commit d1988041d19dc8b532579bdbb7c4a978391c0011 Author: Greg Kroah-Hartman Date: Mon Dec 21 13:30:08 2020 +0100 Linux 5.10.2 Tested-by: Jeffrin Jose T Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Jon Hunter Link: https://lore.kernel.org/r/20201219125339.066340030@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman commit dadaf794f207ebd94a42bf786f14bdcea95f8ec6 Author: Alexander Sverdlin Date: Thu Dec 10 06:52:57 2020 +0100 serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access commit d96f04d347e4011977abdbb4da5d8f303ebd26f8 upstream. It has been observed that once per 300-1300 port openings the first transmitted byte is being corrupted on AM3352 ("v" written to FIFO appeared as "e" on the wire). It only happened if single byte has been transmitted right after port open, which means, DMA is not used for this transfer and the corruption never happened afterwards. Therefore I've carefully re-read the MDR1 errata (link below), which says "when accessing the MDR1 registers that causes a dummy under-run condition that will freeze the UART in IrDA transmission. In UART mode, this may corrupt the transferred data". Strictly speaking, omap_8250_mdr1_errataset() performs a read access and if the value is the same as should be written, exits without errata-recommended FIFO reset. A brief check of the serial_omap_mdr1_errataset() from the competing omap-serial driver showed it has no read access of MDR1. After removing the read access from omap_8250_mdr1_errataset() the data corruption never happened any more. Link: https://www.ti.com/lit/er/sprz360i/sprz360i.pdf Fixes: 61929cf0169d ("tty: serial: Add 8250-core based omap driver") Cc: stable@vger.kernel.org Signed-off-by: Alexander Sverdlin Link: https://lore.kernel.org/r/20201210055257.1053028-1-alexander.sverdlin@gmail.com Signed-off-by: Greg Kroah-Hartman commit ff654f1d31d5fe2962ea49476635c795653e289a Author: Takashi Iwai Date: Wed Dec 9 09:45:52 2020 +0100 ALSA: pcm: oss: Fix potential out-of-bounds shift commit 175b8d89fe292796811fdee87fa39799a5b6b87a upstream. syzbot spotted a potential out-of-bounds shift in the PCM OSS layer where it calculates the buffer size with the arbitrary shift value given via an ioctl. Add a range check for avoiding the undefined behavior. As the value can be treated by a signed integer, the max shift should be 30. Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20201209084552.17109-2-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 07747a44be4f4e042b0f93f853bc709022980d02 Author: Thomas Gleixner Date: Mon Oct 19 12:06:30 2020 +0200 USB: sisusbvga: Make console support depend on BROKEN commit 862ee699fefe1e6d6f2c1518395f0b999b8beb15 upstream. The console part of sisusbvga is broken vs. printk(). It uses in_atomic() to detect contexts in which it cannot sleep despite the big fat comment in preempt.h which says: Do not use in_atomic() in driver code. in_atomic() does not work on kernels with CONFIG_PREEMPT_COUNT=n which means that spin/rw_lock held regions are not detected by it. There is no way to make this work by handing context information through to the driver and this only can be solved once the core printk infrastructure supports sleepable console drivers. Make it depend on BROKEN for now. Fixes: 1bbb4f2035d9 ("[PATCH] USB: sisusb[vga] update") Signed-off-by: Thomas Gleixner Cc: Thomas Winischhofer Cc: Greg Kroah-Hartman Cc: linux-usb@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20201019101109.603244207@linutronix.de Signed-off-by: Greg Kroah-Hartman commit 2440c1cb2514447ac4a4e585b47d78d8b85f41b9 Author: Oliver Neukum Date: Wed Dec 9 16:26:39 2020 +0100 USB: UAS: introduce a quirk to set no_write_same commit 8010622c86ca5bb44bc98492f5968726fc7c7a21 upstream. UAS does not share the pessimistic assumption storage is making that devices cannot deal with WRITE_SAME. A few devices supported by UAS, are reported to not deal well with WRITE_SAME. Those need a quirk. Add it to the device that needs it. Reported-by: David C. Partridge Signed-off-by: Oliver Neukum Cc: stable Link: https://lore.kernel.org/r/20201209152639.9195-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman commit d769a22dc01fc01d9b08199472dfab27e378a052 Author: Mika Westerberg Date: Tue Dec 8 11:29:11 2020 +0200 xhci-pci: Allow host runtime PM as default for Intel Maple Ridge xHCI commit 5a8e3229ac27956bdcc25b2709e5d196d109a27a upstream. Intel Maple Ridge is successor of Titan Ridge Thunderbolt controller. As Titan Ridge this one also includes xHCI host controller. In order to safe energy we should put it to low power state by default when idle. For this reason allow host runtime PM for Maple Ridge. Signed-off-by: Mika Westerberg Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20201208092912.1773650-5-mathias.nyman@linux.intel.com Cc: stable Signed-off-by: Greg Kroah-Hartman commit 3203c4abf5051790411a0b49393b9f00a45f191a Author: Hans de Goede Date: Tue Dec 8 11:29:10 2020 +0200 xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP commit c4d1ca05b8e68a4b5a3c4455cb6ec25b3df6d9dd upstream. The xHCI controller on Alpine Ridge LP keeps the whole Thunderbolt controller awake if the host controller is not allowed to sleep. This is the case even if no USB devices are connected to the host. Add the Intel Alpine Ridge LP product-id to the list of product-ids for which we allow runtime PM by default. Fixes: 2815ef7fe4d4 ("xhci-pci: allow host runtime PM as default for Intel Alpine and Titan Ridge") Cc: Reviewed-by: Mika Westerberg Signed-off-by: Hans de Goede Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20201208092912.1773650-4-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit 1bee58e891f26a4246ad10fcc9c8c7e173a898f4 Author: Tejas Joglekar Date: Tue Dec 8 11:29:08 2020 +0200 usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK commit bac1ec551434697ca3c5bb5d258811ba5446866a upstream. This commit uses the private data passed by parent device to set the quirk for Synopsys xHC. This patch fixes the SNPS xHC hang issue when the data is scattered across small buffers which does not make atleast MPS size for given TRB cache size of SNPS xHC. Signed-off-by: Tejas Joglekar Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20201208092912.1773650-2-mathias.nyman@linux.intel.com Cc: stable Signed-off-by: Greg Kroah-Hartman commit 2bd9751e6790c45377628c09b92afbc4f1bfe4ed Author: Li Jun Date: Tue Dec 8 11:29:12 2020 +0200 xhci: Give USB2 ports time to enter U3 in bus suspend commit c1373f10479b624fb6dba0805d673e860f1b421d upstream. If a USB2 device wakeup is not enabled/supported the link state may still be in U0 in xhci_bus_suspend(), where it's then manually put to suspended U3 state. Just as with selective suspend the device needs time to enter U3 suspend before continuing with further suspend operations (e.g. system suspend), otherwise we may enter system suspend with link state in U0. [commit message rewording -Mathias] Cc: Signed-off-by: Li Jun Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20201208092912.1773650-6-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit f1e6ab052c63a3bf3871aa2a8ec846feb7a77be2 Author: Takashi Iwai Date: Fri Dec 11 14:00:48 2020 +0100 ALSA: usb-audio: Fix control 'access overflow' errors from chmap commit c6dde8ffd071aea9d1ce64279178e470977b235c upstream. The current channel-map control implementation in USB-audio driver may lead to an error message like "control 3:0:0:Playback Channel Map:0: access overflow" when CONFIG_SND_CTL_VALIDATION is set. It's because the chmap get callback clears the whole array no matter which count is set, and rather the false-positive detection. This patch fixes the problem by clearing only the needed array range at usb_chmap_ctl_get(). Cc: Link: https://lore.kernel.org/r/20201211130048.6358-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit cc3edd81ef035b728955241dca8a3b3c2f333ab6 Author: Takashi Iwai Date: Wed Dec 9 09:45:51 2020 +0100 ALSA: usb-audio: Fix potential out-of-bounds shift commit 43d5ca88dfcd35e43010fdd818e067aa9a55f5ba upstream. syzbot spotted a potential out-of-bounds shift in the USB-audio format parser that receives the arbitrary shift value from the USB descriptor. Add a range check for avoiding the undefined behavior. Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20201209084552.17109-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit d8f0c9ec3638be7344a3e8ebe4415aae1b356981 Author: Oliver Neukum Date: Mon Dec 7 14:03:23 2020 +0100 USB: add RESET_RESUME quirk for Snapscan 1212 commit 08a02f954b0def3ada8ed6d4b2c7bcb67e885e9c upstream. I got reports that some models of this old scanner need this when using runtime PM. Signed-off-by: Oliver Neukum Cc: stable Link: https://lore.kernel.org/r/20201207130323.23857-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman commit 5fb2a55ad3e0a7f3c5094c36a54c230355ed3d38 Author: Bui Quang Minh Date: Fri Dec 4 06:24:49 2020 +0000 USB: dummy-hcd: Fix uninitialized array use in init() commit e90cfa813da7a527785033a0b247594c2de93dd8 upstream. This error path err_add_pdata: for (i = 0; i < mod_data.num; i++) kfree(dum[i]); can be triggered when not all dum's elements are initialized. Fix this by initializing all dum's elements to NULL. Acked-by: Alan Stern Cc: stable Signed-off-by: Bui Quang Minh Link: https://lore.kernel.org/r/1607063090-3426-1-git-send-email-minhquangbui99@gmail.com Signed-off-by: Greg Kroah-Hartman commit d483f5e5ce532e410dc10d91a025f12ee3fd2c82 Author: Alan Stern Date: Tue Dec 8 11:30:42 2020 -0500 USB: legotower: fix logical error in recent commit commit b175d273d4e4100b66e68f0675fef7a3c07a7957 upstream. Commit d9f0d82f06c6 ("USB: legousbtower: use usb_control_msg_recv()") contained an elementary logical error. The check of the return code from the new usb_control_msg_recv() function was inverted. Reported-and-tested-by: syzbot+9be25235b7a69b24d117@syzkaller.appspotmail.com Signed-off-by: Alan Stern Link: https://lore.kernel.org/r/20201208163042.GD1298255@rowland.harvard.edu Fixes: d9f0d82f06c6 ("USB: legousbtower: use usb_control_msg_recv()") Cc: stable Signed-off-by: Greg Kroah-Hartman commit 2902e302991a4dacd155658bcb3053e4d6b7d4a0 Author: Steven Rostedt (VMware) Date: Mon Nov 30 16:38:41 2020 -0500 ktest.pl: Fix the logic for truncating the size of the log file for email commit 170f4869e66275f498ae4736106fb54c0fdcd036 upstream. The logic for truncating the log file for emailing based on the MAIL_MAX_SIZE option is confusing and incorrect. Simplify it and have the tail of the log file truncated to the max size specified in the config. Cc: stable@vger.kernel.org Fixes: 855d8abd2e8ff ("ktest.pl: Change the logic to control the size of the log file emailed") Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Greg Kroah-Hartman commit 4e282a8dff800c535a5828dc7d2e46cb18ddbc18 Author: Steven Rostedt (VMware) Date: Mon Nov 30 16:32:55 2020 -0500 ktest.pl: If size of log is too big to email, email error message commit 8cd6bc0359deebd8500e6de95899a8a78d3ec4ba upstream. If the size of the error log is too big to send via email, and the sending fails, it wont email any result. This can be confusing for the user who is waiting for an email on the completion of the tests. If it fails to send email, then try again without the log file stating that it failed to send an email. Obviously this will not be of use if the sending of email failed for some other reasons, but it will at least give the user some information when it fails for the most common reason. Cc: stable@vger.kernel.org Fixes: c2d84ddb338c8 ("ktest.pl: Add MAIL_COMMAND option to define how to send email") Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Greg Kroah-Hartman commit d3f4117b0275b2fb2de3a034fe1060a80104833f Author: Peilin Ye Date: Sat Aug 1 11:20:44 2020 -0400 ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() commit 0032ce0f85a269a006e91277be5fdbc05fad8426 upstream. ptrace_get_syscall_info() is potentially copying uninitialized stack memory to userspace, since the compiler may leave a 3-byte hole near the beginning of `info`. Fix it by adding a padding field to `struct ptrace_syscall_info`. Fixes: 201766a20e30 ("ptrace: add PTRACE_GET_SYSCALL_INFO request") Suggested-by: Dan Carpenter Signed-off-by: Peilin Ye Reviewed-by: Dmitry V. Levin Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200801152044.230416-1-yepeilin.cs@gmail.com Signed-off-by: Christian Brauner Signed-off-by: Greg Kroah-Hartman