- Linux-stable-mirror - lists.linaro.org

+ mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast has been added to the -mm mm-unstable branch. Its filename is mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast Date: Wed, 1 May 2024 15:33:10 +0100 __split_huge_pmd_locked() can be called for a present THP, devmap or (non-present) migration entry. It calls pmdp_invalidate() unconditionally on the pmdp and only determines if it is present or not based on the returned old pmd. This is a problem for the migration entry case because pmd_mkinvalid(), called by pmdp_invalidate() must only be called for a present pmd. On arm64 at least, pmd_mkinvalid() will mark the pmd such that any future call to pmd_present() will return true. And therefore any lockless pgtable walker could see the migration entry pmd in this state and start interpretting the fields as if it were present, leading to BadThings (TM). GUP-fast appears to be one such lockless pgtable walker. x86 does not suffer the above problem, but instead pmd_mkinvalid() will corrupt the offset field of the swap entry within the swap pte. See link below for discussion of that problem. Fix all of this by only calling pmdp_invalidate() for a present pmd. And for good measure let's add a warning to all implementations of pmdp_invalidate[_ad](). I've manually reviewed all other pmdp_invalidate[_ad]() call sites and believe all others to be conformant. This is a theoretical bug found during code review. I don't have any test case to trigger it in practice. Link: https://lkml.kernel.org/r/20240501143310.1381675-1-ryan.roberts@arm.com Link: https://lore.kernel.org/all/0dd7827a-6334-439a-8fd0-43c98e6af22b@arm.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andreas Larsson <andreas(a)gaisler.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/mm/arch_pgtable_helpers.rst | 6 +- arch/powerpc/mm/book3s64/pgtable.c | 1 arch/s390/include/asm/pgtable.h | 4 + arch/sparc/mm/tlb.c | 1 arch/x86/mm/pgtable.c | 2 mm/huge_memory.c | 49 ++++++++++---------- mm/pgtable-generic.c | 2 7 files changed, 39 insertions(+), 26 deletions(-) --- a/arch/powerpc/mm/book3s64/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/powerpc/mm/book3s64/pgtable.c @@ -170,6 +170,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { unsigned long old_pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); old_pmd = pmd_hugepage_update(vma->vm_mm, address, pmdp, _PAGE_PRESENT, _PAGE_INVALID); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return __pmd(old_pmd); --- a/arch/s390/include/asm/pgtable.h~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/s390/include/asm/pgtable.h @@ -1769,8 +1769,10 @@ static inline pmd_t pmdp_huge_clear_flus static inline pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long addr, pmd_t *pmdp) { - pmd_t pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); + pmd_t pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); return pmdp_xchg_direct(vma->vm_mm, addr, pmdp, pmd); } --- a/arch/sparc/mm/tlb.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/sparc/mm/tlb.c @@ -249,6 +249,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { pmd_t old, entry; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); entry = __pmd(pmd_val(*pmdp) & ~_PAGE_VALID); old = pmdp_establish(vma, address, pmdp, entry); flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); --- a/arch/x86/mm/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/x86/mm/pgtable.c @@ -631,6 +631,8 @@ int pmdp_clear_flush_young(struct vm_are pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + /* * No flush is necessary. Once an invalid PTE is established, the PTE's * access and dirty bits cannot be updated. --- a/Documentation/mm/arch_pgtable_helpers.rst~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/Documentation/mm/arch_pgtable_helpers.rst @@ -140,7 +140,8 @@ PMD Page Table Helpers +---------------------------+--------------------------------------------------+ | pmd_swp_clear_soft_dirty | Clears a soft dirty swapped PMD | +---------------------------+--------------------------------------------------+ -| pmd_mkinvalid | Invalidates a mapped PMD [1] | +| pmd_mkinvalid | Invalidates a present PMD; do not call for | +| | non-present PMD [1] | +---------------------------+--------------------------------------------------+ | pmd_set_huge | Creates a PMD huge mapping | +---------------------------+--------------------------------------------------+ @@ -196,7 +197,8 @@ PUD Page Table Helpers +---------------------------+--------------------------------------------------+ | pud_mkdevmap | Creates a ZONE_DEVICE mapped PUD | +---------------------------+--------------------------------------------------+ -| pud_mkinvalid | Invalidates a mapped PUD [1] | +| pud_mkinvalid | Invalidates a present PUD; do not call for | +| | non-present PUD [1] | +---------------------------+--------------------------------------------------+ | pud_set_huge | Creates a PUD huge mapping | +---------------------------+--------------------------------------------------+ --- a/mm/huge_memory.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/huge_memory.c @@ -2430,32 +2430,11 @@ static void __split_huge_pmd_locked(stru return __split_huge_zero_page_pmd(vma, haddr, pmd); } - /* - * Up to this point the pmd is present and huge and userland has the - * whole access to the hugepage during the split (which happens in - * place). If we overwrite the pmd with the not-huge version pointing - * to the pte here (which of course we could if all CPUs were bug - * free), userland could trigger a small page size TLB miss on the - * small sized TLB while the hugepage TLB entry is still established in - * the huge TLB. Some CPU doesn't like that. - * See http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum - * 383 on page 105. Intel should be safe but is also warns that it's - * only safe if the permission and cache attributes of the two entries - * loaded in the two TLB is identical (which should be the case here). - * But it is generally safer to never allow small and huge TLB entries - * for the same virtual address to be loaded simultaneously. So instead - * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the - * current pmd notpresent (atomically because here the pmd_trans_huge - * must remain set at all times on the pmd until the split is complete - * for this pmd), then we flush the SMP TLB and finally we write the - * non-huge version of the pmd entry with pmd_populate. - */ - old_pmd = pmdp_invalidate(vma, haddr, pmd); - - pmd_migration = is_pmd_migration_entry(old_pmd); + pmd_migration = is_pmd_migration_entry(*pmd); if (unlikely(pmd_migration)) { swp_entry_t entry; + old_pmd = *pmd; entry = pmd_to_swp_entry(old_pmd); page = pfn_swap_entry_to_page(entry); write = is_writable_migration_entry(entry); @@ -2466,6 +2445,30 @@ static void __split_huge_pmd_locked(stru soft_dirty = pmd_swp_soft_dirty(old_pmd); uffd_wp = pmd_swp_uffd_wp(old_pmd); } else { + /* + * Up to this point the pmd is present and huge and userland has + * the whole access to the hugepage during the split (which + * happens in place). If we overwrite the pmd with the not-huge + * version pointing to the pte here (which of course we could if + * all CPUs were bug free), userland could trigger a small page + * size TLB miss on the small sized TLB while the hugepage TLB + * entry is still established in the huge TLB. Some CPU doesn't + * like that. See + * http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum + * 383 on page 105. Intel should be safe but is also warns that + * it's only safe if the permission and cache attributes of the + * two entries loaded in the two TLB is identical (which should + * be the case here). But it is generally safer to never allow + * small and huge TLB entries for the same virtual address to be + * loaded simultaneously. So instead of doing "pmd_populate(); + * flush_pmd_tlb_range();" we first mark the current pmd + * notpresent (atomically because here the pmd_trans_huge must + * remain set at all times on the pmd until the split is + * complete for this pmd), then we flush the SMP TLB and finally + * we write the non-huge version of the pmd entry with + * pmd_populate. + */ + old_pmd = pmdp_invalidate(vma, haddr, pmd); page = pmd_page(old_pmd); folio = page_folio(page); if (pmd_dirty(old_pmd)) { --- a/mm/pgtable-generic.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/pgtable-generic.c @@ -198,6 +198,7 @@ pgtable_t pgtable_trans_huge_withdraw(st pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); pmd_t old = pmdp_establish(vma, address, pmdp, pmd_mkinvalid(*pmdp)); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return old; @@ -208,6 +209,7 @@ pmd_t pmdp_invalidate(struct vm_area_str pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); return pmdp_invalidate(vma, address, pmdp); } #endif _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-debug_vm_pgtable-test-pmd_leaf-behavior-with-pmd_mkinvalid.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 1 month

1
0
0 0

[PATCH] drm/i915/audio: Fix audio time stamp programming for DP

by Chaitanya Kumar Borah

Intel hardware is capable of programming the Maud/Naud SDPs on its own based on real-time clocks. While doing so, it takes care of any deviations from the theoretical values. Programming the registers explicitly with static values can interfere with this logic. Therefore, let the HW decide the Maud and Naud SDPs on it's own. Cc: stable(a)vger.kernel.org # v5.17 Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/8097 Co-developed-by: Kai Vehmanen <kai.vehmanen(a)intel.com> Signed-off-by: Kai Vehmanen <kai.vehmanen(a)intel.com> Signed-off-by: Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> --- drivers/gpu/drm/i915/display/intel_audio.c | 113 ++------------------- 1 file changed, 8 insertions(+), 105 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_audio.c b/drivers/gpu/drm/i915/display/intel_audio.c index 07e0c73204f3..ed81e1466c4b 100644 --- a/drivers/gpu/drm/i915/display/intel_audio.c +++ b/drivers/gpu/drm/i915/display/intel_audio.c @@ -76,19 +76,6 @@ struct intel_audio_funcs { struct intel_crtc_state *crtc_state); }; -/* DP N/M table */ -#define LC_810M 810000 -#define LC_540M 540000 -#define LC_270M 270000 -#define LC_162M 162000 - -struct dp_aud_n_m { - int sample_rate; - int clock; - u16 m; - u16 n; -}; - struct hdmi_aud_ncts { int sample_rate; int clock; @@ -96,60 +83,6 @@ struct hdmi_aud_ncts { int cts; }; -/* Values according to DP 1.4 Table 2-104 */ -static const struct dp_aud_n_m dp_aud_n_m[] = { - { 32000, LC_162M, 1024, 10125 }, - { 44100, LC_162M, 784, 5625 }, - { 48000, LC_162M, 512, 3375 }, - { 64000, LC_162M, 2048, 10125 }, - { 88200, LC_162M, 1568, 5625 }, - { 96000, LC_162M, 1024, 3375 }, - { 128000, LC_162M, 4096, 10125 }, - { 176400, LC_162M, 3136, 5625 }, - { 192000, LC_162M, 2048, 3375 }, - { 32000, LC_270M, 1024, 16875 }, - { 44100, LC_270M, 784, 9375 }, - { 48000, LC_270M, 512, 5625 }, - { 64000, LC_270M, 2048, 16875 }, - { 88200, LC_270M, 1568, 9375 }, - { 96000, LC_270M, 1024, 5625 }, - { 128000, LC_270M, 4096, 16875 }, - { 176400, LC_270M, 3136, 9375 }, - { 192000, LC_270M, 2048, 5625 }, - { 32000, LC_540M, 1024, 33750 }, - { 44100, LC_540M, 784, 18750 }, - { 48000, LC_540M, 512, 11250 }, - { 64000, LC_540M, 2048, 33750 }, - { 88200, LC_540M, 1568, 18750 }, - { 96000, LC_540M, 1024, 11250 }, - { 128000, LC_540M, 4096, 33750 }, - { 176400, LC_540M, 3136, 18750 }, - { 192000, LC_540M, 2048, 11250 }, - { 32000, LC_810M, 1024, 50625 }, - { 44100, LC_810M, 784, 28125 }, - { 48000, LC_810M, 512, 16875 }, - { 64000, LC_810M, 2048, 50625 }, - { 88200, LC_810M, 1568, 28125 }, - { 96000, LC_810M, 1024, 16875 }, - { 128000, LC_810M, 4096, 50625 }, - { 176400, LC_810M, 3136, 28125 }, - { 192000, LC_810M, 2048, 16875 }, -}; - -static const struct dp_aud_n_m * -audio_config_dp_get_n_m(const struct intel_crtc_state *crtc_state, int rate) -{ - int i; - - for (i = 0; i < ARRAY_SIZE(dp_aud_n_m); i++) { - if (rate == dp_aud_n_m[i].sample_rate && - crtc_state->port_clock == dp_aud_n_m[i].clock) - return &dp_aud_n_m[i]; - } - - return NULL; -} - static const struct { int clock; u32 config; @@ -387,47 +320,17 @@ hsw_dp_audio_config_update(struct intel_encoder *encoder, const struct intel_crtc_state *crtc_state) { struct drm_i915_private *i915 = to_i915(encoder->base.dev); - struct i915_audio_component *acomp = i915->display.audio.component; enum transcoder cpu_transcoder = crtc_state->cpu_transcoder; - enum port port = encoder->port; - const struct dp_aud_n_m *nm; - int rate; - u32 tmp; - - rate = acomp ? acomp->aud_sample_rate[port] : 0; - nm = audio_config_dp_get_n_m(crtc_state, rate); - if (nm) - drm_dbg_kms(&i915->drm, "using Maud %u, Naud %u\n", nm->m, - nm->n); - else - drm_dbg_kms(&i915->drm, "using automatic Maud, Naud\n"); - - tmp = intel_de_read(i915, HSW_AUD_CFG(cpu_transcoder)); - tmp &= ~AUD_CONFIG_N_VALUE_INDEX; - tmp &= ~AUD_CONFIG_PIXEL_CLOCK_HDMI_MASK; - tmp &= ~AUD_CONFIG_N_PROG_ENABLE; - tmp |= AUD_CONFIG_N_VALUE_INDEX; - if (nm) { - tmp &= ~AUD_CONFIG_N_MASK; - tmp |= AUD_CONFIG_N(nm->n); - tmp |= AUD_CONFIG_N_PROG_ENABLE; - } - - intel_de_write(i915, HSW_AUD_CFG(cpu_transcoder), tmp); - - tmp = intel_de_read(i915, HSW_AUD_M_CTS_ENABLE(cpu_transcoder)); - tmp &= ~AUD_CONFIG_M_MASK; - tmp &= ~AUD_M_CTS_M_VALUE_INDEX; - tmp &= ~AUD_M_CTS_M_PROG_ENABLE; - - if (nm) { - tmp |= nm->m; - tmp |= AUD_M_CTS_M_VALUE_INDEX; - tmp |= AUD_M_CTS_M_PROG_ENABLE; - } + /* Enable time stamps. Let HW calculate Maud/Naud values */ + intel_de_rmw(i915, HSW_AUD_CFG(cpu_transcoder), + AUD_CONFIG_N_VALUE_INDEX | + AUD_CONFIG_PIXEL_CLOCK_HDMI_MASK | + AUD_CONFIG_UPPER_N_MASK | + AUD_CONFIG_LOWER_N_MASK | + AUD_CONFIG_N_PROG_ENABLE, + AUD_CONFIG_N_VALUE_INDEX); - intel_de_write(i915, HSW_AUD_M_CTS_ENABLE(cpu_transcoder), tmp); } static void -- 2.25.1

1 year, 1 month

1
0
0 0

[PATCH v2 1/5] tracefs: Reset permissions on remount if permissions are options

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permission if they were never set by the user. If the user sets the permissions, then a flag is set and the permissions are saved via the inode (for tracefs files) or an internal attribute field (for eventfs). But if a remount happens that specify the permissions, all the files that were not changed by the user gets updated, but the ones that were are not. If the user were to remount the file system with a given permission, then all files and directories within that file system should be updated. This can cause security issues if a file's permission was updated but the admin forgot about it. They could incorrectly think that remounting with permissions set would update all files, but miss some. For example: # cd /sys/kernel/tracing # chgrp 1002 current_tracer # ls -l [..] -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root root 0 May 1 21:25 dynamic_events -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root root 0 May 1 21:25 enabled_functions Where current_tracer now has group "lkp". # mount -o remount,gid=1001 . # ls -l -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions Everything changed but the "current_tracer". Add a new link list that keeps track of all the tracefs_inodes which has the permission flags that tell if the file/dir should use the root inode's permission or not. Then on remount, clear all the flags so that the default behavior of using the root inode's permission is done for all files and directories. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 +++++++++++++++++++++++ fs/tracefs/inode.c | 50 +++++++++++++++++++++++++++++++++++++++- fs/tracefs/internal.h | 7 +++++- 3 files changed, 84 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..a754c6725a52 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -301,6 +301,35 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + if (!ei) + return; + + if (update_uid) + ei->attr.mode &= ~EVENTFS_SAVE_UID; + + if (update_gid) + ei->attr.mode &= ~EVENTFS_SAVE_GID; + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + if (update_gid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + } +} + /* Return the evenfs_inode of the "events" directory */ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) { diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 5545e6bf7d26..5f2417df1c43 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -30,20 +30,47 @@ static struct vfsmount *tracefs_mount; static int tracefs_mount_count; static bool tracefs_registered; +/* + * Keep track of all tracefs_inodes in order to update their + * flags if necessary on a remount. + */ +static DEFINE_SPINLOCK(tracefs_inode_lock); +static LIST_HEAD(tracefs_inodes); + static struct inode *tracefs_alloc_inode(struct super_block *sb) { struct tracefs_inode *ti; + unsigned long flags; ti = kmem_cache_alloc(tracefs_inode_cachep, GFP_KERNEL); if (!ti) return NULL; + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_add_rcu(&ti->list, &tracefs_inodes); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + return &ti->vfs_inode; } +static void tracefs_free_inode_rcu(struct rcu_head *rcu) +{ + struct tracefs_inode *ti; + + ti = container_of(rcu, struct tracefs_inode, rcu); + kmem_cache_free(tracefs_inode_cachep, ti); +} + static void tracefs_free_inode(struct inode *inode) { - kmem_cache_free(tracefs_inode_cachep, get_tracefs(inode)); + struct tracefs_inode *ti = get_tracefs(inode); + unsigned long flags; + + spin_lock_irqsave(&tracefs_inode_lock, flags); + list_del_rcu(&ti->list); + spin_unlock_irqrestore(&tracefs_inode_lock, flags); + + call_rcu(&ti->rcu, tracefs_free_inode_rcu); } static ssize_t default_read_file(struct file *file, char __user *buf, @@ -313,6 +340,8 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) struct tracefs_fs_info *fsi = sb->s_fs_info; struct inode *inode = d_inode(sb->s_root); struct tracefs_mount_opts *opts = &fsi->mount_opts; + struct tracefs_inode *ti; + bool update_uid, update_gid; umode_t tmp_mode; /* @@ -332,6 +361,25 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) if (!remount || opts->opts & BIT(Opt_gid)) inode->i_gid = opts->gid; + if (remount && (opts->opts & BIT(Opt_uid) || opts->opts & BIT(Opt_gid))) { + + update_uid = opts->opts & BIT(Opt_uid); + update_gid = opts->opts & BIT(Opt_gid); + + rcu_read_lock(); + list_for_each_entry_rcu(ti, &tracefs_inodes, list) { + if (update_uid) + ti->flags &= ~TRACEFS_UID_PERM_SET; + + if (update_gid) + ti->flags &= ~TRACEFS_GID_PERM_SET; + + if (ti->flags & TRACEFS_EVENT_INODE) + eventfs_remount(ti, update_uid, update_gid); + } + rcu_read_unlock(); + } + return 0; } diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 15c26f9aaad4..29f0c999975b 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -11,8 +11,12 @@ enum { }; struct tracefs_inode { - struct inode vfs_inode; + union { + struct inode vfs_inode; + struct rcu_head rcu; + }; /* The below gets initialized with memset_after(ti, 0, vfs_inode) */ + struct list_head list; unsigned long flags; void *private; }; @@ -73,6 +77,7 @@ struct dentry *tracefs_end_creating(struct dentry *dentry); struct dentry *tracefs_failed_creating(struct dentry *dentry); struct inode *tracefs_get_inode(struct super_block *sb); +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid); void eventfs_d_release(struct dentry *dentry); #endif /* _TRACEFS_INTERNAL_H */ -- 2.43.0

1 year, 1 month

1
1
0 0

[PATCH v2 5/5] eventfs: Have "events" directory get permissions from its parent

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index ff4ee3dad56a..3ea32159d556 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -219,12 +220,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; + + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -810,6 +822,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -819,10 +832,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list); -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v2 4/5] eventfs: Do not treat events directory different than other directories

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Treat the events directory the same as other directories when it comes to permissions. The events directory was considered different because it's dentry is persistent, whereas the other directory dentries are created when accessed. But the way tracefs now does its ownership by using the root dentry's permissions as the default permissions, the events directory can get out of sync when a remount is performed setting the group and user permissions. Remove the special case for the events directory on setting the attributes. This allows the updates caused by remount to work properly as well as simplifies the code. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 2971609946e5..ff4ee3dad56a 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -199,21 +199,7 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, * determined by the parent directory. */ if (dentry->d_inode->i_mode & S_IFDIR) { - /* - * The events directory dentry is never freed, unless its - * part of an instance that is deleted. It's attr is the - * default for its child files and directories. - * Do not update it. It's not used for its own mode or ownership. - */ - if (ei->is_events) { - /* But it still needs to know if it was modified */ - if (iattr->ia_valid & ATTR_UID) - ei->attr.mode |= EVENTFS_SAVE_UID; - if (iattr->ia_valid & ATTR_GID) - ei->attr.mode |= EVENTFS_SAVE_GID; - } else { - update_attr(&ei->attr, iattr); - } + update_attr(&ei->attr, iattr); } else { name = dentry->d_name.name; -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v2 3/5] eventfs: Do not differentiate the toplevel events directory

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++--------------------- fs/tracefs/internal.h | 7 +++---- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index a754c6725a52..2971609946e5 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -232,14 +231,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -252,10 +247,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -284,7 +279,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -352,7 +347,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -458,7 +453,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -838,14 +833,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -854,13 +841,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode { -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH v2 2/5] tracefs: Still use mount point as default permissions for instances

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> If the instances directory's permissions were never change, then have it and its children use the mount point permissions as the default. Currently, the permissions of instance directories are determined by the instance directory's permissions itself. But if the tracefs file system is remounted and changes the permissions, the instance directory and its children should use the new permission. But because both the instance directory and its children use the instance directory's inode for permissions, it misses the update. To demonstrate this: # cd /sys/kernel/tracing/ # mkdir instances/foo # ls -ld instances/foo drwxr-x--- 5 root root 0 May 1 19:07 instances/foo # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 18:57 current_tracer # mount -o remount,gid=1002 . # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo/ # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 18:57 current_tracer Notice that changing the group id to that of "lkp" did not affect the instances directory nor its children. It should have been: # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 19:19 current_tracer # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:25 instances/foo/ # ls -ld instances drwxr-x--- 3 root root 0 May 1 19:19 instances # mount -o remount,gid=1002 . # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 19:19 current_tracer # ls -ld instances drwxr-x--- 3 root lkp 0 May 1 19:19 instances # ls -ld instances/foo/ drwxr-x--- 5 root lkp 0 May 1 19:25 instances/foo/ Where all files were updated by the remount gid update. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 5f2417df1c43..e1bf65efdbb3 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -180,16 +180,39 @@ static void set_tracefs_inode_owner(struct inode *inode) { struct tracefs_inode *ti = get_tracefs(inode); struct inode *root_inode = ti->private; + kuid_t uid; + kgid_t gid; + + uid = root_inode->i_uid; + gid = root_inode->i_gid; + + /* + * If the root is not the mount point, then check the root's + * permissions. If it was never set, then default to the + * mount point. + */ + if (root_inode != d_inode(root_inode->i_sb->s_root)) { + struct tracefs_inode *rti; + + rti = get_tracefs(root_inode); + root_inode = d_inode(root_inode->i_sb->s_root); + + if (!(rti->flags & TRACEFS_UID_PERM_SET)) + uid = root_inode->i_uid; + + if (!(rti->flags & TRACEFS_GID_PERM_SET)) + gid = root_inode->i_gid; + } /* * If this inode has never been referenced, then update * the permissions to the superblock. */ if (!(ti->flags & TRACEFS_UID_PERM_SET)) - inode->i_uid = root_inode->i_uid; + inode->i_uid = uid; if (!(ti->flags & TRACEFS_GID_PERM_SET)) - inode->i_gid = root_inode->i_gid; + inode->i_gid = gid; } static int tracefs_permission(struct mnt_idmap *idmap, -- 2.43.0

1 year, 1 month

1
0
0 0

Linux 6.6.30

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.30 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kdump/vmcoreinfo.rst | 6 Documentation/admin-guide/sysctl/net.rst | 5 Makefile | 2 arch/Kconfig | 8 arch/arc/boot/dts/hsdk.dts | 1 arch/arm/boot/dts/microchip/at91-sama7g5ek.dts | 8 arch/arm/boot/dts/nxp/imx/imx6ull-tarragon-common.dtsi | 1 arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 -- arch/arm64/boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 6 arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 173 +++++------- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 141 +++++++++ arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 - arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 +- arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 arch/arm64/kvm/hyp/include/nvhe/gfp.h | 2 arch/loongarch/include/asm/perf_event.h | 8 arch/loongarch/mm/fault.c | 4 arch/riscv/include/asm/page.h | 2 arch/riscv/include/asm/pgtable.h | 4 arch/riscv/kernel/setup.c | 13 arch/riscv/mm/init.c | 2 arch/sparc/kernel/traps_64.c | 2 arch/x86/Kconfig | 11 arch/x86/include/asm/coco.h | 5 arch/x86/include/asm/pgtable_types.h | 3 arch/x86/kernel/process_64.c | 2 arch/x86/kvm/pmu.c | 30 ++ arch/x86/kvm/vmx/pmu_intel.c | 16 - drivers/acpi/cppc_acpi.c | 72 +++- drivers/bluetooth/btmtk.c | 7 drivers/bluetooth/btusb.c | 11 drivers/bluetooth/hci_qca.c | 27 + drivers/cxl/core/mbox.c | 38 +- drivers/dma/idma64.c | 4 drivers/dma/idxd/cdev.c | 5 drivers/dma/idxd/debugfs.c | 4 drivers/dma/idxd/device.c | 8 drivers/dma/idxd/idxd.h | 2 drivers/dma/idxd/init.c | 2 drivers/dma/idxd/irq.c | 4 drivers/dma/idxd/perfmon.c | 9 drivers/dma/owl-dma.c | 4 drivers/dma/tegra186-gpc-dma.c | 3 drivers/dma/xilinx/xilinx_dpdma.c | 13 drivers/gpio/gpio-tangier.c | 9 drivers/gpio/gpio-tegra186.c | 20 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_fdinfo.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 33 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 28 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 61 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 3 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 26 + drivers/gpu/drm/gma500/Makefile | 1 drivers/gpu/drm/gma500/psb_device.c | 5 drivers/gpu/drm/gma500/psb_drv.h | 9 drivers/gpu/drm/gma500/psb_lid.c | 80 ----- drivers/gpu/drm/ttm/tests/ttm_device_test.c | 2 drivers/gpu/drm/ttm/ttm_pool.c | 54 ++- drivers/hid/hid-logitech-dj.c | 4 drivers/hid/i2c-hid/i2c-hid-core.c | 9 drivers/hid/intel-ish-hid/ipc/ipc.c | 2 drivers/i2c/i2c-core-base.c | 12 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/mmc/host/sdhci-msm.c | 16 + drivers/mtd/nand/raw/diskonchip.c | 4 drivers/mtd/nand/raw/qcom_nandc.c | 7 drivers/net/dsa/mv88e6xxx/chip.c | 56 +++ drivers/net/dsa/mv88e6xxx/port.h | 23 + drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 21 - drivers/net/ethernet/broadcom/b44.c | 14 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 80 +++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 drivers/net/ethernet/intel/iavf/iavf_main.c | 30 ++ drivers/net/ethernet/intel/ice/ice_vf_lib.c | 16 - drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 16 - drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c | 9 drivers/net/ethernet/mellanox/mlxsw/core_env.c | 20 - drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 11 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 132 +++++---- drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 5 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 15 - drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 8 drivers/net/ethernet/ti/am65-cpts.c | 5 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 8 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 drivers/net/gtp.c | 3 drivers/net/macsec.c | 46 ++- drivers/net/phy/dp83869.c | 3 drivers/net/phy/mediatek-ge-soc.c | 43 +- drivers/net/usb/ax88179_178a.c | 11 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/net/wireless/virtual/mac80211_hwsim.c | 2 drivers/nfc/trf7970a.c | 42 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 drivers/phy/qualcomm/phy-qcom-m31.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 12 drivers/phy/qualcomm/phy-qcom-qmp.h | 2 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 36 ++ drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 -- drivers/phy/ti/phy-tusb1210.c | 23 - drivers/soundwire/amd_manager.c | 15 + drivers/soundwire/amd_manager.h | 3 drivers/video/fbdev/core/fb_defio.c | 2 fs/btrfs/backref.c | 12 fs/btrfs/extent_map.c | 2 fs/btrfs/inode.c | 13 fs/btrfs/scrub.c | 18 - fs/btrfs/tests/extent-map-tests.c | 5 fs/overlayfs/params.c | 11 fs/proc/page.c | 7 fs/smb/client/cifsfs.c | 1 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifspdu.h | 4 fs/smb/client/fs_context.c | 12 fs/smb/client/fs_context.h | 2 fs/smb/client/fscache.c | 13 fs/smb/client/misc.c | 3 fs/smb/client/smb2pdu.h | 2 fs/smb/client/transport.c | 7 fs/squashfs/inode.c | 11 include/drm/drm_gem.h | 13 include/drm/ttm/ttm_pool.h | 2 include/linux/etherdevice.h | 25 + include/linux/mm.h | 8 include/linux/mmzone.h | 6 include/linux/page-flags.h | 144 +++++---- include/net/af_unix.h | 3 include/net/bluetooth/hci_core.h | 4 include/net/macsec.h | 1 include/net/sock.h | 39 +- include/net/tls.h | 3 include/trace/events/mmflags.h | 1 init/Kconfig | 2 kernel/bounds.c | 2 kernel/cpu.c | 4 kernel/crash_core.c | 7 kernel/fork.c | 18 - kernel/sched/fair.c | 34 +- lib/stackdepot.c | 4 lib/test_meminit.c | 2 mm/compaction.c | 2 mm/gup.c | 59 ++-- mm/hugetlb.c | 27 - mm/internal.h | 11 mm/kmsan/init.c | 2 mm/madvise.c | 17 - mm/page_alloc.c | 13 mm/page_reporting.c | 2 mm/show_mem.c | 8 mm/vmstat.c | 12 net/ax25/af_ax25.c | 2 net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/mgmt.c | 24 + net/bluetooth/sco.c | 7 net/bridge/br_netlink.c | 2 net/core/sock.c | 1 net/core/sysctl_net_core.c | 9 net/ethernet/eth.c | 12 net/ipv4/icmp.c | 12 net/ipv4/route.c | 3 net/ipv4/udp.c | 5 net/ipv6/udp.c | 5 net/mac80211/mesh.c | 8 net/mac80211/mesh.h | 36 ++ net/mac80211/mesh_pathtbl.c | 37 +- net/mac80211/mlme.c | 9 net/mac80211/rx.c | 13 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nft_chain_filter.c | 4 net/openvswitch/conntrack.c | 4 net/tls/tls.h | 2 net/tls/tls_strp.c | 6 net/unix/garbage.c | 2 rust/Makefile | 1 rust/kernel/init.rs | 11 rust/macros/lib.rs | 12 scripts/Makefile.build | 2 tools/net/ynl/lib/ynl.py | 1 tools/testing/selftests/seccomp/seccomp_bpf.c | 41 ++ 198 files changed, 1758 insertions(+), 1103 deletions(-) Adam Li (1): net: make SK_MEMORY_PCPU_RESERV tunable Akhil R (1): dmaengine: tegra186: Fix residual calculation Alex Deucher (3): drm: add drm_gem_object_is_shared_for_memory_stats() helper drm/amdgpu: add shared fdinfo stats drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Alice Ryhl (1): rust: don't select CONSTRUCTORS Amir Goldstein (1): ovl: fix memory leak in ovl_parse_param() Amit Cohen (1): mlxsw: Use refcount_t for reference counting Andrei Simion (1): ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (2): gpio: tangier: Use correct type for the IRQ chip data idma64: Don't try to serve interrupts when device is powered off AngeloGioacchino Del Regno (1): arm64: dts: mediatek: cherry: Add platform thermal configuration Arnd Bergmann (2): mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Arınç ÜNAL (1): arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Aswin Unnikrishnan (1): rust: remove `params` from `module` macro example Avraham Stern (1): wifi: iwlwifi: mvm: remove old PASN station when adding a new one Baoquan He (1): riscv: fix VMALLOC_START definition Bartosz Golaszewski (1): Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Christian König (2): drm/amdgpu: fix visible VRAM handling during faults drm/ttm: stop pooling cached NUMA pages v2 Christian Marangi (1): mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec() Chun-Yi Lee (1): Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Colin Ian King (1): wifi: mac80211: clean up assignments to pointer cache. Conor Dooley (1): rust: make mutually exclusive with CFI_CLANG Dan Carpenter (1): net: ti: icssg-prueth: Fix signedness bug in prueth_init_rx_chns() Dan Williams (1): cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() Daniel Golle (1): net: phy: mediatek-ge-soc: follow netdev LED trigger semantics David Bauer (1): vxlan: drop packets from invalid src-address David Hildenbrand (1): mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly David Howells (1): cifs: Fix reacquisition of volume cookie on still-live connection David Kaplan (1): x86/cpu: Fix check for RDPKRU in __show_regs() Dragan Simic (1): arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Duanqiang Wen (1): net: libwx: fix alloc msix vectors failed Duoming Zhou (1): ax25: Fix netdev refcount issue Eric Dumazet (4): icmp: prevent possible NULL dereferences from icmp_build_probe() net: fix sk_memory_allocated_{add|sub} vs softirqs ipv4: check for NULL idev in ip_route_use_hint() net: usb: ax88179_178a: stop lying about skb->truesize Erwan Velu (1): i40e: Report MFS in decimal base instead of hex Felix Fietkau (1): wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded Fenghua Yu (1): dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Gabor Juhos (1): phy: qcom: m31: match requested regulator name with dt schema Greg Kroah-Hartman (1): Linux 6.6.30 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Gustavo A. R. Silva (1): smb: client: Fix struct_group() usage in __packed structs Hangbin Liu (1): bridge/br_netlink.c: no need to return void function Hans de Goede (1): phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Huacai Chen (1): LoongArch: Fix callchain parse error with kernel tracepoint events Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (11): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: core_env: Fix driver initialization with old firmware mlxsw: spectrum_acl_tcam: Fix race in region ID allocation mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ikjoon Jang (1): arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jacob Keller (1): ice: fix LAG and VF lock dependency in ice_reset_vf() Jakub Kicinski (2): tools: ynl: don't ignore errors in NLMSG_DONE messages eth: bnxt: fix counting packets discarded due to OOM and netpoll Jarred White (2): ACPI: CPPC: Use access_width over bit_width for system memory accesses ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jason Reeder (1): net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jeff Layton (1): squashfs: convert to new timestamp accessors Jiantao Shan (1): LoongArch: Fix access error when read fault on a write-only VMA Johan Hovold (4): Bluetooth: qca: fix NULL-deref on non-serdev suspend Bluetooth: qca: fix NULL-deref on non-serdev setup arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Johannes Berg (3): wifi: mac80211_hwsim: init peer measurement result wifi: mac80211: remove link before AP wifi: mac80211: fix unaligned le16 access Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Jose Ignacio Tornos Martinez (1): arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Justin Chen (1): net: bcmasp: fix memory leak when bringing down interface Kirill A. Shutemov (2): mm, treewide: introduce NR_PAGE_ORDERS x86/tdx: Preserve shared bit on mprotect() Kuniyuki Iwashima (1): af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Laine Taffin Altman (1): rust: init: remove impl Zeroable for Infallible Lijo Lazar (1): drm/amdgpu: Assign correct bits for SDMA HDP flush Lorenzo Stoakes (1): mm/gup: explicitly define and check internal GUP flags, disallow FOLL_TOUCH Luiz Augusto von Dentz (2): Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID MD Danish Anwar (1): net: phy: dp83869: Fix MII mode failure Manivannan Sadhasivam (1): arm64: dts: qcom: sm8450: Fix the msi-map entries Mantas Pucka (1): mmc: sdhci-msm: pervent access to suspended controller Marcel Ziswiler (1): phy: freescale: imx8m-pcie: fix pcie link-up instability Matthew Wilcox (Oracle) (4): mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros mm: support page_mapcount() on page_has_type() pages mm: turn folio_test_hugetlb into a PageType bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Matthias Schiffer (1): net: dsa: mv88e6xx: fix supported_interfaces setup in mv88e6250_phylink_get_caps() Maximilian Luz (1): arm64: dts: qcom: sc8180x: Fix ss_phy_irq for secondary USB controller Miaohe Lin (1): fork: defer linking file vma until vma is fully initialized Michael Heimpold (1): ARM: dts: imx6ull-tarragon: fix USB over-current polarity Michal Tomek (1): phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Miguel Ojeda (2): kbuild: rust: remove unneeded `@rustc_cfg` to avoid ICE kbuild: rust: force `alloc` extern to allow "empty" Rust files Mikhail Kobuk (2): phy: marvell: a3700-comphy: Fix out of bounds read phy: marvell: a3700-comphy: Fix hardcoded array size Mingzheng Xing (1): Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V" Miri Korenblit (1): wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (2): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up fbdev: fix incorrect address computation in deferred IO Naohiro Aota (1): btrfs: scrub: run relocation repair when/only needed Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nícolas F. R. A. Prado (5): arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex1 arm64: dts: mediatek: cherry: Describe CPU supplies Pablo Neira Ayuso (1): netfilter: nf_tables: honor table dormant flag from netdev release event path Patrik Jakobsson (1): drm/gma500: Remove lid code Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Paulo Alcantara (1): smb: client: fix rename(2) regression against samba Peter Münster (1): net: b44: set pause params only when interface is up Peter Xu (1): mm/hugetlb: fix missing hugetlb_lock for resv uncharge Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Pin-yen Lin (3): arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8183-kukui: Use default min voltage for MT6358 Prathamesh Shete (1): gpio: tegra186: Fix tegra186_gpio_is_accessible() check Qu Wenruo (1): btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() Quentin Schulz (2): arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (11): arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7986: reorder properties arm64: dts: mediatek: mt7986: drop invalid properties from ethsys arm64: dts: mediatek: mt7986: drop "#reset-cells" from Ethernet controller arm64: dts: mediatek: mt7986: reorder nodes arm64: dts: mediatek: mt7986: drop invalid thermal block clock arm64: dts: mediatek: mt7986: prefix BPI-R3 cooling maps with "map-" arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (4): ethernet: Add helper for assigning packet type when dest address does not match device address macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec Rex Zhang (1): dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue Sabrina Dubroca (1): tls: fix lockless read of strp->msg_ready in ->poll Samuel Holland (2): riscv: Fix TASK_SIZE on 64-bit NOMMU riscv: Fix loading 64-bit NOMMU kernels past the start of RAM Sean Anderson (1): dma: xilinx_dpdma: Fix locking Sean Christopherson (3): KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET" cpu: Re-enable CPU mitigations by default for !X86 architectures Sean Wang (1): Bluetooth: btusb: mediatek: Fix double free of skb in coredump Sebastian Reichel (2): phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits phy: rockchip: naneng-combphy: Fix mux on rk3588 Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Stephen Boyd (2): phy: qcom: qmp-combo: Fix register base for QSERDES_DP_PHY_MODE phy: qcom: qmp-combo: Fix VCO div offset on v3 Steve French (2): smb3: missing lock when picking channel smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Sweet Tea Dorminy (1): btrfs: fallback if compressed IO fails for ENOSPC Takayuki Nagata (1): cifs: reinstate original behavior again for forceuid/forcegid Terry Tritton (3): selftests/seccomp: user_notification_addfd check nextfd is available selftests/seccomp: Change the syscall used in KILL_THREAD test selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Tianchen Ding (2): sched/eevdf: Always update V if se->on_rq when reweighting sched/eevdf: Fix miscalculation in reweight_entity() when se is not curr Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers Vijendar Mukunda (1): soundwire: amd: fix for wake interrupt handling for clockstop mode Vikas Gupta (2): bnxt_en: refactor reset close code bnxt_en: Fix the PCI-AER routines WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Xuewen Yan (1): sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() Yaraslau Furman (1): HID: logitech-dj: allow mice to use all types of reports Yick Xie (1): udp: preserve the connected status if only UDP cmsg Zhang Lixu (1): HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Zijun Hu (1): Bluetooth: btusb: Fix triggering coredump implementation for QCA

1 year, 1 month

1
1
0 0

Linux 6.8.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.9 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/sysctl/net.rst | 5 Documentation/devicetree/bindings/eeprom/at24.yaml | 5 Makefile | 2 arch/Kconfig | 8 arch/arc/boot/dts/hsdk.dts | 1 arch/arm/boot/dts/microchip/at91-sama7g5ek.dts | 8 arch/arm/boot/dts/nxp/imx/imx6ull-tarragon-common.dtsi | 1 arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 - arch/arm64/boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 6 arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 173 +++--- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 36 + arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 arch/arm64/boot/dts/qcom/sc7280.dtsi | 4 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 11 arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 arch/arm64/boot/dts/qcom/sm8250.dtsi | 6 arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 - arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 arch/arm64/boot/dts/rockchip/rk3588-coolpi-cm5.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588-orangepi-5-plus.dts | 3 arch/loongarch/include/asm/perf_event.h | 8 arch/loongarch/mm/fault.c | 4 arch/riscv/include/asm/page.h | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/include/uapi/asm/hwprobe.h | 2 arch/riscv/mm/init.c | 2 arch/x86/Kconfig | 11 arch/x86/include/asm/coco.h | 1 arch/x86/include/asm/pgtable_types.h | 3 arch/x86/kernel/cpu/amd.c | 3 arch/x86/kernel/process_64.c | 2 arch/x86/kvm/pmu.c | 30 + arch/x86/kvm/vmx/pmu_intel.c | 16 block/bdev.c | 2 drivers/acpi/cppc_acpi.c | 72 ++ drivers/bluetooth/btmtk.c | 7 drivers/bluetooth/btusb.c | 11 drivers/bluetooth/hci_qca.c | 27 drivers/cxl/core/mbox.c | 38 - drivers/dma/idma64.c | 4 drivers/dma/idxd/cdev.c | 5 drivers/dma/idxd/debugfs.c | 4 drivers/dma/idxd/device.c | 8 drivers/dma/idxd/idxd.h | 2 drivers/dma/idxd/init.c | 2 drivers/dma/idxd/irq.c | 4 drivers/dma/idxd/perfmon.c | 9 drivers/dma/owl-dma.c | 4 drivers/dma/pl330.c | 3 drivers/dma/tegra186-gpc-dma.c | 3 drivers/dma/xilinx/xdma-regs.h | 3 drivers/dma/xilinx/xdma.c | 28 - drivers/dma/xilinx/xilinx_dpdma.c | 13 drivers/dpll/dpll_core.c | 61 +- drivers/firmware/qcom/qcom_qseecom_uefisecapp.c | 137 +++-- drivers/firmware/qcom/qcom_scm.c | 37 - drivers/gpio/gpio-tangier.c | 9 drivers/gpio/gpio-tegra186.c | 20 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_fdinfo.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 33 - drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 28 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 61 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 3 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 3 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 26 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 15 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 85 ++- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dio_link_encoder.h | 5 drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 7 drivers/gpu/drm/drm_gem_atomic_helper.c | 4 drivers/gpu/drm/gma500/Makefile | 1 drivers/gpu/drm/gma500/psb_device.c | 5 drivers/gpu/drm/gma500/psb_drv.h | 9 drivers/gpu/drm/gma500/psb_lid.c | 80 -- drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 19 drivers/gpu/drm/xe/xe_gt_ccs_mode.h | 2 drivers/gpu/drm/xe/xe_huc.c | 9 drivers/hid/hid-logitech-dj.c | 4 drivers/hid/i2c-hid/i2c-hid-core.c | 38 - drivers/hid/intel-ish-hid/ipc/ipc.c | 2 drivers/i2c/i2c-core-base.c | 12 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/misc/eeprom/at24.c | 18 drivers/mmc/host/sdhci-msm.c | 16 drivers/mmc/host/sdhci-of-dwcmshc.c | 1 drivers/mtd/mtdcore.c | 2 drivers/mtd/nand/raw/diskonchip.c | 4 drivers/mtd/nand/raw/qcom_nandc.c | 7 drivers/net/dsa/mv88e6xxx/chip.c | 56 +- drivers/net/dsa/mv88e6xxx/port.h | 23 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 21 drivers/net/ethernet/broadcom/b44.c | 14 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 drivers/net/ethernet/intel/iavf/iavf_main.c | 30 + drivers/net/ethernet/intel/ice/ice_vf_lib.c | 16 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 16 drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c | 9 drivers/net/ethernet/mellanox/mlxsw/core_env.c | 20 drivers/net/ethernet/mellanox/mlxsw/pci.c | 10 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 11 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 132 ++-- drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 5 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 15 drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 8 drivers/net/ethernet/ti/am65-cpts.c | 5 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 8 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 drivers/net/gtp.c | 3 drivers/net/macsec.c | 46 + drivers/net/phy/dp83869.c | 3 drivers/net/phy/mediatek-ge-soc.c | 43 - drivers/net/usb/ax88179_178a.c | 11 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/net/wireless/virtual/mac80211_hwsim.c | 2 drivers/nfc/trf7970a.c | 42 - drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 drivers/phy/qualcomm/phy-qcom-m31.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 12 drivers/phy/qualcomm/phy-qcom-qmp.h | 2 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 36 + drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 - drivers/phy/ti/phy-tusb1210.c | 23 drivers/soc/mediatek/mtk-svs.c | 7 drivers/soundwire/amd_manager.c | 15 drivers/soundwire/amd_manager.h | 3 drivers/usb/host/xhci-ring.c | 94 +-- drivers/video/fbdev/core/fb_defio.c | 2 fs/btrfs/backref.c | 12 fs/btrfs/extent_map.c | 2 fs/btrfs/inode.c | 13 fs/btrfs/scrub.c | 18 fs/btrfs/tests/extent-map-tests.c | 5 fs/netfs/buffered_write.c | 23 fs/proc/page.c | 7 fs/smb/client/cifsfs.c | 1 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifspdu.h | 4 fs/smb/client/fs_context.c | 12 fs/smb/client/fs_context.h | 2 fs/smb/client/fscache.c | 13 fs/smb/client/misc.c | 3 fs/smb/client/smb2pdu.h | 2 fs/smb/client/transport.c | 7 include/drm/drm_gem.h | 13 include/linux/etherdevice.h | 25 include/linux/firmware/qcom/qcom_qseecom.h | 55 +- include/linux/firmware/qcom/qcom_scm.h | 10 include/linux/mm.h | 8 include/linux/page-flags.h | 144 ++--- include/net/af_unix.h | 3 include/net/bluetooth/hci.h | 8 include/net/bluetooth/hci_core.h | 38 + include/net/bluetooth/hci_sync.h | 20 include/net/bluetooth/l2cap.h | 2 include/net/macsec.h | 2 include/net/sock.h | 39 - include/net/tls.h | 3 include/trace/events/mmflags.h | 1 init/Kconfig | 2 kernel/bounds.c | 2 kernel/cpu.c | 4 kernel/crash_core.c | 5 kernel/sched/fair.c | 34 - lib/stackdepot.c | 4 mm/hugetlb.c | 29 - mm/zswap.c | 25 net/ax25/af_ax25.c | 2 net/bluetooth/6lowpan.c | 2 net/bluetooth/hci_conn.c | 168 +----- net/bluetooth/hci_event.c | 52 - net/bluetooth/hci_sync.c | 274 +++++++++- net/bluetooth/iso.c | 50 + net/bluetooth/l2cap_core.c | 12 net/bluetooth/l2cap_sock.c | 10 net/bluetooth/mgmt.c | 27 net/bluetooth/sco.c | 10 net/bridge/br_netlink.c | 2 net/core/sock.c | 1 net/core/sysctl_net_core.c | 9 net/ethernet/eth.c | 12 net/ipv4/icmp.c | 12 net/ipv4/route.c | 3 net/ipv4/tcp_ao.c | 3 net/ipv4/udp.c | 5 net/ipv6/udp.c | 5 net/mac80211/mesh.c | 8 net/mac80211/mesh.h | 36 + net/mac80211/mesh_pathtbl.c | 37 - net/mac80211/mlme.c | 9 net/mac80211/rx.c | 13 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nft_chain_filter.c | 4 net/openvswitch/conntrack.c | 4 net/tls/tls.h | 2 net/tls/tls_strp.c | 6 net/unix/garbage.c | 2 rust/Makefile | 1 rust/kernel/init.rs | 11 rust/kernel/lib.rs | 2 rust/kernel/net/phy.rs | 4 rust/macros/lib.rs | 12 scripts/Makefile.build | 2 tools/net/ynl/lib/ynl.py | 1 tools/testing/selftests/riscv/hwprobe/cbo.c | 2 tools/testing/selftests/riscv/hwprobe/hwprobe.h | 10 tools/testing/selftests/seccomp/seccomp_bpf.c | 41 + 229 files changed, 2385 insertions(+), 1506 deletions(-) Adam Li (1): net: make SK_MEMORY_PCPU_RESERV tunable Akhil R (1): dmaengine: tegra186: Fix residual calculation Alex Deucher (4): Revert "drm/amd/display: fix USB-C flag update after enc10 feature init" drm: add drm_gem_object_is_shared_for_memory_stats() helper drm/amdgpu: add shared fdinfo stats drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Alice Ryhl (1): rust: don't select CONSTRUCTORS Amit Cohen (1): mlxsw: Use refcount_t for reference counting Andrei Simion (1): ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Andrew Jones (1): RISC-V: selftests: cbo: Ensure asm operands match constraints, take 2 Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (2): gpio: tangier: Use correct type for the IRQ chip data idma64: Don't try to serve interrupts when device is powered off Andy Yan (1): arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi CM5 AngeloGioacchino Del Regno (1): soc: mediatek: mtk-svs: Append "-thermal" to thermal zone names Arkadiusz Kubalewski (1): dpll: fix dpll_pin_on_pin_register() for multiple parent pins Arnd Bergmann (2): mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Arınç ÜNAL (1): arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Aswin Unnikrishnan (1): rust: remove `params` from `module` macro example Avraham Stern (1): wifi: iwlwifi: mvm: remove old PASN station when adding a new one Bartosz Golaszewski (1): Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Christian König (1): drm/amdgpu: fix visible VRAM handling during faults Christian Marangi (2): mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec() mtd: limit OTP NVMEM cell parse to non-NAND devices Chun-Yi Lee (1): Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Clément Léger (1): riscv: hwprobe: fix invalid sign extension for RISCV_HWPROBE_EXT_ZVFHMIN Colin Ian King (1): wifi: mac80211: clean up assignments to pointer cache. Conor Dooley (1): rust: make mutually exclusive with CFI_CLANG Dan Carpenter (1): net: ti: icssg-prueth: Fix signedness bug in prueth_init_rx_chns() Dan Williams (1): cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() Daniel Golle (1): net: phy: mediatek-ge-soc: follow netdev LED trigger semantics Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): vxlan: drop packets from invalid src-address David Howells (3): cifs: Fix reacquisition of volume cookie on still-live connection netfs: Fix writethrough-mode error handling netfs: Fix the pre-flush when appending to a file in writethrough mode David Kaplan (1): x86/cpu: Fix check for RDPKRU in __show_regs() Dragan Simic (1): arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Duanqiang Wen (1): net: libwx: fix alloc msix vectors failed Duoming Zhou (1): ax25: Fix netdev refcount issue Eric Dumazet (4): icmp: prevent possible NULL dereferences from icmp_build_probe() net: fix sk_memory_allocated_{add|sub} vs softirqs ipv4: check for NULL idev in ip_route_use_hint() net: usb: ax88179_178a: stop lying about skb->truesize Erwan Velu (1): i40e: Report MFS in decimal base instead of hex Felix Fietkau (1): wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded Felix Kuehling (2): drm/amdkfd: Fix rescheduling of restore worker drm/amdkfd: Fix eviction fence handling Fenghua Yu (1): dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Gabor Juhos (1): phy: qcom: m31: match requested regulator name with dt schema George Shen (1): drm/amd/display: Check DP Alt mode DPCS state via DMUB Greg Kroah-Hartman (1): Linux 6.8.9 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Gustavo A. R. Silva (1): smb: client: Fix struct_group() usage in __packed structs Hangbin Liu (1): bridge/br_netlink.c: no need to return void function Hans de Goede (1): phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Himal Prasad Ghimiray (2): drm/xe: Remove sysfs only once on action add failure drm/xe: call free_gsc_pkt only once on action add failure Huacai Chen (1): LoongArch: Fix callchain parse error with kernel tracepoint events Hyunwoo Kim (3): tcp: Fix Use-After-Free in tcp_ao_connect_init net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (12): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: core_env: Fix driver initialization with old firmware mlxsw: pci: Fix driver initialization with old firmware mlxsw: spectrum_acl_tcam: Fix race in region ID allocation mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ikjoon Jang (1): arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Iulia Tanasescu (1): Bluetooth: ISO: Reassemble PA data for bcast sink Jacob Keller (1): ice: fix LAG and VF lock dependency in ice_reset_vf() Jakub Kicinski (2): tools: ynl: don't ignore errors in NLMSG_DONE messages eth: bnxt: fix counting packets discarded due to OOM and netpoll Jarred White (2): ACPI: CPPC: Use access_width over bit_width for system memory accesses ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jason Reeder (1): net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jiantao Shan (1): LoongArch: Fix access error when read fault on a write-only VMA Jiri Pirko (1): dpll: check that pin is registered in __dpll_pin_unregister() Johan Hovold (4): Bluetooth: qca: fix NULL-deref on non-serdev suspend Bluetooth: qca: fix NULL-deref on non-serdev setup arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Johannes Berg (3): wifi: mac80211_hwsim: init peer measurement result wifi: mac80211: remove link before AP wifi: mac80211: fix unaligned le16 access Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Johannes Weiner (1): mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Jonas Dreßler (3): Bluetooth: hci_event: Use HCI error defines instead of magic values Bluetooth: hci_conn: Only do ACL connections sequentially Bluetooth: Remove pending ACL connection attempts Jose Ignacio Tornos Martinez (1): arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Justin Chen (1): net: bcmasp: fix memory leak when bringing down interface Kenny Levinsen (1): HID: i2c-hid: Revert to await reset ACK before reading report descriptor Kirill A. Shutemov (1): x86/tdx: Preserve shared bit on mprotect() Kuniyuki Iwashima (1): af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Laine Taffin Altman (1): rust: init: remove impl Zeroable for Infallible Lang Yu (1): drm/amdgpu/umsch: don't execute umsch test when GPU is in reset/suspend Lijo Lazar (1): drm/amdgpu: Assign correct bits for SDMA HDP flush Louis Chauvet (1): dmaengine: xilinx: xdma: Fix synchronization issue Luca Weiss (1): arm64: dts: qcom: Fix type of "wdog" IRQs for remoteprocs Lucas Stach (1): drm/atomic-helper: fix parameter order in drm_format_conv_state_copy() call Luiz Augusto von Dentz (10): Bluetooth: hci_conn: Always use sk_timeo as conn_timeout Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Bluetooth: hci_sync: Attempt to dequeue connection attempt Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync Bluetooth: hci_sync: Fix UAF on create_le_conn_complete Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync MD Danish Anwar (1): net: phy: dp83869: Fix MII mode failure Ma Jun (1): drm/amdgpu/pm: Remove gpu_od if it's an empty directory Maksim Kiselev (1): mmc: sdhci-of-dwcmshc: th1520: Increase tuning loop count to 128 Manivannan Sadhasivam (1): arm64: dts: qcom: sm8450: Fix the msi-map entries Mantas Pucka (1): mmc: sdhci-msm: pervent access to suspended controller Marcel Ziswiler (1): phy: freescale: imx8m-pcie: fix pcie link-up instability Mathias Nyman (1): xhci: move event processing for one interrupter to a separate function Matthew Wilcox (Oracle) (4): mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros mm: support page_mapcount() on page_has_type() pages mm: turn folio_test_hugetlb into a PageType bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Matthias Schiffer (1): net: dsa: mv88e6xx: fix supported_interfaces setup in mv88e6250_phylink_get_caps() Maximilian Luz (2): arm64: dts: qcom: sc8180x: Fix ss_phy_irq for secondary USB controller firmware: qcom: uefisecapp: Fix memory related IO errors and crashes Miaohe Lin (1): mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Michael Chan (1): bnxt_en: Fix error recovery for 5760X (P7) chips Michael Heimpold (1): ARM: dts: imx6ull-tarragon: fix USB over-current polarity Michal Tomek (1): phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Miguel Ojeda (2): kbuild: rust: remove unneeded `@rustc_cfg` to avoid ICE kbuild: rust: force `alloc` extern to allow "empty" Rust files Mikhail Kobuk (2): phy: marvell: a3700-comphy: Fix out of bounds read phy: marvell: a3700-comphy: Fix hardcoded array size Miquel Raynal (1): dmaengine: xilinx: xdma: Fix wrong offsets in the buffers addresses in dma descriptor Miri Korenblit (1): wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Muhammed Efe Cetin (1): arm64: dts: rockchip: mark system power controller and fix typo on orangepi-5-plus Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (2): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up fbdev: fix incorrect address computation in deferred IO Naohiro Aota (1): btrfs: scrub: run relocation repair when/only needed Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nícolas F. R. A. Prado (5): arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex1 arm64: dts: mediatek: cherry: Describe CPU supplies Oliver Neukum (1): usb: xhci: correct return value in case of STS_HCE Pablo Neira Ayuso (1): netfilter: nf_tables: honor table dormant flag from netdev release event path Patrik Jakobsson (1): drm/gma500: Remove lid code Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Paulo Alcantara (1): smb: client: fix rename(2) regression against samba Peter Münster (1): net: b44: set pause params only when interface is up Peter Xu (1): mm/hugetlb: fix missing hugetlb_lock for resv uncharge Pin-yen Lin (3): arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8183-kukui: Use default min voltage for MT6358 Prathamesh Shete (1): gpio: tegra186: Fix tegra186_gpio_is_accessible() check Qu Wenruo (1): btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() Quentin Schulz (2): arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (11): arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7986: reorder properties arm64: dts: mediatek: mt7986: drop invalid properties from ethsys arm64: dts: mediatek: mt7986: drop "#reset-cells" from Ethernet controller arm64: dts: mediatek: mt7986: reorder nodes arm64: dts: mediatek: mt7986: drop invalid thermal block clock arm64: dts: mediatek: mt7986: prefix BPI-R3 cooling maps with "map-" arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (4): net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec ethernet: Add helper for assigning packet type when dest address does not match device address macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Rajendra Nayak (1): arm64: dts: qcom: x1e80100: Fix the compatible for cluster idle states Rex Zhang (1): dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue Rob Herring (1): dt-bindings: eeprom: at24: Fix ST M24C64-D compatible schema Sabrina Dubroca (1): tls: fix lockless read of strp->msg_ready in ->poll Samuel Holland (2): riscv: Fix TASK_SIZE on 64-bit NOMMU riscv: Fix loading 64-bit NOMMU kernels past the start of RAM Sean Anderson (1): dma: xilinx_dpdma: Fix locking Sean Christopherson (3): KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET" cpu: Re-enable CPU mitigations by default for !X86 architectures Sean Wang (1): Bluetooth: btusb: mediatek: Fix double free of skb in coredump Sebastian Reichel (2): phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits phy: rockchip: naneng-combphy: Fix mux on rk3588 Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Stephen Boyd (2): phy: qcom: qmp-combo: Fix register base for QSERDES_DP_PHY_MODE phy: qcom: qmp-combo: Fix VCO div offset on v3 Steve French (2): smb3: missing lock when picking channel smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Su Hui (1): octeontx2-af: fix the double free in rvu_npc_freemem() Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Sweet Tea Dorminy (1): btrfs: fallback if compressed IO fails for ENOSPC Takayuki Nagata (1): cifs: reinstate original behavior again for forceuid/forcegid Terry Tritton (3): selftests/seccomp: user_notification_addfd check nextfd is available selftests/seccomp: Change the syscall used in KILL_THREAD test selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Tianchen Ding (2): sched/eevdf: Always update V if se->on_rq when reweighting sched/eevdf: Fix miscalculation in reweight_entity() when se is not curr Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers Vijendar Mukunda (1): soundwire: amd: fix for wake interrupt handling for clockstop mode Vikas Gupta (2): bnxt_en: refactor reset close code bnxt_en: Fix the PCI-AER routines Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wedson Almeida Filho (2): rust: phy: implement `Send` for `Registration` rust: kernel: require `Send` for `Module` implementations Wenkuan Wang (1): x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Xuewen Yan (1): sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() Yaraslau Furman (1): HID: logitech-dj: allow mice to use all types of reports Yick Xie (1): udp: preserve the connected status if only UDP cmsg Yu Kuai (1): block: fix module reference leakage from bdev_open_by_dev error path Zhang Lixu (1): HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Zijun Hu (1): Bluetooth: btusb: Fix triggering coredump implementation for QCA

1 year, 1 month

1
1
0 0

Linux 6.1.90

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.90 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/sysctl/net.rst | 5 Makefile | 2 arch/Kconfig | 8 + arch/arc/boot/dts/hsdk.dts | 1 arch/arm/boot/dts/at91-sama7g5ek.dts | 8 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 - arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 +--- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++- arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 arch/loongarch/include/asm/perf_event.h | 8 + arch/loongarch/mm/fault.c | 4 arch/riscv/include/asm/pgtable.h | 4 arch/x86/Kconfig | 11 - arch/x86/include/asm/coco.h | 5 arch/x86/include/asm/pgtable_types.h | 3 arch/x86/kernel/process_64.c | 2 crypto/algapi.c | 1 drivers/acpi/cppc_acpi.c | 72 +++++++-- drivers/bluetooth/btusb.c | 2 drivers/bluetooth/hci_qca.c | 21 ++ drivers/dma/idma64.c | 4 drivers/dma/idxd/perfmon.c | 9 - drivers/dma/owl-dma.c | 4 drivers/dma/tegra186-gpc-dma.c | 3 drivers/dma/xilinx/xilinx_dpdma.c | 13 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 26 +-- drivers/hid/hid-logitech-dj.c | 4 drivers/hid/i2c-hid/i2c-hid-core.c | 9 - drivers/hid/intel-ish-hid/ipc/ipc.c | 2 drivers/i2c/i2c-core-base.c | 12 - drivers/irqchip/irq-gic-v3-its.c | 9 - drivers/mmc/host/sdhci-msm.c | 16 +- drivers/mtd/nand/raw/diskonchip.c | 4 drivers/net/ethernet/broadcom/b44.c | 14 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 80 +++++----- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++ drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 +++++- drivers/net/ethernet/ti/am65-cpts.c | 5 drivers/net/gtp.c | 3 drivers/net/macsec.c | 44 ++++- drivers/net/usb/ax88179_178a.c | 11 - drivers/net/virtio_net.c | 26 ++- drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/nfc/trf7970a.c | 42 ++--- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 112 ++++++++------ drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 - drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 +-- drivers/phy/ti/phy-tusb1210.c | 23 +- drivers/video/fbdev/core/fb_defio.c | 2 fs/btrfs/backref.c | 12 - fs/smb/client/cifs_spnego.h | 2 fs/smb/client/cifsfs.c | 1 fs/smb/client/cifspdu.h | 100 ++++++------ fs/smb/client/fs_context.c | 12 + fs/smb/client/fs_context.h | 2 fs/smb/client/readdir.c | 6 fs/smb/client/smb2pdu.c | 4 fs/smb/client/smb2pdu.h | 4 fs/smb/client/transport.c | 3 include/linux/etherdevice.h | 25 +++ include/net/af_unix.h | 3 include/net/macsec.h | 1 include/net/sock.h | 39 ++-- init/Kconfig | 2 kernel/bounds.c | 2 kernel/cpu.c | 4 kernel/fork.c | 18 +- lib/stackdepot.c | 4 net/ax25/af_ax25.c | 2 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/mgmt.c | 24 ++- net/bluetooth/sco.c | 7 net/bridge/br_netlink.c | 2 net/core/sock.c | 1 net/core/sysctl_net_core.c | 9 + net/ethernet/eth.c | 12 - net/ipv4/icmp.c | 12 + net/ipv4/route.c | 3 net/ipv4/udp.c | 5 net/ipv6/udp.c | 5 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nft_chain_filter.c | 4 net/openvswitch/conntrack.c | 4 net/unix/garbage.c | 2 rust/macros/lib.rs | 12 - 98 files changed, 783 insertions(+), 454 deletions(-) Adam Li (1): net: make SK_MEMORY_PCPU_RESERV tunable Akhil R (1): dmaengine: tegra186: Fix residual calculation Alex Deucher (1): drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Alice Ryhl (1): rust: don't select CONSTRUCTORS Andrei Simion (1): ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (1): idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann (2): mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Arınç ÜNAL (1): arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Aswin Unnikrishnan (1): rust: remove `params` from `module` macro example Avraham Stern (1): wifi: iwlwifi: mvm: remove old PASN station when adding a new one Baoquan He (1): riscv: fix VMALLOC_START definition Bartosz Golaszewski (1): Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Breno Leitao (1): virtio_net: Do not send RSS key if it is not supported Chun-Yi Lee (1): Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Conor Dooley (1): rust: make mutually exclusive with CFI_CLANG David Bauer (1): vxlan: drop packets from invalid src-address David Kaplan (1): x86/cpu: Fix check for RDPKRU in __show_regs() Dragan Simic (1): arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Duoming Zhou (1): ax25: Fix netdev refcount issue Eric Dumazet (4): icmp: prevent possible NULL dereferences from icmp_build_probe() net: fix sk_memory_allocated_{add|sub} vs softirqs ipv4: check for NULL idev in ip_route_use_hint() net: usb: ax88179_178a: stop lying about skb->truesize Erwan Velu (1): i40e: Report MFS in decimal base instead of hex Fenghua Yu (1): dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Greg Kroah-Hartman (2): Revert "crypto: api - Disallow identical driver names" Linux 6.1.90 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Gustavo A. R. Silva (1): smb: client: Fix struct_group() usage in __packed structs Hangbin Liu (1): bridge/br_netlink.c: no need to return void function Hans de Goede (1): phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Huacai Chen (1): LoongArch: Fix callchain parse error with kernel tracepoint events Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (9): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ikjoon Jang (1): arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jakub Kicinski (1): eth: bnxt: fix counting packets discarded due to OOM and netpoll Jarred White (2): ACPI: CPPC: Use access_width over bit_width for system memory accesses ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jason Reeder (1): net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jiantao Shan (1): LoongArch: Fix access error when read fault on a write-only VMA Johan Hovold (1): Bluetooth: qca: fix NULL-deref on non-serdev suspend Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Jose Ignacio Tornos Martinez (1): arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Kees Cook (1): cifs: Replace remaining 1-element arrays Kirill A. Shutemov (1): x86/tdx: Preserve shared bit on mprotect() Kuniyuki Iwashima (1): af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID Mantas Pucka (1): mmc: sdhci-msm: pervent access to suspended controller Marcel Ziswiler (1): phy: freescale: imx8m-pcie: fix pcie link-up instability Matthew Wilcox (Oracle) (1): bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Miaohe Lin (1): fork: defer linking file vma until vma is fully initialized Michal Tomek (1): phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Mikhail Kobuk (2): phy: marvell: a3700-comphy: Fix out of bounds read phy: marvell: a3700-comphy: Fix hardcoded array size Miri Korenblit (1): wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (2): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up fbdev: fix incorrect address computation in deferred IO Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nícolas F. R. A. Prado (3): arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex Pablo Neira Ayuso (1): netfilter: nf_tables: honor table dormant flag from netdev release event path Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Paulo Alcantara (1): smb: client: fix rename(2) regression against samba Peter Münster (1): net: b44: set pause params only when interface is up Pin-yen Lin (2): arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 Quentin Schulz (2): arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (5): arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (4): ethernet: Add helper for assigning packet type when dest address does not match device address macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec Richard Zhu (1): phy: freescale: imx8m-pcie: Refine i.MX8MM PCIe PHY driver Samuel Holland (1): riscv: Fix TASK_SIZE on 64-bit NOMMU Sean Anderson (1): dma: xilinx_dpdma: Fix locking Sean Christopherson (1): cpu: Re-enable CPU mitigations by default for !X86 architectures Sebastian Reichel (1): phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Steve French (1): smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Takayuki Nagata (1): cifs: reinstate original behavior again for forceuid/forcegid Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers Vikas Gupta (2): bnxt_en: refactor reset close code bnxt_en: Fix the PCI-AER routines WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Yaraslau Furman (1): HID: logitech-dj: allow mice to use all types of reports Yick Xie (1): udp: preserve the connected status if only UDP cmsg Zhang Lixu (1): HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc

1 year, 1 month

1
1
0 0

Linux 5.15.158

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.158 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/Kconfig | 8 + arch/arc/boot/dts/hsdk.dts | 1 arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 - arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 ++++++++---- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++++-- arch/riscv/include/asm/pgtable.h | 4 arch/x86/Kconfig | 11 +- arch/x86/kernel/process_64.c | 2 crypto/algapi.c | 1 drivers/bluetooth/btusb.c | 2 drivers/bluetooth/hci_qca.c | 3 drivers/dma/idma64.c | 4 drivers/dma/idxd/perfmon.c | 9 - drivers/dma/owl-dma.c | 4 drivers/dma/xilinx/xilinx_dpdma.c | 13 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 26 +++-- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/hid/hid-logitech-dj.c | 4 drivers/hid/i2c-hid/i2c-hid-core.c | 8 - drivers/hid/intel-ish-hid/ipc/ipc.c | 2 drivers/i2c/i2c-core-base.c | 12 +- drivers/irqchip/irq-gic-v3-its.c | 9 - drivers/mmc/host/sdhci-msm.c | 16 +++ drivers/mtd/nand/raw/diskonchip.c | 4 drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 - drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++++- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 +++++++++- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/gtp.c | 3 drivers/net/usb/ax88179_178a.c | 11 -- drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 drivers/nfc/trf7970a.c | 42 ++++---- drivers/tty/serial/mxs-auart.c | 8 + drivers/video/fbdev/core/fb_defio.c | 2 fs/btrfs/backref.c | 12 -- fs/cifs/cifsfs.c | 1 fs/cifs/fs_context.c | 12 ++ fs/cifs/fs_context.h | 2 include/drm/drm_print.h | 3 include/linux/etherdevice.h | 25 +++++ include/linux/serial_core.h | 79 ++++++++++++++++ include/linux/trace_events.h | 2 include/net/af_unix.h | 3 kernel/bounds.c | 2 kernel/cpu.c | 4 kernel/trace/trace_event_perf.c | 3 lib/stackdepot.c | 4 net/bluetooth/l2cap_sock.c | 7 - net/bluetooth/sco.c | 7 - net/bridge/br_netlink.c | 2 net/ethernet/eth.c | 12 -- net/ipv4/icmp.c | 12 ++ net/ipv4/inet_timewait_sock.c | 32 ++++-- net/ipv4/route.c | 3 net/ipv4/udp.c | 5 - net/ipv6/udp.c | 5 - net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 - net/netfilter/nft_chain_filter.c | 4 net/openvswitch/conntrack.c | 4 net/unix/garbage.c | 2 70 files changed, 502 insertions(+), 212 deletions(-) Alex Deucher (1): drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (1): idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann (2): mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Avraham Stern (1): wifi: iwlwifi: mvm: remove old PASN station when adding a new one Baoquan He (1): riscv: fix VMALLOC_START definition David Bauer (1): vxlan: drop packets from invalid src-address David Kaplan (1): x86/cpu: Fix check for RDPKRU in __show_regs() Dragan Simic (1): arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Dumazet (4): icmp: prevent possible NULL dereferences from icmp_build_probe() ipv4: check for NULL idev in ip_route_use_hint() net: usb: ax88179_178a: stop lying about skb->truesize tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Erwan Velu (1): i40e: Report MFS in decimal base instead of hex Felix Fietkau (2): arm64: dts: mediatek: mt7622: add support for coherent DMA arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Fenghua Yu (1): dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Greg Kroah-Hartman (2): Revert "crypto: api - Disallow identical driver names" Linux 5.15.158 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Hangbin Liu (1): bridge/br_netlink.c: no need to return void function Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (9): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ikjoon Jang (1): arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jason Reeder (1): net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jim Cromie (1): drm-print: add drm_dbg_driver to improve namespace symmetry Johan Hovold (1): Bluetooth: qca: fix NULL-deref on non-serdev suspend Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Kuniyuki Iwashima (2): af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Mantas Pucka (1): mmc: sdhci-msm: pervent access to suspended controller Matthew Wilcox (Oracle) (1): bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Miri Korenblit (1): wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (2): fbdev: fix incorrect address computation in deferred IO HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Pablo Neira Ayuso (1): netfilter: nf_tables: honor table dormant flag from netdev release event path Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Paulo Alcantara (1): smb: client: fix rename(2) regression against samba Peter Münster (1): net: b44: set pause params only when interface is up Quentin Schulz (2): arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (5): arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (1): ethernet: Add helper for assigning packet type when dest address does not match device address Randy Dunlap (1): serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Robin H. Johnson (2): tracing: Show size of requested perf buffer tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Samuel Holland (1): riscv: Fix TASK_SIZE on 64-bit NOMMU Sean Anderson (1): dma: xilinx_dpdma: Fix locking Sean Christopherson (1): cpu: Re-enable CPU mitigations by default for !X86 architectures Shifeng Li (1): net/mlx5e: Fix a race in command alloc flow Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Takayuki Nagata (1): cifs: reinstate original behavior again for forceuid/forcegid Thomas Gleixner (1): serial: core: Provide port lock wrappers WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Yaraslau Furman (1): HID: logitech-dj: allow mice to use all types of reports Yick Xie (1): udp: preserve the connected status if only UDP cmsg Zack Rusin (1): drm/vmwgfx: Fix crtc's atomic check conditional Zhang Lixu (1): HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc

1 year, 1 month

1
1
0 0

Linux 5.10.216

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.216 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-devfreq | 3 Makefile | 2 arch/Kconfig | 8 arch/arc/boot/dts/hsdk.dts | 1 arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 ++-- arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 + arch/riscv/Kconfig | 8 arch/riscv/Makefile | 10 arch/riscv/include/asm/pgtable.h | 4 arch/riscv/include/asm/stackprotector.h | 3 arch/riscv/kernel/asm-offsets.c | 3 arch/riscv/kernel/process.c | 5 arch/x86/Kconfig | 11 arch/x86/include/asm/apic.h | 3 arch/x86/kernel/cpu/cpuid-deps.c | 6 crypto/algapi.c | 1 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/bluetooth/btusb.c | 2 drivers/clk/clk.c | 154 +++++++--- drivers/devfreq/devfreq.c | 59 ++- drivers/dma/idma64.c | 4 drivers/dma/owl-dma.c | 4 drivers/dma/xilinx/xilinx_dpdma.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 26 - drivers/gpu/drm/drm_client_modeset.c | 3 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/hid/i2c-hid/i2c-hid-core.c | 8 drivers/i2c/i2c-core-base.c | 12 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/iommu/intel/svm.c | 2 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/mailbox/imx-mailbox.c | 8 drivers/media/cec/core/cec-adap.c | 14 drivers/misc/mei/pci-me.c | 2 drivers/mtd/nand/raw/diskonchip.c | 4 drivers/net/ethernet/amazon/ena/ena_com.c | 2 drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 +- drivers/net/ethernet/broadcom/b44.c | 14 drivers/net/ethernet/intel/i40e/i40e_main.c | 6 drivers/net/ethernet/intel/iavf/iavf_main.c | 30 + drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 20 - drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++- drivers/net/ethernet/ti/am65-cpts.c | 5 drivers/net/geneve.c | 4 drivers/net/gtp.c | 3 drivers/net/tun.c | 18 - drivers/net/usb/ax88179_178a.c | 11 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 drivers/nfc/trf7970a.c | 42 +- drivers/staging/comedi/drivers/vmk80xx.c | 35 -- drivers/thunderbolt/switch.c | 48 ++- drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/serial/option.c | 40 ++ drivers/vhost/vhost.c | 12 fs/btrfs/backref.c | 12 fs/btrfs/delayed-inode.c | 3 fs/btrfs/qgroup.c | 2 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/etherdevice.h | 25 + include/linux/irqflags.h | 2 include/linux/serial_core.h | 79 +++++ include/linux/trace_events.h | 2 include/linux/u64_stats_sync.h | 6 include/net/addrconf.h | 4 include/net/af_unix.h | 5 include/net/bluetooth/bluetooth.h | 9 include/net/ip_tunnels.h | 33 ++ init/main.c | 2 kernel/bounds.c | 2 kernel/cpu.c | 3 kernel/kprobes.c | 18 - kernel/trace/trace_event_perf.c | 3 kernel/trace/trace_events_trigger.c | 6 lib/stackdepot.c | 4 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/sco.c | 26 - net/ethernet/eth.c | 12 net/ipv4/inet_timewait_sock.c | 32 +- net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/route.c | 7 net/ipv4/udp.c | 5 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 5 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_chain_filter.c | 4 net/netfilter/nft_set_pipapo.c | 14 net/openvswitch/conntrack.c | 9 net/unix/af_unix.c | 4 net/unix/garbage.c | 35 +- net/unix/scm.c | 8 net/xdp/xsk.c | 2 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/timers/posix_timers.c | 2 122 files changed, 1053 insertions(+), 472 deletions(-) Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (1): idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann (6): nouveau: fix function cast warning ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning irqflags: Explicitly ignore lockdep_hrtimer_exit() argument mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Avraham Stern (1): wifi: iwlwifi: mvm: remove old PASN station when adding a new one Baoquan He (1): riscv: fix VMALLOC_START definition Boris Burkov (2): btrfs: qgroup: correctly model root qgroup rsv in convert btrfs: record delayed inode root in transaction Carlos Llamas (1): binder: check offset alignment in binder_get_object() Christian Marangi (1): PM / devfreq: Fix buffer overflow in trans_stat_show Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Claudiu Beznea (1): clk: remove extra empty line Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Cosmin Ratiu (1): net/mlx5: Properly link new fs rules into the tree Daisuke Mizobuchi (1): mailbox: imx: fix suspend failue Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Arinzon (3): net: ena: Fix potential sign extension issue net: ena: Wrong missing IO completions check order net: ena: Fix incorrect descriptor free behavior David Bauer (1): vxlan: drop packets from invalid src-address Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dragan Simic (1): arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Eric Dumazet (6): xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING geneve: fix header validation in geneve[6]_xmit_skb netfilter: complete validation of user input ipv4: check for NULL idev in ip_route_use_hint() net: usb: ax88179_178a: stop lying about skb->truesize tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Erwan Velu (1): i40e: Report MFS in decimal base instead of hex Felix Fietkau (2): arm64: dts: mediatek: mt7622: add support for coherent DMA arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gavin Shan (1): vhost: Add smp_rmb() in vhost_vq_avail_empty() Geetha sowjanya (1): octeontx2-af: Fix NIX SQ mode and BP config Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (3): Revert "usb: cdc-wdm: close race between read and workqueue" Revert "crypto: api - Disallow identical driver names" Linux 5.10.216 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Guenter Roeck (1): riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled Guo Ren (1): riscv: Enable per-task stack canaries Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (9): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ilya Maximets (1): net: openvswitch: fix unwanted error log on timeout policy probing Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jacob Pan (1): iommu/vt-d: Allocate local memory for page request queue Jason Reeder (1): net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() John Stultz (1): selftests: timers: Fix abs() warning in posix_timers test Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kuniyuki Iwashima (3): af_unix: Do not use atomic ops for unix_sk(sk)->inflight. af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Luiz Augusto von Dentz (1): Bluetooth: SCO: Fix not validating setsockopt user input Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Matthew Wilcox (Oracle) (1): bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (1): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Nini Song (1): media: cec: core: remove length check of Timer Status Pablo Neira Ayuso (1): netfilter: nf_tables: honor table dormant flag from netdev release event path Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Peter Münster (1): net: b44: set pause params only when interface is up Petr Tesarik (1): u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Quentin Schulz (1): arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (5): arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (1): ethernet: Add helper for assigning packet type when dest address does not match device address Randy Dunlap (1): serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Robin H. Johnson (2): tracing: Show size of requested perf buffer tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Samuel Holland (1): riscv: Fix TASK_SIZE on 64-bit NOMMU Samuel Thibault (1): speakup: Avoid crash on very long word Sean Anderson (1): dma: xilinx_dpdma: Fix locking Sean Christopherson (2): x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n cpu: Re-enable CPU mitigations by default for !X86 architectures Shifeng Li (1): net/mlx5e: Fix a race in command alloc flow Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Mark 'all_lists' as const clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Thomas Gleixner (1): serial: core: Provide port lock wrappers Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Ville Syrjälä (1): drm/client: Fully protect modes[] with dev->mode_config.mutex WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yick Xie (1): udp: preserve the connected status if only UDP cmsg Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

Linux 5.4.275

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.275 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/boot/dts/hsdk.dts | 1 arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 78 ++++- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 68 ++++ arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 + arch/x86/include/asm/apic.h | 3 arch/x86/kernel/cpu/cpuid-deps.c | 6 crypto/algapi.c | 1 drivers/android/binder.c | 4 drivers/bluetooth/btusb.c | 2 drivers/clk/clk.c | 154 +++++++--- drivers/dma/idma64.c | 4 drivers/dma/owl-dma.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 ++-- drivers/gpu/drm/drm_client_modeset.c | 3 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/hid/i2c-hid/i2c-hid-core.c | 8 drivers/i2c/i2c-core-base.c | 12 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/md/dm-core.h | 2 drivers/md/dm-ioctl.c | 3 drivers/md/dm-table.c | 9 drivers/mtd/nand/raw/diskonchip.c | 4 drivers/net/ethernet/amazon/ena/ena_com.c | 2 drivers/net/ethernet/broadcom/b44.c | 14 drivers/net/ethernet/intel/i40e/i40e_main.c | 2 drivers/net/ethernet/intel/iavf/iavf_main.c | 30 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++- drivers/net/geneve.c | 4 drivers/net/gtp.c | 3 drivers/net/tun.c | 18 - drivers/net/usb/ax88179_178a.c | 11 drivers/net/vxlan.c | 4 drivers/nfc/trf7970a.c | 42 +- drivers/staging/comedi/drivers/vmk80xx.c | 35 -- drivers/staging/speakup/main.c | 2 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/serial/option.c | 40 ++ drivers/vhost/vhost.c | 12 fs/btrfs/backref.c | 12 fs/btrfs/delayed-inode.c | 3 fs/btrfs/qgroup.c | 2 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/etherdevice.h | 25 + include/linux/serial_core.h | 79 +++++ include/linux/trace_events.h | 2 include/linux/u64_stats_sync.h | 6 include/net/addrconf.h | 4 include/net/af_unix.h | 5 include/net/ip_tunnels.h | 33 ++ kernel/bounds.c | 2 kernel/kprobes.c | 18 - kernel/trace/trace_event_perf.c | 3 kernel/trace/trace_events_trigger.c | 6 lib/stackdepot.c | 4 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/sco.c | 7 net/ethernet/eth.c | 12 net/ipv4/inet_timewait_sock.c | 32 +- net/ipv4/route.c | 4 net/ipv4/udp.c | 5 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/udp.c | 5 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nf_tables_api.c | 8 net/openvswitch/conntrack.c | 9 net/unix/af_unix.c | 4 net/unix/garbage.c | 35 +- net/unix/scm.c | 8 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/timers/posix_timers.c | 2 virt/kvm/async_pf.c | 19 - 89 files changed, 902 insertions(+), 337 deletions(-) Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (1): idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann (5): nouveau: fix function cast warning ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Biao Huang (1): arm64: dts: mt2712: add ethernet device node Boris Burkov (2): btrfs: qgroup: correctly model root qgroup rsv in convert btrfs: record delayed inode root in transaction Carlos Llamas (1): binder: check offset alignment in binder_get_object() Chia-I Wu (1): amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Claudiu Beznea (1): clk: remove extra empty line Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Cosmin Ratiu (1): net/mlx5: Properly link new fs rules into the tree Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Arinzon (1): net: ena: Fix potential sign extension issue David Bauer (1): vxlan: drop packets from invalid src-address Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Eric Dumazet (3): geneve: fix header validation in geneve[6]_xmit_skb net: usb: ax88179_178a: stop lying about skb->truesize tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Gavin Shan (1): vhost: Add smp_rmb() in vhost_vq_avail_empty() Greg Kroah-Hartman (3): Revert "usb: cdc-wdm: close race between read and workqueue" Revert "crypto: api - Disallow identical driver names" Linux 5.4.275 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (9): mlxsw: core: Unregister EMAD trap using FORWARD action mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ilya Maximets (1): net: openvswitch: fix unwanted error log on timeout policy probing Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() John Stultz (1): selftests: timers: Fix abs() warning in posix_timers test Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kuniyuki Iwashima (3): af_unix: Do not use atomic ops for unix_sk(sk)->inflight. af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Matthew Wilcox (Oracle) (1): bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Mikulas Patocka (1): dm: limit the number of targets and parameter size area Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Nam Cao (1): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Peter Münster (1): net: b44: set pause params only when interface is up Petr Tesarik (1): u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Quentin Schulz (1): arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (4): arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt2712: fix validation errors Rahul Rameshbabu (1): ethernet: Add helper for assigning packet type when dest address does not match device address Rajneesh Bhardwaj (1): drm/amdgpu: restrict bo mapping within gpu address limits Randy Dunlap (1): serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Robin H. Johnson (2): tracing: Show size of requested perf buffer tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Samuel Thibault (1): speakup: Avoid crash on very long word Shifeng Li (1): net/mlx5e: Fix a race in command alloc flow Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Mark 'all_lists' as const clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused Sudheer Mogilappagari (1): iavf: Fix TC config comparison with existing adapter TC config Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Thomas Gleixner (1): serial: core: Provide port lock wrappers Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Ville Syrjälä (1): drm/client: Fully protect modes[] with dev->mode_config.mutex Vitaly Kuznetsov (1): KVM: async_pf: Cleanup kvm_setup_async_pf() WangYuli (1): Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yick Xie (1): udp: preserve the connected status if only UDP cmsg Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

Linux 4.19.313

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.313 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/kernel/osf_sys.c | 2 arch/arc/boot/dts/hsdk.dts | 1 arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 ++- arch/x86/include/asm/apic.h | 3 crypto/algapi.c | 1 drivers/block/loop.c | 19 +- drivers/dma/idma64.c | 4 drivers/dma/owl-dma.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 +++++--- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 - drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/hid/i2c-hid/i2c-hid-core.c | 8 drivers/i2c/i2c-core-base.c | 7 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/irqchip/irq-gic-v3-its.c | 9 - drivers/mtd/nand/raw/diskonchip.c | 4 drivers/net/ethernet/broadcom/b44.c | 14 - drivers/net/ethernet/intel/i40e/i40e_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 drivers/net/ethernet/mellanox/mlxsw/core.c | 2 drivers/net/geneve.c | 4 drivers/net/gtp.c | 3 drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 11 - drivers/net/vxlan.c | 4 drivers/nfc/trf7970a.c | 42 ++-- drivers/staging/comedi/drivers/vmk80xx.c | 35 +--- drivers/staging/speakup/main.c | 2 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 - drivers/usb/class/cdc-wdm.c | 6 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/serial/option.c | 40 ++++ drivers/vhost/vhost.c | 12 + fs/btrfs/backref.c | 12 - fs/btrfs/delayed-inode.c | 3 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/serial_core.h | 79 +++++++++ include/linux/trace_events.h | 2 include/net/addrconf.h | 4 include/net/ip_tunnels.h | 33 +++ include/uapi/linux/resource.h | 4 kernel/kprobes.c | 18 +- kernel/sys.c | 4 kernel/trace/trace_event_perf.c | 3 kernel/trace/trace_events.c | 4 kernel/trace/trace_events_hist.c | 86 +--------- kernel/trace/trace_events_trigger.c | 6 lib/stackdepot.c | 4 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/bluetooth/l2cap_sock.c | 7 net/bluetooth/sco.c | 7 net/ipv4/inet_timewait_sock.c | 32 ++- net/ipv4/route.c | 4 net/ipv4/udp.c | 5 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/udp.c | 5 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 net/netfilter/nf_tables_api.c | 23 +- net/openvswitch/conntrack.c | 3 net/openvswitch/datapath.c | 4 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/timers/posix_timers.c | 2 69 files changed, 496 insertions(+), 318 deletions(-) Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexey Brodkin (1): ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andrey Ryabinin (1): stackdepot: respect __GFP_NOLOCKDEP allocation flag Andy Shevchenko (1): idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann (6): nouveau: fix function cast warning ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning tracing: hide unused ftrace_event_id_fops mtd: diskonchip: work around ubsan link failure dmaengine: owl: fix register access functions Ben Hutchings (2): Revert "loop: Remove sector_t truncation checks" Revert "y2038: rusage: use __kernel_old_timeval" Boris Burkov (1): btrfs: record delayed inode root in transaction Chia-I Wu (1): amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Cosmin Ratiu (1): net/mlx5: Properly link new fs rules into the tree Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Bauer (1): vxlan: drop packets from invalid src-address Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Dumazet (3): geneve: fix header validation in geneve[6]_xmit_skb net: usb: ax88179_178a: stop lying about skb->truesize tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Gavin Shan (1): vhost: Add smp_rmb() in vhost_vq_avail_empty() Greg Kroah-Hartman (3): Revert "usb: cdc-wdm: close race between read and workqueue" Revert "crypto: api - Disallow identical driver names" Linux 4.19.313 Guanrui Huang (1): irqchip/gic-v3-its: Prevent double free on error Hyunwoo Kim (2): net: gtp: Fix Use-After-Free in gtp_dellink net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ido Schimmel (1): mlxsw: core: Unregister EMAD trap using FORWARD action Iskander Amara (2): arm64: dts: rockchip: fix alphabetical ordering RK3399 puma arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Ismael Luceno (1): ipvs: Fix checksumming on GSO of SCTP packets Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Johannes Thumshirn (1): btrfs: fix information leak in btrfs_ioctl_logical_to_ino() John Stultz (1): selftests: timers: Fix abs() warning in posix_timers test Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Nam Cao (1): HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Nathan Chancellor (1): Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Pablo Neira Ayuso (1): netfilter: nf_tables: __nft_expr_type_get() selects specific family type Paul Geurts (1): NFC: trf7970a: disable all regulators on removal Peter Münster (1): net: b44: set pause params only when interface is up Quentin Schulz (1): arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Rafał Miłecki (3): arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rajneesh Bhardwaj (1): drm/amdgpu: restrict bo mapping within gpu address limits Randy Dunlap (1): serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Robin H. Johnson (2): tracing: Show size of requested perf buffer tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Samuel Thibault (1): speakup: Avoid crash on very long word Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Sindhu Devale (1): i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Thomas Gleixner (1): serial: core: Provide port lock wrappers Tom Zanussi (2): tracing: Remove hist trigger synth_var_refs tracing: Use var_refs[] for hist trigger reference checking Tonghao Zhang (1): net: openvswitch: ovs_ct_exit to be done under ovs_lock Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Wolfram Sang (1): i2c: smbus: fix NULL function pointer dereference Yick Xie (1): udp: preserve the connected status if only UDP cmsg Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

[PATCH] proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation

by Tyler Hicks

From: "Tyler Hicks (Microsoft)" <code(a)tyhicks.com> The following commits loosened the permissions of /proc/<PID>/fdinfo/ directory, as well as the files within it, from 0500 to 0555 while also introducing a PTRACE_MODE_READ check between the current task and <PID>'s task: - commit 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") - commit 1927e498aee1 ("procfs: prevent unprivileged processes accessing fdinfo dir") Before those changes, inode based system calls like inotify_add_watch(2) would fail when the current task didn't have sufficient read permissions: [...] lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0 inotify_add_watch(64, "/proc/1/task/1/fdinfo", IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) [...] This matches the documented behavior in the inotify_add_watch(2) man page: ERRORS EACCES Read access to the given file is not permitted. After those changes, inotify_add_watch(2) started succeeding despite the current task not having PTRACE_MODE_READ privileges on the target task: [...] lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 inotify_add_watch(64, "/proc/1/task/1/fdinfo", IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = 1757 openat(AT_FDCWD, "/proc/1/task/1/fdinfo", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied) [...] This change in behavior broke .NET prior to v7. See the github link below for the v7 commit that inadvertently/quietly (?) fixed .NET after the kernel changes mentioned above. Return to the old behavior by moving the PTRACE_MODE_READ check out of the file .open operation and into the inode .permission operation: [...] lstat("/proc/1/task/1/fdinfo", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 inotify_add_watch(64, "/proc/1/task/1/fdinfo", IN_MODIFY|IN_ATTRIB|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE| IN_ONLYDIR|IN_DONT_FOLLOW|IN_EXCL_UNLINK) = -1 EACCES (Permission denied) [...] Reported-by: Kevin Parsons (Microsoft) <parsonskev(a)gmail.com> Link: https://github.com/dotnet/runtime/commit/89e5469ac591b82d38510fe7de98346cce… Link: https://stackoverflow.com/questions/75379065/start-self-contained-net6-buil… Fixes: 7bc3fa0172a4 ("procfs: allow reading fdinfo with PTRACE_MODE_READ") Cc: stable(a)vger.kernel.org Cc: Christian Brauner <brauner(a)kernel.org> Cc: "Christian König" <christian.koenig(a)amd.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Hardik Garg <hargar(a)linux.microsoft.com> Cc: Allen Pais <apais(a)linux.microsoft.com> Signed-off-by: Tyler Hicks (Microsoft) <code(a)tyhicks.com> --- fs/proc/fd.c | 42 ++++++++++++++++++++---------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 6e72e5ad42bc..f4b1c8b42a51 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -74,7 +74,18 @@ static int seq_show(struct seq_file *m, void *v) return 0; } -static int proc_fdinfo_access_allowed(struct inode *inode) +static int seq_fdinfo_open(struct inode *inode, struct file *file) +{ + return single_open(file, seq_show, inode); +} + +/** + * Shared /proc/pid/fdinfo and /proc/pid/fdinfo/fd permission helper to ensure + * that the current task has PTRACE_MODE_READ in addition to the normal + * POSIX-like checks. + */ +static int proc_fdinfo_permission(struct mnt_idmap *idmap, struct inode *inode, + int mask) { bool allowed = false; struct task_struct *task = get_proc_task(inode); @@ -88,18 +99,13 @@ static int proc_fdinfo_access_allowed(struct inode *inode) if (!allowed) return -EACCES; - return 0; + return generic_permission(idmap, inode, mask); } -static int seq_fdinfo_open(struct inode *inode, struct file *file) -{ - int ret = proc_fdinfo_access_allowed(inode); - - if (ret) - return ret; - - return single_open(file, seq_show, inode); -} +static const struct inode_operations proc_fdinfo_file_inode_operations = { + .permission = proc_fdinfo_permission, + .setattr = proc_setattr, +}; static const struct file_operations proc_fdinfo_file_operations = { .open = seq_fdinfo_open, @@ -388,6 +394,8 @@ static struct dentry *proc_fdinfo_instantiate(struct dentry *dentry, ei = PROC_I(inode); ei->fd = data->fd; + inode->i_op = &proc_fdinfo_file_inode_operations; + inode->i_fop = &proc_fdinfo_file_operations; tid_fd_update_inode(task, inode, 0); @@ -407,23 +415,13 @@ static int proc_readfdinfo(struct file *file, struct dir_context *ctx) proc_fdinfo_instantiate); } -static int proc_open_fdinfo(struct inode *inode, struct file *file) -{ - int ret = proc_fdinfo_access_allowed(inode); - - if (ret) - return ret; - - return 0; -} - const struct inode_operations proc_fdinfo_inode_operations = { .lookup = proc_lookupfdinfo, + .permission = proc_fdinfo_permission, .setattr = proc_setattr, }; const struct file_operations proc_fdinfo_operations = { - .open = proc_open_fdinfo, .read = generic_read_dir, .iterate_shared = proc_readfdinfo, .llseek = generic_file_llseek, -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH] iio: invensense: fix interrupt timestamp alignment

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Restrict interrupt timestamp alignment for not overflowing max/min period thresholds. Fixes: 0ecc363ccea7 ("iio: make invensense timestamp module generic") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/common/inv_sensors/inv_sensors_timestamp.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c index 3b0f9598a7c7..4b8ec16240b5 100644 --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c @@ -101,6 +101,9 @@ static bool inv_update_chip_period(struct inv_sensors_timestamp *ts, static void inv_align_timestamp_it(struct inv_sensors_timestamp *ts) { + const int64_t period_min = ts->min_period * ts->mult; + const int64_t period_max = ts->max_period * ts->mult; + int64_t add_max, sub_max; int64_t delta, jitter; int64_t adjust; @@ -108,11 +111,13 @@ static void inv_align_timestamp_it(struct inv_sensors_timestamp *ts) delta = ts->it.lo - ts->timestamp; /* adjust timestamp while respecting jitter */ + add_max = period_max - (int64_t)ts->period; + sub_max = period_min - (int64_t)ts->period; jitter = INV_SENSORS_TIMESTAMP_JITTER((int64_t)ts->period, ts->chip.jitter); if (delta > jitter) - adjust = jitter; + adjust = add_max; else if (delta < -jitter) - adjust = -jitter; + adjust = sub_max; else adjust = 0; -- 2.34.1

1 year, 1 month

3
2
0 0

[PATCH 5.15 00/80] 5.15.158-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.158 release. There are 80 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.158-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.158-rc1 Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Nam Cao <namcao(a)linutronix.de> fbdev: fix incorrect address computation in deferred IO Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Mantas Pucka <mantas(a)8devices.com> mmc: sdhci-msm: pervent access to suspended controller Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev suspend WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() David Kaplan <david.kaplan(a)amd.com> x86/cpu: Fix check for RDPKRU in __show_regs() Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Jim Cromie <jim.cromie(a)gmail.com> drm-print: add drm_dbg_driver to improve namespace symmetry Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Hangbin Liu <liuhangbin(a)gmail.com> bridge/br_netlink.c: no need to return void function Eric Dumazet <edumazet(a)google.com> icmp: prevent possible NULL dereferences from icmp_build_probe() Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: add support for coherent DMA Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma Yaraslau Furman <yaro330(a)gmail.com> HID: logitech-dj: allow mice to use all types of reports Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Takayuki Nagata <tnagata(a)redhat.com> cifs: reinstate original behavior again for forceuid/forcegid Paulo Alcantara <pc(a)manguebit.com> smb: client: fix rename(2) regression against samba ------------- Diffstat: Makefile | 4 +- arch/Kconfig | 8 +++ arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +-- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 +++++++++++------ arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++++++--- arch/riscv/include/asm/pgtable.h | 4 +- arch/x86/Kconfig | 11 +-- arch/x86/kernel/process_64.c | 2 +- crypto/algapi.c | 1 - drivers/bluetooth/btusb.c | 2 + drivers/bluetooth/hci_qca.c | 3 + drivers/dma/idma64.c | 4 ++ drivers/dma/idxd/perfmon.c | 9 +-- drivers/dma/owl-dma.c | 4 +- drivers/dma/xilinx/xilinx_dpdma.c | 13 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 ++++--- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++- drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/i2c-hid/i2c-hid-core.c | 8 --- drivers/hid/intel-ish-hid/ipc/ipc.c | 2 +- drivers/i2c/i2c-core-base.c | 12 ++-- drivers/irqchip/irq-gic-v3-its.c | 9 +-- drivers/mmc/host/sdhci-msm.c | 16 ++++- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/broadcom/b44.c | 14 ++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++++++- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 ++-- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++++++++--- drivers/net/ethernet/ti/am65-cpts.c | 5 ++ drivers/net/gtp.c | 3 +- drivers/net/usb/ax88179_178a.c | 11 +-- drivers/net/vxlan/vxlan_core.c | 4 ++ .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/nfc/trf7970a.c | 42 ++++++------ drivers/tty/serial/mxs-auart.c | 8 ++- drivers/video/fbdev/core/fb_defio.c | 2 +- fs/btrfs/backref.c | 12 +--- fs/cifs/cifsfs.c | 1 + fs/cifs/fs_context.c | 12 ++++ fs/cifs/fs_context.h | 2 + include/drm/drm_print.h | 3 +- include/linux/etherdevice.h | 25 +++++++ include/linux/serial_core.h | 79 ++++++++++++++++++++++ include/linux/trace_events.h | 2 +- include/net/af_unix.h | 3 + kernel/bounds.c | 2 +- kernel/cpu.c | 4 +- kernel/trace/trace_event_perf.c | 3 +- lib/stackdepot.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 7 +- net/bridge/br_netlink.c | 2 +- net/ethernet/eth.c | 12 +--- net/ipv4/icmp.c | 12 +++- net/ipv4/inet_timewait_sock.c | 34 ++++++---- net/ipv4/route.c | 3 + net/ipv4/udp.c | 5 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nft_chain_filter.c | 4 +- net/openvswitch/conntrack.c | 4 +- net/unix/garbage.c | 2 +- 70 files changed, 503 insertions(+), 213 deletions(-)

1 year, 1 month

9
89
0 0

[PATCH 4.19 00/77] 4.19.313-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.313 release. There are 77 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.313-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.313-rc1 Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Ben Hutchings <ben(a)decadent.org.uk> Revert "y2038: rusage: use __kernel_old_timeval" Ben Hutchings <ben(a)decadent.org.uk> Revert "loop: Remove sector_t truncation checks" Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Chia-I Wu <olvaffe(a)gmail.com> amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Rajneesh Bhardwaj <rajneesh.bhardwaj(a)amd.com> drm/amdgpu: restrict bo mapping within gpu address limits Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Tonghao Zhang <xiangxia.m.yue(a)gmail.com> net: openvswitch: ovs_ct_exit to be done under ovs_lock Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Tom Zanussi <tzanussi(a)gmail.com> tracing: Use var_refs[] for hist trigger reference checking Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Remove hist trigger synth_var_refs Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: __nft_expr_type_get() selects specific family type Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Makefile | 4 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 ++++++-- arch/x86/include/asm/apic.h | 3 +- crypto/algapi.c | 1 - drivers/block/loop.c | 19 ++++- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 ++++++++++++------ drivers/gpu/drm/nouveau/nouveau_bios.c | 13 ++-- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 7 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/irqchip/irq-gic-v3-its.c | 9 +-- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/broadcom/b44.c | 14 ++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +++-- drivers/net/usb/ax88179_178a.c | 11 +-- drivers/net/vxlan.c | 4 + drivers/nfc/trf7970a.c | 42 ++++++----- drivers/staging/comedi/drivers/vmk80xx.c | 35 +++------ drivers/staging/speakup/main.c | 2 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 ---- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++++++ drivers/vhost/vhost.c | 14 +++- fs/btrfs/backref.c | 12 +-- fs/btrfs/delayed-inode.c | 3 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/serial_core.h | 79 ++++++++++++++++++++ include/linux/trace_events.h | 2 +- include/net/addrconf.h | 4 + include/net/ip_tunnels.h | 33 +++++++++ include/uapi/linux/resource.h | 4 +- kernel/kprobes.c | 18 +++-- kernel/sys.c | 4 +- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events.c | 4 + kernel/trace/trace_events_hist.c | 86 +++------------------- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 7 +- net/ipv4/inet_timewait_sock.c | 34 ++++++--- net/ipv4/route.c | 4 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 21 ++++-- net/openvswitch/conntrack.c | 3 +- net/openvswitch/datapath.c | 4 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- 69 files changed, 498 insertions(+), 320 deletions(-)

1 year, 1 month

7
85
0 0

[PATCH 5.4 000/106] 5.4.275-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.275 release. There are 106 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 13:40:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.275-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.275-rc2 Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Chia-I Wu <olvaffe(a)gmail.com> amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Rajneesh Bhardwaj <rajneesh.bhardwaj(a)amd.com> drm/amdgpu: restrict bo mapping within gpu address limits Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Biao Huang <biao.huang(a)mediatek.com> arm64: dts: mt2712: add ethernet device node Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: async_pf: Cleanup kvm_setup_async_pf() Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Makefile | 4 +- arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 78 ++++++++++- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 68 ++++++++- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 ++++++---- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan.c | 4 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/staging/speakup/main.c | 2 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/ip_tunnels.h | 33 +++++ kernel/bounds.c | 2 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 7 +- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/route.c | 4 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- virt/kvm/async_pf.c | 19 +-- 89 files changed, 905 insertions(+), 340 deletions(-)

1 year, 1 month

5
4
0 0

[PATCH v2] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- Changes for V2: - Change prescaler type to "unsigned int" (Jiri S.) --- drivers/tty/serial/sc16is7xx.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..bf0065d1c8e9 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -555,16 +555,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -574,9 +586,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -592,7 +605,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, base-commit: 660a708098569a66a47d0abdad998e29e1259de6 -- 2.39.2

1 year, 1 month

2
1
0 0

[PATCH 5.10 000/137] 5.10.216-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.216 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 13:40:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.216-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.216-rc2 Guenter Roeck <linux(a)roeck-us.net> riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: add support for coherent DMA Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Guo Ren <guoren(a)linux.alibaba.com> riscv: Enable per-task stack canaries Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Daisuke Mizobuchi <mizo(a)atmark-techno.com> mailbox: imx: fix suspend failue Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Makefile | 4 +- arch/Kconfig | 8 ++ arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 ++++++--- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/riscv/Kconfig | 8 ++ arch/riscv/Makefile | 10 ++ arch/riscv/include/asm/pgtable.h | 4 +- arch/riscv/include/asm/stackprotector.h | 3 +- arch/riscv/kernel/asm-offsets.c | 3 + arch/riscv/kernel/process.c | 5 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/devfreq/devfreq.c | 59 +++++--- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/dma/xilinx/xilinx_dpdma.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 ++-- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/iommu/intel/svm.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/mailbox/imx-mailbox.c | 8 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/misc/mei/pci-me.c | 2 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 +++-- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +-- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/irqflags.h | 2 +- include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/bluetooth/bluetooth.h | 9 ++ include/net/ip_tunnels.h | 33 +++++ init/main.c | 2 + kernel/bounds.c | 2 +- kernel/cpu.c | 3 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 26 ++-- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 7 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_chain_filter.c | 4 +- net/netfilter/nft_set_pipapo.c | 14 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- 122 files changed, 1057 insertions(+), 476 deletions(-)

1 year, 1 month

6
5
0 0

[PATCH 6.8 000/228] 6.8.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.9 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.9-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.9-rc1 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF on create_le_conn_complete Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Andrew Jones <ajones(a)ventanamicro.com> RISC-V: selftests: cbo: Ensure asm operands match constraints, take 2 Clément Léger <cleger(a)rivosinc.com> riscv: hwprobe: fix invalid sign extension for RISCV_HWPROBE_EXT_ZVFHMIN Xuewen Yan <xuewen.yan(a)unisoc.com> sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Fix miscalculation in reweight_entity() when se is not curr Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Always update V if se->on_rq when reweighting Rob Herring <robh(a)kernel.org> dt-bindings: eeprom: at24: Fix ST M24C64-D compatible schema Hans de Goede <hdegoede(a)redhat.com> phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix loading 64-bit NOMMU kernels past the start of RAM Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Rex Zhang <rex.zhang(a)intel.com> dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue Gabor Juhos <j4g8y7(a)gmail.com> phy: qcom: m31: match requested regulator name with dt schema Sebastian Reichel <sebastian.reichel(a)collabora.com> phy: rockchip: naneng-combphy: Fix mux on rk3588 Sebastian Reichel <sebastian.reichel(a)collabora.com> phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits Michal Tomek <mtdev79b(a)gmail.com> phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Marcel Ziswiler <marcel.ziswiler(a)toradex.com> phy: freescale: imx8m-pcie: fix pcie link-up instability Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix hardcoded array size Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix out of bounds read Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: fix for wake interrupt handling for clockstop mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Akhil R <akhilrajeev(a)nvidia.com> dmaengine: tegra186: Fix residual calculation Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Johannes Weiner <hannes(a)cmpxchg.org> mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: turn folio_test_hugetlb into a PageType Stephen Boyd <swboyd(a)chromium.org> phy: qcom: qmp-combo: Fix VCO div offset on v3 Stephen Boyd <swboyd(a)chromium.org> phy: qcom: qmp-combo: Fix register base for QSERDES_DP_PHY_MODE Maximilian Luz <luzmaximilian(a)gmail.com> firmware: qcom: uefisecapp: Fix memory related IO errors and crashes Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Nam Cao <namcao(a)linutronix.de> fbdev: fix incorrect address computation in deferred IO Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix eviction fence handling Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix rescheduling of restore worker Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Lang Yu <Lang.Yu(a)amd.com> drm/amdgpu/umsch: don't execute umsch test when GPU is in reset/suspend Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Remove gpu_od if it's an empty directory Lucas Stach <l.stach(a)pengutronix.de> drm/atomic-helper: fix parameter order in drm_format_conv_state_copy() call Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Assign correct bits for SDMA HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Louis Chauvet <louis.chauvet(a)bootlin.com> dmaengine: xilinx: xdma: Fix synchronization issue Miquel Raynal <miquel.raynal(a)bootlin.com> dmaengine: xilinx: xdma: Fix wrong offsets in the buffers addresses in dma descriptor Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> arm64: dts: qcom: sm8450: Fix the msi-map entries Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP Jiantao Shan <shanjiantao(a)loongson.cn> LoongArch: Fix access error when read fault on a write-only VMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix callchain parse error with kernel tracepoint events Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Preserve shared bit on mprotect() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: scrub: run relocation repair when/only needed Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> btrfs: fallback if compressed IO fails for ENOSPC Kenny Levinsen <kl(a)kl.wtf> HID: i2c-hid: Revert to await reset ACK before reading report descriptor Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Steve French <stfrench(a)microsoft.com> smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Gustavo A. R. Silva <gustavoars(a)kernel.org> smb: client: Fix struct_group() usage in __packed structs Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: support page_mapcount() on page_has_type() pages Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros Maksim Kiselev <bigunclemax(a)gmail.com> mmc: sdhci-of-dwcmshc: th1520: Increase tuning loop count to 128 Mantas Pucka <mantas(a)8devices.com> mmc: sdhci-msm: pervent access to suspended controller Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Christian Marangi <ansuelsmth(a)gmail.com> mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec() Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev setup Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev suspend WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Aswin Unnikrishnan <aswinunni01(a)gmail.com> rust: remove `params` from `module` macro example Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: force `alloc` extern to allow "empty" Rust files Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: remove unneeded `@rustc_cfg` to avoid ICE Conor Dooley <conor.dooley(a)microchip.com> rust: make mutually exclusive with CFI_CLANG Laine Taffin Altman <alexanderaltman(a)me.com> rust: init: remove impl Zeroable for Infallible Alice Ryhl <aliceryhl(a)google.com> rust: don't select CONSTRUCTORS Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Wedson Almeida Filho <walmeida(a)microsoft.com> rust: phy: implement `Send` for `Registration` David Kaplan <david.kaplan(a)amd.com> x86/cpu: Fix check for RDPKRU in __show_regs() Wenkuan Wang <Wenkuan.Wang(a)amd.com> x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: Change the syscall used in KILL_THREAD test Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: user_notification_addfd check nextfd is available Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix visible VRAM handling during faults Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add shared fdinfo stats Alex Deucher <alexander.deucher(a)amd.com> drm: add drm_gem_object_is_shared_for_memory_stats() helper Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET" Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled Oliver Neukum <oneukum(a)suse.com> usb: xhci: correct return value in case of STS_HCE Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: move event processing for one interrupter to a separate function Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/display: fix USB-C flag update after enc10 feature init" George Shen <george.shen(a)amd.com> drm/amd/display: Check DP Alt mode DPCS state via DMUB David Howells <dhowells(a)redhat.com> netfs: Fix the pre-flush when appending to a file in writethrough mode Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Sabrina Dubroca <sd(a)queasysnail.net> tls: fix lockless read of strp->msg_ready in ->poll Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> dpll: fix dpll_pin_on_pin_register() for multiple parent pins Jiri Pirko <jiri(a)resnulli.us> dpll: check that pin is registered in __dpll_pin_unregister() Su Hui <suhui(a)nfschina.com> octeontx2-af: fix the double free in rvu_npc_freemem() Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jacob Keller <jacob.e.keller(a)intel.com> ice: fix LAG and VF lock dependency in ice_reset_vf() Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Dan Carpenter <dan.carpenter(a)linaro.org> net: ti: icssg-prueth: Fix signedness bug in prueth_init_rx_chns() MD Danish Anwar <danishanwar(a)ti.com> net: phy: dp83869: Fix MII mode failure Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Michael Heimpold <michael.heimpold(a)chargebyte.com> ARM: dts: imx6ull-tarragon: fix USB over-current polarity Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix counting packets discarded due to OOM and netpoll Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race in region ID allocation Amit Cohen <amcohen(a)nvidia.com> mlxsw: Use refcount_t for reference counting Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Chun-Yi Lee <jlee(a)suse.com> Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btusb: mediatek: Fix double free of skb in coredump Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Fix triggering coredump implementation for QCA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Reassemble PA data for bcast sink Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Attempt to dequeue connection attempt Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Always use sk_timeo as conn_timeout Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: Remove pending ACL connection attempts Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_conn: Only do ACL connections sequentially Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_event: Use HCI error defines instead of magic values Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: call free_gsc_pkt only once on action add failure Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Remove sysfs only once on action add failure Prathamesh Shete <pshete(a)nvidia.com> gpio: tegra186: Fix tegra186_gpio_is_accessible() check Daniel Golle <daniel(a)makrotopia.org> net: phy: mediatek-ge-soc: follow netdev LED trigger semantics Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Hyunwoo Kim <v4bel(a)theori.io> tcp: Fix Use-After-Free in tcp_ao_connect_init Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Eric Dumazet <edumazet(a)google.com> net: fix sk_memory_allocated_{add|sub} vs softirqs Adam Li <adamli(a)os.amperecomputing.com> net: make SK_MEMORY_PCPU_RESERV tunable Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't ignore errors in NLMSG_DONE messages AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-svs: Append "-thermal" to thermal zone names Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix netdev refcount issue David Howells <dhowells(a)redhat.com> netfs: Fix writethrough-mode error handling Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xx: fix supported_interfaces setup in mv88e6250_phylink_get_caps() Dan Williams <dan.j.williams(a)intel.com> cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix error recovery for 5760X (P7) chips Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix the PCI-AER routines Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: refactor reset close code Hangbin Liu <liuhangbin(a)gmail.com> bridge/br_netlink.c: no need to return void function Eric Dumazet <edumazet(a)google.com> icmp: prevent possible NULL dereferences from icmp_build_probe() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Ido Schimmel <idosch(a)nvidia.com> mlxsw: pci: Fix driver initialization with old firmware Ido Schimmel <idosch(a)nvidia.com> mlxsw: core_env: Fix driver initialization with old firmware Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: fix memory leak when bringing down interface David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Duanqiang Wen <duanqiangwen(a)net-swift.com> net: libwx: fix alloc msix vectors failed Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix unaligned le16 access Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove link before AP Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211_hwsim: init peer measurement result Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> drm/gma500: Remove lid code Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded Colin Ian King <colin.i.king(a)intel.com> wifi: mac80211: clean up assignments to pointer cache. Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: tangier: Use correct type for the IRQ chip data Maximilian Luz <luzmaximilian(a)gmail.com> arm64: dts: qcom: sc8180x: Fix ss_phy_irq for secondary USB controller Rajendra Nayak <quic_rjendra(a)quicinc.com> arm64: dts: qcom: x1e80100: Fix the compatible for cluster idle states Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: Fix type of "wdog" IRQs for remoteprocs Yu Kuai <yukuai3(a)huawei.com> block: fix module reference leakage from bdev_open_by_dev error path Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Muhammed Efe Cetin <efectn(a)protonmail.com> arm64: dts: rockchip: mark system power controller and fix typo on orangepi-5-plus Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: prefix BPI-R3 cooling maps with "map-" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop invalid thermal block clock Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: reorder nodes Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop "#reset-cells" from Ethernet controller Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop invalid properties from ethsys Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: reorder properties Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Use default min voltage for MT6358 Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: cherry: Describe CPU supplies Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex1 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi CM5 Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma Arınç ÜNAL <arinc.unal(a)arinc9.com> arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Yaraslau Furman <yaro330(a)gmail.com> HID: logitech-dj: allow mice to use all types of reports Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Takayuki Nagata <tnagata(a)redhat.com> cifs: reinstate original behavior again for forceuid/forcegid Paulo Alcantara <pc(a)manguebit.com> smb: client: fix rename(2) regression against samba David Howells <dhowells(a)redhat.com> cifs: Fix reacquisition of volume cookie on still-live connection ------------- Diffstat: Documentation/admin-guide/sysctl/net.rst | 5 + Documentation/devicetree/bindings/eeprom/at24.yaml | 5 +- Makefile | 4 +- arch/Kconfig | 8 + arch/arc/boot/dts/hsdk.dts | 1 - arch/arm/boot/dts/microchip/at91-sama7g5ek.dts | 8 +- .../boot/dts/nxp/imx/imx6ull-tarragon-common.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 ++- .../boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 6 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 215 ++++++++-------- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 1 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 36 ++- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 11 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 4 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++- arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 +- .../arm64/boot/dts/rockchip/rk3588-coolpi-cm5.dtsi | 4 +- .../boot/dts/rockchip/rk3588-orangepi-5-plus.dts | 3 +- arch/loongarch/include/asm/perf_event.h | 8 + arch/loongarch/mm/fault.c | 4 +- arch/riscv/include/asm/page.h | 2 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/include/uapi/asm/hwprobe.h | 2 +- arch/riscv/mm/init.c | 2 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/coco.h | 1 + arch/x86/include/asm/pgtable_types.h | 3 +- arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kvm/pmu.c | 30 ++- arch/x86/kvm/vmx/pmu_intel.c | 16 +- block/bdev.c | 2 +- drivers/acpi/cppc_acpi.c | 72 ++++-- drivers/bluetooth/btmtk.c | 7 +- drivers/bluetooth/btusb.c | 11 +- drivers/bluetooth/hci_qca.c | 27 +- drivers/cxl/core/mbox.c | 38 ++- drivers/dma/idma64.c | 4 + drivers/dma/idxd/cdev.c | 5 +- drivers/dma/idxd/debugfs.c | 4 +- drivers/dma/idxd/device.c | 8 +- drivers/dma/idxd/idxd.h | 2 +- drivers/dma/idxd/init.c | 2 +- drivers/dma/idxd/irq.c | 4 +- drivers/dma/idxd/perfmon.c | 9 +- drivers/dma/owl-dma.c | 4 +- drivers/dma/pl330.c | 3 - drivers/dma/tegra186-gpc-dma.c | 3 + drivers/dma/xilinx/xdma-regs.h | 3 + drivers/dma/xilinx/xdma.c | 28 ++- drivers/dma/xilinx/xilinx_dpdma.c | 13 +- drivers/dpll/dpll_core.c | 61 +++-- drivers/firmware/qcom/qcom_qseecom_uefisecapp.c | 137 +++++++---- drivers/firmware/qcom/qcom_scm.c | 37 +-- drivers/gpio/gpio-tangier.c | 9 +- drivers/gpio/gpio-tegra186.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fdinfo.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 33 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 28 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 73 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 3 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 15 +- .../amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 85 +++++-- .../amd/display/dc/dcn32/dcn32_dio_link_encoder.h | 5 + .../amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 7 + drivers/gpu/drm/drm_gem_atomic_helper.c | 4 +- drivers/gpu/drm/gma500/Makefile | 1 - drivers/gpu/drm/gma500/psb_device.c | 5 +- drivers/gpu/drm/gma500/psb_drv.h | 9 - drivers/gpu/drm/gma500/psb_lid.c | 80 ------ drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 19 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.h | 2 +- drivers/gpu/drm/xe/xe_huc.c | 9 +- drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/i2c-hid/i2c-hid-core.c | 38 +-- drivers/hid/intel-ish-hid/ipc/ipc.c | 2 +- drivers/i2c/i2c-core-base.c | 12 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/misc/eeprom/at24.c | 18 +- drivers/mmc/host/sdhci-msm.c | 16 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 1 + drivers/mtd/mtdcore.c | 2 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/mtd/nand/raw/qcom_nandc.c | 7 +- drivers/net/dsa/mv88e6xxx/chip.c | 56 ++++- drivers/net/dsa/mv88e6xxx/port.h | 23 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 21 +- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 82 +++--- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 ++- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 16 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 1 - .../ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 + drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../mellanox/mlxsw/core_acl_flex_actions.c | 16 +- .../ethernet/mellanox/mlxsw/core_acl_flex_keys.c | 9 +- drivers/net/ethernet/mellanox/mlxsw/core_env.c | 20 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 10 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 11 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 132 ++++++---- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 5 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 15 +- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 8 +- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/ethernet/ti/icssg/icssg_prueth.c | 8 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/gtp.c | 3 +- drivers/net/macsec.c | 46 +++- drivers/net/phy/dp83869.c | 3 +- drivers/net/phy/mediatek-ge-soc.c | 43 ++-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/net/wireless/virtual/mac80211_hwsim.c | 2 +- drivers/nfc/trf7970a.c | 42 ++-- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 +- drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 +- drivers/phy/qualcomm/phy-qcom-m31.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 12 +- drivers/phy/qualcomm/phy-qcom-qmp.h | 2 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 36 ++- drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 +-- drivers/phy/ti/phy-tusb1210.c | 23 +- drivers/soc/mediatek/mtk-svs.c | 7 +- drivers/soundwire/amd_manager.c | 15 ++ drivers/soundwire/amd_manager.h | 3 +- drivers/usb/host/xhci-ring.c | 116 +++++---- drivers/video/fbdev/core/fb_defio.c | 2 +- fs/btrfs/backref.c | 12 +- fs/btrfs/extent_map.c | 2 +- fs/btrfs/inode.c | 13 +- fs/btrfs/scrub.c | 18 +- fs/btrfs/tests/extent-map-tests.c | 5 + fs/netfs/buffered_write.c | 23 +- fs/proc/page.c | 7 +- fs/smb/client/cifsfs.c | 1 + fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 4 +- fs/smb/client/fs_context.c | 12 + fs/smb/client/fs_context.h | 2 + fs/smb/client/fscache.c | 13 + fs/smb/client/misc.c | 3 + fs/smb/client/smb2pdu.h | 2 +- fs/smb/client/transport.c | 7 +- include/drm/drm_gem.h | 13 + include/linux/etherdevice.h | 25 ++ include/linux/firmware/qcom/qcom_qseecom.h | 55 ++++- include/linux/firmware/qcom/qcom_scm.h | 10 +- include/linux/mm.h | 8 +- include/linux/page-flags.h | 146 ++++++----- include/net/af_unix.h | 3 + include/net/bluetooth/hci.h | 8 + include/net/bluetooth/hci_core.h | 38 ++- include/net/bluetooth/hci_sync.h | 20 +- include/net/bluetooth/l2cap.h | 2 +- include/net/macsec.h | 2 + include/net/sock.h | 41 +-- include/net/tls.h | 3 +- include/trace/events/mmflags.h | 1 + init/Kconfig | 2 +- kernel/bounds.c | 2 +- kernel/cpu.c | 4 +- kernel/crash_core.c | 5 +- kernel/sched/fair.c | 34 +-- lib/stackdepot.c | 4 +- mm/hugetlb.c | 29 +-- mm/zswap.c | 25 +- net/ax25/af_ax25.c | 2 +- net/bluetooth/6lowpan.c | 2 +- net/bluetooth/hci_conn.c | 168 +++---------- net/bluetooth/hci_event.c | 52 ++-- net/bluetooth/hci_sync.c | 274 ++++++++++++++++++++- net/bluetooth/iso.c | 50 +++- net/bluetooth/l2cap_core.c | 12 +- net/bluetooth/l2cap_sock.c | 10 +- net/bluetooth/mgmt.c | 27 +- net/bluetooth/sco.c | 10 +- net/bridge/br_netlink.c | 2 +- net/core/sock.c | 1 + net/core/sysctl_net_core.c | 9 + net/ethernet/eth.c | 12 +- net/ipv4/icmp.c | 12 +- net/ipv4/route.c | 3 + net/ipv4/tcp_ao.c | 3 +- net/ipv4/udp.c | 5 +- net/ipv6/udp.c | 5 +- net/mac80211/mesh.c | 8 +- net/mac80211/mesh.h | 36 ++- net/mac80211/mesh_pathtbl.c | 37 +-- net/mac80211/mlme.c | 9 +- net/mac80211/rx.c | 13 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nft_chain_filter.c | 4 +- net/openvswitch/conntrack.c | 4 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 6 +- net/unix/garbage.c | 2 +- rust/Makefile | 1 - rust/kernel/init.rs | 11 +- rust/kernel/lib.rs | 2 +- rust/kernel/net/phy.rs | 4 + rust/macros/lib.rs | 12 - scripts/Makefile.build | 2 +- tools/net/ynl/lib/ynl.py | 1 + tools/testing/selftests/riscv/hwprobe/cbo.c | 2 +- tools/testing/selftests/riscv/hwprobe/hwprobe.h | 10 + tools/testing/selftests/seccomp/seccomp_bpf.c | 41 ++- 229 files changed, 2425 insertions(+), 1546 deletions(-)

1 year, 1 month

12
239
0 0

[PATCH 6.1 000/110] 6.1.90-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.90 release. There are 110 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.90-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.90-rc1 Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Hans de Goede <hdegoede(a)redhat.com> phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Sebastian Reichel <sebastian.reichel(a)collabora.com> phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits Michal Tomek <mtdev79b(a)gmail.com> phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Marcel Ziswiler <marcel.ziswiler(a)toradex.com> phy: freescale: imx8m-pcie: fix pcie link-up instability Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Refine i.MX8MM PCIe PHY driver Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix hardcoded array size Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix out of bounds read Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Akhil R <akhilrajeev(a)nvidia.com> dmaengine: tegra186: Fix residual calculation Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Preserve shared bit on mprotect() Aswin Unnikrishnan <aswinunni01(a)gmail.com> rust: remove `params` from `module` macro example Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Nam Cao <namcao(a)linutronix.de> fbdev: fix incorrect address computation in deferred IO Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Jiantao Shan <shanjiantao(a)loongson.cn> LoongArch: Fix access error when read fault on a write-only VMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix callchain parse error with kernel tracepoint events Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Steve French <stfrench(a)microsoft.com> smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Gustavo A. R. Silva <gustavoars(a)kernel.org> smb: client: Fix struct_group() usage in __packed structs Mantas Pucka <mantas(a)8devices.com> mmc: sdhci-msm: pervent access to suspended controller Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev suspend WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Conor Dooley <conor.dooley(a)microchip.com> rust: make mutually exclusive with CFI_CLANG Alice Ryhl <aliceryhl(a)google.com> rust: don't select CONSTRUCTORS David Kaplan <david.kaplan(a)amd.com> x86/cpu: Fix check for RDPKRU in __show_regs() Miaohe Lin <linmiaohe(a)huawei.com> fork: defer linking file vma until vma is fully initialized Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" Kees Cook <keescook(a)chromium.org> cifs: Replace remaining 1-element arrays Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix counting packets discarded due to OOM and netpoll Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Chun-Yi Lee <jlee(a)suse.com> Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Eric Dumazet <edumazet(a)google.com> net: fix sk_memory_allocated_{add|sub} vs softirqs Adam Li <adamli(a)os.amperecomputing.com> net: make SK_MEMORY_PCPU_RESERV tunable Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix netdev refcount issue Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix the PCI-AER routines Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: refactor reset close code Hangbin Liu <liuhangbin(a)gmail.com> bridge/br_netlink.c: no need to return void function Eric Dumazet <edumazet(a)google.com> icmp: prevent possible NULL dereferences from icmp_build_probe() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma Arınç ÜNAL <arinc.unal(a)arinc9.com> arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Yaraslau Furman <yaro330(a)gmail.com> HID: logitech-dj: allow mice to use all types of reports Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Takayuki Nagata <tnagata(a)redhat.com> cifs: reinstate original behavior again for forceuid/forcegid Paulo Alcantara <pc(a)manguebit.com> smb: client: fix rename(2) regression against samba ------------- Diffstat: Documentation/admin-guide/sysctl/net.rst | 5 + Makefile | 4 +- arch/Kconfig | 8 ++ arch/arc/boot/dts/hsdk.dts | 1 - arch/arm/boot/dts/at91-sama7g5ek.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 +++---- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 + .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++++-- arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 +- arch/loongarch/include/asm/perf_event.h | 8 ++ arch/loongarch/mm/fault.c | 4 +- arch/riscv/include/asm/pgtable.h | 4 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/coco.h | 5 +- arch/x86/include/asm/pgtable_types.h | 3 +- arch/x86/kernel/process_64.c | 2 +- crypto/algapi.c | 1 - drivers/acpi/cppc_acpi.c | 72 ++++++++++--- drivers/bluetooth/btusb.c | 2 + drivers/bluetooth/hci_qca.c | 21 +++- drivers/dma/idma64.c | 4 + drivers/dma/idxd/perfmon.c | 9 +- drivers/dma/owl-dma.c | 4 +- drivers/dma/tegra186-gpc-dma.c | 3 + drivers/dma/xilinx/xilinx_dpdma.c | 13 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 +++-- drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/i2c-hid/i2c-hid-core.c | 9 -- drivers/hid/intel-ish-hid/ipc/ipc.c | 2 +- drivers/i2c/i2c-core-base.c | 12 +-- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/mmc/host/sdhci-msm.c | 16 ++- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/broadcom/b44.c | 14 +-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 80 ++++++++------- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++++- .../ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 + drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++++-- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/gtp.c | 3 +- drivers/net/macsec.c | 44 ++++++-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/virtio_net.c | 28 +++++- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/nfc/trf7970a.c | 42 ++++---- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 112 +++++++++++++-------- drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 +- drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 +++--- drivers/phy/ti/phy-tusb1210.c | 23 +++-- drivers/video/fbdev/core/fb_defio.c | 2 +- fs/btrfs/backref.c | 12 +-- fs/smb/client/cifs_spnego.h | 2 +- fs/smb/client/cifsfs.c | 1 + fs/smb/client/cifspdu.h | 100 +++++++++--------- fs/smb/client/fs_context.c | 12 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/readdir.c | 6 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/client/smb2pdu.h | 4 +- fs/smb/client/transport.c | 3 + include/linux/etherdevice.h | 25 +++++ include/net/af_unix.h | 3 + include/net/macsec.h | 1 + include/net/sock.h | 41 ++++---- init/Kconfig | 2 +- kernel/bounds.c | 2 +- kernel/cpu.c | 4 +- kernel/fork.c | 18 ++-- lib/stackdepot.c | 4 +- net/ax25/af_ax25.c | 2 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 24 +++-- net/bluetooth/sco.c | 7 +- net/bridge/br_netlink.c | 2 +- net/core/sock.c | 1 + net/core/sysctl_net_core.c | 9 ++ net/ethernet/eth.c | 12 +-- net/ipv4/icmp.c | 12 ++- net/ipv4/route.c | 3 + net/ipv4/udp.c | 5 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nft_chain_filter.c | 4 +- net/openvswitch/conntrack.c | 4 +- net/unix/garbage.c | 2 +- rust/macros/lib.rs | 12 --- 98 files changed, 785 insertions(+), 456 deletions(-)

1 year, 1 month

11
120
0 0

[PATCH v3] usb: dwc3: Wait unconditionally after issuing EndXfer command

by Prashanth K

Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Cc: <stable(a)vger.kernel.org> Fixes: b353eb6dc285 ("usb: dwc3: gadget: Skip waiting for CMDACT cleared during endxfer") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- Changes in v3: Fixed build errors by removing unused variable 'dwc'. Changes in v2: Changed the patch logic from CMDACT polling to 1ms mdelay. Updated subject and commit accordingly. Link to v1: https://lore.kernel.org/all/20240422090539.3986723-1-quic_prashk@quicinc.co… drivers/usb/dwc3/gadget.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4df2661f6675..140120953c76 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1699,7 +1699,6 @@ static int __dwc3_gadget_get_frame(struct dwc3 *dwc) */ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool interrupt) { - struct dwc3 *dwc = dep->dwc; struct dwc3_gadget_ep_cmd_params params; u32 cmd; int ret; @@ -1724,8 +1723,7 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int dep->resource_index = 0; if (!interrupt) { - if (!DWC3_IP_IS(DWC3) || DWC3_VER_IS_PRIOR(DWC3, 310A)) - mdelay(1); + mdelay(1); dep->flags &= ~DWC3_EP_TRANSFER_STARTED; } else if (!ret) { dep->flags |= DWC3_EP_END_TRANSFER_PENDING; -- 2.25.1

1 year, 1 month

1
0
0 0

[PATCH 5/5] eventfs: Have "events" directory get permissions from its parent

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 624a0e4a8e29..f77800398a54 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -207,12 +208,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; + + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -798,6 +810,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -807,10 +820,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list); -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH 4/5] eventfs: Do not treat events directory different than other directories

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Treat the events directory the same as other directories when it comes to permissions. The events directory was considered different because it's dentry is persistent, whereas the other directory dentries are created when accessed. But the way tracefs now does its ownership by using the root dentry's permissions as the default permissions, the events directory can get out of sync when a remount is performed setting the group and user permissions. Remove the special case for the events directory on setting the attributes. This allows the updates caused by remount to work properly as well as simplifies the code. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 2c33262107c6..624a0e4a8e29 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -187,21 +187,7 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, * determined by the parent directory. */ if (dentry->d_inode->i_mode & S_IFDIR) { - /* - * The events directory dentry is never freed, unless its - * part of an instance that is deleted. It's attr is the - * default for its child files and directories. - * Do not update it. It's not used for its own mode or ownership. - */ - if (ei->is_events) { - /* But it still needs to know if it was modified */ - if (iattr->ia_valid & ATTR_UID) - ei->attr.mode |= EVENTFS_SAVE_UID; - if (iattr->ia_valid & ATTR_GID) - ei->attr.mode |= EVENTFS_SAVE_GID; - } else { - update_attr(&ei->attr, iattr); - } + update_attr(&ei->attr, iattr); } else { name = dentry->d_name.name; -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH 3/5] eventfs: Do not differentiate the toplevel events directory

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 ++++++++--------------------- fs/tracefs/internal.h | 7 +++---- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index db71fed7057d..2c33262107c6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -220,14 +219,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -240,10 +235,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -272,7 +267,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -340,7 +335,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -446,7 +441,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -826,14 +821,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -842,13 +829,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 661ac13e2984..d83c2a25f288 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode { -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH 2/5] tracefs: Still use mount point as default permissions for instances

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> If the instances directory's permissions were never change, then have it and its children use the mount point permissions as the default. Currently, the permissions of instance directories are determined by the instance directory's permissions itself. But if the tracefs file system is remounted and changes the permissions, the instance directory and its children should use the new permission. But because both the instance directory and its children use the instance directory's inode for permissions, it misses the update. To demonstrate this: # cd /sys/kernel/tracing/ # mkdir instances/foo # ls -ld instances/foo drwxr-x--- 5 root root 0 May 1 19:07 instances/foo # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 18:57 current_tracer # mount -o remount,gid=1002 . # ls -ld instances drwxr-x--- 3 root root 0 May 1 18:57 instances # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo/ # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 18:57 current_tracer Notice that changing the group id to that of "lkp" did not affect the instances directory nor its children. It should have been: # ls -ld current_tracer -rw-r----- 1 root root 0 May 1 19:19 current_tracer # ls -ld instances/foo/ drwxr-x--- 5 root root 0 May 1 19:25 instances/foo/ # ls -ld instances drwxr-x--- 3 root root 0 May 1 19:19 instances # mount -o remount,gid=1002 . # ls -ld current_tracer -rw-r----- 1 root lkp 0 May 1 19:19 current_tracer # ls -ld instances drwxr-x--- 3 root lkp 0 May 1 19:19 instances # ls -ld instances/foo/ drwxr-x--- 5 root lkp 0 May 1 19:25 instances/foo/ Where all files were updated by the remount gid update. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 2a1dc2b442d1..1130c0fe2426 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -170,16 +170,39 @@ static void set_tracefs_inode_owner(struct inode *inode) { struct tracefs_inode *ti = get_tracefs(inode); struct inode *root_inode = ti->private; + kuid_t uid; + kgid_t gid; + + uid = root_inode->i_uid; + gid = root_inode->i_gid; + + /* + * If the root is not the mount point, then check the root's + * permissions. If it was never set, then default to the + * mount point. + */ + if (root_inode != d_inode(root_inode->i_sb->s_root)) { + struct tracefs_inode *rti; + + rti = get_tracefs(root_inode); + root_inode = d_inode(root_inode->i_sb->s_root); + + if (!(rti->flags & TRACEFS_UID_PERM_SET)) + uid = root_inode->i_uid; + + if (!(rti->flags & TRACEFS_GID_PERM_SET)) + gid = root_inode->i_gid; + } /* * If this inode has never been referenced, then update * the permissions to the superblock. */ if (!(ti->flags & TRACEFS_UID_PERM_SET)) - inode->i_uid = root_inode->i_uid; + inode->i_uid = uid; if (!(ti->flags & TRACEFS_GID_PERM_SET)) - inode->i_gid = root_inode->i_gid; + inode->i_gid = gid; } static int tracefs_permission(struct mnt_idmap *idmap, -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH 1/5] tracefs: Reset permissions on remount if permissions are options

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permission if they were never set by the user. If the user sets the permissions, then a flag is set and the permissions are saved via the inode (for tracefs files) or an internal attribute field (for eventfs). But if a remount happens that specify the permissions, all the files that were not changed by the user gets updated, but the ones that were are not. If the user were to remount the file system with a given permission, then all files and directories within that file system should be updated. This can cause security issues if a file's permission was updated but the admin forgot about it. They could incorrectly think that remounting with permissions set would update all files, but miss some. For example: # cd /sys/kernel/tracing # chgrp 1002 current_tracer # ls -l [..] -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root root 0 May 1 21:25 dynamic_events -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root root 0 May 1 21:25 enabled_functions Where current_tracer now has group "lkp". # mount -o remount,gid=1001 . # ls -l -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions Everything changed but the "current_tracer". Add a new link list that keeps track of all the tracefs_inodes which has the permission flags that tell if the file/dir should use the root inode's permission or not. Then on remount, clear all the flags so that the default behavior of using the root inode's permission is done for all files and directories. Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 29 +++++++++++++++++++++++++++++ fs/tracefs/inode.c | 40 +++++++++++++++++++++++++++++++++++++++- fs/tracefs/internal.h | 2 ++ 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index dc97c19f9e0a..db71fed7057d 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -289,6 +289,35 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + if (!ei) + return; + + if (update_uid) + ei->attr.mode &= ~EVENTFS_SAVE_UID; + + if (update_gid) + ei->attr.mode &= ~EVENTFS_SAVE_GID; + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + if (update_gid) + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + } +} + /* Return the evenfs_inode of the "events" directory */ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) { diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 5545e6bf7d26..2a1dc2b442d1 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -30,6 +30,13 @@ static struct vfsmount *tracefs_mount; static int tracefs_mount_count; static bool tracefs_registered; +/* + * Keep track of all tracefs_inodes in order to update their + * flags if necessary on a remount. + */ +static DEFINE_MUTEX(tracefs_inode_mutex); +static LIST_HEAD(tracefs_inodes); + static struct inode *tracefs_alloc_inode(struct super_block *sb) { struct tracefs_inode *ti; @@ -38,12 +45,22 @@ static struct inode *tracefs_alloc_inode(struct super_block *sb) if (!ti) return NULL; + mutex_lock(&tracefs_inode_mutex); + list_add(&ti->list, &tracefs_inodes); + mutex_unlock(&tracefs_inode_mutex); + return &ti->vfs_inode; } static void tracefs_free_inode(struct inode *inode) { - kmem_cache_free(tracefs_inode_cachep, get_tracefs(inode)); + struct tracefs_inode *ti = get_tracefs(inode); + + mutex_lock(&tracefs_inode_mutex); + list_del(&ti->list); + mutex_unlock(&tracefs_inode_mutex); + + kmem_cache_free(tracefs_inode_cachep, ti); } static ssize_t default_read_file(struct file *file, char __user *buf, @@ -313,6 +330,8 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) struct tracefs_fs_info *fsi = sb->s_fs_info; struct inode *inode = d_inode(sb->s_root); struct tracefs_mount_opts *opts = &fsi->mount_opts; + struct tracefs_inode *ti; + bool update_uid, update_gid; umode_t tmp_mode; /* @@ -332,6 +351,25 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) if (!remount || opts->opts & BIT(Opt_gid)) inode->i_gid = opts->gid; + if (remount && (opts->opts & BIT(Opt_uid) || opts->opts & BIT(Opt_gid))) { + mutex_lock(&tracefs_inode_mutex); + + update_uid = opts->opts & BIT(Opt_uid); + update_gid = opts->opts & BIT(Opt_gid); + + list_for_each_entry(ti, &tracefs_inodes, list) { + if (update_uid) + ti->flags &= ~TRACEFS_UID_PERM_SET; + + if (update_gid) + ti->flags &= ~TRACEFS_GID_PERM_SET; + + if (ti->flags & TRACEFS_EVENT_INODE) + eventfs_remount(ti, update_uid, update_gid); + } + mutex_unlock(&tracefs_inode_mutex); + } + return 0; } diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 15c26f9aaad4..661ac13e2984 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -13,6 +13,7 @@ enum { struct tracefs_inode { struct inode vfs_inode; /* The below gets initialized with memset_after(ti, 0, vfs_inode) */ + struct list_head list; unsigned long flags; void *private; }; @@ -73,6 +74,7 @@ struct dentry *tracefs_end_creating(struct dentry *dentry); struct dentry *tracefs_failed_creating(struct dentry *dentry); struct inode *tracefs_get_inode(struct super_block *sb); +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid); void eventfs_d_release(struct dentry *dentry); #endif /* _TRACEFS_INTERNAL_H */ -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH net] tipc: fix UAF in error path

by Paolo Abeni

Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 Read of size 8 at addr ffff88804d2a7c80 by task poc/8034 CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 Call Trace: <IRQ> __dump_stack linux/lib/dump_stack.c:88 dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106 print_address_description linux/mm/kasan/report.c:377 print_report+0xc4/0x620 linux/mm/kasan/report.c:488 kasan_report+0xda/0x110 linux/mm/kasan/report.c:601 kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026 skb_release_all linux/net/core/skbuff.c:1094 __kfree_skb linux/net/core/skbuff.c:1108 kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144 kfree_skb linux/./include/linux/skbuff.h:1244 tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186 tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324 tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159 tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390 udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346 __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422 ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254 dst_input linux/./include/net/dst.h:461 ip_rcv_finish linux/net/ipv4/ip_input.c:449 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534 __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648 process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976 __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576 napi_poll linux/net/core/dev.c:6645 net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781 __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 do_softirq linux/kernel/softirq.c:454 do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441 </IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381 local_bh_enable linux/./include/linux/bottom_half.h:33 rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851 __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378 dev_queue_xmit linux/./include/linux/netdevice.h:3169 neigh_hh_output linux/./include/net/neighbour.h:526 neigh_output linux/./include/net/neighbour.h:540 ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235 __ip_finish_output linux/net/ipv4/ip_output.c:313 __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323 NF_HOOK_COND linux/./include/linux/netfilter.h:303 ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433 dst_output linux/./include/net/dst.h:451 ip_local_out linux/net/ipv4/ip_output.c:129 ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492 udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963 udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250 inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850 sock_sendmsg_nosec linux/net/socket.c:730 __sock_sendmsg linux/net/socket.c:745 __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191 __do_sys_sendto linux/net/socket.c:2203 __se_sys_sendto linux/net/socket.c:2199 __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199 do_syscall_x64 linux/arch/x86/entry/common.c:52 do_syscall_64+0xd8/0x270 linux/arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 linux/arch/x86/entry/entry_64.S:120 RIP: 0033:0x7f3434974f29 Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 37 8f 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007fff9154f2b8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3434974f29 RDX: 00000000000032c8 RSI: 00007fff9154f300 RDI: 0000000000000003 RBP: 00007fff915532e0 R08: 00007fff91553360 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000212 R12: 000055ed86d261d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> In the critical scenario, either the relevant skb is freed or its ownership is transferred into a frag_lists. In both cases, the cleanup code must not free it again: we need to clear the skb reference earlier. Fixes: 1149557d64c9 ("tipc: eliminate unnecessary linearization of incoming buffers") Cc: stable(a)vger.kernel.org Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-23852 Acked-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> --- net/tipc/msg.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/tipc/msg.c b/net/tipc/msg.c index 5c9fd4791c4b..9a6e9bcbf694 100644 --- a/net/tipc/msg.c +++ b/net/tipc/msg.c @@ -156,6 +156,11 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) if (!head) goto err; + /* Either the input skb ownership is transferred to headskb + * or the input skb is freed, clear the reference to avoid + * bad access on error path. + */ + *buf = NULL; if (skb_try_coalesce(head, frag, &headstolen, &delta)) { kfree_skb_partial(frag, headstolen); } else { @@ -179,7 +184,6 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) *headbuf = NULL; return 1; } - *buf = NULL; return 0; err: kfree_skb(*buf); -- 2.43.2

1 year, 1 month

3
2
0 0

[PATCH] arm64: dts: qcom: qcs404: fix bluetooth device address

by Johan Hovold

The 'local-bd-address' property is used to pass a unique Bluetooth device address from the boot firmware to the kernel and should otherwise be left unset so that the OS can prevent the controller from being used until a valid address has been provided through some other means (e.g. using btmgmt). Fixes: 60f77ae7d1c1 ("arm64: dts: qcom: qcs404-evb: Enable uart3 and add Bluetooth") Cc: stable(a)vger.kernel.org # 5.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi index 10655401528e..a22b4501ce1e 100644 --- a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi +++ b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi @@ -62,7 +62,7 @@ bluetooth { vddrf-supply = <&vreg_l1_1p3>; vddch0-supply = <&vdd_ch0_3p3>; - local-bd-address = [ 02 00 00 00 5a ad ]; + local-bd-address = [ 00 00 00 00 00 00 ]; max-speed = <3200000>; }; -- 2.43.2

1 year, 1 month

3
2
0 0

Request to backport "bpf: Add missing BPF_LINK_TYPE invocations" to 6.6 kernel

by Ignat Korchagin

Hello, We recently saw a KASAN report on a 6.6.27 kernel similar to [1] and noticed that commit 117211aa739a ("bpf: Add missing BPF_LINK_TYPE invocations") was never backported to the 6.6 stable tree. Is there a reason? Can it be backported? [1]: https://lore.kernel.org/bpf/ZXptoKRSLspnk2ie@xpf.sh.intel.com/ Ignat

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] rust: macros: fix soundness issue in `module!` macro" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7044dcff8301b29269016ebd17df27c4736140d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042939-ended-heavily-2e5c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7044dcff8301 ("rust: macros: fix soundness issue in `module!` macro") 1b6170ff7a20 ("rust: module: place generated init_module() function in .init.text") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7044dcff8301b29269016ebd17df27c4736140d2 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Mon, 1 Apr 2024 18:52:50 +0000 Subject: [PATCH] rust: macros: fix soundness issue in `module!` macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Wedson Almeida Filho <walmeida(a)microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/nea… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..acd0393b5095 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,17 +199,6 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be // freed until the module is unloaded. #[cfg(MODULE)] @@ -221,81 +210,132 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { kernel::ThisModule::from_ptr(core::ptr::null_mut()) }}; - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + static mut __MOD: Option<{type_}> = None; - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ - unsafe {{ - __MOD = Some(m); + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} + + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this + // module and there only `__init` and `__exit` access it. These + // functions are only called once and `__exit` cannot be called + // before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} }} - return 0; }} - Err(e) => {{ - return e.to_errno(); + + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this module + // and there only `__init` and `__exit` access it. These functions are only + // called once and `__init` was already called. + unsafe {{ + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; + }} }} + + {modinfo} }} }} - - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; - }} - }} - - {modinfo} ", type_ = info.type_, name = info.name,

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] rust: macros: fix soundness issue in `module!` macro" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 7044dcff8301b29269016ebd17df27c4736140d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042938-computing-synthetic-f9fe@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 7044dcff8301 ("rust: macros: fix soundness issue in `module!` macro") 1b6170ff7a20 ("rust: module: place generated init_module() function in .init.text") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7044dcff8301b29269016ebd17df27c4736140d2 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Mon, 1 Apr 2024 18:52:50 +0000 Subject: [PATCH] rust: macros: fix soundness issue in `module!` macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Wedson Almeida Filho <walmeida(a)microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/nea… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..acd0393b5095 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,17 +199,6 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be // freed until the module is unloaded. #[cfg(MODULE)] @@ -221,81 +210,132 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { kernel::ThisModule::from_ptr(core::ptr::null_mut()) }}; - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + static mut __MOD: Option<{type_}> = None; - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ - unsafe {{ - __MOD = Some(m); + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} + + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this + // module and there only `__init` and `__exit` access it. These + // functions are only called once and `__exit` cannot be called + // before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} }} - return 0; }} - Err(e) => {{ - return e.to_errno(); + + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this module + // and there only `__init` and `__exit` access it. These functions are only + // called once and `__init` was already called. + unsafe {{ + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; + }} }} + + {modinfo} }} }} - - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; - }} - }} - - {modinfo} ", type_ = info.type_, name = info.name,

1 year, 1 month

2
1
0 0

[PATCH 2/5] Bluetooth: qca: fix info leak when fetching board id

by Johan Hovold

Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware. Fixes: a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") Cc: stable(a)vger.kernel.org # 6.7 Cc: Tim Jiang <quic_tjiang(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index a508d79d9aaa..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -252,6 +252,11 @@ static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) goto out; } + if (skb->len < 3) { + err = -EILSEQ; + goto out; + } + *bid = (edl->data[1] << 8) + edl->data[2]; bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); -- 2.43.2

1 year, 1 month

1
0
0 0

[PATCH 1/5] Bluetooth: qca: fix info leak when fetching fw build id

by Johan Hovold

Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. Fixes: c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") Cc: stable(a)vger.kernel.org # 5.12 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 25 +++++++++++++++++++++---- drivers/bluetooth/btqca.h | 1 - 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 38a770278103..a508d79d9aaa 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -99,7 +99,8 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) { struct sk_buff *skb; struct edl_event_hdr *edl; - char cmd, build_label[QCA_FW_BUILD_VER_LEN]; + char *build_label; + char cmd; int build_lbl_len, err = 0; bt_dev_dbg(hdev, "QCA read fw build info"); @@ -114,6 +115,11 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) return err; } + if (skb->len < sizeof(*edl)) { + err = -EILSEQ; + goto out; + } + edl = (struct edl_event_hdr *)(skb->data); if (!edl) { bt_dev_err(hdev, "QCA read fw build info with no header"); @@ -129,14 +135,25 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) goto out; } + if (skb->len < sizeof(*edl) + 1) { + err = -EILSEQ; + goto out; + } + build_lbl_len = edl->data[0]; - if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) { - memcpy(build_label, edl->data + 1, build_lbl_len); - *(build_label + build_lbl_len) = '\0'; + + if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { + err = -EILSEQ; + goto out; } + build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); + if (!build_label) + goto out; + hci_set_fw_info(hdev, "%s", build_label); + kfree(build_label); out: kfree_skb(skb); return err; diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h index 49ad668d0d0b..215433fd76a1 100644 --- a/drivers/bluetooth/btqca.h +++ b/drivers/bluetooth/btqca.h @@ -48,7 +48,6 @@ #define get_soc_ver(soc_id, rom_ver) \ ((le32_to_cpu(soc_id) << 16) | (le16_to_cpu(rom_ver))) -#define QCA_FW_BUILD_VER_LEN 255 #define QCA_HSP_GF_SOC_ID 0x1200 #define QCA_HSP_GF_SOC_MASK 0x0000ff00 -- 2.43.2

1 year, 1 month

1
0
0 0

[PATCH 28/45] drm/amd/display: Fix idle optimization checks for multi-display and dual eDP

by Tom Chung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [Why] Idle optimizations are blocked if there's more than one eDP connector on the board - blocking S0i3 and IPS2 for static screen. [How] Fix the checks to correctly detect number of active eDP. Also restrict the eDP support to panels that have correct feature support. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++++++++++++++---- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 1c71a5d4ac5d..bddcd23a2727 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -660,22 +660,43 @@ void dcn35_power_down_on_boot(struct dc *dc) bool dcn35_apply_idle_power_optimizations(struct dc *dc, bool enable) { - struct dc_link *edp_links[MAX_NUM_EDP]; - int i, edp_num; if (dc->debug.dmcub_emulation) return true; if (enable) { - dc_get_edp_links(dc, edp_links, &edp_num); - if (edp_num == 0 || edp_num > 1) - return false; + uint32_t num_active_edp = 0; + int i; for (i = 0; i < dc->current_state->stream_count; ++i) { struct dc_stream_state *stream = dc->current_state->streams[i]; + struct dc_link *link = stream->link; + bool is_psr = link && !link->panel_config.psr.disable_psr && + (link->psr_settings.psr_version == DC_PSR_VERSION_1 || + link->psr_settings.psr_version == DC_PSR_VERSION_SU_1); + bool is_replay = link && link->replay_settings.replay_feature_enabled; + + /* Ignore streams that disabled. */ + if (stream->dpms_off) + continue; + + /* Active external displays block idle optimizations. */ + if (!dc_is_embedded_signal(stream->signal)) + return false; + + /* If not PWRSEQ0 can't enter idle optimizations */ + if (link && link->link_index != 0) + return false; - if (!stream->dpms_off && !dc_is_embedded_signal(stream->signal)) + /* Check for panel power features required for idle optimizations. */ + if (!is_psr && !is_replay) return false; + + num_active_edp += 1; } + + /* If more than one active eDP then disallow. */ + if (num_active_edp > 1) + return false; } // TODO: review other cases when idle optimization is allowed -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH v2 3/3] Bluetooth: qca: generalise device address check

by Johan Hovold

The default device address apparently comes from the NVM configuration file and can differ quite a bit between controllers. Store the default address when parsing the configuration file and use it to determine whether the controller has been provisioned with an address. This makes sure that devices without a unique address start as unconfigured unless a valid address has been provided in the devicetree. Fixes: 00567f70051a ("Bluetooth: qca: fix invalid device address check") Cc: stable(a)vger.kernel.org # 6.5 Cc: Doug Anderson <dianders(a)chromium.org> Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 21 ++++++++++++--------- drivers/bluetooth/btqca.h | 2 ++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index f6c9f89a6311..c6b2dd4d1716 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,9 +15,6 @@ #define VERSION "0.1" -#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) -#define QCA_BDADDR_WCN3991 (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x98, 0x39 }}) - int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -387,6 +384,14 @@ static int qca_tlv_check_data(struct hci_dev *hdev, /* Update NVM tags as needed */ switch (tag_id) { + case EDL_TAG_ID_BD_ADDR: + if (tag_len != sizeof(bdaddr_t)) + return -EINVAL; + + memcpy(&config->bdaddr, tlv_nvm->data, sizeof(bdaddr_t)); + + break; + case EDL_TAG_ID_HCI: if (tag_len < 3) return -EINVAL; @@ -661,7 +666,7 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); -static int qca_check_bdaddr(struct hci_dev *hdev) +static int qca_check_bdaddr(struct hci_dev *hdev, const struct qca_fw_config *config) { struct hci_rp_read_bd_addr *bda; struct sk_buff *skb; @@ -685,10 +690,8 @@ static int qca_check_bdaddr(struct hci_dev *hdev) } bda = (struct hci_rp_read_bd_addr *)skb->data; - if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT) || - !bacmp(&bda->bdaddr, QCA_BDADDR_WCN3991)) { + if (!bacmp(&bda->bdaddr, &config->bdaddr)) set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - } kfree_skb(skb); @@ -716,7 +719,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, const char *firmware_name) { - struct qca_fw_config config; + struct qca_fw_config config = {}; int err; u8 rom_ver = 0; u32 soc_ver; @@ -901,7 +904,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } - err = qca_check_bdaddr(hdev); + err = qca_check_bdaddr(hdev, &config); if (err) return err; diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h index dc31984f71dc..49ad668d0d0b 100644 --- a/drivers/bluetooth/btqca.h +++ b/drivers/bluetooth/btqca.h @@ -29,6 +29,7 @@ #define EDL_PATCH_CONFIG_RES_EVT (0x00) #define QCA_DISABLE_LOGGING_SUB_OP (0x14) +#define EDL_TAG_ID_BD_ADDR 2 #define EDL_TAG_ID_HCI (17) #define EDL_TAG_ID_DEEP_SLEEP (27) @@ -94,6 +95,7 @@ struct qca_fw_config { uint8_t user_baud_rate; enum qca_tlv_dnld_mode dnld_mode; enum qca_tlv_dnld_mode dnld_type; + bdaddr_t bdaddr; }; struct edl_event_hdr { -- 2.43.2

1 year, 1 month

3
2
0 0

[PATCH v2 1/3] Bluetooth: qca: add missing firmware sanity checks

by Johan Hovold

Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size; -- 2.43.2

1 year, 1 month

2
1
0 0

[PATCH net] mptcp: ensure snd_nxt is properly initialized on connect

by Matthieu Baerts (NGI0)

From: Paolo Abeni <pabeni(a)redhat.com> Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8 8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe <0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9 RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4 RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000 R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0 Call Trace: <TASK> __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline] mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline] __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615 mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767 process_one_work+0x1e0/0x560 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x3c7/0x640 kernel/workqueue.c:3416 kthread+0x121/0x170 kernel/kthread.c:388 ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values. We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice. Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time. Fixes: 8fd738049ac3 ("mptcp: fallback in case of simultaneous connect") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/485 Tested-by: Christoph Paasch <cpaasch(a)apple.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/protocol.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7e74b812e366..965eb69dc5de 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3723,6 +3723,9 @@ static int mptcp_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_TOKENFALLBACKINIT); mptcp_subflow_early_fallback(msk, subflow); } + + WRITE_ONCE(msk->write_seq, subflow->idsn); + WRITE_ONCE(msk->snd_nxt, subflow->idsn); if (likely(!__mptcp_check_fallback(msk))) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVE); --- base-commit: ba1cb99b559e3b12db8b65ca9ff03358ea318064 change-id: 20240429-upstream-net-20240429-mptcp-snd_nxt-init-connect-d9844d880f48 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
1
0 0

[PATCH net] e1000e: change usleep_range to udelay in PHY mdic access

by Tony Nguyen

From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems"). The referenced commit used usleep_range inside the PHY access routines, which are sometimes called from an atomic context. This can lead to a kernel panic in some scenarios, such as cable disconnection and reconnection on vPro systems. Solve this by changing the usleep_range calls back to udelay. Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems") Cc: stable(a)vger.kernel.org Reported-by: Jérôme Carretero <cJ(a)zougloub.eu> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740 Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel… Co-developed-by: Sasha Neftin <sasha.neftin(a)intel.com> Signed-off-by: Sasha Neftin <sasha.neftin(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c index 93544f1cc2a5..f7ae0e0aa4a4 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) * the lower time out */ for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - usleep_range(50, 60); + udelay(50); mdic = er32(MDIC); if (mdic & E1000_MDIC_READY) break; @@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) * reading duplicate data in the next MDIC transaction. */ if (hw->mac.type == e1000_pch2lan) - usleep_range(100, 150); + udelay(100); if (success) { *data = (u16)mdic; @@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) * the lower time out */ for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - usleep_range(50, 60); + udelay(50); mdic = er32(MDIC); if (mdic & E1000_MDIC_READY) break; @@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) * reading duplicate data in the next MDIC transaction. */ if (hw->mac.type == e1000_pch2lan) - usleep_range(100, 150); + udelay(100); if (success) return 0; -- 2.41.0

1 year, 1 month

3
2
0 0

[PATCH] [PATCH 6.6]Revert "selftests/bpf: Add netkit to tc_redirect selftest"

by xiaopeitux＠foxmail.com

From: Pei Xiao <xiaopei01(a)kylinos.cn> This commit depends on bpf netkit series which isn't on linux-6.6.y branch yet. So it needs to be reverted. Otherwise, a build error "netlink_helpers.h: No such file or directory" occurs. This reverts commit 1ccc54df579701a2b6ec10bd2448ea3b65043c1a. Cc: stable(a)vger.kernel.org Signed-off-by: Pei Xiao <xiaopei01(a)kylinos.cn> Reported-by: Geliang Tang <geliang(a)kernel.org> Tested-by: Geliang Tang <geliang(a)kernel.org> --- .../selftests/bpf/prog_tests/tc_redirect.c | 52 ------------------- 1 file changed, 52 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c index dbe06aeaa2b2..af3c31f82a8a 100644 --- a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c +++ b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c @@ -24,7 +24,6 @@ #include "test_progs.h" #include "network_helpers.h" -#include "netlink_helpers.h" #include "test_tc_neigh_fib.skel.h" #include "test_tc_neigh.skel.h" #include "test_tc_peer.skel.h" @@ -113,7 +112,6 @@ static void netns_setup_namespaces_nofail(const char *verb) enum dev_mode { MODE_VETH, - MODE_NETKIT, }; struct netns_setup_result { @@ -144,52 +142,11 @@ static int get_ifaddr(const char *name, char *ifaddr) return 0; } -static int create_netkit(int mode, char *prim, char *peer) -{ - struct rtattr *linkinfo, *data, *peer_info; - struct rtnl_handle rth = { .fd = -1 }; - const char *type = "netkit"; - struct { - struct nlmsghdr n; - struct ifinfomsg i; - char buf[1024]; - } req = {}; - int err; - - err = rtnl_open(&rth, 0); - if (!ASSERT_OK(err, "open_rtnetlink")) - return err; - - memset(&req, 0, sizeof(req)); - req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); - req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL; - req.n.nlmsg_type = RTM_NEWLINK; - req.i.ifi_family = AF_UNSPEC; - - addattr_l(&req.n, sizeof(req), IFLA_IFNAME, prim, strlen(prim)); - linkinfo = addattr_nest(&req.n, sizeof(req), IFLA_LINKINFO); - addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, type, strlen(type)); - data = addattr_nest(&req.n, sizeof(req), IFLA_INFO_DATA); - addattr32(&req.n, sizeof(req), IFLA_NETKIT_MODE, mode); - peer_info = addattr_nest(&req.n, sizeof(req), IFLA_NETKIT_PEER_INFO); - req.n.nlmsg_len += sizeof(struct ifinfomsg); - addattr_l(&req.n, sizeof(req), IFLA_IFNAME, peer, strlen(peer)); - addattr_nest_end(&req.n, peer_info); - addattr_nest_end(&req.n, data); - addattr_nest_end(&req.n, linkinfo); - - err = rtnl_talk(&rth, &req.n, NULL); - ASSERT_OK(err, "talk_rtnetlink"); - rtnl_close(&rth); - return err; -} - static int netns_setup_links_and_routes(struct netns_setup_result *result) { struct nstoken *nstoken = NULL; char src_fwd_addr[IFADDR_STR_LEN+1] = {}; char src_addr[IFADDR_STR_LEN + 1] = {}; - int err; if (result->dev_mode == MODE_VETH) { SYS(fail, "ip link add src type veth peer name src_fwd"); @@ -197,13 +154,6 @@ static int netns_setup_links_and_routes(struct netns_setup_result *result) SYS(fail, "ip link set dst_fwd address " MAC_DST_FWD); SYS(fail, "ip link set dst address " MAC_DST); - } else if (result->dev_mode == MODE_NETKIT) { - err = create_netkit(NETKIT_L3, "src", "src_fwd"); - if (!ASSERT_OK(err, "create_ifindex_src")) - goto fail; - err = create_netkit(NETKIT_L3, "dst", "dst_fwd"); - if (!ASSERT_OK(err, "create_ifindex_dst")) - goto fail; } if (get_ifaddr("src_fwd", src_fwd_addr)) @@ -1266,9 +1216,7 @@ static void *test_tc_redirect_run_tests(void *arg) netns_setup_namespaces_nofail("delete"); RUN_TEST(tc_redirect_peer, MODE_VETH); - RUN_TEST(tc_redirect_peer, MODE_NETKIT); RUN_TEST(tc_redirect_peer_l3, MODE_VETH); - RUN_TEST(tc_redirect_peer_l3, MODE_NETKIT); RUN_TEST(tc_redirect_neigh, MODE_VETH); RUN_TEST(tc_redirect_neigh_fib, MODE_VETH); RUN_TEST(tc_redirect_dtime, MODE_VETH); -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH] drm/xe: Unmap userptr in MMU invalidation notifier

by Matthew Brost

To be secure, when a userptr is invalidated the pages should be dma unmapped ensuring the device can no longer touch the invalidated pages. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Fixes: 12f4b58a37f4 ("drm/xe: Use hmm_range_fault to populate user pages") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.8 Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_vm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index dfd31b346021..964a5b4d47d8 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -637,6 +637,9 @@ static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, XE_WARN_ON(err); } + if (userptr->sg) + xe_hmm_userptr_free_sg(uvma); + trace_xe_vma_userptr_invalidate_complete(vma); return true; -- 2.34.1

1 year, 1 month

3
7
0 0

[PATCH] crypto: arm64: use simd_skcipher_create() when registering aes internal algs

by Liam Kearney

The arm64 crypto drivers duplicate driver names when adding simd variants, which after backported commit 27016f75f5ed ("crypto: api - Disallow identical driver names"), causes an error that leads to the aes algs not being installed. On weaker processors this results in hangs due to falling back to SW crypto. Use simd_skcipher_create() as it will properly namespace the new algs. This issue does not exist in mainline/latest (and stable v6.1+) as the driver has been refactored to remove the simd algs from this code path. Fixes: 27016f75f5ed ("crypto: api - Disallow identical driver names") Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Liam Kearney <liam.kearney(a)canonical.com> --- arch/arm64/crypto/aes-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/crypto/aes-glue.c b/arch/arm64/crypto/aes-glue.c index aa13344a3a5e..af862e52a36b 100644 --- a/arch/arm64/crypto/aes-glue.c +++ b/arch/arm64/crypto/aes-glue.c @@ -1028,7 +1028,6 @@ static int __init aes_init(void) struct simd_skcipher_alg *simd; const char *basename; const char *algname; - const char *drvname; int err; int i; @@ -1045,9 +1044,8 @@ static int __init aes_init(void) continue; algname = aes_algs[i].base.cra_name + 2; - drvname = aes_algs[i].base.cra_driver_name + 2; basename = aes_algs[i].base.cra_driver_name; - simd = simd_skcipher_create_compat(algname, drvname, basename); + simd = simd_skcipher_create(algname, basename); err = PTR_ERR(simd); if (IS_ERR(simd)) goto unregister_simds; -- 2.40.1

1 year, 1 month

1
0
0 0

[PATCH v2] usb: dwc3: Wait unconditionally after issuing EndXfer command

by Prashanth K

Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Cc: <stable(a)vger.kernel.org> Fixes: b353eb6dc285 ("usb: dwc3: gadget: Skip waiting for CMDACT cleared during endxfer") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- Changes in v2: Changed the patch logic from CMDACT polling to 1ms mdelay. Updated subject and commit accordingly. Link to v1: https://lore.kernel.org/all/20240422090539.3986723-1-quic_prashk@quicinc.co… drivers/usb/dwc3/gadget.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4df2661f6675..666eae94524f 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1724,8 +1724,7 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int dep->resource_index = 0; if (!interrupt) { - if (!DWC3_IP_IS(DWC3) || DWC3_VER_IS_PRIOR(DWC3, 310A)) - mdelay(1); + mdelay(1); dep->flags &= ~DWC3_EP_TRANSFER_STARTED; } else if (!ret) { dep->flags |= DWC3_EP_END_TRANSFER_PENDING; -- 2.25.1

1 year, 1 month

3
3
0 0

[PATCH v3 1/2] cxl/core: correct length of DPA field masks

by Shiyang Ruan

The length of Physical Address in General Media Event Record/DRAM Event Record is 64-bit, so the field mask should be defined as such length. Otherwise, this causes cxl_general_media and cxl_dram tracepoints to mask off the upper-32-bits of DPA addresses. The cxl_poison event is unaffected. If userspace was doing its own DPA-to-HPA translation this could lead to incorrect page retirement decisions, but there is no known consumer (like rasdaemon) of this event today. Fixes: d54a531a430b ("cxl/mem: Trace General Media Event Record") Cc: <stable(a)vger.kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Shiyang Ruan <ruansy.fnst(a)fujitsu.com> --- drivers/cxl/core/trace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cxl/core/trace.h b/drivers/cxl/core/trace.h index e5f13260fc52..cdfce932d5b1 100644 --- a/drivers/cxl/core/trace.h +++ b/drivers/cxl/core/trace.h @@ -253,7 +253,7 @@ TRACE_EVENT(cxl_generic_event, * DRAM Event Record * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44 */ -#define CXL_DPA_FLAGS_MASK 0x3F +#define CXL_DPA_FLAGS_MASK 0x3FULL #define CXL_DPA_MASK (~CXL_DPA_FLAGS_MASK) #define CXL_DPA_VOLATILE BIT(0) -- 2.34.1

1 year, 1 month

4
7
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Fix access width used for PCC registers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f489c948028b69cea235d9c0de1cc10eeb26a172 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042905-puppy-heritage-e422@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f489c948028b ("ACPI: CPPC: Fix access width used for PCC registers") 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") 0651ab90e4ad ("ACPI: CPPC: Check _OSC for flexible address space") c42fa24b4475 ("ACPI: bus: Avoid using CPPC if not supported by firmware") 2ca8e6285250 ("Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"") f684b1075128 ("ACPI: CPPC: Drop redundant local variable from cpc_read()") 5f51c7ce1dc3 ("ACPI: CPPC: Fix up I/O port access in cpc_read()") a2c8f92bea5f ("ACPI: CPPC: Implement support for SystemIO registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f489c948028b69cea235d9c0de1cc10eeb26a172 Mon Sep 17 00:00:00 2001 From: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Date: Thu, 11 Apr 2024 16:18:44 -0700 Subject: [PATCH] ACPI: CPPC: Fix access width used for PCC registers commit 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") modified cpc_read()/cpc_write() to use access_width to read CPC registers. However, for PCC registers the access width field in the ACPI register macro specifies the PCC subspace ID. For non-zero PCC subspace ID it is incorrectly treated as access width. This causes errors when reading from PCC registers in the CPPC driver. For PCC registers, base the size of read/write on the bit width field. The debug message in cpc_read()/cpc_write() is updated to print relevant information for the address space type used to read the register. Fixes: 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 00a30ca35e78..a40b6f3946ef 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) } *val = 0; + size = GET_BIT_WIDTH(reg); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; status = acpi_os_read_port((acpi_io_address)reg->address, - &val_u32, width); + &val_u32, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to read SystemIO port %llx\n", reg->address); @@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = val_u32; return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_read_ffh(cpu, reg, val); else return acpi_os_read_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); switch (size) { case 8: @@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = readq_relaxed(vaddr); break; default: - pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot read %u bit width from system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", + size, pcc_ss_id); + } return -EFAULT; } @@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; + size = GET_BIT_WIDTH(reg); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, - (u32)val, width); + (u32)val, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to write SystemIO port %llx\n", reg->address); @@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) } return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_write_ffh(cpu, reg, val); else return acpi_os_write_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) val = MASK_VAL(reg, val); @@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) writeq_relaxed(val, vaddr); break; default: - pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot write %u bit width to system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } ret_val = -EFAULT; break; }

1 year, 1 month

3
7
0 0

[PATCH v2 2/3] Bluetooth: qca: fix NVM configuration parsing

by Johan Hovold

The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL; -- 2.43.2

1 year, 1 month

1
0
0 0

Re: Patch "arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block" has been added to the 4.19-stable tree

by Matthias Brugger

On 4/28/24 13:24, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > arm64-dts-mediatek-mt7622-drop-reset-names-from-ther.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 9628765c4a0eefa9474ef4a0698691a10395a469 > Author: Rafał Miłecki <rafal(a)milecki.pl> > Date: Sun Mar 17 23:10:50 2024 +0100 > > arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block > > [ Upstream commit ecb5b0034f5bcc35003b4b965cf50c6e98316e79 ] > > Binding doesn't specify "reset-names" property and Linux driver also > doesn't use it. > I think that's an open discussion item if fixes to DTS checks are valid stable backports. From my point of view there is no bug so it shouldn't be in stable. Regards, Matthias > Fix following validation error: > arch/arm64/boot/dts/mediatek/mt7622-rfb1.dtb: thermal@1100b000: Unevaluated properties are not allowed ('reset-names' was unexpected) > from schema $id: http://devicetree.org/schemas/thermal/mediatek,thermal.yaml# > > Fixes: ae457b7679c4 ("arm64: dts: mt7622: add SoC and peripheral related device nodes") > Signed-off-by: Rafał Miłecki <rafal(a)milecki.pl> > Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Link: https://lore.kernel.org/r/20240317221050.18595-5-zajec5@gmail.com > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/arm64/boot/dts/mediatek/mt7622.dtsi b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > index 76297dac2d459..f8df34ac1e64d 100644 > --- a/arch/arm64/boot/dts/mediatek/mt7622.dtsi > +++ b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > @@ -459,7 +459,6 @@ thermal: thermal@1100b000 { > <&pericfg CLK_PERI_AUXADC_PD>; > clock-names = "therm", "auxadc"; > resets = <&pericfg MT7622_PERI_THERM_SW_RST>; > - reset-names = "therm"; > mediatek,auxadc = <&auxadc>; > mediatek,apmixedsys = <&apmixedsys>; > nvmem-cells = <&thermal_calibration>;

1 year, 1 month

2
1
0 0

Re: Patch "arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"" has been added to the 4.19-stable tree

by Matthias Brugger

On 4/28/24 13:24, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > arm64-dts-mediatek-mt7622-fix-ethernet-controller-co.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit b6f34784d92ba280c8a4f42e22fee3c41cd09c3f > Author: Rafał Miłecki <rafal(a)milecki.pl> > Date: Sun Mar 17 23:10:49 2024 +0100 > > arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" > > [ Upstream commit 208add29ce5b7291f6c466e4dfd9cbf61c72888e ] > > Fix following validation error: > arch/arm64/boot/dts/mediatek/mt7622-rfb1.dtb: ethernet@1b100000: compatible: ['mediatek,mt7622-eth', 'mediatek,mt2701-eth', 'syscon'] is too long > from schema $id: http://devicetree.org/schemas/net/mediatek,net.yaml# > (and other complains about wrong clocks). > DTS validation fix, not a real bug. From my point of view it shouldn't be in stable. I won't go on in the list, I would like to hear from others how serious they see it. With my distro hat on, this kind of stable fixes are not helpfull to make a code base stable (as there is no stability issue). Matthias > Fixes: 5f599b3a0bb8 ("arm64: dts: mt7622: add ethernet device nodes") > Signed-off-by: Rafał Miłecki <rafal(a)milecki.pl> > Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Link: https://lore.kernel.org/r/20240317221050.18595-4-zajec5@gmail.com > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/arm64/boot/dts/mediatek/mt7622.dtsi b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > index 5c12e9dad9167..76297dac2d459 100644 > --- a/arch/arm64/boot/dts/mediatek/mt7622.dtsi > +++ b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > @@ -846,9 +846,7 @@ hsdma: dma-controller@1b007000 { > }; > > eth: ethernet@1b100000 { > - compatible = "mediatek,mt7622-eth", > - "mediatek,mt2701-eth", > - "syscon"; > + compatible = "mediatek,mt7622-eth"; > reg = <0 0x1b100000 0 0x20000>; > interrupts = <GIC_SPI 223 IRQ_TYPE_LEVEL_LOW>, > <GIC_SPI 224 IRQ_TYPE_LEVEL_LOW>,

1 year, 1 month

1
0
0 0

[STABLE 6.6.y] ovl: fix memory leak in ovl_parse_param()

by Jingbo Xu

From: Amir Goldstein <amir73il(a)gmail.com> commit 37f32f52643869131ec01bb69bdf9f404f6109fb upstream. On failure to parse parameters in ovl_parse_param_lowerdir(), it is necessary to update ctx->nr with the correct nr before using ovl_reset_lowerdirs() to release l->name. Reported-and-tested-by: syzbot+26eedf3631650972f17c(a)syzkaller.appspotmail.com Fixes: c835110b588a ("ovl: remove unused code in lowerdir param parsing") Co-authored-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> --- Commit c835110b588a ("ovl: remove unused code in lowerdir param parsing") was back ported to 6.6.y as a "Stable-dep-of" of commit 2824083db76c ("ovl: Always reject mounting over case-insensitive directories"), while omitting the fix for commit c835110b588a itself. Maybe that is because by the time commit 37f32f526438 (the fix) is merged into master branch, commit c835110b588a has not been back ported to 6.6.y yet. This causes ltp test warning on vfat (EBUSY when umounting) [1]: tst_test.c:1701: TINFO: === Testing on vfat === tst_test.c:1117: TINFO: Formatting /dev/loop0 with vfat opts='' extra opts='' tst_test.c:1131: TINFO: Mounting /dev/loop0 to /tmp/ltp-XeGbUgDq5N/LTP_fankzf5WQ/mntpoint fstyp=vfat flags=0 fanotify13.c:152: TINFO: Test #0.1: FAN_REPORT_FID with mark flag: FAN_MARK_INODE fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #1.1: FAN_REPORT_FID with mark flag: FAN_MARK_INODE fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #2.1: FAN_REPORT_FID with mark flag: FAN_MARK_MOUNT fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #3.1: FAN_REPORT_FID with mark flag: FAN_MARK_MOUNT fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #4.1: FAN_REPORT_FID with mark flag: FAN_MARK_FILESYSTEM fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #5.1: FAN_REPORT_FID with mark flag: FAN_MARK_FILESYSTEM fanotify13.c:157: TCONF: overlayfs not supported on vfat tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 1... tst_device.c:412: TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests. tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 2... tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 3... tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 4... Reproduce: /opt/ltp/runltp -f syscalls -s fanotify13 The original fix is applied to 6.6.y without conflict. [1] https://lists.linux.it/pipermail/ltp/2023-November/036189.html --- fs/overlayfs/params.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index ad3593a41fb5..488f920f79d2 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -438,7 +438,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) struct ovl_fs_context *ctx = fc->fs_private; struct ovl_fs_context_layer *l; char *dup = NULL, *iter; - ssize_t nr_lower = 0, nr = 0, nr_data = 0; + ssize_t nr_lower, nr; bool data_layer = false; /* @@ -490,6 +490,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) iter = dup; l = ctx->lower; for (nr = 0; nr < nr_lower; nr++, l++) { + ctx->nr++; memset(l, 0, sizeof(*l)); err = ovl_mount_dir(iter, &l->path); @@ -506,10 +507,10 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) goto out_put; if (data_layer) - nr_data++; + ctx->nr_data++; /* Calling strchr() again would overrun. */ - if ((nr + 1) == nr_lower) + if (ctx->nr == nr_lower) break; err = -EINVAL; @@ -519,7 +520,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) * This is a regular layer so we require that * there are no data layers. */ - if ((ctx->nr_data + nr_data) > 0) { + if (ctx->nr_data > 0) { pr_err("regular lower layers cannot follow data lower layers"); goto out_put; } @@ -532,8 +533,6 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) data_layer = true; iter++; } - ctx->nr = nr_lower; - ctx->nr_data += nr_data; kfree(dup); return 0; -- 2.19.1.6.gb485710b

1 year, 1 month

3
2
0 0

[PATCH 08/17] net: lan966x: remove debugfs directory in probe() error path

by Herve Codina

A debugfs directory entry is create early during probe(). This entry is not removed on error path leading to some "already present" issues in case of EPROBE_DEFER. Create this entry later in the probe() code to avoid the need to change many 'return' in 'goto' and add the removal in the already present error path. Fixes: 942814840127 ("net: lan966x: Add VCAP debugFS support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c index 2635ef8958c8..61d88207eed4 100644 --- a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c +++ b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c @@ -1087,8 +1087,6 @@ static int lan966x_probe(struct platform_device *pdev) platform_set_drvdata(pdev, lan966x); lan966x->dev = &pdev->dev; - lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); - if (!device_get_mac_address(&pdev->dev, mac_addr)) { ether_addr_copy(lan966x->base_mac, mac_addr); } else { @@ -1179,6 +1177,8 @@ static int lan966x_probe(struct platform_device *pdev) return dev_err_probe(&pdev->dev, -ENODEV, "no ethernet-ports child found\n"); + lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); + /* init switch */ lan966x_init(lan966x); lan966x_stats_init(lan966x); @@ -1257,6 +1257,8 @@ static int lan966x_probe(struct platform_device *pdev) destroy_workqueue(lan966x->stats_queue); mutex_destroy(&lan966x->stats_lock); + debugfs_remove_recursive(lan966x->debugfs_root); + return err; } -- 2.44.0

1 year, 1 month

2
2
0 0

Re: [PATCH 6.8 000/228] 6.8.9-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 1 month

1
0
0 0

[PATCH 5.10 000/138] 5.10.216-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.216 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.216-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.216-rc1 Guenter Roeck <linux(a)roeck-us.net> riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: add support for coherent DMA Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Guo Ren <guoren(a)linux.alibaba.com> riscv: Enable per-task stack canaries Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Daisuke Mizobuchi <mizo(a)atmark-techno.com> mailbox: imx: fix suspend failue Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Makefile | 4 +- arch/Kconfig | 8 ++ arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 ++++++--- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/riscv/Kconfig | 8 ++ arch/riscv/Makefile | 10 ++ arch/riscv/include/asm/pgtable.h | 4 +- arch/riscv/include/asm/stackprotector.h | 3 +- arch/riscv/kernel/asm-offsets.c | 3 + arch/riscv/kernel/process.c | 5 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/devfreq/devfreq.c | 59 +++++--- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/dma/xilinx/xilinx_dpdma.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 ++-- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/iommu/intel/svm.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/mailbox/imx-mailbox.c | 8 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/misc/mei/pci-me.c | 2 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 +++-- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +-- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/irqflags.h | 2 +- include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/bluetooth/bluetooth.h | 9 ++ include/net/ip_tunnels.h | 33 +++++ init/main.c | 2 + kernel/bounds.c | 2 +- kernel/cpu.c | 3 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 26 ++-- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 7 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_chain_filter.c | 4 +- net/netfilter/nft_set_pipapo.c | 14 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- 123 files changed, 1058 insertions(+), 476 deletions(-)

1 year, 1 month

2
140
0 0

[PATCH] x86/purgatory: Switch to the position-independent small code model

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> On x86, the ordinary, position dependent 'small' and 'kernel' code models only support placement of the executable in 32-bit addressable memory, due to the use of 32-bit signed immediates to generate references to global variables. For the kernel, this implies that all global variables must reside in the top 2 GiB of the kernel virtual address space, where the implicit address bits 63:32 are equal to sign bit 31. This means the kernel code model is not suitable for other bare metal executables such as the kexec purgatory, which can be placed arbitrarily in the physical address space, where its address may no longer be representable as a sign extended 32-bit quantity. For this reason, commit e16c2983fba0 ("x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors") switched to the 'large' code model, which uses 64-bit immediates for all symbol references, including function calls, in order to avoid relying on any assumptions regarding proximity of symbols in the final executable. The large code model is rarely used, clunky and the least likely to operate in a similar fashion when comparing GCC and Clang, so it is best avoided. This is especially true now that Clang 18 has started to emit executable code in two separate sections (.text and .ltext), which triggers an issue in the kexec loading code at runtime. Instead, use the position independent small code model, which makes no assumptions about placement but only about proximity, where all referenced symbols must be within -/+ 2 GiB, i.e., in range for a RIP-relative reference. Use hidden visibility to suppress the use of a GOT, which carries absolute addresses that are not covered by static ELF relocations, and is therefore incompatible with the kexec loader's relocation logic. Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Song Liu <song(a)kernel.org> Cc: Ricardo Ribalda <ribalda(a)kernel.org> Cc: Fangrui Song <maskray(a)google.com> Cc: Arthur Eubanks <aeubanks(a)google.com> Link: https://lore.kernel.org/all/20240417-x86-fix-kexec-with-llvm-18-v1-0-538312… Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/x86/purgatory/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index bc31863c5ee6..a18591f6e6d9 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -42,7 +42,8 @@ KCOV_INSTRUMENT := n # make up the standalone purgatory.ro PURGATORY_CFLAGS_REMOVE := -mcmodel=kernel -PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss -g0 +PURGATORY_CFLAGS := -mcmodel=small -ffreestanding -fno-zero-initialized-in-bss -g0 +PURGATORY_CFLAGS += -fpic -fvisibility=hidden PURGATORY_CFLAGS += $(DISABLE_STACKLEAK_PLUGIN) -DDISABLE_BRANCH_PROFILING PURGATORY_CFLAGS += -fno-stack-protector -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

8
11
0 0

[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/tty/serial/sc16is7xx.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..dcd6c5615401 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -555,16 +555,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -574,9 +586,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -592,7 +605,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, base-commit: 660a708098569a66a47d0abdad998e29e1259de6 -- 2.39.2

1 year, 1 month

4
7
0 0

[PATCH 1/1] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by srinivas.kandagatla＠linaro.org

From: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- 2.25.1

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042925-enrich-charbroil-ce36@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") e94ee171349d ("xfrm: Use correct address family in xfrm_state_find") 5eff06902394 ("ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg") 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") ed52f2c608c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 1 month

3
4
0 0

[PATCH 1/4] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by srinivas.kandagatla＠linaro.org

From: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- 2.25.1

1 year, 1 month

1
0
0 0

[PATCH v5.4] dm: limit the number of targets and parameter size area

by Srish Srinivasan

From: Mikulas Patocka <mpatocka(a)redhat.com> commit bd504bcfec41a503b32054da5472904b404341a4 upstream. The kvmalloc function fails with a warning if the size is larger than INT_MAX. The warning was triggered by a syscall testing robot. In order to avoid the warning, this commit limits the number of targets to 1048576 and the size of the parameter area to 1073741824. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Signed-off-by: He Gao <hegao(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [srish: Apply to stable branch linux-5.4.y] Signed-off-by: Srish Srinivasan <srish.srinivasan(a)broadcom.com> --- drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index 3fea121fc..e3c3bbe92 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -18,6 +18,8 @@ #include "dm.h" #define DM_RESERVED_MAX_IOS 1024 +#define DM_MAX_TARGETS 1048576 +#define DM_MAX_TARGET_PARAMS 1024 struct dm_kobject_holder { struct kobject kobj; diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 8e787677a..e89e710dd 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1760,7 +1760,8 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern if (copy_from_user(param_kernel, user, minimum_data_size)) return -EFAULT; - if (param_kernel->data_size < minimum_data_size) + if (unlikely(param_kernel->data_size < minimum_data_size) || + unlikely(param_kernel->data_size > DM_MAX_TARGETS * DM_MAX_TARGET_PARAMS)) return -EINVAL; secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 8b05d938a..fcb9e2775 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -184,7 +184,12 @@ static int alloc_targets(struct dm_table *t, unsigned int num) int dm_table_create(struct dm_table **result, fmode_t mode, unsigned num_targets, struct mapped_device *md) { - struct dm_table *t = kzalloc(sizeof(*t), GFP_KERNEL); + struct dm_table *t; + + if (num_targets > DM_MAX_TARGETS) + return -EOVERFLOW; + + t = kzalloc(sizeof(*t), GFP_KERNEL); if (!t) return -ENOMEM; @@ -199,7 +204,7 @@ int dm_table_create(struct dm_table **result, fmode_t mode, if (!num_targets) { kfree(t); - return -ENOMEM; + return -EOVERFLOW; } if (alloc_targets(t, num_targets)) { -- 2.35.6

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-strobe-squatted-ad63@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-purge-pegboard-b8f1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042920-overcoat-cannot-efc1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") e94ee171349d ("xfrm: Use correct address family in xfrm_state_find") 5eff06902394 ("ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg") 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") ed52f2c608c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 1 month

2
1
0 0

[PATCH 6.1.y 1/4] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads

by Rahul Rameshbabu

commit 475747a19316b08e856c666a20503e73d7ed67ed upstream. Omit rx_use_md_dst comment in upstream commit since macsec_ops is not documented. Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- include/net/macsec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/macsec.h b/include/net/macsec.h index 65c93959c2dc..dd578d193f9a 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -302,6 +302,7 @@ struct macsec_ops { int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx); + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa); -- 2.42.0

1 year, 1 month

2
4
0 0

Re: Kernel Issue: Wrong EFI Loader Signature followed by Kernel Panic

by Greg KH

On Tue, Apr 30, 2024 at 01:20:27PM +0530, Atishya Jain wrote: > XDP is used for Fast Packet Processing which is only on the RX path of the > kernel . XDP on TX path is not supported by the kernel . > Mail list for egress XDP : (Add Support of egress XDP patch ) If you rely on external changes, please work with the developers of those changes, nothing we can do about them. > So I Extracted the patch from it and first Applied on the latest Version > only but got many failed to patch messages so I looked for different > versions and 5.4 got matched almost perfectly . Again, 5.4 is VERY old, and probably is doing something wrong with the efi stuff that your system is expecting. Please try a more modern kernel version please. good luck! greg k-h

1 year, 1 month

1
0
0 0

[PATCH v2] Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V"

by Mingzheng Xing

This reverts commit 1d6cd2146c2b58bc91266db1d5d6a5f9632e14c0 which was mistakenly added into v6.6.y and the commit corresponding to the 'Fixes:' tag is invalid. For more information, see link [1]. This will result in the loss of Crashkernel data in /proc/iomem, and kdump failed: ``` Memory for crashkernel is not reserved Please reserve memory by passing"crashkernel=Y@X" parameter to kernel Then try to loading kdump kernel ``` After revert, kdump works fine. Tested on QEMU riscv. Link: https://lore.kernel.org/linux-riscv/ZSiQRDGLZk7lpakE@MiWiFi-R3L-srv [1] Cc: Baoquan He <bhe(a)redhat.com> Cc: Chen Jiahao <chenjiahao16(a)huawei.com> Signed-off-by: Mingzheng Xing <xingmingzheng(a)iscas.ac.cn> --- v1 -> v2: - Changed the commit message - Added Cc: v1: https://lore.kernel.org/stable/20240416085647.14376-1-xingmingzheng@iscas.a… arch/riscv/kernel/setup.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index aac853ae4eb74..e600aab116a40 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -173,6 +173,19 @@ static void __init init_resources(void) if (ret < 0) goto error; +#ifdef CONFIG_KEXEC_CORE + if (crashk_res.start != crashk_res.end) { + ret = add_resource(&iomem_resource, &crashk_res); + if (ret < 0) + goto error; + } + if (crashk_low_res.start != crashk_low_res.end) { + ret = add_resource(&iomem_resource, &crashk_low_res); + if (ret < 0) + goto error; + } +#endif + #ifdef CONFIG_CRASH_DUMP if (elfcorehdr_size > 0) { elfcorehdr_res.start = elfcorehdr_addr; -- 2.34.1

1 year, 1 month

3
3
0 0

[PATCH 4.19 000/175] 4.19.312-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.312 release. There are 175 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.312-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.312-rc1 Geert Uytterhoeven <geert(a)linux-m68k.org> initramfs: fix populate_initrd_image() section mismatch Hangbin Liu <liuhangbin(a)gmail.com> ip_gre: do not report erspan version on GRE interface William Tu <u9012063(a)gmail.com> erspan: Check IFLA_GRE_ERSPAN_VER is set. Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Guo Mengqi <guomengqi3(a)huawei.com> drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head William Tu <u9012063(a)gmail.com> erspan: Add type I version 0 support. John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Christoph Hellwig <hch(a)lst.de> initramfs: switch initramfs unpacking to struct file based APIs Christoph Hellwig <hch(a)lst.de> fs: add a vfs_fchmod helper Christoph Hellwig <hch(a)lst.de> fs: add a vfs_fchown helper Christoph Hellwig <hch(a)lst.de> initramfs: factor out a helper to populate the initrd image Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Fix client_component for 64 bit kernel Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Allocate and free components as required Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Avoid use of bool in structures Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Geliang Tang <geliangtang(a)gmail.com> mptcp: add sk_stop_timer_sync helper Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Christoph Niedermaier <cniedermaier(a)dh-electronics.com> drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() Thomas Gleixner <tglx(a)linutronix.de> timers: Move clearing of base::timer_running under base:: Lock Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Zhong Jinghua <zhongjinghua(a)huawei.com> loop: loop_set_status_from_info() check before assignment Siddh Raman Pant <code(a)siddh.me> loop: Check for overflow while configuring loop Martijn Coenen <maco(a)android.com> loop: Factor out configuring loop from status Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Holger Hoffstätte <holger.hoffstaette(a)googlemail.com> loop: properly observe rotational flag of underlying device Martijn Coenen <maco(a)android.com> loop: Refactor loop_set_status() size calculation Martijn Coenen <maco(a)android.com> loop: Factor out setting loop device size Martijn Coenen <maco(a)android.com> loop: Remove sector_t truncation checks Martijn Coenen <maco(a)android.com> loop: Call loop_config_discard() only after new config is applied Genjian Zhang <zhanggenjian(a)kylinos.cn> Revert "loop: Check for overflow while configuring loop" Goldwyn Rodrigues <rgoldwyn(a)suse.com> btrfs: allocate btrfs_ioctl_defrag_range_args on stack John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Liu Shixin <liushixin2(a)huawei.com> mm/memory-failure: fix an incorrect use of tail pages Yangxi Xiang <xyangxi5(a)gmail.com> vt: fix memory overlapping when deleting chars in the buffer Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Prevent timers rescheduling during deletion Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Joe Perches <joe(a)perches.com> nilfs2: use a more common logging style Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Boris Brezillon <boris.brezillon(a)collabora.com> drm/imx: pd: Use bus format/flags provided by the bridge when available Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum Helge Deller <deller(a)gmx.de> parisc: Do not hardcode registers in checksum functions Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Lubomir Rintel <lkundrak(a)v3.sk> ARM: dts: mmp2-brownstone: Don't redeclare phandle references Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Anna-Maria Gleixner <anna-maria(a)linutronix.de> timers: Prepare support for PREEMPT_RT Anna-Maria Gleixner <anna-maria(a)linutronix.de> timer/trace: Improve timer tracing Anna-Maria Gleixner <anna-maria(a)linutronix.de> timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 18 +- Documentation/admin-guide/kernel-parameters.txt | 6 +- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 330 ++++++++++----------- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/parisc/include/asm/checksum.h | 107 +++---- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/msr-index.h | 2 + arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 117 ++++---- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/pat.c | 50 +++- block/blk-stat.c | 2 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 ++-- drivers/ata/sata_sx4.c | 6 +- drivers/base/power/wakeirq.c | 4 +- drivers/block/loop.c | 206 ++++++++----- drivers/bluetooth/btintel.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/imx/parallel-display.c | 172 +++++++++-- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- drivers/hwmon/amc6821.c | 11 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/md/dm-raid.c | 2 + drivers/md/raid5.c | 12 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/mmc/core/block.c | 10 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +-- drivers/net/ethernet/realtek/r8169_main.c | 9 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 ++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/pci/pci-driver.c | 23 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 ++++-- drivers/staging/comedi/drivers/comedi_test.c | 30 +- drivers/staging/speakup/synth.c | 4 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 52 ++-- .../vc04_services/bcm2835-camera/mmal-vchiq.h | 6 +- drivers/tty/n_gsm.c | 3 + drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/vt/vt.c | 4 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 63 ++-- drivers/usb/dwc2/gadget.c | 4 + drivers/usb/dwc2/hcd.c | 47 ++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/vfio/platform/vfio_platform_irq.c | 5 +- drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 +- fs/aio.c | 8 +- fs/btrfs/export.c | 9 +- fs/btrfs/ioctl.c | 25 +- fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 12 +- fs/exec.c | 1 + fs/ext4/resize.c | 3 +- fs/fat/nfs.c | 6 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/isofs/inode.c | 18 +- fs/nilfs2/alloc.c | 38 +-- fs/nilfs2/btree.c | 51 ++-- fs/nilfs2/cpfile.c | 10 +- fs/nilfs2/dat.c | 14 +- fs/nilfs2/direct.c | 23 +- fs/nilfs2/gcinode.c | 2 +- fs/nilfs2/ifile.c | 4 +- fs/nilfs2/inode.c | 31 +- fs/nilfs2/ioctl.c | 37 ++- fs/nilfs2/mdt.c | 2 +- fs/nilfs2/namei.c | 6 +- fs/nilfs2/nilfs.h | 9 + fs/nilfs2/page.c | 11 +- fs/nilfs2/recovery.c | 32 +- fs/nilfs2/segbuf.c | 2 +- fs/nilfs2/segment.c | 38 +-- fs/nilfs2/sufile.c | 29 +- fs/nilfs2/super.c | 57 ++-- fs/nilfs2/sysfs.c | 29 +- fs/nilfs2/the_nilfs.c | 85 +++--- fs/open.c | 38 ++- fs/sysv/itree.c | 10 +- fs/ubifs/file.c | 13 +- include/linux/fs.h | 3 + include/linux/gfp.h | 9 + include/linux/sunrpc/sched.h | 2 +- include/linux/timer.h | 18 +- include/net/erspan.h | 19 +- include/net/inet_connection_sock.h | 1 + include/net/sock.h | 9 + include/soc/fsl/qman.h | 9 + include/trace/events/timer.h | 17 +- include/uapi/linux/input-event-codes.h | 1 + init/initramfs.c | 75 +++-- kernel/events/core.c | 9 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 6 + kernel/time/timer.c | 282 +++++++++++++----- mm/compaction.c | 7 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 + mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/vmscan.c | 5 +- net/batman-adv/distributed-arp-table.c | 3 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/core/sock.c | 7 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 104 +++++-- net/ipv4/tcp.c | 2 + net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/mac80211/cfg.c | 5 +- net/netfilter/nf_tables_api.c | 22 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/soc-ops.c | 2 +- tools/iio/iio_utils.c | 2 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- virt/kvm/async_pf.c | 31 +- 166 files changed, 2248 insertions(+), 1220 deletions(-)

1 year, 1 month

11
194
0 0

FAILED: patch "[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 025a6f7448f7bb5f4fceb62498ee33d89ae266bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042918-jet-harmonica-e767@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 025a6f7448f7 ("phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6") ef643d55fdeb ("phy: qcom: qmp: split DP PHY registers to separate headers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 025a6f7448f7bb5f4fceb62498ee33d89ae266bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Mon, 8 Apr 2024 11:30:23 +0200 Subject: [PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Stephen Boyd <swboyd(a)chromium.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Link: https://lore.kernel.org/r/20240408093023.506-1-johan+linaro@kernel.org Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index 2a6f70b3e25f..c21cdb8dbfe7 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4

1 year, 1 month

3
2
0 0

[PATCH 6.8 000/273] 6.8.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 273 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc1 Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/scsi/sg.c | 4 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- drivers/usb/typec/ucsi/ucsi.c | 10 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 327 files changed, 3223 insertions(+), 1693 deletions(-)

1 year, 1 month

20
312
0 0

[PATCH v4 RESEND] lockdep: fix deadlock issue between lockdep and rcu

by Carlos Llamas

From: Zhiguo Niu <zhiguo.niu(a)unisoc.com> There is a deadlock scenario between lockdep and rcu when rcu nocb feature is enabled, just as following call stack: rcuop/x -000|queued_spin_lock_slowpath(lock = 0xFFFFFF817F2A8A80, val = ?) -001|queued_spin_lock(inline) // try to hold nocb_gp_lock -001|do_raw_spin_lock(lock = 0xFFFFFF817F2A8A80) -002|__raw_spin_lock_irqsave(inline) -002|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F2A8A80) -003|wake_nocb_gp_defer(inline) -003|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F30B680) -004|__call_rcu_common(inline) -004|call_rcu(head = 0xFFFFFFC082EECC28, func = ?) -005|call_rcu_zapped(inline) -005|free_zapped_rcu(ch = ?)// hold graph lock -006|rcu_do_batch(rdp = 0xFFFFFF817F245680) -007|nocb_cb_wait(inline) -007|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F245680) -008|kthread(_create = 0xFFFFFF80803122C0) -009|ret_from_fork(asm) rcuop/y -000|queued_spin_lock_slowpath(lock = 0xFFFFFFC08291BBC8, val = 0) -001|queued_spin_lock() -001|lockdep_lock() -001|graph_lock() // try to hold graph lock -002|lookup_chain_cache_add() -002|validate_chain() -003|lock_acquire -004|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F211D80) -005|lock_timer_base(inline) -006|mod_timer(inline) -006|wake_nocb_gp_defer(inline)// hold nocb_gp_lock -006|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F2A8680) -007|__call_rcu_common(inline) -007|call_rcu(head = 0xFFFFFFC0822E0B58, func = ?) -008|call_rcu_hurry(inline) -008|rcu_sync_call(inline) -008|rcu_sync_func(rhp = 0xFFFFFFC0822E0B58) -009|rcu_do_batch(rdp = 0xFFFFFF817F266680) -010|nocb_cb_wait(inline) -010|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F266680) -011|kthread(_create = 0xFFFFFF8080363740) -012|ret_from_fork(asm) rcuop/x and rcuop/y are rcu nocb threads with the same nocb gp thread. This patch release the graph lock before lockdep call_rcu. Fixes: a0b0fd53e1e6 ("locking/lockdep: Free lock classes that are no longer in use") Cc: <stable(a)vger.kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Waiman Long <longman(a)redhat.com> Cc: Carlos Llamas <cmllamas(a)google.com> Cc: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Xuewen Yan <xuewen.yan(a)unisoc.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> Reviewed-by: Waiman Long <longman(a)redhat.com> Reviewed-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- kernel/locking/lockdep.c | 48 ++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index 151bd3de5936..3468d8230e5f 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -6184,25 +6184,27 @@ static struct pending_free *get_pending_free(void) static void free_zapped_rcu(struct rcu_head *cb); /* - * Schedule an RCU callback if no RCU callback is pending. Must be called with - * the graph lock held. - */ -static void call_rcu_zapped(struct pending_free *pf) +* See if we need to queue an RCU callback, must called with +* the lockdep lock held, returns false if either we don't have +* any pending free or the callback is already scheduled. +* Otherwise, a call_rcu() must follow this function call. +*/ +static bool prepare_call_rcu_zapped(struct pending_free *pf) { WARN_ON_ONCE(inside_selftest()); if (list_empty(&pf->zapped)) - return; + return false; if (delayed_free.scheduled) - return; + return false; delayed_free.scheduled = true; WARN_ON_ONCE(delayed_free.pf + delayed_free.index != pf); delayed_free.index ^= 1; - call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + return true; } /* The caller must hold the graph lock. May be called from RCU context. */ @@ -6228,6 +6230,7 @@ static void free_zapped_rcu(struct rcu_head *ch) { struct pending_free *pf; unsigned long flags; + bool need_callback; if (WARN_ON_ONCE(ch != &delayed_free.rcu_head)) return; @@ -6239,14 +6242,18 @@ static void free_zapped_rcu(struct rcu_head *ch) pf = delayed_free.pf + (delayed_free.index ^ 1); __free_zapped_classes(pf); delayed_free.scheduled = false; + need_callback = + prepare_call_rcu_zapped(delayed_free.pf + delayed_free.index); + lockdep_unlock(); + raw_local_irq_restore(flags); /* - * If there's anything on the open list, close and start a new callback. - */ - call_rcu_zapped(delayed_free.pf + delayed_free.index); + * If there's pending free and its callback has not been scheduled, + * queue an RCU callback. + */ + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); - lockdep_unlock(); - raw_local_irq_restore(flags); } /* @@ -6286,6 +6293,7 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) { struct pending_free *pf; unsigned long flags; + bool need_callback; init_data_structures_once(); @@ -6293,10 +6301,11 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) lockdep_lock(); pf = get_pending_free(); __lockdep_free_key_range(pf, start, size); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); lockdep_unlock(); raw_local_irq_restore(flags); - + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); /* * Wait for any possible iterators from look_up_lock_class() to pass * before continuing to free the memory they refer to. @@ -6390,6 +6399,7 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) struct pending_free *pf; unsigned long flags; int locked; + bool need_callback = false; raw_local_irq_save(flags); locked = graph_lock(); @@ -6398,11 +6408,13 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) pf = get_pending_free(); __lockdep_reset_lock(pf, lock); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); graph_unlock(); out_irq: raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); } /* @@ -6446,6 +6458,7 @@ void lockdep_unregister_key(struct lock_class_key *key) struct pending_free *pf; unsigned long flags; bool found = false; + bool need_callback = false; might_sleep(); @@ -6466,11 +6479,14 @@ void lockdep_unregister_key(struct lock_class_key *key) if (found) { pf = get_pending_free(); __lockdep_free_key_range(pf, key, 1); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); } lockdep_unlock(); raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + /* Wait until is_dynamic_key() has finished accessing k->hash_entry. */ synchronize_rcu(); } -- 2.44.0.683.g7961c838ac-goog

1 year, 1 month

2
1
0 0

Kernel Issue: Wrong EFI Loader Signature followed by Kernel Panic

by Atishya Jain

Dear Linux Stable Team, I am writing to report an issue encountered while attempting to boot kernel version 5.4.274 with an egress XDP patch applied. The issue arises with the EFI loader signature, leading to subsequent kernel panic. *Problem Description:* When attempting to boot kernel version 5.4.274 with the egress XDP patch, I encountered the following sequence of events: 1. Initially, the system displays the message "Wrong EFI loader signature." 2. Following this message, the system proceeds to decompress the Linux kernel and performs ELF parsing and relocations successfully. 3. However, upon attempting to boot the kernel, a kernel panic occurs with the error message: "Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,0)." *Error Messages*:(ScreenShots Attached) Upon selecting the kernel version 5.4.274, the system displays the following error messages: ``` Wrong EFI loader signature. early console in extract_kernel input_data: 0x00000000027493b1 input_len: 0x000000000086892c output: 0x0000000001000000 output_len: 0x0000000001f81298 kernel_total_size: 0x0000000001e2c000 needed_size: 0x0000000002000000 trampoline_32bit: 0x0000000000090000 booted via startup_32() Physical, KASLR using RDTSC. Virtual KASLR using RDTSC.. Decompressing Linux... Parsing ELF... Performing relocations... done. Booting the kernel. 8.0522441 RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible! 0.9972031 Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,0) CPU: 1 PID: 1 Command: swapper/0 Not tainted 5.4.274 #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: dump_stack+0x58/0x63 panic+0x188/0x2ce Mount_block_root+0x19b/0x23a prepare_namespace+0x136/0x16c kernel_init_freeable+0x207/0x210 rest_init+0x90/0x90 kernel_init+0x5/0xf6 ret_from_fork+0x35/0x48 Kernel Offset: 0x8488000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xfffffffffffffff) --- end Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,8) ``` *Additional Information*: - The issue persists even after signing the kernel. - I am using Kali Linux in VMware, with the following system information: - Linux kali 6.6.15-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.6.15-2kali1 (2024-04-09) x86_64 GNU/Linux *Steps Taken*: 1. Applied egress XDP patch to kernel version 5.4.274. 2. Attempted to boot the patched kernel. 3. Encountered the "Wrong EFI loader signature" message followed by kernel panic. *Action Required*: I kindly request assistance in resolving this issue or guidance on further troubleshooting steps. Please let me know if any additional information is required. Thank you for your attention to this matter. Best regards, Atishya Jain Project Associate Indian Institute of Technology Gandhinagar Palaj, Gandhinagar - 382055 - India. Email: atishya.jain(a)iitgn.ac.in LinkedIn: www.linkedin.com/in/atishya-jain-it *Screenshots:*

1 year, 1 month

2
1
0 0

[tip: x86/urgent] x86/apic: Don't access the APIC when disabling x2APIC

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 720a22fd6c1cdadf691281909950c0cbc5cdf17e Gitweb: https://git.kernel.org/tip/720a22fd6c1cdadf691281909950c0cbc5cdf17e Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Fri, 26 Apr 2024 00:30:36 +02:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Tue, 30 Apr 2024 07:51:34 +02:00 x86/apic: Don't access the APIC when disabling x2APIC With 'iommu=off' on the kernel command line and x2APIC enabled by the BIOS the code which disables the x2APIC triggers an unchecked MSR access error: RDMSR from 0x802 at rIP: 0xffffffff94079992 (native_apic_msr_read+0x12/0x50) This is happens because default_acpi_madt_oem_check() selects an x2APIC driver before the x2APIC is disabled. When the x2APIC is disabled because interrupt remapping cannot be enabled due to 'iommu=off' on the command line, x2apic_disable() invokes apic_set_fixmap() which in turn tries to read the APIC ID. This triggers the MSR warning because x2APIC is disabled, but the APIC driver is still x2APIC based. Prevent that by adding an argument to apic_set_fixmap() which makes the APIC ID read out conditional and set it to false from the x2APIC disable path. That's correct as the APIC ID has already been read out during early discovery. Fixes: d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") Reported-by: Adrian Huang <ahuang12(a)lenovo.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Adrian Huang <ahuang12(a)lenovo.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/875xw5t6r7.ffs@tglx --- arch/x86/kernel/apic/apic.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index c342c4a..803dcfb 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1771,7 +1771,7 @@ void x2apic_setup(void) __x2apic_enable(); } -static __init void apic_set_fixmap(void); +static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { @@ -1793,7 +1793,12 @@ static __init void x2apic_disable(void) } __x2apic_disable(); - apic_set_fixmap(); + /* + * Don't reread the APIC ID as it was already done from + * check_x2apic() and the APIC driver still is a x2APIC variant, + * which fails to do the read after x2APIC was disabled. + */ + apic_set_fixmap(false); } static __init void x2apic_enable(void) @@ -2057,13 +2062,14 @@ void __init init_apic_mappings(void) } } -static __init void apic_set_fixmap(void) +static __init void apic_set_fixmap(bool read_apic) { set_fixmap_nocache(FIX_APIC_BASE, mp_lapic_addr); apic_mmio_base = APIC_BASE; apic_printk(APIC_VERBOSE, "mapped APIC to %16lx (%16lx)\n", apic_mmio_base, mp_lapic_addr); - apic_read_boot_cpu_id(false); + if (read_apic) + apic_read_boot_cpu_id(false); } void __init register_lapic_address(unsigned long address) @@ -2073,7 +2079,7 @@ void __init register_lapic_address(unsigned long address) mp_lapic_addr = address; if (!x2apic_mode) - apic_set_fixmap(); + apic_set_fixmap(true); } /*

1 year, 1 month

1
0
0 0

[tip: x86/urgent] x86/apic: Don't access the APIC when disabling X2APIC

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 1e1dd773644e9de88f54386f7147c1068375fc75 Gitweb: https://git.kernel.org/tip/1e1dd773644e9de88f54386f7147c1068375fc75 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Fri, 26 Apr 2024 00:30:36 +02:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Mon, 29 Apr 2024 12:08:07 +02:00 x86/apic: Don't access the APIC when disabling X2APIC With 'iommu=off' on the kernel command line and X2APIC enabled by the BIOS the code which disables the X2APIC triggers an unchecked MSR access error: RDMSR from 0x802 at rIP: 0xffffffff94079992 (native_apic_msr_read+0x12/0x50) This is happens because default_acpi_madt_oem_check() selects an X2APIC driver before the X2APIC is disabled. When the X2APIC is disabled because interrupt remapping cannot be enabled due to 'iommu=off' on the command line, x2apic_disable() invokes apic_set_fixmap() which in turn tries to read the APIC ID. This triggers the MSR warning because X2APIC is disabled, but the APIC driver is still X2APIC based. Prevent that by adding an argument to apic_set_fixmap() which makes the APIC ID read out conditional and set it to false from the X2APIC disable path. That's correct as the APIC ID has already been read out during early discovery. Fixes: d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") Reported-by: Adrian Huang <ahuang12(a)lenovo.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Adrian Huang <ahuang12(a)lenovo.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/875xw5t6r7.ffs@tglx --- arch/x86/kernel/apic/apic.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index c342c4a..b229648 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1771,7 +1771,7 @@ void x2apic_setup(void) __x2apic_enable(); } -static __init void apic_set_fixmap(void); +static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { @@ -1793,7 +1793,12 @@ static __init void x2apic_disable(void) } __x2apic_disable(); - apic_set_fixmap(); + /* + * Don't reread the APIC ID as it was already done from + * check_x2apic() and the apic driver still is a x2APIC variant, + * which fails to do the read after x2APIC was disabled. + */ + apic_set_fixmap(false); } static __init void x2apic_enable(void) @@ -2057,13 +2062,14 @@ void __init init_apic_mappings(void) } } -static __init void apic_set_fixmap(void) +static __init void apic_set_fixmap(bool read_apic) { set_fixmap_nocache(FIX_APIC_BASE, mp_lapic_addr); apic_mmio_base = APIC_BASE; apic_printk(APIC_VERBOSE, "mapped APIC to %16lx (%16lx)\n", apic_mmio_base, mp_lapic_addr); - apic_read_boot_cpu_id(false); + if (read_apic) + apic_read_boot_cpu_id(false); } void __init register_lapic_address(unsigned long address) @@ -2073,7 +2079,7 @@ void __init register_lapic_address(unsigned long address) mp_lapic_addr = address; if (!x2apic_mode) - apic_set_fixmap(); + apic_set_fixmap(true); } /*

1 year, 1 month

2
1
0 0

[PATCH] Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V"

by Mingzheng Xing

This reverts commit 1d6cd2146c2b58bc91266db1d5d6a5f9632e14c0 which has been merged into the mainline commit 39365395046f ("riscv: kdump: use generic interface to simplify crashkernel reservation"), but the latter's series of patches are not included in the 6.6 branch. This will result in the loss of Crash kernel data in /proc/iomem, and kdump loading the kernel will also cause an error: ``` Memory for crashkernel is not reserved Please reserve memory by passing"crashkernel=Y@X" parameter to kernel Then try to loading kdump kernel ``` After revert this patch, verify that it works properly on QEMU riscv. Link: https://lore.kernel.org/linux-riscv/ZSiQRDGLZk7lpakE@MiWiFi-R3L-srv Signed-off-by: Mingzheng Xing <xingmingzheng(a)iscas.ac.cn> --- arch/riscv/kernel/setup.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index aac853ae4eb74..e600aab116a40 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -173,6 +173,19 @@ static void __init init_resources(void) if (ret < 0) goto error; +#ifdef CONFIG_KEXEC_CORE + if (crashk_res.start != crashk_res.end) { + ret = add_resource(&iomem_resource, &crashk_res); + if (ret < 0) + goto error; + } + if (crashk_low_res.start != crashk_low_res.end) { + ret = add_resource(&iomem_resource, &crashk_low_res); + if (ret < 0) + goto error; + } +#endif + #ifdef CONFIG_CRASH_DUMP if (elfcorehdr_size > 0) { elfcorehdr_res.start = elfcorehdr_addr; -- 2.34.1

1 year, 1 month

3
11
0 0

[PATCH] drm/xe: Unmap userptr in MMU invalidation notifier

by Matthew Brost

To be secure, when a userptr is invalidated the pages should be dma unmapped ensuring the device can no longer touch the invalidated pages. v2: - Don't free sg table in MMU notifer, just dma unmap pages Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Fixes: 12f4b58a37f4 ("drm/xe: Use hmm_range_fault to populate user pages") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.8 Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_hmm.c | 42 ++++++++++++++++++++++++++------ drivers/gpu/drm/xe/xe_hmm.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 5 +++- drivers/gpu/drm/xe/xe_vm_types.h | 5 +++- 5 files changed, 45 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index 2c32dc46f7d4..baf42514e1f9 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -112,16 +112,20 @@ static int xe_build_sg(struct xe_device *xe, struct hmm_range *range, return ret; } -/* - * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr +#define need_unmap(__sg) ((u64)(__sg) & 0x1ull) +#define clear_need_unmap(__sg) (__sg) = (struct sg_table *)((u64)(__sg) & ~0x1ull) +#define set_need_unmap(__sg) (__sg) = (struct sg_table *)((u64)(__sg) | 0x1ull) + +/** + * xe_hmm_userptr_unmap_sg() - Unmap the scatter gather table of userptr * * @uvma: the userptr vma which hold the scatter gather table * * With function xe_userptr_populate_range, we allocate storage of - * the userptr sg table. This is a helper function to free this - * sg table, and dma unmap the address in the table. + * the userptr sg table. This is a helper function to dma unmap the address in + * the table. */ -void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) +void xe_hmm_userptr_unmap_sg(struct xe_userptr_vma *uvma) { struct xe_userptr *userptr = &uvma->userptr; struct xe_vma *vma = &uvma->vma; @@ -129,11 +133,34 @@ void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) struct xe_vm *vm = xe_vma_vm(vma); struct xe_device *xe = vm->xe; struct device *dev = xe->drm.dev; + bool do_unmap; xe_assert(xe, userptr->sg); - dma_unmap_sgtable(dev, userptr->sg, - write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); + spin_lock(&vm->userptr.invalidated_lock); + do_unmap = need_unmap(userptr->sg); + clear_need_unmap(userptr->sg); + spin_unlock(&vm->userptr.invalidated_lock); + + if (do_unmap) + dma_unmap_sgtable(dev, userptr->sg, + write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); +} + +/* + * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr + * + * @uvma: the userptr vma which hold the scatter gather table + * + * With function xe_userptr_populate_range, we allocate storage of + * the userptr sg table. This is a helper function to free this + * sg table, and dma unmap the address in the table. + */ +void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) +{ + struct xe_userptr *userptr = &uvma->userptr; + + xe_hmm_userptr_unmap_sg(uvma); sg_free_table(userptr->sg); userptr->sg = NULL; } @@ -244,6 +271,7 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, xe_mark_range_accessed(&hmm_range, write); userptr->sg = &userptr->sgt; + set_need_unmap(userptr->sg); userptr->notifier_seq = hmm_range.notifier_seq; free_pfns: diff --git a/drivers/gpu/drm/xe/xe_hmm.h b/drivers/gpu/drm/xe/xe_hmm.h index 909dc2bdcd97..56e653dc9fa2 100644 --- a/drivers/gpu/drm/xe/xe_hmm.h +++ b/drivers/gpu/drm/xe/xe_hmm.h @@ -9,3 +9,4 @@ struct xe_userptr_vma; int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, bool is_mm_mmap_locked); void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma); +void xe_hmm_userptr_unmap_sg(struct xe_userptr_vma *uvma); diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 8d3765d3351e..b095257dc684 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -635,7 +635,7 @@ xe_pt_stage_bind(struct xe_tile *tile, struct xe_vma *vma, if (!xe_vma_is_null(vma)) { if (xe_vma_is_userptr(vma)) - xe_res_first_sg(to_userptr_vma(vma)->userptr.sg, 0, + xe_res_first_sg(vma_to_userptr_sg(vma), 0, xe_vma_size(vma), &curs); else if (xe_bo_is_vram(bo) || xe_bo_is_stolen(bo)) xe_res_first(bo->ttm.resource, xe_vma_bo_offset(vma), diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index dfd31b346021..c3d54dcf2a3e 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -637,6 +637,9 @@ static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, XE_WARN_ON(err); } + if (userptr->sg) + xe_hmm_userptr_unmap_sg(uvma); + trace_xe_vma_userptr_invalidate_complete(vma); return true; @@ -3405,7 +3408,7 @@ int xe_analyze_vm(struct drm_printer *p, struct xe_vm *vm, int gt_id) if (is_null) { addr = 0; } else if (is_userptr) { - struct sg_table *sg = to_userptr_vma(vma)->userptr.sg; + struct sg_table *sg = vma_to_userptr_sg(vma); struct xe_res_cursor cur; if (sg) { diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index ce1a63a5e3e7..0478a2235076 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -34,6 +34,9 @@ struct xe_vm; #define XE_VMA_PTE_COMPACT (DRM_GPUVA_USERBITS << 9) #define XE_VMA_DUMPABLE (DRM_GPUVA_USERBITS << 10) +#define vma_to_userptr_sg(__vma) \ + (struct sg_table *)((u64)to_userptr_vma((__vma))->userptr.sg & ~0x1ull) + /** struct xe_userptr - User pointer */ struct xe_userptr { /** @invalidate_link: Link for the vm::userptr.invalidated list */ @@ -206,7 +209,7 @@ struct xe_vm { struct rw_semaphore notifier_lock; /** * @userptr.invalidated_lock: Protects the - * @userptr.invalidated list. + * @userptr.invalidated list and dma mapped pages of userptrs */ spinlock_t invalidated_lock; /** -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH v2] chrome/cros_ec: Handle events during suspend after resume completion

by Karthikeyan Ramasubramanian

Commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") re-ordered the resume sequence. Before that change, cros_ec resume sequence is: 1) Enable IRQ 2) Send resume event 3) Handle events during suspend After commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable"), cros_ec resume sequence is: 1) Enable IRQ 2) Handle events during suspend 3) Send resume event. This re-ordering leads to delayed handling of any events queued between items 2) and 3) with the updated sequence. Also in certain platforms, EC skips triggering interrupt for certain events eg. mkbp events until the resume event is received. Such events are stuck in the host event queue indefinitely. This change puts back the original order to avoid any delay in handling the pending events. Fixes: 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") Cc: stable(a)vger.kernel.org Cc: Lalith Rajendran <lalithkraj(a)chromium.org> Cc: chrome-platform(a)lists.linux.dev Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- Changes in v2: - Updated the commit message with the right problem description drivers/platform/chrome/cros_ec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index badc68bbae8cc..41714df053916 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -432,6 +432,12 @@ static void cros_ec_send_resume_event(struct cros_ec_device *ec_dev) void cros_ec_resume_complete(struct cros_ec_device *ec_dev) { cros_ec_send_resume_event(ec_dev); + /* + * Let the mfd devices know about events that occur during + * suspend. This way the clients know what to do with them. + */ + cros_ec_report_events_during_suspend(ec_dev); + } EXPORT_SYMBOL(cros_ec_resume_complete); @@ -442,12 +448,6 @@ static void cros_ec_enable_irq(struct cros_ec_device *ec_dev) if (ec_dev->wake_enabled) disable_irq_wake(ec_dev->irq); - - /* - * Let the mfd devices know about events that occur during - * suspend. This way the clients know what to do with them. - */ - cros_ec_report_events_during_suspend(ec_dev); } /** @@ -475,8 +475,9 @@ EXPORT_SYMBOL(cros_ec_resume_early); */ int cros_ec_resume(struct cros_ec_device *ec_dev) { - cros_ec_enable_irq(ec_dev); - cros_ec_send_resume_event(ec_dev); + cros_ec_resume_early(ec_dev); + cros_ec_resume_complete(ec_dev); + return 0; } EXPORT_SYMBOL(cros_ec_resume); -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

2
2
0 0

[PATCH] kselftest: Add a ksft_perror() helper

by Edward Liaw

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 907f33028871fa7c9a3db1efd467b78ef82cce20 ] The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw <edliaw(a)google.com> --- tools/testing/selftests/kselftest.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e8eecbc83a60..ad7b97e16f37 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -48,6 +48,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <sys/utsname.h> #endif @@ -156,6 +157,19 @@ static inline void ksft_print_msg(const char *msg, ...) va_end(args); } +static inline void ksft_perror(const char *msg) +{ +#ifndef NOLIBC + ksft_print_msg("%s: %s (%d)\n", msg, strerror(errno), errno); +#else + /* + * nolibc doesn't provide strerror() and it seems + * inappropriate to add one, just print the errno. + */ + ksft_print_msg("%s: %d)\n", msg, errno); +#endif +} + static inline void ksft_test_result_pass(const char *msg, ...) { int saved_errno = errno; -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

1
1
0 0

[PATCH 6.6.y 1/4] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads

by Rahul Rameshbabu

commit 475747a19316b08e856c666a20503e73d7ed67ed upstream. Omit rx_use_md_dst comment in upstream commit since macsec_ops is not documented. Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- include/net/macsec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/macsec.h b/include/net/macsec.h index ebf9bc54036a..75340c3e0c8b 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -303,6 +303,7 @@ struct macsec_ops { int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx); + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa); -- 2.42.0

1 year, 1 month

1
3
0 0

[PATCH 0/2] clk: bcm: Move a couple of __counted_by initializations

by Nathan Chancellor

Hi all, This series addresses two UBSAN warnings I see on my Raspberry Pi 4 with recent releases of clang that support __counted_by by moving the initializations of the element count member before any accesses of the flexible array member. I marked these for stable because more distributions are enabling the bounds sanitizer [1][2], so the warnings will show up when the kernel is built with a compiler that supports __counted_by, so it seems worth fixing this for future users. [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914685 [2]: https://src.fedoraproject.org/rpms/kernel/c/79a2207963b8fea452acfc5dea13ed5… --- Nathan Chancellor (2): clk: bcm: dvp: Assign ->num before accessing ->hws clk: bcm: rpi: Assign ->num before accessing ->hws drivers/clk/bcm/clk-bcm2711-dvp.c | 3 ++- drivers/clk/bcm/clk-raspberrypi.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) --- base-commit: ed30a4a51bb196781c8058073ea720133a65596f change-id: 20240424-cbl-bcm-assign-counted-by-val-before-access-cf19d630f2b4 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 1 month

4
8
0 0

[PATCH] firewire: ohci: fulfill timestamp for some local asynchronous transaction

by Takashi Sakamoto

1394 OHCI driver generates packet data for the response subaction to the request subaction to some local registers. In the case, the driver should assign timestamp to them by itself. This commit fulfills the timestamp for the subaction. Cc: stable(a)vger.kernel.org Fixes: dcadfd7f7c74 ("firewire: core: use union for callback of transaction completion") Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- drivers/firewire/ohci.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index 38d19410a2be..b9ae0340b8a7 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -1556,6 +1556,8 @@ static int handle_at_packet(struct context *context, #define HEADER_GET_DATA_LENGTH(q) (((q) >> 16) & 0xffff) #define HEADER_GET_EXTENDED_TCODE(q) (((q) >> 0) & 0xffff) +static u32 get_cycle_time(struct fw_ohci *ohci); + static void handle_local_rom(struct fw_ohci *ohci, struct fw_packet *packet, u32 csr) { @@ -1580,6 +1582,8 @@ static void handle_local_rom(struct fw_ohci *ohci, (void *) ohci->config_rom + i, length); } + // Timestamping on behalf of the hardware. + response.timestamp = cycle_time_to_ohci_tstamp(get_cycle_time(ohci)); fw_core_handle_response(&ohci->card, &response); } @@ -1628,6 +1632,8 @@ static void handle_local_lock(struct fw_ohci *ohci, fw_fill_response(&response, packet->header, RCODE_BUSY, NULL, 0); out: + // Timestamping on behalf of the hardware. + response.timestamp = cycle_time_to_ohci_tstamp(get_cycle_time(ohci)); fw_core_handle_response(&ohci->card, &response); } @@ -1670,8 +1676,6 @@ static void handle_local_request(struct context *ctx, struct fw_packet *packet) } } -static u32 get_cycle_time(struct fw_ohci *ohci); - static void at_context_transmit(struct context *ctx, struct fw_packet *packet) { unsigned long flags; -- 2.43.0

1 year, 1 month

1
1
0 0

[PATCH 4.19 00/41] 4.19.310-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 4.19.310 release. There are 41 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 05:04:34 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Arnd Bergmann (1): y2038: rusage: use __kernel_old_timeval Christophe Leroy (3): tools/selftest/vm: allow choosing mem size and page size in map_hugetlb selftests/vm: fix display of page size in map_hugetlb selftests/vm: fix map_hugetlb length used for testing read and write Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Fedor Pchelkin (1): btrfs: ref-verify: free ref cache before clearing mount opt Ingo Molnar (1): exit: Fix typo in comment: s/sub-theads/sub-threads Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lee Jones (1): net: usb: lan78xx: Remove lots of set but unused 'ret' variables Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Li RongQing (1): net: move definition of pcpu_lstats to header file Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (5): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Sasha Levin (1): Linux 4.19.310-rc1 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Makefile | 4 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/input/serio/i8042-x86ia64io.h | 6 + drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 96 ++- drivers/net/loopback.c | 6 - drivers/net/nlmon.c | 6 - drivers/net/usb/lan78xx.c | 966 +++++++++++++++++------ drivers/net/vsockmon.c | 14 +- fs/btrfs/ref-verify.c | 6 +- include/linux/netdevice.h | 6 + include/uapi/linux/resource.h | 4 +- kernel/exit.c | 12 +- kernel/sys.c | 91 ++- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 50 +- 28 files changed, 994 insertions(+), 382 deletions(-) -- 2.43.0

1 year, 1 month

6
48
0 0

FAILED: patch "[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 025a6f7448f7bb5f4fceb62498ee33d89ae266bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-enlisted-punch-79a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 025a6f7448f7 ("phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6") ef643d55fdeb ("phy: qcom: qmp: split DP PHY registers to separate headers") 7b98cf0e9b5f ("phy: qcom-qmp: pcs: Add v7 register offsets") dc32762214e4 ("phy: qcom-qmp: move PCS MISC V4 registers to separate header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 025a6f7448f7bb5f4fceb62498ee33d89ae266bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Mon, 8 Apr 2024 11:30:23 +0200 Subject: [PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Stephen Boyd <swboyd(a)chromium.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Link: https://lore.kernel.org/r/20240408093023.506-1-johan+linaro@kernel.org Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index 2a6f70b3e25f..c21cdb8dbfe7 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4

1 year, 1 month

2
1
0 0

[PATCH v8 01/35] dyndbg: fix old BUG_ON in >control parser

by Jim Cromie

Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. cc: stable(a)vger.kernel.org Signed-off-by: Jim Cromie <jim.cromie(a)gmail.com> --- lib/dynamic_debug.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index c78f335fa981..f2c5e7910bb1 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -302,7 +302,11 @@ static int ddebug_tokenize(char *buf, char *words[], int maxwords) } else { for (end = buf; *end && !isspace(*end); end++) ; - BUG_ON(end == buf); + if (end == buf) { + pr_err("parse err after word:%d=%s\n", nwords, + nwords ? words[nwords - 1] : "<none>"); + return -EINVAL; + } } /* `buf' is start of word, `end' is one past its end */ -- 2.44.0

1 year, 1 month

1
0
0 0

[PATCH v2 2/2] drm/nouveau/gsp: Use the sg allocator for level 2 of radix3

by Lyude Paul

Currently we allocate all 3 levels of radix3 page tables using nvkm_gsp_mem_ctor(), which uses dma_alloc_coherent() for allocating all of the relevant memory. This can end up failing in scenarios where the system has very high memory fragmentation, and we can't find enough contiguous memory to allocate level 2 of the page table. Currently, this can result in runtime PM issues on systems where memory fragmentation is high - as we'll fail to allocate the page table for our suspend/resume buffer: kworker/10:2: page allocation failure: order:7, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 10 PID: 479809 Comm: kworker/10:2 Not tainted 6.8.6-201.ChopperV6.fc39.x86_64 #1 Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x64/0x80 warn_alloc+0x165/0x1e0 ? __alloc_pages_direct_compact+0xb3/0x2b0 __alloc_pages_slowpath.constprop.0+0xd7d/0xde0 __alloc_pages+0x32d/0x350 __dma_direct_alloc_pages.isra.0+0x16a/0x2b0 dma_direct_alloc+0x70/0x270 nvkm_gsp_radix3_sg+0x5e/0x130 [nouveau] r535_gsp_fini+0x1d4/0x350 [nouveau] nvkm_subdev_fini+0x67/0x150 [nouveau] nvkm_device_fini+0x95/0x1e0 [nouveau] nvkm_udevice_fini+0x53/0x70 [nouveau] nvkm_object_fini+0xb9/0x240 [nouveau] nvkm_object_fini+0x75/0x240 [nouveau] nouveau_do_suspend+0xf5/0x280 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1e0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x41/0x170 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x5d/0x70 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_suspend+0x120/0x6a0 pm_runtime_work+0x98/0xb0 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Luckily, we don't actually need to allocate coherent memory for the page table thanks to being able to pass the GPU a radix3 page table for suspend/resume data. So, let's rewrite nvkm_gsp_radix3_sg() to use the sg allocator for level 2. We continue using coherent allocations for lvl0 and 1, since they only take a single page. V2: * Don't forget to actually jump to the next scatterlist when we reach the end of the scatterlist we're currently on when writing out the page table for level 2 Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 77 ++++++++++++------- 2 files changed, 54 insertions(+), 27 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 6f5d376d8fcc1..a11d16a16c3b2 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -15,7 +15,9 @@ struct nvkm_gsp_mem { }; struct nvkm_gsp_radix3 { - struct nvkm_gsp_mem mem[3]; + struct nvkm_gsp_mem lvl0; + struct nvkm_gsp_mem lvl1; + struct sg_table lvl2; }; int nvkm_gsp_sg(struct nvkm_device *, u64 size, struct sg_table *); diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c index 9858c1438aa7f..fd4e80ba6adfc 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c @@ -1624,7 +1624,7 @@ r535_gsp_wpr_meta_init(struct nvkm_gsp *gsp) meta->magic = GSP_FW_WPR_META_MAGIC; meta->revision = GSP_FW_WPR_META_REVISION; - meta->sysmemAddrOfRadix3Elf = gsp->radix3.mem[0].addr; + meta->sysmemAddrOfRadix3Elf = gsp->radix3.lvl0.addr; meta->sizeOfRadix3Elf = gsp->fb.wpr2.elf.size; meta->sysmemAddrOfBootloader = gsp->boot.fw.addr; @@ -1919,8 +1919,9 @@ nvkm_gsp_sg(struct nvkm_device *device, u64 size, struct sg_table *sgt) static void nvkm_gsp_radix3_dtor(struct nvkm_gsp *gsp, struct nvkm_gsp_radix3 *rx3) { - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) - nvkm_gsp_mem_dtor(gsp, &rx3->mem[i]); + nvkm_gsp_sg_free(gsp->subdev.device, &rx3->lvl2); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } /** @@ -1960,36 +1961,60 @@ static int nvkm_gsp_radix3_sg(struct nvkm_gsp *gsp, struct sg_table *sgt, u64 size, struct nvkm_gsp_radix3 *rx3) { - u64 addr; + struct sg_dma_page_iter sg_dma_iter; + struct scatterlist *sg; + size_t bufsize; + u64 *pte; + int ret, i, page_idx = 0; - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) { - u64 *ptes; - size_t bufsize; - int ret, idx; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl0); + if (ret) + return ret; - bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); - ret = nvkm_gsp_mem_ctor(gsp, bufsize, &rx3->mem[i]); - if (ret) - return ret; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl1); + if (ret) + goto lvl1_fail; - ptes = rx3->mem[i].data; - if (i == 2) { - struct scatterlist *sgl; + // Allocate level 2 + bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); + ret = nvkm_gsp_sg(gsp->subdev.device, bufsize, &rx3->lvl2); + if (ret) + goto lvl2_fail; - for_each_sgtable_dma_sg(sgt, sgl, idx) { - for (int j = 0; j < sg_dma_len(sgl) / GSP_PAGE_SIZE; j++) - *ptes++ = sg_dma_address(sgl) + (GSP_PAGE_SIZE * j); - } - } else { - for (int j = 0; j < size / GSP_PAGE_SIZE; j++) - *ptes++ = addr + GSP_PAGE_SIZE * j; + // Write the bus address of level 1 to level 0 + pte = rx3->lvl0.data; + *pte = rx3->lvl1.addr; + + // Write the bus address of each page in level 2 to level 1 + pte = rx3->lvl1.data; + for_each_sgtable_dma_page(&rx3->lvl2, &sg_dma_iter, 0) + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + + // Finally, write the bus address of each page in sgt to level 2 + for_each_sgtable_sg(&rx3->lvl2, sg, i) { + void *sgl_end; + + pte = sg_virt(sg); + sgl_end = (void*)pte + sg->length; + + for_each_sgtable_dma_page(sgt, &sg_dma_iter, page_idx) { + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + page_idx++; + + // Go to the next scatterlist for level 2 if we've reached the end + if ((void*)pte >= sgl_end) + break; } + } - size = rx3->mem[i].size; - addr = rx3->mem[i].addr; + if (ret) { +lvl2_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); +lvl1_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } - return 0; + return ret; } int @@ -2021,7 +2046,7 @@ r535_gsp_fini(struct nvkm_gsp *gsp, bool suspend) sr = gsp->sr.meta.data; sr->magic = GSP_FW_SR_META_MAGIC; sr->revision = GSP_FW_SR_META_REVISION; - sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.mem[0].addr; + sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.lvl0.addr; sr->sizeOfSuspendResumeData = len; mbox0 = lower_32_bits(gsp->sr.meta.addr); -- 2.44.0

1 year, 1 month

1
0
0 0

[merged] bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS has been removed from the -mm tree. Its filename was bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS Date: Mon, 29 Apr 2024 15:47:51 +0100 bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Link: https://lkml.kernel.org/r/20240429144807.3012361-1-willy@infradead.org Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: �� <m.novosyolov(a)rosalinux.ru> Tested-by: �� <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch mm-simplify-thp_vma_allowable_order.patch mm-assert-the-mmap_lock-is-held-in-__anon_vma_prepare.patch mm-delay-the-check-for-a-null-anon_vma.patch mm-fix-some-minor-per-vma-lock-issues-in-userfaultfd.patch mm-optimise-vmf_anon_prepare-for-vmas-without-an-anon_vma.patch squashfs-convert-squashfs_symlink_read_folio-to-use-folio-apis.patch squashfs-remove-calls-to-set-the-folio-error-flag.patch

1 year, 1 month

1
0
0 0

Re: [Intel-wired-lan] [BUG] e1000e, scheduling while atomic (stable)

by Jérôme Carretero

Hi Sasha, Thank you, sorry for the delay but I coudln't reboot. Adding Greg KH because I don't know if stable will receive my e-mail (not subscribed) but the regression was integrated in stable: commit 0a4e3c2d976aa4dd38951afd6267f74ef3fade0e so they should get the fix ASAP too. Tested-by: Jérôme Carretero <cJ-ko(a)zougloub.eu> Best regards, -- Jérôme On Thu, 2024-04-18 at 06:44 +0300, Sasha Neftin wrote: > On 17/04/2024 21:46, Jérôme Carretero wrote: > > Hi, > > > > > > I opened https://bugzilla.kernel.org/show_bug.cgi?id=218740 because > > I'm > > not quite sure the culprit is e1000e or some timer stuff. > > Hello Jérôme, > > You hit on regression introduced by 6dbdd4de0362 (used the wrong > timer > during code running in atomic contexts) > Please, incorporate > https://patchwork.ozlabs.org/project/intel-wired-lan/patch/20240417190320.3… > > in your latest kernel. > > Thanks, > sasha > > > > > I just verified that this happens on the latest master. > > > > > > Let me know if I can (quickly) help, > > > > >

1 year, 1 month

7
7
0 0

+ fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Date: Mon, 29 Apr 2024 12:40:17 +0100 make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); But if another thread accessed or dirtied the pte between the first 2 calls, this could lead to loss of that information. Since ptep_modify_prot_start() gets and clears atomically, the following is the correct pattern and prevents any possible race. Any access after the first call would see an invalid pte and cause a fault: pte = ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); Link: https://lkml.kernel.org/r/20240429114017.182570-1-ryan.roberts@arm.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan +++ a/fs/proc/task_mmu.c @@ -1825,7 +1825,7 @@ static void make_uffd_wp_pte(struct vm_a pte_t old_pte; old_pte = ptep_modify_prot_start(vma, addr, pte); - ptent = pte_mkuffd_wp(ptent); + ptent = pte_mkuffd_wp(old_pte); ptep_modify_prot_commit(vma, addr, pte, old_pte, ptent); } else if (is_swap_pte(ptent)) { ptent = pte_swp_mkuffd_wp(ptent); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 1 month

1
0
0 0

+ fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Date: Mon, 29 Apr 2024 12:41:04 +0100 pagemap_scan_pmd_entry() checks if uffd-wp is set on each pte to avoid unnecessary if set. However it was previously checking with `pte_uffd_wp(ptep_get(pte))` without first confirming that the pte was present. It is only valid to call pte_uffd_wp() for present ptes. For swap ptes, pte_swp_uffd_wp() must be called because the uffd-wp bit may be kept in a different position, depending on the arch. This was leading to test failures in the pagemap_ioctl mm selftest, when bringing up uffd-wp support on arm64 due to incorrectly interpretting the uffd-wp status of migration entries. Let's fix this by using the correct check based on pte_present(). While we are at it, let's pass the pte to make_uffd_wp_pte() to avoid the pointless extra ptep_get() which can't be optimized out due to READ_ONCE() on many arches. Link: https://lkml.kernel.org/r/20240429114104.182890-1-ryan.roberts@arm.com Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Closes: https://lore.kernel.org/linux-arm-kernel/ZiuyGXt0XWwRgFh9@x1n/ Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry +++ a/fs/proc/task_mmu.c @@ -1817,10 +1817,8 @@ static unsigned long pagemap_page_catego } static void make_uffd_wp_pte(struct vm_area_struct *vma, - unsigned long addr, pte_t *pte) + unsigned long addr, pte_t *pte, pte_t ptent) { - pte_t ptent = ptep_get(pte); - if (pte_present(ptent)) { pte_t old_pte; @@ -2175,9 +2173,12 @@ static int pagemap_scan_pmd_entry(pmd_t if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { - if (pte_uffd_wp(ptep_get(pte))) + pte_t ptent = ptep_get(pte); + + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = addr + PAGE_SIZE; @@ -2190,8 +2191,10 @@ static int pagemap_scan_pmd_entry(pmd_t p->arg.return_mask == PAGE_IS_WRITTEN) { for (addr = start; addr < end; pte++, addr += PAGE_SIZE) { unsigned long next = addr + PAGE_SIZE; + pte_t ptent = ptep_get(pte); - if (pte_uffd_wp(ptep_get(pte))) + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; ret = pagemap_scan_output(p->cur_vma_category | PAGE_IS_WRITTEN, p, addr, &next); @@ -2199,7 +2202,7 @@ static int pagemap_scan_pmd_entry(pmd_t break; if (~p->arg.flags & PM_SCAN_WP_MATCHING) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; @@ -2208,8 +2211,9 @@ static int pagemap_scan_pmd_entry(pmd_t } for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { + pte_t ptent = ptep_get(pte); unsigned long categories = p->cur_vma_category | - pagemap_page_category(p, vma, addr, ptep_get(pte)); + pagemap_page_category(p, vma, addr, ptent); unsigned long next = addr + PAGE_SIZE; if (!pagemap_scan_is_interesting_page(categories, p)) @@ -2224,7 +2228,7 @@ static int pagemap_scan_pmd_entry(pmd_t if (~categories & PAGE_IS_WRITTEN) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 1 month

1
0
0 0

+ bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS has been added to the -mm mm-hotfixes-unstable branch. Its filename is bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS Date: Mon, 29 Apr 2024 15:47:51 +0100 bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Link: https://lkml.kernel.org/r/20240429144807.3012361-1-willy@infradead.org Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: �� <m.novosyolov(a)rosalinux.ru> Tested-by: �� <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_mapping.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch mm-simplify-thp_vma_allowable_order.patch mm-assert-the-mmap_lock-is-held-in-__anon_vma_prepare.patch mm-delay-the-check-for-a-null-anon_vma.patch mm-fix-some-minor-per-vma-lock-issues-in-userfaultfd.patch mm-optimise-vmf_anon_prepare-for-vmas-without-an-anon_vma.patch squashfs-convert-squashfs_symlink_read_folio-to-use-folio-apis.patch squashfs-remove-calls-to-set-the-folio-error-flag.patch

1 year, 1 month

1
0
0 0

[PATCH v2] efi: libstub: only free priv.runtime_map when allocated

by Hagar Hemdan

priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an uninitialized value to free_pool. Free priv.runtime_map only when it was allocated. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: f80d26043af9 ("efi: libstub: avoid efi_get_memory_map() for allocating the virt map") Cc: stable(a)vger.kernel.org Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- v2: added Cc stable tag to the commit message as requested by kernel test robot. --- drivers/firmware/efi/libstub/fdt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c index 70e9789ff9de..6a337f1f8787 100644 --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c @@ -335,8 +335,8 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle, fail: efi_free(fdt_size, fdt_addr); - - efi_bs_call(free_pool, priv.runtime_map); + if (!efi_novamap) + efi_bs_call(free_pool, priv.runtime_map); return EFI_LOAD_ERROR; } -- 2.40.1

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042952-germless-unguarded-1be2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 1 month

3
2
0 0

[PATCH] bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS

by Matthew Wilcox (Oracle)

bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Reported-by: Михаил Новоселов <m.novosyolov(a)rosalinux.ru> Tested-by: Ильфат Гаптрахманов <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bounds.c b/kernel/bounds.c index c5a9fcd2d622..8553368ccf79 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN -- 2.43.0

1 year, 1 month

2
1
0 0

[PATCH] media: dw2102: Fix size check

by Ricardo Ribalda

The data is going to be copied at state->data[4], not at state->data[1], fix the check to avoid stack overruns. Found with smatch: drivers/media/usb/dvb-usb/dw2102.c:802 su3000_i2c_transfer() error: __builtin_memcpy() '&state->data[4]' too small (64 vs 67) drivers/media/usb/dvb-usb/dw2102.c:802 su3000_i2c_transfer() error: __builtin_memcpy() '&state->data[4]' too small (64 vs 67) Cc: <stable(a)vger.kernel.org> Fixes: 0e148a522b84 ("media: dw2102: Don't translate i2c read into write") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- This time it could be relevant though. --- drivers/media/usb/dvb-usb/dw2102.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c index 03b411ad64bb..79e2ccf974c9 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c @@ -789,7 +789,7 @@ static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], if (msg[j].flags & I2C_M_RD) { /* single read */ - if (1 + msg[j].len > sizeof(state->data)) { + if (4 + msg[j].len > sizeof(state->data)) { warn("i2c rd: len=%d is too big!\n", msg[j].len); num = -EOPNOTSUPP; break; --- base-commit: cefc10d0d9164eb2f62e789b69dc658dc851eb58 change-id: 20240429-dw2102-ed3d128a1582 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 1 month

1
0
0 0

[regression 6.1.80+] "CIFS: VFS: directory entry name would overflow frame end of buf" and invisible files under certain conditions and at least with noserverino mount option

by Salvatore Bonaccorso

Hi Paulo, hi all In Debian we got two reports of cifs mounts not functioning, hiding certain files. The two reports are: https://bugs.debian.org/1069102 https://bugs.debian.org/1069092 On those cases kernel logs error [ 23.225952] CIFS: VFS: directory entry name would overflow frame end of buf 00000000a44b272c I do not have yet a minimal reproducing setup, but I was able to reproduce the the issue cerating a simple share (done for simplicity with ksmbd): [global] ... [poc] path = /srv/data valid users = root read only = no Within /srv/data create an empty file libfoo: # touch /srv/data/libfoo The share is mounted with noserverino (the issue is not reproducible without at least in my case): mount -t cifs -o noserverino //server/poc /mnt On each access of /mnt a new error is logged, while not showing the libfoo file: [ 23.225952] CIFS: VFS: directory entry name would overflow frame end of buf 00000000a44b272c [ 603.494356] CIFS: VFS: directory entry name would overflow frame end of buf 000000001dbf54e1 [ 633.217689] CIFS: VFS: directory entry name would overflow frame end of buf 00000000fb4597c4 [ 642.791862] CIFS: VFS: directory entry name would overflow frame end of buf 0000000023b48528 I have verified that reverting in 6.1.y the commit 0947d0d463d4 ("smb: client: set correct d_type for reparse points under DFS mounts") on top of 6.1.87 fixes the issue. #regzbot introduced: 0947d0d463d4 I can try to make a clean environment to reproeduce the issue, but I'm not yet there. But the regression is related to 0947d0d463d4 ("smb: client: set correct d_type for reparse points under DFS mounts"). The mentioned commit was as well part of 6.7.7 at least, but I'm not able to reproduce the issue from another client running 6.7,9. Does that ring some bell? Regards, Salvatore

1 year, 1 month

3
8
0 0

[PATCH] ALSA: hda: intel-dsp-config: Fix Huawei Matebook D14 NBLB-WAX9N quirk detection

by Mauro Carvalho Chehab

Newer Matebook D14 model comes with essx8336 and supports SOF, but the initial models use the legacy driver, with a Realtek ALC 256 AC97 chip on it. The BIOS seems to be prepared to be used by both models, so it contains an entry for ESSX8336 on its DSDT table. Add a quirk, as otherwise dspconfig driver will try to load SOF, causing audio probe to fail. Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> --- sound/hda/intel-dsp-config.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/sound/hda/intel-dsp-config.c b/sound/hda/intel-dsp-config.c index 6a384b922e4f..8e728f0585dd 100644 --- a/sound/hda/intel-dsp-config.c +++ b/sound/hda/intel-dsp-config.c @@ -46,6 +46,22 @@ static const struct snd_soc_acpi_codecs __maybe_unused essx_83x6 = { * - the first successful match will win */ static const struct config_entry config_table[] = { + /* Quirks */ + { + .flags = 0, /* Model uses AC97 with Realtek ALC 256 */ + .device = PCI_DEVICE_ID_INTEL_HDA_CML_LP, + .dmi_table = (const struct dmi_system_id []) { + { + .ident = "Huawei NBLB-WAX9N", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HUAWEI"), + DMI_MATCH(DMI_PRODUCT_NAME, "NBLB-WAX9N"), + } + }, + {} + } + }, + /* Merrifield */ #if IS_ENABLED(CONFIG_SND_SOC_SOF_MERRIFIELD) { -- 2.44.0

1 year, 1 month

4
10
0 0

FAILED: patch "[PATCH] fbdev: fix incorrect address computation in deferred IO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 78d9161d2bcd442d93d917339297ffa057dbee8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042951-barbell-aeration-a1ce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 78d9161d2bcd ("fbdev: fix incorrect address computation in deferred IO") 3ed3811283dd ("fbdev: Refactor implementation of page_mkwrite") 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct") 856082f021a2 ("fbdev: defio: fix the pagelist corruption") 8c30e2d81bfd ("fbdev: Don't sort deferred-I/O pages by default") 105a940416fc ("fbdev/defio: Early-out if page is already enlisted") 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper") aa15c677cc34 ("drm/fb-helper: Fix vertical damage clipping") a3c286dcef7f ("drm/fb-helper: Fix clip rectangle height") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 78d9161d2bcd442d93d917339297ffa057dbee8c Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Tue, 23 Apr 2024 13:50:53 +0200 Subject: [PATCH] fbdev: fix incorrect address computation in deferred IO With deferred IO enabled, a page fault happens when data is written to the framebuffer device. Then driver determines which page is being updated by calculating the offset of the written virtual address within the virtual memory area, and uses this offset to get the updated page within the internal buffer. This page is later copied to hardware (thus the name "deferred IO"). This offset calculation is only correct if the virtual memory area is mapped to the beginning of the internal buffer. Otherwise this is wrong. For example, if users do: mmap(ptr, 4096, PROT_WRITE, MAP_FIXED | MAP_SHARED, fd, 0xff000); Then the virtual memory area will mapped at offset 0xff000 within the internal buffer. This offset 0xff000 is not accounted for, and wrong page is updated. Correct the calculation by using vmf->pgoff instead. With this change, the variable "offset" will no longer hold the exact offset value, but it is rounded down to multiples of PAGE_SIZE. But this is still correct, because this variable is only used to calculate the page offset. Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Closes: https://lore.kernel.org/linux-fbdev/271372d6-e665-4e7f-b088-dee5f4ab341a@or… Fixes: 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240423115053.4490-1-namcao@… diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c index dae96c9f61cf..806ecd32219b 100644 --- a/drivers/video/fbdev/core/fb_defio.c +++ b/drivers/video/fbdev/core/fb_defio.c @@ -196,7 +196,7 @@ static vm_fault_t fb_deferred_io_track_page(struct fb_info *info, unsigned long */ static vm_fault_t fb_deferred_io_page_mkwrite(struct fb_info *info, struct vm_fault *vmf) { - unsigned long offset = vmf->address - vmf->vma->vm_start; + unsigned long offset = vmf->pgoff << PAGE_SHIFT; struct page *page = vmf->page; file_update_time(vmf->vma->vm_file);

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] mm: zswap: fix shrinker NULL crash with cgroup_disable=memory" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 682886ec69d22363819a83ddddd5d66cb5c791e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042923-monday-hamlet-26ca@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 682886ec69d2 ("mm: zswap: fix shrinker NULL crash with cgroup_disable=memory") 30fb6a8d9e33 ("mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion") e35606e4167d ("mm/zswap: global lru and shrinker shared by all zswap_pools fix") bf9b7df23cb3 ("mm/zswap: global lru and shrinker shared by all zswap_pools") 5182661a11ba ("mm: zswap: function ordering: move entry sections out of LRU section") 506a86c5e221 ("mm: zswap: function ordering: public lru api") abca07c04aa5 ("mm: zswap: function ordering: pool params") c1a0ecb82bdc ("mm: zswap: function ordering: zswap_pools") 39f3ec8eaa60 ("mm: zswap: function ordering: pool refcounting") a984649b5c1f ("mm: zswap: function ordering: pool alloc & free") be7fc97c5283 ("mm: zswap: further cleanup zswap_store()") fa9ad6e21003 ("mm: zswap: break out zwap_compress()") ff2972aa1b5d ("mm: zswap: rename __zswap_load() to zswap_decompress()") 7dd1f7f0fc1c ("mm: zswap: move zswap_invalidate_entry() to related functions") 5b297f70bb26 ("mm: zswap: inline and remove zswap_entry_find_get()") 5878303c5353 ("mm/zswap: fix race between lru writeback and swapoff") db128f5fdee9 ("mm: zswap: remove unused tree argument in zswap_entry_put()") 44c7c734a513 ("mm/zswap: split zswap rb-tree") bb29fd7760ae ("mm/zswap: make sure each swapfile always have zswap rb-tree") 8409a385a6b4 ("mm/zswap: improve with alloc_workqueue() call") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 682886ec69d22363819a83ddddd5d66cb5c791e1 Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Thu, 18 Apr 2024 08:26:28 -0400 Subject: [PATCH] mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252 Link: https://lkml.kernel.org/r/20240418124043.GC1055428@cmpxchg.org Link: https://lkml.kernel.org/r/20240417143324.GA1055428@cmpxchg.org Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Christian Heusel <christian(a)heusel.eu> Debugged-by: Nhat Pham <nphamcs(a)gmail.com> Suggested-by: Nhat Pham <nphamcs(a)gmail.com> Tested-by: Christian Heusel <christian(a)heusel.eu> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Richard W.M. Jones <rjones(a)redhat.com> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Vitaly Wool <vitaly.wool(a)konsulko.com> Cc: <stable(a)vger.kernel.org> [v6.8] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/zswap.c b/mm/zswap.c index caed028945b0..6f8850c44b61 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1331,15 +1331,22 @@ static unsigned long zswap_shrinker_count(struct shrinker *shrinker, if (!gfp_has_io_fs(sc->gfp_mask)) return 0; -#ifdef CONFIG_MEMCG_KMEM - mem_cgroup_flush_stats(memcg); - nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; - nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); -#else - /* use pool stats instead of memcg stats */ - nr_backing = zswap_pool_total_size >> PAGE_SHIFT; - nr_stored = atomic_read(&zswap_nr_stored); -#endif + /* + * For memcg, use the cgroup-wide ZSWAP stats since we don't + * have them per-node and thus per-lruvec. Careful if memcg is + * runtime-disabled: we can get sc->memcg == NULL, which is ok + * for the lruvec, but not for memcg_page_state(). + * + * Without memcg, use the zswap pool-wide metrics. + */ + if (!mem_cgroup_disabled()) { + mem_cgroup_flush_stats(memcg); + nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; + nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); + } else { + nr_backing = zswap_pool_total_size >> PAGE_SHIFT; + nr_stored = atomic_read(&zswap_nr_stored); + } if (!nr_stored) return 0;

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] mm: turn folio_test_hugetlb into a PageType" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d99e3140a4d33e26066183ff727d8f02f56bec64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042907-unquote-thank-8de2@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") 55c49fee57af ("mm/vmalloc: remove vmap_area_list") d093602919ad ("mm: vmalloc: remove global vmap_area_root rb-tree") 7fa8cee00316 ("mm: vmalloc: move vmap_init_free_space() down in vmalloc.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d99e3140a4d33e26066183ff727d8f02f56bec64 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Thu, 21 Mar 2024 14:24:43 +0000 Subject: [PATCH] mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [willy(a)infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org Link: https://lkml.kernel.org/r/20240321142448.1645400-6-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Luis Chamberlain <mcgrof(a)kernel.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218227 Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 35a0087d0910..4bf1c25fd1dc 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -190,7 +190,6 @@ enum pageflags { /* At least one page in this folio has the hwpoison flag set */ PG_has_hwpoisoned = PG_error, - PG_hugetlb = PG_active, PG_large_rmappable = PG_workingset, /* anon or file-backed */ }; @@ -876,29 +875,6 @@ TESTPAGEFLAG_FALSE(LargeRmappable, large_rmappable) #define PG_head_mask ((1UL << PG_head)) -#ifdef CONFIG_HUGETLB_PAGE -int PageHuge(const struct page *page); -SETPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) -CLEARPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) - -/** - * folio_test_hugetlb - Determine if the folio belongs to hugetlbfs - * @folio: The folio to test. - * - * Context: Any context. Caller should have a reference on the folio to - * prevent it from being turned into a tail page. - * Return: True for hugetlbfs folios, false for anon folios or folios - * belonging to other filesystems. - */ -static inline bool folio_test_hugetlb(const struct folio *folio) -{ - return folio_test_large(folio) && - test_bit(PG_hugetlb, const_folio_flags(folio, 1)); -} -#else -TESTPAGEFLAG_FALSE(Huge, hugetlb) -#endif - #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* * PageHuge() only returns true for hugetlbfs pages, but not for @@ -954,18 +930,6 @@ PAGEFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) TESTSCFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) #endif -/* - * Check if a page is currently marked HWPoisoned. Note that this check is - * best effort only and inherently racy: there is no way to synchronize with - * failing hardware. - */ -static inline bool is_page_hwpoison(struct page *page) -{ - if (PageHWPoison(page)) - return true; - return PageHuge(page) && PageHWPoison(compound_head(page)); -} - /* * For pages that are never mapped to userspace (and aren't PageSlab), * page_type may be used. Because it is initialised to -1, we invert the @@ -982,6 +946,7 @@ static inline bool is_page_hwpoison(struct page *page) #define PG_offline 0x00000100 #define PG_table 0x00000200 #define PG_guard 0x00000400 +#define PG_hugetlb 0x00000800 #define PageType(page, flag) \ ((page->page_type & (PAGE_TYPE_BASE | flag)) == PAGE_TYPE_BASE) @@ -1076,6 +1041,37 @@ PAGE_TYPE_OPS(Table, table, pgtable) */ PAGE_TYPE_OPS(Guard, guard, guard) +#ifdef CONFIG_HUGETLB_PAGE +FOLIO_TYPE_OPS(hugetlb, hugetlb) +#else +FOLIO_TEST_FLAG_FALSE(hugetlb) +#endif + +/** + * PageHuge - Determine if the page belongs to hugetlbfs + * @page: The page to test. + * + * Context: Any context. + * Return: True for hugetlbfs pages, false for anon pages or pages + * belonging to other filesystems. + */ +static inline bool PageHuge(const struct page *page) +{ + return folio_test_hugetlb(page_folio(page)); +} + +/* + * Check if a page is currently marked HWPoisoned. Note that this check is + * best effort only and inherently racy: there is no way to synchronize with + * failing hardware. + */ +static inline bool is_page_hwpoison(struct page *page) +{ + if (PageHWPoison(page)) + return true; + return PageHuge(page) && PageHWPoison(compound_head(page)); +} + extern bool is_free_buddy_page(struct page *page); PAGEFLAG(Isolated, isolated, PF_ANY); @@ -1142,7 +1138,7 @@ static __always_inline void __ClearPageAnonExclusive(struct page *page) */ #define PAGE_FLAGS_SECOND \ (0xffUL /* order */ | 1UL << PG_has_hwpoisoned | \ - 1UL << PG_hugetlb | 1UL << PG_large_rmappable) + 1UL << PG_large_rmappable) #define PAGE_FLAGS_PRIVATE \ (1UL << PG_private | 1UL << PG_private_2) diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h index d801409b33cf..d55e53ac91bd 100644 --- a/include/trace/events/mmflags.h +++ b/include/trace/events/mmflags.h @@ -135,6 +135,7 @@ IF_HAVE_PG_ARCH_X(arch_3) #define DEF_PAGETYPE_NAME(_name) { PG_##_name, __stringify(_name) } #define __def_pagetype_names \ + DEF_PAGETYPE_NAME(hugetlb), \ DEF_PAGETYPE_NAME(offline), \ DEF_PAGETYPE_NAME(guard), \ DEF_PAGETYPE_NAME(table), \ diff --git a/kernel/vmcore_info.c b/kernel/vmcore_info.c index f95516cd45bb..23c125c2e243 100644 --- a/kernel/vmcore_info.c +++ b/kernel/vmcore_info.c @@ -205,11 +205,10 @@ static int __init crash_save_vmcoreinfo_init(void) VMCOREINFO_NUMBER(PG_head_mask); #define PAGE_BUDDY_MAPCOUNT_VALUE (~PG_buddy) VMCOREINFO_NUMBER(PAGE_BUDDY_MAPCOUNT_VALUE); -#ifdef CONFIG_HUGETLB_PAGE - VMCOREINFO_NUMBER(PG_hugetlb); +#define PAGE_HUGETLB_MAPCOUNT_VALUE (~PG_hugetlb) + VMCOREINFO_NUMBER(PAGE_HUGETLB_MAPCOUNT_VALUE); #define PAGE_OFFLINE_MAPCOUNT_VALUE (~PG_offline) VMCOREINFO_NUMBER(PAGE_OFFLINE_MAPCOUNT_VALUE); -#endif #ifdef CONFIG_KALLSYMS VMCOREINFO_SYMBOL(kallsyms_names); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 53e0ab5c0845..4553241f0fb2 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1624,7 +1624,7 @@ static inline void __clear_hugetlb_destructor(struct hstate *h, { lockdep_assert_held(&hugetlb_lock); - folio_clear_hugetlb(folio); + __folio_clear_hugetlb(folio); } /* @@ -1711,7 +1711,7 @@ static void add_hugetlb_folio(struct hstate *h, struct folio *folio, h->surplus_huge_pages_node[nid]++; } - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); folio_change_private(folio, NULL); /* * We have to set hugetlb_vmemmap_optimized again as above @@ -2049,7 +2049,7 @@ static void __prep_account_new_huge_page(struct hstate *h, int nid) static void init_new_hugetlb_folio(struct hstate *h, struct folio *folio) { - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); INIT_LIST_HEAD(&folio->lru); hugetlb_set_folio_subpool(folio, NULL); set_hugetlb_cgroup(folio, NULL); @@ -2159,22 +2159,6 @@ static bool prep_compound_gigantic_folio_for_demote(struct folio *folio, return __prep_compound_gigantic_folio(folio, order, true); } -/* - * PageHuge() only returns true for hugetlbfs pages, but not for normal or - * transparent huge pages. See the PageTransHuge() documentation for more - * details. - */ -int PageHuge(const struct page *page) -{ - const struct folio *folio; - - if (!PageCompound(page)) - return 0; - folio = page_folio(page); - return folio_test_hugetlb(folio); -} -EXPORT_SYMBOL_GPL(PageHuge); - /* * Find and lock address space (mapping) in write mode. *

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] x86/tdx: Preserve shared bit on mprotect()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-modular-case-bbd4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a0a8d15a798b ("x86/tdx: Preserve shared bit on mprotect()") e45964771007 ("x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Wed, 24 Apr 2024 11:20:35 +0300 Subject: [PATCH] x86/tdx: Preserve shared bit on mprotect() The TDX guest platform takes one bit from the physical address to indicate if the page is shared (accessible by VMM). This bit is not part of the physical_mask and is not preserved during mprotect(). As a result, the 'shared' bit is lost during mprotect() on shared mappings. _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved during modification. AMD includes 'sme_me_mask' in the define to preserve the 'encrypt' bit. To cover both Intel and AMD cases, include 'cc_mask' in _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'. Reported-and-tested-by: Chris Oo <cho(a)microsoft.com> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to support TDX guests") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240424082035.4092071-1-kirill.shutemov%40linu… diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index c086699b0d0c..aa6c8f8ca958 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -25,6 +25,7 @@ u64 cc_mkdec(u64 val); void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) +static const u64 cc_mask = 0; static inline u64 cc_mkenc(u64 val) { diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 0b748ee16b3d..9abb8cc4cd47 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -148,7 +148,7 @@ #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | \ _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) @@ -173,6 +173,7 @@ enum page_cache_mode { }; #endif +#define _PAGE_CC (_AT(pteval_t, cc_mask)) #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] rust: remove `params` from `module` macro example" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 19843452dca40e28d6d3f4793d998b681d505c7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042924-ribcage-browsing-7e8b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 19843452dca4 ("rust: remove `params` from `module` macro example") b13c9880f909 ("rust: macros: take string literals in `module!`") c3630df66f95 ("rust: samples: add `rust_print` example") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19843452dca40e28d6d3f4793d998b681d505c7f Mon Sep 17 00:00:00 2001 From: Aswin Unnikrishnan <aswinunni01(a)gmail.com> Date: Fri, 19 Apr 2024 21:50:13 +0000 Subject: [PATCH] rust: remove `params` from `module` macro example Remove argument `params` from the `module` macro example, because the macro does not currently support module parameters since it was not sent with the initial merge. Signed-off-by: Aswin Unnikrishnan <aswinunni01(a)gmail.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 1fbde52bde73 ("rust: add `macros` crate") Link: https://lore.kernel.org/r/20240419215015.157258-1-aswinunni01@gmail.com [ Reworded slightly. ] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index f489f3157383..520eae5fd792 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -35,18 +35,6 @@ use proc_macro::TokenStream; /// author: "Rust for Linux Contributors", /// description: "My very own kernel module!", /// license: "GPL", -/// params: { -/// my_i32: i32 { -/// default: 42, -/// permissions: 0o000, -/// description: "Example of i32", -/// }, -/// writeable_i32: i32 { -/// default: 42, -/// permissions: 0o644, -/// description: "Example of i32", -/// }, -/// }, /// } /// /// struct MyModule;

1 year, 1 month

3
2
0 0

Serious regression on 6.1.x-stable caused by "bounds: support non-power-of-two CONFIG_NR_CPUS"

by Mikhail Novosyolov

Hello, colleagues. Commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a "bounds: support non-power-of-two CONFIG_NR_CPUS" (https://github.com/torvalds/linux/commit/f2d5dcb48f7ba9e3ff249d58fc1fa963d3…) was backported to 6.1.x-stable (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…), but causes a serious regression on quite a lot of hardware with AMD GPUs, kernel panics. It was backported to 6.1.84, 6.1.84 has problems, 6/1/83 does not, the newest 6.1.88 still has this problem. The problem is described here: https://gitlab.freedesktop.org/drm/amd/-/issues/3347

1 year, 1 month

4
4
0 0

[PATCH v3 0/3] usb: typec: tipd: fix event checking in interrupt service routines

by Javier Carrasco

The ISRs of the tps25750 and tps6598x do not handle generated events properly under all circumstances. The tps6598x ISR does not read all bits of the INT_EVENTX registers in newer devices (tps65987 and tps65988, which have 11-byte interrupt registers), leaving events signaled with bits above 64 unattended. Moreover, these events are not cleared, leaving the interrupt enabled. The tps25750 reads all bits of the INT_EVENT1 register, but the event checking is not right because the same event is checked in two different regions of the same register by means of an OR operation. This series aims to fix both issues by reading all bits of the INT_EVENTX registers, and limiting the event checking to the region where the supported events are defined (currently they are limited to the first 64 bits of the registers, as the are defined as BIT_ULL()). In order to identify the interrupt register size, a simple mechanism has been added to read the version register and select the right size accordingly. This mechanism has been tested with a TPS65987DDHRSHR (DH variant) which returned the expected value (0xF7). If the need for events above the first 64 bits of the INT_EVENTX registers arises, a different mechanism might be required. But for the current needs, all definitions can be left as they are. When at it, an explicit device_get_match_data() (which is already contained in i2c_get_match_data()) has been removed. Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> --- Changes in v3: - Remove explicit usage of device_get_match_data() (new patch). - Fix series versioning (last resend should have been v2). - Keep 64 bit reads in the interrupt handler for tps65981/2/6 by reading the version register. - Link to v2: https://lore.kernel.org/r/20240328-tps6598x_fix_event_handling-v1-0-502721f… Changes in v2: - Add Cc tag for 'stable' (fixes). - Link to v1: https://lore.kernel.org/r/20240325-tps6598x_fix_event_handling-v1-0-633fe0c… --- Javier Carrasco (3): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x usb: typec: tipd: rely on i2c_get_match_data() drivers/usb/typec/tipd/core.c | 56 +++++++++++++++++++++++++-------------- drivers/usb/typec/tipd/tps6598x.h | 11 ++++++++ 2 files changed, 47 insertions(+), 20 deletions(-) --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85 Best regards, -- Javier Carrasco <javier.carrasco(a)wolfvision.net>

1 year, 1 month

1
2
0 0

[PATCH stable,5.10 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 5.10 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 5.10 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 1 month

3
5
0 0

FAILED: patch "[PATCH] mm: turn folio_test_hugetlb into a PageType" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d99e3140a4d33e26066183ff727d8f02f56bec64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-squint-barometer-51de@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") 55c49fee57af ("mm/vmalloc: remove vmap_area_list") d093602919ad ("mm: vmalloc: remove global vmap_area_root rb-tree") 7fa8cee00316 ("mm: vmalloc: move vmap_init_free_space() down in vmalloc.c") 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") 9f2a63523582 ("Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d99e3140a4d33e26066183ff727d8f02f56bec64 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Thu, 21 Mar 2024 14:24:43 +0000 Subject: [PATCH] mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [willy(a)infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org Link: https://lkml.kernel.org/r/20240321142448.1645400-6-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Luis Chamberlain <mcgrof(a)kernel.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218227 Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 35a0087d0910..4bf1c25fd1dc 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -190,7 +190,6 @@ enum pageflags { /* At least one page in this folio has the hwpoison flag set */ PG_has_hwpoisoned = PG_error, - PG_hugetlb = PG_active, PG_large_rmappable = PG_workingset, /* anon or file-backed */ }; @@ -876,29 +875,6 @@ TESTPAGEFLAG_FALSE(LargeRmappable, large_rmappable) #define PG_head_mask ((1UL << PG_head)) -#ifdef CONFIG_HUGETLB_PAGE -int PageHuge(const struct page *page); -SETPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) -CLEARPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) - -/** - * folio_test_hugetlb - Determine if the folio belongs to hugetlbfs - * @folio: The folio to test. - * - * Context: Any context. Caller should have a reference on the folio to - * prevent it from being turned into a tail page. - * Return: True for hugetlbfs folios, false for anon folios or folios - * belonging to other filesystems. - */ -static inline bool folio_test_hugetlb(const struct folio *folio) -{ - return folio_test_large(folio) && - test_bit(PG_hugetlb, const_folio_flags(folio, 1)); -} -#else -TESTPAGEFLAG_FALSE(Huge, hugetlb) -#endif - #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* * PageHuge() only returns true for hugetlbfs pages, but not for @@ -954,18 +930,6 @@ PAGEFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) TESTSCFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) #endif -/* - * Check if a page is currently marked HWPoisoned. Note that this check is - * best effort only and inherently racy: there is no way to synchronize with - * failing hardware. - */ -static inline bool is_page_hwpoison(struct page *page) -{ - if (PageHWPoison(page)) - return true; - return PageHuge(page) && PageHWPoison(compound_head(page)); -} - /* * For pages that are never mapped to userspace (and aren't PageSlab), * page_type may be used. Because it is initialised to -1, we invert the @@ -982,6 +946,7 @@ static inline bool is_page_hwpoison(struct page *page) #define PG_offline 0x00000100 #define PG_table 0x00000200 #define PG_guard 0x00000400 +#define PG_hugetlb 0x00000800 #define PageType(page, flag) \ ((page->page_type & (PAGE_TYPE_BASE | flag)) == PAGE_TYPE_BASE) @@ -1076,6 +1041,37 @@ PAGE_TYPE_OPS(Table, table, pgtable) */ PAGE_TYPE_OPS(Guard, guard, guard) +#ifdef CONFIG_HUGETLB_PAGE +FOLIO_TYPE_OPS(hugetlb, hugetlb) +#else +FOLIO_TEST_FLAG_FALSE(hugetlb) +#endif + +/** + * PageHuge - Determine if the page belongs to hugetlbfs + * @page: The page to test. + * + * Context: Any context. + * Return: True for hugetlbfs pages, false for anon pages or pages + * belonging to other filesystems. + */ +static inline bool PageHuge(const struct page *page) +{ + return folio_test_hugetlb(page_folio(page)); +} + +/* + * Check if a page is currently marked HWPoisoned. Note that this check is + * best effort only and inherently racy: there is no way to synchronize with + * failing hardware. + */ +static inline bool is_page_hwpoison(struct page *page) +{ + if (PageHWPoison(page)) + return true; + return PageHuge(page) && PageHWPoison(compound_head(page)); +} + extern bool is_free_buddy_page(struct page *page); PAGEFLAG(Isolated, isolated, PF_ANY); @@ -1142,7 +1138,7 @@ static __always_inline void __ClearPageAnonExclusive(struct page *page) */ #define PAGE_FLAGS_SECOND \ (0xffUL /* order */ | 1UL << PG_has_hwpoisoned | \ - 1UL << PG_hugetlb | 1UL << PG_large_rmappable) + 1UL << PG_large_rmappable) #define PAGE_FLAGS_PRIVATE \ (1UL << PG_private | 1UL << PG_private_2) diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h index d801409b33cf..d55e53ac91bd 100644 --- a/include/trace/events/mmflags.h +++ b/include/trace/events/mmflags.h @@ -135,6 +135,7 @@ IF_HAVE_PG_ARCH_X(arch_3) #define DEF_PAGETYPE_NAME(_name) { PG_##_name, __stringify(_name) } #define __def_pagetype_names \ + DEF_PAGETYPE_NAME(hugetlb), \ DEF_PAGETYPE_NAME(offline), \ DEF_PAGETYPE_NAME(guard), \ DEF_PAGETYPE_NAME(table), \ diff --git a/kernel/vmcore_info.c b/kernel/vmcore_info.c index f95516cd45bb..23c125c2e243 100644 --- a/kernel/vmcore_info.c +++ b/kernel/vmcore_info.c @@ -205,11 +205,10 @@ static int __init crash_save_vmcoreinfo_init(void) VMCOREINFO_NUMBER(PG_head_mask); #define PAGE_BUDDY_MAPCOUNT_VALUE (~PG_buddy) VMCOREINFO_NUMBER(PAGE_BUDDY_MAPCOUNT_VALUE); -#ifdef CONFIG_HUGETLB_PAGE - VMCOREINFO_NUMBER(PG_hugetlb); +#define PAGE_HUGETLB_MAPCOUNT_VALUE (~PG_hugetlb) + VMCOREINFO_NUMBER(PAGE_HUGETLB_MAPCOUNT_VALUE); #define PAGE_OFFLINE_MAPCOUNT_VALUE (~PG_offline) VMCOREINFO_NUMBER(PAGE_OFFLINE_MAPCOUNT_VALUE); -#endif #ifdef CONFIG_KALLSYMS VMCOREINFO_SYMBOL(kallsyms_names); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 53e0ab5c0845..4553241f0fb2 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1624,7 +1624,7 @@ static inline void __clear_hugetlb_destructor(struct hstate *h, { lockdep_assert_held(&hugetlb_lock); - folio_clear_hugetlb(folio); + __folio_clear_hugetlb(folio); } /* @@ -1711,7 +1711,7 @@ static void add_hugetlb_folio(struct hstate *h, struct folio *folio, h->surplus_huge_pages_node[nid]++; } - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); folio_change_private(folio, NULL); /* * We have to set hugetlb_vmemmap_optimized again as above @@ -2049,7 +2049,7 @@ static void __prep_account_new_huge_page(struct hstate *h, int nid) static void init_new_hugetlb_folio(struct hstate *h, struct folio *folio) { - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); INIT_LIST_HEAD(&folio->lru); hugetlb_set_folio_subpool(folio, NULL); set_hugetlb_cgroup(folio, NULL); @@ -2159,22 +2159,6 @@ static bool prep_compound_gigantic_folio_for_demote(struct folio *folio, return __prep_compound_gigantic_folio(folio, order, true); } -/* - * PageHuge() only returns true for hugetlbfs pages, but not for normal or - * transparent huge pages. See the PageTransHuge() documentation for more - * details. - */ -int PageHuge(const struct page *page) -{ - const struct folio *folio; - - if (!PageCompound(page)) - return 0; - folio = page_folio(page); - return folio_test_hugetlb(folio); -} -EXPORT_SYMBOL_GPL(PageHuge); - /* * Find and lock address space (mapping) in write mode. *

1 year, 1 month

2
1
0 0

[PATCH] drm/i915/gt: Automate CCS Mode setting during engine resets

by Andi Shyti

We missed setting the CCS mode during resume and engine resets. Create a workaround to be added in the engine's workaround list. This workaround sets the XEHP_CCS_MODE value at every reset. The issue can be reproduced by running: $ clpeak --kernel-latency Without resetting the CCS mode, we encounter a fence timeout: Fence expiration time out i915-0000:03:00.0:clpeak[2387]:2! Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/10895 Fixes: 6db31251bb26 ("drm/i915/gt: Enable only one CCS for compute workload") Reported-by: Gnattu OC <gnattuoc(a)me.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.2+ --- Hi Gnattu, thanks again for reporting this issue and for your prompt replies on the issue. Would you give this patch a chance? Andi drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +++--- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c index 044219c5960a..99b71bb7da0a 100644 --- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c +++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c @@ -8,14 +8,14 @@ #include "intel_gt_ccs_mode.h" #include "intel_gt_regs.h" -void intel_gt_apply_ccs_mode(struct intel_gt *gt) +unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt) { int cslice; u32 mode = 0; int first_ccs = __ffs(CCS_MASK(gt)); if (!IS_DG2(gt->i915)) - return; + return 0; /* Build the value for the fixed CCS load balancing */ for (cslice = 0; cslice < I915_MAX_CCS; cslice++) { @@ -35,5 +35,5 @@ void intel_gt_apply_ccs_mode(struct intel_gt *gt) XEHP_CCS_MODE_CSLICE_MASK); } - intel_uncore_write(gt->uncore, XEHP_CCS_MODE, mode); + return mode; } diff --git a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h index 9e5549caeb26..55547f2ff426 100644 --- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h +++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h @@ -8,6 +8,6 @@ struct intel_gt; -void intel_gt_apply_ccs_mode(struct intel_gt *gt); +unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt); #endif /* __INTEL_GT_CCS_MODE_H__ */ diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c index 68b6aa11bcf7..58693923bf6c 100644 --- a/drivers/gpu/drm/i915/gt/intel_workarounds.c +++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c @@ -2703,6 +2703,7 @@ add_render_compute_tuning_settings(struct intel_gt *gt, static void ccs_engine_wa_mode(struct intel_engine_cs *engine, struct i915_wa_list *wal) { struct intel_gt *gt = engine->gt; + u32 mode; if (!IS_DG2(gt->i915)) return; @@ -2719,7 +2720,8 @@ static void ccs_engine_wa_mode(struct intel_engine_cs *engine, struct i915_wa_li * After having disabled automatic load balancing we need to * assign all slices to a single CCS. We will call it CCS mode 1 */ - intel_gt_apply_ccs_mode(gt); + mode = intel_gt_apply_ccs_mode(gt); + wa_masked_en(wal, XEHP_CCS_MODE, mode); } /* -- 2.43.0

1 year, 1 month

3
3
0 0

FAILED: patch "[PATCH] kbuild: rust: force `alloc` extern to allow "empty" Rust" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ded103c7eb23753f22597afa500a7c1ad34116ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042909-whimsical-drapery-40d1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ded103c7eb23 ("kbuild: rust: force `alloc` extern to allow "empty" Rust files") 295d8398c67e ("kbuild: specify output names separately for each emission type from rustc") 16169a47d5c3 ("kbuild: refactor host*_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ded103c7eb23753f22597afa500a7c1ad34116ba Mon Sep 17 00:00:00 2001 From: Miguel Ojeda <ojeda(a)kernel.org> Date: Mon, 22 Apr 2024 11:06:44 +0200 Subject: [PATCH] kbuild: rust: force `alloc` extern to allow "empty" Rust files If one attempts to build an essentially empty file somewhere in the kernel tree, it leads to a build error because the compiler does not recognize the `new_uninit` unstable feature: error[E0635]: unknown feature `new_uninit` --> <crate attribute>:1:9 | 1 | feature(new_uninit) | ^^^^^^^^^^ The reason is that we pass `-Zcrate-attr='feature(new_uninit)'` (together with `-Zallow-features=new_uninit`) to let non-`rust/` code use that unstable feature. However, the compiler only recognizes the feature if the `alloc` crate is resolved (the feature is an `alloc` one). `--extern alloc`, which we pass, is not enough to resolve the crate. Introducing a reference like `use alloc;` or `extern crate alloc;` solves the issue, thus this is not seen in normal files. For instance, `use`ing the `kernel` prelude introduces such a reference, since `alloc` is used inside. While normal use of the build system is not impacted by this, it can still be fairly confusing for kernel developers [1], thus use the unstable `force` option of `--extern` [2] (added in Rust 1.71 [3]) to force the compiler to resolve `alloc`. This new unstable feature is only needed meanwhile we use the other unstable feature, since then we will not need `-Zcrate-attr`. Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Daniel Almeida <daniel.almeida(a)collabora.com> Reported-by: Julian Stecklina <julian.stecklina(a)cyberus-technology.de> Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/x/… [1] Fixes: 2f7ab1267dc9 ("Kbuild: add Rust support") Link: https://github.com/rust-lang/rust/issues/111302 [2] Link: https://github.com/rust-lang/rust/pull/109421 [3] Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Gary Guo <gary(a)garyguo.net> Link: https://lore.kernel.org/r/20240422090644.525520-1-ojeda@kernel.org Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/scripts/Makefile.build b/scripts/Makefile.build index baf86c0880b6..533a7799fdfe 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -273,7 +273,7 @@ rust_common_cmd = \ -Zallow-features=$(rust_allowed_features) \ -Zcrate-attr=no_std \ -Zcrate-attr='feature($(rust_allowed_features))' \ - --extern alloc --extern kernel \ + -Zunstable-options --extern force:alloc --extern kernel \ --crate-type rlib -L $(objtree)/rust/ \ --crate-name $(basename $(notdir $@)) \ --sysroot=/dev/null \

1 year, 1 month

3
5
0 0

FAILED: patch "[PATCH] macsec: Detect if Rx skb is macsec-related for offloading" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 642c984dd0e37dbaec9f87bd1211e5fac1f142bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042928-mastiff-unmasked-6a54@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 642c984dd0e3 ("macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 642c984dd0e37dbaec9f87bd1211e5fac1f142bf Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:04 -0700 Subject: [PATCH] macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Can now correctly identify where the packets should be delivered by using md_dst or its absence on devices that provide it. This detection is not possible without device drivers that update md_dst. A fallback pattern should be used for supporting such device drivers. This fallback mode causes multicast messages to be cloned to both the non-macsec and macsec ports, independent of whether the multicast message received was encrypted over MACsec or not. Other non-macsec traffic may also fail to be handled correctly for devices in promiscuous mode. Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/ Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0206b84284ab..ff016c11b4a0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -999,10 +999,12 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) struct metadata_dst *md_dst; struct macsec_rxh_data *rxd; struct macsec_dev *macsec; + bool is_macsec_md_dst; rcu_read_lock(); rxd = macsec_data_rcu(skb->dev); md_dst = skb_metadata_dst(skb); + is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC; list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; @@ -1013,14 +1015,42 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) * the SecTAG, so we have to deduce which port to deliver to. */ if (macsec_is_offloaded(macsec) && netif_running(ndev)) { - struct macsec_rx_sc *rx_sc = NULL; + const struct macsec_ops *ops; - if (md_dst && md_dst->type == METADATA_MACSEC) - rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); + ops = macsec_get_ops(macsec, NULL); - if (md_dst && md_dst->type == METADATA_MACSEC && !rx_sc) + if (ops->rx_uses_md_dst && !is_macsec_md_dst) continue; + if (is_macsec_md_dst) { + struct macsec_rx_sc *rx_sc; + + /* All drivers that implement MACsec offload + * support using skb metadata destinations must + * indicate that they do so. + */ + DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst); + rx_sc = find_rx_sc(&macsec->secy, + md_dst->u.macsec_info.sci); + if (!rx_sc) + continue; + /* device indicated macsec offload occurred */ + skb->dev = ndev; + skb->pkt_type = PACKET_HOST; + eth_skb_pkt_type(skb, ndev); + ret = RX_HANDLER_ANOTHER; + goto out; + } + + /* This datapath is insecure because it is unable to + * enforce isolation of broadcast/multicast traffic and + * unicast traffic with promiscuous mode on the macsec + * netdev. Since the core stack has no mechanism to + * check that the hardware did indeed receive MACsec + * traffic, it is possible that the response handling + * done by the MACsec port was to a plaintext packet. + * This violates the MACsec protocol standard. + */ if (ether_addr_equal_64bits(hdr->h_dest, ndev->dev_addr)) { /* exact match, divert skb to this port */ @@ -1036,14 +1066,10 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) break; nskb->dev = ndev; - if (ether_addr_equal_64bits(hdr->h_dest, - ndev->broadcast)) - nskb->pkt_type = PACKET_BROADCAST; - else - nskb->pkt_type = PACKET_MULTICAST; + eth_skb_pkt_type(nskb, ndev); __netif_rx(nskb); - } else if (rx_sc || ndev->flags & IFF_PROMISC) { + } else if (ndev->flags & IFF_PROMISC) { skb->dev = ndev; skb->pkt_type = PACKET_HOST; ret = RX_HANDLER_ANOTHER;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] x86/tdx: Preserve shared bit on mprotect()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-cesarean-sulfur-8a97@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a0a8d15a798b ("x86/tdx: Preserve shared bit on mprotect()") e45964771007 ("x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Wed, 24 Apr 2024 11:20:35 +0300 Subject: [PATCH] x86/tdx: Preserve shared bit on mprotect() The TDX guest platform takes one bit from the physical address to indicate if the page is shared (accessible by VMM). This bit is not part of the physical_mask and is not preserved during mprotect(). As a result, the 'shared' bit is lost during mprotect() on shared mappings. _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved during modification. AMD includes 'sme_me_mask' in the define to preserve the 'encrypt' bit. To cover both Intel and AMD cases, include 'cc_mask' in _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'. Reported-and-tested-by: Chris Oo <cho(a)microsoft.com> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to support TDX guests") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240424082035.4092071-1-kirill.shutemov%40linu… diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index c086699b0d0c..aa6c8f8ca958 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -25,6 +25,7 @@ u64 cc_mkdec(u64 val); void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) +static const u64 cc_mask = 0; static inline u64 cc_mkenc(u64 val) { diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 0b748ee16b3d..9abb8cc4cd47 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -148,7 +148,7 @@ #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | \ _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) @@ -173,6 +173,7 @@ enum page_cache_mode { }; #endif +#define _PAGE_CC (_AT(pteval_t, cc_mask)) #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042903-compel-crushing-17a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 39d26a8f2efc ("net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:05 -0700 Subject: [PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec mlx5 Rx flow steering and CQE handling enable the driver to be able to update an skb's md_dst attribute as MACsec when MACsec traffic arrives when a device is configured for offloading. Advertise this to the core stack to take advantage of this capability. Cc: stable(a)vger.kernel.org Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-5-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c index b2cabd6ab86c..cc9bcc420032 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c @@ -1640,6 +1640,7 @@ static const struct macsec_ops macsec_offload_ops = { .mdo_add_secy = mlx5e_macsec_add_secy, .mdo_upd_secy = mlx5e_macsec_upd_secy, .mdo_del_secy = mlx5e_macsec_del_secy, + .rx_uses_md_dst = true, }; bool mlx5e_macsec_handle_tx_skb(struct mlx5e_macsec *macsec, struct sk_buff *skb)

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042947-muppet-trivial-6404@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 39d26a8f2efc ("net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:05 -0700 Subject: [PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec mlx5 Rx flow steering and CQE handling enable the driver to be able to update an skb's md_dst attribute as MACsec when MACsec traffic arrives when a device is configured for offloading. Advertise this to the core stack to take advantage of this capability. Cc: stable(a)vger.kernel.org Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-5-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c index b2cabd6ab86c..cc9bcc420032 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c @@ -1640,6 +1640,7 @@ static const struct macsec_ops macsec_offload_ops = { .mdo_add_secy = mlx5e_macsec_add_secy, .mdo_upd_secy = mlx5e_macsec_upd_secy, .mdo_del_secy = mlx5e_macsec_del_secy, + .rx_uses_md_dst = true, }; bool mlx5e_macsec_handle_tx_skb(struct mlx5e_macsec *macsec, struct sk_buff *skb)

1 year, 1 month

1
0
0 0

[PATCH stable,4.19 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 4.19 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 4.19 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 1 month

1
2
0 0

[PATCH stable,5.15 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 5.15 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 5.15 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 1 month

1
2
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042956-tricking-matted-50cf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") a06d9e5a63b7 ("nvmem: sort config symbols alphabetically") 28fc7c986f01 ("nvmem: prefix all symbols with NVMEM_") 5544e90c8126 ("nvmem: core: add error handling for dev_set_name") d5542923f200 ("nvmem: add driver handling U-Boot environment variables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-overture-backlight-50ec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-throwaway-recluse-d3a6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] macsec: Detect if Rx skb is macsec-related for offloading" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 642c984dd0e37dbaec9f87bd1211e5fac1f142bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042923-sufferer-anywhere-76a7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 642c984dd0e3 ("macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 642c984dd0e37dbaec9f87bd1211e5fac1f142bf Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:04 -0700 Subject: [PATCH] macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Can now correctly identify where the packets should be delivered by using md_dst or its absence on devices that provide it. This detection is not possible without device drivers that update md_dst. A fallback pattern should be used for supporting such device drivers. This fallback mode causes multicast messages to be cloned to both the non-macsec and macsec ports, independent of whether the multicast message received was encrypted over MACsec or not. Other non-macsec traffic may also fail to be handled correctly for devices in promiscuous mode. Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/ Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0206b84284ab..ff016c11b4a0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -999,10 +999,12 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) struct metadata_dst *md_dst; struct macsec_rxh_data *rxd; struct macsec_dev *macsec; + bool is_macsec_md_dst; rcu_read_lock(); rxd = macsec_data_rcu(skb->dev); md_dst = skb_metadata_dst(skb); + is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC; list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; @@ -1013,14 +1015,42 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) * the SecTAG, so we have to deduce which port to deliver to. */ if (macsec_is_offloaded(macsec) && netif_running(ndev)) { - struct macsec_rx_sc *rx_sc = NULL; + const struct macsec_ops *ops; - if (md_dst && md_dst->type == METADATA_MACSEC) - rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); + ops = macsec_get_ops(macsec, NULL); - if (md_dst && md_dst->type == METADATA_MACSEC && !rx_sc) + if (ops->rx_uses_md_dst && !is_macsec_md_dst) continue; + if (is_macsec_md_dst) { + struct macsec_rx_sc *rx_sc; + + /* All drivers that implement MACsec offload + * support using skb metadata destinations must + * indicate that they do so. + */ + DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst); + rx_sc = find_rx_sc(&macsec->secy, + md_dst->u.macsec_info.sci); + if (!rx_sc) + continue; + /* device indicated macsec offload occurred */ + skb->dev = ndev; + skb->pkt_type = PACKET_HOST; + eth_skb_pkt_type(skb, ndev); + ret = RX_HANDLER_ANOTHER; + goto out; + } + + /* This datapath is insecure because it is unable to + * enforce isolation of broadcast/multicast traffic and + * unicast traffic with promiscuous mode on the macsec + * netdev. Since the core stack has no mechanism to + * check that the hardware did indeed receive MACsec + * traffic, it is possible that the response handling + * done by the MACsec port was to a plaintext packet. + * This violates the MACsec protocol standard. + */ if (ether_addr_equal_64bits(hdr->h_dest, ndev->dev_addr)) { /* exact match, divert skb to this port */ @@ -1036,14 +1066,10 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) break; nskb->dev = ndev; - if (ether_addr_equal_64bits(hdr->h_dest, - ndev->broadcast)) - nskb->pkt_type = PACKET_BROADCAST; - else - nskb->pkt_type = PACKET_MULTICAST; + eth_skb_pkt_type(nskb, ndev); __netif_rx(nskb); - } else if (rx_sc || ndev->flags & IFF_PROMISC) { + } else if (ndev->flags & IFF_PROMISC) { skb->dev = ndev; skb->pkt_type = PACKET_HOST; ret = RX_HANDLER_ANOTHER;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-reopen-tiara-5796@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") 15f1735520f9 ("macsec: add support for IFLA_MACSEC_OFFLOAD in macsec_changelink") f3b4a00f0f62 ("net: macsec: fix net device access prior to holding a lock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042909-drab-untapped-78a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Use access_width over bit_width for system memory" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2f4a4d63a193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042921-pennant-gumming-5bd3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2f4a4d63a193be6fd530d180bb13c3592052904c Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Fri, 1 Mar 2024 11:25:59 -0800 Subject: [PATCH] ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ [ rjw: Subject and changelog edits, comment adjustments ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..b954ce3638a9 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,8 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +992,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1004,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1028,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1049,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1086,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 05d92ee782eeb7b939bdd0189e6efcab9195bf95 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-fleshed-collide-d77b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 05d92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro") 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") 0651ab90e4ad ("ACPI: CPPC: Check _OSC for flexible address space") c42fa24b4475 ("ACPI: bus: Avoid using CPPC if not supported by firmware") 2ca8e6285250 ("Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"") f684b1075128 ("ACPI: CPPC: Drop redundant local variable from cpc_read()") 5f51c7ce1dc3 ("ACPI: CPPC: Fix up I/O port access in cpc_read()") a2c8f92bea5f ("ACPI: CPPC: Implement support for SystemIO registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 05d92ee782eeb7b939bdd0189e6efcab9195bf95 Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Mon, 8 Apr 2024 22:23:09 -0700 Subject: [PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Commit 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") neglected to properly wrap the bit_offset shift when it comes to applying the mask. This may cause incorrect values to be read and may cause the cpufreq module not be loaded. [ 11.059751] cpu_capacity: CPU0 missing/invalid highest performance. [ 11.066005] cpu_capacity: partial information: fallback to 1024 for all CPUs Also, corrected the bitmask generation in GENMASK (extra bit being added). Fixes: 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ Reviewed-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..00a30ca35e78 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -170,8 +170,8 @@ show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); #define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) /* Shift and apply the mask for CPC reads/writes */ -#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ - GENMASK(((reg)->bit_width), 0))) +#define MASK_VAL(reg, val) (((val) >> (reg)->bit_offset) & \ + GENMASK(((reg)->bit_width) - 1, 0)) static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf)

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-headboard-dweeb-a026@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042943-elves-patrol-347f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") 45df80d7605c ("misc: eeprom: at24: register nvmem only after eeprom is ready to use") 58d6fee50e67 ("misc: eeprom: at24: fix regulator underflow") cd5676db0574 ("misc: eeprom: at24: support pm_runtime control") 1c89074bf850 ("eeprom: at24: remove the write-protect pin support") 69afc4b62308 ("eeprom: at24: sort headers alphabetically") 285be87c79e1 ("eeprom: at24: Improve confusing log message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-smirk-rectal-821f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-payphone-elf-fac2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-resize-urgent-402d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix wrong block_start calculation for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fe1c6c7acce10baf9521d6dccc17268d91ee2305 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042906-stapling-dosage-67ad@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fe1c6c7acce1 ("btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()") 92e1229b204d ("btrfs: tests: test invalid splitting when skipping pinned drop extent_map") f345dbdf2c9c ("btrfs: tests: add a test for btrfs_add_extent_mapping") 89c3760428db ("btrfs: tests: add extent_map tests for dropping with odd layouts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe1c6c7acce10baf9521d6dccc17268d91ee2305 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 9 Apr 2024 20:32:34 +0930 Subject: [PATCH] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() [BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 445f7716f1e2..24a048210b15 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -817,7 +817,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..47b5d301038e 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -847,6 +847,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock);

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] btrfs: fallback if compressed IO fails for ENOSPC" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 131a821a243f89be312ced9e62ccc37b2cf3846c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042924-filling-contact-97aa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 131a821a243f ("btrfs: fallback if compressed IO fails for ENOSPC") a994310aa26f ("btrfs: remove PAGE_SET_ERROR") 99a01bd6388e ("btrfs: use btrfs_inode inside compress_file_range") 99a81a444448 ("btrfs: switch async_chunk::inode to btrfs_inode") fd8d2951f478 ("btrfs: convert extent_io page op defines to enum bits") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 131a821a243f89be312ced9e62ccc37b2cf3846c Mon Sep 17 00:00:00 2001 From: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Date: Sat, 6 Apr 2024 04:45:02 -0400 Subject: [PATCH] btrfs: fallback if compressed IO fails for ENOSPC In commit b4ccace878f4 ("btrfs: refactor submit_compressed_extents()"), if an async extent compressed but failed to find enough space, we changed from falling back to an uncompressed write to just failing the write altogether. The principle was that if there's not enough space to write the compressed version of the data, there can't possibly be enough space to write the larger, uncompressed version of the data. However, this isn't necessarily true: due to fragmentation, there could be enough discontiguous free blocks to write the uncompressed version, but not enough contiguous free blocks to write the smaller but unsplittable compressed version. This has occurred to an internal workload which relied on write()'s return value indicating there was space. While rare, it has happened a few times. Thus, in order to prevent early ENOSPC, re-add a fallback to uncompressed writing. Fixes: b4ccace878f4 ("btrfs: refactor submit_compressed_extents()") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Co-developed-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c65fe5de4022..7fed887e700c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1145,13 +1145,13 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, 0, *alloc_hint, &ins, 1, 1); if (ret) { /* - * Here we used to try again by going back to non-compressed - * path for ENOSPC. But we can't reserve space even for - * compressed size, how could it work for uncompressed size - * which requires larger size? So here we directly go error - * path. + * We can't reserve contiguous space for the compressed size. + * Unlikely, but it's possible that we could have enough + * non-contiguous space for the uncompressed size instead. So + * fall back to uncompressed. */ - goto out_free; + submit_uncompressed_range(inode, async_extent, locked_page); + goto done; } /* Here we're doing allocation and writeback of the compressed pages */ @@ -1203,7 +1203,6 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, out_free_reserve: btrfs_dec_block_group_reservations(fs_info, ins.objectid); btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 1); -out_free: mapping_set_error(inode->vfs_inode.i_mapping, -EIO); extent_clear_unlock_delalloc(inode, start, end, NULL, EXTENT_LOCKED | EXTENT_DELALLOC |

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-boxer-slinky-3da2@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-savanna-reversing-7575@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042953-unstitch-causing-de1d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 1 month

1
0
0 0

[PATCH v3] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..e1c6dffe5f8b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1580,7 +1580,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1743,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4235,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4248,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4334,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4562,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

3
2
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-undone-willow-c057@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042931-rejoice-waving-ec82@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-gap-giant-6499@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042929-repave-emerald-63ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042917-regulate-exquisite-3f14@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042916-rebate-duct-2b7b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-underhand-decorator-fe82@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-serving-venus-b776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042914-scariness-polka-0293@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042912-scholar-flammable-0e87@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") 21f1e2d457ce ("mmc: sdhci-msm: Re-initialize DLL if MCLK is gated dynamically") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042911-librarian-armory-e9db@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-obnoxious-sleep-f776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042950-distaste-resource-3555@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042949-discolor-mop-d6e8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042948-overstuff-untwist-805f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix invalid device address check" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-refract-eraser-aaf8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 32868e126c78 ("Bluetooth: qca: fix invalid device address check") 77f45cca8bc5 ("Bluetooth: qca: fix device-address endianness") 4790a73ace86 ("Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"") 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 16 Apr 2024 11:15:09 +0200 Subject: [PATCH] Bluetooth: qca: fix invalid device address check Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);

1 year, 1 month

1
0
0 0

[PATCH 5.10.y] PM / devfreq: Fix buffer overflow in trans_stat_show

by Jan Kiszka

From: Christian Marangi <ansuelsmth(a)gmail.com> [ Upstream commit 08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 ] Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Link: https://lore.kernel.org/all/20231024183016.14648-2-ansuelsmth@gmail.com/ Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041 Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- Original found by someone at Nvidia. But this backport is based on the 5.15 commit (796d3fad8c35ee9df9027899fb90ceaeb41b958f) where only a conflict in sysfs-class-devfreq needed manual resolution. Documentation/ABI/testing/sysfs-class-devfreq | 3 + drivers/devfreq/devfreq.c | 59 +++++++++++++------ 2 files changed, 43 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq index b8ebff4b1c4c..4514cf9fc7a1 100644 --- a/Documentation/ABI/testing/sysfs-class-devfreq +++ b/Documentation/ABI/testing/sysfs-class-devfreq @@ -66,6 +66,9 @@ Description: echo 0 > /sys/class/devfreq/.../trans_stat + If the transition table is bigger than PAGE_SIZE, reading + this will return an -EFBIG error. + What: /sys/class/devfreq/.../userspace/set_freq Date: September 2011 Contact: MyungJoo Ham <myungjoo.ham(a)samsung.com> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 216594b86119..93df6cef4f5a 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1639,7 +1639,7 @@ static ssize_t trans_stat_show(struct device *dev, struct device_attribute *attr, char *buf) { struct devfreq *df = to_devfreq(dev); - ssize_t len; + ssize_t len = 0; int i, j; unsigned int max_state; @@ -1648,7 +1648,7 @@ static ssize_t trans_stat_show(struct device *dev, max_state = df->profile->max_state; if (max_state == 0) - return sprintf(buf, "Not Supported.\n"); + return scnprintf(buf, PAGE_SIZE, "Not Supported.\n"); mutex_lock(&df->lock); if (!df->stop_polling && @@ -1658,33 +1658,54 @@ static ssize_t trans_stat_show(struct device *dev, } mutex_unlock(&df->lock); - len = sprintf(buf, " From : To\n"); - len += sprintf(buf + len, " :"); - for (i = 0; i < max_state; i++) - len += sprintf(buf + len, "%10lu", - df->profile->freq_table[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, " From : To\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " :"); + for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu", + df->profile->freq_table[i]); + } + if (len >= PAGE_SIZE - 1) + return PAGE_SIZE - 1; - len += sprintf(buf + len, " time(ms)\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " time(ms)\n"); for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; if (df->profile->freq_table[i] == df->previous_freq) { - len += sprintf(buf + len, "*"); + len += scnprintf(buf + len, PAGE_SIZE - len, "*"); } else { - len += sprintf(buf + len, " "); + len += scnprintf(buf + len, PAGE_SIZE - len, " "); + } + if (len >= PAGE_SIZE - 1) + break; + + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu:", + df->profile->freq_table[i]); + for (j = 0; j < max_state; j++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10u", + df->stats.trans_table[(i * max_state) + j]); } - len += sprintf(buf + len, "%10lu:", - df->profile->freq_table[i]); - for (j = 0; j < max_state; j++) - len += sprintf(buf + len, "%10u", - df->stats.trans_table[(i * max_state) + j]); + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10llu\n", (u64) + jiffies64_to_msecs(df->stats.time_in_state[i])); + } + + if (len < PAGE_SIZE - 1) + len += scnprintf(buf + len, PAGE_SIZE - len, "Total transition : %u\n", + df->stats.total_trans); - len += sprintf(buf + len, "%10llu\n", (u64) - jiffies64_to_msecs(df->stats.time_in_state[i])); + if (len >= PAGE_SIZE - 1) { + pr_warn_once("devfreq transition table exceeds PAGE_SIZE. Disabling\n"); + return -EFBIG; } - len += sprintf(buf + len, "Total transition : %u\n", - df->stats.total_trans); return len; } -- 2.35.3

1 year, 1 month

2
1
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042320-angled-goldmine-2cd7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") 2820b0f09be9 ("hugetlbfs: close race between MADV_DONTNEED and page fault") b5df09226450 ("mm: set up vma iterator for vma_iter_prealloc() calls") f72cf24a8686 ("mm: use vma_iter_clear_gfp() in nommu") da0892547b10 ("maple_tree: re-introduce entry to mas_preallocate() arguments") fd892593d44d ("mm: change do_vmi_align_munmap() tracking of VMAs to remove") 5502ea44f5ad ("mm/hugetlb: add page_mask for hugetlb_follow_page_mask()") dd767aaa2fc8 ("mm/hugetlb: handle FOLL_DUMP well in follow_page_mask()") 1279aa0656bb ("mm: make show_free_areas() static") 408579cd627a ("mm: Update do_vmi_align_munmap() return semantics") e4bd84c069f2 ("mm: Always downgrade mmap_lock if requested") 43ec8a620b38 ("Merge tag 'unmap-fix-20230629' of git://git.infradead.org/users/dwmw2/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 1 month

3
2
0 0

[PATCH 5.15,5.10,5.4,4.19 0/2] Fix warning when tracing with large filenames

by Thadeu Lima de Souza Cascardo

The warning described on patch "tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together" can be triggered with a perf probe on do_execve with a large path. As PATH_MAX is larger than PERF_MAX_TRACE_SIZE (2048 before the patch), the warning will trigger. The fix was included in 5.16, so backporting to 5.15 and earlier LTS kernels. Also included is a patch that better describes the attempted allocation size. -- 2.34.1

1 year, 1 month

2
4
0 0

FAILED: patch "[PATCH] virtio_net: Do not send RSS key if it is not supported" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041414-humming-alarm-eb41@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 059a49aa2e25 ("virtio_net: Do not send RSS key if it is not supported") fb6e30a72539 ("net: ethtool: pass a pointer to parameters to get/set_rxfh ethtool ops") 02cbfba1add5 ("idpf: add ethtool callbacks") a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") 3a8845af66ed ("idpf: add RX splitq napi poll support") c2d548cad150 ("idpf: add TX splitq napi poll support") 6818c4d5b3c2 ("idpf: add splitq start_xmit") d4d558718266 ("idpf: initialize interrupts and enable vport") 95af467d9a4e ("idpf: configure resources for RX queues") 1c325aac10a8 ("idpf: configure resources for TX queues") ce1b75d0635c ("idpf: add ptypes and MAC filter support") 0fe45467a104 ("idpf: add create vport and netdev configuration") 4930fbf419a7 ("idpf: add core init and interrupt request") 8077c727561a ("idpf: add controlq init and reset checks") e850efed5e15 ("idpf: add module register and probe functionality") b9335a757232 ("net/mlx5e: Make flow classification filters static") 4cab498f33f7 ("hv_netvsc: Allocate rx indirection table size dynamically") 4f3ed1293feb ("ixgbe: Allow flow hash to be set via ethtool") 2b30f8291a30 ("net: ethtool: add support for MAC Merge layer") 8580e16c28f3 ("net/ethtool: add netlink interface for the PLCA RS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Wed, 3 Apr 2024 08:43:12 -0700 Subject: [PATCH] virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Reviewed-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..115c3c5414f2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,28 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) - memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); - virtnet_commit_rss_command(vi); + if (rxfh->key) { + /* If either _F_HASH_REPORT or _F_RSS are negotiated, the + * device provides hash calculation capabilities, that is, + * hash_key is configured. + */ + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } + + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4745,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));

1 year, 1 month

3
2
0 0

[Patch 5.4.y] net/mlx5e: Fix a race in command alloc flow

by Samasth Norway Ananda

From: Shifeng Li <lishifeng(a)sangfor.com.cn> [ Upstream commit 8f5100da56b3980276234e812ce98d8f075194cd ] Fix a cmd->ent use after free due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process allocated a ent->idx but didn't set ent to cmd->ent_arr in cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into the spin lock. [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 [70013.081968] [70013.082028] Workqueue: events aer_isr [70013.082053] Call Trace: [70013.082067] dump_stack+0x8b/0xbb [70013.082086] print_address_description+0x6a/0x270 [70013.082102] kasan_report+0x179/0x2c0 [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] [70013.082409] pci_device_remove+0xf3/0x280 [70013.082439] device_release_driver_internal+0x1c3/0x470 [70013.082453] pci_stop_bus_device+0x109/0x160 [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 [70013.082485] pcie_do_fatal_recovery+0x167/0x550 [70013.082493] aer_isr+0x7d2/0x960 [70013.082543] process_one_work+0x65f/0x12d0 [70013.082556] worker_thread+0x87/0xb50 [70013.082571] kthread+0x2e9/0x3a0 [70013.082592] ret_from_fork+0x1f/0x40 The logical relationship of this error is as follows: aer_recover_work | ent->work -------------------------------------------+------------------------------ aer_recover_work_func | |- pcie_do_recovery | |- report_error_detected | |- mlx5_pci_err_detected |cmd_work_handler |- mlx5_enter_error_state | |- cmd_alloc_index |- enter_error_state | |- lock cmd->alloc_lock |- mlx5_cmd_flush | |- clear_bit |- mlx5_cmd_trigger_completions| |- unlock cmd->alloc_lock |- lock cmd->alloc_lock | |- vector = ~dev->cmd.vars.bitmask |- for_each_set_bit | |- cmd_ent_get(cmd->ent_arr[i]) (UAF) |- unlock cmd->alloc_lock | |- cmd->ent_arr[ent->idx]=ent The cmd->ent_arr[ent->idx] assignment and the bit clearing are not protected by the cmd->alloc_lock in cmd_work_handler(). Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Shifeng Li <lishifeng(a)sangfor.com.cn> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> [Samasth: backport for 5.4.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: drivers/net/ethernet/mellanox/mlx5/core/cmd.c conflict caused due to the absence of commit 58db72869a9f ("net/mlx5: Re-organize mlx5_cmd struct") which is structural change of code and is not necessary for this patch. --- commit: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") is present from linux-5.4.y onwards but the current commit which fixes it is only present from linux-6.1.y. Would be nice to get an opinion from the author or maintainer. --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 93a6597366f5..ebf5b30b2100 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -114,15 +114,18 @@ static u8 alloc_token(struct mlx5_cmd *cmd) return token; } -static int cmd_alloc_index(struct mlx5_cmd *cmd) +static int cmd_alloc_index(struct mlx5_cmd *cmd, struct mlx5_cmd_work_ent *ent) { unsigned long flags; int ret; spin_lock_irqsave(&cmd->alloc_lock, flags); ret = find_first_bit(&cmd->bitmask, cmd->max_reg_cmds); - if (ret < cmd->max_reg_cmds) + if (ret < cmd->max_reg_cmds) { clear_bit(ret, &cmd->bitmask); + ent->idx = ret; + cmd->ent_arr[ent->idx] = ent; + } spin_unlock_irqrestore(&cmd->alloc_lock, flags); return ret < cmd->max_reg_cmds ? ret : -ENOMEM; @@ -905,7 +908,7 @@ static void cmd_work_handler(struct work_struct *work) sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { - alloc_ret = cmd_alloc_index(cmd); + alloc_ret = cmd_alloc_index(cmd, ent); if (alloc_ret < 0) { mlx5_core_err(dev, "failed to allocate command entry\n"); if (ent->callback) { @@ -920,15 +923,14 @@ static void cmd_work_handler(struct work_struct *work) up(sem); return; } - ent->idx = alloc_ret; } else { ent->idx = cmd->max_reg_cmds; spin_lock_irqsave(&cmd->alloc_lock, flags); clear_bit(ent->idx, &cmd->bitmask); + cmd->ent_arr[ent->idx] = ent; spin_unlock_irqrestore(&cmd->alloc_lock, flags); } - cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); -- 2.43.0

1 year, 1 month

2
1
0 0

Backport request for [PATCH 0/3] selftests/seccomp seccomp_bpf test fixes

by Terry Tritton

Please backport the following fixes for selftest/seccomp. I forgot to send the original patches to the stable list! They resolve some edge cases in the testing. commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 selftests/seccomp: user_notification_addfd check nextfd is available commit: 471dbc547612adeaa769e48498ef591c6c95a57a selftests/seccomp: Change the syscall used in KILL_THREAD test commit: ecaaa55c9fa5e8058445a8b891070b12208cdb6d selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Please backport to 6.6 onwards. Thanks, Terry.

1 year, 1 month

2
1
0 0

Re: [6.6.y] "selftests/bpf: Add netkit to tc_redirect selftest" needs to be reverted

by Geliang Tang

cc stable(a)vger.kernel.org On Fri, 2024-04-26 at 10:50 +0200, Greg Kroah-Hartman wrote: > Hi, > > This is the friendly email-bot of Greg Kroah-Hartman's inbox. I've > detected that you have sent him a direct question that might be > better > sent to a public mailing list which is much faster in responding to > questions than Greg normally is. > > Please try asking one of the following mailing lists for your > questions: > > For udev and hotplug related questions, please ask on the > linux-hotplug(a)vger.kernel.org mailing list > > For USB related questions, please ask on the > linux-usb(a)vger.kernel.org > mailing list > > For PCI related questions, please ask on the > linux-pci(a)vger.kernel.org or linux-kernel(a)vger.kernel.org mailing > lists > > For serial and tty related questions, please ask on the > linux-serial(a)vger.kernel.org mailing list. > > For staging tree related questions, please ask on the > linux-staging(a)lists.linux.dev mailing list. > > For general kernel related questions, please ask on the > kernelnewbies(a)nl.linux.org or linux-kernel(a)vger.kernel.org mailing > lists, depending on the type of question. More basic, beginner > questions are better asked on the kernelnewbies list, after reading > the wiki at www.kernelnewbies.org. > > For Linux stable and longterm kernel release questions or patches > to > be included in the stable or longterm kernel trees, please email > stable(a)vger.kernel.org and Cc: the linux-kernel(a)vger.kernel.org > mailing list so all of the stable kernel developers can be > notified. > Also please read Documentation/process/stable-kernel-rules.rst in > the > Linux kernel tree for the proper procedure to get patches accepted > into the stable or longterm kernel releases. > > If you really want to ask Greg the question, please read the > following > two links as to why emailing a single person directly is usually not > a > good thing, and causes extra work on a single person: > http://www.arm.linux.org.uk/news/?newsitem=11 > http://www.eyrie.org/~eagle/faqs/questions.html > > After reading those messages, and you still feel that you want to > email > Greg instead of posting on a mailing list, then resend your message > within 24 hours and it will go through to him. But be forewarned, > his > email inbox currently looks like: > 912 messages in /home/greg/mail/INBOX/ > so it might be a while before he gets to the message. > > Thank you for your understanding. > > The email triggering this response has been automatically discarded. > > thanks, > > greg k-h's email bot

1 year, 1 month

2
3
0 0

v5.15 backport request

by Ard Biesheuvel

Please consider the commits below for backporting to v5.15. These patches are prerequisites for the backport of the x86 EFI stub refactor that is needed for distros to sign v5.15 images for secure boot in a way that complies with new MS requirements for memory protections while running in the EFI firmware. All patches either predate v6.1 or have been backported to it already. The remaining ~50 changes will be posted as a patch series in due time, as they will not apply cleanly to v5.15. Please apply in the order that they appear below. Thanks, Ard. 44f155b4b07b8293472c9797d5b39839b91041ca 4da87c51705815fe1fbd41cc61640bb80da5bc54 7c4146e8885512719a50b641e9277a1712e052ff 176db622573f028f85221873ea4577e096785315 950d00558a920227b5703d1fcc4751cfe03853cd ec1c66af3a30d45c2420da0974c01d3515dba26e a9ee679b1f8c3803490ed2eeffb688aaee56583f 3ba75c1316390b2bc39c19cb8f0f85922ab3f9ed 82e0d6d76a2a74bd6a31141d555d53b4cc22c2a3 31f1a0edff78c43e8a3bd3692af0db1b25c21b17 9cf42bca30e98a1c6c9e8abf876940a551eaa3d1 cb8bda8ad4438b4bcfcf89697fc84803fb210017 e2ab9eab324cdf240de89741e4a1aa79919f0196 5c3a85f35b583259cf5ca0344cd79c8899ba1bb7 91592b5c0c2f076ff9d8cc0c14aa563448ac9fc4 73a6dec80e2acedaef3ca603d4b5799049f6e9f8 7f22ca396778fea9332d83ec2359dbe8396e9a06 4b52016247aeaa55ca3e3bc2e03cd91114c145c2 630f337f0c4fd80390e8600adcab31550aea33df db14655ad7854b69a2efda348e30d02dbc19e8a1 bad267f9e18f8e9e628abd1811d2899b1735a4e1 62b71cd73d41ddac6b1760402bbe8c4932e23531 cc3fdda2876e58a7e83e558ab51853cf106afb6a d2d7a54f69b67cd0a30e0ebb5307cb2de625baac

1 year, 1 month

3
5
0 0

Linux 6.1.89

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.89 kernel. Only users of the 6.1 kernel series that had build problems with 6.1.88 need to upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm/mach-omap2/pdata-quirks.c | 10 ----- sound/soc/ti/omap3pandora.c | 63 +++++++++++++++++++++++-------------- 3 files changed, 41 insertions(+), 34 deletions(-) Greg Kroah-Hartman (2): Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors" Linux 6.1.89

1 year, 1 month

1
1
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 1 month

1
0
0 0

[PATCH 6.1 000/141] 6.1.88-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.88 release. There are 141 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.88-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.88-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mux: Propagate struct device for mtk-mux AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Propagate struct device for composites AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Propagate struct device for gate clocks AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Correctly unregister and free clocks on failure Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Yu Zhe <yuzhe(a)nfschina.com> clk: remove unnecessary (void*) conversions Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Rob Herring <robh(a)kernel.org> ARM: davinci: Drop unused includes Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Add support for PCIe Gen5 devices Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Use normal comment style Niklas Schnelle <schnelle(a)linux.ibm.com> PCI: Make quirk using inw() depend on HAS_IOPORT Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Execute quirk_enable_clear_retrain_link() earlier Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add debug log for link controller power quirk Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Log function name of the called quirk Arnd Bergmann <arnd(a)arndb.de> x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Mike Pastore <mike(a)oobak.org> PCI: Delay after FLR of Solidigm P44 Pro NVMe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() David Yang <mmyangfl(a)gmail.com> HID: kye: Sort kye devices Alvaro Karsz <alvaro.karsz(a)solid-run.com> PCI: Avoid FLR for SolidRun SNET DPU rev 1 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: OMAP2+: pdata-quirks: stop including wl12xx.h Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: omap2: n8x0: stop instantiating codec platform data Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Add missing __head annotation to startup_64_load_idt() Pasha Tatashin <pasha.tatashin(a)soleen.com> x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Increase section and file alignment to 4k/512 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Split off PE/COFF .data section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop PE/COFF .reloc section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Construct PE/COFF .text section from assembler Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Derive file size from _edata symbol Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Define setup size in linker script Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Set EFI handover offset directly in header asm Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Grab kernel_info offset from zoffset header directly Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop references to startup_64 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop redundant code setting the root device Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Omit compression buffer from PE/COFF image memory footprint Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Remove the 'bugger off' message Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop alignment flags from PE section headers Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Disregard setup header of loaded image Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop EFI stub .bss from .data section Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: fix incorrect active rb bitmap for gfx11 Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-davinci/pdata-quirks.c | 2 +- arch/arm/mach-omap2/board-n8x0.c | 5 - arch/arm/mach-omap2/common-board-devices.h | 2 - arch/arm/mach-omap2/pdata-quirks.c | 12 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 +++++++--------- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 +-------------------- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/page_types.h | 12 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kernel/head64.c | 7 +- arch/x86/kernel/platform-quirks.c | 1 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 11 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- arch/x86/mm/mem_encrypt_boot.S | 4 +- arch/x86/mm/mem_encrypt_identity.c | 58 ++--- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pti.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 201 +++++++++++---- drivers/clk/mediatek/clk-gate.c | 23 +- drivers/clk/mediatek/clk-gate.h | 7 +- drivers/clk/mediatek/clk-mt2701-aud.c | 4 +- drivers/clk/mediatek/clk-mt2701-eth.c | 4 +- drivers/clk/mediatek/clk-mt2701-g3d.c | 2 +- drivers/clk/mediatek/clk-mt2701-hif.c | 4 +- drivers/clk/mediatek/clk-mt2701-mm.c | 4 +- drivers/clk/mediatek/clk-mt2701.c | 22 +- drivers/clk/mediatek/clk-mt2712-mm.c | 4 +- drivers/clk/mediatek/clk-mt2712.c | 24 +- drivers/clk/mediatek/clk-mt6765.c | 13 +- drivers/clk/mediatek/clk-mt6779-mm.c | 4 +- drivers/clk/mediatek/clk-mt6779.c | 21 +- drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 +- drivers/clk/mediatek/clk-mt6795-mm.c | 3 +- drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 +- drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 +- drivers/clk/mediatek/clk-mt6797-mm.c | 4 +- drivers/clk/mediatek/clk-mt6797.c | 7 +- drivers/clk/mediatek/clk-mt7622-aud.c | 4 +- drivers/clk/mediatek/clk-mt7622-eth.c | 8 +- drivers/clk/mediatek/clk-mt7622-hif.c | 8 +- drivers/clk/mediatek/clk-mt7622.c | 22 +- drivers/clk/mediatek/clk-mt7629-eth.c | 7 +- drivers/clk/mediatek/clk-mt7629-hif.c | 8 +- drivers/clk/mediatek/clk-mt7629.c | 18 +- drivers/clk/mediatek/clk-mt7986-eth.c | 10 +- drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 +- drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 +- drivers/clk/mediatek/clk-mt8135.c | 18 +- drivers/clk/mediatek/clk-mt8167-aud.c | 2 +- drivers/clk/mediatek/clk-mt8167-img.c | 2 +- drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 +- drivers/clk/mediatek/clk-mt8167-mm.c | 4 +- drivers/clk/mediatek/clk-mt8167-vdec.c | 3 +- drivers/clk/mediatek/clk-mt8167.c | 12 +- drivers/clk/mediatek/clk-mt8173-mm.c | 4 +- drivers/clk/mediatek/clk-mt8173.c | 34 +-- drivers/clk/mediatek/clk-mt8183-audio.c | 4 +- drivers/clk/mediatek/clk-mt8183-mm.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 36 +-- drivers/clk/mediatek/clk-mt8186-mcu.c | 3 +- drivers/clk/mediatek/clk-mt8186-mm.c | 3 +- drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8192-aud.c | 3 +- drivers/clk/mediatek/clk-mt8192-mm.c | 3 +- drivers/clk/mediatek/clk-mt8192.c | 88 +++++-- drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 +- drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 +- drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 +- drivers/clk/mediatek/clk-mt8365-mm.c | 5 +- drivers/clk/mediatek/clk-mt8365.c | 14 +- drivers/clk/mediatek/clk-mt8516-aud.c | 2 +- drivers/clk/mediatek/clk-mt8516.c | 12 +- drivers/clk/mediatek/clk-mtk.c | 127 +++++++++- drivers/clk/mediatek/clk-mtk.h | 13 +- drivers/clk/mediatek/clk-mux.c | 14 +- drivers/clk/mediatek/clk-mux.h | 3 +- drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++-- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 80 ++++-- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_vma.c | 42 +++- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/hid/hid-ids.h | 2 +- drivers/hid/hid-kye.c | 66 ++--- drivers/hid/hid-quirks.c | 6 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 58 +++-- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++-- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 70 +++++- drivers/pci/switch/switchtec.c | 158 +++++++----- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/thunderbolt/quirks.c | 2 + drivers/thunderbolt/switch.c | 50 +++- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/stm32-usart.c | 13 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 123 +++++----- drivers/usb/host/pci-quirks.h | 14 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 +++ fs/nilfs2/dir.c | 2 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/linux/bootconfig.h | 7 +- include/linux/pci.h | 5 + include/linux/pci_ids.h | 2 + include/linux/switchtec.h | 1 + include/linux/usb/hcd.h | 5 +- include/linux/usb/quirks.h | 3 + include/net/dsa.h | 8 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 16 +- lib/bootconfig.c | 19 +- mm/memory-failure.c | 18 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 199 files changed, 2147 insertions(+), 1497 deletions(-)

1 year, 1 month

16
163
0 0

[PATCH v1] usb: typec: tcpm: enforce ready state when queueing alt mode vdm

by RD Babiera

Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..6fa1601ac259 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, TCPC_TX_SOP); mutex_unlock(&port->lock); base-commit: 684e9f5f97eb4b7831298ffad140d5c1d426ff27 -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

2
3
0 0

[REGRESSION] Serious regression on 6.1.x-stable caused by "bounds: support non-power-of-two CONFIG_NR_CPUS"

by Mikhail Novosyolov

Hello, colleagues. Commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a "bounds: support non-power-of-two CONFIG_NR_CPUS" (https://github.com/torvalds/linux/commit/f2d5dcb48f7ba9e3ff249d58fc1fa963d3…) was backported to 6.1.x-stable (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…), but causes a serious regression on quite a lot of hardware with AMD GPUs, kernel panics. It was backported to 6.1.84, 6.1.84 has problems, 6.1.83 does not, the newest 6.1.88 still has this problem. The problem is described here: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 #regzbot introduced: 428ca0000f0abd5c99354c52a36becf2b815ca21

1 year, 1 month

1
0
0 0

[PATCH 1/1] serial: sc16is7xx: announce support of SER_RS485_RTS_ON_SEND

by Konstantin Pugin

From: Konstantin Pugin <ria.freelander(a)gmail.com> When specifying flag SER_RS485_RTS_ON_SEND in RS485 configuration, we get the following warning after commit 4afeced55baa ("serial: core: fix sanitizing check for RTS settings"): invalid RTS setting, using RTS_AFTER_SEND instead This results in SER_RS485_RTS_AFTER_SEND being set and the driver always write to the register field SC16IS7XX_EFCR_RTS_INVERT_BIT, which breaks some hardware using these chips. The hardware supports both RTS_ON_SEND and RTS_AFTER_SEND modes, so fix this by announcing support for RTS_ON_SEND. Cc: stable(a)vger.kernel.org Fixes: 267913ecf737 ("serial: sc16is7xx: Fill in rs485_supported") Tested-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Konstantin Pugin <ria.freelander(a)gmail.com> --- drivers/tty/serial/sc16is7xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..dfcc804f558f 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1449,7 +1449,7 @@ static int sc16is7xx_setup_mctrl_ports(struct sc16is7xx_port *s, } static const struct serial_rs485 sc16is7xx_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_AFTER_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, .delay_rts_before_send = 1, .delay_rts_after_send = 1, /* Not supported but keep returning -EINVAL */ }; -- 2.44.0

1 year, 1 month

1
0
0 0

[PATCH v3] Input: xen-kbdfront - drop keys to shrink modalias

by Jason Andryuk

xen kbdfront registers itself as being able to deliver *any* key since it doesn't know what keys the backend may produce. Unfortunately, the generated modalias gets too large and uevent creation fails with -ENOMEM. This can lead to gdm not using the keyboard since there is no seat associated [1] and the debian installer crashing [2]. Trim the ranges of key capabilities by removing some BTN_* ranges. While doing this, some neighboring undefined ranges are removed to trim it further. An upper limit of KEY_KBD_LCD_MENU5 is still too large. Use an upper limit of KEY_BRIGHTNESS_MENU. This removes: BTN_DPAD_UP(0x220)..BTN_DPAD_RIGHT(0x223) Empty space 0x224..0x229 Empty space 0x28a..0x28f KEY_MACRO1(0x290)..KEY_MACRO30(0x2ad) KEY_MACRO_RECORD_START 0x2b0 KEY_MACRO_RECORD_STOP 0x2b1 KEY_MACRO_PRESET_CYCLE 0x2b2 KEY_MACRO_PRESET1(0x2b3)..KEY_MACRO_PRESET3(0xb5) Empty space 0x2b6..0x2b7 KEY_KBD_LCD_MENU1(0x2b8)..KEY_KBD_LCD_MENU5(0x2bc) Empty space 0x2bd..0x2bf BTN_TRIGGER_HAPPY(0x2c0)..BTN_TRIGGER_HAPPY40(0x2e7) Empty space 0x2e8..0x2ff The modalias shrinks from 2082 to 1550 bytes. A chunk of keys need to be removed to allow the keyboard to be used. This may break some functionality, but the hope is these macro keys are uncommon and don't affect any users. [1] https://github.com/systemd/systemd/issues/22944 [2] https://lore.kernel.org/xen-devel/87o8dw52jc.fsf@vps.thesusis.net/T/ Cc: Phillip Susi <phill(a)thesusis.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Mattijs Korpershoek <mkorpershoek(a)baylibre.com> --- v3: Add Mattijs R-b Put /* and */ on separate lines --- drivers/input/misc/xen-kbdfront.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/input/misc/xen-kbdfront.c b/drivers/input/misc/xen-kbdfront.c index 67f1c7364c95..d59ba8f9852e 100644 --- a/drivers/input/misc/xen-kbdfront.c +++ b/drivers/input/misc/xen-kbdfront.c @@ -256,7 +256,16 @@ static int xenkbd_probe(struct xenbus_device *dev, __set_bit(EV_KEY, kbd->evbit); for (i = KEY_ESC; i < KEY_UNKNOWN; i++) __set_bit(i, kbd->keybit); - for (i = KEY_OK; i < KEY_MAX; i++) + /* + * In theory we want to go KEY_OK..KEY_MAX, but that grows the + * modalias line too long. There is a gap of buttons from + * BTN_DPAD_UP..BTN_DPAD_RIGHT and KEY_ALS_TOGGLE is the next + * defined. Then continue up to KEY_BRIGHTNESS_MENU as an upper + * limit. + */ + for (i = KEY_OK; i < BTN_DPAD_UP; i++) + __set_bit(i, kbd->keybit); + for (i = KEY_ALS_TOGGLE; i <= KEY_BRIGHTNESS_MENU; i++) __set_bit(i, kbd->keybit); ret = input_register_device(kbd); -- 2.41.0

1 year, 1 month

2
5
0 0

[PATCH v2] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..454165776797 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4234,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4247,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4333,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4561,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

1
1
0 0

[PATCH v1] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: [17514.377076][ T275] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 [17514.378270][ T275] pc : run_state_machine+0x1bc8/0x1c08 [17514.378286][ T275] lr : run_state_machine+0x1b90/0x1c08 .. [17514.378377][ T275] Call trace: [17514.378381][ T275] run_state_machine+0x1bc8/0x1c08 [17514.378388][ T275] tcpm_state_machine_work+0x94/0xe4 [17514.378396][ T275] kthread_worker_fn+0x118/0x328 [17514.378406][ T275] kthread+0x1d0/0x23c [17514.378412][ T275] ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..8a4fa8d875c6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (IS_ERR_OR_NULL(port->partner)) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4244,7 +4247,8 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner = typec_register_partner(port->typec_port, &port->partner_desc); port->connected = true; - typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,8 +4327,10 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + } port->partner = NULL; port->connected = false; } @@ -4549,6 +4555,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (IS_ERR_OR_NULL(port->partner)) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 1 month

2
2
0 0

[PATCH 5.15 000/476] 5.15.149-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.149 release. There are 476 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.149-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.149-rc1 Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Ignore End Transfer delay on teardown Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Execute gadget stop after halting the controller Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't delay End Transfer on delayed_status Peter Suti <peter.suti(a)streamunlimited.com> staging: fbtft: core: set smem_len before fb_deferred_io_init call Kees Cook <keescook(a)chromium.org> smb3: Replace smb2pdu 1-element arrays with flex-arrays Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add null pointer checks Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Fix EEE implementation Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack" Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Douglas Anderson <dianders(a)chromium.org> PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities Miguel Ojeda <ojeda(a)kernel.org> scripts: decode_stacktrace: demangle Rust symbols Schspa Shi <schspa(a)gmail.com> scripts/decode_stacktrace.sh: support old bash version Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred IO before closing Takashi Iwai <tiwai(a)suse.de> fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() Takashi Iwai <tiwai(a)suse.de> fbdev: Fix invalid page access after closing deferred I/O devices Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Rename pagelist to pagereflist for deferred I/O Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Track deferred-I/O pages in pageref struct Chuansheng Liu <chuansheng.liu(a)intel.com> fbdev: defio: fix the pagelist corruption Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Don't sort deferred-I/O pages by default Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/defio: Early-out if page is already enlisted Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: 8250_exar: Set missing rs485_supported flag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_exar: Fill in rs485_supported Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Queue PM runtime idle on disconnect event Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Handle EP0 request dequeuing properly Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Submit endxfer command if delayed during disconnect Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Force sending delayed status during soft disconnect Mayank Rana <quic_mrana(a)quicinc.com> usb: dwc3: Fix ep0 handling when getting reset while doing control transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Delay issuing End Transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Only End Transfer for ep0 data phase Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't prepare beyond Setup stage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> mwifiex: Select firmware based on strapping Christian König <christian.koenig(a)amd.com> dma-buf: add dma_fence_timestamp helper Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Remove i801_set_block_buffer_mode Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_rbtree: skip end interval element from gc Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Justin Stitt <justinstitt(a)google.com> drivers: lkdtm: fix clang -Wformat warning Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: Fix multiple memory leaks reported by coverity Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Johan Hovold <johan+linaro(a)kernel.org> ASoC: codecs: lpass-wsa-macro: fix compander volume hack Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use-after-free vulnerability Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for shadow call stack Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix available tunnels detection Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Linus Lüssing <linus.luessing(a)c0d3.blue> bridge: mcast: fix disabled snooping after long uptime Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Eric Dumazet <edumazet(a)google.com> tcp: add sanity checks to rx zerocopy Eric Dumazet <edumazet(a)google.com> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Eric Dumazet <edumazet(a)google.com> ip6_tunnel: use dev_sw_netstats_rx_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: give more time for GRO aggregation Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Stephen Rothwell <sfr(a)canb.auug.org.au> drm: using mul_u32_u32() requires linux/math64.h Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix lock dependency warning Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix 64GT/s effective data rate calculation Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Adrian Reber <areber(a)redhat.com> tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix linker script asserts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro James Clark <james.clark(a)arm.com> perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Xiaowu.ding <xiaowu.ding(a)jaguarmicro.com> mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com> xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time corruption Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Alexander Stein <alexander.stein(a)ew.tq-group.com> clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Werner Fischer <devlists(a)wefi.net> watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Wang, Beyond <Wang.Beyond(a)amd.com> drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Fix hblank min/max values Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during block migration Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Drop IRQF_SHARED Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix write pointers on zoned device after roll forward Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Fix tiled display misalignment Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Refer to correct stream index at loops Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Andrii Staikov <andrii.staikov(a)intel.com> i40e: Fix VF disable behavior to block all traffic Lin Ma <linma(a)zju.edu.cn> bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix possible multiple reject send Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Mingyi Zhang <zhangmingyi5(a)huawei.com> libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Tobias Waldekranz <tobias(a)waldekranz.com> net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25: Fix the iim compatible string Kees Cook <keescook(a)chromium.org> block/rnbd-srv: Check for unlikely string overflow Shannon Nelson <shannon.nelson(a)amd.com> ionic: pass opcode to devcmd_wait Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hou Tao <houtao1(a)huawei.com> bpf: Set uattr->batch.count as zero before batched update or deletion Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports ching Huang <ching2048(a)areca.com.tw> scsi: arcmsr: Support new PCI device IDs 1883 and 1886 Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Yafang Shao <laoar.shao(a)gmail.com> selftests/bpf: Fix issues in setup_classid_environment() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Arnd Bergmann <arnd(a)arndb.de> arch: consolidate arch_irq_work_raise prototypes Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix cptvf driver cleanup Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Mukesh Ojha <quic_mojha(a)quicinc.com> PM / devfreq: Synchronize devfreq_monitor_[start/stop] Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Andrzej Hajda <andrzej.hajda(a)intel.com> debugobjects: Stop accessing objects after releasing hash bucket lock Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Jun'ichi Nomura <junichi.nomura(a)nec.com> x86/boot: Ignore NMIs during very early boot Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Mark Rutland <mark.rutland(a)arm.com> drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for VMAP stack Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Li Lingfeng <lilingfeng3(a)huawei.com> block: Move checking GENHD_FL_NO_PART to bdev_add_partition() Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Markus Niebel <Markus.Niebel(a)ew.tq-group.com> drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Refine computation of P-state for given frequency Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call Lin Ma <linma(a)zju.edu.cn> ksmbd: fix global oob in ksmbd_nl_policy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Josef Bacik <josef(a)toxicpanda.com> btrfs: add definition for EXTENT_TREE_V2 Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Charan Teja Kalla <quic_charante(a)quicinc.com> mm/sparsemem: fix race in accessing memory_section->usage Rolf Eike Beer <eb(a)emlix.com> mm: use __pfn_to_section() instead of open coding it Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB wakeup interrupt types Lukas Schauer <lukas(a)schauer.dev> pipe: wakeup wr_wait after setting max_usage Max Kellermann <max.kellermann(a)ionos.com> fs/pipe: move check to pipe_has_watch_queue() Krishna chaitanya chundru <quic_krichai(a)quicinc.com> bus: mhi: host: Add alignment check for event ring read pointer Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: Rename "struct mhi_tre" to "struct mhi_ring_element" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix possible deadlocks in core system-wide PM code Li zeming <zeming(a)nfschina.com> PM: core: Remove unnecessary (void *) conversions Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix atomic_flush check Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Dave Chinner <dchinner(a)redhat.com> xfs: read only mounts with fsopen mount API are busted Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Check mailbox/SMT channel for consistency Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix a memory corruption Bernd Edlinger <bernd.edlinger(a)hotmail.de> exec: Fix error handling in begin_new_exec() Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Omar Sandoval <osandov(a)fb.com> btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between reading a directory and adding entries to it Filipe Manana <fdmanana(a)suse.com> btrfs: refresh dir last index during a rewinddir(3) call Filipe Manana <fdmanana(a)suse.com> btrfs: set last dir index to the current last index when opening dir Filipe Manana <fdmanana(a)suse.com> btrfs: fix infinite directory reads Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: fix the udp_tunnel_nic test Jenishkumar Maheshbhai Patel <jpatel2(a)marvell.com> net: mvpp2: clear BM pool before initialization Bernd Edlinger <bernd.edlinger(a)hotmail.de> net: stmmac: Wait a bit for the reset to take effect Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Florian Westphal <fw(a)strlen.de> netfilter: nft_limit: reject configurations that cause integer overflow Kees Cook <keescook(a)chromium.org> overflow: Allow mixed type arguments Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/mlx5e: fix a potential double-free in fs_any_create_groups Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Can't go to uplink vport on RX rule Shun Hao <shunh(a)nvidia.com> net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Zhengchao Shao <shaozhengchao(a)huawei.com> ipv6: init the accept_queue's spinlocks in inet6_create Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Wait for FLR to complete during probe Zhengchao Shao <shaozhengchao(a)huawei.com> tcp: make sure init the accept_queue's spinlocks once Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Add missing set_freezable() for freezable kthread Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send lease break notification on FILE_RENAME_INFORMATION Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't increment epoch if current state and request state are same Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential circular locking issue in smb2_set_ea() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease version on lease upgrade Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Mario Limonciello <mario.limonciello(a)amd.com> rtc: Adjust failure return code for cmos_set_alarm() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mmc: mmc_spi: remove custom DMA mapped buffers Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Vegard Nossum <vegard.nossum(a)oracle.com> scripts/get_abi: fix source path leak Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180: fix USB wakeup interrupt types Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Introduce async_schedule_dev_nocall() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Split async_schedule_node_domain() Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Bhaumik Bhatt <bbhatt(a)codeaurora.org> bus: mhi: host: Add spinlock to protect WP access when queueing TREs Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Drop chan lock before queuing buffers Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Bingbu Cao <bingbu.cao(a)intel.com> media: ov9734: Enable runtime PM before registering async sub-device Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Bingbu Cao <bingbu.cao(a)intel.com> media: imx355: Enable runtime PM before registering async sub-device Herbert Xu <herbert(a)gondor.apana.org.au> crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names David Disseldorp <ddiss(a)suse.de> btrfs: sysfs: validate scrub_speed_max value Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Simplify power management during async scan Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: fix NULL pointer in channel unregistration function Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Enable internal vref if external vref is not supplied Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Allow users to configure device events Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Set alert bit in config register Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: only v2 leases handle the directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix UAF issue in ksmbd_tcp_new_connection() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate mech token in session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't allow O_TRUNC open on read-only share Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free ppace array on error in parse_dacl ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Documentation/ABI/testing/sysfs-class-net-queues | 22 +-- .../ABI/testing/sysfs-class-net-statistics | 48 ++--- Documentation/arm64/silicon-errata.rst | 7 + .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Documentation/filesystems/directory-locking.rst | 29 +-- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 ++ Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm/boot/dts/exynos4210-i9100.dts | 8 + arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/qcom-sdx55.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 +++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++-- arch/arm64/boot/dts/qcom/sc7180.dtsi | 4 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 8 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/irq_work.h | 2 - arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/irq.c | 7 +- arch/arm64/kernel/perf_event.c | 6 +- arch/csky/include/asm/irq_work.h | 2 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/kernel/elf.c | 6 + arch/mips/mm/init.c | 12 +- arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 - arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 8 - arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/sstep.c | 10 + arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/powerpc/mm/kasan/kasan_init_32.c | 1 + arch/powerpc/mm/mmu_decl.h | 5 + arch/riscv/include/asm/irq_work.h | 2 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/crypto/paes_s390.c | 4 +- arch/s390/include/asm/irq_work.h | 2 - arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/time.c | 32 +++- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/boot/compressed/ident_map_64.c | 5 + arch/x86/boot/compressed/idt_64.c | 1 + arch/x86/boot/compressed/idt_handlers_64.S | 1 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/include/asm/irq_work.h | 1 - arch/x86/include/asm/syscall_wrapper.h | 25 ++- arch/x86/kernel/cpu/mce/core.c | 16 ++ arch/x86/mm/ident_map.c | 23 ++- block/bio.c | 2 +- block/blk-iocost.c | 7 + block/blk-mq.c | 16 ++ block/ioctl.c | 2 - block/partitions/core.c | 5 + crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/acpi/apei/ghes.c | 29 ++- drivers/android/binder.c | 10 + drivers/atm/idt77252.c | 2 + drivers/base/arch_numa.c | 2 +- drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 160 ++++++++-------- drivers/base/power/runtime.c | 5 + drivers/block/rbd.c | 22 ++- drivers/block/rnbd/rnbd-srv.c | 19 +- drivers/bluetooth/hci_qca.c | 1 + drivers/bus/mhi/host/init.c | 6 +- drivers/bus/mhi/host/internal.h | 2 +- drivers/bus/mhi/host/main.c | 49 +++-- drivers/bus/moxtet.c | 7 + drivers/char/hw_random/core.c | 36 ++-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 24 ++- drivers/clk/imx/clk-scu.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/cpufreq/intel_pstate.c | 67 ++++--- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 + drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/devfreq/devfreq.c | 83 ++++++--- drivers/dma-buf/dma-fence-unwrap.c | 176 ++++++++++++++++++ drivers/dma-buf/sync_file.c | 9 +- drivers/dma/dmaengine.c | 3 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 +-- drivers/dma/ti/k3-udma.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/firmware/arm_scmi/common.h | 1 + drivers/firmware/arm_scmi/mailbox.c | 14 ++ drivers/firmware/arm_scmi/shmem.c | 6 + drivers/gpio/gpio-eic-sprd.c | 32 +++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 36 ++-- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 6 +- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 6 +- .../drm/amd/display/dc/dcn302/dcn302_resource.c | 6 +- .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 6 +- .../amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_fb_helper.c | 11 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 ++ drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dp/dp_link.c | 12 +- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/scheduler/sched_main.c | 3 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 8 +- drivers/hid/hid-apple.c | 33 +++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-picolcd_fb.c | 2 +- drivers/hid/hid-quirks.c | 1 + drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +++++-- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++-- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7091r-base.c | 173 ++++++++++++++++- drivers/iio/adc/ad7091r-base.h | 8 + drivers/iio/adc/ad7091r5.c | 29 +-- drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 ++- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/mailbox/arm_mhuv2.c | 3 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/md.c | 54 +++++- drivers/media/i2c/imx335.c | 4 +- drivers/media/i2c/imx355.c | 12 +- drivers/media/i2c/ov9734.c | 19 +- drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 6 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/misc/lkdtm/bugs.c | 2 +- drivers/mmc/core/block.c | 46 ++++- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/mmc_spi.c | 186 +------------------ drivers/net/bonding/bond_alb.c | 3 +- drivers/net/dsa/mv88e6xxx/chip.h | 4 +- drivers/net/dsa/mv88e6xxx/serdes.c | 8 +- drivers/net/dsa/mv88e6xxx/serdes.h | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 +-- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/google/gve/gve_tx_dqo.c | 5 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 ++++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 +++++++++--------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 +++++------ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +----- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++++++-------- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 27 ++- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 +- .../mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +-- .../mellanox/mlx5/core/steering/dr_action.c | 19 +- .../mellanox/mlx5/core/steering/dr_domain.c | 2 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 4 +- .../mellanox/mlx5/core/steering/dr_types.h | 7 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/fjes/fjes_hw.c | 37 +++- drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 4 +- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 67 ++++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 8 + drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 ++ .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 ++ .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 +++++----- drivers/of/property.c | 2 +- drivers/of/unittest.c | 12 +- drivers/pci/pci.h | 2 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 ++- drivers/pci/switch/switchtec.c | 25 ++- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 52 +++--- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/rtc/rtc-cmos.c | 4 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/arcmsr/arcmsr.h | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/scsi/scsi_error.c | 9 +- drivers/scsi/scsi_lib.c | 4 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/scsi/ufs/ufshcd.c | 14 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/fbtft/fbtft-core.c | 14 +- drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 13 ++ drivers/tty/serial/max310x.c | 33 +++- drivers/tty/tty_ioctl.c | 4 +- drivers/usb/core/hub.c | 34 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/ep0.c | 27 ++- drivers/usb/dwc3/gadget.c | 162 +++++++++++++--- drivers/usb/dwc3/gadget.h | 3 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/vhost/vhost.c | 5 +- drivers/video/fbdev/broadsheetfb.c | 14 +- drivers/video/fbdev/core/fb_defio.c | 168 +++++++++++++---- drivers/video/fbdev/core/fbmem.c | 4 + drivers/video/fbdev/hecubafb.c | 3 +- drivers/video/fbdev/hyperv_fb.c | 8 +- drivers/video/fbdev/metronomefb.c | 14 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 20 +- drivers/video/fbdev/smscufx.c | 9 +- drivers/video/fbdev/ssd1307fb.c | 3 +- drivers/video/fbdev/udlfb.c | 10 +- drivers/video/fbdev/xen-fbfront.c | 8 +- drivers/watchdog/it87_wdt.c | 14 +- drivers/xen/gntdev-dmabuf.c | 54 +++--- fs/afs/callback.c | 3 +- fs/afs/dir.c | 8 + fs/afs/server.c | 7 +- fs/btrfs/ctree.h | 22 +++ fs/btrfs/delayed-inode.c | 5 +- fs/btrfs/delayed-inode.h | 1 + fs/btrfs/disk-io.c | 13 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/inode.c | 172 ++++++++++------- fs/btrfs/ioctl.c | 12 ++ fs/btrfs/qgroup.c | 14 ++ fs/btrfs/ref-verify.c | 6 +- fs/btrfs/send.c | 2 +- fs/btrfs/sysfs.c | 9 +- fs/btrfs/tree-checker.c | 2 +- fs/ceph/caps.c | 12 +- fs/cifs/smb2misc.c | 2 +- fs/cifs/smb2ops.c | 14 +- fs/cifs/smb2pdu.c | 13 +- fs/cifs/smb2pdu.h | 42 +++-- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/exec.c | 3 + fs/ext4/mballoc.c | 26 ++- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 ++-- fs/f2fs/compress.c | 4 +- fs/f2fs/file.c | 2 + fs/f2fs/recovery.c | 25 ++- fs/hugetlbfs/inode.c | 13 +- fs/ioctl.c | 3 +- fs/jfs/jfs_dmap.c | 57 +++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 ++ fs/ksmbd/asn1.c | 5 + fs/ksmbd/connection.c | 7 +- fs/ksmbd/connection.h | 2 +- fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/oplock.c | 22 ++- fs/ksmbd/smb2pdu.c | 53 +++--- fs/ksmbd/smbacl.c | 11 +- fs/ksmbd/transport_ipc.c | 4 +- fs/ksmbd/transport_rdma.c | 11 +- fs/ksmbd/transport_tcp.c | 13 +- fs/namei.c | 60 +++--- fs/nfsd/nfs4state.c | 61 +++--- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/ntfs3/fsntfs.c | 16 +- fs/ntfs3/index.c | 3 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/pipe.c | 19 +- fs/pstore/ram.c | 1 + fs/ubifs/dir.c | 2 + fs/xfs/xfs_super.c | 27 ++- include/asm-generic/numa.h | 2 + include/drm/drm_color_mgmt.h | 1 + include/drm/drm_fb_helper.h | 3 +- include/drm/drm_mipi_dsi.h | 2 + include/linux/async.h | 2 + include/linux/bpf.h | 6 +- include/linux/dma-fence.h | 19 ++ include/linux/dmaengine.h | 3 +- include/linux/fb.h | 18 +- include/linux/hrtimer.h | 4 +- include/linux/irq_work.h | 3 + include/linux/lsm_hook_defs.h | 2 + include/linux/mmc/sdio_ids.h | 1 + include/linux/mmzone.h | 18 +- include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/overflow.h | 72 ++++---- include/linux/pci_ids.h | 1 + include/linux/pipe_fs_i.h | 16 ++ include/linux/pm_runtime.h | 4 + include/linux/security.h | 9 + include/linux/syscalls.h | 1 + include/net/af_unix.h | 20 +- include/net/inet_connection_sock.h | 8 + include/net/llc_pdu.h | 6 +- include/net/netfilter/nf_tables.h | 2 + include/uapi/linux/btrfs.h | 4 + include/uapi/linux/netfilter/nf_tables.h | 2 + kernel/async.c | 85 ++++++--- kernel/audit.c | 31 +++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/bpf/syscall.c | 6 + kernel/events/core.c | 38 ++-- kernel/power/swap.c | 38 ++-- kernel/sched/membarrier.c | 9 + kernel/time/clocksource.c | 25 ++- kernel/time/hrtimer.c | 17 +- kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 ++++---- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- lib/debugobjects.c | 204 ++++++++------------- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/sparse.c | 17 +- net/8021q/vlan_netlink.c | 4 + net/bluetooth/l2cap_core.c | 3 +- net/bridge/br_cfm_netlink.c | 2 +- net/bridge/br_multicast.c | 20 +- net/bridge/br_private.h | 4 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +++-- net/core/request_sock.c | 3 - net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/ipv4/af_inet.c | 9 +- net/ipv4/inet_connection_sock.c | 4 + net/ipv4/ip_output.c | 12 +- net/ipv4/ip_tunnel_core.c | 2 +- net/ipv4/tcp.c | 13 +- net/ipv6/addrconf_core.c | 21 ++- net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_tunnel.c | 28 ++- net/llc/af_llc.c | 26 ++- net/llc/llc_core.c | 7 - net/mac80211/tx.c | 3 +- net/mptcp/protocol.c | 3 - net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 34 ++-- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_compat.c | 23 ++- net/netfilter/nft_ct.c | 27 +++ net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_limit.c | 23 ++- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_set_pipapo.c | 108 +++++------ net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/netfilter/nft_set_rbtree.c | 6 +- net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_tunnel.c | 1 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +++-- net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/unix/garbage.c | 12 ++ net/wireless/scan.c | 4 + scripts/decode_stacktrace.sh | 60 +++++- scripts/get_abi.pl | 2 +- scripts/link-vmlinux.sh | 9 +- scripts/mod/sumversion.c | 7 +- security/security.c | 32 +++- security/selinux/hooks.c | 28 +++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/hda/hdac_stream.c | 9 +- sound/hda/intel-dsp-config.c | 10 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 133 +++++++++++++- sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 7 - sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/wcd938x.c | 2 +- sound/usb/quirks.c | 4 + tools/build/feature/test-libopencsd.c | 4 +- tools/lib/bpf/libbpf.c | 2 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/cgroup_helpers.c | 18 +- tools/testing/selftests/bpf/prog_tests/btf.c | 1 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 55 ------ tools/testing/selftests/bpf/progs/pyperf180.c | 22 +++ .../selftests/bpf/progs/tailcall_bpf2bpf6.c | 42 ----- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 9 + tools/testing/selftests/net/pmtu.sh | 34 ++-- tools/testing/selftests/net/setup_veth.sh | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 14 +- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/sgx/test_encl.lds | 6 +- 527 files changed, 5153 insertions(+), 2726 deletions(-)

1 year, 1 month

18
505
0 0

[PATCH v3] clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs

by Gabor Juhos

The clk_alpha_pll_stromer_set_rate() function writes inproper values into the ALPHA_VAL{,_U} registers which results in wrong clock rates when the alpha value is used. The broken behaviour can be seen on IPQ5018 for example, when dynamic scaling sets the CPU frequency to 800000 KHz. In this case the CPU cores are running only at 792031 KHz: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 792031 This happens because the function ignores the fact that the alpha value calculated by the alpha_pll_round_rate() function is only 32 bits wide which must be extended to 40 bits if it is used on a hardware which supports 40 bits wide values. Extend the clk_alpha_pll_stromer_set_rate() function to convert the alpha value to 40 bits before wrinting that into the registers in order to ensure that the hardware really uses the requested rate. After the change the CPU frequency is correct: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 800000 Cc: stable(a)vger.kernel.org Fixes: e47a4f55f240 ("clk: qcom: clk-alpha-pll: Add support for Stromer PLLs") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v3: - remove constants' comparison (Konrad) - Link to v2: https://lore.kernel.org/r/20240326-alpha-pll-fix-stromer-set-rate-v2-1-48ae… Changes in v2: - fix subject prefix - rebase on v6.9-rc1 - Link to v1: https://lore.kernel.org/r/20240324-alpha-pll-fix-stromer-set-rate-v1-1-335b… Depends on the following patch: https://lore.kernel.org/r/20240315-apss-ipq-pll-ipq5018-hang-v2-1-6fe30ada2… --- drivers/clk/qcom/clk-alpha-pll.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..8a8abb429577 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -2490,6 +2490,8 @@ static int clk_alpha_pll_stromer_set_rate(struct clk_hw *hw, unsigned long rate, rate = alpha_pll_round_rate(rate, prate, &l, &a, ALPHA_REG_BITWIDTH); regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + + a <<= ALPHA_REG_BITWIDTH - ALPHA_BITWIDTH; regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL_U(pll), a >> ALPHA_BITWIDTH); --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240324-alpha-pll-fix-stromer-set-rate-472376e624f0 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 1 month

2
1
0 0

[PATCH v2] clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure

by Gabor Juhos

Booting v6.8 results in a hang on various IPQ5018 based boards. Investigating the problem showed that the hang happens when the clk_alpha_pll_stromer_plus_set_rate() function tries to write into the PLL_MODE register of the APSS PLL. Checking the downstream code revealed that it uses [1] stromer specific operations for IPQ5018, whereas in the current code the stromer plus specific operations are used. The ops in the 'ipq_pll_stromer_plus' clock definition can't be changed since that is needed for IPQ5332, so add a new alpha pll clock declaration which uses the correct stromer ops and use this new clock for IPQ5018 to avoid the boot failure. Also, change pll_type in 'ipq5018_pll_data' to CLK_ALPHA_PLL_TYPE_STROMER to better reflect that it is a Stromer PLL and change the apss_ipq_pll_probe() function accordingly. 1. https://git.codelinaro.org/clo/qsdk/oss/kernel/linux-ipq-5.4/-/blob/NHSS.QS… Cc: stable(a)vger.kernel.org Fixes: 50492f929486 ("clk: qcom: apss-ipq-pll: add support for IPQ5018") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v2: - extend commit description due to the changes - add a comment about why CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets are used - constify hw clock init data (Stephen) - change pll_type in ipq5018_pll_data to CLK_ALPHA_PLL_TYPE_STROMER (Konrad) - Link to v1: https://lore.kernel.org/r/20240311-apss-ipq-pll-ipq5018-hang-v1-1-8ed42b7a9… --- Based on v6.8. --- drivers/clk/qcom/apss-ipq-pll.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/drivers/clk/qcom/apss-ipq-pll.c b/drivers/clk/qcom/apss-ipq-pll.c index 678b805f13d45..dfffec2f06ae7 100644 --- a/drivers/clk/qcom/apss-ipq-pll.c +++ b/drivers/clk/qcom/apss-ipq-pll.c @@ -55,6 +55,29 @@ static struct clk_alpha_pll ipq_pll_huayra = { }, }; +static struct clk_alpha_pll ipq_pll_stromer = { + .offset = 0x0, + /* + * Reuse CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets. + * Although this is a bit confusing, but the offset values + * are correct nevertheless. + */ + .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], + .flags = SUPPORTS_DYNAMIC_UPDATE, + .clkr = { + .enable_reg = 0x0, + .enable_mask = BIT(0), + .hw.init = &(const struct clk_init_data) { + .name = "a53pll", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "xo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_stromer_ops, + }, + }, +}; + static struct clk_alpha_pll ipq_pll_stromer_plus = { .offset = 0x0, .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], @@ -144,8 +167,8 @@ struct apss_pll_data { }; static const struct apss_pll_data ipq5018_pll_data = { - .pll_type = CLK_ALPHA_PLL_TYPE_STROMER_PLUS, - .pll = &ipq_pll_stromer_plus, + .pll_type = CLK_ALPHA_PLL_TYPE_STROMER, + .pll = &ipq_pll_stromer, .pll_config = &ipq5018_pll_config, }; @@ -203,7 +226,8 @@ static int apss_ipq_pll_probe(struct platform_device *pdev) if (data->pll_type == CLK_ALPHA_PLL_TYPE_HUAYRA) clk_alpha_pll_configure(data->pll, regmap, data->pll_config); - else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) + else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER || + data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) clk_stromer_pll_configure(data->pll, regmap, data->pll_config); ret = devm_clk_register_regmap(dev, &data->pll->clkr); --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240311-apss-ipq-pll-ipq5018-hang-74d9a8f47136 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 1 month

3
3
0 0

Linux 6.8.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.8 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 5 arch/x86/kvm/mmu/tdp_mmu.c | 21 - arch/x86/kvm/vmx/vmx.c | 24 + arch/x86/kvm/x86.c | 2 block/bdev.c | 29 + block/ioctl.c | 3 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 161 +++++++-- drivers/clk/mediatek/clk-mt7988-infracfg.c | 2 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 38 +- drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 + drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/interconnect/qcom/x1e80100.c | 26 - drivers/iommu/iommufd/Kconfig | 1 drivers/misc/cardreader/rtsx_pcr.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/platform-vsc.c | 17 drivers/misc/mei/vsc-tp.c | 84 +++- drivers/misc/mei/vsc-tp.h | 3 drivers/net/dsa/mt7530.c | 38 +- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 - drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 ++- drivers/net/ethernet/realtek/r8169.h | 4 drivers/net/ethernet/realtek/r8169_leds.c | 23 - drivers/net/ethernet/realtek/r8169_main.c | 7 drivers/net/ethernet/renesas/ravb.h | 6 drivers/net/ethernet/renesas/ravb_main.c | 93 ++--- drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/net/usb/ax88179_178a.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/s390/net/ism_drv.c | 37 +- drivers/scsi/scsi_lib.c | 7 drivers/thermal/thermal_debugfs.c | 1 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 ++ drivers/thunderbolt/nhi.c | 19 - drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 ++++++++-- drivers/thunderbolt/tb.c | 44 +- drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 ++ drivers/tty/serial/8250/8250_dw.c | 6 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 23 + drivers/tty/serial/serial_port.c | 34 + drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/misc/onboard_usb_hub.c | 6 drivers/usb/serial/option.c | 40 ++ drivers/usb/typec/tcpm/tcpm.c | 4 drivers/virt/vmgenid.c | 2 fs/btrfs/extent_io.c | 20 - fs/fuse/dir.c | 1 fs/nfsd/nfs4xdr.c | 47 +- fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/squashfs/inode.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/blkdev.h | 2 include/linux/bootconfig.h | 7 include/linux/gpio/property.h | 1 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 +-- include/linux/udp.h | 2 include/net/netfilter/nf_flow_table.h | 12 include/net/netfilter/nf_tables.h | 14 include/net/sch_generic.h | 1 include/trace/events/rpcgss.h | 4 init/main.c | 2 io_uring/io_uring.c | 26 - kernel/fork.c | 33 - kernel/sched/sched.h | 20 - lib/bootconfig.c | 19 - mm/gup.c | 54 +-- mm/huge_memory.c | 6 mm/hugetlb.c | 10 mm/internal.h | 10 mm/madvise.c | 17 mm/memory-failure.c | 18 - mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/core/dev.c | 6 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 82 ++++ net/netfilter/nft_lookup.c | 1 net/netfilter/nft_set_bitmap.c | 4 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 43 +- net/netfilter/nft_set_pipapo.h | 6 net/netfilter/nft_set_pipapo_avx2.c | 59 +-- net/netfilter/nft_set_rbtree.c | 4 net/sched/sch_generic.c | 1 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 7 sound/pci/hda/tas2781_hda_i2c.c | 4 tools/perf/ui/browsers/annotate.c | 2 tools/perf/util/annotate.c | 3 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/iommu/config | 2 tools/testing/selftests/net/tcp_ao/lib/proc.c | 2 tools/testing/selftests/net/tcp_ao/lib/setup.c | 12 tools/testing/selftests/net/tcp_ao/rst.c | 23 - tools/testing/selftests/net/tcp_ao/setsockopt-closed.c | 2 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/powerpc/papr_vpd/papr_vpd.c | 2 178 files changed, 1902 insertions(+), 827 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (2): drm/amdgpu: remove invalid resource->start check v2 drm/ttm: stop pooling cached NUMA pages v2 Christoph Hellwig (1): block: propagate partition scanning errors to the BLKRRPART ioctl Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Golle (1): clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Hildenbrand (1): mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Safonov (4): selftests/tcp_ao: Make RST tests less flaky selftests/tcp_ao: Zero-init tcp_ao_info_opt selftests/tcp_ao: Fix fscanf() call for format-security selftests/tcp_ao: Printing fixes to confirm with format-security Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Eric Dumazet (1): net/sched: Fix mirred deadlock on device recursion Fabio Estevam (1): usb: misc: onboard_usb_hub: Disable the USB hub clock on failure Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (2): netfilter: nft_set_pipapo: constify lookup fn args where possible netfilter: nft_set_pipapo: do not free live element Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.8.8 Hans de Goede (1): serial: 8250_dw: Revert: Do not reclock if already at correct rate Heiner Kallweit (2): r8169: fix LED-related deadlock on module removal r8169: add missing conditional compiling for call to r8169_remove_leds Huayu Zhang (1): ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 Jason A. Donenfeld (2): Revert "vmgenid: emit uevent when VMGENID updates" random: handle creditable entropy from atomic process context Jason Gunthorpe (1): iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Kyle Tso (1): usb: typec: tcpm: Correct the PDO counting in pd_set Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Lokesh Gidra (1): userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Maarten Lankhorst (1): drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Maíra Canal (1): drm/v3d: Don't increment `enabled_ns` twice Miaohe Lin (2): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled fork: defer linking file vma until vma is fully initialized Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Do not create DisplayPort tunnels on adapters of the same router thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Muhammad Usama Anjum (1): iommufd: Add config needed for iommufd_fail_nth Namhyung Kim (2): perf annotate: Make sure to call symbol__annotate2() in TUI perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naohiro Aota (1): btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Nathan Lynch (1): selftests/powerpc/papr-vpd: Fix missing variable initialization Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Niklas Söderlund (1): ravb: Group descriptor types used in Rx ring Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (7): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple netfilter: nf_tables: missing iterator type in lookup walk netfilter: nf_tables: restore set elements when delete set fails netfilter: nf_tables: fix memleak in map from abort path Paul Barker (2): net: ravb: Count packets instead of descriptors in R-Car RX path net: ravb: Allow RX loop to move past DMA mapping errors Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Qu Wenruo (1): btrfs: do not wait for short bulk allocation Rafael J. Wysocki (1): thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() Rick Edgecombe (1): KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Ricky Wu (1): misc: rtsx: Fix rts5264 driver status incorrect when card removed Sakari Ailus (2): Revert "mei: vsc: Call wake_up() in the threaded IRQ handler" mei: vsc: Unregister interrupt handler for system suspend Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (3): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: Restore mistakenly dropped parts in register devlink flow net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (2): serial: core: Fix regression when runtime PM is not enabled serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vasily Gorbik (1): NFSD: fix endianness issue in nfsd4_encode_fattr4 Ville Syrjälä (1): drm/i915/cdclk: Fix voltage_level programming edge case Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

Linux 6.6.29

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.29 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/pdata-quirks.c | 10 arch/arm64/include/asm/tlbflush.h | 40 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/powerpc/include/asm/ftrace.h | 10 arch/powerpc/include/asm/sections.h | 1 arch/powerpc/kernel/trace/ftrace.c | 12 arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 arch/powerpc/kernel/vmlinux.lds.S | 2 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/mmu/tdp_mmu.c | 21 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 195 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/display/intel_atomic.c | 1 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 drivers/gpu/drm/i915/display/intel_crtc.c | 96 drivers/gpu/drm/i915/display/intel_crtc.h | 6 drivers/gpu/drm/i915/display/intel_display.c | 43 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_display_types.h | 2 drivers/gpu/drm/i915/display/intel_dp.c | 13 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/media/common/videobuf2/videobuf2-core.c | 9 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 38 drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/net/virtio_net.c | 25 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/s390/net/ism_drv.c | 37 drivers/scsi/scsi_lib.c | 7 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 drivers/thunderbolt/nhi.c | 19 drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 drivers/thunderbolt/tb.c | 38 drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 21 drivers/tty/serial/serial_port.c | 34 drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/ceph/addr.c | 22 fs/ceph/cache.c | 2 fs/ceph/caps.c | 53 fs/ceph/crypto.c | 2 fs/ceph/debugfs.c | 4 fs/ceph/dir.c | 24 fs/ceph/export.c | 10 fs/ceph/file.c | 26 fs/ceph/inode.c | 14 fs/ceph/ioctl.c | 8 fs/ceph/mds_client.c | 41 fs/ceph/mds_client.h | 3 fs/ceph/mdsmap.c | 3 fs/ceph/snap.c | 18 fs/ceph/super.c | 22 fs/ceph/super.h | 13 fs/ceph/xattr.c | 12 fs/fuse/dir.c | 1 fs/nilfs2/dir.c | 2 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsglob.h | 3 fs/smb/client/cifsproto.h | 20 fs/smb/client/connect.c | 131 fs/smb/client/dfs.c | 51 fs/smb/client/dfs.h | 33 fs/smb/client/dfs_cache.c | 53 fs/smb/client/misc.c | 7 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/bootconfig.h | 7 include/linux/ceph/mdsmap.h | 5 include/linux/gpio/property.h | 1 include/linux/pci.h | 5 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 include/linux/udp.h | 2 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 26 kernel/sched/sched.h | 20 lib/bootconfig.c | 19 mm/hugetlb.c | 10 mm/memory-failure.c | 18 mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/hda/tas2781_hda_i2c.c | 4 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/kselftest.h | 18 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/timers/posix_timers.c | 156 205 files changed, 6733 insertions(+), 5414 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Breno Leitao (1): virtio_net: Do not send RSS key if it is not supported Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (1): drm/amdgpu: remove invalid resource->start check v2 Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (2): drm/msm/dpu: populate SSPP scaler block version drm/panel: visionox-rm69299: don't unregister DSI device Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gavin Shan (1): arm64: tlb: Fix TLBI RANGE operand Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.6.29 Hans Verkuil (1): media: videobuf2: request more buffers for vb2_read Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM John Stultz (1): selftests: timers: Fix posix_timers ksft_print_msg() warning Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Brown (1): selftests: timers: Convert posix_timers test to generate KTAP output Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (1): thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namhyung Kim (1): perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naveen N Rao (1): powerpc/ftrace: Ignore ftrace locations in exit text sections NeilBrown (1): ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oleg Nesterov (2): selftests/timers/posix_timers: Reimplement check_timer_distribution() selftests: kselftest: Fix build failure with NOLIBC Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Paulo Alcantara (4): smb: client: remove extra @chan_count check in __cifs_put_smb_ses() smb: client: fix UAF in smb2_reconnect_server() smb: client: guarantee refcounted children from parent session smb: client: refresh referral without acquiring refpath_lock Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Ryan Roberts (1): arm64/mm: Modify range-based tlbi to decrement scale Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (2): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steve French (1): smb3: show beginning time for per share stats Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (1): serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Ville Syrjälä (9): drm/i915: Fix FEC pipe A vs. DDI A mixup drm/i915/mst: Reject FEC+MST on ICL drm/i915/cdclk: Fix voltage_level programming edge case drm/i915: Change intel_pipe_update_{start,end}() calling convention drm/i915: Extract intel_crtc_vblank_evade_scanlines() drm/i915: Enable VRR later during fastsets drm/i915: Adjust seamless_m_n flag behaviour drm/i915: Disable live M/N updates when using bigjoiner drm/i915/mst: Limit MST+DSC to TGL+ Vishal Badole (1): clk: Show active consumers of clocks in debugfs Xiubo Li (2): ceph: pass the mdsc to several helpers ceph: rename _to_client() to _to_fs_client() Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

Linux 6.1.88

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.88 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/board-n8x0.c | 5 arch/arm/mach-omap2/common-board-devices.h | 2 arch/arm/mach-omap2/pdata-quirks.c | 11 arch/arm64/mm/pageattr.c | 3 arch/x86/boot/Makefile | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 1 arch/x86/boot/compressed/sev.c | 3 arch/x86/boot/compressed/vmlinux.lds.S | 6 arch/x86/boot/header.S | 211 arch/x86/boot/setup.ld | 14 arch/x86/boot/tools/build.c | 273 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/init.h | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/page_types.h | 12 arch/x86/include/asm/sev.h | 10 arch/x86/kernel/amd_gart_64.c | 2 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kernel/head64.c | 7 arch/x86/kernel/platform-quirks.c | 1 arch/x86/kernel/sev-shared.c | 23 arch/x86/kernel/sev.c | 11 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 arch/x86/mm/mem_encrypt_boot.S | 4 arch/x86/mm/mem_encrypt_identity.c | 58 arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pti.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 201 drivers/clk/mediatek/clk-gate.c | 23 drivers/clk/mediatek/clk-gate.h | 7 drivers/clk/mediatek/clk-mt2701-aud.c | 4 drivers/clk/mediatek/clk-mt2701-eth.c | 4 drivers/clk/mediatek/clk-mt2701-g3d.c | 2 drivers/clk/mediatek/clk-mt2701-hif.c | 4 drivers/clk/mediatek/clk-mt2701-mm.c | 4 drivers/clk/mediatek/clk-mt2701.c | 22 drivers/clk/mediatek/clk-mt2712-mm.c | 4 drivers/clk/mediatek/clk-mt2712.c | 24 drivers/clk/mediatek/clk-mt6765.c | 13 drivers/clk/mediatek/clk-mt6779-mm.c | 4 drivers/clk/mediatek/clk-mt6779.c | 21 drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 drivers/clk/mediatek/clk-mt6795-mm.c | 3 drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 drivers/clk/mediatek/clk-mt6797-mm.c | 4 drivers/clk/mediatek/clk-mt6797.c | 7 drivers/clk/mediatek/clk-mt7622-aud.c | 4 drivers/clk/mediatek/clk-mt7622-eth.c | 8 drivers/clk/mediatek/clk-mt7622-hif.c | 8 drivers/clk/mediatek/clk-mt7622.c | 22 drivers/clk/mediatek/clk-mt7629-eth.c | 7 drivers/clk/mediatek/clk-mt7629-hif.c | 8 drivers/clk/mediatek/clk-mt7629.c | 18 drivers/clk/mediatek/clk-mt7986-eth.c | 10 drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 drivers/clk/mediatek/clk-mt8135.c | 18 drivers/clk/mediatek/clk-mt8167-aud.c | 2 drivers/clk/mediatek/clk-mt8167-img.c | 2 drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 drivers/clk/mediatek/clk-mt8167-mm.c | 4 drivers/clk/mediatek/clk-mt8167-vdec.c | 3 drivers/clk/mediatek/clk-mt8167.c | 12 drivers/clk/mediatek/clk-mt8173-mm.c | 4 drivers/clk/mediatek/clk-mt8173.c | 34 drivers/clk/mediatek/clk-mt8183-audio.c | 4 drivers/clk/mediatek/clk-mt8183-mm.c | 4 drivers/clk/mediatek/clk-mt8183.c | 36 drivers/clk/mediatek/clk-mt8186-mcu.c | 3 drivers/clk/mediatek/clk-mt8186-mm.c | 3 drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 drivers/clk/mediatek/clk-mt8192-aud.c | 3 drivers/clk/mediatek/clk-mt8192-mm.c | 3 drivers/clk/mediatek/clk-mt8192.c | 90 drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 drivers/clk/mediatek/clk-mt8365-mm.c | 5 drivers/clk/mediatek/clk-mt8365.c | 14 drivers/clk/mediatek/clk-mt8516-aud.c | 2 drivers/clk/mediatek/clk-mt8516.c | 12 drivers/clk/mediatek/clk-mtk.c | 127 drivers/clk/mediatek/clk-mtk.h | 13 drivers/clk/mediatek/clk-mux.c | 14 drivers/clk/mediatek/clk-mux.h | 3 drivers/comedi/drivers/vmk80xx.c | 35 drivers/firmware/efi/libstub/Makefile | 7 drivers/firmware/efi/libstub/x86-stub.c | 58 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 78 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/hid/hid-ids.h | 2 drivers/hid/hid-kye.c | 62 drivers/hid/hid-quirks.c | 6 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 58 drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 68 drivers/pci/switch/switchtec.c | 158 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/thunderbolt/quirks.c | 2 drivers/thunderbolt/switch.c | 48 drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/stm32-usart.c | 13 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/pci-quirks.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/linux/bootconfig.h | 7 include/linux/pci.h | 5 include/linux/pci_ids.h | 2 include/linux/switchtec.h | 1 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/dsa.h | 8 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 16 lib/bootconfig.c | 19 mm/memory-failure.c | 18 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/pci/hda/patch_realtek.c | 1 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 198 files changed, 6276 insertions(+), 5630 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Alvaro Karsz (1): PCI: Avoid FLR for SolidRun SNET DPU rev 1 AngeloGioacchino Del Regno (6): clk: mediatek: mt8192: Correctly unregister and free clocks on failure clk: mediatek: mt8192: Propagate struct device for gate clocks clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() clk: mediatek: clk-mtk: Propagate struct device for composites clk: mediatek: clk-mux: Propagate struct device for mtk-mux clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() Ard Biesheuvel (20): x86/efi: Drop EFI stub .bss from .data section x86/efi: Disregard setup header of loaded image x86/efistub: Reinstate soft limit for initrd loading x86/efi: Drop alignment flags from PE section headers x86/boot: Remove the 'bugger off' message x86/boot: Omit compression buffer from PE/COFF image memory footprint x86/boot: Drop redundant code setting the root device x86/boot: Drop references to startup_64 x86/boot: Grab kernel_info offset from zoffset header directly x86/boot: Set EFI handover offset directly in header asm x86/boot: Define setup size in linker script x86/boot: Derive file size from _edata symbol x86/boot: Construct PE/COFF .text section from assembler x86/boot: Drop PE/COFF .reloc section x86/boot: Split off PE/COFF .data section x86/boot: Increase section and file alignment to 4k/512 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Arnd Bergmann (1): x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christophe JAILLET (1): usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Yang (1): HID: kye: Sort kye devices Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Torokhov (1): ARM: omap2: n8x0: stop instantiating codec platform data Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.1.88 Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Hawking Zhang (1): drm/amdgpu: fix incorrect active rb bitmap for gfx11 Hou Wenlong (2): x86/head/64: Add missing __head annotation to startup_64_load_idt() x86/head/64: Move the __head definition to <asm/init.h> Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kelvin Cao (2): PCI: switchtec: Use normal comment style PCI: switchtec: Add support for PCIe Gen5 devices Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Maciej W. Rozycki (1): PCI: Execute quirk_enable_clear_retrain_link() earlier Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (1): ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Log function name of the called quirk thunderbolt: Add debug log for link controller power quirk Mike Pastore (1): PCI: Delay after FLR of Solidigm P44 Pro NVMe Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Pasha Tatashin (1): x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Shay Drory (1): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Tim Huang (1): drm/amdgpu: fix incorrect number of active RBs for gfx11 Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vishal Badole (1): clk: Show active consumers of clocks in debugfs Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yu Zhe (1): clk: remove unnecessary (void*) conversions Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (3): drm/vmwgfx: Enable DMA mappings with SEV drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

Linux 5.15.157

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.157 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/nfs/exporting.rst | 7 Makefile | 2 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/clk/clk.c | 154 +++++++--- drivers/comedi/drivers/vmk80xx.c | 35 -- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 60 ++- drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/thunderbolt/switch.c | 48 ++- drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/pmac_zilog.c | 14 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/serial/option.c | 40 ++ fs/btrfs/delayed-inode.c | 3 fs/ksmbd/ksmbd_netlink.h | 3 fs/ksmbd/mgmt/share_config.c | 7 fs/ksmbd/smb2ops.c | 10 fs/ksmbd/smb2pdu.c | 3 fs/ksmbd/transport_ipc.c | 37 ++ fs/lockd/svclock.c | 4 fs/nfsd/nfs4state.c | 10 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/bpf.h | 9 include/linux/bpf_verifier.h | 4 include/linux/exportfs.h | 14 include/net/dsa.h | 8 include/net/net_namespace.h | 6 include/net/netfilter/nf_flow_table.h | 33 ++ include/net/netns/flow_table.h | 14 include/trace/events/rpcgss.h | 4 init/main.c | 2 kernel/bpf/btf.c | 93 ++++-- kernel/bpf/verifier.c | 66 +++- kernel/kprobes.c | 18 - kernel/trace/trace_events_trigger.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 + net/netfilter/Kconfig | 9 net/netfilter/Makefile | 1 net/netfilter/nf_flow_table_core.c | 62 +++- net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_flow_table_offload.c | 17 - net/netfilter/nf_flow_table_procfs.c | 80 +++++ net/netfilter/nf_tables_api.c | 16 - net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 79 files changed, 971 insertions(+), 319 deletions(-) Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Boris Burkov (1): btrfs: record delayed inode root in transaction Carlos Llamas (1): binder: check offset alignment in binder_get_object() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Chuck Lever (1): Revert "lockd: introduce safe async lock op" Claudiu Beznea (1): clk: remove extra empty line Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Borkmann (4): bpf: Generalize check_ctx_reg for reuse with other types bpf: Generally fix helper register offset check bpf: Fix out of bounds access for ringbuf helpers bpf: Fix ringbuf memory type confusion when passing to helpers Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 5.15.157 Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kumar Kartikeya Dwivedi (1): bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (1): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Mark 'all_lists' as const clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vlad Buslov (1): netfilter: nf_flow_table: count pending offload workqueue tasks Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (1): drm/vmwgfx: Sort primary plane formats by order of preference Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 1 month

1
1
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042720-safeness-stowaway-2308@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042718-handset-kitty-0a0e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042707--b5a0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 1 month

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042706--0fec@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 1 month

1
0
0 0

[PATCH 5.15 00/71] 5.15.157-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.157 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.157-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.157-rc1 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Vlad Buslov <vladbu(a)nvidia.com> netfilter: nf_flow_table: count pending offload workqueue tasks Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Chuck Lever <chuck.lever(a)oracle.com> Revert "lockd: introduce safe async lock op" Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix ringbuf memory type confusion when passing to helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix out of bounds access for ringbuf helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generally fix helper register offset check Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generalize check_ctx_reg for reuse with other types Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails ------------- Diffstat: Documentation/filesystems/nfs/exporting.rst | 7 - Makefile | 4 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 ++ arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/comedi/drivers/vmk80xx.c | 35 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 60 +++++--- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 +++ drivers/net/tun.c | 18 +-- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 +++- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ fs/btrfs/delayed-inode.c | 3 + fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/mgmt/share_config.c | 7 +- fs/ksmbd/smb2ops.c | 10 +- fs/ksmbd/smb2pdu.c | 3 +- fs/ksmbd/transport_ipc.c | 37 +++++ fs/lockd/svclock.c | 4 +- fs/nfsd/nfs4state.c | 10 +- fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/bpf.h | 9 +- include/linux/bpf_verifier.h | 4 +- include/linux/exportfs.h | 14 -- include/net/dsa.h | 8 ++ include/net/net_namespace.h | 6 + include/net/netfilter/nf_flow_table.h | 33 ++++- include/net/netns/flow_table.h | 14 ++ include/trace/events/rpcgss.h | 4 +- init/main.c | 2 + kernel/bpf/btf.c | 93 ++++++++++--- kernel/bpf/verifier.c | 66 ++++++--- kernel/kprobes.c | 18 ++- kernel/trace/trace_events_trigger.c | 6 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +++- net/netfilter/Kconfig | 9 ++ net/netfilter/Makefile | 1 + net/netfilter/nf_flow_table_core.c | 62 ++++++++- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_flow_table_offload.c | 17 ++- net/netfilter/nf_flow_table_procfs.c | 80 +++++++++++ net/netfilter/nf_tables_api.c | 16 ++- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 79 files changed, 973 insertions(+), 321 deletions(-)

1 year, 1 month

10
82
0 0

[PATCH 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 1 month

2
1
0 0

[PATCH 6.6 000/158] 6.6.29-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.29 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.29-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.29-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Ignore ftrace locations in exit text sections Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime import/export Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove invalid resource->start check v2 Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix memory leak in create_process failure xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Danny Lin <danny(a)orbstack.dev> fuse: fix leaked ENOSYS error on first statx call Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Peter Xu <peterx(a)redhat.com> mm/userfaultfd: allow hugetlb change protection upon poison entry Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Ard Biesheuvel <ardb(a)kernel.org> arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H David Matlack <dmatlack(a)google.com> KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Add missing memory barrier in switch_mm_cid Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Tony Lindgren <tony(a)atomide.com> serial: core: Fix missing shutdown and startup for serial base port Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Clearing the circular buffer before NULLifying it Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Mauro Carvalho Chehab <mchehab(a)kernel.org> ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: correct the register for pow calibrated data Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Shay Drory <shayd(a)nvidia.com> net/mlx5: E-switch, store eswitch pointer before registering devlink_param Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Don't access req_list while it's being manipulated Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Sanath S <Sanath.S(a)amd.com> thunderbolt: Reset topology created by the boot firmware Sanath S <Sanath.S(a)amd.com> thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_path_deactivate_hop() Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_port_reset() Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for UHCI handoff Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for AMD quirk Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: make -fstrict-flex-arrays=3 happy Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Add a missing NULL check Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix WED + wifi reset Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: swnode: Remove wrong header inclusion Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: Properly fix receive message buffer allocation Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix port mirroring for MT7988 SoC switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix checking for unsupported keys on non-tunnel device Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: check src_vsi in case of traffic from VF Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix IP-cores specific MAC capabilities Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix max-speed being ignored on queue re-init Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only Asbjørn Sloth Tønnesen <ast(a)fiberby.net> octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: sparx5: flower: fix fragment flags handling Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Modify range-based tlbi to decrement scale Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: videobuf2: request more buffers for vb2_read Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: populate SSPP scaler block version John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Xiubo Li <xiubli(a)redhat.com> ceph: rename _to_client() to _to_fs_client() Xiubo Li <xiubli(a)redhat.com> ceph: pass the mdsc to several helpers Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Mark Brown <broonie(a)kernel.org> selftests: timers: Convert posix_timers test to generate KTAP output Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Adjust seamless_m_n flag behaviour Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Enable VRR later during fastsets Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Extract intel_crtc_vblank_evade_scanlines() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Change intel_pipe_update_{start,end}() calling convention Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix voltage_level programming edge case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix FEC pipe A vs. DDI A mixup Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Steve French <stfrench(a)microsoft.com> smb3: show beginning time for per share stats Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Paulo Alcantara <pc(a)manguebit.com> smb: client: remove extra @chan_count check in __cifs_put_smb_ses() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-omap2/pdata-quirks.c | 10 + arch/arm64/include/asm/tlbflush.h | 40 ++-- arch/arm64/kernel/head.S | 5 + arch/arm64/mm/pageattr.c | 3 - arch/powerpc/include/asm/ftrace.h | 10 +- arch/powerpc/include/asm/sections.h | 1 + arch/powerpc/kernel/trace/ftrace.c | 12 + arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 + arch/powerpc/kernel/vmlinux.lds.S | 2 + arch/x86/include/asm/barrier.h | 3 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/tdp_mmu.c | 21 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 195 ++++++++++++---- drivers/clk/mediatek/clk-mtk.c | 15 ++ drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 +++--- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/display/intel_atomic.c | 1 + drivers/gpu/drm/i915/display/intel_cdclk.c | 37 ++- drivers/gpu/drm/i915/display/intel_crtc.c | 96 +++++--- drivers/gpu/drm/i915/display/intel_crtc.h | 6 +- drivers/gpu/drm/i915/display/intel_display.c | 43 ++-- .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_display_types.h | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 13 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 42 +++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 ++++++-- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/radeon/radeon_atombios.c | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 ++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 +++ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 ++-- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/interconnect/core.c | 8 + drivers/media/common/videobuf2/videobuf2-core.c | 9 +- drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 38 ++- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +- drivers/net/ethernet/mediatek/mtk_wed.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- .../ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 +++-- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 +-- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/net/virtio_net.c | 27 ++- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++--- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/s390/net/ism_drv.c | 37 ++- drivers/scsi/scsi_lib.c | 7 +- drivers/thunderbolt/domain.c | 5 +- drivers/thunderbolt/icm.c | 2 +- drivers/thunderbolt/lc.c | 45 ++++ drivers/thunderbolt/nhi.c | 19 +- drivers/thunderbolt/path.c | 13 ++ drivers/thunderbolt/switch.c | 180 +++++++++++++-- drivers/thunderbolt/tb.c | 30 ++- drivers/thunderbolt/tb.h | 10 +- drivers/thunderbolt/tb_regs.h | 6 + drivers/thunderbolt/usb4.c | 52 ++++- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/serial_base.h | 4 + drivers/tty/serial/serial_core.c | 21 +- drivers/tty/serial/serial_port.c | 34 +++ drivers/tty/serial/stm32-usart.c | 13 +- drivers/ufs/host/ufs-qcom.c | 8 +- drivers/usb/Kconfig | 10 + drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hcd-pci.c | 3 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 144 ++++++------ drivers/usb/host/pci-quirks.h | 34 ++- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 ++++ fs/ceph/addr.c | 22 +- fs/ceph/cache.c | 2 +- fs/ceph/caps.c | 53 +++-- fs/ceph/crypto.c | 2 +- fs/ceph/debugfs.c | 4 +- fs/ceph/dir.c | 24 +- fs/ceph/export.c | 10 +- fs/ceph/file.c | 26 +-- fs/ceph/inode.c | 14 +- fs/ceph/ioctl.c | 8 +- fs/ceph/mds_client.c | 41 ++-- fs/ceph/mds_client.h | 3 +- fs/ceph/mdsmap.c | 3 +- fs/ceph/snap.c | 18 +- fs/ceph/super.c | 22 +- fs/ceph/super.h | 13 +- fs/ceph/xattr.c | 12 +- fs/fuse/dir.c | 1 + fs/nilfs2/dir.c | 2 +- fs/smb/client/cifs_debug.c | 6 +- fs/smb/client/cifsglob.h | 3 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 135 ++++++----- fs/smb/client/dfs.c | 51 ++-- fs/smb/client/dfs.h | 33 ++- fs/smb/client/dfs_cache.c | 53 ++--- fs/smb/client/misc.c | 7 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/asm-generic/barrier.h | 8 + include/linux/bootconfig.h | 7 +- include/linux/ceph/mdsmap.h | 5 +- include/linux/gpio/property.h | 1 - include/linux/pci.h | 5 + include/linux/shmem_fs.h | 9 + include/linux/swapops.h | 65 +++--- include/linux/udp.h | 2 +- include/linux/usb/hcd.h | 22 +- include/linux/usb/quirks.h | 3 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 26 +-- kernel/sched/sched.h | 20 +- lib/bootconfig.c | 19 +- mm/hugetlb.c | 10 +- mm/memory-failure.c | 18 +- mm/shmem.c | 6 - net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/core/seq/seq_ump_convert.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/hda/tas2781_hda_i2c.c | 4 +- sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/kselftest.h | 13 ++ tools/testing/selftests/net/udpgso.c | 2 +- tools/testing/selftests/timers/posix_timers.c | 156 ++++++------- 208 files changed, 2654 insertions(+), 1290 deletions(-)

1 year, 1 month

11
170
0 0

[PATCH net v2 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 2 months

2
3
0 0

+ kmsan-compiler_types-declare-__no_sanitize_or_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Fri, 26 Apr 2024 11:16:22 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Link: https://lkml.kernel.org/r/20240426091622.3846771-1-glider@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Cc: <stable(a)vger.kernel.org> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are kmsan-compiler_types-declare-__no_sanitize_or_inline.patch

1 year, 2 months

1
0
0 0

+ mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() Date: Fri, 26 Apr 2024 19:29:38 +0800 See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Zhang Yi <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/readahead.c~mm-use-memalloc_nofs_save-in-page_cache_ra_order +++ a/mm/readahead.c @@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea pgoff_t index = readahead_index(ractl); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; + unsigned int nofs; int err = 0; gfp_t gfp = readahead_gfp_mask(mapping); @@ -504,6 +505,8 @@ void page_cache_ra_order(struct readahea new_order = min_t(unsigned int, new_order, ilog2(ra->size)); } + /* See comment in page_cache_ra_unbounded() */ + nofs = memalloc_nofs_save(); filemap_invalidate_lock_shared(mapping); while (index <= limit) { unsigned int order = new_order; @@ -527,6 +530,7 @@ void page_cache_ra_order(struct readahea read_pages(ractl); filemap_invalidate_unlock_shared(mapping); + memalloc_nofs_restore(nofs); /* * If there were already pages in the page cache, then we may have _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch arm64-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch arm-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch mm-move-mm-counter-updating-out-of-set_pte_range.patch mm-filemap-batch-mm-counter-updating-in-filemap_map_pages.patch mm-swapfile-check-usable-swap-device-in-__folio_throttle_swaprate.patch mm-memory-check-userfaultfd_wp-in-vmf_orig_pte_uffd_wp.patch

1 year, 2 months

1
0
0 0

[PATCH net v2 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 2 months

2
1
0 0

[PATCH net v2 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 2 months

2
1
0 0

[PATCH v3 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes two buffer overflows and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Changes in v3: - Collected tags from v2 - Added comment to describe the hidden depths of kdb_position_cursor() (thanks Doug) - Fixed a couple of typos in the patch descriptions (thanks Doug) - Link to v2: https://lore.kernel.org/r/20240422-kgdb_read_refactor-v2-0-ed51f7d145fe@lin… Changes in v2: - No code changes! - I belatedly realized that one of the cleanups actually fixed a buffer overflow so there are changes to Cc: (to add stable@...) and to one of the patch descriptions. - Link to v1: https://lore.kernel.org/r/20240416-kgdb_read_refactor-v1-0-b18c2d01076d@lin… --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 153 +++++++++++++++++++++++----------------------- 1 file changed, 78 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 2 months

1
6
0 0

[PATCH v2] serial: kgdboc: Fix NMI-safety problems from keyboard reset code

by Daniel Thompson

Currently, when kdb is compiled with keyboard support, then we will use schedule_work() to provoke reset of the keyboard status. Unfortunately schedule_work() gets called from the kgdboc post-debug-exception handler. That risks deadlock since schedule_work() is not NMI-safe and, even on platforms where the NMI is not directly used for debugging, the debug trap can have NMI-like behaviour depending on where breakpoints are placed. Fix this by using the irq work system, which is NMI-safe, to defer the call to schedule_work() to a point when it is safe to call. Reported-by: Liuye <liu.yeC(a)h3c.com> Closes: https://lore.kernel.org/all/20240228025602.3087748-1-liu.yeC@h3c.com/ Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- @Greg: I'm assuming this could/should go via your tree but feel free to share an ack if you want me to hoover it up instead. Changes in v2: - Fix typo in the big comment (thanks Doug) - Link to v1: https://lore.kernel.org/r/20240419-kgdboc_fix_schedule_work-v1-1-ff19881677… --- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c index 7ce7bb1640054..58ea1e1391cee 100644 --- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c @@ -19,6 +19,7 @@ #include <linux/console.h> #include <linux/vt_kern.h> #include <linux/input.h> +#include <linux/irq_work.h> #include <linux/module.h> #include <linux/platform_device.h> #include <linux/serial_core.h> @@ -48,6 +49,25 @@ static struct kgdb_io kgdboc_earlycon_io_ops; static int (*earlycon_orig_exit)(struct console *con); #endif /* IS_BUILTIN(CONFIG_KGDB_SERIAL_CONSOLE) */ +/* + * When we leave the debug trap handler we need to reset the keyboard status + * (since the original keyboard state gets partially clobbered by kdb use of + * the keyboard). + * + * The path to deliver the reset is somewhat circuitous. + * + * To deliver the reset we register an input handler, reset the keyboard and + * then deregister the input handler. However, to get this done right, we do + * have to carefully manage the calling context because we can only register + * input handlers from task context. + * + * In particular we need to trigger the action from the debug trap handler with + * all its NMI and/or NMI-like oddities. To solve this the kgdboc trap exit code + * (the "post_exception" callback) uses irq_work_queue(), which is NMI-safe, to + * schedule a callback from a hardirq context. From there we have to defer the + * work again, this time using schedule_work(), to get a callback using the + * system workqueue, which runs in task context. + */ #ifdef CONFIG_KDB_KEYBOARD static int kgdboc_reset_connect(struct input_handler *handler, struct input_dev *dev, @@ -99,10 +119,17 @@ static void kgdboc_restore_input_helper(struct work_struct *dummy) static DECLARE_WORK(kgdboc_restore_input_work, kgdboc_restore_input_helper); +static void kgdboc_queue_restore_input_helper(struct irq_work *unused) +{ + schedule_work(&kgdboc_restore_input_work); +} + +static DEFINE_IRQ_WORK(kgdboc_restore_input_irq_work, kgdboc_queue_restore_input_helper); + static void kgdboc_restore_input(void) { if (likely(system_state == SYSTEM_RUNNING)) - schedule_work(&kgdboc_restore_input_work); + irq_work_queue(&kgdboc_restore_input_irq_work); } static int kgdboc_register_kbd(char **cptr) @@ -133,6 +160,7 @@ static void kgdboc_unregister_kbd(void) i--; } } + irq_work_sync(&kgdboc_restore_input_irq_work); flush_work(&kgdboc_restore_input_work); } #else /* ! CONFIG_KDB_KEYBOARD */ --- base-commit: 0bbac3facb5d6cc0171c45c9873a2dc96bea9680 change-id: 20240419-kgdboc_fix_schedule_work-f0cb44b8a354 Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 2 months

2
2
0 0

[PATCH 2/2] drm/nouveau/gsp: Use the sg allocator for level 2 of radix3

by Lyude Paul

Currently we allocate all 3 levels of radix3 page tables using nvkm_gsp_mem_ctor(), which uses dma_alloc_coherent() for allocating all of the relevant memory. This can end up failing in scenarios where the system has very high memory fragmentation, and we can't find enough contiguous memory to allocate level 2 of the page table. Currently, this can result in runtime PM issues on systems where memory fragmentation is high - as we'll fail to allocate the page table for our suspend/resume buffer: kworker/10:2: page allocation failure: order:7, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 10 PID: 479809 Comm: kworker/10:2 Not tainted 6.8.6-201.ChopperV6.fc39.x86_64 #1 Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x64/0x80 warn_alloc+0x165/0x1e0 ? __alloc_pages_direct_compact+0xb3/0x2b0 __alloc_pages_slowpath.constprop.0+0xd7d/0xde0 __alloc_pages+0x32d/0x350 __dma_direct_alloc_pages.isra.0+0x16a/0x2b0 dma_direct_alloc+0x70/0x270 nvkm_gsp_radix3_sg+0x5e/0x130 [nouveau] r535_gsp_fini+0x1d4/0x350 [nouveau] nvkm_subdev_fini+0x67/0x150 [nouveau] nvkm_device_fini+0x95/0x1e0 [nouveau] nvkm_udevice_fini+0x53/0x70 [nouveau] nvkm_object_fini+0xb9/0x240 [nouveau] nvkm_object_fini+0x75/0x240 [nouveau] nouveau_do_suspend+0xf5/0x280 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1e0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x41/0x170 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x5d/0x70 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_suspend+0x120/0x6a0 pm_runtime_work+0x98/0xb0 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Luckily, we don't actually need to allocate coherent memory for the page table thanks to being able to pass the GPU a radix3 page table for suspend/resume data. So, let's rewrite nvkm_gsp_radix3_sg() to use the sg allocator for level 2. We continue using coherent allocations for lvl0 and 1, since they only take a single page. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 71 ++++++++++++------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 6f5d376d8fcc1..a11d16a16c3b2 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -15,7 +15,9 @@ struct nvkm_gsp_mem { }; struct nvkm_gsp_radix3 { - struct nvkm_gsp_mem mem[3]; + struct nvkm_gsp_mem lvl0; + struct nvkm_gsp_mem lvl1; + struct sg_table lvl2; }; int nvkm_gsp_sg(struct nvkm_device *, u64 size, struct sg_table *); diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c index 9858c1438aa7f..2bf9077d37118 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c @@ -1624,7 +1624,7 @@ r535_gsp_wpr_meta_init(struct nvkm_gsp *gsp) meta->magic = GSP_FW_WPR_META_MAGIC; meta->revision = GSP_FW_WPR_META_REVISION; - meta->sysmemAddrOfRadix3Elf = gsp->radix3.mem[0].addr; + meta->sysmemAddrOfRadix3Elf = gsp->radix3.lvl0.addr; meta->sizeOfRadix3Elf = gsp->fb.wpr2.elf.size; meta->sysmemAddrOfBootloader = gsp->boot.fw.addr; @@ -1919,8 +1919,9 @@ nvkm_gsp_sg(struct nvkm_device *device, u64 size, struct sg_table *sgt) static void nvkm_gsp_radix3_dtor(struct nvkm_gsp *gsp, struct nvkm_gsp_radix3 *rx3) { - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) - nvkm_gsp_mem_dtor(gsp, &rx3->mem[i]); + nvkm_gsp_sg_free(gsp->subdev.device, &rx3->lvl2); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } /** @@ -1960,36 +1961,52 @@ static int nvkm_gsp_radix3_sg(struct nvkm_gsp *gsp, struct sg_table *sgt, u64 size, struct nvkm_gsp_radix3 *rx3) { - u64 addr; + struct sg_dma_page_iter sg_dma_iter; + struct scatterlist *sg; + size_t bufsize; + u64 *pte; + int ret, i, page_idx = 0; - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) { - u64 *ptes; - size_t bufsize; - int ret, idx; - - bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); - ret = nvkm_gsp_mem_ctor(gsp, bufsize, &rx3->mem[i]); - if (ret) - return ret; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl0); + if (ret) + return ret; - ptes = rx3->mem[i].data; - if (i == 2) { - struct scatterlist *sgl; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl1); + if (ret) + goto lvl1_fail; - for_each_sgtable_dma_sg(sgt, sgl, idx) { - for (int j = 0; j < sg_dma_len(sgl) / GSP_PAGE_SIZE; j++) - *ptes++ = sg_dma_address(sgl) + (GSP_PAGE_SIZE * j); - } - } else { - for (int j = 0; j < size / GSP_PAGE_SIZE; j++) - *ptes++ = addr + GSP_PAGE_SIZE * j; + // Allocate level 2 + bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); + ret = nvkm_gsp_sg(gsp->subdev.device, bufsize, &rx3->lvl2); + if (ret) + goto lvl2_fail; + + // Write the bus address of level 1 to level 0 + pte = rx3->lvl0.data; + *pte = rx3->lvl1.addr; + + // Write the bus address of each page in level 2 to level 1 + pte = rx3->lvl1.data; + for_each_sgtable_dma_page(&rx3->lvl2, &sg_dma_iter, 0) + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + + // Finally, write the bus address of each page in sgt to level 2 + for_each_sgtable_sg(&rx3->lvl2, sg, i) { + pte = sg_virt(sg); + for_each_sgtable_dma_page(sgt, &sg_dma_iter, page_idx) { + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + page_idx++; } + } - size = rx3->mem[i].size; - addr = rx3->mem[i].addr; + if (ret) { +lvl2_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); +lvl1_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } - return 0; + return ret; } int @@ -2021,7 +2038,7 @@ r535_gsp_fini(struct nvkm_gsp *gsp, bool suspend) sr = gsp->sr.meta.data; sr->magic = GSP_FW_SR_META_MAGIC; sr->revision = GSP_FW_SR_META_REVISION; - sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.mem[0].addr; + sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.lvl0.addr; sr->sizeOfSuspendResumeData = len; mbox0 = lower_32_bits(gsp->sr.meta.addr); -- 2.44.0

1 year, 2 months

1
0
0 0

[PATCH] arm64: tegra: correct Tegra132 I2C alias

by Krzysztof Kozlowski

There is no such device as "as3722@40", because its name is "pmic". Use phandles for aliases to fix relying on full node path. This corrects aliases for RTC devices and also fixes dtc W=1 warning: tegra132-norrin.dts:12.3-36: Warning (alias_paths): /aliases:rtc0: aliases property is not a valid node (/i2c@7000d000/as3722@40) Fixes: 0f279ebdf3ce ("arm64: tegra: Add NVIDIA Tegra132 Norrin support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 ++-- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts index 14d58859bb55..683ac124523b 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts +++ b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts @@ -9,8 +9,8 @@ / { compatible = "nvidia,norrin", "nvidia,tegra132", "nvidia,tegra124"; aliases { - rtc0 = "/i2c@7000d000/as3722@40"; - rtc1 = "/rtc@7000e000"; + rtc0 = &as3722; + rtc1 = &tegra_rtc; serial0 = &uarta; }; diff --git a/arch/arm64/boot/dts/nvidia/tegra132.dtsi b/arch/arm64/boot/dts/nvidia/tegra132.dtsi index 7e24a212c7e4..5bcccfef3f7f 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra132.dtsi @@ -572,7 +572,7 @@ spi@7000de00 { status = "disabled"; }; - rtc@7000e000 { + tegra_rtc: rtc@7000e000 { compatible = "nvidia,tegra124-rtc", "nvidia,tegra20-rtc"; reg = <0x0 0x7000e000 0x0 0x100>; interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>; -- 2.34.1

1 year, 2 months

3
2
0 0

[PATCH] perf/x86/intel: Add a distinct name for Granite Rapids

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Currently, the Sapphire Rapids and Granite Rapids share the same PMU name, sapphire_rapids. Because from the kernel’s perspective, GNR is similar to SPR. The only key difference is that they support different extra MSRs. The code path and the PMU name are shared. However, from end users' perspective, they are quite different. Besides the extra MSRs, GNR has a newer PEBS format, supports Retire Latency, supports new CPUID enumeration architecture, doesn't required the load-latency AUX event, has additional TMA Level 1 Architectural Events, etc. The differences can be enumerated by CPUID or the PERF_CAPABILITIES MSR. They weren't reflected in the model-specific kernel setup. But it is worth to have a distinct PMU name for GNR. Fixes: a6742cb90b56 ("perf/x86/intel: Fix the FRONTEND encoding on GNR and MTL") Suggested-by: Ahmad Yasin <ahmad.yasin(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index f3315f13f920..da38a16b2cbc 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -6768,12 +6768,17 @@ __init int intel_pmu_init(void) case INTEL_FAM6_EMERALDRAPIDS_X: x86_pmu.flags |= PMU_FL_MEM_LOADS_AUX; x86_pmu.extra_regs = intel_glc_extra_regs; + pr_cont("Sapphire Rapids events, "); + name = "sapphire_rapids"; fallthrough; case INTEL_FAM6_GRANITERAPIDS_X: case INTEL_FAM6_GRANITERAPIDS_D: intel_pmu_init_glc(NULL); - if (!x86_pmu.extra_regs) + if (!x86_pmu.extra_regs) { x86_pmu.extra_regs = intel_rwc_extra_regs; + pr_cont("Granite Rapids events, "); + name = "granite_rapids"; + } x86_pmu.pebs_ept = 1; x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = glc_get_event_constraints; @@ -6784,8 +6789,6 @@ __init int intel_pmu_init(void) td_attr = glc_td_events_attrs; tsx_attr = glc_tsx_events_attrs; intel_pmu_pebs_data_source_skl(true); - pr_cont("Sapphire Rapids events, "); - name = "sapphire_rapids"; break; case INTEL_FAM6_ALDERLAKE: -- 2.35.1

1 year, 2 months

1
0
0 0

[PATCH] Bluetooth: qca: fix invalid device address check

by Johan Hovold

Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 38 +++++++++++++++++++++++++++++++++++++ drivers/bluetooth/hci_qca.c | 2 -- 2 files changed, 38 insertions(+), 2 deletions(-) Matthias and Doug, As Chromium is the only known user of the 'local-bd-address' property, could you please confirm that your controllers use the 00:00:00:00:5a:ad address by default so that the quirk continues to be set as intended? Johan diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); -- 2.43.2

1 year, 2 months

5
14
0 0

[PATCH 4/6] HID: i2c-hid: elan: fix reset suspend current leakage

by Johan Hovold

The Elan eKTH5015M touch controller found on the Lenovo ThinkPad X13s shares the VCC33 supply with other peripherals that may remain powered during suspend (e.g. when enabled as wakeup sources). The reset line is also wired so that it can be left deasserted when the supply is off. This is important as it avoids holding the controller in reset for extended periods of time when it remains powered, which can lead to increased power consumption, and also avoids leaking current through the X13s reset circuitry during suspend (and after driver unbind). Use the new 'no-reset-on-power-off' devicetree property to determine when reset needs to be asserted on power down. Notably this also avoids wasting power on machine variants without a touchscreen for which the driver would otherwise exit probe with reset asserted. Fixes: bd3cba00dcc6 ("HID: i2c-hid: elan: Add support for Elan eKTH6915 i2c-hid touchscreens") Cc: stable(a)vger.kernel.org # 6.0 Cc: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 37 ++++++++++++++++++++------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-of-elan.c b/drivers/hid/i2c-hid/i2c-hid-of-elan.c index 5b91fb106cfc..8a905027d5e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of-elan.c +++ b/drivers/hid/i2c-hid/i2c-hid-of-elan.c @@ -31,6 +31,7 @@ struct i2c_hid_of_elan { struct regulator *vcc33; struct regulator *vccio; struct gpio_desc *reset_gpio; + bool no_reset_on_power_off; const struct elan_i2c_hid_chip_data *chip_data; }; @@ -40,17 +41,17 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) container_of(ops, struct i2c_hid_of_elan, ops); int ret; + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->vcc33) { ret = regulator_enable(ihid_elan->vcc33); if (ret) - return ret; + goto err_deassert_reset; } ret = regulator_enable(ihid_elan->vccio); - if (ret) { - regulator_disable(ihid_elan->vcc33); - return ret; - } + if (ret) + goto err_disable_vcc33; if (ihid_elan->chip_data->post_power_delay_ms) msleep(ihid_elan->chip_data->post_power_delay_ms); @@ -60,6 +61,15 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) msleep(ihid_elan->chip_data->post_gpio_reset_on_delay_ms); return 0; + +err_disable_vcc33: + if (ihid_elan->vcc33) + regulator_disable(ihid_elan->vcc33); +err_deassert_reset: + if (ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 0); + + return ret; } static void elan_i2c_hid_power_down(struct i2chid_ops *ops) @@ -67,7 +77,14 @@ static void elan_i2c_hid_power_down(struct i2chid_ops *ops) struct i2c_hid_of_elan *ihid_elan = container_of(ops, struct i2c_hid_of_elan, ops); - gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + /* + * Do not assert reset when the hardware allows for it to remain + * deasserted regardless of the state of the (shared) power supply to + * avoid wasting power when the supply is left on. + */ + if (!ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->chip_data->post_gpio_reset_off_delay_ms) msleep(ihid_elan->chip_data->post_gpio_reset_off_delay_ms); @@ -87,12 +104,14 @@ static int i2c_hid_of_elan_probe(struct i2c_client *client) ihid_elan->ops.power_up = elan_i2c_hid_power_up; ihid_elan->ops.power_down = elan_i2c_hid_power_down; - /* Start out with reset asserted */ - ihid_elan->reset_gpio = - devm_gpiod_get_optional(&client->dev, "reset", GPIOD_OUT_HIGH); + ihid_elan->reset_gpio = devm_gpiod_get_optional(&client->dev, "reset", + GPIOD_ASIS); if (IS_ERR(ihid_elan->reset_gpio)) return PTR_ERR(ihid_elan->reset_gpio); + ihid_elan->no_reset_on_power_off = of_property_read_bool(client->dev.of_node, + "no-reset-on-power-off"); + ihid_elan->vccio = devm_regulator_get(&client->dev, "vccio"); if (IS_ERR(ihid_elan->vccio)) return PTR_ERR(ihid_elan->vccio); -- 2.43.2

1 year, 2 months

3
4
0 0

[PATCH v2] kmsan: compiler_types: declare __no_sanitize_or_inline

by Alexander Potapenko

It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 0caf354cb94b5..a6a28952836cb 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif -- 2.44.0.769.g3c40516874-goog

1 year, 2 months

1
0
0 0

[PATCH] drm/vmwgfx: Fix invalid reads in fence signaled events

by Zack Rusin

Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8b7de6aa8468 ("vmwgfx: Rework fence event action") Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-23566 Cc: David Airlie <airlied(a)gmail.com> CC: Daniel Vetter <daniel(a)ffwll.ch> Cc: Zack Rusin <zack.rusin(a)broadcom.com> Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 2a0cda324703..5efc6a766f64 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -991,7 +991,7 @@ static int vmw_event_fence_action_create(struct drm_file *file_priv, } event->event.base.type = DRM_VMW_EVENT_FENCE_SIGNALED; - event->event.base.length = sizeof(*event); + event->event.base.length = sizeof(event->event); event->event.user_data = user_data; ret = drm_event_reserve_init(dev, file_priv, &event->base, &event->event.base); -- 2.40.1

1 year, 2 months

3
2
0 0

[PATCH] drm/vmwgfx: Fix Legacy Display Unit

by Ian Forbes

Legacy DU was broken by the referenced fixes commit because the placement and the busy_placement no longer pointed to the same object. This was later fixed indirectly by commit a78a8da51b36c7a0c0c16233f91d60aac03a5a49 ("drm/ttm: replace busy placement with flags v6") in v6.9. Fixes: 39985eea5a6d ("drm/vmwgfx: Abstract placement selection") Signed-off-by: Ian Forbes <ian.forbes(a)broadcom.com> Cc: <stable(a)vger.kernel.org> # v6.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 2bfac3aad7b7..98e73eb0ccf1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -204,6 +204,7 @@ int vmw_bo_pin_in_start_of_vram(struct vmw_private *dev_priv, VMW_BO_DOMAIN_VRAM, VMW_BO_DOMAIN_VRAM); buf->places[0].lpfn = PFN_UP(bo->resource->size); + buf->busy_places[0].lpfn = PFN_UP(bo->resource->size); ret = ttm_bo_validate(bo, &buf->placement, &ctx); /* For some reason we didn't end up at the start of vram */ -- 2.34.1

1 year, 2 months

3
2
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042319-freeing-degree-ca0d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF with asid based lookup" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x ca7c52ac7ad384bcf299d89482c45fec7cd00da9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042358-esteemed-fastball-c2d8@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: ca7c52ac7ad3 ("drm/xe/vm: prevent UAF with asid based lookup") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca7c52ac7ad384bcf299d89482c45fec7cd00da9 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 12 Apr 2024 12:31:45 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF with asid based lookup The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240412113144.259426-4-matth… (cherry picked from commit 83967c57320d0d01ae512f10e79213f81e4bf594) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 62d1ef8867a8..3d4c8f342e21 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1577,6 +1577,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1592,24 +1602,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]);

1 year, 2 months

3
2
0 0

[PATCH v1] chrome/cros_ec: Handle events during suspend after resume completion

by Karthikeyan Ramasubramanian

On boards where EC IRQ is not wake capable, EC does not trigger IRQ to signal any non-wake events until EC receives host resume event. Commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") separated enabling IRQ and sending resume event host command into early_resume and resume_complete stages respectively. This separation leads to host not handling certain events posted during a small time window between early_resume and resume_complete stages. This change moves handling all events that happened during suspend after sending host resume event. Fixes: 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") Cc: stable(a)vger.kernel.org Cc: Lalith Rajendran <lalithkraj(a)chromium.org> Cc: chrome-platform(a)lists.linux.dev Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- drivers/platform/chrome/cros_ec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index badc68bbae8cc..41714df053916 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -432,6 +432,12 @@ static void cros_ec_send_resume_event(struct cros_ec_device *ec_dev) void cros_ec_resume_complete(struct cros_ec_device *ec_dev) { cros_ec_send_resume_event(ec_dev); + /* + * Let the mfd devices know about events that occur during + * suspend. This way the clients know what to do with them. + */ + cros_ec_report_events_during_suspend(ec_dev); + } EXPORT_SYMBOL(cros_ec_resume_complete); @@ -442,12 +448,6 @@ static void cros_ec_enable_irq(struct cros_ec_device *ec_dev) if (ec_dev->wake_enabled) disable_irq_wake(ec_dev->irq); - - /* - * Let the mfd devices know about events that occur during - * suspend. This way the clients know what to do with them. - */ - cros_ec_report_events_during_suspend(ec_dev); } /** @@ -475,8 +475,9 @@ EXPORT_SYMBOL(cros_ec_resume_early); */ int cros_ec_resume(struct cros_ec_device *ec_dev) { - cros_ec_enable_irq(ec_dev); - cros_ec_send_resume_event(ec_dev); + cros_ec_resume_early(ec_dev); + cros_ec_resume_complete(ec_dev); + return 0; } EXPORT_SYMBOL(cros_ec_resume); -- 2.44.0.769.g3c40516874-goog

1 year, 2 months

2
1
0 0

[merged mm-nonmm-stable] ocfs2-use-coarse-time-for-new-created-files.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: use coarse time for new created files has been removed from the -mm tree. Its filename was ocfs2-use-coarse-time-for-new-created-files.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: use coarse time for new created files Date: Mon, 8 Apr 2024 16:20:41 +0800 The default atime related mount option is '-o realtime' which means file atime should be updated if atime <= ctime or atime <= mtime. atime should be updated in the following scenario, but it is not: ========================================================== $ rm /mnt/testfile; $ echo test > /mnt/testfile $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 $ sleep 5 $ cat /mnt/testfile > /dev/null $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 ========================================================== And the reason the atime in the test is not updated is that ocfs2 calls ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then inode_set_ctime_current() is called in inode_set_ctime_current() calls ktime_get_coarse_real_ts64() to get current time. ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64(). In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less than ktime_get_real_ts64() even ctime is set later. The ctime of the new inode is smaller than atime. The call trace is like: ocfs2_create ocfs2_mknod __ocfs2_mknod_locked .... ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate ocfs2_populate_inode ... ocfs2_init_acl ocfs2_acl_set_mode inode_set_ctime_current current_time ktime_get_coarse_real_ts64 <-------less accurate ocfs2_file_read_iter ocfs2_inode_lock_atime ocfs2_should_update_atime atime <= ctime ? <-------- false, ctime < atime due to accuracy So here call ktime_get_coarse_real_ts64 to set inode time coarser while creating new files. It may lower the accuracy of file times. But it's not a big deal since we already use coarse time in other places like ocfs2_update_inode_atime and inode_set_ctime_current. Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com Fixes: c62c38f6b91b ("ocfs2: replace CURRENT_TIME macro") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ocfs2/namei.c~ocfs2-use-coarse-time-for-new-created-files +++ a/fs/ocfs2/namei.c @@ -566,7 +566,7 @@ static int __ocfs2_mknod_locked(struct i fe->i_last_eb_blk = 0; strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE); fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL); - ktime_get_real_ts64(&ts); + ktime_get_coarse_real_ts64(&ts); fe->i_atime = fe->i_ctime = fe->i_mtime = cpu_to_le64(ts.tv_sec); fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec = _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror