- Linux-stable-mirror - lists.linaro.org

[PATCH 4.19.y v6 1/2] tracing: Remove hist trigger synth_var_refs

by George Guo

From: Tom Zanussi <tom.zanussi(a)linux.intel.com> commit 912201345f7c39e6b0ac283207be2b6641fa47b9 upstream. All var_refs are now handled uniformly and there's no reason to treat the synth_refs in a special way now, so remove them and associated functions. Link: http://lkml.kernel.org/r/b4d3470526b8f0426dcec125399dad9ad9b8589d.154516108… Acked-by: Namhyung Kim <namhyung(a)kernel.org> Reviewed-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Tom Zanussi <tom.zanussi(a)linux.intel.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: George Guo <guodongtai(a)kylinos.cn> --- kernel/trace/trace_events_hist.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index e004daf8cad5..e4f5b6894cf2 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -280,8 +280,6 @@ struct hist_trigger_data { struct action_data *actions[HIST_ACTIONS_MAX]; unsigned int n_actions; - struct hist_field *synth_var_refs[SYNTH_FIELDS_MAX]; - unsigned int n_synth_var_refs; struct field_var *field_vars[SYNTH_FIELDS_MAX]; unsigned int n_field_vars; unsigned int n_field_var_str; @@ -3708,20 +3706,6 @@ static void save_field_var(struct hist_trigger_data *hist_data, } -static void destroy_synth_var_refs(struct hist_trigger_data *hist_data) -{ - unsigned int i; - - for (i = 0; i < hist_data->n_synth_var_refs; i++) - destroy_hist_field(hist_data->synth_var_refs[i], 0); -} - -static void save_synth_var_ref(struct hist_trigger_data *hist_data, - struct hist_field *var_ref) -{ - hist_data->synth_var_refs[hist_data->n_synth_var_refs++] = var_ref; -} - static int check_synth_field(struct synth_event *event, struct hist_field *hist_field, unsigned int field_pos) @@ -3884,7 +3868,6 @@ static int onmatch_create(struct hist_trigger_data *hist_data, goto err; } - save_synth_var_ref(hist_data, var_ref); field_pos++; kfree(p); continue; @@ -4631,7 +4614,6 @@ static void destroy_hist_data(struct hist_trigger_data *hist_data) destroy_actions(hist_data); destroy_field_vars(hist_data); destroy_field_var_hists(hist_data); - destroy_synth_var_refs(hist_data); kfree(hist_data); } -- 2.34.1

1 year, 2 months

1
0
0 0

[PATCH v3 2/2] ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7

by ArcticLampyrid

This fixes the sound not working from internal speakers on Lenovo Legion Y9000X 2022 IAH7 models. Signed-off-by: ArcticLampyrid <ArcticLampyrid(a)outlook.com> Cc: <stable(a)vger.kernel.org> --- sound/pci/hda/cs35l41_hda_property.c | 2 ++ sound/pci/hda/patch_realtek.c | 1 + 2 files changed, 3 insertions(+) diff --git a/sound/pci/hda/cs35l41_hda_property.c b/sound/pci/hda/cs35l41_hda_property.c index 8fb688e41414..ee195737d388 100644 --- a/sound/pci/hda/cs35l41_hda_property.c +++ b/sound/pci/hda/cs35l41_hda_property.c @@ -109,6 +109,7 @@ static const struct cs35l41_config cs35l41_config_table[] = { { "10431F1F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, -1, 0, 0, 0, 0 }, { "10431F62", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 0, 0, 0 }, { "10433A60", 2, INTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 1000, 4500, 24 }, + { "17AA386E", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 2, -1, 0, 0, 0 }, { "17AA386F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, -1, -1, 0, 0, 0 }, { "17AA3877", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, { "17AA3878", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, @@ -500,6 +501,7 @@ static const struct cs35l41_prop_model cs35l41_prop_model_table[] = { { "CSC3551", "10431F1F", generic_dsd_config }, { "CSC3551", "10431F62", generic_dsd_config }, { "CSC3551", "10433A60", generic_dsd_config }, + { "CSC3551", "17AA386E", generic_dsd_config }, { "CSC3551", "17AA386F", generic_dsd_config }, { "CSC3551", "17AA3877", generic_dsd_config }, { "CSC3551", "17AA3878", generic_dsd_config }, diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index cdcb28aa9d7b..ac729187f6a7 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10382,6 +10382,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x3853, "Lenovo Yoga 7 15ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), SND_PCI_QUIRK(0x17aa, 0x3855, "Legion 7 16ITHG6", ALC287_FIXUP_LEGION_16ITHG6), SND_PCI_QUIRK(0x17aa, 0x3869, "Lenovo Yoga7 14IAL7", ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK_PIN), + SND_PCI_QUIRK(0x17aa, 0x386e, "Legion Y9000X 2022 IAH7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x386f, "Legion 7i 16IAX7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x3870, "Lenovo Yoga 7 14ARB7", ALC287_FIXUP_YOGA7_14ARB7_I2C), SND_PCI_QUIRK(0x17aa, 0x3877, "Lenovo Legion 7 Slim 16ARHA7", ALC287_FIXUP_CS35L41_I2C_2), -- 2.44.0

1 year, 2 months

4
4
0 0

[PATCH 2/3] mm/hugetlb: Fix missing hugetlb_lock for resv uncharge

by Peter Xu

There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Looks like a stable material, so have it copied. Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Cc: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: linux-stable <stable(a)vger.kernel.org> Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 26ab9dfc7d63..3158a55ce567 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3247,9 +3247,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret) -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH 4.19.y v5 0/2] Double-free bug discovery on testing trigger-field-variable-support.tc

by George Guo

1) About v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch: The reason I am backporting this patch is that no one found the double-free bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. This is tested via "./ftracetest test.d/trigger/inter-event/ trigger-field-variable-support.tc" ================================================================== BUG: KASAN: use-after-free in destroy_hist_field+0x115/0x140 Read of size 4 at addr ffff888012e95318 by task ftracetest/1858 CPU: 1 PID: 1858 Comm: ftracetest Kdump: loaded Tainted: GE 4.19.90-89 #24 Source Version: Unknown Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0 Call Trace: dump_stack+0xcb/0x10b print_address_description.cold+0x54/0x249 kasan_report_error.cold+0x63/0xab ? destroy_hist_field+0x115/0x140 __asan_report_load4_noabort+0x8d/0xa0 ? destroy_hist_field+0x115/0x140 destroy_hist_field+0x115/0x140 destroy_hist_data+0x4e4/0x9a0 event_hist_trigger_free+0x212/0x2f0 ? update_cond_flag+0x128/0x170 ? event_hist_trigger_func+0x2880/0x2880 hist_unregister_trigger+0x2f2/0x4f0 event_hist_trigger_func+0x168c/0x2880 ? tracing_map_read_var_once+0xd0/0xd0 ? create_key_field+0x520/0x520 ? __mutex_lock_slowpath+0x10/0x10 event_trigger_write+0x2f4/0x490 ? trigger_start+0x180/0x180 ? __fget_light+0x369/0x5d0 ? count_memcg_event_mm+0x104/0x2b0 ? trigger_start+0x180/0x180 __vfs_write+0x81/0x100 vfs_write+0x1e1/0x540 ksys_write+0x12a/0x290 ? __ia32_sys_read+0xb0/0xb0 ? __close_fd+0x1d3/0x280 do_syscall_64+0xe3/0x2d0 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7efdd342ee04 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 39 34 0c 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5 RSP: 002b:00007ffda01f5e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000000000b4 RCX: 00007efdd342ee04 RDX: 00000000000000b4 RSI: 000055c5b41b1e90 RDI: 0000000000000001 RBP: 000055c5b41b1e90 R08: 000000000000000a R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000246 R12: 00007efdd34ed5c0 R13: 00000000000000b4 R14: 00007efdd34ed7c0 R15: 00000000000000b4 ================================================================== 2) About v4-0002-tracing-Use-var_refs-for-hist-trigger-reference-c.patch: Only v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch will lead to compilation errors: ../kernel/trace/trace_events_hist.c: In function ��find_var_ref��: ../kernel/trace/trace_events_hist.c:1364:36: error: ��struct hist_trigger_data�� has no member named ��n_synth_var_refs��; did you mean ��n_var_refs��? 1364 | for (i = 0; i < hist_data->n_synth_var_refs; i++) { | ^~~~~~~~~~~~~~~~ | n_var_refs ../kernel/trace/trace_events_hist.c:1365:41: error: ��struct hist_trigger_data�� has no member named ��synth_var_refs��; did you mean ��n_var_refs��? 1365 | hist_field = hist_data->synth_var_refs[i]; | ^~~~~~~~~~~~~~ | n_var_refs 3) Singing off my name on the V5. Tom Zanussi (2): tracing: Remove hist trigger synth_var_refs tracing: Use var_refs[] for hist trigger reference checking kernel/trace/trace_events_hist.c | 86 ++++---------------------------- 1 file changed, 11 insertions(+), 75 deletions(-) -- 2.34.1

1 year, 2 months

2
3
0 0

[PATCH] r8169: add missing conditional compiling for call to r8169_remove_leds

by Heiner Kallweit

[ Upstream commit 97e176fcbbf3c0f2bd410c9b241177c051f57176 ] Add missing dependency on CONFIG_R8169_LEDS. As-is a link error occurs if config option CONFIG_R8169_LEDS isn't enabled. Fixes: 19fa4f2a85d7 ("r8169: fix LED-related deadlock on module removal") Cc: <stable(a)vger.kernel.org> # 6.8.x Reported-by: Venkat Rao Bagalkote <venkat88(a)linux.vnet.ibm.com> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> --- This for v6.8 only. --- drivers/net/ethernet/realtek/r8169_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 2cc1c36ab..32b73f398 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -4932,7 +4932,8 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); - r8169_remove_leds(tp->leds); + if (IS_ENABLED(CONFIG_R8169_LEDS)) + r8169_remove_leds(tp->leds); unregister_netdev(tp->dev); -- 2.44.0

1 year, 2 months

2
1
0 0

[Regression] USB ethernet AX88179 broken usb ethernet names

by Salvatore Bonaccorso

Hi, Roland Rosenfeld reported in Debian a regression after the update to the 6.1.85 based kernel, with his USB ethernet device not anymore able to use the usb ethernet names. https://bugs.debian.org/1069082 it is somehow linked to the already reported regression https://lore.kernel.org/regressions/ZhFl6xueHnuVHKdp@nuc/ but has another aspect. I'm quoting his original report: > Dear Maintainer, > > when upgrading from 6.1.76-1 to 6.1.85-1 my USB ethernet device > ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet > is no longer named enx00249bXXXXXX but eth0. > > I see the following in dmsg: > > [ 1.484345] usb 4-5: Manufacturer: ASIX Elec. Corp. > [ 1.484661] usb 4-5: SerialNumber: 0000249BXXXXXX > [ 1.496312] ax88179_178a 4-5:1.0 eth0: register 'ax88179_178a' at usb-0000:00:14.0-5, ASIX AX88179 USB 3.0 Gigabit Ethernet, d2:60:4c:YY:YY:YY > [ 1.497746] usbcore: registered new interface driver ax88179_178a > > Unplugging and plugging again does not solve the issue, but the > interface still is named eth0. > > Maybe it has to do with the following commit from > https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85 > > commit fc77240f6316d17fc58a8881927c3732b1d75d51 > Author: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> > Date: Wed Apr 3 15:21:58 2024 +0200 > > net: usb: ax88179_178a: avoid the interface always configured as random address > > commit 2e91bb99b9d4f756e92e83c4453f894dda220f09 upstream. > > After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two > consecutive device resets"), reset is not executed from bind operation and > mac address is not read from the device registers or the devicetree at that > moment. Since the check to configure if the assigned mac address is random > or not for the interface, happens after the bind operation from > usbnet_probe, the interface keeps configured as random address, although the > address is correctly read and set during open operation (the only reset > now). > > In order to keep only one reset for the device and to avoid the interface > always configured as random address, after reset, configure correctly the > suitable field from the driver, if the mac address is read successfully from > the device registers or the devicetree. Take into account if a locally > administered address (random) was previously stored. > > cc: stable(a)vger.kernel.org # 6.6+ > Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") > Reported-by: Dave Stevenson <dave.stevenson(a)raspberrypi.com> > Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> > Reviewed-by: Simon Horman <horms(a)kernel.org> > Link: https://lore.kernel.org/r/20240403132158.344838-1-jtornosm@redhat.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Seems, that I'm not alone with this issue, there are also reports in > https://www.reddit.com/r/debian/comments/1c304xn/linuximageamd64_61851_usb_… > and https://infosec.space/@topher/112276500329020316 > > > All other (pci based) network interfaces still use there static names > (enp0s25, enp2s0, enp3s0), only the usb ethernet name is broken with > the new kernel. > > Greetings > Roland Roland confirmed that reverting both fc77240f6316 ("net: usb: ax88179_178a: avoid the interface always configured as random address") and 5c4cbec5106d ("net: usb: ax88179_178a: avoid two consecutive device resets") fixes the problem. Confirmation: https://bugs.debian.org/1069082#27 Regards, Salvatore

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041524-monoxide-kilobyte-1c44@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 2 months

3
2
0 0

FAILED: patch "[PATCH] bpf: Fix out of bounds access for ringbuf helpers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64620e0a1e712a778095bd35cbb277dc2259281f Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <daniel(a)iogearbox.net> Date: Tue, 11 Jan 2022 14:43:41 +0000 Subject: [PATCH] bpf: Fix out of bounds access for ringbuf helpers Both bpf_ringbuf_submit() and bpf_ringbuf_discard() have ARG_PTR_TO_ALLOC_MEM in their bpf_func_proto definition as their first argument. They both expect the result from a prior bpf_ringbuf_reserve() call which has a return type of RET_PTR_TO_ALLOC_MEM_OR_NULL. Meaning, after a NULL check in the code, the verifier will promote the register type in the non-NULL branch to a PTR_TO_MEM and in the NULL branch to a known zero scalar. Generally, pointer arithmetic on PTR_TO_MEM is allowed, so the latter could have an offset. The ARG_PTR_TO_ALLOC_MEM expects a PTR_TO_MEM register type. However, the non- zero result from bpf_ringbuf_reserve() must be fed into either bpf_ringbuf_submit() or bpf_ringbuf_discard() but with the original offset given it will then read out the struct bpf_ringbuf_hdr mapping. The verifier missed to enforce a zero offset, so that out of bounds access can be triggered which could be used to escalate privileges if unprivileged BPF was enabled (disabled by default in kernel). Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: <tr3e.wang(a)gmail.com> (SecCoder Security Lab) Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e0b3f4d683eb..c72c57a6684f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5318,9 +5318,15 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, case PTR_TO_BUF: case PTR_TO_BUF | MEM_RDONLY: case PTR_TO_STACK: + /* Some of the argument types nevertheless require a + * zero register offset. + */ + if (arg_type == ARG_PTR_TO_ALLOC_MEM) + goto force_off_check; break; /* All the rest must be rejected: */ default: +force_off_check: err = __check_ptr_off_reg(env, reg, regno, type == PTR_TO_BTF_ID); if (err < 0)

1 year, 2 months

3
19
0 0

[PATCH 6.6 000/122] 6.6.28-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.28 release. There are 122 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.28-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.28-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix spi lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-lsio: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usb lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix adc lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix can lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8qm-ss-dma: fix can lpcg indices Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Brezillon <boris.brezillon(a)collabora.com> drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in context_xa Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid race in error handling & drop bogus warn Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Xuchun Shang <xuchun.shang(a)linux.alibaba.com> iommu/vt-d: Fix wrong use of pasid config Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops David Arinzon <darinzon(a)amazon.com> net: ena: Set tx_info->xdpf value to NULL David Arinzon <darinzon(a)amazon.com> net: ena: Use tx_ring instead of xdp_ring for XDP channel TX David Arinzon <darinzon(a)amazon.com> net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() David Arinzon <darinzon(a)amazon.com> net: ena: Move XDP code to its new files David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Gerd Bayer <gbayer(a)linux.ibm.com> Revert "s390/ism: fix receive message buffer allocation" Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Correctly compare pkt reformat ids Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Michael Liang <mliang(a)purestorage.com> net/mlx5: offset comp irq index in name by one Shay Drory <shayd(a)nvidia.com> net/mlx5: Register devlink first under devlink lock Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: SF, Stop waiting for FW as teardown was called Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Archie Pusaka <apusaka(a)chromium.org> Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Use QoS to determine which PHY to scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Align broadcast sync_timeout with connection timeout Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix error recovery for RoCE ulp client Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: fix receive message buffer allocation Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Ming Lei <ming.lei(a)redhat.com> block: fix q->blkg_list corruption during disk rebind Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix transmit scheduler resource leak Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Kwangjin Ko <kwangjin.ko(a)sk.com> cxl/core: Fix initialization of mbox_cmd.size_out in get event Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't allow overriding data from catalog Dave Jiang <dave.jiang(a)intel.com> cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned Yuquan Wang <wangyuquan1236(a)phytium.com.cn> cxl/mem: Fix for the index of Clear Event Record Handle Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Make raw debugfs entries non-seekable Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix USB regression on Nokia N8x0 Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: restore original power up/down steps Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix deferred probe Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix broken slot switch lookup Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix N810 MMC gpiod table Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0 Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Hans de Goede <hdegoede(a)redhat.com> ACPI: scan: Do not increase dep_unmet for already met dependencies Noah Loomans <noah(a)noahloomans.com> platform/chrome: cros_ec_uart: properly fix race condition Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Yu Kuai <yukuai3(a)huawei.com> raid1: fix use-after-free for original bio in raid1_write_request() Fabio Estevam <festevam(a)denx.de> ARM: dts: imx7s-warp: Pass OV2680 link-frequencies Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Igor Pylypiv <ipylypiv(a)google.com> ata: libata-core: Allow command duration limits detection for ACS-4 drives Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- .../device_drivers/ethernet/amazon/ena.rst | 1 + Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 + arch/arm/mach-omap2/board-n8x0.c | 23 +- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 16 +- arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 36 +- arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 +- arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 +- arch/arm64/include/asm/tlbflush.h | 20 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++- arch/x86/kernel/cpu/common.c | 48 +- block/blk-cgroup.c | 9 +- block/blk-cgroup.h | 2 + block/blk-core.c | 2 + drivers/accel/ivpu/ivpu_drv.c | 2 +- drivers/acpi/scan.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-scsi.c | 9 +- drivers/cxl/core/mbox.c | 5 +- drivers/cxl/core/regs.c | 5 +- drivers/firmware/arm_scmi/raw_mode.c | 7 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 27 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 10 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/iommu/intel/perfmon.c | 2 +- drivers/iommu/intel/svm.c | 2 +- drivers/md/raid1.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 - drivers/mmc/host/omap.c | 48 +- drivers/net/dsa/mt7530.c | 229 ++++++- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/Makefile | 2 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 1 + drivers/net/ethernet/amazon/ena/ena_netdev.c | 688 ++------------------- drivers/net/ethernet/amazon/ena/ena_netdev.h | 83 +-- drivers/net/ethernet/amazon/ena/ena_xdp.c | 466 ++++++++++++++ drivers/net/ethernet/amazon/ena/ena_xdp.h | 152 +++++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 6 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 37 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 22 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/platform/chrome/cros_ec_uart.c | 28 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/scsi/sg.c | 20 +- drivers/vhost/vhost.c | 28 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/inode.c | 13 +- fs/btrfs/ioctl.c | 37 +- fs/btrfs/qgroup.c | 2 + fs/btrfs/root-tree.c | 10 - fs/btrfs/root-tree.h | 2 - fs/btrfs/transaction.c | 17 +- fs/smb/client/cached_dir.c | 4 +- include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 11 + include/net/ip_tunnels.h | 33 + io_uring/net.c | 1 + kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/hci_sync.c | 66 +- net/bluetooth/iso.c | 14 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/sco.c | 23 +- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 53 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 30 +- tools/testing/selftests/timers/posix_timers.c | 2 +- 123 files changed, 1765 insertions(+), 1263 deletions(-)

1 year, 2 months

12
144
0 0

FAILED: patch "[PATCH] SUNRPC: Fix rpcgss_context trace event acceptor field" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a4833e3abae132d613ce7da0e0c9a9465d1681fa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041925-walnut-flammable-adf1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a4833e3abae1 ("SUNRPC: Fix rpcgss_context trace event acceptor field") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4833e3abae132d613ce7da0e0c9a9465d1681fa Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Wed, 10 Apr 2024 12:38:13 -0400 Subject: [PATCH] SUNRPC: Fix rpcgss_context trace event acceptor field The rpcgss_context trace event acceptor field is a dynamically sized string that records the "data" parameter. But this parameter is also dependent on the "len" field to determine the size of the data. It needs to use __string_len() helper macro where the length can be passed in. It also incorrectly uses strncpy() to save it instead of __assign_str(). As these macros can change, it is not wise to open code them in trace events. As of commit c759e609030c ("tracing: Remove __assign_str_len()"), __assign_str() can be used for both __string() and __string_len() fields. Before that commit, __assign_str_len() is required to be used. This needs to be noted for backporting. (In actuality, commit c1fa617caeb0 ("tracing: Rework __assign_str() and __string() to not duplicate getting the string") is the commit that makes __string_str_len() obsolete). Cc: stable(a)vger.kernel.org Fixes: 0c77668ddb4e ("SUNRPC: Introduce trace points in rpc_auth_gss.ko") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/include/trace/events/rpcgss.h b/include/trace/events/rpcgss.h index ba2d96a1bc2f..f50fcafc69de 100644 --- a/include/trace/events/rpcgss.h +++ b/include/trace/events/rpcgss.h @@ -609,7 +609,7 @@ TRACE_EVENT(rpcgss_context, __field(unsigned int, timeout) __field(u32, window_size) __field(int, len) - __string(acceptor, data) + __string_len(acceptor, data, len) ), TP_fast_assign( @@ -618,7 +618,7 @@ TRACE_EVENT(rpcgss_context, __entry->timeout = timeout; __entry->window_size = window_size; __entry->len = len; - strncpy(__get_str(acceptor), data, len); + __assign_str(acceptor, data); ), TP_printk("win_size=%u expiry=%lu now=%lu timeout=%u acceptor=%.*s",

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] SUNRPC: Fix rpcgss_context trace event acceptor field" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a4833e3abae132d613ce7da0e0c9a9465d1681fa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041953-duration-fructose-0bc1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a4833e3abae1 ("SUNRPC: Fix rpcgss_context trace event acceptor field") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4833e3abae132d613ce7da0e0c9a9465d1681fa Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Wed, 10 Apr 2024 12:38:13 -0400 Subject: [PATCH] SUNRPC: Fix rpcgss_context trace event acceptor field The rpcgss_context trace event acceptor field is a dynamically sized string that records the "data" parameter. But this parameter is also dependent on the "len" field to determine the size of the data. It needs to use __string_len() helper macro where the length can be passed in. It also incorrectly uses strncpy() to save it instead of __assign_str(). As these macros can change, it is not wise to open code them in trace events. As of commit c759e609030c ("tracing: Remove __assign_str_len()"), __assign_str() can be used for both __string() and __string_len() fields. Before that commit, __assign_str_len() is required to be used. This needs to be noted for backporting. (In actuality, commit c1fa617caeb0 ("tracing: Rework __assign_str() and __string() to not duplicate getting the string") is the commit that makes __string_str_len() obsolete). Cc: stable(a)vger.kernel.org Fixes: 0c77668ddb4e ("SUNRPC: Introduce trace points in rpc_auth_gss.ko") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/include/trace/events/rpcgss.h b/include/trace/events/rpcgss.h index ba2d96a1bc2f..f50fcafc69de 100644 --- a/include/trace/events/rpcgss.h +++ b/include/trace/events/rpcgss.h @@ -609,7 +609,7 @@ TRACE_EVENT(rpcgss_context, __field(unsigned int, timeout) __field(u32, window_size) __field(int, len) - __string(acceptor, data) + __string_len(acceptor, data, len) ), TP_fast_assign( @@ -618,7 +618,7 @@ TRACE_EVENT(rpcgss_context, __entry->timeout = timeout; __entry->window_size = window_size; __entry->len = len; - strncpy(__get_str(acceptor), data, len); + __assign_str(acceptor, data); ), TP_printk("win_size=%u expiry=%lu now=%lu timeout=%u acceptor=%.*s",

1 year, 2 months

1
0
0 0

[PATCH for-stable-6.1 00/23] x86/efistub backports

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> This is the final batch of changes to bring linux-6.1.y in sync with 6.6 and later in terms of compatibility with tightened boot security requirements imposed by MicroSoft, compliance with which is a prerequisite for them to be willing to resume signing distro shim images with the MS 3rd party secure boot certificate. Without this, distros can only boot on off-the-shelf x86 PCs after disabling secure boot explicitly. Most of these changes appeared in v6.8 and have been backported to v6.6 already. Ard Biesheuvel (20): x86/efi: Drop EFI stub .bss from .data section x86/efi: Disregard setup header of loaded image x86/efistub: Reinstate soft limit for initrd loading x86/efi: Drop alignment flags from PE section headers x86/boot: Remove the 'bugger off' message x86/boot: Omit compression buffer from PE/COFF image memory footprint x86/boot: Drop redundant code setting the root device x86/boot: Drop references to startup_64 x86/boot: Grab kernel_info offset from zoffset header directly x86/boot: Set EFI handover offset directly in header asm x86/boot: Define setup size in linker script x86/boot: Derive file size from _edata symbol x86/boot: Construct PE/COFF .text section from assembler x86/boot: Drop PE/COFF .reloc section x86/boot: Split off PE/COFF .data section x86/boot: Increase section and file alignment to 4k/512 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Hou Wenlong (2): x86/head/64: Add missing __head annotation to startup_64_load_idt() x86/head/64: Move the __head definition to <asm/init.h> Pasha Tatashin (1): x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 ++++++--------- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 +------------------- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/page_types.h | 12 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/head64.c | 7 +- arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 11 +- arch/x86/mm/mem_encrypt_boot.S | 4 +- arch/x86/mm/mem_encrypt_identity.c | 58 ++--- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pti.c | 2 +- drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 58 ++--- 23 files changed, 194 insertions(+), 529 deletions(-) -- 2.44.0.769.g3c40516874-goog

1 year, 2 months

2
24
0 0

FAILED: patch "[PATCH] btrfs: do not wait for short bulk allocation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1db7959aacd905e6487d0478ac01d89f86eb1e51 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041954-bullish-slingshot-109f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1db7959aacd9 ("btrfs: do not wait for short bulk allocation") 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to allocate-then-attach method") 397239ed6a6c ("btrfs: allow extent buffer helpers to skip cross-page handling") 94dbf7c0871f ("btrfs: free the allocated memory if btrfs_alloc_page_array() fails") 096d23016543 ("btrfs: refactor main loop in memmove_extent_buffer()") 13840f3f2837 ("btrfs: refactor main loop in memcpy_extent_buffer()") 730c374e5b2c ("btrfs: use write_extent_buffer() to implement write_extent_buffer_*id()") cb22964f1dad ("btrfs: refactor extent buffer bitmaps operations") 52ea5bfbfa6d ("btrfs: move eb subpage preallocation out of the loop") 5a96341927b0 ("btrfs: subpage: make alloc_extent_buffer() handle previously uptodate range efficiently") 2af2aaf98205 ("btrfs: scrub: introduce structure for new BTRFS_STRIPE_LEN based interface") 5eb30ee26fa4 ("btrfs: raid56: introduce the main entrance for RMW path") 6486d21c99cb ("btrfs: raid56: extract rwm write bios assembly into a helper") 509c27aa2fb6 ("btrfs: raid56: extract the rmw bio list build code into a helper") 30e3c897f4a8 ("btrfs: raid56: extract the pq generation code into a helper") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1db7959aacd905e6487d0478ac01d89f86eb1e51 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 26 Mar 2024 09:16:46 +1030 Subject: [PATCH] btrfs: do not wait for short bulk allocation [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index b18034f2ab80..2776112dbdf8 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -681,31 +681,21 @@ static void end_bbio_data_read(struct btrfs_bio *bbio) int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array, gfp_t extra_gfp) { + const gfp_t gfp = GFP_NOFS | extra_gfp; unsigned int allocated; for (allocated = 0; allocated < nr_pages;) { unsigned int last = allocated; - allocated = alloc_pages_bulk_array(GFP_NOFS | extra_gfp, - nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) { + allocated = alloc_pages_bulk_array(gfp, nr_pages, page_array); + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ for (int i = 0; i < allocated; i++) { __free_page(page_array[i]); page_array[i] = NULL; } return -ENOMEM; } - - memalloc_retry_wait(GFP_NOFS); } return 0; }

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: do not wait for short bulk allocation" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1db7959aacd905e6487d0478ac01d89f86eb1e51 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041951-sports-hula-f2a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1db7959aacd9 ("btrfs: do not wait for short bulk allocation") 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to allocate-then-attach method") 397239ed6a6c ("btrfs: allow extent buffer helpers to skip cross-page handling") 94dbf7c0871f ("btrfs: free the allocated memory if btrfs_alloc_page_array() fails") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1db7959aacd905e6487d0478ac01d89f86eb1e51 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 26 Mar 2024 09:16:46 +1030 Subject: [PATCH] btrfs: do not wait for short bulk allocation [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index b18034f2ab80..2776112dbdf8 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -681,31 +681,21 @@ static void end_bbio_data_read(struct btrfs_bio *bbio) int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array, gfp_t extra_gfp) { + const gfp_t gfp = GFP_NOFS | extra_gfp; unsigned int allocated; for (allocated = 0; allocated < nr_pages;) { unsigned int last = allocated; - allocated = alloc_pages_bulk_array(GFP_NOFS | extra_gfp, - nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) { + allocated = alloc_pages_bulk_array(gfp, nr_pages, page_array); + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ for (int i = 0; i < allocated; i++) { __free_page(page_array[i]); page_array[i] = NULL; } return -ENOMEM; } - - memalloc_retry_wait(GFP_NOFS); } return 0; }

1 year, 2 months

1
0
0 0

[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe

by Joao Paulo Goncalves

From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> --- sound/soc/ti/davinci-mcasp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f78470..1e760c3155213 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) { -- 2.34.1

1 year, 2 months

4
3
0 0

[PATCH v3 01/43] drm/fbdev-generic: Do not set physical framebuffer address

by Thomas Zimmermann

Framebuffer memory is allocated via vzalloc() from non-contiguous physical pages. The physical framebuffer start address is therefore meaningless. Do not set it. The value is not used within the kernel and only exported to userspace on dedicated ARM configs. No functional change is expected. v2: - refer to vzalloc() in commit message (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: a5b44c4adb16 ("drm/fbdev-generic: Always use shadow buffering") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Zack Rusin <zackr(a)vmware.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.4+ Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Reviewed-by: Zack Rusin <zack.rusin(a)broadcom.com> Reviewed-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> Tested-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> Acked-by: Maxime Ripard <mripard(a)kernel.org> --- drivers/gpu/drm/drm_fbdev_generic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_fbdev_generic.c b/drivers/gpu/drm/drm_fbdev_generic.c index be357f926faec..97e579c33d84a 100644 --- a/drivers/gpu/drm/drm_fbdev_generic.c +++ b/drivers/gpu/drm/drm_fbdev_generic.c @@ -113,7 +113,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; /* deferred I/O */ -- 2.44.0

1 year, 2 months

1
0
0 0

[PATCH 5.10 000/294] 5.10.215-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.215 release. There are 294 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.215-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.215-rc1 Michael Roth <michael.roth(a)amd.com> x86/head/64: Re-enable stack protection Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: sd: Fix wrong zone_write_granularity value during revalidate Michal Kubecek <mkubecek(a)suse.cz> kbuild: dummy-tools: adjust to stricter stackprotector check Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Add asm version of STACK_FRAME_NON_STANDARD Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Venkata Lakshmi Narayana Gubba <gubbaven(a)codeaurora.org> arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Min Li <min15.li(a)samsung.com> block: add check that partition length needs to be aligned with block size Pu Wen <puwen(a)hygon.cn> x86/srso: Add SRSO mitigation for Hygon processors Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Liu Shixin <liushixin2(a)huawei.com> mm/memory-failure: fix an incorrect use of tail pages Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Goldwyn Rodrigues <rgoldwyn(a)suse.com> btrfs: allocate btrfs_ioctl_defrag_range_args on stack John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Prevent timers rescheduling during deletion Salvatore Bonaccorso <carnil(a)debian.org> scripts: kernel-doc: Fix syntax error due to undeclared args variable Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Andy Lutomirski <luto(a)kernel.org> x86/stackprotector/32: Make the canary into a regular percpu variable Xu Wang <vulab(a)iscas.ac.cn> vxge: remove unnecessary cast in kfree() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Sean V Kelley <sean.v.kelley(a)intel.com> PCI/ERR: Clear AER status only when we control AER Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Jon Hunter <jonathanh(a)nvidia.com> usb: gadget: tegra-xudc: Use dev_err_probe() Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Amey Narkhede <ameynarkhede03(a)gmail.com> PCI: Cache PCIe Device Capabilities register Sean V Kelley <sean.v.kelley(a)intel.com> PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Damien Le Moal <damien.lemoal(a)wdc.com> block: introduce zone_write_granularity limit Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zack Rusin <zackr(a)vmware.com> drm/vmwgfx: Fix some static checker warnings Lee Jones <lee.jones(a)linaro.org> drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' Christian König <christian.koenig(a)amd.com> drm/vmwgfx: switch over to the new pin interface v2 Christian König <christian.koenig(a)amd.com> drm/vmwgfx: stop using ttm_bo_create v2 Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 +++++++++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 +- Documentation/admin-guide/kernel-parameters.txt | 27 ++- Documentation/block/queue-sysfs.rst | 7 + Documentation/x86/mds.rst | 34 ++- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 18 +- arch/x86/Makefile | 8 + arch/x86/entry/entry.S | 23 ++ arch/x86/entry/entry_32.S | 59 +---- arch/x86/entry/entry_64.S | 10 + arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 5 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/irqflags.h | 1 + arch/x86/include/asm/msr-index.h | 10 + arch/x86/include/asm/nospec-branch.h | 47 ++-- arch/x86/include/asm/processor.h | 15 +- arch/x86/include/asm/ptrace.h | 5 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/segment.h | 30 +-- arch/x86/include/asm/setup.h | 1 - arch/x86/include/asm/stackprotector.h | 79 ++----- arch/x86/include/asm/suspend_32.h | 12 +- arch/x86/kernel/Makefile | 1 - arch/x86/kernel/asm-offsets_32.c | 5 - arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 245 ++++++++++++++------- arch/x86/kernel/cpu/common.c | 64 ++++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/doublefault_32.c | 4 +- arch/x86/kernel/head64.c | 9 - arch/x86/kernel/head_32.S | 18 +- arch/x86/kernel/head_64.S | 24 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/setup_percpu.c | 1 - arch/x86/kernel/tls.c | 8 +- arch/x86/kvm/cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 5 +- arch/x86/lib/insn-eval.c | 4 - arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/pat/memtype.c | 50 +++-- arch/x86/platform/pvh/head.S | 14 -- arch/x86/power/cpu.c | 6 +- arch/x86/xen/enlighten_pv.c | 1 - block/blk-settings.c | 41 +++- block/blk-stat.c | 2 +- block/blk-sysfs.c | 8 + block/ioctl.c | 11 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/sleep.c | 12 - drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btintel.c | 2 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - drivers/gpu/drm/i915/gt/intel_lrc.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/ttm/ttm_memory.c | 2 + drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_binding.c | 20 +- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 92 ++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_mob.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +- drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_so.c | 3 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 50 +---- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 +- drivers/hwmon/amc6821.c | 11 + drivers/infiniband/core/cm.c | 20 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/md/raid5.c | 12 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 ++- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- drivers/net/ethernet/neterion/vxge/vxge-config.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 9 + drivers/net/ethernet/renesas/ravb_main.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/nvme/host/pci.c | 3 + drivers/nvmem/meson-efuse.c | 25 +-- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pci.c | 6 +- drivers/pci/pci.h | 17 ++ drivers/pci/pcie/Makefile | 2 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 33 ++- drivers/pci/pcie/rcec.c | 59 +++++ drivers/pci/probe.c | 7 +- drivers/pci/quirks.c | 100 +++++++++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 102 ++++----- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/sd.c | 7 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +++++++-- drivers/staging/comedi/drivers/comedi_test.c | 30 ++- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/tty/n_gsm.c | 3 + drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 63 ++++-- drivers/usb/dwc2/gadget.c | 4 + drivers/usb/dwc2/hcd.c | 47 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 53 ++--- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 42 +++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +++++++++------- drivers/vfio/platform/vfio_platform_irq.c | 106 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 +- drivers/xen/events/events_base.c | 5 +- fs/aio.c | 8 +- fs/btrfs/export.c | 9 +- fs/btrfs/ioctl.c | 25 +-- fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 14 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 22 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 12 + fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/isofs/inode.c | 18 +- fs/nfs/direct.c | 11 +- fs/nfs/write.c | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/linux/blkdev.h | 15 ++ include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/nfs_fs.h | 1 + include/linux/objtool.h | 8 + include/linux/pci.h | 6 + include/linux/phy/tegra/xusb.h | 2 + include/linux/sunrpc/sched.h | 2 +- include/linux/timer.h | 18 +- include/linux/udp.h | 28 +++ include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/uapi/linux/input-event-codes.h | 1 + init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/events/core.c | 9 + kernel/panic.c | 8 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 ++++-- kernel/time/timer.c | 160 ++++++++------ kernel/trace/ring_buffer.c | 193 +++++++++------- mm/compaction.c | 7 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 + mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 13 +- mm/vmscan.c | 5 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 +- net/bluetooth/hci_debugfs.c | 64 ++++-- net/bluetooth/hci_event.c | 25 +++ net/bridge/netfilter/ebtables.c | 6 + net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 ++ net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 13 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 74 ++++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/smc/smc_pnet.c | 10 + net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + scripts/dummy-tools/gcc | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 6 +- scripts/kernel-doc | 2 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/soc-ops.c | 2 +- tools/iio/iio_utils.c | 2 +- tools/include/linux/objtool.h | 8 + tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- virt/kvm/async_pf.c | 31 ++- 335 files changed, 3261 insertions(+), 1539 deletions(-)

1 year, 2 months

7
306
0 0

[PATCH] r8169: fix LED-related deadlock on module removal

by Heiner Kallweit

[ Upstream commit 19fa4f2a85d777a8052e869c1b892a2f7556569d ] Binding devm_led_classdev_register() to the netdev is problematic because on module unbinding we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case. Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101") Cc: <stable(a)vger.kernel.org> # 6.8.x Reported-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> --- The original change was introduced with 6.8, 6.9 added support for LEDs on RTL8125. Therefore the first version of the fix applied on 6.9-rc only. This is the modified version for 6.8. --- drivers/net/ethernet/realtek/r8169.h | 4 +++- drivers/net/ethernet/realtek/r8169_leds.c | 23 +++++++++++++++++------ drivers/net/ethernet/realtek/r8169_main.c | 6 +++++- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h index 81567fcf3..1ef399287 100644 --- a/drivers/net/ethernet/realtek/r8169.h +++ b/drivers/net/ethernet/realtek/r8169.h @@ -72,6 +72,7 @@ enum mac_version { }; struct rtl8169_private; +struct r8169_led_classdev; void r8169_apply_firmware(struct rtl8169_private *tp); u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp); @@ -83,4 +84,5 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx, char *buf, int buf_len); int rtl8168_get_led_mode(struct rtl8169_private *tp); int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val); -void rtl8168_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev); +void r8169_remove_leds(struct r8169_led_classdev *leds); diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c index 007d077ed..1c97f3cca 100644 --- a/drivers/net/ethernet/realtek/r8169_leds.c +++ b/drivers/net/ethernet/realtek/r8169_leds.c @@ -138,20 +138,31 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8168_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8168_NUM_LEDS; i++) rtl8168_setup_ldev(leds + i, ndev, i); + + return leds; +} + +void r8169_remove_leds(struct r8169_led_classdev *leds) +{ + if (!leds) + return; + + for (struct r8169_led_classdev *l = leds; l->ndev; l++) + led_classdev_unregister(&l->led); + + kfree(leds); } diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 4b6c28576..2cc1c36ab 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -634,6 +634,8 @@ struct rtl8169_private { const char *fw_name; struct rtl_fw *rtl_fw; + struct r8169_led_classdev *leds; + u32 ocp_base; }; @@ -4930,6 +4932,8 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); + r8169_remove_leds(tp->leds); + unregister_netdev(tp->dev); if (tp->dash_type != RTL_DASH_NONE) @@ -5391,7 +5395,7 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (IS_ENABLED(CONFIG_R8169_LEDS) && tp->mac_version > RTL_GIGA_MAC_VER_06 && tp->mac_version < RTL_GIGA_MAC_VER_61) - rtl8168_init_leds(dev); + tp->leds = rtl8168_init_leds(dev); netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n", rtl_chip_infos[chipset].name, dev->dev_addr, xid, tp->irq); -- 2.44.0

1 year, 2 months

1
0
0 0

+ init-fix-allocated-page-overlapping-with-ptr_err.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: init: fix allocated page overlapping with PTR_ERR has been added to the -mm mm-hotfixes-unstable branch. Its filename is init-fix-allocated-page-overlapping-with-ptr_err.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nam Cao <namcao(a)linutronix.de> Subject: init: fix allocated page overlapping with PTR_ERR Date: Thu, 18 Apr 2024 12:29:43 +0200 There is nothing preventing kernel memory allocators from allocating a page that overlaps with PTR_ERR(), except for architecture-specific code that setup memblock. It was discovered that RISCV architecture doesn't setup memblock corectly, leading to a page overlapping with PTR_ERR() being allocated, and subsequently crashing the kernel (link in Close: ) The reported crash has nothing to do with PTR_ERR(): the last page (at address 0xfffff000) being allocated leads to an unexpected arithmetic overflow in ext4; but still, this page shouldn't be allocated in the first place. Because PTR_ERR() is an architecture-independent thing, we shouldn't ask every single architecture to set this up. There may be other architectures beside RISCV that have the same problem. Fix this once and for all by reserving the physical memory page that may be mapped to the last virtual memory page as part of low memory. Unfortunately, this means if there is actual memory at this reserved location, that memory will become inaccessible. However, if this page is not reserved, it can only be accessed as high memory, so this doesn't matter if high memory is not supported. Even if high memory is supported, it is still only one page. Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Link: https://lkml.kernel.org/r/20240418102943.180510-1-namcao@linutronix.de Signed-off-by: Nam Cao <namcao(a)linutronix.de> Reported-by: Bj��rn T��pel <bjorn(a)kernel.org> Tested-by: Bj��rn T��pel <bjorn(a)kernel.org> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Andreas Dilger <adilger(a)dilger.ca> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Changbin Du <changbin.du(a)huawei.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Krister Johansen <kjlx(a)templeofstupid.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Stephen Rothwell <sfr(a)canb.auug.org.au> Cc: Tejun Heo <tj(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/main.c | 1 + 1 file changed, 1 insertion(+) --- a/init/main.c~init-fix-allocated-page-overlapping-with-ptr_err +++ a/init/main.c @@ -900,6 +900,7 @@ void start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); early_security_init(); + memblock_reserve(__pa(-PAGE_SIZE), PAGE_SIZE); /* reserve last page for ERR_PTR */ setup_arch(&command_line); setup_boot_config(); setup_command_line(command_line); _ Patches currently in -mm which might be from namcao(a)linutronix.de are init-fix-allocated-page-overlapping-with-ptr_err.patch

1 year, 2 months

1
0
0 0

+ stackdepot-respect-__gfp_nolockdep-allocation-flag.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: stackdepot: respect __GFP_NOLOCKDEP allocation flag has been added to the -mm mm-hotfixes-unstable branch. Its filename is stackdepot-respect-__gfp_nolockdep-allocation-flag.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Subject: stackdepot: respect __GFP_NOLOCKDEP allocation flag Date: Thu, 18 Apr 2024 16:11:33 +0200 If stack_depot_save_flags() allocates memory it always drops __GFP_NOLOCKDEP flag. So when KASAN tries to track __GFP_NOLOCKDEP allocation we may end up with lockdep splat like bellow: ====================================================== WARNING: possible circular locking dependency detected 6.9.0-rc3+ #49 Not tainted ------------------------------------------------------ kswapd0/149 is trying to acquire lock: ffff88811346a920 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_reclaim_inode+0x3ac/0x590 [xfs] but task is already holding lock: ffffffff8bb33100 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x5d9/0xad0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (fs_reclaim){+.+.}-{0:0}: __lock_acquire+0x7da/0x1030 lock_acquire+0x15d/0x400 fs_reclaim_acquire+0xb5/0x100 prepare_alloc_pages.constprop.0+0xc5/0x230 __alloc_pages+0x12a/0x3f0 alloc_pages_mpol+0x175/0x340 stack_depot_save_flags+0x4c5/0x510 kasan_save_stack+0x30/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x83/0x90 kmem_cache_alloc+0x15e/0x4a0 __alloc_object+0x35/0x370 __create_object+0x22/0x90 __kmalloc_node_track_caller+0x477/0x5b0 krealloc+0x5f/0x110 xfs_iext_insert_raw+0x4b2/0x6e0 [xfs] xfs_iext_insert+0x2e/0x130 [xfs] xfs_iread_bmbt_block+0x1a9/0x4d0 [xfs] xfs_btree_visit_block+0xfb/0x290 [xfs] xfs_btree_visit_blocks+0x215/0x2c0 [xfs] xfs_iread_extents+0x1a2/0x2e0 [xfs] xfs_buffered_write_iomap_begin+0x376/0x10a0 [xfs] iomap_iter+0x1d1/0x2d0 iomap_file_buffered_write+0x120/0x1a0 xfs_file_buffered_write+0x128/0x4b0 [xfs] vfs_write+0x675/0x890 ksys_write+0xc3/0x160 do_syscall_64+0x94/0x170 entry_SYSCALL_64_after_hwframe+0x71/0x79 Always preserve __GFP_NOLOCKDEP to fix this. Link: https://lkml.kernel.org/r/20240418141133.22950-1-ryabinin.a.a@gmail.com Fixes: cd11016e5f52 ("mm, kasan: stackdepot implementation. Enable stackdepot for SLAB") Signed-off-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Reported-by: Xiubo Li <xiubli(a)redhat.com> Closes: https://lore.kernel.org/all/a0caa289-ca02-48eb-9bf2-d86fd47b71f4@redhat.com/ Reported-by: Damien Le Moal <damien.lemoal(a)opensource.wdc.com> Closes: https://lore.kernel.org/all/f9ff999a-e170-b66b-7caf-293f2b147ac2@opensource… Suggested-by: Dave Chinner <david(a)fromorbit.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Alexander Potapenko <glider(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/stackdepot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/lib/stackdepot.c~stackdepot-respect-__gfp_nolockdep-allocation-flag +++ a/lib/stackdepot.c @@ -627,10 +627,10 @@ depot_stack_handle_t stack_depot_save_fl /* * Zero out zone modifiers, as we don't have specific zone * requirements. Keep the flags related to allocation in atomic - * contexts and I/O. + * contexts, I/O, nolockdep. */ alloc_flags &= ~GFP_ZONEMASK; - alloc_flags &= (GFP_ATOMIC | GFP_KERNEL); + alloc_flags &= (GFP_ATOMIC | GFP_KERNEL | __GFP_NOLOCKDEP); alloc_flags |= __GFP_NOWARN; page = alloc_pages(alloc_flags, DEPOT_POOL_ORDER); if (page) _ Patches currently in -mm which might be from ryabinin.a.a(a)gmail.com are stackdepot-respect-__gfp_nolockdep-allocation-flag.patch

1 year, 2 months

1
0
0 0

+ hugetlb-check-for-anon_vma-prior-to-folio-allocation.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: hugetlb: check for anon_vma prior to folio allocation has been added to the -mm mm-hotfixes-unstable branch. Its filename is hugetlb-check-for-anon_vma-prior-to-folio-allocation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: hugetlb: check for anon_vma prior to folio allocation Date: Mon, 15 Apr 2024 14:17:47 -0700 Commit 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") may bailout after allocating a folio if we do not hold the mmap lock. When this occurs, vmf_anon_prepare() will release the vma lock. Hugetlb then attempts to call restore_reserve_on_error(), which depends on the vma lock being held. We can move vmf_anon_prepare() prior to the folio allocation in order to avoid calling restore_reserve_on_error() without the vma lock. Link: https://lkml.kernel.org/r/ZiFqSrSRLhIV91og@fedora Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+ad1b592fc4483655438b(a)syzkaller.appspotmail.com Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/mm/hugetlb.c~hugetlb-check-for-anon_vma-prior-to-folio-allocation +++ a/mm/hugetlb.c @@ -6261,6 +6261,12 @@ static vm_fault_t hugetlb_no_page(struct VM_UFFD_MISSING); } + if (!(vma->vm_flags & VM_MAYSHARE)) { + ret = vmf_anon_prepare(vmf); + if (unlikely(ret)) + goto out; + } + folio = alloc_hugetlb_folio(vma, haddr, 0); if (IS_ERR(folio)) { /* @@ -6297,15 +6303,12 @@ static vm_fault_t hugetlb_no_page(struct */ restore_reserve_on_error(h, vma, haddr, folio); folio_put(folio); + ret = VM_FAULT_SIGBUS; goto out; } new_pagecache_folio = true; } else { folio_lock(folio); - - ret = vmf_anon_prepare(vmf); - if (unlikely(ret)) - goto backout_unlocked; anon_rmap = 1; } } else { _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are hugetlb-check-for-anon_vma-prior-to-folio-allocation.patch hugetlb-convert-hugetlb_fault-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_no_page-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_no_page-to-use-struct-vm_fault-fix.patch hugetlb-convert-hugetlb_wp-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_wp-to-use-struct-vm_fault-fix.patch

1 year, 2 months

1
0
0 0

+ mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Date: Thu, 18 Apr 2024 08:26:28 -0400 Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252 Link: https://lkml.kernel.org/r/20240418124043.GC1055428@cmpxchg.org Link: https://lkml.kernel.org/r/20240417143324.GA1055428@cmpxchg.org Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Christian Heusel <christian(a)heusel.eu> Debugged-by: Nhat Pham <nphamcs(a)gmail.com> Suggested-by: Nhat Pham <nphamcs(a)gmail.com> Tested-by: Christian Heusel <christian(a)heusel.eu> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Richard W.M. Jones <rjones(a)redhat.com> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Vitaly Wool <vitaly.wool(a)konsulko.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: <stable(a)vger.kernel.org> [v6.8] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory +++ a/mm/zswap.c @@ -1331,15 +1331,22 @@ static unsigned long zswap_shrinker_coun if (!gfp_has_io_fs(sc->gfp_mask)) return 0; -#ifdef CONFIG_MEMCG_KMEM - mem_cgroup_flush_stats(memcg); - nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; - nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); -#else - /* use pool stats instead of memcg stats */ - nr_backing = zswap_pool_total_size >> PAGE_SHIFT; - nr_stored = atomic_read(&zswap_nr_stored); -#endif + /* + * For memcg, use the cgroup-wide ZSWAP stats since we don't + * have them per-node and thus per-lruvec. Careful if memcg is + * runtime-disabled: we can get sc->memcg == NULL, which is ok + * for the lruvec, but not for memcg_page_state(). + * + * Without memcg, use the zswap pool-wide metrics. + */ + if (!mem_cgroup_disabled()) { + mem_cgroup_flush_stats(memcg); + nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; + nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); + } else { + nr_backing = zswap_pool_total_size >> PAGE_SHIFT; + nr_stored = atomic_read(&zswap_nr_stored); + } if (!nr_stored) return 0; _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory.patch mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch mm-page_alloc-consolidate-free-page-accounting-fix.patch mm-page_alloc-consolidate-free-page-accounting-fix-2.patch mm-page_alloc-batch-vmstat-updates-in-expand.patch

1 year, 2 months

1
0
0 0

[PATCH v2] net: usb: ax88179_178a: avoid writing the mac address before first reading

by Jose Ignacio Tornos Martinez

After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets"), reset operation, in which the default mac address from the device is read, is not executed from bind operation and the random address, that is pregenerated just in case, is direclty written the first time in the device, so the default one from the device is not even read. This writing is not dangerous because is volatile and the default mac address is not missed. In order to avoid this and keep the simplification to have only one reset and reduce the delays, restore the reset from bind operation and remove the reset that is commanded from open operation. The behavior is the same but everything is ready for usbnet_probe. Tested with ASIX AX88179 USB Gigabit Ethernet devices. Restore the old behavior for the rest of possible devices because I don't have the hardware to test. cc: stable(a)vger.kernel.org # 6.6+ Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") Reported-by: Jarkko Palviainen <jarkko.palviainen(a)gmail.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v2: - Restore reset from bind operation to avoid problems with usbnet_probe. v1: https://lore.kernel.org/netdev/20240410095603.502566-1-jtornosm@redhat.com/ drivers/net/usb/ax88179_178a.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 69169842fa2f..a493fde1af3f 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -1316,6 +1316,8 @@ static int ax88179_bind(struct usbnet *dev, struct usb_interface *intf) netif_set_tso_max_size(dev->net, 16384); + ax88179_reset(dev); + return 0; } @@ -1694,7 +1696,6 @@ static const struct driver_info ax88179_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1707,7 +1708,6 @@ static const struct driver_info ax88178a_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH net] r8169: fix LED-related deadlock on module removal

by Heiner Kallweit

Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case. Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101") Cc: <stable(a)vger.kernel.org> # 6.8.x Reported-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> --- The original change was introduced with 6.8, 6.9 added support for LEDs on RTL8125. Therefore the first version of the fix applied on 6.9-rc only. This is the modified version for 6.8. Upstream commit: 19fa4f2a85d7 --- drivers/net/ethernet/realtek/r8169.h | 4 +++- drivers/net/ethernet/realtek/r8169_leds.c | 23 +++++++++++++++++------ drivers/net/ethernet/realtek/r8169_main.c | 7 ++++++- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h index 81567fcf3..1ef399287 100644 --- a/drivers/net/ethernet/realtek/r8169.h +++ b/drivers/net/ethernet/realtek/r8169.h @@ -72,6 +72,7 @@ enum mac_version { }; struct rtl8169_private; +struct r8169_led_classdev; void r8169_apply_firmware(struct rtl8169_private *tp); u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp); @@ -83,4 +84,5 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx, char *buf, int buf_len); int rtl8168_get_led_mode(struct rtl8169_private *tp); int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val); -void rtl8168_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev); +void r8169_remove_leds(struct r8169_led_classdev *leds); diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c index 007d077ed..1c97f3cca 100644 --- a/drivers/net/ethernet/realtek/r8169_leds.c +++ b/drivers/net/ethernet/realtek/r8169_leds.c @@ -138,20 +138,31 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8168_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8168_NUM_LEDS; i++) rtl8168_setup_ldev(leds + i, ndev, i); + + return leds; +} + +void r8169_remove_leds(struct r8169_led_classdev *leds) +{ + if (!leds) + return; + + for (struct r8169_led_classdev *l = leds; l->ndev; l++) + led_classdev_unregister(&l->led); + + kfree(leds); } diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 4b6c28576..32b73f398 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -634,6 +634,8 @@ struct rtl8169_private { const char *fw_name; struct rtl_fw *rtl_fw; + struct r8169_led_classdev *leds; + u32 ocp_base; }; @@ -4930,6 +4932,9 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); + if (IS_ENABLED(CONFIG_R8169_LEDS)) + r8169_remove_leds(tp->leds); + unregister_netdev(tp->dev); if (tp->dash_type != RTL_DASH_NONE) @@ -5391,7 +5396,7 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (IS_ENABLED(CONFIG_R8169_LEDS) && tp->mac_version > RTL_GIGA_MAC_VER_06 && tp->mac_version < RTL_GIGA_MAC_VER_61) - rtl8168_init_leds(dev); + tp->leds = rtl8168_init_leds(dev); netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n", rtl_chip_infos[chipset].name, dev->dev_addr, xid, tp->irq); -- 2.44.0

1 year, 2 months

4
10
0 0

Re: [PATCH v2 0/2] ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7

by ArcticLampyrid

spkid index is corrected in v3 Link to v3: https://lore.kernel.org/lkml/TYCP286MB25357A4599E935F26A8AAB24C40E2@TYCP286…

1 year, 2 months

1
0
0 0

Re: [PATCH] drm/ttm: Print the memory decryption status just once

by Zack Rusin

Sorry, apologies to everyone. By accident I replied off the list. Redoing it now on the list. More below. On Mon, Apr 8, 2024 at 12:10 PM Christian König <christian.koenig(a)amd.com> wrote: > > Am 08.04.24 um 18:04 schrieb Zack Rusin: > > On Mon, Apr 8, 2024 at 11:59 AM Christian König > > <christian.koenig(a)amd.com> wrote: > >> Am 08.04.24 um 17:56 schrieb Zack Rusin: > >>> Stop printing the TT memory decryption status info each time tt is created > >>> and instead print it just once. > >>> > >>> Reduces the spam in the system logs when running guests with SEV enabled. > >> Do we then really need this in the first place? > > Thomas asked for it just to have an indication when those paths are > > being used because they could potentially break things pretty bad. I > > think it is useful knowing that those paths are hit (but only once). > > It makes it pretty easy for me to tell whether bug reports with people > > who report black screen can be answered with "the kernel needs to be > > upgraded" ;) > > Sounds reasonable, but my expectation was rather that we would print > something on the device level. > > If that's not feasible for whatever reason than printing it once works > as well of course. TBH, I think it's pretty convenient to have the drm_info in the TT just to make sure that when drivers request use_dma_alloc on SEV systems TT turns decryption on correctly, i.e. it's a nice sanity check when reading the logs. But if you'd prefer it in the driver I can move this logic there as well. z

1 year, 2 months

2
2
0 0

[PATCH v2 2/2] ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7

by ArcticLampyrid

This fixes the sound not working from internal speakers on Lenovo Legion Y9000X 2022 IAH7 models. Signed-off-by: ArcticLampyrid <ArcticLampyrid(a)outlook.com> Cc: <stable(a)vger.kernel.org> --- sound/pci/hda/cs35l41_hda_property.c | 2 ++ sound/pci/hda/patch_realtek.c | 1 + 2 files changed, 3 insertions(+) diff --git a/sound/pci/hda/cs35l41_hda_property.c b/sound/pci/hda/cs35l41_hda_property.c index 8fb688e41414..60ad2344488b 100644 --- a/sound/pci/hda/cs35l41_hda_property.c +++ b/sound/pci/hda/cs35l41_hda_property.c @@ -109,6 +109,7 @@ static const struct cs35l41_config cs35l41_config_table[] = { { "10431F1F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, -1, 0, 0, 0, 0 }, { "10431F62", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 0, 0, 0 }, { "10433A60", 2, INTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 1000, 4500, 24 }, + { "17AA386E", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, { "17AA386F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, -1, -1, 0, 0, 0 }, { "17AA3877", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, { "17AA3878", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, @@ -500,6 +501,7 @@ static const struct cs35l41_prop_model cs35l41_prop_model_table[] = { { "CSC3551", "10431F1F", generic_dsd_config }, { "CSC3551", "10431F62", generic_dsd_config }, { "CSC3551", "10433A60", generic_dsd_config }, + { "CSC3551", "17AA386E", generic_dsd_config }, { "CSC3551", "17AA386F", generic_dsd_config }, { "CSC3551", "17AA3877", generic_dsd_config }, { "CSC3551", "17AA3878", generic_dsd_config }, diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index cdcb28aa9d7b..ac729187f6a7 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10382,6 +10382,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x3853, "Lenovo Yoga 7 15ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), SND_PCI_QUIRK(0x17aa, 0x3855, "Legion 7 16ITHG6", ALC287_FIXUP_LEGION_16ITHG6), SND_PCI_QUIRK(0x17aa, 0x3869, "Lenovo Yoga7 14IAL7", ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK_PIN), + SND_PCI_QUIRK(0x17aa, 0x386e, "Legion Y9000X 2022 IAH7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x386f, "Legion 7i 16IAX7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x3870, "Lenovo Yoga 7 14ARB7", ALC287_FIXUP_YOGA7_14ARB7_I2C), SND_PCI_QUIRK(0x17aa, 0x3877, "Lenovo Legion 7 Slim 16ARHA7", ALC287_FIXUP_CS35L41_I2C_2), -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH] binder: check offset alignment in binder_get_object()

by Carlos Llamas

Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time. Fixes: 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bad28cf42010..dd6923d37931 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1708,8 +1708,10 @@ static size_t binder_get_object(struct binder_proc *proc, size_t object_size = 0; read_size = min_t(size_t, sizeof(*object), buffer->data_size - offset); - if (offset > buffer->data_size || read_size < sizeof(*hdr)) + if (offset > buffer->data_size || read_size < sizeof(*hdr) || + !IS_ALIGNED(offset, sizeof(u32))) return 0; + if (u) { if (copy_from_user(object, u + offset, read_size)) return 0; -- 2.44.0.478.gd926399ef9-goog

1 year, 2 months

3
2
0 0

Re: Patch "mailbox: imx: fix suspend failue" has been added to the 5.10-stable tree

by Dominique Martinet

Hi Greg, gregkh(a)linuxfoundation.org wrote on Mon, Apr 15, 2024 at 01:18:20PM +0200: > mailbox: imx: fix suspend failue > > to the 5.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > mailbox-imx-fix-suspend-failue.patch > and it can be found in the queue-5.10 subdirectory. This only fixes typos in the commit message, but Mizobuchi sent a v2 here: https://lore.kernel.org/all/20240412055648.1807780-1-mizo@atmark-techno.com… (unfortunately you weren't in cc of the patch mail either, sorry... He can resend if that helps with the process) Peng Fan also gave his reviewed-by in the v2 thread, it's always appreciable to get an ack from someone closer to the authors. Since the code itself is identical, I'll leave the decision to update or not up to you; I just can't unsee the "failue" in the summary :) Thanks! -- Dominique

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 978e5c19dfefc271e5550efba92fcef0d3f62864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041502-handsaw-overpass-5b8a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978e5c19dfefc271e5550efba92fcef0d3f62864 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev <izbyshev(a)ispras.ru> Date: Fri, 5 Apr 2024 15:55:51 +0300 Subject: [PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure This bug was introduced in commit 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization"), which was made in preparation for adc8682ec690 ("io_uring: Add support for napi_busy_poll"). The latter got reverted in cb3182167325 ("Revert "io_uring: Add support for napi_busy_poll""), so simply undo the former as well. Cc: stable(a)vger.kernel.org Fixes: 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization") Signed-off-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Link: https://lore.kernel.org/r/20240405125551.237142-1-izbyshev@ispras.ru Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 4521c2b66b98..c170a2b8d2cf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2602,19 +2602,6 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, if (__io_cqring_events_user(ctx) >= min_events) return 0; - if (sig) { -#ifdef CONFIG_COMPAT - if (in_compat_syscall()) - ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, - sigsz); - else -#endif - ret = set_user_sigmask(sig, sigsz); - - if (ret) - return ret; - } - init_waitqueue_func_entry(&iowq.wq, io_wake_function); iowq.wq.private = current; INIT_LIST_HEAD(&iowq.wq.entry); @@ -2633,6 +2620,19 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, io_napi_adjust_timeout(ctx, &iowq, &ts); } + if (sig) { +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, + sigsz); + else +#endif + ret = set_user_sigmask(sig, sigsz); + + if (ret) + return ret; + } + io_napi_busy_loop(ctx, &iowq); trace_io_uring_cqring_wait(ctx, min_events);

1 year, 2 months

3
2
0 0

v5.15+ backport request

by dcrady＠os.amperecomputing.com

Please backport the following v6.7 commit: commit be097997a273 ("KVM: arm64: Always invalidate TLB for stage-2 permission faults") to stable kernels v5.15 and newer to fix: It is possible for multiple vCPUs to fault on the same IPA and attempt to resolve the fault. One of the page table walks will actually update the PTE and the rest will return -EAGAIN per our race detection scheme. KVM elides the TLB invalidation on the racing threads as the return value is nonzero. Before commit a12ab1378a88 ("KVM: arm64: Use local TLBI on permission relaxation") KVM always used broadcast TLB invalidations when handling permission faults, which had the convenient property of making the stage-2 updates visible to all CPUs in the system. However now we do a local invalidation, and TLBI elision leads to the vCPU thread faulting again on the stale entry. Remember that the architecture permits the TLB to cache translations that precipitate a permission fault. Invalidate the TLB entry responsible for the permission fault if the stage-2 descriptor has been relaxed, regardless of which thread actually did the job. Thank you! doug rady

1 year, 2 months

2
2
0 0

Re: [PATCH] arm64: dts: mediatek: mt8395-genio-1200-evk: add u3port1 for xhci1

by Macpaul Lin

On 2/16/24 17:57, Macpaul Lin wrote: > This patch fixes an issue where xhci1 was not functioning properly because > the state and PHY settings were incorrect. > > The introduction of the 'force-mode' property in the phy-mtk-tphy driver > allows for the correct initialization of xhci1 by updating the Device Tree > settings accordingly. > > The necessary fixup which added support for the 'force-mode' switch in the > phy-mtk-tphy driver. > commit 9b27303003f5 ("phy: mediatek: tphy: add support force phy mode switch") > Link: https://lore.kernel.org/r/20231211025624.28991-2-chunfeng.yun@mediatek.com Dear AngeloGioacchino, Just a soft reminding about the patch has been sent a while back for the shared U3PHY and PCIe PHY setup for genio-1200 boards. I'm not sure if you've missed this patch in mail box. :) The patch is pretty important as it lets the device tree (dts) decide whether to enable U3PHY or PCIe PHY. Because this is a shared hardware phy and could only be configured in dts to decide which function to be initialized, so it's something that should be included in the board-specific dts files. Do you think it needs to be resubmitted, or is it still in the queue for review? It's meant to be ready for action from kernel version 6.8 onwards. Looking forward to your thoughts on this. Let me know if there's anything else you need from my side. > Prior to this fix, the system would exhibit the following probe failure messages > for xhci1: > xhci-mtk 11290000.usb: supply vbus not found, using dummy regulator > xhci-mtk 11290000.usb: uwk - reg:0x400, version:104 > xhci-mtk 11290000.usb: xHCI Host Controller > xhci-mtk 11290000.usb: new USB bus registered, assigned bus number 5 > xhci-mtk 11290000.usb: clocks are not stable (0x1003d0f) > xhci-mtk 11290000.usb: can't setup: -110 > xhci-mtk 11290000.usb: USB bus 5 deregistered > xhci-mtk: probe of 11290000.usb failed with error -110 > > With the application of this dts fixup, the aforementioned initialization errors > are resolved and xhci1 is working. > > Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> > --- > arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts b/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts > index 7fc515a07c65..e0b9f2615c11 100644 > --- a/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts > +++ b/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts > @@ -854,6 +854,10 @@ > > &u3phy1 { > status = "okay"; > + > + u3port1: usb-phy@700 { > + mediatek,force-mode; > + }; > }; > > &u3phy2 { > @@ -885,6 +889,8 @@ > }; > > &xhci1 { > + phys = <&u2port1 PHY_TYPE_USB2>, > + <&u3port1 PHY_TYPE_USB3>; > vusb33-supply = <&mt6359_vusb_ldo_reg>; > status = "okay"; > }; Thanks Macpaul Lin

1 year, 2 months

2
1
0 0

[PATCH 1/2 v3] USB: serial: option: add Lonsung U8300/U9300 product

by Coia Prant

Update the USB serial option driver to support Longsung U8300/U9300. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Reviewed-by: Lars Melin <larsm17(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: netdev(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 2 months

3
2
0 0

[PATCH v2 2/2] wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor

by Martin Kaistra

In order to connect to networks which require 802.11w, add the MFP_CAPABLE flag and let mac80211 do the actual crypto in software. When a robust management frame is received, rx_dec->swdec is not set, even though the HW did not decrypt it. Extend the check and don't set RX_FLAG_DECRYPTED for these frames in order to use SW decryption. Use the security flag in the RX descriptor for this purpose, like it is done in the rtw88 driver. Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaistra <martin.kaistra(a)linutronix.de> --- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 9 +++++++++ drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 7 +++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h index fd92d23c43d91..16d884a3d87df 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h @@ -122,6 +122,15 @@ enum rtl8xxxu_rx_type { RX_TYPE_ERROR = -1 }; +enum rtl8xxxu_rx_desc_enc { + RX_DESC_ENC_NONE = 0, + RX_DESC_ENC_WEP40 = 1, + RX_DESC_ENC_TKIP_WO_MIC = 2, + RX_DESC_ENC_TKIP_MIC = 3, + RX_DESC_ENC_AES = 4, + RX_DESC_ENC_WEP104 = 5, +}; + struct rtl8xxxu_rxdesc16 { #ifdef __LITTLE_ENDIAN u32 pktlen:14; diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c index 4a49f8f9d80f2..b15a30a54259e 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c @@ -6473,7 +6473,8 @@ int rtl8xxxu_parse_rxdesc16(struct rtl8xxxu_priv *priv, struct sk_buff *skb) rx_status->mactime = rx_desc->tsfl; rx_status->flag |= RX_FLAG_MACTIME_START; - if (!rx_desc->swdec) + if (!rx_desc->swdec && + rx_desc->security != RX_DESC_ENC_NONE) rx_status->flag |= RX_FLAG_DECRYPTED; if (rx_desc->crc32) rx_status->flag |= RX_FLAG_FAILED_FCS_CRC; @@ -6578,7 +6579,8 @@ int rtl8xxxu_parse_rxdesc24(struct rtl8xxxu_priv *priv, struct sk_buff *skb) rx_status->mactime = rx_desc->tsfl; rx_status->flag |= RX_FLAG_MACTIME_START; - if (!rx_desc->swdec) + if (!rx_desc->swdec && + rx_desc->security != RX_DESC_ENC_NONE) rx_status->flag |= RX_FLAG_DECRYPTED; if (rx_desc->crc32) rx_status->flag |= RX_FLAG_FAILED_FCS_CRC; @@ -7998,6 +8000,7 @@ static int rtl8xxxu_probe(struct usb_interface *interface, ieee80211_hw_set(hw, HAS_RATE_CONTROL); ieee80211_hw_set(hw, SUPPORT_FAST_XMIT); ieee80211_hw_set(hw, AMPDU_AGGREGATION); + ieee80211_hw_set(hw, MFP_CAPABLE); wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); -- 2.39.2

1 year, 2 months

1
0
0 0

[PATCH 2/2] wifi: rtl8xxxu: enable MFP support

by Martin Kaistra

In order to connect to networks which require 802.11w, add the MFP_CAPABLE flag and let mac80211 do the actual crypto in software. When a robust management frame is received, rx_dec->swdec is not set, even though the HW did not decrypt it. Extend the check and don't set RX_FLAG_DECRYPTED for these frames in order to use SW decryption. Use the security flag in the RX descriptor for this purpose, like it is done in the rtw88 driver. Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaistra <martin.kaistra(a)linutronix.de> --- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 9 +++++++++ drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 7 +++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h index fd92d23c43d91..4f2615dbfd0f0 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h @@ -122,6 +122,15 @@ enum rtl8xxxu_rx_type { RX_TYPE_ERROR = -1 }; +enum rtw_rx_desc_enc { + RX_DESC_ENC_NONE = 0, + RX_DESC_ENC_WEP40 = 1, + RX_DESC_ENC_TKIP_WO_MIC = 2, + RX_DESC_ENC_TKIP_MIC = 3, + RX_DESC_ENC_AES = 4, + RX_DESC_ENC_WEP104 = 5, +}; + struct rtl8xxxu_rxdesc16 { #ifdef __LITTLE_ENDIAN u32 pktlen:14; diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c index 4a49f8f9d80f2..b15a30a54259e 100644 --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c @@ -6473,7 +6473,8 @@ int rtl8xxxu_parse_rxdesc16(struct rtl8xxxu_priv *priv, struct sk_buff *skb) rx_status->mactime = rx_desc->tsfl; rx_status->flag |= RX_FLAG_MACTIME_START; - if (!rx_desc->swdec) + if (!rx_desc->swdec && + rx_desc->security != RX_DESC_ENC_NONE) rx_status->flag |= RX_FLAG_DECRYPTED; if (rx_desc->crc32) rx_status->flag |= RX_FLAG_FAILED_FCS_CRC; @@ -6578,7 +6579,8 @@ int rtl8xxxu_parse_rxdesc24(struct rtl8xxxu_priv *priv, struct sk_buff *skb) rx_status->mactime = rx_desc->tsfl; rx_status->flag |= RX_FLAG_MACTIME_START; - if (!rx_desc->swdec) + if (!rx_desc->swdec && + rx_desc->security != RX_DESC_ENC_NONE) rx_status->flag |= RX_FLAG_DECRYPTED; if (rx_desc->crc32) rx_status->flag |= RX_FLAG_FAILED_FCS_CRC; @@ -7998,6 +8000,7 @@ static int rtl8xxxu_probe(struct usb_interface *interface, ieee80211_hw_set(hw, HAS_RATE_CONTROL); ieee80211_hw_set(hw, SUPPORT_FAST_XMIT); ieee80211_hw_set(hw, AMPDU_AGGREGATION); + ieee80211_hw_set(hw, MFP_CAPABLE); wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST); -- 2.39.2

1 year, 2 months

2
3
0 0

[PATCH] ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7

by ArcticLampyrid

This fixes the sound not working from internal speakers on Lenovo Legion Y9000X 2022 IAH7 models. Signed-off-by: ArcticLampyrid <ArcticLampyrid(a)outlook.com> Cc: <stable(a)vger.kernel.org> --- sound/pci/hda/cs35l41_hda_property.c | 17 +++++++++++++++++ sound/pci/hda/patch_realtek.c | 1 + 2 files changed, 18 insertions(+) diff --git a/sound/pci/hda/cs35l41_hda_property.c b/sound/pci/hda/cs35l41_hda_property.c index 8fb688e41..244e41d51 100644 --- a/sound/pci/hda/cs35l41_hda_property.c +++ b/sound/pci/hda/cs35l41_hda_property.c @@ -109,6 +109,7 @@ static const struct cs35l41_config cs35l41_config_table[] = { { "10431F1F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, -1, 0, 0, 0, 0 }, { "10431F62", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 0, 0, 0 }, { "10433A60", 2, INTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 1, 2, 0, 1000, 4500, 24 }, + { "17AA386E", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, { "17AA386F", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, -1, -1, 0, 0, 0 }, { "17AA3877", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, { "17AA3878", 2, EXTERNAL, { CS35L41_LEFT, CS35L41_RIGHT, 0, 0 }, 0, 1, -1, 0, 0, 0 }, @@ -414,6 +415,21 @@ static int lenovo_legion_no_acpi(struct cs35l41_hda *cs35l41, struct device *phy return 0; } +/* + * Some devices just have a single interrupt line for multiple amps, for which we + * should just register the interrupt for the first amp. Otherwise, we would meet EBUSY + * when registering the interrupt for the second amp. + */ +static int single_interrupt_dsd_config(struct cs35l41_hda *cs35l41, struct device *physdev, int id, + const char *hid) +{ + generic_dsd_config(cs35l41, physdev, id, hid); + if (id != 0x40) { + cs35l41->hw_cfg.gpio2.func = CS35L41_NOT_USED; + } + return 0; +} + struct cs35l41_prop_model { const char *hid; const char *ssid; @@ -500,6 +516,7 @@ static const struct cs35l41_prop_model cs35l41_prop_model_table[] = { { "CSC3551", "10431F1F", generic_dsd_config }, { "CSC3551", "10431F62", generic_dsd_config }, { "CSC3551", "10433A60", generic_dsd_config }, + { "CSC3551", "17AA386E", single_interrupt_dsd_config }, { "CSC3551", "17AA386F", generic_dsd_config }, { "CSC3551", "17AA3877", generic_dsd_config }, { "CSC3551", "17AA3878", generic_dsd_config }, diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index cdcb28aa9..ac729187f 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10382,6 +10382,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x3853, "Lenovo Yoga 7 15ITL5", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), SND_PCI_QUIRK(0x17aa, 0x3855, "Legion 7 16ITHG6", ALC287_FIXUP_LEGION_16ITHG6), SND_PCI_QUIRK(0x17aa, 0x3869, "Lenovo Yoga7 14IAL7", ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK_PIN), + SND_PCI_QUIRK(0x17aa, 0x386e, "Legion Y9000X 2022 IAH7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x386f, "Legion 7i 16IAX7", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x17aa, 0x3870, "Lenovo Yoga 7 14ARB7", ALC287_FIXUP_YOGA7_14ARB7_I2C), SND_PCI_QUIRK(0x17aa, 0x3877, "Lenovo Legion 7 Slim 16ARHA7", ALC287_FIXUP_CS35L41_I2C_2), -- 2.44.0

1 year, 2 months

2
5
0 0

[PATCH v2 0/2] usb: dwc3: Disable susphy during initialization

by Thinh Nguyen

We notice some platforms set "snps,dis_u3_susphy_quirk" and "snps,dis_u2_susphy_quirk" when they should not need to. Just make sure that the GUSB3PIPECTL.SUSPENDENABLE and GUSB2PHYCFG.SUSPHY are clear during initialization. The host initialization involved xhci. So the dwc3 needs to implement the xhci_plat_priv->plat_start() for xhci to re-enable the suspend bits. Since there's a prerequisite patch to drivers/usb/host/xhci-plat.h that's not a fix patch, this series should go on Greg's usb-testing branch instead of usb-linus. Changes in v2: - Fix xhci-rzv2m build issue Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init drivers/usb/dwc3/core.c | 90 +++++++++++++++-------------------- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++++++++++ drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + 6 files changed, 72 insertions(+), 53 deletions(-) base-commit: 3d122e6d27e417a9fa91181922743df26b2cd679 -- 2.28.0

1 year, 2 months

1
2
0 0

+ mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix missing hugetlb_lock for resv uncharge has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/hugetlb: fix missing hugetlb_lock for resv uncharge Date: Wed, 17 Apr 2024 17:18:35 -0400 There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Cc: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge +++ a/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret) _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge.patch mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch mm-always-initialise-folio-_deferred_list-fix.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch

1 year, 2 months

1
0
0 0

[PATCH] drm/xe/vm: prevent UAF in rebind_work_func()

by Matthew Auld

We flush the rebind worker during the vm close phase, however in places like preempt_fence_work_func() we seem to queue the rebind worker without first checking if the vm has already been closed. The concern here is the vm being closed with the worker flushed, but then being rearmed later, which looks like potential uaf, since there is no actual refcounting to track the queued worker. To ensure this can't happen prevent queueing the rebind worker once the vm has been closed. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1591 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1304 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1249 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.h | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 5b7930f46cf3..e21461be904f 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1327,7 +1327,7 @@ __xe_pt_bind_vma(struct xe_tile *tile, struct xe_vma *vma, struct xe_exec_queue } if (!rebind && last_munmap_rebind && xe_vm_in_preempt_fence_mode(vm)) - xe_vm_queue_rebind_worker(vm); + xe_vm_queue_rebind_worker_locked(vm); } else { kfree(rfence); kfree(ifence); diff --git a/drivers/gpu/drm/xe/xe_vm.h b/drivers/gpu/drm/xe/xe_vm.h index 306cd0934a19..8420fbf19f6d 100644 --- a/drivers/gpu/drm/xe/xe_vm.h +++ b/drivers/gpu/drm/xe/xe_vm.h @@ -211,10 +211,20 @@ int xe_vm_rebind(struct xe_vm *vm, bool rebind_worker); int xe_vm_invalidate_vma(struct xe_vma *vma); -static inline void xe_vm_queue_rebind_worker(struct xe_vm *vm) +static inline void xe_vm_queue_rebind_worker_locked(struct xe_vm *vm) { xe_assert(vm->xe, xe_vm_in_preempt_fence_mode(vm)); - queue_work(vm->xe->ordered_wq, &vm->preempt.rebind_work); + lockdep_assert_held(&vm->lock); + + if (!xe_vm_is_closed(vm)) + queue_work(vm->xe->ordered_wq, &vm->preempt.rebind_work); +} + +static inline void xe_vm_queue_rebind_worker(struct xe_vm *vm) +{ + down_read(&vm->lock); + xe_vm_queue_rebind_worker_locked(vm); + up_read(&vm->lock); } /** @@ -225,12 +235,13 @@ static inline void xe_vm_queue_rebind_worker(struct xe_vm *vm) * If the rebind functionality on a compute vm was disabled due * to nothing to execute. Reactivate it and run the rebind worker. * This function should be called after submitting a batch to a compute vm. + * */ static inline void xe_vm_reactivate_rebind(struct xe_vm *vm) { if (xe_vm_in_preempt_fence_mode(vm) && vm->preempt.rebind_deactivated) { vm->preempt.rebind_deactivated = false; - xe_vm_queue_rebind_worker(vm); + xe_vm_queue_rebind_worker_locked(vm); } } -- 2.44.0

1 year, 2 months

2
2
0 0

[PATCH v2] PCI: dw-rockchip: Fix GPIO initialization flag

by Niklas Cassel

PERST is active low according to the PCIe specification. However, the existing pcie-dw-rockchip.c driver does: gpiod_set_value(..., 0); msleep(100); gpiod_set_value(..., 1); When asserting + deasserting PERST. This is of course wrong, but because all the device trees for this compatible string have also incorrectly marked this GPIO as ACTIVE_HIGH: $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3568* $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3588* The actual toggling of PERST is correct. (And we cannot change it anyway, since that would break device tree compatibility.) However, this driver does request the GPIO to be initialized as GPIOD_OUT_HIGH, which does cause a silly sequence where PERST gets toggled back and forth for no good reason. Fix this by requesting the GPIO to be initialized as GPIOD_OUT_LOW (which for this driver means PERST asserted). This will avoid an unnecessary signal change where PERST gets deasserted (by devm_gpiod_get_optional()) and then gets asserted (by rockchip_pcie_start_link()) just a few instructions later. Before patch, debug prints on EP side, when booting RC: [ 845.606810] pci: PERST asserted by host! [ 852.483985] pci: PERST de-asserted by host! [ 852.503041] pci: PERST asserted by host! [ 852.610318] pci: PERST de-asserted by host! After patch, debug prints on EP side, when booting RC: [ 125.107921] pci: PERST asserted by host! [ 132.111429] pci: PERST de-asserted by host! This extra, very short, PERST assertion + deassertion has been reported to cause issues with certain WLAN controllers, e.g. RTL8822CE. Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver") Tested-by: Jianfeng Liu <liujianfeng1994(a)gmail.com> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org # 5.15+ --- Changes since V1: -Picked up tags. -CC stable. -Clarified commit message. drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c index d6842141d384..a909e42b4273 100644 --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c @@ -240,7 +240,7 @@ static int rockchip_pcie_resource_get(struct platform_device *pdev, return PTR_ERR(rockchip->apb_base); rockchip->rst_gpio = devm_gpiod_get_optional(&pdev->dev, "reset", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->rst_gpio)) return PTR_ERR(rockchip->rst_gpio); -- 2.44.0

1 year, 2 months

3
2
0 0

[PATCH] Revert 2267b2e84593bd3d61a1188e68fba06307fa9dab

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> ltp test fcntl17 fails on v5.15.154. This was bisected to commit 2267b2e84593 ("lockd: introduce safe async lock op"). Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- Documentation/filesystems/nfs/exporting.rst | 7 ------- fs/lockd/svclock.c | 4 +++- fs/nfsd/nfs4state.c | 10 +++------- include/linux/exportfs.h | 14 -------------- 4 files changed, 6 insertions(+), 29 deletions(-) diff --git a/Documentation/filesystems/nfs/exporting.rst b/Documentation/filesystems/nfs/exporting.rst index 6a1cbd7de38d..6f59a364f84c 100644 --- a/Documentation/filesystems/nfs/exporting.rst +++ b/Documentation/filesystems/nfs/exporting.rst @@ -241,10 +241,3 @@ following flags are defined: all of an inode's dirty data on last close. Exports that behave this way should set EXPORT_OP_FLUSH_ON_CLOSE so that NFSD knows to skip waiting for writeback when closing such files. - - EXPORT_OP_ASYNC_LOCK - Indicates a capable filesystem to do async lock - requests from lockd. Only set EXPORT_OP_ASYNC_LOCK if the filesystem has - it's own ->lock() functionality as core posix_lock_file() implementation - has no async lock request handling yet. For more information about how to - indicate an async lock request from a ->lock() file_operations struct, see - fs/locks.c and comment for the function vfs_lock_file(). diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c index 55c0a0331188..4e30f3c50970 100644 --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -470,7 +470,9 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, struct nlm_host *host, struct nlm_lock *lock, int wait, struct nlm_cookie *cookie, int reclaim) { +#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) struct inode *inode = nlmsvc_file_inode(file); +#endif struct nlm_block *block = NULL; int error; int mode; @@ -484,7 +486,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, (long long)lock->fl.fl_end, wait); - if (!exportfs_lock_op_is_async(inode->i_sb->s_export_op)) { + if (nlmsvc_file_file(file)->f_op->lock) { async_block = wait; wait = 0; } diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 40b5b226e504..d07176eee935 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -7420,7 +7420,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_blocked_lock *nbl = NULL; struct file_lock *file_lock = NULL; struct file_lock *conflock = NULL; - struct super_block *sb; __be32 status = 0; int lkflg; int err; @@ -7442,7 +7441,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, dprintk("NFSD: nfsd4_lock: permission denied!\n"); return status; } - sb = cstate->current_fh.fh_dentry->d_sb; if (lock->lk_is_new) { if (nfsd4_has_session(cstate)) @@ -7494,8 +7492,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fp = lock_stp->st_stid.sc_file; switch (lock->lk_type) { case NFS4_READW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_READ_LT: @@ -7507,8 +7504,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fl_type = F_RDLCK; break; case NFS4_WRITEW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_WRITE_LT: @@ -7536,7 +7532,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, * for file locks), so don't attempt blocking lock notifications * on those filesystems: */ - if (!exportfs_lock_op_is_async(sb->s_export_op)) + if (nf->nf_file->f_op->lock) fl_flags &= ~FL_SLEEP; nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index 6525f4b7eb97..218fc5c54e90 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -222,23 +222,9 @@ struct export_operations { atomic attribute updates */ #define EXPORT_OP_FLUSH_ON_CLOSE (0x20) /* fs flushes file data on close */ -#define EXPORT_OP_ASYNC_LOCK (0x40) /* fs can do async lock request */ unsigned long flags; }; -/** - * exportfs_lock_op_is_async() - export op supports async lock operation - * @export_ops: the nfs export operations to check - * - * Returns true if the nfs export_operations structure has - * EXPORT_OP_ASYNC_LOCK in their flags set - */ -static inline bool -exportfs_lock_op_is_async(const struct export_operations *export_ops) -{ - return export_ops->flags & EXPORT_OP_ASYNC_LOCK; -} - extern int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, int *max_len, struct inode *parent); extern int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, -- 2.44.0

1 year, 2 months

3
3
0 0

Re: btrfs: sanity tests fails on 6.8.3

by Linux regression tracking (Thorsten Leemhuis)

[adding the authors of the two commits mentioned as well as the Btrfs maintainers and the regressions & stable list to the list of recipients] On 15.04.24 05:56, Hiroshi Takekawa wrote: > > Module loading fails with CONFIG_BTRFS_FS_RUN_SANITY_TESTS enabled on > 6.8.3-6.8.6. > > Bisected: > Reverting these commits, then module loading succeeds. > 70f49f7b9aa3dfa70e7a2e3163ab4cae7c9a457a FWIW, that is a linux-stable commit-id for 41044b41ad2c8c ("btrfs: add helper to get fs_info from struct inode pointer") [v6.9-rc1, v6.8.3 (70f49f7b9aa3df)] > 86211eea8ae1676cc819d2b4fdc8d995394be07d FWIW, that was a mainline commit-id for 86211eea8ae167 ("btrfs: qgroup: validate btrfs_qgroup_inherit parameter") [v6.9-rc1, v6.8.3 (f19dad4f440af4)] Also: There is a report that to me looks a lot like it's about the same problem: https://bugzilla.kernel.org/show_bug.cgi?id=218720 Ciao, Thorsten > Backtrace: > [ 69.030943] xor: automatically using best checksumming function avx > [ 69.031940] raid6: skipped pq benchmark and selected avx2x4 > [ 69.031942] raid6: using avx2x2 recovery algorithm > [ 69.074954] Btrfs loaded, zoned=no, fsverity=no > [ 69.074973] BTRFS: selftest: sectorsize: 4096 nodesize: 4096 > [ 69.074974] BTRFS: selftest: running btrfs free space cache tests > [ 69.074979] BTRFS: selftest: running extent only tests > [ 69.074981] BTRFS: selftest: running bitmap only tests > [ 69.074986] BTRFS: selftest: running bitmap and extent tests > [ 69.074989] BTRFS: selftest: running space stealing from bitmap to extent tests > [ 69.075128] BTRFS: selftest: running bytes index tests > [ 69.075134] BTRFS: selftest: running extent buffer operation tests > [ 69.075135] BTRFS: selftest: running btrfs_split_item tests > [ 69.075140] BTRFS: selftest: running extent I/O tests > [ 69.075141] BTRFS: selftest: running find delalloc tests > [ 69.098156] BUG: kernel NULL pointer dereference, address: 0000000000000208 > [ 69.098169] #PF: supervisor read access in kernel mode > [ 69.098174] #PF: error_code(0x0000) - not-present page > [ 69.098179] PGD 0 P4D 0 > [ 69.098182] Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 69.098187] CPU: 16 PID: 9701 Comm: modprobe Tainted: P OE 6.8.4 #1 > [ 69.098194] Hardware name: ASUS System Product Name/PRIME Z490-A, BIOS 2801 10/27/2023 > [ 69.098200] RIP: 0010:find_lock_delalloc_range+0x30/0x260 [btrfs] > [ 69.098239] Code: 57 41 56 41 55 41 54 53 48 83 ec 40 49 89 d6 49 89 f7 49 89 fc 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 48 8b 87 40 fe ff ff <48> 8b 80 08 02 00 00 48 85 c0 74 09 48 8b a8 a0 0c 00 00 eb 05 bd > [ 69.098252] RSP: 0018:ffffa2c087cfb8a8 EFLAGS: 00010282 > [ 69.098256] RAX: 0000000000000000 RBX: 0000000000000fff RCX: ffffa2c087cfb938 > [ 69.098262] RDX: ffffa2c087cfb940 RSI: ffffdf1544fbac80 RDI: ffffa085c86b05f0 > [ 69.098266] RBP: 0000000000000000 R08: 0000000000000010 R09: 0000000000000000 > [ 69.098271] R10: ffffa0852f8e8a20 R11: ffffffffbb22eb70 R12: ffffa085c86b05f0 > [ 69.098276] R13: ffffdf1544fbac80 R14: ffffa2c087cfb940 R15: ffffdf1544fbac80 > [ 69.098280] FS: 00007f6447289740(0000) GS:ffffa0a3edc00000(0000) knlGS:0000000000000000 > [ 69.098286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 69.098290] CR2: 0000000000000208 CR3: 0000000176cec006 CR4: 00000000007706f0 > [ 69.098295] PKRU: 55555554 > [ 69.098297] Call Trace: > [ 69.098300] <TASK> > [ 69.098302] ? __die_body+0x5f/0xb0 > [ 69.098307] ? page_fault_oops+0x294/0x3c0 > [ 69.098311] ? exc_page_fault+0x4b/0x70 > [ 69.098316] ? asm_exc_page_fault+0x26/0x30 > [ 69.098319] ? __pfx_workingset_update_node+0x10/0x10 > [ 69.098325] ? find_lock_delalloc_range+0x30/0x260 [btrfs] > [ 69.098355] btrfs_test_extent_io+0x185/0x1210 [btrfs] > [ 69.098378] btrfs_run_sanity_tests+0x7c/0x120 [btrfs] > [ 69.098400] ? __pfx_init_module+0x10/0x10 [btrfs] > [ 69.098421] init_module+0x1b/0x90 [btrfs] > [ 69.098441] ? __pfx_init_module+0x10/0x10 [btrfs] > [ 69.098462] do_one_initcall+0x115/0x340 > [ 69.098598] ? idr_alloc_cyclic+0x139/0x1d0 > [ 69.098728] ? __kernfs_new_node+0xc7/0x230 > [ 69.098855] ? sysvec_apic_timer_interrupt+0x15/0x80 > [ 69.098984] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 > [ 69.099111] ? __slab_free+0x74/0x270 > [ 69.099239] ? __slab_free+0x74/0x270 > [ 69.099364] ? vfree+0x16c/0x200 > [ 69.099488] ? kfree+0x14e/0x200 > [ 69.099611] ? vfree+0x16c/0x200 > [ 69.099733] ? load_module+0x104e/0x11c0 > [ 69.099856] ? kmalloc_trace+0x11e/0x240 > [ 69.099980] do_init_module+0x7d/0x240 > [ 69.100102] __x64_sys_finit_module+0x293/0x380 > [ 69.100226] do_syscall_64+0x89/0x110 > [ 69.100347] ? syscall_exit_work+0xaf/0xd0 > [ 69.100466] ? syscall_exit_to_user_mode+0x74/0x80 > [ 69.100585] ? do_syscall_64+0x98/0x110 > [ 69.100703] ? syscall_exit_work+0xaf/0xd0 > [ 69.100820] ? syscall_exit_to_user_mode+0x74/0x80 > [ 69.100937] ? do_syscall_64+0x98/0x110 > [ 69.101050] ? do_syscall_64+0x98/0x110 > [ 69.101160] ? do_syscall_64+0x98/0x110 > [ 69.101263] entry_SYSCALL_64_after_hwframe+0x73/0x7b > [ 69.101361] RIP: 0033:0x7f6446b1e3ed > [ 69.101457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fb 29 0d 00 f7 d8 64 89 01 48 > [ 69.101667] RSP: 002b:00007fff472969b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 > [ 69.101774] RAX: ffffffffffffffda RBX: 000056091ee62c00 RCX: 00007f6446b1e3ed > [ 69.101881] RDX: 0000000000000000 RSI: 000056091da20585 RDI: 0000000000000009 > [ 69.101987] RBP: 000056091da20585 R08: 00007f6446bf1d00 R09: 0000000000000000 > [ 69.102092] R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000040000 > [ 69.102196] R13: 000056091ee6a5d0 R14: 00007f64472970a8 R15: 000056091ee625d0 > [ 69.102299] </TASK> > [ 69.102399] Modules linked in: btrfs(+) raid6_pq xor zstd_compress lzo_decompress lzo_compress efivarfs loop nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) virtiofs virtio fuse virtio_ring ipt_REJECT nf_reject_ipv4 ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle vhost_vsock vmw_vsock_virtio_transport_common vsock vhost_net vhost vhost_iotlb tun xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat nf_nat xt_addrtype iptable_filter ip_tables br_netfilter bridge stp llc overlay sr_mod cdrom snd_pcm_oss snd_mixer_oss vmw_vmci nct6775 hwmon_vid nct6775_core nf_log_syslog nft_log nft_ct nf_tables libcrc32c nfnetlink joydev ipv6 mei_me ee1004 mei pl2303 usbserial usb_storage coretemp hwmon intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_realtek snd_hda_codec_generic kvm_intel led_class snd_hda_codec_hdmi kvm irqbypass crc32c_intel sha512_ssse3 sha256_ssse3 snd_hda_intel sha1_ssse3 snd_intel_dspcfg aesni_intel snd_hda_codec crypto_simd snd_hda_core > [ 69.102430] cryptd snd_pcm rapl snd_timer i2c_i801 intel_cstate wmi_bmof intel_wmi_thunderbolt intel_uncore i2c_smbus rtc_cmos snd sd_mod soundcore thermal fan wmi acpi_pad button [last unloaded: nvidia(POE)] > [ 69.103752] CR2: 0000000000000208 > [ 69.103902] ---[ end trace 0000000000000000 ]--- > [ 69.259181] RIP: 0010:find_lock_delalloc_range+0x30/0x260 [btrfs] > [ 69.259364] Code: 57 41 56 41 55 41 54 53 48 83 ec 40 49 89 d6 49 89 f7 49 89 fc 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 48 8b 87 40 fe ff ff <48> 8b 80 08 02 00 00 48 85 c0 74 09 48 8b a8 a0 0c 00 00 eb 05 bd > [ 69.259691] RSP: 0018:ffffa2c087cfb8a8 EFLAGS: 00010282 > [ 69.259856] RAX: 0000000000000000 RBX: 0000000000000fff RCX: ffffa2c087cfb938 > [ 69.260023] RDX: ffffa2c087cfb940 RSI: ffffdf1544fbac80 RDI: ffffa085c86b05f0 > [ 69.260191] RBP: 0000000000000000 R08: 0000000000000010 R09: 0000000000000000 > [ 69.260360] R10: ffffa0852f8e8a20 R11: ffffffffbb22eb70 R12: ffffa085c86b05f0 > [ 69.260531] R13: ffffdf1544fbac80 R14: ffffa2c087cfb940 R15: ffffdf1544fbac80 > [ 69.260704] FS: 00007f6447289740(0000) GS:ffffa0a3edc00000(0000) knlGS:0000000000000000 > [ 69.260882] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 69.261061] CR2: 0000000000000208 CR3: 0000000176cec006 CR4: 00000000007706f0 > [ 69.261242] PKRU: 55555554 > [ 69.261423] note: modprobe[9701] exited with irqs disabled > > -- > Hiroshi Takekawa <sian(a)big.or.jp> P.S.: #regzbot ^introduced 70f49f7b9aa3df #regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=218720 #regzbot title: btrfs: sanity tests fails and causes Oops #regzbot ignore-activity

1 year, 2 months

7
6
0 0

[PATCH v1] arm64: dts: imx8mm: fix missing pgc_vpu_* power domain parent

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The pgc_vpu_* nodes miss the reference to the power domain parent, leading the system to hang during the resume. As these PU domains are nested inside the vpumix domain, let's reference it accordingly. After this change, the suspend/resume is working. Cc: Lucas Stach <l.stach(a)pengutronix.de> Cc: <stable(a)vger.kernel.org> Closes: https://lore.kernel.org/all/fccbb040330a706a4f7b34875db1d896a0bf81c8.camel@… Fixes: d39d4bb15310 ("arm64: dts: imx8mm: add GPC node") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- arch/arm64/boot/dts/freescale/imx8mm.dtsi | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/boot/dts/freescale/imx8mm.dtsi b/arch/arm64/boot/dts/freescale/imx8mm.dtsi index 8a1b42b94dce..97d0c6d23ad8 100644 --- a/arch/arm64/boot/dts/freescale/imx8mm.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mm.dtsi @@ -739,16 +739,19 @@ pgc_vpumix: power-domain@6 { pgc_vpu_g1: power-domain@7 { #power-domain-cells = <0>; reg = <IMX8MM_POWER_DOMAIN_VPUG1>; + power-domains = <&pgc_vpumix>; }; pgc_vpu_g2: power-domain@8 { #power-domain-cells = <0>; reg = <IMX8MM_POWER_DOMAIN_VPUG2>; + power-domains = <&pgc_vpumix>; }; pgc_vpu_h1: power-domain@9 { #power-domain-cells = <0>; reg = <IMX8MM_POWER_DOMAIN_VPUH1>; + power-domains = <&pgc_vpumix>; }; pgc_dispmix: power-domain@10 { -- 2.34.1

1 year, 2 months

2
9
0 0

[PATCH] random: handle creditable entropy from atomic process context

by Jason A. Donenfeld

The entropy accounting changes a static key when the RNG has initialized, since it only ever initializes once. Static key changes, however, cannot be made from atomic context, so depending on where the last creditable entropy comes from, the static key change might need to be deferred to a worker. Previously the code used the execute_in_process_context() helper function, which accounts for whether or not the caller is in_interrupt(). However, that doesn't account for the case where the caller is actually in process context but is holding a spinlock. This turned out to be the case with input_handle_event() in drivers/input/input.c contributing entropy: [<ffffffd613025ba0>] die+0xa8/0x2fc [<ffffffd613027428>] bug_handler+0x44/0xec [<ffffffd613016964>] brk_handler+0x90/0x144 [<ffffffd613041e58>] do_debug_exception+0xa0/0x148 [<ffffffd61400c208>] el1_dbg+0x60/0x7c [<ffffffd61400c000>] el1h_64_sync_handler+0x38/0x90 [<ffffffd613011294>] el1h_64_sync+0x64/0x6c [<ffffffd613102d88>] __might_resched+0x1fc/0x2e8 [<ffffffd613102b54>] __might_sleep+0x44/0x7c [<ffffffd6130b6eac>] cpus_read_lock+0x1c/0xec [<ffffffd6132c2820>] static_key_enable+0x14/0x38 [<ffffffd61400ac08>] crng_set_ready+0x14/0x28 [<ffffffd6130df4dc>] execute_in_process_context+0xb8/0xf8 [<ffffffd61400ab30>] _credit_init_bits+0x118/0x1dc [<ffffffd6138580c8>] add_timer_randomness+0x264/0x270 [<ffffffd613857e54>] add_input_randomness+0x38/0x48 [<ffffffd613a80f94>] input_handle_event+0x2b8/0x490 [<ffffffd613a81310>] input_event+0x6c/0x98 According to Guoyong, it's not really possible to refactor the various drivers to never hold a spinlock there. And in_atomic() isn't reliable. So, rather than trying to be too fancy, just punt the change in the static key to a workqueue always. There's basically no drawback of doing this, as the code already needed to account for the static key not changing immediately, and given that it's just an optimization, there's not exactly a hurry to change the static key right away, so deferal is fine. Reported-by: Guoyong Wang <guoyong.wang(a)mediatek.com> Cc: stable(a)vger.kernel.org Fixes: f5bda35fba61 ("random: use static branch for crng_ready()") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- Guoyong- can you test this and tell me whether it fixes the problem you were seeing? If so, I'll try to get this sent up for 6.9. -Jason drivers/char/random.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 456be28ba67c..2597cb43f438 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -702,7 +702,7 @@ static void extract_entropy(void *buf, size_t len) static void __cold _credit_init_bits(size_t bits) { - static struct execute_work set_ready; + static DECLARE_WORK(set_ready, crng_set_ready); unsigned int new, orig, add; unsigned long flags; @@ -718,8 +718,8 @@ static void __cold _credit_init_bits(size_t bits) if (orig < POOL_READY_BITS && new >= POOL_READY_BITS) { crng_reseed(NULL); /* Sets crng_init to CRNG_READY under base_crng.lock. */ - if (static_key_initialized) - execute_in_process_context(crng_set_ready, &set_ready); + if (static_key_initialized && system_unbound_wq) + queue_work(system_unbound_wq, &set_ready); atomic_notifier_call_chain(&random_ready_notifier, 0, NULL); wake_up_interruptible(&crng_init_wait); kill_fasync(&fasync, SIGIO, POLL_IN); @@ -890,8 +890,8 @@ void __init random_init(void) /* * If we were initialized by the cpu or bootloader before jump labels - * are initialized, then we should enable the static branch here, where - * it's guaranteed that jump labels have been initialized. + * or workqueues are initialized, then we should enable the static + * branch here, where it's guaranteed that these have been initialized. */ if (!static_branch_likely(&crng_is_ready) && crng_init >= CRNG_READY) crng_set_ready(NULL); -- 2.44.0

1 year, 2 months

1
0
0 0

Linux 6.8.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.7 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 22 Documentation/admin-guide/kernel-parameters.txt | 12 Documentation/devicetree/bindings/display/msm/qcom,sm8150-mdss.yaml | 9 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 arch/arm/mach-omap2/board-n8x0.c | 23 - arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 16 arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 40 - arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 arch/arm64/boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 arch/arm64/include/asm/tlbflush.h | 20 arch/x86/Kconfig | 21 arch/x86/events/core.c | 1 arch/x86/include/asm/apic.h | 3 arch/x86/kernel/apic/apic.c | 6 arch/x86/kernel/cpu/bugs.c | 82 +-- arch/x86/kernel/cpu/common.c | 48 +- block/blk-cgroup.c | 9 block/blk-cgroup.h | 2 block/blk-core.c | 2 drivers/accel/ivpu/ivpu_drv.c | 20 drivers/accel/ivpu/ivpu_hw.h | 6 drivers/accel/ivpu/ivpu_hw_37xx.c | 7 drivers/accel/ivpu/ivpu_hw_40xx.c | 6 drivers/accel/ivpu/ivpu_ipc.c | 8 drivers/accel/ivpu/ivpu_pm.c | 5 drivers/acpi/numa/hmat.c | 43 + drivers/acpi/scan.c | 3 drivers/ata/libata-core.c | 2 drivers/ata/libata-scsi.c | 9 drivers/base/node.c | 6 drivers/cxl/acpi.c | 8 drivers/cxl/core/cdat.c | 58 +- drivers/cxl/core/mbox.c | 5 drivers/cxl/core/port.c | 76 ++- drivers/cxl/core/regs.c | 5 drivers/cxl/cxl.h | 8 drivers/firmware/arm_ffa/driver.c | 2 drivers/firmware/arm_scmi/raw_mode.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c | 6 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/soc21.c | 32 + drivers/gpu/drm/amd/amdgpu/umsch_mm_v4_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c | 6 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 drivers/gpu/drm/amd/display/dc/core/dc_state.c | 9 drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 drivers/gpu/drm/ast/ast_dp.c | 3 drivers/gpu/drm/drm_client_modeset.c | 3 drivers/gpu/drm/i915/display/intel_cdclk.c | 7 drivers/gpu/drm/i915/display/intel_cdclk.h | 3 drivers/gpu/drm/i915/display/intel_ddi.c | 5 drivers/gpu/drm/i915/display/intel_dp.c | 6 drivers/gpu/drm/i915/display/intel_psr.c | 11 drivers/gpu/drm/i915/display/intel_vrr.c | 7 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 10 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 8 drivers/gpu/drm/msm/dp/dp_display.c | 2 drivers/gpu/drm/msm/msm_fb.c | 6 drivers/gpu/drm/msm/msm_kms.c | 4 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 drivers/gpu/drm/qxl/qxl_release.c | 50 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 drivers/gpu/drm/xe/xe_display.c | 5 drivers/gpu/drm/xe/xe_hwmon.c | 4 drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/perfmon.c | 2 drivers/iommu/intel/svm.c | 2 drivers/md/raid1.c | 2 drivers/media/cec/core/cec-adap.c | 14 drivers/mmc/host/omap.c | 48 +- drivers/net/dsa/mt7530.c | 229 ++++++++-- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/amazon/ena/ena_com.c | 2 drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 + drivers/net/ethernet/amazon/ena/ena_xdp.c | 4 drivers/net/ethernet/amd/pds_core/core.c | 14 drivers/net/ethernet/amd/pds_core/core.h | 5 drivers/net/ethernet/amd/pds_core/dev.c | 3 drivers/net/ethernet/amd/pds_core/main.c | 8 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 6 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 20 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/ptp.h | 8 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 - drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 7 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 drivers/net/ethernet/mellanox/mlx5/core/main.c | 37 - drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 22 drivers/net/ethernet/micrel/ks8851.h | 3 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/micrel/ks8851_par.c | 11 drivers/net/ethernet/micrel/ks8851_spi.c | 11 drivers/net/ethernet/microchip/sparx5/sparx5_port.c | 4 drivers/net/geneve.c | 4 drivers/net/virtio_net.c | 26 - drivers/platform/chrome/cros_ec_uart.c | 28 - drivers/scsi/hisi_sas/hisi_sas_main.c | 2 drivers/scsi/qla2xxx/qla_edif.c | 2 drivers/scsi/sg.c | 20 drivers/vhost/vhost.c | 24 - fs/btrfs/delayed-inode.c | 3 fs/btrfs/inode.c | 13 fs/btrfs/ioctl.c | 37 + fs/btrfs/qgroup.c | 2 fs/btrfs/root-tree.c | 10 fs/btrfs/root-tree.h | 2 fs/btrfs/tests/extent-io-tests.c | 28 + fs/btrfs/transaction.c | 17 fs/ceph/addr.c | 4 fs/ceph/caps.c | 4 fs/ceph/mds_client.c | 9 fs/ceph/mds_client.h | 3 fs/kernfs/file.c | 9 fs/proc/bootconfig.c | 12 fs/smb/client/cached_dir.c | 4 include/acpi/acpi_bus.h | 8 include/linux/bootconfig.h | 1 include/linux/dma-fence.h | 7 include/linux/irqflags.h | 2 include/linux/node.h | 18 include/linux/u64_stats_sync.h | 9 include/net/addrconf.h | 4 include/net/af_unix.h | 2 include/net/bluetooth/bluetooth.h | 11 include/net/ip_tunnels.h | 33 + init/main.c | 5 io_uring/io_uring.c | 25 + io_uring/net.c | 22 io_uring/rw.c | 2 kernel/cpu.c | 3 kernel/kprobes.c | 18 kernel/power/suspend.c | 6 kernel/trace/ring_buffer.c | 6 kernel/trace/trace_events.c | 4 lib/checksum_kunit.c | 5 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/bluetooth/hci_sock.c | 21 net/bluetooth/hci_sync.c | 66 ++ net/bluetooth/iso.c | 50 -- net/bluetooth/l2cap_core.c | 3 net/bluetooth/l2cap_sock.c | 52 -- net/bluetooth/rfcomm/sock.c | 14 net/bluetooth/sco.c | 23 - net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/route.c | 4 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/netfilter/ip6_tables.c | 4 net/openvswitch/conntrack.c | 5 net/unix/af_unix.c | 8 net/unix/garbage.c | 35 + net/unix/scm.c | 8 net/xdp/xsk.c | 2 tools/testing/selftests/kselftest.h | 33 + tools/testing/selftests/timers/posix_timers.c | 105 ++-- 170 files changed, 1553 insertions(+), 876 deletions(-) Aaro Koskinen (6): ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0 ARM: OMAP2+: fix N810 MMC gpiod table mmc: omap: fix broken slot switch lookup mmc: omap: fix deferred probe mmc: omap: restore original power up/down steps ARM: OMAP2+: fix USB regression on Nokia N8x0 Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alex Constantino (1): Revert "drm/qxl: simplify qxl_fence_wait" Alex Deucher (1): drm/amdgpu: always force full reset for SOC21 Alex Hung (1): drm/amd/display: Return max resolution supported by DWB Alexander Wetzel (2): scsi: sg: Avoid sg device teardown race scsi: sg: Avoid race in error handling & drop bogus warn Amir Goldstein (1): kernfs: annotate different lockdep class for of->mutex of writable files Anna-Maria Behnsen (1): PM: s2idle: Make sure CPUs will wakeup directly on resume Archie Pusaka (1): Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit Arnd Bergmann (6): nouveau: fix function cast warning lib: checksum: hide unused expected_csum_ipv6_magic[] ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning tracing: hide unused ftrace_event_id_fops irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Arınç ÜNAL (1): net: dsa: mt7530: trap link-local frames regardless of ST Port State Boris Brezillon (1): drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Boris Burkov (4): btrfs: qgroup: correctly model root qgroup rsv in convert btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations btrfs: record delayed inode root in transaction btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Breno Leitao (1): virtio_net: Do not send RSS key if it is not supported Brett Creeley (1): pds_core: Fix pdsc_check_pci_health function to use work thread Carolina Jubran (3): net/mlx5e: RSS, Block changing channels number when RXFH is configured net/mlx5e: Fix mlx5e_priv_init() cleanup flow net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Cosmin Ratiu (2): net/mlx5: Properly link new fs rules into the tree net/mlx5: Correctly compare pkt reformat ids Cristian Marussi (1): firmware: arm_scmi: Make raw debugfs entries non-seekable Damien Le Moal (1): ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Dan Carpenter (1): scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Daniel Machon (1): net: sparx5: fix wrong config being used when reconfiguring PCS Daniel Sneddon (1): x86/bugs: Fix return type of spectre_bhi_state() Dave Jiang (8): cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned base/node / ACPI: Enumerate node access class for 'struct access_coordinate' ACPI: HMAT: Introduce 2 levels of generic port access class ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access classes cxl: Split out combine_coordinates() for common shared usage cxl: Split out host bridge access coordinates cxl: Remove checking of iter in cxl_endpoint_get_perf_coordinates() cxl: Fix retrieving of access_coordinates in PCIe path David Arinzon (4): net: ena: Fix potential sign extension issue net: ena: Wrong missing IO completions check order net: ena: Fix incorrect descriptor free behavior net: ena: Set tx_info->xdpf value to NULL David Sterba (1): btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Dmitry Baryshkov (3): drm/msm/dpu: don't allow overriding data from catalog drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible dt-bindings: display/msm: sm8150-mdss: add DP node Eric Dumazet (3): xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING geneve: fix header validation in geneve[6]_xmit_skb netfilter: complete validation of user input Fabio Estevam (1): ARM: dts: imx7s-warp: Pass OV2680 link-frequencies Frank Li (8): arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order arm64: dts: imx8qm-ss-dma: fix can lpcg indices arm64: dts: imx8-ss-dma: fix can lpcg indices arm64: dts: imx8-ss-dma: fix adc lpcg indices arm64: dts: imx8-ss-conn: fix usb lpcg indices arm64: dts: imx8-ss-dma: fix pwm lpcg indices arm64: dts: imx8-ss-lsio: fix pwm lpcg indices arm64: dts: imx8-ss-dma: fix spi lpcg indices Fudongwang (1): drm/amd/display: fix disable otg wa logic in DCN316 Gavin Shan (3): arm64: tlb: Fix TLBI RANGE operand vhost: Add smp_rmb() in vhost_vq_avail_empty() vhost: Add smp_rmb() in vhost_enable_notify() Geetha sowjanya (1): octeontx2-af: Fix NIX SQ mode and BP config Gerd Bayer (2): s390/ism: fix receive message buffer allocation Revert "s390/ism: fix receive message buffer allocation" Greg Kroah-Hartman (1): Linux 6.8.7 Hans de Goede (1): ACPI: scan: Do not increase dep_unmet for already met dependencies Hariprasad Kelam (1): octeontx2-pf: Fix transmit scheduler resource leak Harish Kasiviswanathan (1): drm/amdkfd: Reset GPU on queue preemption failure Harry Wentland (2): drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST Igor Pylypiv (1): ata: libata-core: Allow command duration limits detection for ACS-4 drives Ilya Maximets (1): net: openvswitch: fix unwanted error log on timeout policy probing Ingo Molnar (1): x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Jacek Lawrynowicz (3): accel/ivpu: Put NPU back to D3hot after failed resume accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE accel/ivpu: Fix deadlock in context_xa Jacob Pan (1): iommu/vt-d: Allocate local memory for page request queue Jammy Huang (1): drm/ast: Fix soft lockup Jens Axboe (1): io_uring: disable io-wq execution of multishot NOWAIT requests Jens Wiklander (1): firmware: arm_ffa: Fix the partition ID check in ffa_notification_info_get() Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Johan Hovold (2): drm/msm/dp: fix runtime PM leak on disconnect drm/msm/dp: fix runtime PM leak on connect failure John Stultz (2): selftests: timers: Fix posix_timers ksft_print_msg() warning selftests: timers: Fix abs() warning in posix_timers test Josh Poimboeuf (6): x86/bugs: Fix BHI documentation x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES x86/bugs: Fix BHI handling of RRSBA x86/bugs: Clarify that syscall hardening isn't a BHI mitigation x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Karthik Poosa (1): drm/xe/hwmon: Cast result to output precision on left shift of operand Kuniyuki Iwashima (2): af_unix: Clear stale u->oob_skb. af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Kwangjin Ko (1): cxl/core: Fix initialization of mbox_cmd.size_out in get event Lang Yu (1): drm/amdgpu/umsch: reinitialize write pointer in hw init Lijo Lazar (1): drm/amdgpu: Reset dGPU if suspend got aborted Lu Baolu (1): iommu/vt-d: Fix WARN_ON in iommu probe path Luca Weiss (1): drm/msm/adreno: Set highest_bank_bit for A619 Lucas De Marchi (1): drm/xe/display: Fix double mutex initialization Luiz Augusto von Dentz (9): Bluetooth: ISO: Align broadcast sync_timeout with connection timeout Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset Bluetooth: hci_sync: Use QoS to determine which PHY to scan Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY Bluetooth: SCO: Fix not validating setsockopt user input Bluetooth: RFCOMM: Fix not validating setsockopt user input Bluetooth: L2CAP: Fix not validating setsockopt user input Bluetooth: ISO: Fix not validating setsockopt user input Bluetooth: hci_sock: Fix not validating setsockopt user input Marek Vasut (2): net: ks8851: Inline ks8851_rx_skb() net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Masami Hiramatsu (1): fs/proc: Skip bootloader comment if no embedded kernel parameters Michael Liang (1): net/mlx5: offset comp irq index in name by one Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Ming Lei (1): block: fix q->blkg_list corruption during disk rebind Moshe Shemesh (1): net/mlx5: SF, Stop waiting for FW as teardown was called Namhyung Kim (1): perf/x86: Fix out of range data Nathan Chancellor (1): selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn NeilBrown (1): ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Nini Song (1): media: cec: core: remove length check of Timer Status Noah Loomans (1): platform/chrome: cros_ec_uart: properly fix race condition Oleg Nesterov (2): selftests/timers/posix_timers: Reimplement check_timer_distribution() selftests: kselftest: Fix build failure with NOLIBC Pavan Chebbi (1): bnxt_en: Reset PTP tx_avail after possible firmware reset Pavel Begunkov (2): io_uring: refactor DEFER_TASKRUN multishot checks io_uring/net: restore msg_control on sendzc retry Petr Tesarik (1): u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Peyton Lee (1): drm/amdgpu/vpe: power on vpe when hw_init Raag Jadav (1): ACPI: bus: allow _UID matching for integer zero Rahul Rameshbabu (1): net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit Sean Christopherson (1): x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Shannon Nelson (1): pds_core: use pci_reset_function for health reset Shay Drory (1): net/mlx5: Register devlink first under devlink lock Stephen Boyd (1): drm/msm: Add newlines to some debug prints Steve French (1): smb3: fix Open files on server counter going negative Steven Rostedt (Google) (1): ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Tim Harvey (2): arm64: dts: freescale: imx8mp-venice-gw72xx-2x: fix USB vbus regulator arm64: dts: freescale: imx8mp-venice-gw73xx-2x: fix USB vbus regulator Tim Huang (2): drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 drm/amdgpu: fix incorrect number of active RBs for gfx11 Vikas Gupta (2): bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() bnxt_en: Fix error recovery for RoCE ulp client Ville Syrjälä (6): drm/i915/vrr: Disable VRR when using bigjoiner drm/client: Fully protect modes[] with dev->mode_config.mutex drm/i915/cdclk: Fix CDCLK programming order when pipes are active drm/i915/psr: Disable PSR when bigjoiner is used drm/i915: Disable port sync when bigjoiner is used drm/i915: Disable live M/N updates when using bigjoiner Wachowski, Karol (2): accel/ivpu: Check return code of ipc->lock init accel/ivpu: Fix PCI D0 state entry in resume Wenjing Liu (1): drm/amd/display: always reset ODM mode in context when adding first plane Xiang Chen (1): scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Xiubo Li (1): ceph: switch to use cap_delay_lock for the unlink delay list Xuchun Shang (1): iommu/vt-d: Fix wrong use of pasid config Yifan Zhang (1): drm/amdgpu: differentiate external rev id for gfx 11.5.0 Yu Kuai (1): raid1: fix use-after-free for original bio in raid1_write_request() Yuquan Wang (1): cxl/mem: Fix for the index of Clear Event Record Handle Zack Rusin (1): drm/vmwgfx: Enable DMA mappings with SEV Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Zhenhua Huang (1): fs/proc: remove redundant comments from /proc/bootconfig

1 year, 2 months

1
1
0 0

Linux 6.1.87

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.87 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 22 Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 arch/x86/Kconfig | 21 arch/x86/events/core.c | 1 arch/x86/include/asm/apic.h | 3 arch/x86/kernel/apic/apic.c | 6 arch/x86/kernel/cpu/bugs.c | 82 +-- arch/x86/kernel/cpu/common.c | 48 +- drivers/ata/libata-scsi.c | 9 drivers/gpu/drm/amd/amdgpu/soc21.c | 27 + drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 drivers/gpu/drm/ast/ast_dp.c | 3 drivers/gpu/drm/drm_client_modeset.c | 3 drivers/gpu/drm/i915/display/intel_cdclk.c | 7 drivers/gpu/drm/i915/display/intel_cdclk.h | 3 drivers/gpu/drm/i915/display/intel_ddi.c | 5 drivers/gpu/drm/i915/display/intel_vrr.c | 7 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/qxl/qxl_release.c | 50 +- drivers/iommu/intel/svm.c | 2 drivers/media/cec/core/cec-adap.c | 14 drivers/net/dsa/mt7530.c | 229 ++++++++-- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/amazon/ena/ena_com.c | 2 drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 20 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 - drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 drivers/net/ethernet/micrel/ks8851.h | 3 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/micrel/ks8851_par.c | 11 drivers/net/ethernet/micrel/ks8851_spi.c | 11 drivers/net/ethernet/microchip/sparx5/sparx5_port.c | 4 drivers/net/geneve.c | 4 drivers/scsi/hisi_sas/hisi_sas_main.c | 2 drivers/scsi/qla2xxx/qla_edif.c | 2 drivers/vhost/vhost.c | 24 - fs/btrfs/delayed-inode.c | 3 fs/btrfs/qgroup.c | 2 fs/btrfs/transaction.c | 17 fs/smb/client/cached_dir.c | 4 include/linux/dma-fence.h | 7 include/linux/irqflags.h | 2 include/linux/u64_stats_sync.h | 9 include/net/addrconf.h | 4 include/net/af_unix.h | 2 include/net/bluetooth/bluetooth.h | 9 include/net/ip_tunnels.h | 33 + io_uring/net.c | 1 kernel/cpu.c | 3 kernel/kprobes.c | 18 kernel/power/suspend.c | 6 kernel/trace/ring_buffer.c | 6 kernel/trace/trace_events.c | 4 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/bluetooth/l2cap_sock.c | 52 -- net/bluetooth/sco.c | 23 - net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/route.c | 4 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/netfilter/ip6_tables.c | 4 net/openvswitch/conntrack.c | 5 net/unix/af_unix.c | 8 net/unix/garbage.c | 35 + net/unix/scm.c | 8 net/xdp/xsk.c | 2 tools/testing/selftests/timers/posix_timers.c | 2 77 files changed, 711 insertions(+), 378 deletions(-) Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alex Constantino (1): Revert "drm/qxl: simplify qxl_fence_wait" Alex Deucher (1): drm/amdgpu: always force full reset for SOC21 Anna-Maria Behnsen (1): PM: s2idle: Make sure CPUs will wakeup directly on resume Arnd Bergmann (5): nouveau: fix function cast warning ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning tracing: hide unused ftrace_event_id_fops irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Arınç ÜNAL (1): net: dsa: mt7530: trap link-local frames regardless of ST Port State Boris Burkov (3): btrfs: qgroup: correctly model root qgroup rsv in convert btrfs: record delayed inode root in transaction btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Carolina Jubran (2): net/mlx5e: Fix mlx5e_priv_init() cleanup flow net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Cosmin Ratiu (1): net/mlx5: Properly link new fs rules into the tree Damien Le Moal (1): ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Dan Carpenter (1): scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Daniel Machon (1): net: sparx5: fix wrong config being used when reconfiguring PCS Daniel Sneddon (1): x86/bugs: Fix return type of spectre_bhi_state() David Arinzon (3): net: ena: Fix potential sign extension issue net: ena: Wrong missing IO completions check order net: ena: Fix incorrect descriptor free behavior Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Eric Dumazet (3): xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING geneve: fix header validation in geneve[6]_xmit_skb netfilter: complete validation of user input Frank Li (1): arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Fudongwang (1): drm/amd/display: fix disable otg wa logic in DCN316 Gavin Shan (2): vhost: Add smp_rmb() in vhost_vq_avail_empty() vhost: Add smp_rmb() in vhost_enable_notify() Geetha sowjanya (1): octeontx2-af: Fix NIX SQ mode and BP config Greg Kroah-Hartman (1): Linux 6.1.87 Harish Kasiviswanathan (1): drm/amdkfd: Reset GPU on queue preemption failure Ilya Maximets (1): net: openvswitch: fix unwanted error log on timeout policy probing Ingo Molnar (1): x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Jacob Pan (1): iommu/vt-d: Allocate local memory for page request queue Jammy Huang (1): drm/ast: Fix soft lockup Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr John Stultz (1): selftests: timers: Fix abs() warning in posix_timers test Josh Poimboeuf (6): x86/bugs: Fix BHI documentation x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES x86/bugs: Fix BHI handling of RRSBA x86/bugs: Clarify that syscall hardening isn't a BHI mitigation x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Kuniyuki Iwashima (2): af_unix: Clear stale u->oob_skb. af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Lijo Lazar (1): drm/amdgpu: Reset dGPU if suspend got aborted Luiz Augusto von Dentz (2): Bluetooth: SCO: Fix not validating setsockopt user input Bluetooth: L2CAP: Fix not validating setsockopt user input Marek Vasut (2): net: ks8851: Inline ks8851_rx_skb() net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Namhyung Kim (1): perf/x86: Fix out of range data Nini Song (1): media: cec: core: remove length check of Timer Status Pavan Chebbi (1): bnxt_en: Reset PTP tx_avail after possible firmware reset Pavel Begunkov (1): io_uring/net: restore msg_control on sendzc retry Petr Tesarik (1): u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Sean Christopherson (1): x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Steve French (1): smb3: fix Open files on server counter going negative Steven Rostedt (Google) (1): ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Tim Huang (1): drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Ville Syrjälä (4): drm/i915/vrr: Disable VRR when using bigjoiner drm/client: Fully protect modes[] with dev->mode_config.mutex drm/i915/cdclk: Fix CDCLK programming order when pipes are active drm/i915: Disable port sync when bigjoiner is used Xiang Chen (1): scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration

1 year, 2 months

1
1
0 0

Linux 5.15.156

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.156 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 22 - Documentation/admin-guide/kernel-parameters.txt | 12 - Makefile | 2 arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 - arch/x86/Kconfig | 21 - arch/x86/events/core.c | 1 arch/x86/include/asm/apic.h | 3 arch/x86/kernel/cpu/bugs.c | 82 +++---- arch/x86/kernel/cpu/common.c | 48 ++-- drivers/gpu/drm/drm_client_modeset.c | 3 drivers/gpu/drm/i915/display/intel_cdclk.c | 7 drivers/gpu/drm/i915/display/intel_cdclk.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 drivers/gpu/drm/qxl/qxl_release.c | 50 +++- drivers/iommu/intel/svm.c | 2 drivers/media/cec/core/cec-adap.c | 14 - drivers/net/dsa/mt7530.c | 229 +++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/amazon/ena/ena_com.c | 2 drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++- drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 20 - drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 drivers/net/ethernet/microchip/sparx5/sparx5_port.c | 4 drivers/net/geneve.c | 4 drivers/scsi/qla2xxx/qla_edif.c | 2 drivers/vhost/vhost.c | 12 - fs/btrfs/qgroup.c | 2 include/linux/dma-fence.h | 7 include/linux/irqflags.h | 2 include/linux/u64_stats_sync.h | 42 ++- include/net/addrconf.h | 4 include/net/af_unix.h | 2 include/net/ip_tunnels.h | 33 ++ kernel/cpu.c | 3 kernel/trace/ring_buffer.c | 6 kernel/trace/trace_events.c | 4 net/batman-adv/translation-table.c | 2 net/bluetooth/hci_request.c | 4 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/route.c | 4 net/ipv6/addrconf.c | 7 net/ipv6/ip6_fib.c | 7 net/ipv6/netfilter/ip6_tables.c | 4 net/openvswitch/conntrack.c | 5 net/unix/af_unix.c | 8 net/unix/garbage.c | 35 ++- net/unix/scm.c | 8 net/xdp/xsk.c | 2 tools/testing/selftests/timers/posix_timers.c | 2 50 files changed, 553 insertions(+), 253 deletions(-) Adam Dunlap (1): x86/apic: Force native_apic_mem_read() to use the MOV instruction Alex Constantino (1): Revert "drm/qxl: simplify qxl_fence_wait" Arnd Bergmann (5): nouveau: fix function cast warning ipv6: fib: hide unused 'pn' variable ipv4/route: avoid unused-but-set-variable warning tracing: hide unused ftrace_event_id_fops irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Arınç ÜNAL (1): net: dsa: mt7530: trap link-local frames regardless of ST Port State Boris Burkov (1): btrfs: qgroup: correctly model root qgroup rsv in convert Cosmin Ratiu (1): net/mlx5: Properly link new fs rules into the tree Dan Carpenter (1): scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Daniel Machon (1): net: sparx5: fix wrong config being used when reconfiguring PCS Daniel Sneddon (1): x86/bugs: Fix return type of spectre_bhi_state() David Arinzon (3): net: ena: Fix potential sign extension issue net: ena: Wrong missing IO completions check order net: ena: Fix incorrect descriptor free behavior Dmitry Antipov (1): Bluetooth: Fix memory leak in hci_req_sync_complete() Eric Dumazet (3): xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING geneve: fix header validation in geneve[6]_xmit_skb netfilter: complete validation of user input Frank Li (1): arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Gavin Shan (1): vhost: Add smp_rmb() in vhost_vq_avail_empty() Geetha sowjanya (1): octeontx2-af: Fix NIX SQ mode and BP config Greg Kroah-Hartman (1): Linux 5.15.156 Ilya Maximets (1): net: openvswitch: fix unwanted error log on timeout policy probing Ingo Molnar (1): x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Jacob Pan (1): iommu/vt-d: Allocate local memory for page request queue Jiri Benc (1): ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr John Stultz (1): selftests: timers: Fix abs() warning in posix_timers test Josh Poimboeuf (6): x86/bugs: Fix BHI documentation x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES x86/bugs: Fix BHI handling of RRSBA x86/bugs: Clarify that syscall hardening isn't a BHI mitigation x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Kuniyuki Iwashima (2): af_unix: Clear stale u->oob_skb. af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Namhyung Kim (1): perf/x86: Fix out of range data Nini Song (1): media: cec: core: remove length check of Timer Status Sean Christopherson (1): x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sebastian Andrzej Siewior (1): u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates. Steven Rostedt (Google) (1): ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann (1): batman-adv: Avoid infinite loop trying to resize local TT Ville Syrjälä (2): drm/client: Fully protect modes[] with dev->mode_config.mutex drm/i915/cdclk: Fix CDCLK programming order when pipes are active

1 year, 2 months

1
1
0 0

[PATCH 2/2] serial: stm32: Reset .throttled state in .startup()

by Uwe Kleine-König

When an UART is opened that still has .throttled set from a previous open, the RX interrupt is enabled but the irq handler doesn't consider it. This easily results in a stuck irq with the effect to occupy the CPU in a tight loop. So reset the throttle state in .startup() to ensure that RX irqs are handled. Fixes: d1ec8a2eabe9 ("serial: stm32: update throttle and unthrottle ops for dma mode") Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> --- drivers/tty/serial/stm32-usart.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 2bea1d7c9858..e1e7bc04c579 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -1080,6 +1080,7 @@ static int stm32_usart_startup(struct uart_port *port) val |= USART_CR2_SWAP; writel_relaxed(val, port->membase + ofs->cr2); } + stm32_port->throttled = false; /* RX FIFO Flush */ if (ofs->rqr != UNDEF_REG) -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 1/2] serial: stm32: Return IRQ_NONE in the ISR if no handling happend

by Uwe Kleine-König

If there is a stuck irq that the handler doesn't address, returning IRQ_HANDLED unconditionally makes it impossible for the irq core to detect the problem and disable the irq. So only return IRQ_HANDLED if an event was handled. A stuck irq is still problematic, but with this change at least it only makes the UART nonfunctional instead of occupying the (usually only) CPU by 100% and so stall the whole machine. Fixes: 48a6092fb41f ("serial: stm32-usart: Add STM32 USART Driver") Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> --- drivers/tty/serial/stm32-usart.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 8c66abcfe6ca..2bea1d7c9858 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -849,6 +849,7 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) const struct stm32_usart_offsets *ofs = &stm32_port->info->ofs; u32 sr; unsigned int size; + irqreturn_t ret = IRQ_NONE; sr = readl_relaxed(port->membase + ofs->isr); @@ -857,11 +858,14 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) (sr & USART_SR_TC)) { stm32_usart_tc_interrupt_disable(port); stm32_usart_rs485_rts_disable(port); + ret = IRQ_HANDLED; } - if ((sr & USART_SR_RTOF) && ofs->icr != UNDEF_REG) + if ((sr & USART_SR_RTOF) && ofs->icr != UNDEF_REG) { writel_relaxed(USART_ICR_RTOCF, port->membase + ofs->icr); + ret = IRQ_HANDLED; + } if ((sr & USART_SR_WUF) && ofs->icr != UNDEF_REG) { /* Clear wake up flag and disable wake up interrupt */ @@ -870,6 +874,7 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) stm32_usart_clr_bits(port, ofs->cr3, USART_CR3_WUFIE); if (irqd_is_wakeup_set(irq_get_irq_data(port->irq))) pm_wakeup_event(tport->tty->dev, 0); + ret = IRQ_HANDLED; } /* @@ -884,6 +889,7 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) uart_unlock_and_check_sysrq(port); if (size) tty_flip_buffer_push(tport); + ret = IRQ_HANDLED; } } @@ -891,6 +897,7 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) uart_port_lock(port); stm32_usart_transmit_chars(port); uart_port_unlock(port); + ret = IRQ_HANDLED; } /* Receiver timeout irq for DMA RX */ @@ -900,9 +907,10 @@ static irqreturn_t stm32_usart_interrupt(int irq, void *ptr) uart_unlock_and_check_sysrq(port); if (size) tty_flip_buffer_push(tport); + ret = IRQ_HANDLED; } - return IRQ_HANDLED; + return ret; } static void stm32_usart_set_mctrl(struct uart_port *port, unsigned int mctrl) -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH] net: usb: ax88179_178a: avoid writing the mac address before first reading

by Jose Ignacio Tornos Martinez

After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets"), reset operation, in which the default mac address from the device is read, is not executed from bind operation and the random address, that is pregenerated just in case, is direclty written the first time in the device, so the default one from the device is not even read. This writing is not dangerous because is volatile and the default mac address is not missed. In order to avoid this, do not allow writing a mac address directly into the device, if the default mac address from the device has not been read yet. cc: stable(a)vger.kernel.org # 6.6+ Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") Reported-by: Jarkko Palviainen <jarkko.palviainen(a)gmail.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- drivers/net/usb/ax88179_178a.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 69169842fa2f..650bb7b6badf 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -174,6 +174,7 @@ struct ax88179_data { u32 wol_supported; u32 wolopts; u8 disconnecting; + u8 mac_address_read; }; struct ax88179_int_data { @@ -969,9 +970,12 @@ static int ax88179_change_mtu(struct net_device *net, int new_mtu) static int ax88179_set_mac_addr(struct net_device *net, void *p) { struct usbnet *dev = netdev_priv(net); + struct ax88179_data *ax179_data = dev->driver_priv; struct sockaddr *addr = p; int ret; + if (!ax179_data->mac_address_read) + return -EAGAIN; if (netif_running(net)) return -EBUSY; if (!is_valid_ether_addr(addr->sa_data)) @@ -1256,6 +1260,7 @@ static int ax88179_led_setting(struct usbnet *dev) static void ax88179_get_mac_addr(struct usbnet *dev) { + struct ax88179_data *ax179_data = dev->driver_priv; u8 mac[ETH_ALEN]; memset(mac, 0, sizeof(mac)); @@ -1281,6 +1286,9 @@ static void ax88179_get_mac_addr(struct usbnet *dev) ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN, ETH_ALEN, dev->net->dev_addr); + + ax179_data->mac_address_read = 1; + netdev_info(dev->net, "MAC address: %pM\n", dev->net->dev_addr); } static int ax88179_bind(struct usbnet *dev, struct usb_interface *intf) -- 2.44.0

1 year, 2 months

2
4
0 0

[PATCH ver.2 6.1.y 0/6] ASoC: codecs: es8326: fix support (backport from v6.6)

by kovalev＠altlinux.org

Without these patches, all tested laptop models using the es8326 audio codec have no sound from the speakers and headphones, and the headset microphone does not work. Although the initialization of the sound card is successful. -- ver.2: drop a commit that does not affect the fix of functionality; added an explanation that does not work on the current version of the kernel without patches. -- Patches have been successfully tested on the latest 6.1.86 kernel. [PATCH 6.1.y 1/6] ASoC: codecs: ES8326: Add es8326_mute function [PATCH 6.1.y 2/6] ASoC: codecs: ES8326: Change Hp_detect register names [PATCH 6.1.y 3/6] ASoC: codecs: ES8326: Change Volatile Reg function [PATCH 6.1.y 4/6] ASoC: codecs: ES8326: Fix power-up sequence [PATCH 6.1.y 5/6] ASOC: codecs: ES8326: Add calibration support for [PATCH 6.1.y 6/6] ASoC: codecs: ES8326: Update jact detection function

1 year, 2 months

1
6
0 0

[PATCH 6.1 00/69] 6.1.87-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.87 release. There are 69 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.87-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.87-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- drivers/ata/libata-scsi.c | 9 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 27 ++- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/iommu/intel/svm.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +-- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/vhost/vhost.c | 28 ++- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 17 +- fs/smb/client/cached_dir.c | 4 +- include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 9 + include/net/ip_tunnels.h | 33 +++ io_uring/net.c | 1 + kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 52 ++--- net/bluetooth/sco.c | 23 +-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/timers/posix_timers.c | 2 +- 77 files changed, 715 insertions(+), 382 deletions(-)

1 year, 2 months

11
79
0 0

[PATCH] USB: serial: option: add support for Fibocom FM650/FG650

by Chuanhong Guo

Fibocom FM650/FG650 are 5G modems with ECM/NCM/RNDIS/MBIM modes. This patch adds support to all 4 modes. usb-devices output for all modes: ECM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 5 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a04 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 5 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms NCM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a05 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms RNDIS: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a06 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms MBIM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a07 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms Signed-off-by: Chuanhong Guo <gch981213(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..964d3fffa545 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -2277,6 +2277,10 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a3, 0xff) }, /* Fibocom FM101-GL (laptop MBIM) */ { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a4, 0xff), /* Fibocom FM101-GL (laptop MBIM) */ .driver_info = RSVD(4) }, + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a04, 0xff) }, /* Fibocom FM650-CN (ECM mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a05, 0xff) }, /* Fibocom FM650-CN (NCM mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a06, 0xff) }, /* Fibocom FM650-CN (RNDIS mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a07, 0xff) }, /* Fibocom FM650-CN (MBIM mode) */ { USB_DEVICE_INTERFACE_CLASS(0x2df3, 0x9d03, 0xff) }, /* LongSung M5710 */ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1404, 0xff) }, /* GosunCn GM500 RNDIS */ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1405, 0xff) }, /* GosunCn GM500 MBIM */ -- 2.44.0

1 year, 2 months

2
3
0 0

[PATCH 5.15 00/45] 5.15.156-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.156 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.156-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.156-rc1 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates. Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/iommu/intel/svm.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/vhost/vhost.c | 14 +- fs/btrfs/qgroup.c | 2 + include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/u64_stats_sync.h | 42 ++-- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/ip_tunnels.h | 33 +++ kernel/cpu.c | 3 +- kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/timers/posix_timers.c | 2 +- 50 files changed, 556 insertions(+), 256 deletions(-)

1 year, 2 months

9
54
0 0

[Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Dear Reviewers, we suggest to backport a commit to Linux kernel-5.10 stable tree to fix thermal bug. Thanks a lot source patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… thermal: core: Fix thermal zone suspend-resume synchronization There are 3 synchronization issues with thermal zone suspend-resume during system-wide transitions: 1. The resume code runs in a PM notifier which is invoked after user space has been thawed, so it can run concurrently with user space which can trigger a thermal zone device removal. If that happens, the thermal zone resume code may use a stale pointer to the next list element and crash, because it does not hold thermal_list_lock while walking thermal_tz_list. 2. The thermal zone resume code calls thermal_zone_device_init() outside the zone lock, so user space or an update triggered by the platform firmware may see an inconsistent state of a thermal zone leading to unexpected behavior. 3. Clearing the in_suspend global variable in thermal_pm_notify() allows __thermal_zone_device_update() to continue for all thermal zones and it may as well run before the thermal_tz_list walk (or at any point during the list walk for that matter) and attempt to operate on a thermal zone that has not been resumed yet. It may also race destructively with thermal_zone_device_init(). To address these issues, add thermal_list_lock locking to thermal_pm_notify(), especially arount the thermal_tz_list, make it call thermal_zone_device_init() back-to-back with __thermal_zone_device_update() under the zone lock and replace in_suspend with per-zone bool "suspend" indicators set and unset under the given zone's lock. Link: https://lore.kernel.org/linux-pm/20231218162348.69101-1-bo.ye@mediatek.com/ Reported-by: Bo Ye <bo.ye(a)mediatek.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.co thermal: core: Fix thermal zone suspend-resume synchronization There are 3 synchronization issues with thermal zone suspend-resume during system-wide transitions: 1. The resume code runs in a PM notifier which is invoked after user space has been thawed, so it can run concurrently with user space which can trigger a thermal zone device removal. If that happens, the thermal zone resume code may use a stale pointer to the next list element and crash, because it does not hold thermal_list_lock while walking thermal_tz_list. 2. The thermal zone resume code calls thermal_zone_device_init() outside the zone lock, so user space or an update triggered by the platform firmware may see an inconsistent state of a thermal zone leading to unexpected behavior. 3. Clearing the in_suspend global variable in thermal_pm_notify() allows __thermal_zone_device_update() to continue for all thermal zones and it may as well run before the thermal_tz_list walk (or at any point during the list walk for that matter) and attempt to operate on a thermal zone that has not been resumed yet. It may also race destructively with thermal_zone_device_init(). To address these issues, add thermal_list_lock locking to thermal_pm_notify(), especially arount the thermal_tz_list, make it call thermal_zone_device_init() back-to-back with __thermal_zone_device_update() under the zone lock and replace in_suspend with per-zone bool "suspend" indicators set and unset under the given zone's lock. Link: https://lore.kernel.org/linux-pm/20231218162348.69101-1-bo.ye@mediatek.com/ Reported-by: Bo Ye <bo.ye(a)mediatek.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> BRs Bo Ye

1 year, 2 months

2
1
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 2 months

2
1
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 2 months

1
0
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly has been removed from the -mm tree. Its filename was mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly Date: Thu, 14 Mar 2024 17:12:59 +0100 Darrick reports that in some cases where pread() would fail with -EIO and mmap()+access would generate a SIGBUS signal, MADV_POPULATE_READ / MADV_POPULATE_WRITE will keep retrying forever and not fail with -EFAULT. While the madvise() call can be interrupted by a signal, this is not the desired behavior. MADV_POPULATE_READ / MADV_POPULATE_WRITE should behave like page faults in that case: fail and not retry forever. A reproducer can be found at [1]. The reason is that __get_user_pages(), as called by faultin_vma_page_range(), will not handle VM_FAULT_RETRY in a proper way: it will simply return 0 when VM_FAULT_RETRY happened, making madvise_populate()->faultin_vma_page_range() retry again and again, never setting FOLL_TRIED->FAULT_FLAG_TRIED for __get_user_pages(). __get_user_pages_locked() does what we want, but duplicating that logic in faultin_vma_page_range() feels wrong. So let's use __get_user_pages_locked() instead, that will detect VM_FAULT_RETRY and set FOLL_TRIED when retrying, making the fault handler return VM_FAULT_SIGBUS (VM_FAULT_ERROR) at some point, propagating -EFAULT from faultin_page() to __get_user_pages(), all the way to madvise_populate(). But, there is an issue: __get_user_pages_locked() will end up re-taking the MM lock and then __get_user_pages() will do another VMA lookup. In the meantime, the VMA layout could have changed and we'd fail with different error codes than we'd want to. As __get_user_pages() will currently do a new VMA lookup either way, let it do the VMA handling in a different way, controlled by a new FOLL_MADV_POPULATE flag, effectively moving these checks from madvise_populate() + faultin_page_range() in there. With this change, Darricks reproducer properly fails with -EFAULT, as documented for MADV_POPULATE_READ / MADV_POPULATE_WRITE. [1] https://lore.kernel.org/all/20240313171936.GN1927156@frogsfrogsfrogs/ Link: https://lkml.kernel.org/r/20240314161300.382526-1-david@redhat.com Link: https://lkml.kernel.org/r/20240314161300.382526-2-david@redhat.com Fixes: 4ca9b3859dac ("mm/madvise: introduce MADV_POPULATE_(READ|WRITE) to prefault page tables") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Darrick J. Wong <djwong(a)kernel.org> Closes: https://lore.kernel.org/all/20240311223815.GW1927156@frogsfrogsfrogs/ Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 54 ++++++++++++++++++++++++++++-------------------- mm/internal.h | 10 +++++--- mm/madvise.c | 17 +-------------- 3 files changed, 40 insertions(+), 41 deletions(-) --- a/mm/gup.c~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/gup.c @@ -1206,6 +1206,22 @@ static long __get_user_pages(struct mm_s /* first iteration or cross vma bound */ if (!vma || start >= vma->vm_end) { + /* + * MADV_POPULATE_(READ|WRITE) wants to handle VMA + * lookups+error reporting differently. + */ + if (gup_flags & FOLL_MADV_POPULATE) { + vma = vma_lookup(mm, start); + if (!vma) { + ret = -ENOMEM; + goto out; + } + if (check_vma_flags(vma, gup_flags)) { + ret = -EINVAL; + goto out; + } + goto retry; + } vma = gup_vma_lookup(mm, start); if (!vma && in_gate_area(mm, start)) { ret = get_gate_page(mm, start & PAGE_MASK, @@ -1685,35 +1701,35 @@ long populate_vma_page_range(struct vm_a } /* - * faultin_vma_page_range() - populate (prefault) page tables inside the - * given VMA range readable/writable + * faultin_page_range() - populate (prefault) page tables inside the + * given range readable/writable * * This takes care of mlocking the pages, too, if VM_LOCKED is set. * - * @vma: target vma + * @mm: the mm to populate page tables in * @start: start address * @end: end address * @write: whether to prefault readable or writable * @locked: whether the mmap_lock is still held * - * Returns either number of processed pages in the vma, or a negative error - * code on error (see __get_user_pages()). + * Returns either number of processed pages in the MM, or a negative error + * code on error (see __get_user_pages()). Note that this function reports + * errors related to VMAs, such as incompatible mappings, as expected by + * MADV_POPULATE_(READ|WRITE). * - * vma->vm_mm->mmap_lock must be held. The range must be page-aligned and - * covered by the VMA. If it's released, *@locked will be set to 0. + * The range must be page-aligned. + * + * mm->mmap_lock must be held. If it's released, *@locked will be set to 0. */ -long faultin_vma_page_range(struct vm_area_struct *vma, unsigned long start, - unsigned long end, bool write, int *locked) +long faultin_page_range(struct mm_struct *mm, unsigned long start, + unsigned long end, bool write, int *locked) { - struct mm_struct *mm = vma->vm_mm; unsigned long nr_pages = (end - start) / PAGE_SIZE; int gup_flags; long ret; VM_BUG_ON(!PAGE_ALIGNED(start)); VM_BUG_ON(!PAGE_ALIGNED(end)); - VM_BUG_ON_VMA(start < vma->vm_start, vma); - VM_BUG_ON_VMA(end > vma->vm_end, vma); mmap_assert_locked(mm); /* @@ -1725,19 +1741,13 @@ long faultin_vma_page_range(struct vm_ar * a poisoned page. * !FOLL_FORCE: Require proper access permissions. */ - gup_flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_UNLOCKABLE; + gup_flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_UNLOCKABLE | + FOLL_MADV_POPULATE; if (write) gup_flags |= FOLL_WRITE; - /* - * We want to report -EINVAL instead of -EFAULT for any permission - * problems or incompatible mappings. - */ - if (check_vma_flags(vma, gup_flags)) - return -EINVAL; - - ret = __get_user_pages(mm, start, nr_pages, gup_flags, - NULL, locked); + ret = __get_user_pages_locked(mm, start, nr_pages, NULL, locked, + gup_flags); lru_add_drain(); return ret; } --- a/mm/internal.h~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/internal.h @@ -686,9 +686,8 @@ struct anon_vma *folio_anon_vma(struct f void unmap_mapping_folio(struct folio *folio); extern long populate_vma_page_range(struct vm_area_struct *vma, unsigned long start, unsigned long end, int *locked); -extern long faultin_vma_page_range(struct vm_area_struct *vma, - unsigned long start, unsigned long end, - bool write, int *locked); +extern long faultin_page_range(struct mm_struct *mm, unsigned long start, + unsigned long end, bool write, int *locked); extern bool mlock_future_ok(struct mm_struct *mm, unsigned long flags, unsigned long bytes); @@ -1127,10 +1126,13 @@ enum { FOLL_FAST_ONLY = 1 << 20, /* allow unlocking the mmap lock */ FOLL_UNLOCKABLE = 1 << 21, + /* VMA lookup+checks compatible with MADV_POPULATE_(READ|WRITE) */ + FOLL_MADV_POPULATE = 1 << 22, }; #define INTERNAL_GUP_FLAGS (FOLL_TOUCH | FOLL_TRIED | FOLL_REMOTE | FOLL_PIN | \ - FOLL_FAST_ONLY | FOLL_UNLOCKABLE) + FOLL_FAST_ONLY | FOLL_UNLOCKABLE | \ + FOLL_MADV_POPULATE) /* * Indicates for which pages that are write-protected in the page table, --- a/mm/madvise.c~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/madvise.c @@ -908,27 +908,14 @@ static long madvise_populate(struct vm_a { const bool write = behavior == MADV_POPULATE_WRITE; struct mm_struct *mm = vma->vm_mm; - unsigned long tmp_end; int locked = 1; long pages; *prev = vma; while (start < end) { - /* - * We might have temporarily dropped the lock. For example, - * our VMA might have been split. - */ - if (!vma || start >= vma->vm_end) { - vma = vma_lookup(mm, start); - if (!vma) - return -ENOMEM; - } - - tmp_end = min_t(unsigned long, end, vma->vm_end); /* Populate (prefault) page tables readable/writable. */ - pages = faultin_vma_page_range(vma, start, tmp_end, write, - &locked); + pages = faultin_page_range(mm, start, end, write, &locked); if (!locked) { mmap_read_lock(mm); locked = 1; @@ -949,7 +936,7 @@ static long madvise_populate(struct vm_a pr_warn_once("%s: unhandled return value: %ld\n", __func__, pages); fallthrough; - case -ENOMEM: + case -ENOMEM: /* No VMA or out of memory. */ return -ENOMEM; } } _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch drivers-virt-acrn-fix-pfnmap-pte-checks-in-acrn_vm_ram_map.patch mm-pass-vma-instead-of-mm-to-follow_pte.patch mm-follow_pte-improvements.patch mm-allow-for-detecting-underflows-with-page_mapcount-again.patch mm-rmap-always-inline-anon-file-rmap-duplication-of-a-single-pte.patch mm-rmap-add-fast-path-for-small-folios-when-adding-removing-duplicating.patch mm-track-mapcount-of-large-folios-in-single-value.patch mm-improve-folio_likely_mapped_shared-using-the-mapcount-of-large-folios.patch mm-make-folio_mapcount-return-0-for-small-typed-folios.patch mm-memory-use-folio_mapcount-in-zap_present_folio_ptes.patch mm-huge_memory-use-folio_mapcount-in-zap_huge_pmd-sanity-check.patch mm-memory-failure-use-folio_mapcount-in-hwpoison_user_mappings.patch mm-page_alloc-use-folio_mapped-in-__alloc_contig_migrate_range.patch mm-migrate-use-folio_likely_mapped_shared-in-add_page_for_migration.patch sh-mm-cache-use-folio_mapped-in-copy_from_user_page.patch mm-filemap-use-folio_mapcount-in-filemap_unaccount_folio.patch mm-migrate_device-use-folio_mapcount-in-migrate_vma_check_page.patch trace-events-page_ref-trace-the-raw-page-mapcount-value.patch xtensa-mm-convert-check_tlb_entry-to-sanity-check-folios.patch mm-debug-print-only-page-mapcount-excluding-folio-entire-mapcount-in-__dump_folio.patch documentation-admin-guide-cgroup-v1-memoryrst-dont-reference-page_mapcount.patch mm-ksm-rename-get_ksm_page_flags-to-ksm_get_folio_flags.patch mm-ksm-remove-page_mapcount-usage-in-stable_tree_search.patch loongarch-tlb-fix-error-parameter-ptep-set-but-not-used-due-to-__tlb_remove_tlb_entry.patch

1 year, 2 months

2
1
0 0

[merged mm-hotfixes-stable] nilfs2-fix-oob-in-nilfs_set_de_type.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix OOB in nilfs_set_de_type has been removed from the -mm tree. Its filename was nilfs2-fix-oob-in-nilfs_set_de_type.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: nilfs2: fix OOB in nilfs_set_de_type Date: Tue, 16 Apr 2024 03:20:48 +0900 The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT". static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors. Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com Reported-by: syzbot+2e22057de05b9f3b30d8(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-oob-in-nilfs_set_de_type +++ a/fs/nilfs2/dir.c @@ -240,7 +240,7 @@ nilfs_filetype_table[NILFS_FT_MAX] = { #define S_SHIFT 12 static unsigned char -nilfs_type_by_mode[S_IFMT >> S_SHIFT] = { +nilfs_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = { [S_IFREG >> S_SHIFT] = NILFS_FT_REG_FILE, [S_IFDIR >> S_SHIFT] = NILFS_FT_DIR, [S_IFCHR >> S_SHIFT] = NILFS_FT_CHRDEV, _ Patches currently in -mm which might be from aha310510(a)gmail.com are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fork: defer linking file vma until vma is fully initialized has been removed from the -mm tree. Its filename was fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: fork: defer linking file vma until vma is fully initialized Date: Wed, 10 Apr 2024 17:14:41 +0800 Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) --- a/kernel/fork.c~fork-defer-linking-file-vma-until-vma-is-fully-initialized +++ a/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(str } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(str i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out; _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem: inline shmem_is_huge() for disabled transparent hugepages has been removed from the -mm tree. Its filename was mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Date: Tue, 9 Apr 2024 17:54:07 +0200 In order to minimize code size (CONFIG_CC_OPTIMIZE_FOR_SIZE=y), compiler might choose to make a regular function call (out-of-line) for shmem_is_huge() instead of inlining it. When transparent hugepages are disabled (CONFIG_TRANSPARENT_HUGEPAGE=n), it can cause compilation error. mm/shmem.c: In function `shmem_getattr': ./include/linux/huge_mm.h:383:27: note: in expansion of macro `BUILD_BUG' 383 | #define HPAGE_PMD_SIZE ({ BUILD_BUG(); 0; }) | ^~~~~~~~~ mm/shmem.c:1148:33: note: in expansion of macro `HPAGE_PMD_SIZE' 1148 | stat->blksize = HPAGE_PMD_SIZE; To prevent the possible error, always inline shmem_is_huge() when transparent hugepages are disabled. Link: https://lkml.kernel.org/r/20240409155407.2322714-1-sumanthk@linux.ibm.com Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ilya Leoshkevich <iii(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/shmem_fs.h | 9 +++++++++ mm/shmem.c | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) --- a/include/linux/shmem_fs.h~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/include/linux/shmem_fs.h @@ -110,8 +110,17 @@ extern struct page *shmem_read_mapping_p extern void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end); int shmem_unuse(unsigned int type); +#ifdef CONFIG_TRANSPARENT_HUGEPAGE extern bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, struct mm_struct *mm, unsigned long vm_flags); +#else +static __always_inline bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, + struct mm_struct *mm, unsigned long vm_flags) +{ + return false; +} +#endif + #ifdef CONFIG_SHMEM extern unsigned long shmem_swap_usage(struct vm_area_struct *vma); #else --- a/mm/shmem.c~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/mm/shmem.c @@ -748,12 +748,6 @@ static long shmem_unused_huge_count(stru #define shmem_huge SHMEM_HUGE_DENY -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) -{ - return false; -} - static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, struct shrink_control *sc, unsigned long nr_to_split) { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Squashfs: check the inode number is not the invalid value of zero has been removed from the -mm tree. Its filename was squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: check the inode number is not the invalid value of zero Date: Mon, 8 Apr 2024 23:02:06 +0100 Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. [phillip(a)squashfs.org.uk: whitespace fix] Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport(a)ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/inode.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/fs/squashfs/inode.c~squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero +++ a/fs/squashfs/inode.c @@ -48,6 +48,10 @@ static int squashfs_new_inode(struct sup gid_t i_gid; int err; + inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); + if (inode->i_ino == 0) + return -EINVAL; + err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid); if (err) return err; @@ -58,7 +62,6 @@ static int squashfs_new_inode(struct sup i_uid_write(inode, i_uid); i_gid_write(inode, i_gid); - inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); inode_set_mtime(inode, le32_to_cpu(sqsh_ino->mtime), 0); inode_set_atime(inode, inode_get_mtime_sec(inode), 0); inode_set_ctime(inode, inode_get_mtime_sec(inode), 0); _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are squashfs-remove-deprecated-strncpy-by-not-copying-the-string.patch

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries has been removed from the -mm tree. Its filename was mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Date: Sun, 7 Apr 2024 15:05:37 +0200 Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swapops.h | 65 +++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 32 deletions(-) --- a/include/linux/swapops.h~mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries +++ a/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_di } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_ent /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; _ Patches currently in -mm which might be from osalvador(a)suse.de are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been removed from the -mm tree. Its filename was mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Sun, 7 Apr 2024 16:54:56 +0800 When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the lock dependency chain: memory_failure __page_handle_poison zone_pcp_disable -- lock(pcp_batch_high_lock) dissolve_free_huge_page __hugetlb_vmemmap_restore_folio static_key_slow_dec cpus_read_lock -- rlock(cpu_hotplug_lock) Fix this by calling drain_all_pages() instead. This issue won't occur until commit a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key"). As it introduced rlock(cpu_hotplug_lock) in dissolve_free_huge_page() code path while lock(pcp_batch_high_lock) is already in the __page_handle_poison(). [linmiaohe(a)huawei.com: extend comment per Oscar] [akpm(a)linux-foundation.org: reflow block comment] Link: https://lkml.kernel.org/r/20240407085456.2798193-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled +++ a/mm/memory-failure.c @@ -154,11 +154,23 @@ static int __page_handle_poison(struct p { int ret; - zone_pcp_disable(page_zone(page)); + /* + * zone_pcp_disable() can't be used here. It will + * hold pcp_batch_high_lock and dissolve_free_huge_page() might hold + * cpu_hotplug_lock via static_key_slow_dec() when hugetlb vmemmap + * optimization is enabled. This will break current lock dependency + * chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic + * approach because we made sure that those pages cannot end up in any + * PCP list. Draining PCP lists expels those pages to the buddy system, + * but nothing guarantees that those pages do not get back to a PCP + * queue if we need to refill those. + */ ret = dissolve_free_huge_page(page); - if (!ret) + if (!ret) { + drain_all_pages(page_zone(page)); ret = take_page_off_buddy(page); - zone_pcp_enable(page_zone(page)); + } return ret; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/userfaultfd: allow hugetlb change protection upon poison entry has been removed from the -mm tree. Its filename was mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: allow hugetlb change protection upon poison entry Date: Fri, 5 Apr 2024 19:19:20 -0400 After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Link: https://lkml.kernel.org/r/20240405231920.1772199-1-peterx@redhat.com Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry +++ a/mm/hugetlb.c @@ -7044,9 +7044,13 @@ long hugetlb_change_protection(struct vm if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch mm-page_table_check-support-userfault-wr-protect-entries.patch

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE has been removed from the -mm tree. Its filename was userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lokesh Gidra <lokeshgidra(a)google.com> Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Date: Thu, 4 Apr 2024 10:17:26 -0700 Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case. Link: https://lkml.kernel.org/r/20240404171726.2302435-1-lokeshgidra@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/huge_memory.c~userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move +++ a/mm/huge_memory.c @@ -2259,9 +2259,6 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } - folio_move_anon_rmap(src_folio, dst_vma); - WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); - src_pmdval = pmdp_huge_clear_flush(src_vma, src_addr, src_pmd); /* Folio got pinned from under us. Put it back and fail the move. */ if (folio_maybe_dma_pinned(src_folio)) { @@ -2270,6 +2267,9 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } + folio_move_anon_rmap(src_folio, dst_vma); + WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); + _dst_pmd = mk_huge_pmd(&src_folio->page, dst_vma->vm_page_prot); /* Follow mremap() behavior and treat the entry dirty after the move */ _dst_pmd = pmd_mkwrite(pmd_mkdirty(_dst_pmd), dst_vma); _ Patches currently in -mm which might be from lokeshgidra(a)google.com are

1 year, 2 months

1
0
0 0

[folded-merged] mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been removed from the -mm tree. Its filename was mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch This patch was dropped because it was folded into mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Fri, 12 Apr 2024 10:57:54 +0800 extend comment per Oscar Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2 +++ a/mm/memory-failure.c @@ -159,6 +159,10 @@ static int __page_handle_poison(struct p * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() * when hugetlb vmemmap optimization is enabled. This will break current lock * dependency chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic approach because + * we made sure that those pages cannot end up in any PCP list. Draining PCP lists + * expels those pages to the buddy system, but nothing guarantees that those pages + * do not get back to a PCP queue if we need to refill those. */ ret = dissolve_free_huge_page(page); if (!ret) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 2 months

1
0
0 0

[PATCH] Revert 2267b2e84593bd3d61a1188e68fba06307fa9dab

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> ltp test fcntl17 fails on v5.15.154. This was bisected to commit 2267b2e84593 ("lockd: introduce safe async lock op"). Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- Documentation/filesystems/nfs/exporting.rst | 7 ------- fs/lockd/svclock.c | 4 +++- fs/nfsd/nfs4state.c | 10 +++------- include/linux/exportfs.h | 14 -------------- 4 files changed, 6 insertions(+), 29 deletions(-) diff --git a/Documentation/filesystems/nfs/exporting.rst b/Documentation/filesystems/nfs/exporting.rst index 6a1cbd7de38d..6f59a364f84c 100644 --- a/Documentation/filesystems/nfs/exporting.rst +++ b/Documentation/filesystems/nfs/exporting.rst @@ -241,10 +241,3 @@ following flags are defined: all of an inode's dirty data on last close. Exports that behave this way should set EXPORT_OP_FLUSH_ON_CLOSE so that NFSD knows to skip waiting for writeback when closing such files. - - EXPORT_OP_ASYNC_LOCK - Indicates a capable filesystem to do async lock - requests from lockd. Only set EXPORT_OP_ASYNC_LOCK if the filesystem has - it's own ->lock() functionality as core posix_lock_file() implementation - has no async lock request handling yet. For more information about how to - indicate an async lock request from a ->lock() file_operations struct, see - fs/locks.c and comment for the function vfs_lock_file(). diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c index 55c0a0331188..4e30f3c50970 100644 --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -470,7 +470,9 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, struct nlm_host *host, struct nlm_lock *lock, int wait, struct nlm_cookie *cookie, int reclaim) { +#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) struct inode *inode = nlmsvc_file_inode(file); +#endif struct nlm_block *block = NULL; int error; int mode; @@ -484,7 +486,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, (long long)lock->fl.fl_end, wait); - if (!exportfs_lock_op_is_async(inode->i_sb->s_export_op)) { + if (nlmsvc_file_file(file)->f_op->lock) { async_block = wait; wait = 0; } diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 40b5b226e504..d07176eee935 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -7420,7 +7420,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_blocked_lock *nbl = NULL; struct file_lock *file_lock = NULL; struct file_lock *conflock = NULL; - struct super_block *sb; __be32 status = 0; int lkflg; int err; @@ -7442,7 +7441,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, dprintk("NFSD: nfsd4_lock: permission denied!\n"); return status; } - sb = cstate->current_fh.fh_dentry->d_sb; if (lock->lk_is_new) { if (nfsd4_has_session(cstate)) @@ -7494,8 +7492,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fp = lock_stp->st_stid.sc_file; switch (lock->lk_type) { case NFS4_READW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_READ_LT: @@ -7507,8 +7504,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fl_type = F_RDLCK; break; case NFS4_WRITEW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_WRITE_LT: @@ -7536,7 +7532,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, * for file locks), so don't attempt blocking lock notifications * on those filesystems: */ - if (!exportfs_lock_op_is_async(sb->s_export_op)) + if (nf->nf_file->f_op->lock) fl_flags &= ~FL_SLEEP; nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index 6525f4b7eb97..218fc5c54e90 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -222,23 +222,9 @@ struct export_operations { atomic attribute updates */ #define EXPORT_OP_FLUSH_ON_CLOSE (0x20) /* fs flushes file data on close */ -#define EXPORT_OP_ASYNC_LOCK (0x40) /* fs can do async lock request */ unsigned long flags; }; -/** - * exportfs_lock_op_is_async() - export op supports async lock operation - * @export_ops: the nfs export operations to check - * - * Returns true if the nfs export_operations structure has - * EXPORT_OP_ASYNC_LOCK in their flags set - */ -static inline bool -exportfs_lock_op_is_async(const struct export_operations *export_ops) -{ - return export_ops->flags & EXPORT_OP_ASYNC_LOCK; -} - extern int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, int *max_len, struct inode *parent); extern int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH v2] rust: macros: fix soundness issue in `module!` macro

by Benno Lossin

The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- v1: https://lore.kernel.org/rust-for-linux/20240327160346.22442-1-benno.lossin@… v1 -> v2: - wrapped `__init` and `__exit` calls in `unsafe` blocks and added SAFETY comments, - fixed safety requirement on `__exit` and `__init`, - rebased onto rust-next. rust/macros/module.rs | 213 +++++++++++++++++++++++++----------------- 1 file changed, 127 insertions(+), 86 deletions(-) diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..293beca0a583 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,103 +199,144 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be - // freed until the module is unloaded. - #[cfg(MODULE)] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) - }}; - #[cfg(not(MODULE))] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(core::ptr::null_mut()) - }}; - - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; + + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); + + static mut __MOD: Option<{type_}> = None; + + // SAFETY: `__this_module` is constructed by the kernel at load time and will not be + // freed until the module is unloaded. + #[cfg(MODULE)] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) + }}; + #[cfg(not(MODULE))] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(core::ptr::null_mut()) + }}; + + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and + // there only `__init` and `__exit` access it. These functions are only + // called once and `__exit` cannot be called before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} + }} + }} - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and there + // only `__init` and `__exit` access it. These functions are only called once + // and `__init` was already called. unsafe {{ - __MOD = Some(m); + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; }} - return 0; }} - Err(e) => {{ - return e.to_errno(); - }} - }} - }} - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; + {modinfo} }} }} - - {modinfo} ", type_ = info.type_, name = info.name, base-commit: 9ffe2a730313f27cebd0859ea856247ac59c576c -- 2.44.0

1 year, 2 months

4
8
0 0

[PATCH V2 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..81cabd28eabe 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1656,7 +1656,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

1 year, 2 months

2
1
0 0

[PATCH 6.8 000/172] 6.8.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.7 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.7-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: always reset ODM mode in context when adding first plane Alex Hung <alex.hung(a)amd.com> drm/amd/display: Return max resolution supported by DWB Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: differentiate external rev id for gfx 11.5.0 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Disable PSR when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Amir Goldstein <amir73il(a)gmail.com> kernfs: annotate different lockdep class for of->mutex of writable files Oleg Nesterov <oleg(a)redhat.com> selftests: kselftest: Fix build failure with NOLIBC Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction Nathan Chancellor <nathan(a)kernel.org> selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix spi lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-lsio: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usb lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix adc lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix can lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8qm-ss-dma: fix can lpcg indices Lang Yu <Lang.Yu(a)amd.com> drm/amdgpu/umsch: reinitialize write pointer in hw init Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on connect failure Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on disconnect Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Brezillon <boris.brezillon(a)collabora.com> drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in context_xa Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Put NPU back to D3hot after failed resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Fix PCI D0 state entry in resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Check return code of ipc->lock init Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid race in error handling & drop bogus warn Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Masami Hiramatsu <mhiramat(a)kernel.org> fs/proc: Skip bootloader comment if no embedded kernel parameters Zhenhua Huang <quic_zhenhuah(a)quicinc.com> fs/proc: remove redundant comments from /proc/bootconfig Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jens Axboe <axboe(a)kernel.dk> io_uring: disable io-wq execution of multishot NOWAIT requests Pavel Begunkov <asml.silence(a)gmail.com> io_uring: refactor DEFER_TASKRUN multishot checks Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix WARN_ON in iommu probe path Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Xuchun Shang <xuchun.shang(a)linux.alibaba.com> iommu/vt-d: Fix wrong use of pasid config Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Cast result to output precision on left shift of operand Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix double mutex initialization David Arinzon <darinzon(a)amazon.com> net: ena: Set tx_info->xdpf value to NULL David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Gerd Bayer <gbayer(a)linux.ibm.com> Revert "s390/ism: fix receive message buffer allocation" Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: RSS, Block changing channels number when RXFH is configured Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Correctly compare pkt reformat ids Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Michael Liang <mliang(a)purestorage.com> net/mlx5: offset comp irq index in name by one Shay Drory <shayd(a)nvidia.com> net/mlx5: Register devlink first under devlink lock Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: SF, Stop waiting for FW as teardown was called Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Archie Pusaka <apusaka(a)chromium.org> Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Use QoS to determine which PHY to scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Align broadcast sync_timeout with connection timeout Brett Creeley <brett.creeley(a)amd.com> pds_core: Fix pdsc_check_pci_health function to use work thread Shannon Nelson <shannon.nelson(a)amd.com> pds_core: use pci_reset_function for health reset Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Dave Jiang <dave.jiang(a)intel.com> cxl: Fix retrieving of access_coordinates in PCIe path Dave Jiang <dave.jiang(a)intel.com> cxl: Remove checking of iter in cxl_endpoint_get_perf_coordinates() Dave Jiang <dave.jiang(a)intel.com> cxl: Split out host bridge access coordinates Dave Jiang <dave.jiang(a)intel.com> cxl: Split out combine_coordinates() for common shared usage Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access classes Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT: Introduce 2 levels of generic port access class Dave Jiang <dave.jiang(a)intel.com> base/node / ACPI: Enumerate node access class for 'struct access_coordinate' Raag Jadav <raag.jadav(a)intel.com> ACPI: bus: allow _UID matching for integer zero Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix error recovery for RoCE ulp client Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: fix receive message buffer allocation Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Arnd Bergmann <arnd(a)arndb.de> lib: checksum: hide unused expected_csum_ipv6_magic[] Ming Lei <ming.lei(a)redhat.com> block: fix q->blkg_list corruption during disk rebind Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix transmit scheduler resource leak Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Luca Weiss <luca.weiss(a)fairphone.com> drm/msm/adreno: Set highest_bank_bit for A619 Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Kwangjin Ko <kwangjin.ko(a)sk.com> cxl/core: Fix initialization of mbox_cmd.size_out in get event Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: display/msm: sm8150-mdss: add DP node Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't allow overriding data from catalog Stephen Boyd <swboyd(a)chromium.org> drm/msm: Add newlines to some debug prints Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw73xx-2x: fix USB vbus regulator Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw72xx-2x: fix USB vbus regulator Dave Jiang <dave.jiang(a)intel.com> cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned Yuquan Wang <wangyuquan1236(a)phytium.com.cn> cxl/mem: Fix for the index of Clear Event Record Handle Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Make raw debugfs entries non-seekable Jens Wiklander <jens.wiklander(a)linaro.org> firmware: arm_ffa: Fix the partition ID check in ffa_notification_info_get() Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix USB regression on Nokia N8x0 Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: restore original power up/down steps Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix deferred probe Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix broken slot switch lookup Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix N810 MMC gpiod table Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0 David Sterba <dsterba(a)suse.com> btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Hans de Goede <hdegoede(a)redhat.com> ACPI: scan: Do not increase dep_unmet for already met dependencies Noah Loomans <noah(a)noahloomans.com> platform/chrome: cros_ec_uart: properly fix race condition Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Yu Kuai <yukuai3(a)huawei.com> raid1: fix use-after-free for original bio in raid1_write_request() Fabio Estevam <festevam(a)denx.de> ARM: dts: imx7s-warp: Pass OV2680 link-frequencies Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Xiubo Li <xiubli(a)redhat.com> ceph: switch to use cap_delay_lock for the unlink delay list NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Peyton Lee <peytolee(a)amd.com> drm/amdgpu/vpe: power on vpe when hw_init Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Igor Pylypiv <ipylypiv(a)google.com> ata: libata-core: Allow command duration limits detection for ACS-4 drives Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- .../bindings/display/msm/qcom,sm8150-mdss.yaml | 9 + Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 + arch/arm/mach-omap2/board-n8x0.c | 23 +-- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 16 +- arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 40 ++-- arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 +- .../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 +- .../boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 +- arch/arm64/include/asm/tlbflush.h | 20 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- block/blk-cgroup.c | 9 +- block/blk-cgroup.h | 2 + block/blk-core.c | 2 + drivers/accel/ivpu/ivpu_drv.c | 20 +- drivers/accel/ivpu/ivpu_hw.h | 6 + drivers/accel/ivpu/ivpu_hw_37xx.c | 7 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 6 + drivers/accel/ivpu/ivpu_ipc.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/numa/hmat.c | 43 ++-- drivers/acpi/scan.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-scsi.c | 9 +- drivers/base/node.c | 6 +- drivers/cxl/acpi.c | 8 +- drivers/cxl/core/cdat.c | 58 ++++-- drivers/cxl/core/mbox.c | 5 +- drivers/cxl/core/port.c | 76 ++++--- drivers/cxl/core/regs.c | 5 +- drivers/cxl/cxl.h | 8 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/raw_mode.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c | 6 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 32 ++- drivers/gpu/drm/amd/amdgpu/umsch_mm_v4_0.c | 2 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c | 6 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 9 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 - .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_dp.c | 6 +- drivers/gpu/drm/i915/display/intel_psr.c | 11 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 + drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 8 +- drivers/gpu/drm/msm/dp/dp_display.c | 2 + drivers/gpu/drm/msm/msm_fb.c | 6 +- drivers/gpu/drm/msm/msm_kms.c | 4 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/xe/xe_display.c | 5 - drivers/gpu/drm/xe/xe_hwmon.c | 4 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/perfmon.c | 2 +- drivers/iommu/intel/svm.c | 2 +- drivers/md/raid1.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/mmc/host/omap.c | 48 +++-- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- drivers/net/ethernet/amazon/ena/ena_xdp.c | 4 +- drivers/net/ethernet/amd/pds_core/core.c | 14 +- drivers/net/ethernet/amd/pds_core/core.h | 5 +- drivers/net/ethernet/amd/pds_core/dev.c | 3 + drivers/net/ethernet/amd/pds_core/main.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 6 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +-- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 37 ++-- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 22 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/net/virtio_net.c | 28 ++- drivers/platform/chrome/cros_ec_uart.c | 28 +-- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/scsi/sg.c | 20 +- drivers/vhost/vhost.c | 28 ++- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/inode.c | 13 +- fs/btrfs/ioctl.c | 37 +++- fs/btrfs/qgroup.c | 2 + fs/btrfs/root-tree.c | 10 - fs/btrfs/root-tree.h | 2 - fs/btrfs/tests/extent-io-tests.c | 28 ++- fs/btrfs/transaction.c | 17 +- fs/ceph/addr.c | 4 +- fs/ceph/caps.c | 4 +- fs/ceph/mds_client.c | 9 +- fs/ceph/mds_client.h | 3 +- fs/kernfs/file.c | 9 +- fs/proc/bootconfig.c | 12 +- fs/smb/client/cached_dir.c | 4 +- include/acpi/acpi_bus.h | 8 +- include/linux/bootconfig.h | 1 + include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/node.h | 18 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 11 + include/net/ip_tunnels.h | 33 +++ init/main.c | 5 + io_uring/io_uring.c | 25 +++ io_uring/net.c | 22 +- io_uring/rw.c | 2 - kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + lib/checksum_kunit.c | 5 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/hci_sync.c | 66 +++++- net/bluetooth/iso.c | 50 ++--- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/l2cap_sock.c | 52 ++--- net/bluetooth/rfcomm/sock.c | 14 +- net/bluetooth/sco.c | 23 +-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/kselftest.h | 33 ++- tools/testing/selftests/timers/posix_timers.c | 105 +++++----- 170 files changed, 1559 insertions(+), 882 deletions(-)

1 year, 2 months

8
179
0 0

[PATCH] block: Fix BLKRRPART regression

by Saranya Muruganandam

The BLKRRPART ioctl used to report errors such as EIO before we changed the blkdev_reread_part() logic. Lets add a flag and capture the errors returned by bdev_disk_changed() when the flag is set. Setting this flag for the BLKRRPART path when we want the errors to be reported when rereading partitions on the disk. Link: https://lore.kernel.org/all/20240320015134.GA14267@lst.de/ Suggested-by: Christoph Hellwig <hch(a)lst.de> Tested: Tested by simulating failure to the block device and will propose a new test to blktests. Fixes: 4601b4b130de ("block: reopen the device in blkdev_reread_part") Reported-by: Saranya Muruganandam <saranyamohan(a)google.com> Signed-off-by: Saranya Muruganandam <saranyamohan(a)google.com> Change-Id: Idf3d97390ed78061556f8468d10d6cab24ae20b1 --- block/bdev.c | 31 +++++++++++++++++++++---------- block/ioctl.c | 3 ++- include/linux/blkdev.h | 3 +++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index 77fa77cd29bee..71478f8865546 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -632,6 +632,14 @@ static void blkdev_flush_mapping(struct block_device *bdev) bdev_write_inode(bdev); } +static void blkdev_put_whole(struct block_device *bdev) +{ + if (atomic_dec_and_test(&bdev->bd_openers)) + blkdev_flush_mapping(bdev); + if (bdev->bd_disk->fops->release) + bdev->bd_disk->fops->release(bdev->bd_disk); +} + static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) { struct gendisk *disk = bdev->bd_disk; @@ -650,18 +658,21 @@ static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) if (!atomic_read(&bdev->bd_openers)) set_init_blocksize(bdev); - if (test_bit(GD_NEED_PART_SCAN, &disk->state)) - bdev_disk_changed(disk, false); atomic_inc(&bdev->bd_openers); - return 0; -} -static void blkdev_put_whole(struct block_device *bdev) -{ - if (atomic_dec_and_test(&bdev->bd_openers)) - blkdev_flush_mapping(bdev); - if (bdev->bd_disk->fops->release) - bdev->bd_disk->fops->release(bdev->bd_disk); + if (test_bit(GD_NEED_PART_SCAN, &disk->state)) { + /* + * Only return scanning errors if we are called from contexts + * that explicitly want them, e.g. the BLKRRPART ioctl. + */ + ret = bdev_disk_changed(disk, false); + if (ret && (mode & BLK_OPEN_STRICT_SCAN)) { + blkdev_put_whole(bdev); + return ret; + } + } + + return 0; } static int blkdev_get_part(struct block_device *part, blk_mode_t mode) diff --git a/block/ioctl.c b/block/ioctl.c index aa46f3761c3ed..e8d72d9f327fd 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -557,7 +557,8 @@ static int blkdev_common_ioctl(struct block_device *bdev, blk_mode_t mode, return -EACCES; if (bdev_is_partition(bdev)) return -EINVAL; - return disk_scan_partitions(bdev->bd_disk, mode); + return disk_scan_partitions(bdev->bd_disk, + mode | BLK_OPEN_STRICT_SCAN); case BLKTRACESTART: case BLKTRACESTOP: case BLKTRACETEARDOWN: diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 01983eece8f2a..d0104dc839b0d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -151,6 +151,9 @@ struct access_rules_head { int max_rules; }; +/* return partition scanning errors */ +#define BLK_OPEN_STRICT_SCAN ((__force blk_mode_t)(1 << 5)) + struct gendisk { /* * major/first_minor/minors should not be set by any new driver, the -- 2.44.0.478.gd926399ef9-goog

1 year, 2 months

6
11
0 0

[PATCH] mmc: sdhci-msm: pervent access to suspended controller

by Mantas Pucka

Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> --- drivers/mmc/host/sdhci-msm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = { --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240321-sdhci-mmc-suspend-34f4af1d0286 Best regards, -- Mantas Pucka <mantas(a)8devices.com>

1 year, 2 months

3
7
0 0

[PATCH] dm: Change the default value of rq_affinity from 0 into 1

by Bart Van Assche

The following behavior is inconsistent: * For request-based dm queues the default value of rq_affinity is 1. * For bio-based dm queues the default value of rq_affinity is 0. The default value for request-based dm queues is 1 because of the following code in blk_mq_init_allocated_queue(): q->queue_flags |= QUEUE_FLAG_MQ_DEFAULT; From <linux/blkdev.h>: #define QUEUE_FLAG_MQ_DEFAULT ((1UL << QUEUE_FLAG_IO_STAT) | \ (1UL << QUEUE_FLAG_SAME_COMP) | \ (1UL << QUEUE_FLAG_NOWAIT)) The default value of rq_affinity for bio-based dm queues is 0 because the dm alloc_dev() function does not set any of the QUEUE_FLAG_SAME_* flags. I think the different default values are the result of an oversight when blk-mq support was added in the device mapper code. Hence this patch that changes the default value of rq_affinity from 0 to 1 for bio-based dm queues. This patch reduces the boot time from 12.23 to 12.20 seconds on my test setup, a Pixel 2023 development board. The storage controller on that test setup supports a single completion interrupt and hence benefits from redirecting I/O completions to a CPU core that is closer to the submitter. Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: Daniel Lee <chullee(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/md/dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 56aa2a8b9d71..9af216c11cf7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2106,6 +2106,7 @@ static struct mapped_device *alloc_dev(int minor) if (IS_ERR(md->disk)) goto bad; md->queue = md->disk->queue; + blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, md->queue); init_waitqueue_head(&md->wait); INIT_WORK(&md->work, dm_wq_work);

1 year, 2 months

2
3
0 0

[PATCH 1/2] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index fe1e7e3cc844..63bdc6b85219 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 0c0695763bea..dc32b96140c1 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -294,5 +294,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index d2242679239e..d2895d264196 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

1 year, 2 months

2
1
0 0

[PATCH 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes a buffer overflow and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 133 ++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 2 months

1
3
0 0

[PATCH] Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"

by Johan Hovold

This reverts commit 7dcd3e014aa7faeeaf4047190b22d8a19a0db696. Qualcomm Bluetooth controllers like WCN6855 do not have persistent storage for the Bluetooth address and must therefore start as unconfigured to allow the user to set a valid address unless one has been provided by the boot firmware in the devicetree. A recent change snuck into v6.8-rc7 and incorrectly started marking the default (non-unique) address as valid. This specifically also breaks the Bluetooth setup for some user of the Lenovo ThinkPad X13s. Note that this is the second time Qualcomm breaks the driver this way and that this was fixed last year by commit 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk"), which also has some further details. Fixes: 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") Cc: stable(a)vger.kernel.org # 6.8 Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index edd2a81b4d5e..f989c05f8177 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -7,7 +7,6 @@ * * Copyright (C) 2007 Texas Instruments, Inc. * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved. - * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. * * Acknowledgements: * This file is based on hci_ll.c, which was... @@ -1904,17 +1903,7 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - - /* Set BDA quirk bit for reading BDA value from fwnode property - * only if that property exist in DT. - */ - if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) { - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later"); - } else { - bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA"); - } - + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); -- 2.43.2

1 year, 2 months

7
26
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041526-whisking-flyover-825a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041525-compel-delta-953a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041524-unlovely-blemish-8954@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 2 months

2
1
0 0

[PATCH] usb: dwc3: ep0: Don't reset resource alloc flag

by Thinh Nguyen

The DWC3_EP_RESOURCE_ALLOCATED flag ensures that the resource of an endpoint is only assigned once. Unless the endpoint is reset, don't clear this flag. Otherwise we may set endpoint resource again, which prevents the driver from initiate transfer after handling a STALL or endpoint halt to the control endpoint. Cc: stable(a)vger.kernel.org Fixes: b311048c174d ("usb: dwc3: gadget: Rewrite endpoint allocation flow") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- drivers/usb/dwc3/ep0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c index 72bb722da2f2..d96ffbe52039 100644 --- a/drivers/usb/dwc3/ep0.c +++ b/drivers/usb/dwc3/ep0.c @@ -226,7 +226,8 @@ void dwc3_ep0_stall_and_restart(struct dwc3 *dwc) /* reinitialize physical ep1 */ dep = dwc->eps[1]; - dep->flags = DWC3_EP_ENABLED; + dep->flags &= DWC3_EP_RESOURCE_ALLOCATED; + dep->flags |= DWC3_EP_ENABLED; /* stall is always issued on EP0 */ dep = dwc->eps[0]; base-commit: c281d18dda402a2d180b921eebc7fe22b76699cf -- 2.28.0

1 year, 2 months

1
0
0 0

+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been added to the -mm mm-hotfixes-unstable branch. Its filename is bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Sun, 14 Apr 2024 19:49:45 +0800 On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240414114944.1012359-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) --- a/include/linux/bootconfig.h~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/include/linux/bootconfig.h @@ -287,7 +287,12 @@ int __init xbc_init(const char *buf, siz int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_me return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else if (addr) + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, si if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, si *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch

1 year, 2 months

1
0
0 0

[PATCH] dm: Change the default value of rq_affinity from 0 into 1

by Bart Van Assche

The following behavior is inconsistent: * For request-based dm queues the default value of rq_affinity is 1. * For bio-based dm queues the default value of rq_affinity is 0. The default value for request-based dm queues is 1 because of the following code in blk_mq_init_allocated_queue(): q->queue_flags |= QUEUE_FLAG_MQ_DEFAULT; From <linux/blkdev.h>: #define QUEUE_FLAG_MQ_DEFAULT ((1UL << QUEUE_FLAG_IO_STAT) | \ (1UL << QUEUE_FLAG_SAME_COMP) | \ (1UL << QUEUE_FLAG_NOWAIT)) The default value of rq_affinity for bio-based dm queues is 0 because the dm alloc_dev() function does not set any of the QUEUE_FLAG_SAME_* flags. I think the different default values are the result of an oversight when blk-mq support was added in the device mapper code. Hence this patch that changes the default value of rq_affinity from 0 to 1 for bio-based dm queues. This patch reduces the boot time from 12.23 to 12.20 seconds on my test setup, a Pixel 2023 development board. The storage controller on that test setup supports a single completion interrupt and hence benefits from redirecting I/O completions to a CPU core that is closer to the submitter. Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: Daniel Lee <chullee(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/md/dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 56aa2a8b9d71..9af216c11cf7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2106,6 +2106,7 @@ static struct mapped_device *alloc_dev(int minor) if (IS_ERR(md->disk)) goto bad; md->queue = md->disk->queue; + blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, md->queue); init_waitqueue_head(&md->wait); INIT_WORK(&md->work, dm_wq_work);

1 year, 2 months

1
1
0 0

+ nilfs2-fix-oob-in-nilfs_set_de_type.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix OOB in nilfs_set_de_type has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-oob-in-nilfs_set_de_type.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: nilfs2: fix OOB in nilfs_set_de_type Date: Tue, 16 Apr 2024 03:20:48 +0900 The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT". static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors. Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com Reported-by: syzbot+2e22057de05b9f3b30d8(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-oob-in-nilfs_set_de_type +++ a/fs/nilfs2/dir.c @@ -240,7 +240,7 @@ nilfs_filetype_table[NILFS_FT_MAX] = { #define S_SHIFT 12 static unsigned char -nilfs_type_by_mode[S_IFMT >> S_SHIFT] = { +nilfs_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = { [S_IFREG >> S_SHIFT] = NILFS_FT_REG_FILE, [S_IFDIR >> S_SHIFT] = NILFS_FT_DIR, [S_IFCHR >> S_SHIFT] = NILFS_FT_CHRDEV, _ Patches currently in -mm which might be from aha310510(a)gmail.com are nilfs2-fix-oob-in-nilfs_set_de_type.patch

1 year, 2 months

1
0
0 0

Re: [PATCH 6.8 000/172] 6.8.7-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 978e5c19dfefc271e5550efba92fcef0d3f62864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041502-sandal-buckskin-2dd2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978e5c19dfefc271e5550efba92fcef0d3f62864 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev <izbyshev(a)ispras.ru> Date: Fri, 5 Apr 2024 15:55:51 +0300 Subject: [PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure This bug was introduced in commit 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization"), which was made in preparation for adc8682ec690 ("io_uring: Add support for napi_busy_poll"). The latter got reverted in cb3182167325 ("Revert "io_uring: Add support for napi_busy_poll""), so simply undo the former as well. Cc: stable(a)vger.kernel.org Fixes: 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization") Signed-off-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Link: https://lore.kernel.org/r/20240405125551.237142-1-izbyshev@ispras.ru Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 4521c2b66b98..c170a2b8d2cf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2602,19 +2602,6 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, if (__io_cqring_events_user(ctx) >= min_events) return 0; - if (sig) { -#ifdef CONFIG_COMPAT - if (in_compat_syscall()) - ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, - sigsz); - else -#endif - ret = set_user_sigmask(sig, sigsz); - - if (ret) - return ret; - } - init_waitqueue_func_entry(&iowq.wq, io_wake_function); iowq.wq.private = current; INIT_LIST_HEAD(&iowq.wq.entry); @@ -2633,6 +2620,19 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, io_napi_adjust_timeout(ctx, &iowq, &ts); } + if (sig) { +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, + sigsz); + else +#endif + ret = set_user_sigmask(sig, sigsz); + + if (ret) + return ret; + } + io_napi_busy_loop(ctx, &iowq); trace_io_uring_cqring_wait(ctx, min_events);

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 978e5c19dfefc271e5550efba92fcef0d3f62864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041501-repulsion-purging-1a06@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978e5c19dfefc271e5550efba92fcef0d3f62864 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev <izbyshev(a)ispras.ru> Date: Fri, 5 Apr 2024 15:55:51 +0300 Subject: [PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure This bug was introduced in commit 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization"), which was made in preparation for adc8682ec690 ("io_uring: Add support for napi_busy_poll"). The latter got reverted in cb3182167325 ("Revert "io_uring: Add support for napi_busy_poll""), so simply undo the former as well. Cc: stable(a)vger.kernel.org Fixes: 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization") Signed-off-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Link: https://lore.kernel.org/r/20240405125551.237142-1-izbyshev@ispras.ru Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 4521c2b66b98..c170a2b8d2cf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2602,19 +2602,6 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, if (__io_cqring_events_user(ctx) >= min_events) return 0; - if (sig) { -#ifdef CONFIG_COMPAT - if (in_compat_syscall()) - ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, - sigsz); - else -#endif - ret = set_user_sigmask(sig, sigsz); - - if (ret) - return ret; - } - init_waitqueue_func_entry(&iowq.wq, io_wake_function); iowq.wq.private = current; INIT_LIST_HEAD(&iowq.wq.entry); @@ -2633,6 +2620,19 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, io_napi_adjust_timeout(ctx, &iowq, &ts); } + if (sig) { +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, + sigsz); + else +#endif + ret = set_user_sigmask(sig, sigsz); + + if (ret) + return ret; + } + io_napi_busy_loop(ctx, &iowq); trace_io_uring_cqring_wait(ctx, min_events);

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033042-audio-pacemaker-1b50@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 2 months

2
2
0 0

[PATCH 6.6] Revert "dm-crypt, dm-verity: disable tasklets"

by Li Lingfeng

This reverts commit 5735a2671ffb70ea29ca83969fe01316ee2ed6fc which is commit 0a9bab391e336489169b95cb0d4553d921302189 upstream. Tasklet is thought to cause memory corruption [1], so it was disabled in dm-crypt and dm-verity. However, memory corruption may not happen since cc->io_queue is created without WQ_UNBOUND [2]. Revert commit 5735a2671ffb ("dm-crypt, dm-verity: disable tasklets") to bring tasklet back. [1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/ [2] https://lore.kernel.org/all/4d331659-badd-749d-fba1-271543631a8a@huawei.com/ Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> --- drivers/md/dm-crypt.c | 38 +++++++++++++++++++++++++++++++++-- drivers/md/dm-verity-target.c | 26 ++++++++++++++++++++++-- drivers/md/dm-verity.h | 1 + 3 files changed, 61 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index aa6bb5b4704b..a60d91d02e28 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -75,8 +75,10 @@ struct dm_crypt_io { struct bio *base_bio; u8 *integrity_metadata; bool integrity_metadata_from_pool:1; + bool in_tasklet:1; struct work_struct work; + struct tasklet_struct tasklet; struct convert_context ctx; @@ -1775,6 +1777,7 @@ static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc, io->ctx.r.req = NULL; io->integrity_metadata = NULL; io->integrity_metadata_from_pool = false; + io->in_tasklet = false; atomic_set(&io->io_pending, 0); } @@ -1785,6 +1788,13 @@ static void crypt_inc_pending(struct dm_crypt_io *io) static void kcryptd_queue_read(struct dm_crypt_io *io); +static void kcryptd_io_bio_endio(struct work_struct *work) +{ + struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work); + + bio_endio(io->base_bio); +} + /* * One of the bios was finished. Check for completion of * the whole request and correctly clean up the buffer. @@ -1817,6 +1827,20 @@ static void crypt_dec_pending(struct dm_crypt_io *io) base_bio->bi_status = error; + /* + * If we are running this function from our tasklet, + * we can't call bio_endio() here, because it will call + * clone_endio() from dm.c, which in turn will + * free the current struct dm_crypt_io structure with + * our tasklet. In this case we need to delay bio_endio() + * execution to after the tasklet is done and dequeued. + */ + if (io->in_tasklet) { + INIT_WORK(&io->work, kcryptd_io_bio_endio); + queue_work(cc->io_queue, &io->work); + return; + } + bio_endio(base_bio); } @@ -2291,6 +2315,11 @@ static void kcryptd_crypt(struct work_struct *work) kcryptd_crypt_write_convert(io); } +static void kcryptd_crypt_tasklet(unsigned long work) +{ + kcryptd_crypt((struct work_struct *)work); +} + static void kcryptd_queue_crypt(struct dm_crypt_io *io) { struct crypt_config *cc = io->cc; @@ -2302,10 +2331,15 @@ static void kcryptd_queue_crypt(struct dm_crypt_io *io) * irqs_disabled(): the kernel may run some IO completion from the idle thread, but * it is being executed with irqs disabled. */ - if (!(in_hardirq() || irqs_disabled())) { - kcryptd_crypt(&io->work); + if (in_hardirq() || irqs_disabled()) { + io->in_tasklet = true; + tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work); + tasklet_schedule(&io->tasklet); return; } + + kcryptd_crypt(&io->work); + return; } INIT_WORK(&io->work, kcryptd_crypt); diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 49e4a35d7019..0bb126eadc0d 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -701,6 +701,23 @@ static void verity_work(struct work_struct *w) verity_finish_io(io, errno_to_blk_status(verity_verify_io(io))); } +static void verity_tasklet(unsigned long data) +{ + struct dm_verity_io *io = (struct dm_verity_io *)data; + int err; + + io->in_tasklet = true; + err = verity_verify_io(io); + if (err == -EAGAIN || err == -ENOMEM) { + /* fallback to retrying with work-queue */ + INIT_WORK(&io->work, verity_work); + queue_work(io->v->verify_wq, &io->work); + return; + } + + verity_finish_io(io, errno_to_blk_status(err)); +} + static void verity_end_io(struct bio *bio) { struct dm_verity_io *io = bio->bi_private; @@ -713,8 +730,13 @@ static void verity_end_io(struct bio *bio) return; } - INIT_WORK(&io->work, verity_work); - queue_work(io->v->verify_wq, &io->work); + if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) { + tasklet_init(&io->tasklet, verity_tasklet, (unsigned long)io); + tasklet_schedule(&io->tasklet); + } else { + INIT_WORK(&io->work, verity_work); + queue_work(io->v->verify_wq, &io->work); + } } /* diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h index db93a91169d5..7e495cc375b0 100644 --- a/drivers/md/dm-verity.h +++ b/drivers/md/dm-verity.h @@ -87,6 +87,7 @@ struct dm_verity_io { bool in_tasklet; struct work_struct work; + struct tasklet_struct tasklet; char *recheck_buffer; -- 2.31.1

1 year, 2 months

3
5
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033053-lyrically-excluding-f09f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 2 months

3
5
0 0

[PATCH 2/2 v3] net: usb: qmi_wwan: add Lonsung U8300/U9300 product

by Coia Prant

Update the net usb qmi_wwan driver to support Longsung U8300/U9300. Enabling DTR on this modem was necessary to ensure stable operation. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully using qmicli on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e2e181378f41..3dd8a2e24837 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1380,6 +1380,8 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b05, 4)}, /* Longsung U8300 */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b3c, 4)}, /* Longsung U9300 */ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ -- 2.39.2

1 year, 2 months

1
0
0 0

[PATCH 2/2 v2] net: usb: qmi_wwan: add Lonsung U8300/U9300 product

by Coia Prant

Update the net usb qmi_wwan driver to support Longsung U8300/U9300. Enabling DTR on this modem was necessary to ensure stable operation. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully using qmicli on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e2e181378f41..3dd8a2e24837 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1380,6 +1380,8 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b05, 4)}, /* Longsung U8300 */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b3c, 4)}, /* Longsung U9300 */ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ -- 2.39.2

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: disable io-wq execution of multishot NOWAIT" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x bee1d5becdf5bf23d4ca0cd9c6b60bdf3c61d72b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040826-handbrake-five-e04e@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: bee1d5becdf5 ("io_uring: disable io-wq execution of multishot NOWAIT requests") e0e4ab52d170 ("io_uring: refactor DEFER_TASKRUN multishot checks") 3a96378e22cc ("io_uring: fix mshot io-wq checks") eb18c29dd2a3 ("io_uring/net: move recv/recvmsg flags out of retry loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bee1d5becdf5bf23d4ca0cd9c6b60bdf3c61d72b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Mon, 1 Apr 2024 11:30:06 -0600 Subject: [PATCH] io_uring: disable io-wq execution of multishot NOWAIT requests Do the same check for direct io-wq execution for multishot requests that commit 2a975d426c82 did for the inline execution, and disable multishot mode (and revert to single shot) if the file type doesn't support NOWAIT, and isn't opened in O_NONBLOCK mode. For multishot to work properly, it's a requirement that nonblocking read attempts can be done. Cc: stable(a)vger.kernel.org Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 5d4b448fdc50..8baf8afb79c2 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1982,10 +1982,15 @@ void io_wq_submit_work(struct io_wq_work *work) err = -EBADFD; if (!io_file_can_poll(req)) goto fail; - err = -ECANCELED; - if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) - goto fail; - return; + if (req->file->f_flags & O_NONBLOCK || + req->file->f_mode & FMODE_NOWAIT) { + err = -ECANCELED; + if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) + goto fail; + return; + } else { + req->flags &= ~REQ_F_APOLL_MULTISHOT; + } } if (req->flags & REQ_F_FORCE_ASYNC) {

1 year, 2 months

3
3
0 0

[PATCH 1/2 v2] USB: serial: option: add Lonsung U8300/U9300 product

by Coia Prant

Update the USB serial option driver to support Longsung U8300/U9300. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Reviewed-by: Lars Melin <larsm17(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: netdev(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 009/190] block: fix signed int overflow in Amiga partition support

by Sasha Levin

From: Michael Schmitz <schmitzmic(a)gmail.com> [ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ] The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB. Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD. This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow <jdow(a)earthlink.net>. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that). Reported-by: Martin Steigerwald <Martin(a)lichtvoll.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Message-ID: <201206192146.09327.Martin(a)lichtvoll.de> Cc: <stable(a)vger.kernel.org> # 5.2 Signed-off-by: Michael Schmitz <schmitzmic(a)gmail.com> Tested-by: Martin Steigerwald <Martin(a)lichtvoll.de> Reviewed-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 560936617d9c1..4a4160221183b 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE]; @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) /* Tell Kernel about it */ - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 - + be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; -- 2.43.0

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041514-mangy-jet-c955@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041511-earthy-slick-6e64@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041508-licorice-imitation-0cab@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Disable port sync when bigjoiner is used" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041548-aftermath-grafted-5575@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Fri, 5 Apr 2024 00:34:27 +0300 Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current modeset sequence can't handle port sync and bigjoiner at the same time. Refuse port sync when bigjoiner is needed, at least until we fix the modeset sequence. v2: Add a FIXME (Vandite) Cc: stable(a)vger.kernel.org Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com> Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> (cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index c587a8efeafc..c17462b4c2ac 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1, static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1, const struct intel_crtc_state *crtc_state2) { + /* + * FIXME the modeset sequence is currently wrong and + * can't deal with bigjoiner + port sync at the same time. + */ return crtc_state1->hw.active && crtc_state2->hw.active && + !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes && crtc_state1->output_types == crtc_state2->output_types && crtc_state1->output_format == crtc_state2->output_format && crtc_state1->lane_count == crtc_state2->lane_count &&

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Disable port sync when bigjoiner is used" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041547-freely-probable-b5c9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Fri, 5 Apr 2024 00:34:27 +0300 Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current modeset sequence can't handle port sync and bigjoiner at the same time. Refuse port sync when bigjoiner is needed, at least until we fix the modeset sequence. v2: Add a FIXME (Vandite) Cc: stable(a)vger.kernel.org Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com> Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> (cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index c587a8efeafc..c17462b4c2ac 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1, static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1, const struct intel_crtc_state *crtc_state2) { + /* + * FIXME the modeset sequence is currently wrong and + * can't deal with bigjoiner + port sync at the same time. + */ return crtc_state1->hw.active && crtc_state2->hw.active && + !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes && crtc_state1->output_types == crtc_state2->output_types && crtc_state1->output_format == crtc_state2->output_format && crtc_state1->lane_count == crtc_state2->lane_count &&

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-cosmetics-briar-7ebd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041520-wooing-barman-5421@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-driving-reformat-2eac@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 2 months

1
0
0 0

[PATCH 5.15 00/57] 5.15.155-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.155 release. There are 57 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.155-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.155-rc1 Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Kees Cook <keescook(a)chromium.org> gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix panic when DSA master device unbinds on shutdown ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +++++- arch/x86/mm/pat/memtype.c | 49 +++++++++++++++------- block/blk-stat.c | 2 +- drivers/acpi/sleep.c | 12 ------ drivers/bluetooth/btintel.c | 2 +- drivers/cpuidle/driver.c | 3 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/infiniband/core/cm.c | 20 ++++++++- drivers/input/rmi4/rmi_driver.c | 6 ++- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++-- drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++- drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- drivers/nvme/host/pci.c | 3 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 ++- drivers/platform/x86/touchscreen_dmi.c | 9 ++++ drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++- drivers/tty/n_gsm.c | 3 ++ drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 ++-- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 ++++- fs/btrfs/export.c | 9 +++- fs/btrfs/send.c | 10 ++++- fs/btrfs/volumes.c | 12 +++++- fs/ext4/mballoc.c | 5 ++- fs/ext4/super.c | 12 ++++++ fs/isofs/inode.c | 18 +++++++- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 ++--- include/linux/randomize_kstack.h | 2 +- include/linux/sunrpc/sched.h | 2 +- include/uapi/linux/input-event-codes.h | 1 + kernel/panic.c | 8 ++++ kernel/trace/ring_buffer.c | 2 +- mm/memory.c | 4 ++ net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++++--- net/dsa/dsa2.c | 25 +++-------- net/netfilter/nf_tables_api.c | 47 ++++++++++++++++----- net/smc/smc_pnet.c | 10 +++++ scripts/gcc-plugins/stackleak_plugin.c | 6 +++ sound/firewire/amdtp-stream.c | 12 ++++-- sound/firewire/amdtp-stream.h | 4 ++ sound/soc/soc-core.c | 3 ++ tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++++--- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 56 files changed, 326 insertions(+), 128 deletions(-)

1 year, 2 months

14
77
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041522-platform-decompose-f02f@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041521-passport-reiterate-a4ee@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041520-goliath-parameter-038b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-zoning-angling-730e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041517-scrubber-skimmer-981c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041516-stack-prevail-2b51@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041515-scrap-probable-d3c3@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 2 months

1
0
0 0

Re: Patch "Revert "s390/ism: fix receive message buffer allocation"" has been added to the 6.8-stable tree

by Heiko Carstens

On Mon, Apr 15, 2024 at 04:59:24AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Revert "s390/ism: fix receive message buffer allocation" > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > revert-s390-ism-fix-receive-message-buffer-allocatio.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 8568beeed3944bd4bf4c3683993a9df6ae53fbb7 > Author: Gerd Bayer <gbayer(a)linux.ibm.com> > Date: Tue Apr 9 13:37:53 2024 +0200 > > Revert "s390/ism: fix receive message buffer allocation" > > [ Upstream commit d51dc8dd6ab6f93a894ff8b38d3b8d02c98eb9fb ] > > This reverts commit 58effa3476536215530c9ec4910ffc981613b413. > Review was not finished on this patch. So it's not ready for > upstreaming. > > Signed-off-by: Gerd Bayer <gbayer(a)linux.ibm.com> > Link: https://lore.kernel.org/r/20240409113753.2181368-1-gbayer@linux.ibm.com > Fixes: 58effa347653 ("s390/ism: fix receive message buffer allocation") > Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> I'm not sure if it makes sense to add and revert a patch within a single stable queue (the same applies to 6.6). It might make sense to drop both patches.

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] accel/ivpu: Check return code of ipc->lock init" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f0cf7ffcd02953c72fed5995378805883d16203e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041555-provable-follicle-38d5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0cf7ffcd02953c72fed5995378805883d16203e Mon Sep 17 00:00:00 2001 From: "Wachowski, Karol" <karol.wachowski(a)intel.com> Date: Tue, 2 Apr 2024 12:49:22 +0200 Subject: [PATCH] accel/ivpu: Check return code of ipc->lock init Return value of drmm_mutex_init(ipc->lock) was unchecked. Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402104929.941186-2-jacek… diff --git a/drivers/accel/ivpu/ivpu_ipc.c b/drivers/accel/ivpu/ivpu_ipc.c index 04ac4b9840fb..56ff067f63e2 100644 --- a/drivers/accel/ivpu/ivpu_ipc.c +++ b/drivers/accel/ivpu/ivpu_ipc.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (C) 2020-2023 Intel Corporation + * Copyright (C) 2020-2024 Intel Corporation */ #include <linux/genalloc.h> @@ -501,7 +501,11 @@ int ivpu_ipc_init(struct ivpu_device *vdev) spin_lock_init(&ipc->cons_lock); INIT_LIST_HEAD(&ipc->cons_list); INIT_LIST_HEAD(&ipc->cb_msg_list); - drmm_mutex_init(&vdev->drm, &ipc->lock); + ret = drmm_mutex_init(&vdev->drm, &ipc->lock); + if (ret) { + ivpu_err(vdev, "Failed to initialize ipc->lock, ret %d\n", ret); + goto err_free_rx; + } ivpu_ipc_reset(vdev); return 0;

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 74e97958121aa1f5854da6effba70143f051b0cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041500-iodize-marina-a41e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 74e97958121a ("btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations") 3324d0547861 ("btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted") 1b53e51a4a8f ("btrfs: don't commit transaction for every subvol create") 45c40c8f9541 ("btrfs: move root tree prototypes to their own header") 2839c2c142dd ("btrfs: move delalloc space related prototypes to delalloc-space.h") a0231804affe ("btrfs: move extent-tree helpers into their own header file") e2f13b343c14 ("btrfs: move btrfs_account_ro_block_groups_free_space into space-info.c") 8483d40242c5 ("btrfs: remove extra space info prototypes in ctree.h") 6db75318823a ("btrfs: use struct fscrypt_str instead of struct qstr") ab3c5c18e8fa ("btrfs: setup qstr from dentrys using fscrypt helper") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74e97958121aa1f5854da6effba70143f051b0cd Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Thu, 21 Mar 2024 10:02:04 -0700 Subject: [PATCH] btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a transaction, we convert PREALLOC to PERTRANS, which gets cleared in bulk at the end of the transaction. However, the error paths of these three operations were not implementing this lifecycle correctly. They unconditionally converted the PREALLOC to PERTRANS in a generic cleanup step regardless of errors or whether the operation was fully associated to a transaction or not. This resulted in error paths occasionally converting this rsv to PERTRANS without calling record_root_in_trans successfully, which meant that unless that root got recorded in the transaction by some other thread, the end of the transaction would not free that root's PERTRANS, leaking it. Ultimately, this resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount for the leaked reservation. The fix is to ensure that every qgroup PREALLOC reservation observes the following properties: 1. any failure before record_root_in_trans is called successfully results in freeing the PREALLOC reservation. 2. after record_root_in_trans, we convert to PERTRANS, and now the transaction owns freeing the reservation. This patch enforces those properties on the three operations. Without it, generic/269 with squotas enabled at mkfs time would fail in ~5-10 runs on my system. With this patch, it ran successfully 1000 times in a row. Fixes: e85fde5162bf ("btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 37701531eeb1..1f9e74c4161d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -4503,6 +4503,7 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) struct btrfs_trans_handle *trans; struct btrfs_block_rsv block_rsv; u64 root_flags; + u64 qgroup_reserved = 0; int ret; down_write(&fs_info->subvol_sem); @@ -4547,12 +4548,20 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) ret = btrfs_subvolume_reserve_metadata(root, &block_rsv, 5, true); if (ret) goto out_undead; + qgroup_reserved = block_rsv.qgroup_rsv_reserved; trans = btrfs_start_transaction(root, 0); if (IS_ERR(trans)) { ret = PTR_ERR(trans); goto out_release; } + ret = btrfs_record_root_in_trans(trans, root); + if (ret) { + btrfs_abort_transaction(trans, ret); + goto out_end_trans; + } + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->block_rsv = &block_rsv; trans->bytes_reserved = block_rsv.size; @@ -4611,7 +4620,9 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) ret = btrfs_end_transaction(trans); inode->i_flags |= S_DEAD; out_release: - btrfs_subvolume_release_metadata(root, &block_rsv); + btrfs_block_rsv_release(fs_info, &block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); out_undead: if (ret) { spin_lock(&dest->root_item_lock); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 38459a89b27c..5a507237c4fa 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -613,6 +613,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, int ret; dev_t anon_dev; u64 objectid; + u64 qgroup_reserved = 0; root_item = kzalloc(sizeof(*root_item), GFP_KERNEL); if (!root_item) @@ -650,13 +651,18 @@ static noinline int create_subvol(struct mnt_idmap *idmap, trans_num_items, false); if (ret) goto out_new_inode_args; + qgroup_reserved = block_rsv.qgroup_rsv_reserved; trans = btrfs_start_transaction(root, 0); if (IS_ERR(trans)) { ret = PTR_ERR(trans); - btrfs_subvolume_release_metadata(root, &block_rsv); - goto out_new_inode_args; + goto out_release_rsv; } + ret = btrfs_record_root_in_trans(trans, BTRFS_I(dir)->root); + if (ret) + goto out; + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->block_rsv = &block_rsv; trans->bytes_reserved = block_rsv.size; /* Tree log can't currently deal with an inode which is a new root. */ @@ -767,9 +773,11 @@ static noinline int create_subvol(struct mnt_idmap *idmap, out: trans->block_rsv = NULL; trans->bytes_reserved = 0; - btrfs_subvolume_release_metadata(root, &block_rsv); - btrfs_end_transaction(trans); +out_release_rsv: + btrfs_block_rsv_release(fs_info, &block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); out_new_inode_args: btrfs_new_inode_args_destroy(&new_inode_args); out_inode: @@ -791,6 +799,8 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, struct btrfs_pending_snapshot *pending_snapshot; unsigned int trans_num_items; struct btrfs_trans_handle *trans; + struct btrfs_block_rsv *block_rsv; + u64 qgroup_reserved = 0; int ret; /* We do not support snapshotting right now. */ @@ -827,19 +837,19 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, goto free_pending; } - btrfs_init_block_rsv(&pending_snapshot->block_rsv, - BTRFS_BLOCK_RSV_TEMP); + block_rsv = &pending_snapshot->block_rsv; + btrfs_init_block_rsv(block_rsv, BTRFS_BLOCK_RSV_TEMP); /* * 1 to add dir item * 1 to add dir index * 1 to update parent inode item */ trans_num_items = create_subvol_num_items(inherit) + 3; - ret = btrfs_subvolume_reserve_metadata(BTRFS_I(dir)->root, - &pending_snapshot->block_rsv, + ret = btrfs_subvolume_reserve_metadata(BTRFS_I(dir)->root, block_rsv, trans_num_items, false); if (ret) goto free_pending; + qgroup_reserved = block_rsv->qgroup_rsv_reserved; pending_snapshot->dentry = dentry; pending_snapshot->root = root; @@ -852,6 +862,13 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, ret = PTR_ERR(trans); goto fail; } + ret = btrfs_record_root_in_trans(trans, BTRFS_I(dir)->root); + if (ret) { + btrfs_end_transaction(trans); + goto fail; + } + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->pending_snapshot = pending_snapshot; @@ -881,7 +898,9 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, if (ret && pending_snapshot->snap) pending_snapshot->snap->anon_dev = 0; btrfs_put_root(pending_snapshot->snap); - btrfs_subvolume_release_metadata(root, &pending_snapshot->block_rsv); + btrfs_block_rsv_release(fs_info, block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); free_pending: if (pending_snapshot->anon_dev) free_anon_bdev(pending_snapshot->anon_dev); diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c index 4bb538a372ce..7007f9e0c972 100644 --- a/fs/btrfs/root-tree.c +++ b/fs/btrfs/root-tree.c @@ -548,13 +548,3 @@ int btrfs_subvolume_reserve_metadata(struct btrfs_root *root, } return ret; } - -void btrfs_subvolume_release_metadata(struct btrfs_root *root, - struct btrfs_block_rsv *rsv) -{ - struct btrfs_fs_info *fs_info = root->fs_info; - u64 qgroup_to_release; - - btrfs_block_rsv_release(fs_info, rsv, (u64)-1, &qgroup_to_release); - btrfs_qgroup_convert_reserved_meta(root, qgroup_to_release); -} diff --git a/fs/btrfs/root-tree.h b/fs/btrfs/root-tree.h index 6f929cf3bd49..8f5739e732b9 100644 --- a/fs/btrfs/root-tree.h +++ b/fs/btrfs/root-tree.h @@ -18,8 +18,6 @@ struct btrfs_trans_handle; int btrfs_subvolume_reserve_metadata(struct btrfs_root *root, struct btrfs_block_rsv *rsv, int nitems, bool use_global_rsv); -void btrfs_subvolume_release_metadata(struct btrfs_root *root, - struct btrfs_block_rsv *rsv); int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, u64 ref_id, u64 dirid, u64 sequence, const struct fscrypt_str *name);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: qgroup: correctly model root qgroup rsv in convert" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 141fb8cd206ace23c02cd2791c6da52c1d77d42a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041534-compel-iguana-50ce@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") 4fd786e6c3d6 ("btrfs: Remove 'objectid' member from struct btrfs_root") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 141fb8cd206ace23c02cd2791c6da52c1d77d42a Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Tue, 19 Mar 2024 10:54:22 -0700 Subject: [PATCH] btrfs: qgroup: correctly model root qgroup rsv in convert We use add_root_meta_rsv and sub_root_meta_rsv to track prealloc and pertrans reservations for subvolumes when quotas are enabled. The convert function does not properly increment pertrans after decrementing prealloc, so the count is not accurate. Note: we check that the fs is not read-only to mirror the logic in qgroup_convert_meta, which checks that before adding to the pertrans rsv. Fixes: 8287475a2055 ("btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c index 5f90f0605b12..cf8820ce7aa2 100644 --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -4495,6 +4495,8 @@ void btrfs_qgroup_convert_reserved_meta(struct btrfs_root *root, int num_bytes) BTRFS_QGROUP_RSV_META_PREALLOC); trace_qgroup_meta_convert(root, num_bytes); qgroup_convert_meta(fs_info, root->root_key.objectid, num_bytes); + if (!sb_rdonly(fs_info->sb)) + add_root_meta_rsv(root, num_bytes, BTRFS_QGROUP_RSV_META_PERTRANS); } /*

1 year, 2 months

1
0
0 0

[PATCH 6.6/6.1 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 6.6 and 6.1 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 6.6 and 6.1 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 2 months

1
1
0 0

[PATCH 5.15/5.10/5.4/4.19 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 5.15, 5.10, 5.4 and 4.19 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 5.15, 5.10, 5.4 and 4.19 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 2 months

1
1
0 0

[PATCH 5.10.y 1/1] mailbox: imx: fix suspend failue

by Daisuke Mizobuchi

When an interrupt occurs, it always wakes up. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream is correct, so it seems to be a mistake in cheery-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 2 months

3
2
0 0

[PATCH 4.19.y v4 0/2] Double-free bug discovery on testing trigger-field-variable-support.tc

by George Guo

1) About v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch: The reason I am backporting this patch is that no one found the double-free bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. This is tested via "./ftracetest test.d/trigger/inter-event/ trigger-field-variable-support.tc" ================================================================== BUG: KASAN: use-after-free in destroy_hist_field+0x115/0x140 Read of size 4 at addr ffff888012e95318 by task ftracetest/1858 CPU: 1 PID: 1858 Comm: ftracetest Kdump: loaded Tainted: GE 4.19.90-89 #24 Source Version: Unknown Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0 Call Trace: dump_stack+0xcb/0x10b print_address_description.cold+0x54/0x249 kasan_report_error.cold+0x63/0xab ? destroy_hist_field+0x115/0x140 __asan_report_load4_noabort+0x8d/0xa0 ? destroy_hist_field+0x115/0x140 destroy_hist_field+0x115/0x140 destroy_hist_data+0x4e4/0x9a0 event_hist_trigger_free+0x212/0x2f0 ? update_cond_flag+0x128/0x170 ? event_hist_trigger_func+0x2880/0x2880 hist_unregister_trigger+0x2f2/0x4f0 event_hist_trigger_func+0x168c/0x2880 ? tracing_map_read_var_once+0xd0/0xd0 ? create_key_field+0x520/0x520 ? __mutex_lock_slowpath+0x10/0x10 event_trigger_write+0x2f4/0x490 ? trigger_start+0x180/0x180 ? __fget_light+0x369/0x5d0 ? count_memcg_event_mm+0x104/0x2b0 ? trigger_start+0x180/0x180 __vfs_write+0x81/0x100 vfs_write+0x1e1/0x540 ksys_write+0x12a/0x290 ? __ia32_sys_read+0xb0/0xb0 ? __close_fd+0x1d3/0x280 do_syscall_64+0xe3/0x2d0 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7efdd342ee04 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 39 34 0c 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5 RSP: 002b:00007ffda01f5e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000000000b4 RCX: 00007efdd342ee04 RDX: 00000000000000b4 RSI: 000055c5b41b1e90 RDI: 0000000000000001 RBP: 000055c5b41b1e90 R08: 000000000000000a R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000246 R12: 00007efdd34ed5c0 R13: 00000000000000b4 R14: 00007efdd34ed7c0 R15: 00000000000000b4 ================================================================== 2) About v4-0002-tracing-Use-var_refs-for-hist-trigger-reference-c.patch: Only v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch will lead to compilation errors: ../kernel/trace/trace_events_hist.c: In function ��find_var_ref��: ../kernel/trace/trace_events_hist.c:1364:36: error: ��struct hist_trigger_data�� has no member named ��n_synth_var_refs��; did you mean ��n_var_refs��? 1364 | for (i = 0; i < hist_data->n_synth_var_refs; i++) { | ^~~~~~~~~~~~~~~~ | n_var_refs ../kernel/trace/trace_events_hist.c:1365:41: error: ��struct hist_trigger_data�� has no member named ��synth_var_refs��; did you mean ��n_var_refs��? 1365 | hist_field = hist_data->synth_var_refs[i]; | ^~~~~~~~~~~~~~ | n_var_refs Tom Zanussi (2): tracing: Remove hist trigger synth_var_refs tracing: Use var_refs[] for hist trigger reference checking kernel/trace/trace_events_hist.c | 86 ++++---------------------------- 1 file changed, 11 insertions(+), 75 deletions(-) -- 2.34.1

1 year, 2 months

2
4
0 0

[PATCH 4.14-openela 049/190] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling

by Sasha Levin

From: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> [ Upstream commit b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 ] In commit 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64"), the logic to support the MUSB_QUIRK_B_DISCONNECT_99 quirk was modified to only conditionally schedule the musb->irq_work delayed work. This commit badly breaks ECM Gadget on AM335X. Indeed, with this commit, one can observe massive packet loss: $ ping 192.168.0.100 ... 15 packets transmitted, 3 received, 80% packet loss, time 14316ms Reverting this commit brings back a properly functioning ECM Gadget. An analysis of the commit seems to indicate that a mistake was made: the previous code was not falling through into the MUSB_QUIRK_B_INVALID_VBUS_91, but now it is, unless the condition is taken. Changing the logic to be as it was before the problematic commit *and* only conditionally scheduling musb->irq_work resolves the regression: $ ping 192.168.0.100 ... 64 packets transmitted, 64 received, 0% packet loss, time 64475ms Fixes: 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64") Cc: stable(a)vger.kernel.org Tested-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Tested-by: Drew Fustini <drew(a)beagleboard.org> Acked-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Link: https://lore.kernel.org/r/20210528140446.278076-1-thomas.petazzoni@bootlin.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/musb/musb_core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c index 9ed604ddbb585..580f4c12eada3 100644 --- a/drivers/usb/musb/musb_core.c +++ b/drivers/usb/musb/musb_core.c @@ -1869,9 +1869,8 @@ static void musb_pm_runtime_check_session(struct musb *musb) schedule_delayed_work(&musb->irq_work, msecs_to_jiffies(1000)); musb->quirk_retries--; - break; } - /* fall through */ + break; case MUSB_QUIRK_B_INVALID_VBUS_91: if (musb->quirk_retries && !musb->flush_irq_work) { musb_dbg(musb, -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 046/190] ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit 13736654481198e519059d4a2e2e3b20fa9fdb3e ] MS confirm that "AISi" name of SMB2_CREATE_ALLOCATION_SIZE in MS-SMB2 specification is a typo. cifs/ksmbd have been using this wrong name from MS-SMB2. It should be "AlSi". Also It will cause problem when running smb2.create.open test in smbtorture against ksmbd. Cc: stable(a)vger.kernel.org Fixes: 12197a7fdda9 ("Clarify SMB2/SMB3 create context and add missing ones") Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Reviewed-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/smb2pdu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 407425d31b2eb..9ba9412c392f1 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -485,7 +485,7 @@ struct smb2_tree_disconnect_rsp { #define SMB2_CREATE_SD_BUFFER "SecD" /* security descriptor */ #define SMB2_CREATE_DURABLE_HANDLE_REQUEST "DHnQ" #define SMB2_CREATE_DURABLE_HANDLE_RECONNECT "DHnC" -#define SMB2_CREATE_ALLOCATION_SIZE "AISi" +#define SMB2_CREATE_ALLOCATION_SIZE "AlSi" #define SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST "MxAc" #define SMB2_CREATE_TIMEWARP_REQUEST "TWrp" #define SMB2_CREATE_QUERY_ON_DISK_ID "QFid" -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 045/190] PCI: keystone: Don't discard .probe() callback

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit 7994db905c0fd692cf04c527585f08a91b560144 ] The __init annotation makes the ks_pcie_probe() function disappear after booting completes. However a device can also be bound later. In that case, we try to call ks_pcie_probe(), but the backing memory is likely already overwritten. The right thing to do is do always have the probe callback available. Note that the (wrong) __refdata annotation prevented this issue to be noticed by modpost. Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") Link: https://lore.kernel.org/r/20231001170254.2506508-5-u.kleine-koenig@pengutro… Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pci-keystone.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c index 54fe75fd46b9d..6696d3999bffc 100644 --- a/drivers/pci/dwc/pci-keystone.c +++ b/drivers/pci/dwc/pci-keystone.c @@ -388,7 +388,7 @@ static int ks_pcie_remove(struct platform_device *pdev) return 0; } -static int __init ks_pcie_probe(struct platform_device *pdev) +static int ks_pcie_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; struct dw_pcie *pci; @@ -455,7 +455,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev) return ret; } -static struct platform_driver ks_pcie_driver __refdata = { +static struct platform_driver ks_pcie_driver = { .probe = ks_pcie_probe, .remove = ks_pcie_remove, .driver = { -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 044/190] PCI: keystone: Don't discard .remove() callback

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit 200bddbb3f5202bbce96444fdc416305de14f547 ] With CONFIG_PCIE_KEYSTONE=y and ks_pcie_remove() marked with __exit, the function is discarded from the driver. In this case a bound device can still get unbound, e.g via sysfs. Then no cleanup code is run resulting in resource leaks or worse. The right thing to do is do always have the remove callback available. Note that this driver cannot be compiled as a module, so ks_pcie_remove() was always discarded before this change and modpost couldn't warn about this issue. Furthermore the __ref annotation also prevents a warning. Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") Link: https://lore.kernel.org/r/20231001170254.2506508-4-u.kleine-koenig@pengutro… Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pci-keystone.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c index 3ea8288c16053..54fe75fd46b9d 100644 --- a/drivers/pci/dwc/pci-keystone.c +++ b/drivers/pci/dwc/pci-keystone.c @@ -379,7 +379,7 @@ static const struct dw_pcie_ops dw_pcie_ops = { .link_up = ks_dw_pcie_link_up, }; -static int __exit ks_pcie_remove(struct platform_device *pdev) +static int ks_pcie_remove(struct platform_device *pdev) { struct keystone_pcie *ks_pcie = platform_get_drvdata(pdev); @@ -457,7 +457,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev) static struct platform_driver ks_pcie_driver __refdata = { .probe = ks_pcie_probe, - .remove = __exit_p(ks_pcie_remove), + .remove = ks_pcie_remove, .driver = { .name = "keystone-pcie", .of_match_table = of_match_ptr(ks_pcie_of_match), -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 034/190] ASoC: cs42l51: fix driver to properly autoload with automatic module loading

by Sasha Levin

From: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> [ Upstream commit e51df4f81b02bcdd828a04de7c1eb6a92988b61e ] In commit 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table pointer"), 9 years ago, some random guy fixed the cs42l51 after it was split into a core part and an I2C part to properly match based on a Device Tree compatible string. However, the fix in this commit is wrong: the MODULE_DEVICE_TABLE(of, ....) is in the core part of the driver, not the I2C part. Therefore, automatic module loading based on module.alias, based on matching with the DT compatible string, loads the core part of the driver, but not the I2C part. And threfore, the i2c_driver is not registered, and the codec is not known to the system, nor matched with a DT node with the corresponding compatible string. In order to fix that, we move the MODULE_DEVICE_TABLE(of, ...) into the I2C part of the driver. The cs42l51_of_match[] array is also moved as well, as it is not possible to have this definition in one file, and the MODULE_DEVICE_TABLE(of, ...) invocation in another file, due to how MODULE_DEVICE_TABLE works. Thanks to this commit, the I2C part of the driver now properly autoloads, and thanks to its dependency on the core part, the core part gets autoloaded as well, resulting in a functional sound card without having to manually load kernel modules. Fixes: 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table pointer") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Link: https://lore.kernel.org/r/20230713112112.778576-1-thomas.petazzoni@bootlin.… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/cs42l51-i2c.c | 6 ++++++ sound/soc/codecs/cs42l51.c | 7 ------- sound/soc/codecs/cs42l51.h | 1 - 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/sound/soc/codecs/cs42l51-i2c.c b/sound/soc/codecs/cs42l51-i2c.c index 9bad478474fa3..5614378557d0c 100644 --- a/sound/soc/codecs/cs42l51-i2c.c +++ b/sound/soc/codecs/cs42l51-i2c.c @@ -23,6 +23,12 @@ static struct i2c_device_id cs42l51_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, cs42l51_i2c_id); +const struct of_device_id cs42l51_of_match[] = { + { .compatible = "cirrus,cs42l51", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs42l51_of_match); + static int cs42l51_i2c_probe(struct i2c_client *i2c, const struct i2c_device_id *id) { diff --git a/sound/soc/codecs/cs42l51.c b/sound/soc/codecs/cs42l51.c index f8072f1897d4c..b9de9836f2f4c 100644 --- a/sound/soc/codecs/cs42l51.c +++ b/sound/soc/codecs/cs42l51.c @@ -562,13 +562,6 @@ int cs42l51_probe(struct device *dev, struct regmap *regmap) } EXPORT_SYMBOL_GPL(cs42l51_probe); -const struct of_device_id cs42l51_of_match[] = { - { .compatible = "cirrus,cs42l51", }, - { } -}; -MODULE_DEVICE_TABLE(of, cs42l51_of_match); -EXPORT_SYMBOL_GPL(cs42l51_of_match); - MODULE_AUTHOR("Arnaud Patard <arnaud.patard(a)rtp-net.org>"); MODULE_DESCRIPTION("Cirrus Logic CS42L51 ALSA SoC Codec Driver"); MODULE_LICENSE("GPL"); diff --git a/sound/soc/codecs/cs42l51.h b/sound/soc/codecs/cs42l51.h index 0ca805492ac4b..8c55bf384bc65 100644 --- a/sound/soc/codecs/cs42l51.h +++ b/sound/soc/codecs/cs42l51.h @@ -22,7 +22,6 @@ struct device; extern const struct regmap_config cs42l51_regmap; int cs42l51_probe(struct device *dev, struct regmap *regmap); -extern const struct of_device_id cs42l51_of_match[]; #define CS42L51_CHIP_ID 0x1B #define CS42L51_CHIP_REV_A 0x00 -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 033/190] PCI: qcom: Disable write access to read only registers for IP v2.3.3

by Sasha Levin

From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [ Upstream commit a33d700e8eea76c62120cb3dbf5e01328f18319a ] In the post init sequence of v2.9.0, write access to read only registers are not disabled after updating the registers. Fix it by disabling the access after register update. Link: https://lore.kernel.org/r/20230619150408.8468-2-manivannan.sadhasivam@linar… Fixes: 5d76117f070d ("PCI: qcom: Add support for IPQ8074 PCIe controller") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Lorenzo Pieralisi <lpieralisi(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pcie-qcom.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/dwc/pcie-qcom.c b/drivers/pci/dwc/pcie-qcom.c index fe710f83e59bc..431bc0e4d3eec 100644 --- a/drivers/pci/dwc/pcie-qcom.c +++ b/drivers/pci/dwc/pcie-qcom.c @@ -730,6 +730,8 @@ static int qcom_pcie_get_resources_2_4_0(struct qcom_pcie *pcie) if (IS_ERR(res->phy_ahb_reset)) return PTR_ERR(res->phy_ahb_reset); + dw_pcie_dbi_ro_wr_dis(pci); + return 0; } -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 032/190] pinctrl: amd: Only use special debounce behavior for GPIO 0

by Sasha Levin

From: Mario Limonciello <mario.limonciello(a)amd.com> [ Upstream commit 0d5ace1a07f7e846d0f6d972af60d05515599d0b ] It's uncommon to use debounce on any other pin, but technically we should only set debounce to 0 when working off GPIO0. Cc: stable(a)vger.kernel.org Tested-by: Jan Visser <starquake(a)linuxeverywhere.org> Fixes: 968ab9261627 ("pinctrl: amd: Detect internal GPIO0 debounce handling") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20230705133005.577-2-mario.limonciello@amd.com Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/pinctrl-amd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 41f12fa15143c..693137e0574fd 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -116,9 +116,11 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset, raw_spin_lock_irqsave(&gpio_dev->lock, flags); /* Use special handling for Pin0 debounce */ - pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); - if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) - debounce = 0; + if (offset == 0) { + pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); + if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) + debounce = 0; + } pin_reg = readl(gpio_dev->base + offset * 4); -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 031/190] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

by Sasha Levin

From: Daniel Vacek <neelx(a)redhat.com> [ Upstream commit e6f57c6881916df39db7d95981a8ad2b9c3458d6 ] Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] -- [ 1080.974535] Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1] [ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 -- [ 1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = { list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf = 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len = 0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags = 0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = { 0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = { 0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0, priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6 descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not properly expanded and the packet will overflow into the container structure. This results in a panic when the send completion runs. The exact panic varies depending on what elements of the container structure get corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the descriptor array. With this patch the crashes are no longer reproducible and the machine is stable. Fixes: fd8958efe877 ("IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors") Cc: stable(a)vger.kernel.org Reported-by: Mats Kronberg <kronberg(a)nsc.liu.se> Tested-by: Mats Kronberg <kronberg(a)nsc.liu.se> Signed-off-by: Daniel Vacek <neelx(a)redhat.com> Link: https://lore.kernel.org/r/20240201081009.1109442-1-neelx@redhat.com Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/hfi1/sdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c index aeaed09360055..4067273fdd7b1 100644 --- a/drivers/infiniband/hw/hfi1/sdma.c +++ b/drivers/infiniband/hw/hfi1/sdma.c @@ -3212,7 +3212,7 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx) { int rval = 0; - if ((unlikely(tx->num_desc + 1 == tx->desc_limit))) { + if ((unlikely(tx->num_desc == tx->desc_limit))) { rval = _extend_sdma_tx_descs(dd, tx); if (rval) { __sdma_txclean(dd, tx); -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 029/190] smb: client: fix OOB in smbCalcSize()

by Sasha Levin

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit b35858b3786ddbb56e1c35138ba25d6adf8d0bef ] Validate @smb->WordCount to avoid reading off the end of @smb and thus causing the following KASAN splat: BUG: KASAN: slab-out-of-bounds in smbCalcSize+0x32/0x40 [cifs] Read of size 2 at addr ffff88801c024ec5 by task cifsd/1328 CPU: 1 PID: 1328 Comm: cifsd Not tainted 6.7.0-rc5 #9 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4a/0x80 print_report+0xcf/0x650 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __phys_addr+0x46/0x90 kasan_report+0xd8/0x110 ? smbCalcSize+0x32/0x40 [cifs] ? smbCalcSize+0x32/0x40 [cifs] kasan_check_range+0x105/0x1b0 smbCalcSize+0x32/0x40 [cifs] checkSMB+0x162/0x370 [cifs] ? __pfx_checkSMB+0x10/0x10 [cifs] cifs_handle_standard+0xbc/0x2f0 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 cifs_demultiplex_thread+0xed1/0x1360 [cifs] ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 ? lockdep_hardirqs_on_prepare+0x136/0x210 ? __pfx_lock_release+0x10/0x10 ? srso_alias_return_thunk+0x5/0xfbef5 ? mark_held_locks+0x1a/0x90 ? lockdep_hardirqs_on_prepare+0x136/0x210 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __kthread_parkme+0xce/0xf0 ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] kthread+0x18d/0x1d0 ? kthread+0xdb/0x1d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This fixes CVE-2023-6606. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218218 Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/misc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index d0e024856c0d4..d22454f4cf841 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -334,6 +334,10 @@ checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) cifs_dbg(VFS, "Length less than smb header size\n"); } return -EIO; + } else if (total_read < sizeof(*smb) + 2 * smb->WordCount) { + cifs_dbg(VFS, "%s: can't read BCC due to invalid WordCount(%u)\n", + __func__, smb->WordCount); + return -EIO; } /* otherwise, there is enough to get to the BCC */ -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 028/190] btrfs: do not allow non subvolume root targets for snapshot

by Sasha Levin

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit a8892fd71933126ebae3d60aec5918d4dceaae76 ] Our btrfs subvolume snapshot <source> <destination> utility enforces that <source> is the root of the subvolume, however this isn't enforced in the kernel. Update the kernel to also enforce this limitation to avoid problems with other users of this ioctl that don't have the appropriate checks in place. Reported-by: Martin Michaelis <code(a)mgjm.de> CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/ioctl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c8bc8cf5a41f2..61ab4bc3ca1b5 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1695,6 +1695,15 @@ static noinline int btrfs_ioctl_snap_create_transid(struct file *file, * are limited to own subvolumes only */ ret = -EPERM; + } else if (btrfs_ino(BTRFS_I(src_inode)) != BTRFS_FIRST_FREE_OBJECTID) { + /* + * Snapshots must be made with the src_inode referring + * to the subvolume inode, otherwise the permission + * checking above is useless because we may have + * permission on a lower directory but not the subvol + * itself. + */ + ret = -EINVAL; } else { ret = btrfs_mksubvol(&file->f_path, name, namelen, BTRFS_I(src_inode)->root, -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 025/190] arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names

by Sasha Levin

From: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> [ Upstream commit 24165c5dad7ba7c7624d05575a5e0cc851396c71 ] Fix a unit_address_vs_reg warning for the USB VBUS fixed regulators by renaming the regulator nodes from regulator@{0,1} to regulator-usb-p0 and regulator-usb-p1. Cc: stable(a)vger.kernel.org Fixes: c0891284a74a ("arm64: dts: mediatek: add USB3 DRD driver") Link: https://lore.kernel.org/r/20231025093816.44327-8-angelogioacchino.delregno@… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts index 1c3634fa94bf4..03ffb331008af 100644 --- a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts +++ b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts @@ -51,7 +51,7 @@ id-gpio = <&pio 16 GPIO_ACTIVE_HIGH>; }; - usb_p1_vbus: regulator@0 { + usb_p1_vbus: regulator-usb-p1 { compatible = "regulator-fixed"; regulator-name = "usb_vbus"; regulator-min-microvolt = <5000000>; @@ -60,7 +60,7 @@ enable-active-high; }; - usb_p0_vbus: regulator@1 { + usb_p0_vbus: regulator-usb-p0 { compatible = "regulator-fixed"; regulator-name = "vbus"; regulator-min-microvolt = <5000000>; -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 023/190] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset

by Sasha Levin

From: Helge Deller <deller(a)gmx.de> [ Upstream commit 8a32aa17c1cd48df1ddaa78e45abcb8c7a2220d6 ] The pointer to the next STI font is actually a signed 32-bit offset. With this change the 64-bit kernel will correctly subract the (signed 32-bit) offset instead of adding a (unsigned 32-bit) offset. It has no effect on 32-bit kernels. This fixes the stifb driver with a 64-bit kernel on qemu. Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/video/fbdev/sticore.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/sticore.h b/drivers/video/fbdev/sticore.h index fb8f58f9867a7..0416e2bc27d85 100644 --- a/drivers/video/fbdev/sticore.h +++ b/drivers/video/fbdev/sticore.h @@ -237,7 +237,7 @@ struct sti_rom_font { u8 height; u8 font_type; /* language type */ u8 bytes_per_char; - u32 next_font; + s32 next_font; /* note: signed int */ u8 underline_height; u8 underline_pos; u8 res008[2]; -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 022/190] smb3: fix touch -h of symlink

by Sasha Levin

From: Steve French <stfrench(a)microsoft.com> [ Upstream commit 475efd9808a3094944a56240b2711349e433fb66 ] For example: touch -h -t 02011200 testfile where testfile is a symlink would not change the timestamp, but touch -t 02011200 testfile does work to change the timestamp of the target Suggested-by: David Howells <dhowells(a)redhat.com> Reported-by: Micah Veilleux <micah.veilleux(a)iba-group.com> Closes: https://bugzilla.samba.org/show_bug.cgi?id=14476 Cc: stable(a)vger.kernel.org Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/cifsfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 1d3f98572068f..c676d916b4b6d 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -924,6 +924,7 @@ const struct inode_operations cifs_file_inode_ops = { const struct inode_operations cifs_symlink_inode_ops = { .get_link = cifs_get_link, + .setattr = cifs_setattr, .permission = cifs_permission, .listxattr = cifs_listxattr, }; -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 021/190] MIPS: KVM: Fix a build warning about variable set but not used

by Sasha Levin

From: Huacai Chen <chenhuacai(a)loongson.cn> [ Upstream commit 83767a67e7b6a0291cde5681ec7e3708f3f8f877 ] After commit 411740f5422a ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU") old_pte is no longer used in kvm_mips_map_page(). So remove it to fix a build warning about variable set but not used: arch/mips/kvm/mmu.c: In function 'kvm_mips_map_page': >> arch/mips/kvm/mmu.c:701:29: warning: variable 'old_pte' set but not used [-Wunused-but-set-variable] 701 | pte_t *ptep, entry, old_pte; | ^~~~~~~ Cc: stable(a)vger.kernel.org Fixes: 411740f5422a960 ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202310070530.aARZCSfh-lkp@intel.com/ Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/mips/kvm/mmu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/mips/kvm/mmu.c b/arch/mips/kvm/mmu.c index ee64db0327933..0ed17805dfe4c 100644 --- a/arch/mips/kvm/mmu.c +++ b/arch/mips/kvm/mmu.c @@ -701,7 +701,7 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa, gfn_t gfn = gpa >> PAGE_SHIFT; int srcu_idx, err; kvm_pfn_t pfn; - pte_t *ptep, entry, old_pte; + pte_t *ptep, entry; bool writeable; unsigned long prot_bits; unsigned long mmu_seq; @@ -774,7 +774,6 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa, entry = pfn_pte(pfn, __pgprot(prot_bits)); /* Write the PTE */ - old_pte = *ptep; set_pte(ptep, entry); err = 0; -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 013/190] iio: exynos-adc: request second interupt only when touchscreen mode is used

by Sasha Levin

From: Marek Szyprowski <m.szyprowski(a)samsung.com> [ Upstream commit 865b080e3229102f160889328ce2e8e97aa65ea0 ] Second interrupt is needed only when touchscreen mode is used, so don't request it unconditionally. This removes the following annoying warning during boot: exynos-adc 14d10000.adc: error -ENXIO: IRQ index 1 not found Fixes: 2bb8ad9b44c5 ("iio: exynos-adc: add experimental touchscreen support") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Link: https://lore.kernel.org/r/20231009101412.916922-1-m.szyprowski@samsung.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/exynos_adc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/iio/adc/exynos_adc.c b/drivers/iio/adc/exynos_adc.c index 019153882e700..f8324261e74d4 100644 --- a/drivers/iio/adc/exynos_adc.c +++ b/drivers/iio/adc/exynos_adc.c @@ -787,6 +787,12 @@ static int exynos_adc_probe(struct platform_device *pdev) } } + /* leave out any TS related code if unreachable */ + if (IS_REACHABLE(CONFIG_INPUT)) { + has_ts = of_property_read_bool(pdev->dev.of_node, + "has-touchscreen") || pdata; + } + irq = platform_get_irq(pdev, 0); if (irq < 0) { dev_err(&pdev->dev, "no irq resource?\n"); @@ -794,11 +800,15 @@ static int exynos_adc_probe(struct platform_device *pdev) } info->irq = irq; - irq = platform_get_irq(pdev, 1); - if (irq == -EPROBE_DEFER) - return irq; + if (has_ts) { + irq = platform_get_irq(pdev, 1); + if (irq == -EPROBE_DEFER) + return irq; - info->tsirq = irq; + info->tsirq = irq; + } else { + info->tsirq = -1; + } info->dev = &pdev->dev; @@ -865,12 +875,6 @@ static int exynos_adc_probe(struct platform_device *pdev) if (info->data->init_hw) info->data->init_hw(info); - /* leave out any TS related code if unreachable */ - if (IS_REACHABLE(CONFIG_INPUT)) { - has_ts = of_property_read_bool(pdev->dev.of_node, - "has-touchscreen") || pdata; - } - if (pdata) info->delay = pdata->delay; else -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 012/190] selftests/ftrace: Add new test case which checks non unique symbol

by Sasha Levin

From: Francis Laniel <flaniel(a)linux.microsoft.com> [ Upstream commit 03b80ff8023adae6780e491f66e932df8165e3a0 ] If name_show() is non unique, this test will try to install a kprobe on this function which should fail returning EADDRNOTAVAIL. On kernel where name_show() is not unique, this test is skipped. Link: https://lore.kernel.org/all/20231020104250.9537-3-flaniel@linux.microsoft.c… Cc: stable(a)vger.kernel.org Signed-off-by: Francis Laniel <flaniel(a)linux.microsoft.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc new file mode 100644 index 0000000000000..bc9514428dbaf --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc @@ -0,0 +1,13 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test failure of registering kprobe on non unique symbol +# requires: kprobe_events + +SYMBOL='name_show' + +# We skip this test on kernel where SYMBOL is unique or does not exist. +if [ "$(grep -c -E "[[:alnum:]]+ t ${SYMBOL}" /proc/kallsyms)" -le '1' ]; then + exit_unsupported +fi + +! echo "p:test_non_unique ${SYMBOL}" > kprobe_events -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 008/190] iio: addac: stx104: Fix race condition for stx104_write_raw()

by Sasha Levin

From: William Breathitt Gray <william.gray(a)linaro.org> [ Upstream commit 9740827468cea80c42db29e7171a50e99acf7328 ] The priv->chan_out_states array and actual DAC value can become mismatched if stx104_write_raw() is called concurrently. Prevent such a race condition by utilizing a mutex. Fixes: 97a445dad37a ("iio: Add IIO support for the DAC on the Apex Embedded Systems STX104") Signed-off-by: William Breathitt Gray <william.gray(a)linaro.org> Link: https://lore.kernel.org/r/c95c9a77fcef36b2a052282146950f23bbc1ebdc.16807905… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/stx104.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/iio/adc/stx104.c b/drivers/iio/adc/stx104.c index 2da741d27540f..edc3b29eed621 100644 --- a/drivers/iio/adc/stx104.c +++ b/drivers/iio/adc/stx104.c @@ -23,6 +23,7 @@ #include <linux/kernel.h> #include <linux/module.h> #include <linux/moduleparam.h> +#include <linux/mutex.h> #include <linux/spinlock.h> #define STX104_OUT_CHAN(chan) { \ @@ -54,10 +55,12 @@ MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses"); /** * struct stx104_iio - IIO device private data structure + * @lock: synchronization lock to prevent I/O race conditions * @chan_out_states: channels' output states * @base: base port address of the IIO device */ struct stx104_iio { + struct mutex lock; unsigned int chan_out_states[STX104_NUM_OUT_CHAN]; unsigned int base; }; @@ -160,9 +163,12 @@ static int stx104_write_raw(struct iio_dev *indio_dev, if ((unsigned int)val > 65535) return -EINVAL; + mutex_lock(&priv->lock); + priv->chan_out_states[chan->channel] = val; outw(val, priv->base + 4 + 2 * chan->channel); + mutex_unlock(&priv->lock); return 0; } return -EINVAL; @@ -323,6 +329,8 @@ static int stx104_probe(struct device *dev, unsigned int id) priv = iio_priv(indio_dev); priv->base = base[id]; + mutex_init(&priv->lock); + /* configure device for software trigger operation */ outb(0, base[id] + 9); -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 007/190] IMA: allow/fix UML builds

by Sasha Levin

From: Randy Dunlap <rdunlap(a)infradead.org> [ Upstream commit 644f17412f5acf01a19af9d04a921937a2bc86c6 ] UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling NO_IOMEM). Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' ld: security/integrity/ima/ima_init.o: in function `ima_init': ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM is set, regardless of the UML Kconfig setting. This updates TCG_TPM from =m to =y and fixes the linker errors. Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") Cc: Stable <stable(a)vger.kernel.org> # v5.14+ Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Anton Ivanov <anton.ivanov(a)cambridgegreys.com> Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: linux-um(a)lists.infradead.org Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 6a8f67714c831..a8bf67557eb54 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -8,7 +8,7 @@ config IMA select CRYPTO_MD5 select CRYPTO_SHA1 select CRYPTO_HASH_INFO - select TCG_TPM if HAS_IOMEM && !UML + select TCG_TPM if HAS_IOMEM select TCG_TIS if TCG_TPM && X86 select TCG_CRB if TCG_TPM && ACPI select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 005/190] btrfs: fix extent buffer leak after tree mod log failure at split_node()

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit ede600e497b1461d06d22a7d17703d9096868bc3 ] At split_node(), if we fail to log the tree mod log copy operation, we return without unlocking the split extent buffer we just allocated and without decrementing the reference we own on it. Fix this by unlocking it and decrementing the ref count before returning. Fixes: 5de865eebb83 ("Btrfs: fix tree mod logging") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/ctree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 156716f9e3e21..61ed69c688d58 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -3537,6 +3537,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans, ret = tree_mod_log_eb_copy(fs_info, split, c, 0, mid, c_nritems - mid); if (ret) { + btrfs_tree_unlock(split); + free_extent_buffer(split); btrfs_abort_transaction(trans, ret); return ret; } -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 004/190] pinctrl: amd: Detect internal GPIO0 debounce handling

by Sasha Levin

From: Mario Limonciello <mario.limonciello(a)amd.com> [ Upstream commit 968ab9261627fa305307e3935ca1a32fcddd36cb ] commit 4e5a04be88fe ("pinctrl: amd: disable and mask interrupts on probe") had a mistake in loop iteration 63 that it would clear offset 0xFC instead of 0x100. Offset 0xFC is actually `WAKE_INT_MASTER_REG`. This was clearing bits 13 and 15 from the register which significantly changed the expected handling for some platforms for GPIO0. commit b26cd9325be4 ("pinctrl: amd: Disable and mask interrupts on resume") actually fixed this bug, but lead to regressions on Lenovo Z13 and some other systems. This is because there was no handling in the driver for bit 15 debounce behavior. Quoting a public BKDG: ``` EnWinBlueBtn. Read-write. Reset: 0. 0=GPIO0 detect debounced power button; Power button override is 4 seconds. 1=GPIO0 detect debounced power button in S3/S5/S0i3, and detect "pressed less than 2 seconds" and "pressed 2~10 seconds" in S0; Power button override is 10 seconds ``` Cross referencing the same master register in Windows it's obvious that Windows doesn't use debounce values in this configuration. So align the Linux driver to do this as well. This fixes wake on lid when WAKE_INT_MASTER_REG is properly programmed. Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=217315 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20230421120625.3366-2-mario.limonciello@amd.com Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/pinctrl-amd.c | 7 +++++++ drivers/pinctrl/pinctrl-amd.h | 1 + 2 files changed, 8 insertions(+) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 509ba4bceefcb..41f12fa15143c 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -114,6 +114,12 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset, struct amd_gpio *gpio_dev = gpiochip_get_data(gc); raw_spin_lock_irqsave(&gpio_dev->lock, flags); + + /* Use special handling for Pin0 debounce */ + pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); + if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) + debounce = 0; + pin_reg = readl(gpio_dev->base + offset * 4); if (debounce) { @@ -191,6 +197,7 @@ static void amd_gpio_dbg_show(struct seq_file *s, struct gpio_chip *gc) char *output_value; char *output_enable; + seq_printf(s, "WAKE_INT_MASTER_REG: 0x%08x\n", readl(gpio_dev->base + WAKE_INT_MASTER_REG)); for (bank = 0; bank < gpio_dev->hwbank_num; bank++) { seq_printf(s, "GPIO bank%d\t", bank); diff --git a/drivers/pinctrl/pinctrl-amd.h b/drivers/pinctrl/pinctrl-amd.h index 884f48f7a6a36..c6be602c3df73 100644 --- a/drivers/pinctrl/pinctrl-amd.h +++ b/drivers/pinctrl/pinctrl-amd.h @@ -21,6 +21,7 @@ #define AMD_GPIO_PINS_BANK3 32 #define WAKE_INT_MASTER_REG 0xfc +#define INTERNAL_GPIO0_DEBOUNCE (1 << 15) #define EOI_MASK (1 << 29) #define WAKE_INT_STATUS_REG0 0x2f8 -- 2.43.0

1 year, 2 months

1
0
0 0

[PATCH 4.14-openela 003/190] ALSA: jack: Fix mutex call in snd_jack_report()

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit 89dbb335cb6a627a4067bc42caa09c8bc3326d40 ] snd_jack_report() is supposed to be callable from an IRQ context, too, and it's indeed used in that way from virtsnd driver. The fix for input_dev race in commit 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex"), however, introduced a mutex lock in snd_jack_report(), and this resulted in a potential sleep-in-atomic. For addressing that problem, this patch changes the relevant code to use the object get/put and removes the mutex usage. That is, snd_jack_report(), it takes input_get_device() and leaves with input_put_device() for assuring the input_dev being assigned. Although the whole mutex could be reduced, we keep it because it can be still a protection for potential races between creation and deletion. Fixes: 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex") Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/cf95f7fe-a748-4990-8378-000491b40329@moroto.mount… Tested-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20230706155357.3470-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/core/jack.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sound/core/jack.c b/sound/core/jack.c index d2f9a92453f2f..6340de60f26ef 100644 --- a/sound/core/jack.c +++ b/sound/core/jack.c @@ -378,6 +378,7 @@ void snd_jack_report(struct snd_jack *jack, int status) { struct snd_jack_kctl *jack_kctl; #ifdef CONFIG_SND_JACK_INPUT_DEV + struct input_dev *idev; int i; #endif @@ -389,30 +390,28 @@ void snd_jack_report(struct snd_jack *jack, int status) status & jack_kctl->mask_bits); #ifdef CONFIG_SND_JACK_INPUT_DEV - mutex_lock(&jack->input_dev_lock); - if (!jack->input_dev) { - mutex_unlock(&jack->input_dev_lock); + idev = input_get_device(jack->input_dev); + if (!idev) return; - } for (i = 0; i < ARRAY_SIZE(jack->key); i++) { int testbit = SND_JACK_BTN_0 >> i; if (jack->type & testbit) - input_report_key(jack->input_dev, jack->key[i], + input_report_key(idev, jack->key[i], status & testbit); } for (i = 0; i < ARRAY_SIZE(jack_switch_types); i++) { int testbit = 1 << i; if (jack->type & testbit) - input_report_switch(jack->input_dev, + input_report_switch(idev, jack_switch_types[i], status & testbit); } - input_sync(jack->input_dev); - mutex_unlock(&jack->input_dev_lock); + input_sync(idev); + input_put_device(idev); #endif /* CONFIG_SND_JACK_INPUT_DEV */ } EXPORT_SYMBOL(snd_jack_report); -- 2.43.0

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040520-unselect-antitrust-a41b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 2 months

4
14
0 0

Re: Patch "arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S" has been added to the 6.8-stable tree

by Konrad Dybcio

On 4/10/24 17:57, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S autosel has been reeaaaaaly going over the top lately, particularly with dts patches.. I'm not sure adding support for a device is something that should go to stable Konrad

1 year, 2 months

6
9
0 0

[PATCH v5] mtd: limit OTP NVMEM cell parse to non-NAND devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v5: - Lower case of cell and use non-NAND Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 2 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 2399d500b8812..8970d4b3b42c3 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -216,7 +216,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -694,7 +694,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -703,7 +703,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 2 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 22104cb84b1ca..efa8fb59d3ad2 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -201,7 +201,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -679,7 +679,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 2 months

1
3
0 0

[PATCH AUTOSEL 5.10 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 2 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 2 months

1
3
0 0

[PATCH AUTOSEL 6.1 1/6] scsi: ufs: core: WLUN suspend dev/link state error recovery

by Sasha Levin

From: Peter Wang <peter.wang(a)mediatek.com> [ Upstream commit 6bc5e70b1c792b31b497e48b4668a9a2909aca0d ] When wl suspend error occurs, for example BKOP or SSU timeout, the host triggers an error handler and returns -EBUSY to break the wl suspend process. However, it is possible for the runtime PM to enter wl suspend again before the error handler has finished, and return -EINVAL because the device is in an error state. To address this, ensure that the rumtime PM waits for the error handler to finish, or trigger the error handler in such cases, because returning -EINVAL can cause the I/O to hang. Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Link: https://lore.kernel.org/r/20240329015036.15707-1-peter.wang@mediatek.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufshcd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f3c25467e571f..948449a13247c 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -9044,7 +9044,10 @@ static int __ufshcd_wl_suspend(struct ufs_hba *hba, enum ufs_pm_op pm_op) /* UFS device & link must be active before we enter in this function */ if (!ufshcd_is_ufs_dev_active(hba) || !ufshcd_is_link_active(hba)) { - ret = -EINVAL; + /* Wait err handler finish or trigger err recovery */ + if (!ufshcd_eh_in_progress(hba)) + ufshcd_force_error_recovery(hba); + ret = -EBUSY; goto enable_scaling; } -- 2.43.0

1 year, 2 months

1
5
0 0

[PATCH AUTOSEL 6.6 01/12] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 44f39a520bb39..e80a2a5ec56a1 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 2 months

1
11
0 0

[PATCH AUTOSEL 6.8 01/15] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 2445ae7f6b2e9..1506982a56c30 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 2 months

1
14
0 0

[PATCH] fuse: fix leaked ENOSYS error on first statx call

by Danny Lin

FUSE attempts to detect server support for statx by trying it once and setting no_statx=1 if it fails with ENOSYS, but consider the following scenario: - Userspace (e.g. sh) calls stat() on a file * succeeds - Userspace (e.g. lsd) calls statx(BTIME) on the same file - request_mask = STATX_BASIC_STATS | STATX_BTIME - first pass: sync=true due to differing cache_mask - statx fails and returns ENOSYS - set no_statx and retry - retry sets mask = STATX_BASIC_STATS - now mask == cache_mask; sync=false (time_before: still valid) - so we take the "else if (stat)" path - "err" is still ENOSYS from the failed statx call Fix this by zeroing "err" before retrying the failed call. Fixes: d3045530bdd2 ("fuse: implement statx") Cc: stable(a)vger.kernel.org # v6.6 Signed-off-by: Danny Lin <danny(a)orbstack.dev> --- fs/fuse/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index de452cdbf3cf..a63125ce70a4 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1362,6 +1362,7 @@ static int fuse_update_get_attr(struct inode *inode, struct file *file, err = fuse_do_statx(inode, file, stat); if (err == -ENOSYS) { fc->no_statx = 1; + err = 0; goto retry; } } else { -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH 1/2] USB: serial: option: add Lonsung U8300/U9300 product Update the USB serial option driver to support Longsung U8300/U9300.

by Coia Prant

ID 1c9e:9b05 OMEGA TECHNOLOGY (U8300) ID 1c9e:9b3c OMEGA TECHNOLOGY (U9300) U8300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=option, 480M (Debug) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 5, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b05 OMEGA TECHNOLOGY U9300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b3c OMEGA TECHNOLOGY Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 2 months

3
2
0 0

[PATCH v2 01/43] drm/fbdev-generic: Do not set physical framebuffer address

by Thomas Zimmermann

Framebuffer memory is allocated via vzalloc() from non-contiguous physical pages. The physical framebuffer start address is therefore meaningless. Do not set it. The value is not used within the kernel and only exported to userspace on dedicated ARM configs. No functional change is expected. v2: - refer to vzalloc() in commit message (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: a5b44c4adb16 ("drm/fbdev-generic: Always use shadow buffering") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Zack Rusin <zackr(a)vmware.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.4+ Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Reviewed-by: Zack Rusin <zack.rusin(a)broadcom.com> Reviewed-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> Tested-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> --- drivers/gpu/drm/drm_fbdev_generic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_fbdev_generic.c b/drivers/gpu/drm/drm_fbdev_generic.c index be357f926faec..97e579c33d84a 100644 --- a/drivers/gpu/drm/drm_fbdev_generic.c +++ b/drivers/gpu/drm/drm_fbdev_generic.c @@ -113,7 +113,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; /* deferred I/O */ -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

by Jeff Mahoney

Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2) appears to have been accidentially reverted as part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload allocation/removement). I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2 due to state->dev being NULL in the debug message printed if the payload allocation has failed. This commit restores mgr->dev to avoid the Oops. Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement") Cc: stable(a)vger.kernel.org Signed-off-by: Jeff Mahoney <jeffm(a)suse.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 03d528209426..3dc966f25c0c 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr, /* Skip failed payloads */ if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) { - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", payload->port->connector->name); return -EIO; } -- 2.44.0

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041448-washcloth-flanked-1878@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 2 months

1
0
0 0

6.8.3+ panic at boot with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y

by Mihai Moldovan

Hi Since you backported 41044b41ad2c8c8165a42ec6e9a4096826dcf153 to 6.8.3 and higher, the kernel crashes hard on boot if BTRFS's sanity checks have been enabled (CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y). Please backport b2136cc288fce2f24a92f3d656531b2d50ebec5a to the stable/mainline series fix this issue. Best regards Mihai Moldovan

1 year, 2 months

2
1
0 0

[PATCH] media: cec: core: remove length check of Timer Status solution applies to 5.4 and 4.19

by Nini Song (宋宛妮)

Hi @stable@vger.kernel.org<mailto:stable@vger.kernel.org> This patch has been merged in mainline as commit ce5d241c3ad45. [patch diff] [cid:image001.png@01DA8D04.BCD8A070] Because of our customer used v5.15, v5.4 and 4.19 for MP production, which requires this solution. We need your help apply the patch in v5.15, v5.4 and 4.19. Thanks! BR, Nini Song

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] r8169: fix LED-related deadlock on module removal" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 19fa4f2a85d777a8052e869c1b892a2f7556569d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041459-lagging-tiny-7189@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 19fa4f2a85d7 ("r8169: fix LED-related deadlock on module removal") be51ed104ba9 ("r8169: add LED support for RTL8125/RTL8126") 3907f1ffc0ec ("r8169: add support for RTL8126A") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fa4f2a85d777a8052e869c1b892a2f7556569d Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 8 Apr 2024 20:47:40 +0200 Subject: [PATCH] r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case. Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101") Cc: stable(a)vger.kernel.org Reported-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h index 4c043052198d..00882ffc7a02 100644 --- a/drivers/net/ethernet/realtek/r8169.h +++ b/drivers/net/ethernet/realtek/r8169.h @@ -73,6 +73,7 @@ enum mac_version { }; struct rtl8169_private; +struct r8169_led_classdev; void r8169_apply_firmware(struct rtl8169_private *tp); u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp); @@ -84,7 +85,8 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx, char *buf, int buf_len); int rtl8168_get_led_mode(struct rtl8169_private *tp); int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val); -void rtl8168_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev); int rtl8125_get_led_mode(struct rtl8169_private *tp, int index); int rtl8125_set_led_mode(struct rtl8169_private *tp, int index, u16 mode); -void rtl8125_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev); +void r8169_remove_leds(struct r8169_led_classdev *leds); diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c index 7c5dc9d0df85..e10bee706bc6 100644 --- a/drivers/net/ethernet/realtek/r8169_leds.c +++ b/drivers/net/ethernet/realtek/r8169_leds.c @@ -146,22 +146,22 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8168_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8168_NUM_LEDS; i++) rtl8168_setup_ldev(leds + i, ndev, i); + + return leds; } static int rtl8125_led_hw_control_is_supported(struct led_classdev *led_cdev, @@ -245,20 +245,31 @@ static void rtl8125_setup_led_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8125_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8125_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8125_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8125_NUM_LEDS; i++) rtl8125_setup_led_ldev(leds + i, ndev, i); + + return leds; +} + +void r8169_remove_leds(struct r8169_led_classdev *leds) +{ + if (!leds) + return; + + for (struct r8169_led_classdev *l = leds; l->ndev; l++) + led_classdev_unregister(&l->led); + + kfree(leds); } diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 6f1e6f386b7b..8a27328eae34 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -647,6 +647,8 @@ struct rtl8169_private { const char *fw_name; struct rtl_fw *rtl_fw; + struct r8169_led_classdev *leds; + u32 ocp_base; }; @@ -5044,6 +5046,8 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); + r8169_remove_leds(tp->leds); + unregister_netdev(tp->dev); if (tp->dash_type != RTL_DASH_NONE) @@ -5501,9 +5505,9 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (IS_ENABLED(CONFIG_R8169_LEDS)) { if (rtl_is_8125(tp)) - rtl8125_init_leds(dev); + tp->leds = rtl8125_init_leds(dev); else if (tp->mac_version > RTL_GIGA_MAC_VER_06) - rtl8168_init_leds(dev); + tp->leds = rtl8168_init_leds(dev); } netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n",

1 year, 2 months

1
0
0 0

S4 fix for Phoenix laptops

by Mario Limonciello

Hi, This fix was sent out for fixing S4 under stress on some Phoenix laptops. 31729e8c21ec ("drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11") David Markey confirmed[1] it helps Framework 13 under S4 stress testing. Can you please bring it to 6.1.y and later? [1] https://community.frame.work/t/responded-arch-hibernation-woes-on-amd-13/45… Thanks

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041442-grumble-saggy-01f0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041441-unabashed-swarm-244d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 2 months

1
0
0 0

Add commit "eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init" to kernel 6.8.y

by Gong, Richard

Hi, The commit below resolves s2idle failure on processor for AMD Family 1Ah Model 20h, eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init Please add this commit to stable kernel 6.8.y. Thanks! Regards, Richard

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041458-gurgle-mulled-5492@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041457-sequester-eclipse-f130@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 2 months

1
0
0 0

[PATCH v3] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v3: - add NULL pointer check in memblock_free_late() path. v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..8841554432d5 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else if (addr) + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 2 months

2
1
0 0

[PATCH v2] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..f9a45adc6307 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 2 months

3
3
0 0

Linux 6.8.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.6 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 ++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 ++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/entry/vdso/Makefile | 10 - arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/resource.c | 7 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 38 ++++ drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/ci/gitlab-ci.yml | 14 + drivers/gpu/drm/ci/test.yml | 1 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 - drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 drivers/gpu/drm/panel/panel-simple.c | 20 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dsa/qca/qca8k-8xxx.c | 3 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 ++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.c | 60 ++++++- drivers/net/wireless/realtek/rtw89/pci.h | 6 drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/acer-wmi.c | 17 +- drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/thunderbolt/tunnel.c | 16 - drivers/tty/serial/8250/8250_of.c | 44 ++++- drivers/tty/serial/8250/8250_port.c | 24 -- drivers/ufs/host/ufs-qcom.c | 13 + drivers/usb/gadget/function/uvc_video.c | 10 - drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/printk.h | 2 include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/internal.h | 1 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 lib/dump_stack.c | 16 + net/bluetooth/hci_event.c | 3 net/core/netdev-genl.c | 15 - net/core/page_pool_user.c | 2 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---- sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 191 files changed, 1530 insertions(+), 450 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Ahmad Rehman (1): drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Andy Shevchenko (1): serial: 8250_of: Drop quirk fot NPCM from 8250_port Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB Bjorn Andersson (1): arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Borislav Petkov (AMD) (1): x86/vdso: Fix rethunk patching for vdso-image-x32.o too Brent Lu (1): ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (2): amdkfd: use calloc instead of kzalloc to avoid integer overflow nouveau: fix devinit paths to only handle display on GSP. David McFarland (1): platform/x86/intel/hid: Don't wake on 5-button releases David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Baryshkov (1): arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Chanudet (1): scsi: ufs: qcom: Avoid re-init quirk when gears match Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Gil Fine (1): thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Greg Kroah-Hartman (1): Linux 6.8.6 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (3): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Hui Liu (1): arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jakub Kicinski (1): netdev: let netlink core handle -EMSGSIZE errors Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jason Gunthorpe (1): iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (3): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end dump_stack: Do not get cpu_sync for panic CPU Josh Poimboeuf (1): x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luca Weiss (1): usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (2): usb: gadget: uvc: refactor the check for a valid buffer in the pump worker usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (2): wifi: iwlwifi: pcie: Add the PCI device id for new hardware wifi: iwlwifi: pcie: Add new PCI device id and CNVI Nicholas Kazlauskas (1): drm/amd/display: Disable idle reallow as part of command/gpint execution Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (2): wifi: rtw89: pci: validate RX tag for RXQ and RPQ wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Sohaib Nadeem (1): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Stanley.Yang (1): drm/amdgpu: Skip do PCI error slot reset during RAS recovery SungHwan Jung (2): platform/x86: acer-wmi: Add support for Acer PH16-71 platform/x86: acer-wmi: Add predator_v4 module parameter Sviatoslav Harasymchuk (1): ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Tom Zanussi (1): crypto: iaa - Fix async_disable descriptor leak Tony Lindgren (1): drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vignesh Raman (1): drm/ci: uprev mesa version: fix kdl commit fetch Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Vladimir Oltean (1): net: dsa: qca8k: put MDIO controller OF node if unavailable Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 2 months

1
1
0 0

Linux 6.6.27

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.27 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 18 +- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 net/bluetooth/hci_event.c | 3 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 151 files changed, 1134 insertions(+), 309 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Geliang Tang (1): selftests: mptcp: display simult in extra_msg Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (1): Linux 6.6.27 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (2): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 2 months

1
1
0 0

Linux 6.1.86

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.86 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/x86/events/amd/lbr.c | 6 - block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 + drivers/bus/mhi/host/pm.c | 20 +++ drivers/cpufreq/cpufreq.c | 17 ++- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++ drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/infiniband/core/cm.c | 20 +++ drivers/input/rmi4/rmi_driver.c | 6 - drivers/input/touchscreen/imagis.c | 20 +-- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/scsi/scsi_lib.c | 52 +++++----- drivers/scsi/sd.c | 4 drivers/soundwire/dmi-quirks.c | 8 + drivers/thermal/thermal_of.c | 12 +- drivers/thunderbolt/quirks.c | 14 ++ drivers/thunderbolt/tb.c | 49 +++++++++ drivers/thunderbolt/tb.h | 4 drivers/tty/n_gsm.c | 3 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 + fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 ++ include/linux/sunrpc/sched.h | 2 include/scsi/scsi_device.h | 51 ++------- include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +++- kernel/dma/direct.c | 9 - kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 net/mpls/mpls_gso.c | 3 net/netfilter/nf_tables_api.c | 47 ++++++--- net/smc/smc_pnet.c | 10 + scripts/gcc-plugins/stackleak_plugin.c | 2 sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/intel/boards/sof_sdw.c | 11 ++ sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 87 files changed, 544 insertions(+), 224 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (1): virtio: reenable config if freezing device failed David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (3): Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Revert "scsi: core: Add struct for args to execution functions" Linux 6.1.86 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (1): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): bnx2x: Fix firmware version string character counts randomize_kstack: Improve entropy diffusion Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Martin K. Petersen (1): scsi: sd: usb_storage: uas: Access media prior to querying device properties Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (1): Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 2 months

1
1
0 0

Linux 5.15.155

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.155 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++ arch/x86/mm/pat/memtype.c | 49 +++++++--- block/blk-stat.c | 2 drivers/acpi/cppc_acpi.c | 27 ----- drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/cpuidle/driver.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/infiniband/core/cm.c | 20 +++- drivers/input/rmi4/rmi_driver.c | 6 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 - drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 - drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/tty/n_gsm.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 +- fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 - fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 -- include/linux/randomize_kstack.h | 2 include/linux/sunrpc/sched.h | 2 include/uapi/linux/input-event-codes.h | 1 kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 mm/memory.c | 4 net/dsa/dsa2.c | 25 +---- net/netfilter/nf_tables_api.c | 47 +++++++-- net/smc/smc_pnet.c | 10 ++ scripts/gcc-plugins/stackleak_plugin.c | 6 + sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 56 files changed, 321 insertions(+), 145 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (2): Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses" Linux 5.15.155 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text randomize_kstack: Improve entropy diffusion Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vladimir Oltean (1): net: dsa: fix panic when DSA master device unbinds on shutdown Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment

1 year, 2 months

1
1
0 0

Linux 5.10.215

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.215 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 27 - Documentation/block/queue-sysfs.rst | 7 Documentation/x86/mds.rst | 38 + Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/riscv/include/asm/uaccess.h | 4 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 18 arch/x86/Makefile | 8 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 59 -- arch/x86/entry/entry_64.S | 10 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 5 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/irqflags.h | 1 arch/x86/include/asm/msr-index.h | 10 arch/x86/include/asm/nospec-branch.h | 47 + arch/x86/include/asm/processor.h | 15 arch/x86/include/asm/ptrace.h | 5 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/segment.h | 30 - arch/x86/include/asm/setup.h | 1 arch/x86/include/asm/stackprotector.h | 79 --- arch/x86/include/asm/suspend_32.h | 12 arch/x86/kernel/Makefile | 1 arch/x86/kernel/asm-offsets_32.c | 5 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 245 ++++++---- arch/x86/kernel/cpu/common.c | 64 ++ arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/doublefault_32.c | 4 arch/x86/kernel/head64.c | 9 arch/x86/kernel/head_32.S | 18 arch/x86/kernel/head_64.S | 24 arch/x86/kernel/nmi.c | 3 arch/x86/kernel/setup_percpu.c | 1 arch/x86/kernel/tls.c | 8 arch/x86/kvm/cpuid.h | 2 arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 12 arch/x86/kvm/x86.c | 5 arch/x86/lib/insn-eval.c | 4 arch/x86/lib/retpoline.S | 6 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat/memtype.c | 50 +- arch/x86/platform/pvh/head.S | 14 arch/x86/power/cpu.c | 6 arch/x86/xen/enlighten_pv.c | 1 block/blk-settings.c | 41 + block/blk-stat.c | 2 block/blk-sysfs.c | 8 block/ioctl.c | 11 drivers/accessibility/speakup/synth.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 - drivers/base/cpu.c | 8 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/ttm/ttm_memory.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_binding.c | 20 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 92 ++- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 11 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_mob.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_so.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 50 -- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/hwmon/amc6821.c | 11 drivers/infiniband/core/cm.c | 20 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/intel/i40e/i40e_main.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/neterion/vxge/vxge-config.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 + drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvme/host/pci.c | 3 drivers/nvmem/meson-efuse.c | 25 - drivers/of/dynamic.c | 12 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/pci-driver.c | 23 drivers/pci/pci.c | 6 drivers/pci/pci.h | 17 drivers/pci/pcie/Makefile | 2 drivers/pci/pcie/dpc.c | 15 drivers/pci/pcie/err.c | 33 + drivers/pci/pcie/rcec.c | 59 ++ drivers/pci/probe.c | 7 drivers/pci/quirks.c | 100 ++++ drivers/pci/setup-res.c | 8 drivers/phy/tegra/xusb.c | 13 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/touchscreen_dmi.c | 9 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 102 +--- drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/sd.c | 7 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 +++- drivers/staging/comedi/drivers/comedi_test.c | 30 + drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/tty/n_gsm.c | 3 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/sc16is7xx.c | 15 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 +- drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 53 +- drivers/usb/host/sl811-hcd.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 42 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++--- drivers/vfio/platform/vfio_platform_irq.c | 106 ++-- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 - fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 22 fs/ext4/resize.c | 3 fs/ext4/super.c | 12 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nfs/direct.c | 11 fs/nfs/write.c | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 fs/vboxsf/super.c | 3 include/linux/blkdev.h | 15 include/linux/cpu.h | 2 include/linux/device.h | 1 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/nfs_fs.h | 1 include/linux/objtool.h | 8 include/linux/pci.h | 6 include/linux/phy/tegra/xusb.h | 2 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/udp.h | 28 + include/linux/vfio.h | 2 include/net/cfg802154.h | 1 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 2 io_uring/io_uring.c | 2 kernel/bounds.c | 2 kernel/bpf/verifier.c | 5 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 63 +- kernel/time/timer.c | 164 +++--- kernel/trace/ring_buffer.c | 193 ++++--- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 13 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 + net/bluetooth/hci_event.c | 25 + net/bridge/netfilter/ebtables.c | 6 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 13 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 3 net/netfilter/nf_tables_api.c | 74 ++- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/smc/smc_pnet.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 scripts/dummy-tools/gcc | 6 scripts/gcc-x86_32-has-stack-protector.sh | 6 scripts/kernel-doc | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/include/linux/objtool.h | 8 tools/lib/perf/evlist.c | 18 tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 + 334 files changed, 3242 insertions(+), 1521 deletions(-) Alan Stern (3): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in usb_deauthorize_interface() Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (7): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Amey Narkhede (1): PCI: Cache PCIe Device Capabilities register Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Andy Lutomirski (1): x86/stackprotector/32: Make the canary into a regular percpu variable Antoine Tenart (2): udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: do not accept non-tunnel GSO skbs landing in a tunnel Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): staging: vc04_services: changen strncpy() to strscpy_pad() dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Bikash Hazarika (2): scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Bjorn Helgaas (1): PCI: Work around Intel I210 ROM BAR overlap defect Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (5): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (2): usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian König (2): drm/vmwgfx: stop using ttm_bo_create v2 drm/vmwgfx: switch over to the new pin interface v2 Christophe JAILLET (2): slimbus: core: Remove usage of the deprecated ida_simple_xx() API vboxsf: Avoid an spurious warning if load_nls_xxx() fails Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (2): block: introduce zone_write_granularity limit block: Clear zone limits for a non-zoned stacked queue Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (2): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Linux 5.10.215 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Hariprasad Kelam (1): Octeontx2-af: fix pause frame configuration in GMP mode Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (2): serial: max310x: fix NULL pointer dereference in I2C instantiation serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (4): drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jens Axboe (1): io_uring: ensure '0' is returned on file registration success Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Hovold (1): arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jon Hunter (1): usb: gadget: tegra-xudc: Use dev_err_probe() Josef Bacik (1): nfs: fix UAF in direct writes Josh Poimboeuf (1): objtool: Add asm version of STACK_FRAME_NON_STANDARD Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lee Jones (1): drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Michael Roth (1): x86/head/64: Re-enable stack protection Michal Kubecek (1): kbuild: dummy-tools: adjust to stricter stackprotector check Mika Westerberg (3): PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Min Li (1): block: add check that partition length needs to be aligned with block size Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (4): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS hexagon: vmlinux.lds.S: handle attributes section Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Pawan Gupta (11): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Peter Collingbourne (1): serial: Lock console when calling into driver before registration Petr Mladek (1): printk/console: Split out code that enables default console Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Wen (1): x86/srso: Add SRSO mitigation for Hygon processors Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (3): scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Salvatore Bonaccorso (1): scripts: kernel-doc: Fix syntax error due to undeclared args variable Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (3): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sean V Kelley (2): PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI/ERR: Clear AER status only when we control AER SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shin'ichiro Kawasaki (1): scsi: sd: Fix wrong zone_write_granularity value during revalidate Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (5): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll net: hns3: tracing: fix hclgevf trace event strings Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Venkata Lakshmi Narayana Gubba (1): arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xu Wang (1): vxge: remove unnecessary cast in kfree() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (2): drm/vmwgfx: Fix some static checker warnings drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Yi (2): ubi: correct the calculation of fastmap size ext4: add a hint for block bitmap corrupt state in mb_groups Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 2 months

1
1
0 0

Linux 5.4.274

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.274 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeature.h | 6 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/mmu_context.h | 9 arch/x86/include/asm/msr-index.h | 2 arch/x86/include/asm/nospec-branch.h | 7 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/unwind_hints.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 19 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 185 +++-- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/firmware/meson/meson_sm.c | 96 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvmem/meson-efuse.c | 45 - drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 40 - drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 2 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/vfio/pci/vfio_pci_intrs.c | 176 +++-- drivers/vfio/platform/vfio_platform_irq.c | 106 ++- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/firmware/meson/meson_sm.h | 15 include/linux/frame.h | 11 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/vfio.h | 2 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 47 - kernel/bounds.c | 2 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 164 ++-- kernel/trace/ring_buffer.c | 51 + mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 74 +- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/objtool/Documentation/stack-validation.txt | 8 tools/objtool/arch/x86/decode.c | 6 tools/objtool/check.c | 64 + tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 208 files changed, 2528 insertions(+), 1429 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (6): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): dm integrity: fix out-of-range warning staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (2): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlo Caione (1): firmware: meson_sm: Rework driver as a proper platform driver Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (3): fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (2): staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 5.4.274 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (3): drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Juergen Gross (1): x86/alternative: Don't call text_poke() in lazy TLB mode Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): ubifs: Set page uptodate in the correct place bounds: support non-power-of-two CONFIG_NR_CPUS Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (1): fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Rui Qi (1): x86/speculation: Support intra-function call validation Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (2): ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Shurong (1): firmware: meson_sm: fix to avoid potential NULL pointer dereference Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 2 months

1
1
0 0

Linux 4.19.312

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.312 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/msr-index.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 17 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 204 +++--- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-raid.c | 2 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 10 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 40 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 52 + drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 6 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/vfio/platform/vfio_platform_irq.c | 5 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 12 fs/exec.c | 1 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 9 include/soc/fsl/qman.h | 9 include/trace/events/timer.h | 17 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 77 +- kernel/events/core.c | 9 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 282 ++++++-- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock.c | 7 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 22 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 166 files changed, 2098 insertions(+), 1189 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (1): vfio/platform: Disable virqfds on cleanup Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Anna-Maria Gleixner (3): timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps timer/trace: Improve timer tracing timers: Prepare support for PREEMPT_RT Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (4): staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (1): x86/CPU/AMD: Update the Zenbleed microcode revisions Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (4): initramfs: factor out a helper to populate the initrd image fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (3): staging: mmal-vchiq: Avoid use of bool in structures staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): initramfs: fix populate_initrd_image() section mismatch Geliang Tang (1): mptcp: add sk_stop_timer_sync helper Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 4.19.312 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Holger Hoffstätte (1): loop: properly observe rotational flag of underlying device Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (2): drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (1): arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (1): ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Miklos Szeredi (1): fuse: don't unhash root Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 2 months

1
1
0 0

+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Fri, 12 Apr 2024 10:57:54 +0800 extend comment per Oscar Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2 +++ a/mm/memory-failure.c @@ -159,6 +159,10 @@ static int __page_handle_poison(struct p * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() * when hugetlb vmemmap optimization is enabled. This will break current lock * dependency chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic approach because + * we made sure that those pages cannot end up in any PCP list. Draining PCP lists + * expels those pages to the buddy system, but nothing guarantees that those pages + * do not get back to a PCP queue if we need to refill those. */ ret = dissolve_free_huge_page(page); if (!ret) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 2 months

1
0
0 0

[PATCH 1/3] drm/xe/vm: prevent UAF with asid based lookup

by Matthew Auld

The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index a196dbe65252..c5c26b3d1b76 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1581,6 +1581,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1596,24 +1606,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]); -- 2.44.0

1 year, 2 months

3
3
0 0

[PATCH 6.6 000/114] 6.6.27-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.27 release. There are 114 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.27-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 18 ++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/usb/gadget/function/uvc_video.c | 3 + drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +- 152 files changed, 1140 insertions(+), 318 deletions(-)

1 year, 2 months

11
125
0 0

[PATCH 6.1 00/83] 6.1.86-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.86 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.86-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.86-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Add struct for args to execution functions" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++++- arch/x86/events/amd/lbr.c | 6 ++- block/blk-stat.c | 2 +- drivers/acpi/sleep.c | 12 ----- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++-- drivers/bus/mhi/host/pm.c | 20 +++++++-- drivers/cpufreq/cpufreq.c | 17 ++++--- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++++ drivers/gpu/drm/vc4/vc4_plane.c | 5 +-- drivers/infiniband/core/cm.c | 20 ++++++++- drivers/input/rmi4/rmi_driver.c | 6 ++- drivers/input/touchscreen/imagis.c | 20 ++++----- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++-- drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +++--- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 ++++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++- drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 ++++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 ++- drivers/platform/x86/touchscreen_dmi.c | 9 ++++ drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++- drivers/scsi/scsi_lib.c | 52 +++++++++++----------- drivers/scsi/sd.c | 4 +- drivers/soundwire/dmi-quirks.c | 8 ++++ drivers/thermal/thermal_of.c | 12 +++-- drivers/thunderbolt/quirks.c | 14 ++++++ drivers/thunderbolt/tb.c | 49 +++++++++++++++++++- drivers/thunderbolt/tb.h | 4 ++ drivers/tty/n_gsm.c | 3 ++ drivers/usb/gadget/function/uvc_video.c | 3 ++ drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +-- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 ++++- fs/btrfs/export.c | 9 +++- fs/btrfs/send.c | 10 ++++- fs/btrfs/volumes.c | 12 ++++- fs/ext4/mballoc.c | 5 ++- fs/ext4/super.c | 12 +++++ fs/isofs/inode.c | 18 +++++++- fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 ++--- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++++ include/linux/sunrpc/sched.h | 2 +- include/scsi/scsi_device.h | 51 ++++++--------------- include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 +++++++---- kernel/dma/direct.c | 9 ++-- kernel/panic.c | 8 ++++ kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 +++--- net/mpls/mpls_gso.c | 3 ++ net/netfilter/nf_tables_api.c | 47 ++++++++++++++----- net/smc/smc_pnet.c | 10 +++++ scripts/gcc-plugins/stackleak_plugin.c | 2 + sound/firewire/amdtp-stream.c | 12 +++-- sound/firewire/amdtp-stream.h | 4 ++ sound/soc/intel/boards/sof_sdw.c | 11 +++++ sound/soc/soc-core.c | 3 ++ tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++++--- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 88 files changed, 552 insertions(+), 231 deletions(-)

1 year, 2 months

12
97
0 0

[to-be-updated] bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been removed from the -mm tree. Its filename was bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are

1 year, 2 months

1
0
0 0

+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been added to the -mm mm-hotfixes-unstable branch. Its filename is bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch

1 year, 2 months

1
0
0 0

[PATCH 6.8 000/143] 6.8.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.6 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.6-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.6-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Borislav Petkov (AMD) <bp(a)alien8.de> x86/vdso: Fix rethunk patching for vdso-image-x32.o too Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Dave Airlie <airlied(a)gmail.com> nouveau: fix devinit paths to only handle display on GSP. Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe David McFarland <corngood(a)gmail.com> platform/x86/intel/hid: Don't wake on 5-button releases Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Ahmad Rehman <Ahmad.Rehman(a)amd.com> drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_of: Drop quirk fot NPCM from 8250_port Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: refactor the check for a valid buffer in the pump worker Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Luca Weiss <luca.weiss(a)fairphone.com> usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add predator_v4 module parameter SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add support for Acer PH16-71 Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix async_disable descriptor leak Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Josh Poimboeuf <jpoimboe(a)kernel.org> x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Tony Lindgren <tony(a)atomide.com> drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Brent Lu <brent.lu(a)intel.com> ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Disable idle reallow as part of command/gpint execution Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Eric Chanudet <echanude(a)redhat.com> scsi: ufs: qcom: Avoid re-init quirk when gears match Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Skip do PCI error slot reset during RAS recovery Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: uprev mesa version: fix kdl commit fetch Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Jakub Kicinski <kuba(a)kernel.org> netdev: let netlink core handle -EMSGSIZE errors Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Sviatoslav Harasymchuk <sviatoslav.harasymchuk(a)gmail.com> ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add new PCI device id and CNVI John Ogness <john.ogness(a)linutronix.de> dump_stack: Do not get cpu_sync for panic CPU John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: qca8k: put MDIO controller OF node if unavailable Hui Liu <quic_huliu(a)quicinc.com> arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: validate RX tag for RXQ and RPQ Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++++++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 +++++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/entry/vdso/Makefile | 10 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/resource.c | 7 ++ drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 38 +++++++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 ++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +- drivers/gpu/drm/amd/display/dc/dc.h | 1 + drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/ci/gitlab-ci.yml | 14 +++- drivers/gpu/drm/ci/test.yml | 1 + drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 ++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 20 +++++ drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dsa/qca/qca8k-8xxx.c | 3 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 +++++++++- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 +++- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.c | 60 +++++++++++++-- drivers/net/wireless/realtek/rtw89/pci.h | 6 +- drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 + drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 + drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/acer-wmi.c | 17 ++++- drivers/platform/x86/intel/hid.c | 7 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/thunderbolt/tunnel.c | 16 ++-- drivers/tty/serial/8250/8250_of.c | 44 ++++++++++- drivers/tty/serial/8250/8250_port.c | 24 ------ drivers/ufs/host/ufs-qcom.c | 13 +++- drivers/usb/gadget/function/uvc_video.c | 10 ++- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/printk.h | 2 + include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/internal.h | 1 - kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- lib/dump_stack.c | 16 +++- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/core/netdev-genl.c | 15 +--- net/core/page_pool_user.c | 2 - net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---------- sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 192 files changed, 1536 insertions(+), 459 deletions(-)

1 year, 2 months

11
154
0 0

[PATCH v2] arm64: dts: qcom: sa8155p-adp: fix SDHC2 configuration

by Volodymyr Babchuk

There are multiple issues with SDHC2 configuration for SA8155P-ADP, which prevent use of SDHC2 and causes issues with ethernet: - Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC TX. If sdhc driver probes after dwmac driver, it reconfigures gpio4 and this breaks Ethernet MAC. - pinctrl configuration mentions gpio96 as CD pin. It seems it was copied from some SM8150 example, because as mentioned above, correct CD pin is gpio4 on PMM8155AU_1. - L13C voltage regulator limits minimal voltage to 2.504V, which prevents use 1.8V to power SD card, which in turns does not allow card to work in UHS mode. This patch fixes all the mentioned issues. Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card") Cc: stable(a)vger.kernel.org Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> --- In v2: - Added "Fixes:" tag - CCed stable ML - Fixed pinctrl configuration - Extended voltage range for L13C voltage regulator --- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 32 +++++++++++------------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts index 5e4287f8c8cd1..b9d56bda96759 100644 --- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts +++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts @@ -283,7 +283,7 @@ vreg_l12c_1p808: ldo12 { vreg_l13c_2p96: ldo13 { regulator-name = "vreg_l13c_2p96"; - regulator-min-microvolt = <2504000>; + regulator-min-microvolt = <1800000>; regulator-max-microvolt = <2960000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; }; @@ -384,10 +384,10 @@ &remoteproc_cdsp { &sdhc_2 { status = "okay"; - cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>; + cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>; pinctrl-names = "default", "sleep"; - pinctrl-0 = <&sdc2_on>; - pinctrl-1 = <&sdc2_off>; + pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>; + pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>; vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */ bus-width = <4>; @@ -505,13 +505,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <16>; /* 16 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; sdc2_off: sdc2-off-state { @@ -532,13 +525,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <2>; /* 2 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; usb2phy_ac_en1_default: usb2phy-ac-en1-default-state { @@ -604,3 +590,13 @@ phy-reset-pins { }; }; }; + +&pmm8155au_1_gpios { + pmm8155au_1_sdc2_cd: pmm8155au_1-sdc2-cd { + pins = "gpio4"; + function = "normal"; + input-enable; + bias-pull-up; + power-source = <0>; + }; +}; -- 2.44.0

1 year, 2 months

3
4
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 0216f63a366b..d0795b5fab46 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 001fe047bd5d..35717359d3ca 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.25.1

1 year, 2 months

2
2
0 0

[PATCH 1/3] tracing/kprobes: Fix symbol counting logic by looking at modules as well

by Maxime MERE

From: Andrii Nakryiko <andrii(a)kernel.org> Recent changes to count number of matching symbols when creating a kprobe event failed to take into account kernel modules. As such, it breaks kprobes on kernel module symbols, by assuming there is no match. Fix this my calling module_kallsyms_on_each_symbol() in addition to kallsyms_on_each_match_symbol() to perform a proper counting. Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/ Cc: Francis Laniel <flaniel(a)linux.microsoft.com> Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Song Liu <song(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- kernel/trace/trace_kprobe.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 95c5b0668cb7..e834f149695b 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -714,14 +714,30 @@ static int count_symbols(void *data, unsigned long unused) return 0; } +struct sym_count_ctx { + unsigned int count; + const char *name; +}; + +static int count_mod_symbols(void *data, const char *name, unsigned long unused) +{ + struct sym_count_ctx *ctx = data; + + if (strcmp(name, ctx->name) == 0) + ctx->count++; + + return 0; +} + static unsigned int number_of_same_symbols(char *func_name) { - unsigned int count; + struct sym_count_ctx ctx = { .count = 0, .name = func_name }; + + kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count); - count = 0; - kallsyms_on_each_match_symbol(count_symbols, func_name, &count); + module_kallsyms_on_each_symbol(NULL, count_mod_symbols, &ctx); - return count; + return ctx.count; } static int __trace_kprobe_create(int argc, const char *argv[]) -- 2.25.1

1 year, 2 months

2
2
0 0

[for-linus][PATCH 4/4] ring-buffer: Only update pages_touched when a new page is touched

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } } -- 2.43.0

1 year, 2 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix posix_timers ksft_print_msg() warning

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: e4a6bceac98eba3c00e874892736b34ea5fdaca3 Gitweb: https://git.kernel.org/tip/e4a6bceac98eba3c00e874892736b34ea5fdaca3 Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:28 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix posix_timers ksft_print_msg() warning After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") the following warning occurs when building with an older gcc: posix_timers.c:250:2: warning: format not a string literal and no format arguments [-Wformat-security] 250 | ksft_print_msg(errmsg); | ^~~~~~~~~~~~~~ Fix this up by changing it to ksft_print_msg("%s", errmsg) Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Justin Stitt <justinstitt(a)google.com> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-1-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index d86a0e0..348f471 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -247,7 +247,7 @@ static int check_timer_distribution(void) ksft_test_result_skip("check signal distribution (old kernel)\n"); return 0; err: - ksft_print_msg(errmsg); + ksft_print_msg("%s", errmsg); return -1; }

1 year, 2 months

1
0
0 0

[tip: timers/urgent] selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn

by tip-bot2 for Nathan Chancellor

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: f7d5bcd35d427daac7e206b1073ca14f5db85c27 Gitweb: https://git.kernel.org/tip/f7d5bcd35d427daac7e206b1073ca14f5db85c27 Author: Nathan Chancellor <nathan(a)kernel.org> AuthorDate: Thu, 11 Apr 2024 11:45:40 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()"), clang warns: tools/testing/selftests/timers/../kselftest.h:398:6: warning: variable 'major' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized] 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:401:9: note: uninitialized use occurs here 401 | return major > min_major || (major == min_major && minor >= min_minor); | ^~~~~ tools/testing/selftests/timers/../kselftest.h:398:6: note: remove the '||' if its condition is always false 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:395:20: note: initialize the variable 'major' to silence this warning 395 | unsigned int major, minor; | ^ | = 0 This is a false positive because if uname() fails, ksft_exit_fail_msg() will be called, which unconditionally calls exit(), a noreturn function. However, clang does not know that ksft_exit_fail_msg() will call exit() at the point in the pipeline that the warning is emitted because inlining has not occurred, so it assumes control flow will resume normally after ksft_exit_fail_msg() is called. Make it clear to clang that all of the functions that call exit() unconditionally in kselftest.h are noreturn transitively by marking them explicitly with '__attribute__((__noreturn__))', which clears up the warning above and any future warnings that may appear for the same reason. Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Reported-by: John Stultz <jstultz(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240411-mark-kselftest-exit-funcs-noreturn-v1-1-… Closes: https://lore.kernel.org/all/20240410232637.4135564-2-jstultz@google.com/ --- tools/testing/selftests/kselftest.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 973b18e..0591974 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -80,6 +80,9 @@ #define KSFT_XPASS 3 #define KSFT_SKIP 4 +#ifndef __noreturn +#define __noreturn __attribute__((__noreturn__)) +#endif #define __printf(a, b) __attribute__((format(printf, a, b))) /* counters */ @@ -300,13 +303,13 @@ void ksft_test_result_code(int exit_code, const char *test_name, va_end(args); } -static inline int ksft_exit_pass(void) +static inline __noreturn int ksft_exit_pass(void) { ksft_print_cnts(); exit(KSFT_PASS); } -static inline int ksft_exit_fail(void) +static inline __noreturn int ksft_exit_fail(void) { ksft_print_cnts(); exit(KSFT_FAIL); @@ -333,7 +336,7 @@ static inline int ksft_exit_fail(void) ksft_cnt.ksft_xfail + \ ksft_cnt.ksft_xskip) -static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) { int saved_errno = errno; va_list args; @@ -348,19 +351,19 @@ static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) exit(KSFT_FAIL); } -static inline int ksft_exit_xfail(void) +static inline __noreturn int ksft_exit_xfail(void) { ksft_print_cnts(); exit(KSFT_XFAIL); } -static inline int ksft_exit_xpass(void) +static inline __noreturn int ksft_exit_xpass(void) { ksft_print_cnts(); exit(KSFT_XPASS); } -static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_skip(const char *msg, ...) { int saved_errno = errno; va_list args;

1 year, 2 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix abs() warning in posix_timers test

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Gitweb: https://git.kernel.org/tip/ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:30 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix abs() warning in posix_timers test Building with clang results in the following warning: posix_timers.c:69:6: warning: absolute value function 'abs' given an argument of type 'long long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { ^ So switch to using llabs() instead. Fixes: 0bc4b0cf1570 ("selftests: add basic posix timers selftests") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-3-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index 348f471..c001dd7 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -66,7 +66,7 @@ static int check_diff(struct timeval start, struct timeval end) diff = end.tv_usec - start.tv_usec; diff += (end.tv_sec - start.tv_sec) * USECS_PER_SEC; - if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { + if (llabs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { printf("Diff too high: %lld..", diff); return -1; }

1 year, 2 months

1
0
0 0

[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6

by Johan Hovold

Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 2 ++ drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h | 1 + drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h | 1 + 3 files changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index a03b6f6881df..e48e87c3cb05 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4 -- 2.43.2

1 year, 2 months

5
4
0 0

[PATCH RESEND] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..4524ee944df0 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_mem(size_t size) static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ -- 2.39.2

1 year, 2 months

3
2
0 0

RE: [PATCH 6.8 000/143] 6.8.6-rc1 review

by Chris Rankin

The SCSI sg driver oopsed on my 6.8.4 kernel, and I noticed that a patch (presumably) to fix this was pulled from 6.8.5. However, I also noticed this email: >> Reverted this patch and I couldn't see the reposted warning. >> scsi: sg: Avoid sg device teardown race >> [ Upstream commit 27f58c04a8f438078583041468ec60597841284d ] > > Fix is here: > > https://git.kernel.org/mkp/scsi/c/d4e655c49f47 Is this unsuitable for 6.8.6 please? Thanks, Chris

1 year, 2 months

3
7
0 0

[PATCH 6.8 000/399] 6.8.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.3 release. There are 399 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.3-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Drop duplicate ID Dave Hansen <dave.hansen(a)linux.intel.com> Revert "x86/bugs: Use fixed addressing for VERW operand" Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use fixed addressing for VERW operand Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: fix IPX enablement Baoquan He <bhe(a)redhat.com> crash: use macro to add crashk_res into iomem early for specific arch Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of the ha->vp_map pointer Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Update PD of Type-C port upon pd_set Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Correct port source pdo array in pd_set callback Xu Yang <xu.yang_2(a)nxp.com> usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Properly set system wakeup Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> scsi: ufs: qcom: Provide default cycles_in_1us value Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Make wake once of ring_buffer_wait() more robust Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Make sure migration file isn't accessed after reset Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Yongzhi Liu <hyperlyzcs(a)gmail.com> usb: misc: ljca: Fix double free in error handling path Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> mtd: spinand: Add support for 5-byte IDs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Roman Li <roman.li(a)amd.com> drm/amd/display: Fix bounds check for dcn35 DcfClocks Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Jonathon Hall <jonathon.hall(a)puri.sm> drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsb: Fix DSB vblank waits when using VRR Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Generate VRR "safe window" for DSB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/hwmon: Fix locking inversion in sysfs getter Xi Liu <xi.liu(a)amd.com> drm/amd/display: Set DCN351 BB and IP the same as DCN35 George Shen <george.shen(a)amd.com> drm/amd/display: Remove MPC rate control logic from DCN30 and above Johannes Weiner <hannes(a)cmpxchg.org> drm/amdgpu: fix deadlock while reading mqd from debugfs Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Matthew Auld <matthew.auld(a)intel.com> drm/xe/query: fix gt_id bounds check Christian Marangi <ansuelsmth(a)gmail.com> net: phy: qcom: at803x: fix kernel panic with at8031_probe Herve Codina <herve.codina(a)bootlin.com> net: wan: framer: Add missing static inline qualifiers Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Daniel Lezcano <daniel.lezcano(a)linaro.org> Revert "thermal: core: Don't update trip points inside the hysteresis range" Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Liming Sun <limings(a)nvidia.com> sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Edward Liaw <edliaw(a)google.com> selftests/mm: fix ARM related issue with fork after pthread_create Edward Liaw <edliaw(a)google.com> selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Johannes Weiner <hannes(a)cmpxchg.org> mm: cachestat: fix two shmem bugs Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Select I/O-memory framebuffer ops for SBus Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Harry Wentland <harry.wentland(a)amd.com> Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: disable MLO for the time being Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: add a flag to disable wireless extensions Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix use-after-free in do_zone_finish() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Tavian Barnes <tavianator(a)tavianator.com> btrfs: fix race in read_extent_buffer_pages() Anand Jain <anand.jain(a)oracle.com> btrfs: validate device maj:min during open Carlos Maiolino <cem(a)kernel.org> tmpfs: fix race on handling dquot rbtree Zev Weiss <zev(a)bewilderbeest.net> ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zev Weiss <zev(a)bewilderbeest.net> prctl: generalize PR_SET_MDWE support check to be per-arch Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Johannes Weiner <hannes(a)cmpxchg.org> mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: add locks to kcontrols Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove digital gain kcontrol Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix nr_cpus < nr_iaa case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Include the PLL name in the debug messages Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Replace a memset() with zero initialization Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Switch to generalized quirk table Anand Jain <anand.jain(a)oracle.com> btrfs: do not skip re-registration for the mounted device Filipe Manana <fdmanana(a)suse.com> btrfs: fix warning messages not printing interval at unpin_extent_range() David Sterba <dsterba(a)suse.com> btrfs: handle errors returned from unpin_extent_cache() Vitaly Chikunov <vt(a)altlinux.org> selftests/mm: Fix build with _FORTIFY_SOURCE Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Thomas Gleixner <tglx(a)linutronix.de> x86/mpparse: Register APIC address only once KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present Will Deacon <will(a)kernel.org> swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Will Deacon <will(a)kernel.org> swiotlb: Fix double-allocation of slots due to broken alignment handling André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Yongqiang Liu <liuyongqiang13(a)huawei.com> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Ard Biesheuvel <ardb(a)kernel.org> ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8821cu: Fix connection failure Linus Torvalds <torvalds(a)linux-foundation.org> Fix memory leak in posix_clock_open() Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "add new YC platform variant (0x63) support" Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Eric Biggers <ebiggers(a)google.com> Revert "crypto: pkcs7 - remove sha1 support" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Audra Mitchell <audra(a)redhat.com> workqueue: Shorten events_freezable_power_efficient name Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Revert Remove pixle rate limit for subvp Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Remove pixle rate limit for subvp Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: clear the EDID property on failures Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: use drm_bridge_edid_read() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: validate btrfs_qgroup_inherit parameter David Sterba <dsterba(a)suse.com> btrfs: add helper to get fs_info from struct inode pointer David Sterba <dsterba(a)suse.com> btrfs: add helpers to get fs_info from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: add helpers to get inode from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: replace sb::s_blocksize by fs_info::sectorsize Matthew Wilcox (Oracle) <willy(a)infradead.org> btrfs: add set_folio_extent_mapped() helper Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for exiting idle in DC Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Unify optimize_required flags and VRR adjustments Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add per-vendor feature detection callback Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Allen Pan <allen.pan(a)amd.com> drm/amd/display: Add a dc_state NULL check in dc_state_release Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Implement wait_for_odm_update_pending_complete Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Lock all enabled otg pipes even with no planes ChunTao Tso <chuntao.tso(a)amd.com> drm/amd/display: Amend coasting vtotal for replay low hz Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle check for shared firmware state Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Init DPPCLK from SMU on dcn32 Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: Override min required DCFCLK in dml1_validate Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the validity of overdiver power limit Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change default size for dummy plane in DML2 Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Yuli Wang <wangyuli(a)uniontech.com> LoongArch/crypto: Clean up useless assignment operations Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Properly initialize cxl_poison region name Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> drm/i915: Add missing ; to __assign_str() macros in tracepoint code Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Dragos Tatulea <dtatulea(a)nvidia.com> net: esp: fix bad handling of pages from page_pool Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Jens Axboe <axboe(a)kernel.dk> io_uring/waitid: always remove waitid entry for cancel all Jens Axboe <axboe(a)kernel.dk> io_uring/futex: always remove futex entry for cancel all Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Constrain even more when continuous reads are enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure all continuous terms are always in sync Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Add a helper for calculating a page index Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix and simplify again the continuous read derivations Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Shyam Prasad N <sprasad(a)microsoft.com> cifs: reduce warning log level for server not advertising interfaces Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure server interfaces are requested only for SMB3+ Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Paul Moore <paul(a)paul-moore.com> lsm: handle the NULL buffer case in lsm_fill_user_ctx() Casey Schaufler <casey(a)schaufler-ca.com> lsm: use 32-bit compatible data types in LSM syscalls Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Ley Foon Tan <leyfoon.tan(a)starfivetech.com> clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lkb refcounting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/ring-buffer: Fix wait_on_pipe() race Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Pavel Begunkov <asml.silence(a)gmail.com> io_uring: clean rings on NO_MMAP alloc fail Jens Axboe <axboe(a)kernel.dk> io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Change vsec offset to u64 Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: replace generic_fillattr with vfs_getattr Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Avoid warning splat at shutdown Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Frank Wunderlich <frank-w(a)public-files.de> thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Steve French <stfrench(a)microsoft.com> cifs: allow changing password during remount Bharath SM <bharathsm(a)microsoft.com> cifs: prevent updating file size from server if we have a read/write lease Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom: Enable BDF to SID translation properly Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Benjamin Coddington <bcodding(a)redhat.com> NFS: Read unlock folio on nfs_page_create_from_folio() error Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot io-wq checks Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Johannes Berg <johannes.berg(a)intel.com> debugfs: fix wait/cancellation handling during remove Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_queue_proc modifying req->flags Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot read defer taskrun cqe posting Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Fix kernel panic on interface rename trig notify Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Bluetooth: btnxpuart: Fix btnxpuart_close Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Yu Kuai <yukuai3(a)huawei.com> dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape Yu Kuai <yukuai3(a)huawei.com> dm-raid: add a new helper prepare_suspend() in md_personality Yu Kuai <yukuai3(a)huawei.com> md/dm-raid: don't call md_reap_sync_thread() directly Yu Kuai <yukuai3(a)huawei.com> dm-raid: really frozen sync_thread during suspend Yu Kuai <yukuai3(a)huawei.com> md: add a new helper reshape_interrupted() Yu Kuai <yukuai3(a)huawei.com> md: export helper md_is_rdwr() Yu Kuai <yukuai3(a)huawei.com> md: export helpers to stop sync_thread Yu Kuai <yukuai3(a)huawei.com> md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Akira Yokosawa <akiyks(a)gmail.com> docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: only stop transmit when HW fifo is empty Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: Disable wakeup at remove Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Miklos Szeredi <mszeredi(a)redhat.com> fuse: replace remaining make_bad_inode() with fuse_make_bad() Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Always clear the save/restore FDs on reset Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Akira Yokosawa <akiyks(a)gmail.com> docs: Restore "smart quotes" for quotes Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: use mask for write_enable bitfield Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Breno Leitao <leitao(a)debian.org> x86/nmi: Fix the inverse "in NMI handler" check Heming Zhao <heming.zhao(a)suse.com> md/md-bitmap: fix incorrect usage for sb_index Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mfd: twl: Select MFD_CORE Bernd Schubert <bschubert(a)ddn.com> fuse: fix VM_MAYSHARE and direct_io_allow_mmap Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - change SLAs cleanup flow at shutdown Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix a register bug Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix locking in TPMI RAPL Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix a NULL pointer dereference Zhang Rui <rui.zhang(a)intel.com> thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Li Lingfeng <lilingfeng3(a)huawei.com> md: use RCU lock to protect traversal in md_spares_need_change() Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Marek Vasut <marex(a)denx.de> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix the lifetime of the bo cursor memory Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: avoid invalid list operation when vendor attach fails Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Unmap the surface before resetting it on a plane state ------------- Diffstat: Documentation/Makefile | 4 +- Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/x86/amd-memory-encryption.rst | 16 +- Documentation/conf.py | 6 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Makefile | 4 +- arch/arm/Kconfig | 4 +- arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +- arch/arm/include/asm/mman.h | 14 ++ arch/arm/kernel/Makefile | 2 - arch/arm/kernel/iwmmxt.S | 51 ++-- arch/arm/kernel/pj4-cp0.c | 135 ----------- arch/arm/mm/flush.c | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/crypto/crc32-loongarch.c | 2 - arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/loongarch/include/asm/qspinlock.h | 18 -- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/include/asm/mman.h | 14 ++ arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/include/asm/parport.h | 259 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 7 +- arch/x86/events/amd/core.c | 20 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 8 +- arch/x86/include/asm/crash_core.h | 2 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/nospec-branch.h | 21 +- arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/nmi.c | 2 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/lib/retpoline.S | 11 +- arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 7 +- block/blk-mq.c | 9 +- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- crypto/asymmetric_keys/mscode_parser.c | 3 + crypto/asymmetric_keys/pkcs7_parser.c | 4 + crypto/asymmetric_keys/public_key.c | 3 +- crypto/asymmetric_keys/signature.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 8 + crypto/testmgr.h | 80 +++++++ drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 13 -- drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btnxpuart.c | 3 + drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/qcom/camcc-sc8280xp.c | 21 ++ drivers/clk/qcom/gcc-ipq5018.c | 3 + drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-ipq9574.c | 1 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/timer-riscv.c | 3 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 10 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +- drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +- drivers/cxl/core/trace.h | 14 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 1 + drivers/gpio/gpiolib-cdev.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 34 +-- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 2 +- .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 127 ++++++++-- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 18 ++ drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 + drivers/gpu/drm/amd/display/dc/dc.h | 2 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 - drivers/gpu/drm/amd/display/dc/dc_types.h | 4 +- drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 ++ drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 + drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +++-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 +- .../amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 + .../amd/display/dc/dml2/dml2_translation_helper.c | 24 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 28 ++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 3 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 53 ++--- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 ---- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 71 +++--- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 + .../gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 ---- drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 + .../drm/amd/display/dc/inc/hw/timing_generator.h | 1 + drivers/gpu/drm/amd/display/dc/inc/link.h | 4 +- .../dc/link/protocols/link_edp_panel_control.c | 4 +- .../dc/link/protocols/link_edp_panel_control.h | 4 +- .../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +- .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 8 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h | 1 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 3 + .../amd/display/dc/resource/dcn32/dcn32_resource.h | 3 + .../display/dc/resource/dcn321/dcn321_resource.c | 2 + drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../amd/display/modules/info_packet/info_packet.c | 13 +- .../drm/amd/display/modules/power/power_helpers.c | 2 +- .../drm/amd/display/modules/power/power_helpers.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 +-- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +- drivers/gpu/drm/display/drm_dp_helper.c | 7 + drivers/gpu/drm/drm_bridge.c | 46 +++- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 46 +++- drivers/gpu/drm/i915/display/intel_cursor.c | 4 +- drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 76 +++--- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 + drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++ drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/i915/i915_hwmon.c | 37 +-- drivers/gpu/drm/i915/i915_reg.h | 2 +- drivers/gpu/drm/i915/i915_vma.c | 50 +++- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 13 ++ drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +- drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/hwmon/amc6821.c | 11 + drivers/iio/adc/rockchip_saradc.c | 6 +- drivers/iommu/dma-iommu.c | 9 + drivers/irqchip/irq-renesas-rzg2l.c | 67 ++++-- drivers/leds/trigger/ledtrig-netdev.c | 4 +- drivers/md/dm-raid.c | 93 ++++++-- drivers/md/dm-snap.c | 4 +- drivers/md/md-bitmap.c | 9 +- drivers/md/md.c | 82 +++++-- drivers/md/md.h | 38 ++- drivers/md/raid5.c | 58 ++++- drivers/media/mc/mc-entity.c | 93 ++++++-- .../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/mfd/Kconfig | 1 + drivers/mfd/intel-lpss-pci.c | 28 ++- drivers/mfd/intel-lpss.c | 9 +- drivers/mfd/intel-lpss.h | 14 +- drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 87 ++++--- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/at803x.c | 4 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 + .../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++-- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw88/mac.c | 7 + drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++-- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 41 +++- drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/pinctrl/pinctrl-amd.c | 2 +- drivers/pinctrl/qcom/Kconfig | 2 +- drivers/platform/x86/intel/tpmi.c | 9 +- drivers/powercap/intel_rapl_common.c | 34 ++- drivers/powercap/intel_rapl_msr.c | 8 +- drivers/powercap/intel_rapl_tpmi.c | 15 ++ drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 23 +- drivers/scsi/sg.c | 4 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/thermal/devfreq_cooling.c | 2 +- .../int340x_thermal/processor_thermal_device.c | 8 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 8 +- drivers/thermal/intel/intel_tcc.c | 12 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +- drivers/thermal/mediatek/auxadc_thermal.c | 3 + drivers/thermal/thermal_trip.c | 19 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 38 ++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/core.c | 2 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-am62.c | 13 +- drivers/usb/dwc3/dwc3-pci.c | 2 - drivers/usb/dwc3/gadget.c | 10 + drivers/usb/dwc3/host.c | 11 + drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/misc/usb-ljca.c | 22 +- drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/tcpm.c | 6 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/usb/typec/ucsi/ucsi_glink.c | 14 ++ drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/pds/lm.c | 13 ++ drivers/vfio/pci/pds/lm.h | 1 + drivers/vfio/pci/pds/vfio_dev.c | 4 +- drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------ drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/video/fbdev/Kconfig | 3 + drivers/virtio/virtio.c | 4 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/compression.c | 8 +- fs/btrfs/defrag.c | 4 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/export.c | 2 +- fs/btrfs/extent_io.c | 61 +++-- fs/btrfs/extent_io.h | 1 + fs/btrfs/extent_map.c | 16 +- fs/btrfs/file.c | 14 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/fs.h | 11 + fs/btrfs/inode.c | 54 +++-- fs/btrfs/ioctl.c | 58 ++--- fs/btrfs/lzo.c | 4 +- fs/btrfs/props.c | 2 +- fs/btrfs/qgroup.c | 61 ++++- fs/btrfs/qgroup.h | 3 + fs/btrfs/reflink.c | 12 +- fs/btrfs/relocation.c | 2 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/send.c | 2 +- fs/btrfs/super.c | 2 +- fs/btrfs/volumes.c | 69 +++++- fs/btrfs/zoned.c | 14 +- fs/debugfs/inode.c | 25 +- fs/dlm/user.c | 10 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 6 +- fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/read.c | 2 + fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifs_debug.c | 2 + fs/smb/client/cifsglob.h | 4 + fs/smb/client/cifsproto.h | 6 +- fs/smb/client/connect.c | 6 +- fs/smb/client/file.c | 8 +- fs/smb/client/fs_context.c | 27 ++- fs/smb/client/inode.c | 13 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/sess.c | 4 +- fs/smb/client/smb2ops.c | 2 + fs/smb/client/smb2pdu.c | 10 +- fs/smb/server/smb2misc.c | 26 ++- fs/smb/server/smb2pdu.c | 228 +++++++++++------- fs/smb/server/smb_common.c | 11 +- fs/smb/server/vfs.c | 12 +- fs/ubifs/dir.c | 2 + fs/ubifs/file.c | 13 +- include/drm/drm_bridge.h | 33 +++ include/drm/drm_modeset_helper_vtables.h | 3 +- include/drm/ttm/ttm_tt.h | 9 +- include/linux/cpufreq.h | 15 +- include/linux/framer/framer.h | 4 +- include/linux/intel_rapl.h | 6 + include/linux/intel_tcc.h | 2 +- include/linux/interrupt.h | 3 + include/linux/libata.h | 1 + include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 8 + include/linux/mtd/spinand.h | 2 +- include/linux/nfs_fs.h | 1 + include/linux/oid_registry.h | 4 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 4 +- include/linux/security.h | 8 +- include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 10 + include/linux/syscalls.h | 6 +- include/linux/trace_events.h | 5 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg80211.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + include/uapi/linux/btrfs.h | 1 + init/initramfs.c | 2 +- io_uring/futex.c | 1 + io_uring/io_uring.c | 5 +- io_uring/net.c | 5 +- io_uring/poll.c | 19 +- io_uring/rw.c | 4 + io_uring/waitid.c | 7 +- kernel/bounds.c | 2 +- kernel/crash_core.c | 8 + kernel/dma/swiotlb.c | 37 +-- kernel/entry/common.c | 8 +- kernel/irq/manage.c | 9 +- kernel/module/Kconfig | 5 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/sys.c | 7 +- kernel/time/posix-clock.c | 16 +- kernel/trace/ring_buffer.c | 161 ++++++++----- kernel/trace/trace.c | 43 +++- kernel/workqueue.c | 2 +- lib/pci_iomap.c | 2 +- mm/filemap.c | 16 ++ mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/shmem_quota.c | 10 +- mm/swapfile.c | 13 +- mm/zswap.c | 8 + net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/ipv4/esp4.c | 8 +- net/ipv6/esp6.c | 8 +- net/mac80211/cfg.c | 7 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 46 ++-- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 3 + net/wireless/wext-core.c | 7 +- scripts/Makefile.extrawarn | 2 + security/apparmor/lsm.c | 4 +- security/landlock/syscalls.c | 18 +- security/lsm_syscalls.c | 10 +- security/security.c | 20 +- security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 16 +- sound/pci/hda/tas2781_hda_i2c.c | 83 ++++--- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - sound/soc/amd/yc/pci-acp6x.c | 1 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/lsm/common.h | 6 +- .../testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +- .../testing/selftests/lsm/lsm_list_modules_test.c | 8 +- .../testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +- tools/testing/selftests/mm/gup_test.c | 2 +- tools/testing/selftests/mm/soft-dirty.c | 2 +- tools/testing/selftests/mm/split_huge_page_test.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 3 + tools/testing/selftests/mm/uffd-common.h | 2 + tools/testing/selftests/mm/uffd-unit-tests.c | 13 +- tools/testing/selftests/mqueue/setting | 1 + .../selftests/wireguard/qemu/arch/riscv32.config | 1 + .../selftests/wireguard/qemu/arch/riscv64.config | 1 + virt/kvm/async_pf.c | 31 ++- 482 files changed, 4826 insertions(+), 2566 deletions(-)

1 year, 2 months

19
425
0 0

[PATCH v3 2/2] PCI: of: Attach created of_node to existing device

by Herve Codina

The commit 407d1a51921e ("PCI: Create device tree node for bridge") creates of_node for PCI devices. During the insertion handling of these new DT nodes done by of_platform, new devices (struct device) are created. For each PCI devices a struct device is already present (created and handled by the PCI core). Having a second struct device to represent the exact same PCI device is not correct. On the of_node creation: - tell the of_platform that there is no need to create a device for this node (OF_POPULATED flag), - link this newly created of_node to the already present device, - tell fwnode that the device attached to this of_node is ready using fwnode_dev_initialized(). With this fix, the of_node are available in the sysfs device tree: /sys/devices/platform/soc/d0070000.pcie/ + of_node -> .../devicetree/base/soc/pcie@d0070000 + pci0000:00 + 0000:00:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0 + 0000:01:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0/dev@0,0 On the of_node removal, revert the operations. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/pci/of.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/pci/of.c b/drivers/pci/of.c index 51e3dd0ea5ab..5afd2731e876 100644 --- a/drivers/pci/of.c +++ b/drivers/pci/of.c @@ -615,7 +615,8 @@ void of_pci_remove_node(struct pci_dev *pdev) np = pci_device_to_OF_node(pdev); if (!np || !of_node_check_flag(np, OF_DYNAMIC)) return; - pdev->dev.of_node = NULL; + + device_remove_of_node(&pdev->dev); of_changeset_revert(np->data); of_changeset_destroy(np->data); @@ -668,12 +669,22 @@ void of_pci_make_dev_node(struct pci_dev *pdev) if (ret) goto out_free_node; + /* + * This of_node will be added to an existing device. + * Avoid any device creation and use the existing device + */ + of_node_set_flag(np, OF_POPULATED); + np->fwnode.dev = &pdev->dev; + fwnode_dev_initialized(&np->fwnode, true); + ret = of_changeset_apply(cset); if (ret) goto out_free_node; np->data = cset; - pdev->dev.of_node = np; + + /* Add the of_node to the existing device */ + device_add_of_node(&pdev->dev, np); kfree(name); return; -- 2.44.0

1 year, 2 months

3
4
0 0

[PATCH] misc/pvpanic-pci: register attributes via pci_driver

by Thomas Weißschuh

In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Greg, does it make sense to duplicate fields between struct pci_driver and struct device_driver? The fields "name", "groups" and "dev_groups" are duplicated. pci_driver::dev_groups was introduced in commit ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") because "this helps converting PCI drivers sysfs attributes to static" I don't understand the reasoning. The embedded device_driver shares the same storage lifetime and the fields have the exact same type. --- drivers/misc/pvpanic/pvpanic-pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver); --- base-commit: 00dcf5d862e86e57f5ce46344039f11bb1ad61f6 change-id: 20240411-pvpanic-pci-dev-groups-e3beebcbc4e4 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-expensive-footage-f3ea@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 2 months

3
2
0 0

[PATCH v4] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM Cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM Cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how Cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM Cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 2 months

3
3
0 0

[PATCH v2 5.10.y 1/1] mailbox: imx: fix suspend failure

by Daisuke Mizobuchi

imx_mu_isr() always calls pm_system_wakeup() even when it should not, making the system unable to enter sleep. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream commit 892cb524ae8a is correct, so this seems to be a mistake during cherry-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> Reviewed-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 2 months

3
2
0 0

[PATCH v2 5/5] drm/vmwgfx: Sort primary plane formats by order of preference

by Zack Rusin

The table of primary plane formats wasn't sorted at all, leading to applications picking our least desirable formats by defaults. Sort the primary plane formats according to our order of preference. Nice side-effect of this change is that it makes IGT's kms_atomic plane-invalid-params pass because the test picks the first format which for vmwgfx was DRM_FORMAT_XRGB1555 and uses fb's with odd sizes which make Pixman, which IGT depends on assert due to the fact that our 16bpp formats aren't 32 bit aligned like Pixman requires all formats to be. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Acked-by: Pekka Paalanen <pekka.paalanen(a)collabora.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf9931e3a728..bf24f2f0dcfc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -233,10 +233,10 @@ struct vmw_framebuffer_bo { static const uint32_t __maybe_unused vmw_primary_plane_formats[] = { - DRM_FORMAT_XRGB1555, - DRM_FORMAT_RGB565, DRM_FORMAT_XRGB8888, DRM_FORMAT_ARGB8888, + DRM_FORMAT_RGB565, + DRM_FORMAT_XRGB1555, }; static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = { -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Reviewed-by: Ian Forbes <ian.forbes(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 2 months

1
0
0 0