lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25d53d858a
android_kernel_xiaomi_sm8350/drivers
History
Junxiao Chang 573768dede net: stmmac: fix dma queue left shift overflow issue 
[ Upstream commit 613b065ca32e90209024ec4a6bb5ca887ee70980 ]

When queue number is > 4, left shift overflows due to 32 bits
integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.

If CONFIG_UBSAN is enabled, kernel dumps below warning:
[   10.363842] ==================================================================
[   10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/
linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12
[   10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'
[   10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg
[   10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021
[   10.363958] Call Trace:
[   10.363960]  <TASK>
[   10.363963]  dump_stack_lvl+0x4a/0x5f
[   10.363971]  dump_stack+0x10/0x12
[   10.363974]  ubsan_epilogue+0x9/0x45
[   10.363976]  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
[   10.363979]  ? wake_up_klogd+0x4a/0x50
[   10.363983]  ? vprintk_emit+0x8f/0x240
[   10.363986]  dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]
[   10.364001]  stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]
[   10.364009]  ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]
[   10.364020]  stmmac_hw_setup.cold+0xf/0xb14 [stmmac]
[   10.364030]  ? page_pool_alloc_pages+0x4d/0x70
[   10.364034]  ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]
[   10.364042]  stmmac_open+0x39e/0x920 [stmmac]
[   10.364050]  __dev_open+0xf0/0x1a0
[   10.364054]  __dev_change_flags+0x188/0x1f0
[   10.364057]  dev_change_flags+0x26/0x60
[   10.364059]  do_setlink+0x908/0xc40
[   10.364062]  ? do_setlink+0xb10/0xc40
[   10.364064]  ? __nla_validate_parse+0x4c/0x1a0
[   10.364068]  __rtnl_newlink+0x597/0xa10
[   10.364072]  ? __nla_reserve+0x41/0x50
[   10.364074]  ? __kmalloc_node_track_caller+0x1d0/0x4d0
[   10.364079]  ? pskb_expand_head+0x75/0x310
[   10.364082]  ? nla_reserve_64bit+0x21/0x40
[   10.364086]  ? skb_free_head+0x65/0x80
[   10.364089]  ? security_sock_rcv_skb+0x2c/0x50
[   10.364094]  ? __cond_resched+0x19/0x30
[   10.364097]  ? kmem_cache_alloc_trace+0x15a/0x420
[   10.364100]  rtnl_newlink+0x49/0x70

This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue
mapping warning.

Fixes: d43042f4da ("net: stmmac: mapping mtl rx to dma channel")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
Reported-by: Cedric Wassenaar <cedric@bytespeed.nl>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-29 17:14:12 +02:00
..
accessibility
acpi ACPI: property: Release subnode properties with data nodes 2022-06-14 18:11:45 +02:00
amba
android binder: fix handling of error during copy 2022-01-27 09:19:38 +01:00
ata ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() 2022-06-22 14:11:20 +02:00
atm atm: eni: Add check for dma_map_single 2022-03-23 09:12:07 +01:00
auxdisplay
base regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips 2022-06-29 08:58:47 +02:00
bcma
block xen/blkfront: force data bouncing when backend is untrusted 2022-07-07 17:36:53 +02:00
bluetooth Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt 2022-04-15 14:18:16 +02:00
bus bus: ti-sysc: Fix warnings for unbind for serial 2022-06-14 18:11:54 +02:00
cdrom
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-29 08:58:49 +02:00
clk clk: at91: generated: consider range when calculating best rate 2022-05-25 09:14:36 +02:00
clocksource clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() 2022-07-07 17:36:53 +02:00
connector
counter
cpufreq cpufreq: pmac32-cpufreq: Fix refcount leak bug 2022-07-21 20:59:24 +02:00
cpuidle
crypto crypto: marvell/cesa - ECB does not IV 2022-06-14 18:11:40 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-15 14:18:12 +02:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:36:49 +02:00
dio
dma dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate 2022-07-12 16:30:50 +02:00
dma-buf udmabuf: add back sanity check 2022-06-29 08:58:46 +02:00
edac EDAC/synopsys: Read the error count from the correct register 2022-04-27 13:50:48 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:12:00 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:23:41 +02:00
firmware firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle 2022-06-14 18:11:54 +02:00
fpga
fsi
gnss
gpio gpio: winbond: Fix error code in winbond_gpio_get() 2022-06-29 08:58:47 +02:00
gpu drm/i915/gt: Serialize TLB invalidates with GT resets 2022-07-21 20:59:22 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-15 14:17:58 +02:00
hid HID: elan: Fix potential double free in elan_input_configured 2022-06-14 18:11:33 +02:00
hsi HSI: core: Fix return freed object in hsi_new_client 2022-01-27 09:19:41 +01:00
hv random: remove unused irq_flags argument from add_interrupt_randomness() 2022-06-22 14:11:06 +02:00
hwmon hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails 2022-07-07 17:36:50 +02:00
hwspinlock
hwtracing coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier 2022-06-14 18:11:52 +02:00
i2c i2c: cadence: Change large transfer count reset logic to be unconditional 2022-07-29 17:14:12 +02:00
i3c
ide
idle
iio iio: adc: axp288: Override TS pin bias current for some models 2022-06-29 08:58:48 +02:00
infiniband RDMA/qedr: Fix reporting QP timeout attribute 2022-07-07 17:36:49 +02:00
input Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag 2022-06-14 18:12:03 +02:00
interconnect
iommu iommu/vt-d: Fix PCI bus rescan device hot add 2022-07-12 16:30:46 +02:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:42:36 +02:00
irqchip irqchip: or1k-pic: Undefine mask_ack for level triggered hardware 2022-07-21 20:59:26 +02:00
isdn mISDN: change function names to avoid conflicts 2022-01-11 15:23:33 +01:00
leds
lightnvm lightnvm: disable the subsystem 2022-05-09 09:03:20 +02:00
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-06-14 18:11:42 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-14 18:11:42 +02:00
mcb
md dm raid: fix KASAN warning in raid5_add_disks 2022-07-07 17:36:48 +02:00
media media: coda: Add more H264 levels for CODA960 2022-06-14 18:11:47 +02:00
memory memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe 2022-04-20 09:19:34 +02:00
memstick
message
mfd mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() 2022-06-14 18:11:42 +02:00
misc misc: rtsx_usb: set return value in rsp_buf alloc err path 2022-07-12 16:30:49 +02:00
mmc mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing 2022-06-29 08:58:44 +02:00
mtd Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" 2022-07-15 10:14:53 +02:00
mux
net net: stmmac: fix dma queue left shift overflow issue 2022-07-29 17:14:12 +02:00
nfc NFC: nxp-nci: don't print header length mismatch on i2c error 2022-07-21 20:59:25 +02:00
ntb
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:36:48 +02:00
nvme nvme: fix regression when disconnect a recovering ctrl 2022-07-21 20:59:25 +02:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-20 11:40:14 +02:00
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-14 18:11:34 +02:00
opp
oprofile
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-04-15 14:18:36 +02:00
parport
pci PCI: hv: Fix interrupt mapping for multi-MSI 2022-07-29 17:14:09 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:11:50 +02:00
perf arm_pmu: Validate single/group leader events 2022-04-27 13:50:50 +02:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:11:52 +02:00
pinctrl pinctrl: stm32: fix optional IRQ support to gpios 2022-07-29 17:14:08 +02:00
platform platform/x86: hp-wmi: Ignore Sanitization Mode event 2022-07-21 20:59:25 +02:00
pnp
power power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe 2022-07-29 17:14:10 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-15 14:18:32 +02:00
pwm pwm: lp3943: Fix duty calculation in case period was clamped 2022-06-14 18:11:51 +02:00
rapidio
ras
regulator regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt 2022-06-14 18:11:37 +02:00
remoteproc remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region 2022-04-15 14:18:19 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-27 13:50:47 +02:00
rpmsg rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails 2022-06-14 18:11:52 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:11:53 +02:00
s390 s390/lcs: fix variable dereferenced before check 2022-05-18 09:47:25 +02:00
sbus
scsi scsi: pmcraid: Fix missing resource cleanup in error case 2022-06-22 14:11:20 +02:00
sfi
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-18 09:47:27 +02:00
soc soc: ixp4xx/npe: Fix unused match warning 2022-07-21 20:59:27 +02:00
soundwire
spi spi: img-spfi: Fix pm_runtime_get_sync() error checking 2022-06-14 18:11:33 +02:00
spmi
ssb
staging pinctrl: ralink: Check for null return of devm_kcalloc 2022-07-29 17:14:10 +02:00
target scsi: target: tcmu: Fix possible page UAF 2022-04-20 09:19:36 +02:00
tc
tee optee: use driver internal tee_context for some rpc 2022-03-02 11:41:04 +01:00
thermal thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe 2022-06-14 18:11:38 +02:00
thunderbolt
tty serial: mvebu-uart: correctly report configured baudrate value 2022-07-29 17:14:09 +02:00
uio
usb usb: dwc3: gadget: Fix event pending check 2022-07-21 20:59:28 +02:00
vfio
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 18:12:02 +02:00
video fbcon: Prevent that screen size is smaller than font size 2022-07-12 16:30:47 +02:00
virt
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 20:59:24 +02:00
visorbus
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-15 14:18:35 +02:00
watchdog watchdog: wdat_wdt: Stop watchdog when rebooting the system 2022-06-14 18:12:00 +02:00
xen xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE 2022-07-29 17:14:09 +02:00
zorro
Kconfig
Makefile