structures.

The last part sounds a bit catastrophic, but it isn't. Frames are
supposed to transit the FIFO for a very short time, but they can
actually accumulate there under 2 conditions:

(a) there is very severe congestion on DRAM memory, or
(b) the RX rings visible to the operating system were configured for
    lossless operation, and they just ran out of free buffers to copy
    the frame to. This is what is used to put backpressure onto the MAC
    with flow control.

So since ENETC has not supported flow control thus far, RX FIFO overruns
were never seen with Linux. But with the addition of flow control, we
should configure some registers to prevent this from happening. What we
are trying to protect against are bad actors which continue to send us
traffic despite the fact that we have signaled a PAUSE condition. Of
course we can't be lossless in that case, but it is best to configure
the FIFO to do tail dropping rather than letting it overrun.

So in a nutshell, this driver is a fixup for all the IERB default values
that should have been but aren't.

The IERB configuration needs to be done _before_ the PFs are enabled.
So every PF searches for the presence of the "fsl,ls1028a-enetc-ierb"
node in the device tree, and if it finds it, it "registers" with the
IERB, which means that it requests the IERB to fix up its default
values. This is done through -EPROBE_DEFER. The IERB driver is part of
the fsl_enetc module, but is technically a platform driver, since the
IERB is a good old fashioned MMIO region, as opposed to ENETC ports
which pretend to be PCIe devices.

The driver was already configuring ENETC_PTXMBAR (FIFO allocation for
TX) because due to an omission, TXMBAR is a read/write register in the
PF memory space. But the manual is quite clear that the formula for this
should depend upon the TX byte credits (TXBCR). In turn, the TX byte
credits are only readable/writable through the IERB. So if we want to
ensure that the TXBCR register also has a value that is correct and in
line with TXMBAR, there is simply no way this can be done from the PF
driver, access to the IERB is needed.

I could have modified U-Boot to fix up the IERB values, but that is
quite undesirable, as old U-Boot versions are likely to be floating
around for quite some time from now.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e7d48e5fbf30f85c89d83683c3d2dbdaa8884103)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Conflicts:
drivers/net/ethernet/freescale/enetc/enetc_pf.c

dt-bindings: net: fsl: enetc: add the IERB documentation

Mention the required compatible string and base address for the
Integrated Endpoint Register Block node.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 4ac7acc67f29927975e2493a9f4ede0c631bb87a)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

net: enetc: create a common enetc_pf_to_port helper

Even though ENETC interfaces are exposed as individual PCIe PFs with
their own driver instances, the ENETC is still fundamentally a
multi-port Ethernet controller, and some parts of the IP take a port
number (as can be seen in the PSFP implementation).

Create a common helper that can be used outside of the TSN code for
retrieving the ENETC port number based on the PF number. This is only
correct for LS1028A, the only Linux-capable instantiation of ENETC thus
far.

Note that ENETC port 3 is PF 6. The TSN code did not care about this
because ENETC port 3 does not support TSN, so the wrong mapping done by
enetc_get_port for PF 6 could have never been hit.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 87614b931c24d9dfc934ef9deaaf55d1cbdc2ac2)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

enetc: Fix endianness issues for enetc_ethtool

These particular fields are specified in the H/W reference
manual as having network byte order format, so enforce big
endian annotation for them and clear the related sparse
warnings in the process.

Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit d548d3930ab635653d1549c864ce1a002dc3b218)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

enetc: Fix endianness issues for enetc_qos

Currently the control buffer descriptor (cbd) fields have endianness
restrictions while the commands passed into the control buffers
don't (with one exception). This patch fixes offending code,
by adding endianness accessors for cbd fields and removing the
unnecessary ones in case of data buffer fields. Currently there's
no need to convert all commands to little endian format, the patch
only focuses on fixing current endianness issues reported by sparse.

Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 0dfd294c92411da47041cca4ef790ee6112d6b68)
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

LF-3763 arm64: dts: SOF: Use newly created names for default topologies

Because i.MX8QXP/i.MX8QM are similar w.r.t audio peripherals
configuration we currently use the following naming for
topologies sof-imx8qxp-<codec>.tplg.

Which is weird to see for i.MX8QM.

In order to make naming more generic use imx8 instead of imx8qxp/imx8qm.

Reviwed-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>

LF-3665-5 arm64: imx_v8_defconfig: Enable SOF compress option

This enables ALSA compress support with SOF. When loading topology
with compress bit set, the ALSA sound card will support the compress
API.

This will allow us to render compressed audio (e.g MP3, AAC) using
Compress API.

The userpace sample application is named 'cplay' and uses tinycompress
library.

Reviwed-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>

MLK-25435-2 arm64: dts: imx8mp-evk-basler: delete camera ov5640 node on CSI1

The script to start isp media server will check camera device node.
Deleting camera ov5640 node means there's only 1 camera/csi is used.
On this case, the resolution can set to 4K.

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed by: G.n. Zhou <guoniu.zhou@nxp.com>

MLK-25435-1 arm64: dts: imx8mp-evk-basler-ov5640: limit csi clock to 266MHz

when dual MIPI CSIs are used, camera clock on each CSI should limit to 266MHz

Signed-off-by: Robby Cai <robby.cai@nxp.com>
Reviewed by: G.n. Zhou <guoniu.zhou@nxp.com>

arm64: imx8mx: vpu: integrate vsi 20210429 release (pre-v1.6)

- M865SW-747: VSI V4L2 Engineer release package 20210429
M865SW-740: [VPU/V4l2] encoder: remove 'V4L2_COLORSPACE_REC709' contraint in vsi_enc_try_fmt()

Signed-off-by: Zhou Peng <eagle.zhou@nxp.com>
(cherry picked from commit 44ef613ab0be5be805cf21a885b381db4b6ea2c8)

LF-3755 PCI: imx: move the compliance tests mode enable to command line

To avoid the kernel rebuild after change the menuconfig, move the i.MX
PCIe compliance tests mode enable to kernel command line.
Use the "pcie_cz_enabled=yes" to enable the compliance tests mode.

Signed-off-by: Richard Zhu <hongxing.zhu@nxp.com>
Reviewed-by: Jun Li <jun.li@nxp.com>