- Linux-stable-mirror - lists.linaro.org

[PATCH v2 2/2] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic

by Wayne Chang

This commit resolves an issue in the tegra-xudc USB gadget driver that incorrectly fetched USB3 PHY instances. The problem stemmed from the assumption of a one-to-one correspondence between USB2 and USB3 PHY names and their association with physical USB ports in the device tree. Previously, the driver associated USB3 PHY names directly with the USB3 instance number, leading to mismatches when mapping the physical USB ports. For instance, if using USB3-1 PHY, the driver expect the corresponding PHY name as 'usb3-1'. However, the physical USB ports in the device tree were designated as USB2-0 and USB3-0 as we only have one device controller, causing a misalignment. This commit rectifies the issue by adjusting the PHY naming logic. Now, the driver correctly correlates the USB2 and USB3 PHY instances, allowing the USB2-0 and USB3-1 PHYs to form a physical USB port pair while accurately reflecting their configuration in the device tree by naming them USB2-0 and USB3-0, respectively. The change ensures that the PHY and PHY names align appropriately, resolving the mismatch between physical USB ports and their associated names in the device tree. Fixes: b4e19931c98a ("usb: gadget: tegra-xudc: Support multiple device modes") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1 -> V2:no change drivers/usb/gadget/udc/tegra-xudc.c | 39 ++++++++++++++++++----------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c index cb85168fd00c..7aa46d426f31 100644 --- a/drivers/usb/gadget/udc/tegra-xudc.c +++ b/drivers/usb/gadget/udc/tegra-xudc.c @@ -3491,8 +3491,8 @@ static void tegra_xudc_device_params_init(struct tegra_xudc *xudc) static int tegra_xudc_phy_get(struct tegra_xudc *xudc) { - int err = 0, usb3; - unsigned int i; + int err = 0, usb3_companion_port; + unsigned int i, j; xudc->utmi_phy = devm_kcalloc(xudc->dev, xudc->soc->num_phys, sizeof(*xudc->utmi_phy), GFP_KERNEL); @@ -3520,7 +3520,7 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc) if (IS_ERR(xudc->utmi_phy[i])) { err = PTR_ERR(xudc->utmi_phy[i]); dev_err_probe(xudc->dev, err, - "failed to get usb2-%d PHY\n", i); + "failed to get PHY for phy-name usb2-%d\n", i); goto clean_up; } else if (xudc->utmi_phy[i]) { /* Get usb-phy, if utmi phy is available */ @@ -3539,19 +3539,30 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc) } /* Get USB3 phy */ - usb3 = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i); - if (usb3 < 0) + usb3_companion_port = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i); + if (usb3_companion_port < 0) continue; - snprintf(phy_name, sizeof(phy_name), "usb3-%d", usb3); - xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name); - if (IS_ERR(xudc->usb3_phy[i])) { - err = PTR_ERR(xudc->usb3_phy[i]); - dev_err_probe(xudc->dev, err, - "failed to get usb3-%d PHY\n", usb3); - goto clean_up; - } else if (xudc->usb3_phy[i]) - dev_dbg(xudc->dev, "usb3-%d PHY registered", usb3); + for (j = 0; j < xudc->soc->num_phys; j++) { + snprintf(phy_name, sizeof(phy_name), "usb3-%d", j); + xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name); + if (IS_ERR(xudc->usb3_phy[i])) { + err = PTR_ERR(xudc->usb3_phy[i]); + dev_err_probe(xudc->dev, err, + "failed to get PHY for phy-name usb3-%d\n", j); + goto clean_up; + } else if (xudc->usb3_phy[i]) { + int usb2_port = + tegra_xusb_padctl_get_port_number(xudc->utmi_phy[i]); + int usb3_port = + tegra_xusb_padctl_get_port_number(xudc->usb3_phy[i]); + if (usb3_port == usb3_companion_port) { + dev_dbg(xudc->dev, "USB2 port %d is paired with USB3 port %d for device mode port %d\n", + usb2_port, usb3_port, i); + break; + } + } + } } return err; -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH stable-4.19] mm/memory-failure: fix an incorrect use of tail pages

by Liu Shixin

When backport commit c79c5a0a00a9 to 4.19-stable, there is a mistake change. The head page instead of tail page should be passed to try_to_unmap(), otherwise unmap will failed as follows. Memory failure: 0x121c10: failed to unmap page (mapcount=1) Memory failure: 0x121c10: recovery action for unmapping failed page: Ignored Fixes: c6f50413f2aa ("mm/memory-failure: check the mapcount of the precise page") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> --- mm/memory-failure.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index c971d5e11f93..5fce5df0fe35 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1033,7 +1033,7 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn, if (kill) collect_procs(hpage, &tokill, flags & MF_ACTION_REQUIRED); - unmap_success = try_to_unmap(p, ttu); + unmap_success = try_to_unmap(hpage, ttu); if (!unmap_success) pr_err("Memory failure: %#lx: failed to unmap page (mapcount=%d)\n", pfn, page_mapcount(p)); -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH stable-5.4] mm/memory-failure: fix an incorrect use of tail pages

by Liu Shixin

When backport commit c79c5a0a00a9 to 5.4-stable, there is a mistake change. The head page instead of tail page should be passed to try_to_unmap(), otherwise unmap will failed as follows. Memory failure: 0x121c10: failed to unmap page (mapcount=1) Memory failure: 0x121c10: recovery action for unmapping failed page: Ignored Fixes: 85015a96bc24 ("mm/memory-failure: check the mapcount of the precise page") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> --- mm/memory-failure.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index c6453f9ffd4d..0e7566c25939 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1030,7 +1030,7 @@ static bool hwpoison_user_mappings(struct page *p, unsigned long pfn, if (kill) collect_procs(hpage, &tokill, flags & MF_ACTION_REQUIRED); - unmap_success = try_to_unmap(p, ttu); + unmap_success = try_to_unmap(hpage, ttu); if (!unmap_success) pr_err("Memory failure: %#lx: failed to unmap page (mapcount=%d)\n", pfn, page_mapcount(p)); -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH stable 6.6 and 6.7] NFS: Fix data corruption caused by congestion.

by NeilBrown

when AOP_WRITEPAGE_ACTIVATE is returned (as NFS does when it detects congestion) it is important that the folio is redirtied. nfs_writepage_locked() doesn't do this, so files can become corrupted as writes can be lost. Note that this is not needed in v6.8 as AOP_WRITEPAGE_ACTIVATE cannot be returned. It is needed for kernels v5.18..v6.7. Prior to 6.3 the patch is different as it needs to mention "page", not "folio". Reported-and-tested-by: Jacek Tomaka <Jacek.Tomaka(a)poczta.fm> Fixes: 6df25e58532b ("nfs: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> --- fs/nfs/write.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/nfs/write.c b/fs/nfs/write.c index b664caea8b4e..9e345d3c305a 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -668,8 +668,10 @@ static int nfs_writepage_locked(struct folio *folio, int err; if (wbc->sync_mode == WB_SYNC_NONE && - NFS_SERVER(inode)->write_congested) + NFS_SERVER(inode)->write_congested) { + folio_redirty_for_writepage(wbc, folio); return AOP_WRITEPAGE_ACTIVATE; + } nfs_inc_stats(inode, NFSIOS_VFSWRITEPAGE); nfs_pageio_init_write(&pgio, inode, 0, false, -- 2.43.0

1 year, 3 months

2
4
0 0

[PATCH v5 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Tested-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..48b28c59c592 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + flush_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 3 months

2
4
0 0

[PATCH V3] usb: dwc3: gadget: Fix suspend/resume warning when no-gadget is connected

by Michael Trimarchi

This patch avoid to disconnect an already gadget in not connected state [ 45.597274] dwc3 31000000.usb: wait for SETUP phase timed out [ 45.599140] dwc3 31000000.usb: failed to set STALL on ep0out [ 45.601069] ------------[ cut here ]------------ [ 45.601073] WARNING: CPU: 0 PID: 150 at drivers/usb/dwc3/ep0.c:289 dwc3_ep0_out_start+0xcc/0xd4 [ 45.601102] Modules linked in: cfg80211 rfkill ipv6 rpmsg_ctrl rpmsg_char crct10dif_ce rti_wdt k3_j72xx_bandgap rtc_ti_k3 omap_mailbox sa2ul authenc [last unloaded: ti_k3_r5_remoteproc] [ 45.601151] CPU: 0 PID: 150 Comm: sh Not tainted 6.8.0-rc5 #1 [ 45.601159] Hardware name: BSH - CCM-M3 (DT) [ 45.601164] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 45.601172] pc : dwc3_ep0_out_start+0xcc/0xd4 [ 45.601179] lr : dwc3_ep0_out_start+0x50/0xd4 [ 45.601186] sp : ffff8000832739e0 [ 45.601189] x29: ffff8000832739e0 x28: ffff800082a21000 x27: ffff8000808dc630 [ 45.601200] x26: 0000000000000002 x25: ffff800082530a44 x24: 0000000000000000 [ 45.601210] x23: ffff000000e079a0 x22: ffff000000e07a68 x21: 0000000000000001 [ 45.601219] x20: ffff000000e07880 x19: ffff000000e07880 x18: 0000000000000040 [ 45.601229] x17: ffff7fff8e1ce000 x16: ffff800080000000 x15: fffffffffffe5260 [ 45.601239] x14: 0000000000000000 x13: 206e6f204c4c4154 x12: 5320746573206f74 [ 45.601249] x11: 0000000000000001 x10: 000000000000000a x9 : ffff800083273930 [ 45.601259] x8 : 000000000000000a x7 : ffffffffffff3f0c x6 : ffffffffffff3f00 [ 45.601268] x5 : ffffffffffff3f0c x4 : 0000000000000000 x3 : 0000000000000000 [ 45.601278] x2 : 0000000000000000 x1 : ffff000004e7e600 x0 : 00000000ffffff92 [ 45.601289] Call trace: [ 45.601293] dwc3_ep0_out_start+0xcc/0xd4 [ 45.601301] dwc3_ep0_stall_and_restart+0x98/0xbc [ 45.601309] dwc3_ep0_reset_state+0x5c/0x88 [ 45.601315] dwc3_gadget_soft_disconnect+0x144/0x160 [ 45.601323] dwc3_gadget_suspend+0x18/0xb0 [ 45.601329] dwc3_suspend_common+0x5c/0x18c [ 45.601341] dwc3_suspend+0x20/0x44 [ 45.601350] platform_pm_suspend+0x2c/0x6c [ 45.601360] __device_suspend+0x10c/0x34c [ 45.601372] dpm_suspend+0x1a8/0x240 [ 45.601382] dpm_suspend_start+0x80/0x9c [ 45.601391] suspend_devices_and_enter+0x1c4/0x584 [ 45.601402] pm_suspend+0x1b0/0x264 [ 45.601408] state_store+0x80/0xec [ 45.601415] kobj_attr_store+0x18/0x2c [ 45.601426] sysfs_kf_write+0x44/0x54 [ 45.601434] kernfs_fop_write_iter+0x120/0x1ec [ 45.601445] vfs_write+0x23c/0x358 [ 45.601458] ksys_write+0x70/0x104 [ 45.601467] __arm64_sys_write+0x1c/0x28 [ 45.601477] invoke_syscall+0x48/0x114 [ 45.601488] el0_svc_common.constprop.0+0x40/0xe0 [ 45.601498] do_el0_svc+0x1c/0x28 [ 45.601506] el0_svc+0x34/0xb8 [ 45.601516] el0t_64_sync_handler+0x100/0x12c [ 45.601522] el0t_64_sync+0x190/0x194 [ 45.601531] ---[ end trace 0000000000000000 ]--- [ 45.608794] Disabling non-boot CPUs ... [ 45.611029] psci: CPU1 killed (polled 0 ms) [ 45.611837] Enabling non-boot CPUs ... [ 45.612247] Detected VIPT I-cache on CPU1 Tested on a am62x board with a usbnet gadget Fixes: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend) Cc: stable(a)vger.kernel.org Signed-off-by: Michael Trimarchi <michael(a)amarulasolutions.com> --- V2->V3: - Change the logic of the patch using the gadget connected state - Change of the commit message V1->V2: - Add stable in CC --- drivers/usb/dwc3/gadget.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4c8dd6724678..a7316a1703ad 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2650,6 +2650,15 @@ static int dwc3_gadget_soft_disconnect(struct dwc3 *dwc) int ret; spin_lock_irqsave(&dwc->lock, flags); + /* + * Attempt to disconnect a no connected gadget + */ + if (!dwc->connected) { + dev_warn(dwc->dev, "No connected device\n"); + spin_unlock_irqrestore(&dwc->lock, flags); + return 0; + } + dwc->connected = false; /* -- 2.40.1

1 year, 3 months

4
6
0 0

[PATCH v5 2/2] of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Saravana Kannan <saravanak(a)google.com> Tested-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> --- drivers/of/dynamic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c index 3bf27052832f..4d57a4e34105 100644 --- a/drivers/of/dynamic.c +++ b/drivers/of/dynamic.c @@ -9,6 +9,7 @@ #define pr_fmt(fmt) "OF: " fmt +#include <linux/device.h> #include <linux/of.h> #include <linux/spinlock.h> #include <linux/slab.h> @@ -667,6 +668,17 @@ void of_changeset_destroy(struct of_changeset *ocs) { struct of_changeset_entry *ce, *cen; + /* + * When a device is deleted, the device links to/from it are also queued + * for deletion. Until these device links are freed, the devices + * themselves aren't freed. If the device being deleted is due to an + * overlay change, this device might be holding a reference to a device + * node that will be freed. So, wait until all already pending device + * links are deleted before freeing a device node. This ensures we don't + * free any device node that has a non-zero reference count. + */ + device_link_wait_removal(); + list_for_each_entry_safe_reverse(ce, cen, &ocs->entries, node) __of_changeset_entry_destroy(ce); } -- 2.43.0

1 year, 3 months

1
0
0 0

[REGRESSION] NULL pointer dereference drm_dp_add_payload_part2

by Leon Weiß

Hello, 54d217406afe250d7a768783baaa79a035f21d38 fixed an issue in drm_dp_add_payload_part2 that lead to a NULL pointer dereference in case state is NULL. The change was (accidentally?) reverted in 5aa1dfcdf0a429e4941e2eef75b006a8c7a8ac49 and the problem reappeared. The issue is rather spurious, but I've had it appear when unplugging a thunderbolt dock. #regzbot introduced 5aa1dfcdf0a429e4941e2eef75b006a8c7a8ac49

1 year, 3 months

3
3
0 0

[PATCH linux-5.4.y 0/8] Fix the UAF issue caused by the loop driver

by Genjian

From: Genjian Zhang <zhanggenjian(a)kylinos.cn> Hello! We found that 13b2856037a6 ("loop: Check for overflow while configuring loop") lost a unlock loop_ctl_mutex in loop_get_status(...). which caused syzbot to report a UAF issue. However, the upstream patch does not have this issue. So, we revert this patch and directly apply the unmodified upstream patch. This series of patches was also sent to 4.19.y. https://lore.kernel.org/all/20240301013028.2293831-1-zhanggenjian@126.com/ Risk use-after-free as reported by syzbot： [ 84.669496] ================================================================== [ 84.670021] BUG: KASAN: use-after-free in __mutex_lock.isra.9+0xc13/0xcb0 [ 84.670433] Read of size 4 at addr ffff88808dba43b8 by task syz-executor.22/14230 [ 84.670885] [ 84.670987] CPU: 1 PID: 14230 Comm: syz-executor.22 Not tainted 5.4.270 #4 [ 84.671397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1kylin1 04/01/2014 [ 84.671927] Call Trace: [ 84.672085] dump_stack+0x94/0xc7 [ 84.672293] ? __mutex_lock.isra.9+0xc13/0xcb0 [ 84.672569] print_address_description.constprop.6+0x16/0x220 [ 84.672915] ? __mutex_lock.isra.9+0xc13/0xcb0 [ 84.673187] ? __mutex_lock.isra.9+0xc13/0xcb0 [ 84.673462] __kasan_report.cold.9+0x1a/0x32 [ 84.673723] ? __mutex_lock.isra.9+0xc13/0xcb0 [ 84.673993] kasan_report+0x10/0x20 [ 84.674208] __mutex_lock.isra.9+0xc13/0xcb0 [ 84.674468] ? __mutex_lock.isra.9+0x617/0xcb0 [ 84.674739] ? ww_mutex_lock_interruptible+0x100/0x100 [ 84.675055] ? ww_mutex_lock_interruptible+0x100/0x100 [ 84.675369] ? kobject_get_unless_zero+0x144/0x190 [ 84.675668] ? kobject_del+0x60/0x60 [ 84.675893] ? __module_get+0x120/0x120 [ 84.676128] ? __mutex_lock_slowpath+0x10/0x10 [ 84.676399] mutex_lock_killable+0xde/0xf0 [ 84.676652] ? __mutex_lock_killable_slowpath+0x10/0x10 [ 84.676967] ? __mutex_lock_slowpath+0x10/0x10 [ 84.677243] ? disk_block_events+0x1d/0x120 [ 84.677509] lo_open+0x16/0xc0 [ 84.677701] ? lo_compat_ioctl+0x160/0x160 [ 84.677954] __blkdev_get+0xb0f/0x1160 [ 84.678185] ? bd_may_claim+0xd0/0xd0 [ 84.678410] ? bdev_disk_changed+0x190/0x190 [ 84.678674] ? _raw_spin_lock+0x7c/0xd0 [ 84.678915] ? _raw_write_lock_bh+0xd0/0xd0 [ 84.679172] blkdev_get+0x9b/0x290 [ 84.679381] ? ihold+0x1a/0x40 [ 84.679574] blkdev_open+0x1bd/0x240 [ 84.679794] do_dentry_open+0x439/0x1000 [ 84.680035] ? blkdev_get_by_dev+0x60/0x60 [ 84.680286] ? __x64_sys_fchdir+0x1a0/0x1a0 [ 84.680557] ? inode_permission+0x86/0x320 [ 84.680814] path_openat+0x998/0x4120 [ 84.681044] ? stack_trace_consume_entry+0x160/0x160 [ 84.681348] ? do_futex+0x136/0x1880 [ 84.681568] ? path_mountpoint+0xb50/0xb50 [ 84.681823] ? save_stack+0x4d/0x80 [ 84.682038] ? save_stack+0x19/0x80 [ 84.682253] ? __kasan_kmalloc.constprop.6+0xc1/0xd0 [ 84.682553] ? kmem_cache_alloc+0xc7/0x210 [ 84.682804] ? getname_flags+0xc4/0x560 [ 84.683045] ? do_sys_open+0x1ce/0x450 [ 84.683272] ? do_syscall_64+0x9a/0x330 [ 84.683509] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 84.683826] ? _raw_spin_lock+0x7c/0xd0 [ 84.684063] ? _raw_write_lock_bh+0xd0/0xd0 [ 84.684319] ? futex_exit_release+0x60/0x60 [ 84.684574] ? kasan_unpoison_shadow+0x30/0x40 [ 84.684844] ? __kasan_kmalloc.constprop.6+0xc1/0xd0 [ 84.685149] ? get_partial_node.isra.83.part.84+0x1e5/0x340 [ 84.685485] ? __fget_light+0x1d1/0x550 [ 84.685721] do_filp_open+0x197/0x270 [ 84.685946] ? may_open_dev+0xd0/0xd0 [ 84.686172] ? kasan_unpoison_shadow+0x30/0x40 [ 84.686443] ? __kasan_kmalloc.constprop.6+0xc1/0xd0 [ 84.686743] ? __alloc_fd+0x1a3/0x580 [ 84.686973] do_sys_open+0x2c7/0x450 [ 84.687195] ? filp_open+0x60/0x60 [ 84.687406] ? __x64_sys_timer_settime32+0x280/0x280 [ 84.687707] do_syscall_64+0x9a/0x330 [ 84.687931] ? syscall_return_slowpath+0x17a/0x230 [ 84.688221] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 84.688524] [ 84.688622] Allocated by task 14056: [ 84.688842] save_stack+0x19/0x80 [ 84.689044] __kasan_kmalloc.constprop.6+0xc1/0xd0 [ 84.689333] kmem_cache_alloc_node+0xe2/0x230 [ 84.689600] copy_process+0x165c/0x72d0 [ 84.689833] _do_fork+0xf9/0x9a0 [ 84.690032] __x64_sys_clone+0x17a/0x200 [ 84.690271] do_syscall_64+0x9a/0x330 [ 84.690496] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 84.690800] [ 84.690903] Freed by task 0: [ 84.691081] save_stack+0x19/0x80 [ 84.691287] __kasan_slab_free+0x125/0x170 [ 84.691535] kmem_cache_free+0x7a/0x2a0 [ 84.691774] __put_task_struct+0x1ec/0x4a0 [ 84.692023] delayed_put_task_struct+0x178/0x1d0 [ 84.692303] rcu_core+0x538/0x16c0 [ 84.692512] __do_softirq+0x175/0x63d [ 84.692741] [ 84.692840] The buggy address belongs to the object at ffff88808dba4380 [ 84.692840] which belongs to the cache task_struct of size 3328 [ 84.693584] The buggy address is located 56 bytes inside of [ 84.693584] 3328-byte region [ffff88808dba4380, ffff88808dba5080) [ 84.694272] The buggy address belongs to the page: [ 84.694563] page:ffffea000236e800 refcount:1 mapcount:0 mapping:ffff8881838acdc0 index:0x0 compound_mapcount: 0 [ 84.695166] flags: 0x100000000010200(slab|head) [ 84.695457] raw: 0100000000010200 dead000000000100 dead000000000122 ffff8881838acdc0 [ 84.695919] raw: 0000000000000000 0000000000090009 00000001ffffffff 0000000000000000 [ 84.696375] page dumped because: kasan: bad access detected [ 84.696705] [ 84.696801] Memory state around the buggy address: [ 84.697089] ffff88808dba4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.697519] ffff88808dba4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.697945] >ffff88808dba4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.698371] ^ [ 84.698674] ffff88808dba4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.699111] ffff88808dba4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.699537] ================================================================== [ 84.699965] Disabling lock debugging due to kernel taint Best regards Genjian Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Siddh Raman Pant (1): loop: Check for overflow while configuring loop Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment drivers/block/loop.c | 185 ++++++++++++++++++++++++------------------- 1 file changed, 104 insertions(+), 81 deletions(-) -- 2.25.1

1 year, 3 months

1
8
0 0

[PATCH v2] btrfs: do not skip re-registration for the mounted device

by Anand Jain

There are reports that since version 6.7 update-grub fails to find the device of the root on systems without initrd and on a single device. This looks like the device name changed in the output of /proc/self/mountinfo: 6.5-rc5 working 18 1 0:16 / / rw,noatime - btrfs /dev/sda8 ... 6.7 not working: 17 1 0:15 / / rw,noatime - btrfs /dev/root ... and "update-grub" shows this error: /usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?) This looks like it's related to the device name, but grub-probe recognizes the "/dev/root" path and tries to find the underlying device. However there's a special case for some filesystems, for btrfs in particular. The generic root device detection heuristic is not done and it all relies on reading the device infos by a btrfs specific ioctl. This ioctl returns the device name as it was saved at the time of device scan (in this case it's /dev/root). The change in 6.7 for temp_fsid to allow several single device filesystem to exist with the same fsid (and transparently generate a new UUID at mount time) was to skip caching/registering such devices. This also skipped mounted device. One step of scanning is to check if the device name hasn't changed, and if yes then update the cached value. This broke the grub-probe as it always read the device /dev/root and couldn't find it in the system. A temporary workaround is to create a symlink but this does not survive reboot. The right fix is to allow updating the device path of a mounted filesystem even if this is a single device one. In the fix, check if the device's major:minor number matches with the cached device. If they do, then we can allow the scan to happen so that device_list_add() can take care of updating the device path. The file descriptor remains unchanged. This does not affect the temp_fsid feature, the UUID of the mounted filesystem remains the same and the matching is based on device major:minor which is unique per mounted filesystem. This covers the path when the device (that exists for all mounted devices) name changes, updating /dev/root to /dev/sdx. Any other single device with filesystem and is not mounted is still skipped. Note that if a system is booted and initial mount is done on the /dev/root device, this will be the cached name of the device. Only after the command "btrfs device scan" it will change as it triggers the rename. The fix was verified by users whose systems were affected. CC: stable(a)vger.kernel.org # 6.7+ Fixes: bc27d6f0aa0e ("btrfs: scan but don't register device on single device filesystem") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=218353 Link: https://lore.kernel.org/lkml/CAKLYgeJ1tUuqLcsquwuFqjDXPSJpEiokrWK2gisPKDZLs… Signed-off-by: Anand Jain <anand.jain(a)oracle.com> Tested-by: Alex Romosan <aromosan(a)gmail.com> Tested-by: CHECK_1234543212345(a)protonmail.com --- v2: Updated git commit log from [PATCH] with permission. Thx. [PATCH] btrfs: always scan a single device when mounted Add Tested-by. fs/btrfs/volumes.c | 44 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 474ab7ed65ea..192c540a650c 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -1299,6 +1299,31 @@ int btrfs_forget_devices(dev_t devt) return ret; } +static bool btrfs_skip_registration(struct btrfs_super_block *disk_super, + dev_t devt, bool mount_arg_dev) +{ + struct btrfs_fs_devices *fs_devices; + + list_for_each_entry(fs_devices, &fs_uuids, fs_list) { + struct btrfs_device *device; + + mutex_lock(&fs_devices->device_list_mutex); + list_for_each_entry(device, &fs_devices->devices, dev_list) { + if (device->devt == devt) { + mutex_unlock(&fs_devices->device_list_mutex); + return false; + } + } + mutex_unlock(&fs_devices->device_list_mutex); + } + + if (!mount_arg_dev && btrfs_super_num_devices(disk_super) == 1 && + !(btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) + return true; + + return false; +} + /* * Look for a btrfs signature on a device. This may be called out of the mount path * and we are not allowed to call set_blocksize during the scan. The superblock @@ -1316,6 +1341,7 @@ struct btrfs_device *btrfs_scan_one_device(const char *path, blk_mode_t flags, struct btrfs_device *device = NULL; struct bdev_handle *bdev_handle; u64 bytenr, bytenr_orig; + dev_t devt = 0; int ret; lockdep_assert_held(&uuid_mutex); @@ -1355,18 +1381,16 @@ struct btrfs_device *btrfs_scan_one_device(const char *path, blk_mode_t flags, goto error_bdev_put; } - if (!mount_arg_dev && btrfs_super_num_devices(disk_super) == 1 && - !(btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) { - dev_t devt; + ret = lookup_bdev(path, &devt); + if (ret) + btrfs_warn(NULL, "lookup bdev failed for path %s: %d", + path, ret); - ret = lookup_bdev(path, &devt); - if (ret) - btrfs_warn(NULL, "lookup bdev failed for path %s: %d", - path, ret); - else + if (btrfs_skip_registration(disk_super, devt, mount_arg_dev)) { + pr_debug("BTRFS: skip registering single non-seed device %s\n", + path); + if (devt) btrfs_free_stale_devices(devt, NULL); - - pr_debug("BTRFS: skip registering single non-seed device %s\n", path); device = NULL; goto free_disk_super; } -- 2.39.3

1 year, 3 months

3
9
0 0

[PATCH 2/2] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic

by Wayne Chang

This commit resolves an issue in the tegra-xudc USB gadget driver that incorrectly fetched USB3 PHY instances. The problem stemmed from the assumption of a one-to-one correspondence between USB2 and USB3 PHY names and their association with physical USB ports in the device tree. Previously, the driver associated USB3 PHY names directly with the USB3 instance number, leading to mismatches when mapping the physical USB ports. For instance, if using USB3-1 PHY, the driver expect the corresponding PHY name as 'usb3-1'. However, the physical USB ports in the device tree were designated as USB2-0 and USB3-0 as we only have one device controller, causing a misalignment. This commit rectifies the issue by adjusting the PHY naming logic. Now, the driver correctly correlates the USB2 and USB3 PHY instances, allowing the USB2-0 and USB3-1 PHYs to form a physical USB port pair while accurately reflecting their configuration in the device tree by naming them USB2-0 and USB3-0, respectively. The change ensures that the PHY and PHY names align appropriately, resolving the mismatch between physical USB ports and their associated names in the device tree. Fixes: b4e19931c98a ("usb: gadget: tegra-xudc: Support multiple device modes") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++++++++++++++++++----------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c index cb85168fd00c..7aa46d426f31 100644 --- a/drivers/usb/gadget/udc/tegra-xudc.c +++ b/drivers/usb/gadget/udc/tegra-xudc.c @@ -3491,8 +3491,8 @@ static void tegra_xudc_device_params_init(struct tegra_xudc *xudc) static int tegra_xudc_phy_get(struct tegra_xudc *xudc) { - int err = 0, usb3; - unsigned int i; + int err = 0, usb3_companion_port; + unsigned int i, j; xudc->utmi_phy = devm_kcalloc(xudc->dev, xudc->soc->num_phys, sizeof(*xudc->utmi_phy), GFP_KERNEL); @@ -3520,7 +3520,7 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc) if (IS_ERR(xudc->utmi_phy[i])) { err = PTR_ERR(xudc->utmi_phy[i]); dev_err_probe(xudc->dev, err, - "failed to get usb2-%d PHY\n", i); + "failed to get PHY for phy-name usb2-%d\n", i); goto clean_up; } else if (xudc->utmi_phy[i]) { /* Get usb-phy, if utmi phy is available */ @@ -3539,19 +3539,30 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc) } /* Get USB3 phy */ - usb3 = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i); - if (usb3 < 0) + usb3_companion_port = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i); + if (usb3_companion_port < 0) continue; - snprintf(phy_name, sizeof(phy_name), "usb3-%d", usb3); - xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name); - if (IS_ERR(xudc->usb3_phy[i])) { - err = PTR_ERR(xudc->usb3_phy[i]); - dev_err_probe(xudc->dev, err, - "failed to get usb3-%d PHY\n", usb3); - goto clean_up; - } else if (xudc->usb3_phy[i]) - dev_dbg(xudc->dev, "usb3-%d PHY registered", usb3); + for (j = 0; j < xudc->soc->num_phys; j++) { + snprintf(phy_name, sizeof(phy_name), "usb3-%d", j); + xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name); + if (IS_ERR(xudc->usb3_phy[i])) { + err = PTR_ERR(xudc->usb3_phy[i]); + dev_err_probe(xudc->dev, err, + "failed to get PHY for phy-name usb3-%d\n", j); + goto clean_up; + } else if (xudc->usb3_phy[i]) { + int usb2_port = + tegra_xusb_padctl_get_port_number(xudc->utmi_phy[i]); + int usb3_port = + tegra_xusb_padctl_get_port_number(xudc->usb3_phy[i]); + if (usb3_port == usb3_companion_port) { + dev_dbg(xudc->dev, "USB2 port %d is paired with USB3 port %d for device mode port %d\n", + usb2_port, usb3_port, i); + break; + } + } + } } return err; -- 2.25.1

1 year, 3 months

2
2
0 0

[PATCH v2] libceph: init the cursor when preparing the sparse read

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> The osd code has remove cursor initilizing code and this will make the sparse read state into a infinite loop. We should initialize the cursor just before each sparse-read in messnger v2. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/64607 Fixes: 8e46a2d068c9 ("libceph: just wait for more data to be available on the socket") Reported-by: Luis Henriques <lhenriques(a)suse.de> Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- V2: - Just removed the unnecessary 'sparse_read_total' check. net/ceph/messenger_v2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c index a0ca5414b333..ab3ab130a911 100644 --- a/net/ceph/messenger_v2.c +++ b/net/ceph/messenger_v2.c @@ -2034,6 +2034,9 @@ static int prepare_sparse_read_data(struct ceph_connection *con) if (!con_secure(con)) con->in_data_crc = -1; + ceph_msg_data_cursor_init(&con->v2.in_cursor, con->in_msg, + con->in_msg->sparse_read_total); + reset_in_kvecs(con); con->v2.in_state = IN_S_PREPARE_SPARSE_DATA_CONT; con->v2.data_len_remain = data_len(msg); -- 2.43.0

1 year, 3 months

4
3
0 0

[PATCH 5.15 00/83] 5.15.151-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.151 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 11:31:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.151-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.151-rc2 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Gal Pressman <gal(a)nvidia.com> Revert "tls: rx: move counting TlsDecryptErrors for sync" Jakub Kicinski <kuba(a)kernel.org> net: tls: fix async vs NIC crypto offload Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Max Krummenacher <max.krummenacher(a)toradex.com> Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Jean Sacren <sakiwit(a)gmail.com> mptcp: clean up harmless false expressions Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: rename timer related helper to less confusing names Paolo Abeni <pabeni(a)redhat.com> mptcp: process pending subflow error on close Paolo Abeni <pabeni(a)redhat.com> mptcp: move __mptcp_error_report in protocol.c Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Jakub Kicinski <kuba(a)kernel.org> tls: rx: use async as an in-out argument Jakub Kicinski <kuba(a)kernel.org> tls: rx: assume crypto always calls our callback Jakub Kicinski <kuba(a)kernel.org> tls: rx: move counting TlsDecryptErrors for sync Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't track the async count Jakub Kicinski <kuba(a)kernel.org> tls: rx: factor out writing ContentType to cmsg Jakub Kicinski <kuba(a)kernel.org> tls: rx: wrap decryption arguments in a structure Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't report text length from the bowels of decrypt Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop unnecessary arguments from tls_setup_from_iter() Jakub Kicinski <kuba(a)kernel.org> tls: hw: rx: use return value of tls_device_decrypted() to carry status Jakub Kicinski <kuba(a)kernel.org> tls: rx: refactor decrypt_skb_update() Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't issue wake ups when data is decrypted Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the decryption status in socket context Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the record type in socket context Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Florian Westphal <fw(a)strlen.de> netfilter: make function op structures const Florian Westphal <fw(a)strlen.de> netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: silence bogus compiler warning Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Vasily Averin <vvs(a)openvz.org> net: enable memcg accounting for veth queues Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 +- drivers/interconnect/core.c | 18 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +++- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/net/veth.c | 40 +-- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- include/linux/netfilter.h | 14 +- include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_conntrack.h | 8 + include/net/strparser.h | 4 + include/net/tls.h | 11 +- include/uapi/linux/bpf.h | 37 ++- include/uapi/linux/in6.h | 2 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 ++++- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mptcp/diag.c | 3 + net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++-- net/mptcp/subflow.c | 36 --- net/netfilter/core.c | 45 +-- net/netfilter/nf_conntrack_core.c | 21 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_proto_tcp.c | 35 +++ net/netfilter/nf_nat_core.c | 2 +- net/netfilter/nf_tables_api.c | 7 + net/netfilter/nfnetlink_queue.c | 10 +- net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/tls/tls_device.c | 6 +- net/tls/tls_sw.c | 316 ++++++++++------------ net/unix/garbage.c | 22 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- tools/include/uapi/linux/bpf.h | 37 ++- tools/testing/selftests/net/mptcp/config | 2 + 69 files changed, 991 insertions(+), 529 deletions(-)

1 year, 3 months

6
5
0 0

[PATCH] mmc: part_switch: fixes switch on gp3 partition

by Dominique Martinet

From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Commit e7794c14fd73 ("mmc: rpmb: fixes pause retune on all RPMB partitions.") added a mask check for 'part_type', but the mask used was wrong leading to the code intended for rpmb also being executed for GP3. On some MMCs (but not all) this would make gp3 partition inaccessible: armadillo:~# head -c 1 < /dev/mmcblk2gp3 head: standard input: I/O error armadillo:~# dmesg -c [ 422.976583] mmc2: running CQE recovery [ 423.058182] mmc2: running CQE recovery [ 423.137607] mmc2: running CQE recovery [ 423.137802] blk_update_request: I/O error, dev mmcblk2gp3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0 [ 423.237125] mmc2: running CQE recovery [ 423.318206] mmc2: running CQE recovery [ 423.397680] mmc2: running CQE recovery [ 423.397837] blk_update_request: I/O error, dev mmcblk2gp3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 423.408287] Buffer I/O error on dev mmcblk2gp3, logical block 0, async page read the part_type values of interest here are defined as follow: main 0 boot0 1 boot1 2 rpmb 3 gp0 4 gp1 5 gp2 6 gp3 7 so mask with EXT_CSD_PART_CONFIG_ACC_MASK (7) to correctly identify rpmb Fixes: e7794c14fd73 ("mmc: rpmb: fixes pause retune on all RPMB partitions.") Cc: stable(a)vger.kernel.org Cc: Jorge Ramirez-Ortiz <jorge(a)foundries.io> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- A couple of notes: - this doesn't fail on all eMMCs, I can still access gp3 on some models but it seems to fail reliably with micron's "G1M15L" - I've encountered this on the 5.10 backport (in 5.10.208), so that'll need to be backported everywhere the fix was taken... Thanks! --- drivers/mmc/core/block.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 32d49100dff5..86efa6084696 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -874,10 +874,11 @@ static const struct block_device_operations mmc_bdops = { static int mmc_blk_part_switch_pre(struct mmc_card *card, unsigned int part_type) { - const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_RPMB; + const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_MASK; + const unsigned int rpmb = EXT_CSD_PART_CONFIG_ACC_RPMB; int ret = 0; - if ((part_type & mask) == mask) { + if ((part_type & mask) == rpmb) { if (card->ext_csd.cmdq_en) { ret = mmc_cmdq_disable(card); if (ret) @@ -892,10 +893,11 @@ static int mmc_blk_part_switch_pre(struct mmc_card *card, static int mmc_blk_part_switch_post(struct mmc_card *card, unsigned int part_type) { - const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_RPMB; + const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_MASK; + const unsigned int rpmb = EXT_CSD_PART_CONFIG_ACC_RPMB; int ret = 0; - if ((part_type & mask) == mask) { + if ((part_type & mask) == rpmb) { mmc_retune_unpause(card->host); if (card->reenable_cmdq && !card->ext_csd.cmdq_en) ret = mmc_cmdq_enable(card); --- base-commit: 5847c9777c303a792202c609bd761dceb60f4eed change-id: 20240306-mmc-partswitch-c3a50b5084ae Best regards, -- Dominique Martinet | Asmadeus

1 year, 3 months

5
11
0 0

[PATCH v4 2/2] of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/dynamic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c index 3bf27052832f..169e2a9ae22f 100644 --- a/drivers/of/dynamic.c +++ b/drivers/of/dynamic.c @@ -9,6 +9,7 @@ #define pr_fmt(fmt) "OF: " fmt +#include <linux/device.h> #include <linux/of.h> #include <linux/spinlock.h> #include <linux/slab.h> @@ -667,6 +668,12 @@ void of_changeset_destroy(struct of_changeset *ocs) { struct of_changeset_entry *ce, *cen; + /* + * Wait for any ongoing device link removals before destroying some of + * nodes. + */ + device_link_wait_removal(); + list_for_each_entry_safe_reverse(ce, cen, &ocs->entries, node) __of_changeset_entry_destroy(ce); } -- 2.43.0

1 year, 3 months

4
3
0 0

[PATCH v4 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..48b28c59c592 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + flush_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 3 months

5
15
0 0

[PATCH wpan] mac802154: fix llsec key resources release in mac802154_llsec_key_del

by Fedor Pchelkin

mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: <TASK> llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0 [<ffffffff81c43865>] kmalloc_trace+0x25/0xc0 [<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0 [<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80 [<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0 [<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0 [<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0 [<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440 [<ffffffff86ff1d88>] genl_rcv+0x28/0x40 [<ffffffff86fec15c>] netlink_unicast+0x53c/0x820 [<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60 [<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0 [<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0 [<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0 [<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0 [<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org). Fixes: 5d637d5aabd8 ("mac802154: add llsec structures and mutators") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- Should the patch be targeted to "net" tree directly? include/net/cfg802154.h | 1 + net/mac802154/llsec.c | 18 +++++++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/include/net/cfg802154.h b/include/net/cfg802154.h index cd95711b12b8..76d2cd2e2b30 100644 --- a/include/net/cfg802154.h +++ b/include/net/cfg802154.h @@ -401,6 +401,7 @@ struct ieee802154_llsec_key { struct ieee802154_llsec_key_entry { struct list_head list; + struct rcu_head rcu; struct ieee802154_llsec_key_id id; struct ieee802154_llsec_key *key; diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 8d2eabc71bbe..f13b07ebfb98 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -265,19 +265,27 @@ int mac802154_llsec_key_add(struct mac802154_llsec *sec, return -ENOMEM; } +static void mac802154_llsec_key_del_rcu(struct rcu_head *rcu) +{ + struct ieee802154_llsec_key_entry *pos; + struct mac802154_llsec_key *mkey; + + pos = container_of(rcu, struct ieee802154_llsec_key_entry, rcu); + mkey = container_of(pos->key, struct mac802154_llsec_key, key); + + llsec_key_put(mkey); + kfree_sensitive(pos); +} + int mac802154_llsec_key_del(struct mac802154_llsec *sec, const struct ieee802154_llsec_key_id *key) { struct ieee802154_llsec_key_entry *pos; list_for_each_entry(pos, &sec->table.keys, list) { - struct mac802154_llsec_key *mkey; - - mkey = container_of(pos->key, struct mac802154_llsec_key, key); - if (llsec_key_id_equal(&pos->id, key)) { list_del_rcu(&pos->list); - llsec_key_put(mkey); + call_rcu(&pos->rcu, mac802154_llsec_key_del_rcu); return 0; } } -- 2.43.2

1 year, 3 months

3
4
0 0

[merged mm-stable] mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been removed from the -mm tree. Its filename was mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Wed, 6 Mar 2024 14:03:56 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_l * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

1 year, 3 months

1
0
0 0

+ mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been added to the -mm mm-unstable branch. Its filename is mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Wed, 6 Mar 2024 14:03:56 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_l * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch

1 year, 3 months

1
0
0 0

[PATCH 6.1 000/215] 6.1.81-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.81 release. There are 215 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.81-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.81-rc1 Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Ard Biesheuvel <ardb+git(a)google.com> efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Ard Biesheuvel <ardb+git(a)google.com> x86/boot: efistub: Assign global boot_params variable Ard Biesheuvel <ardb+git(a)google.com> x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb+git(a)google.com> efi/x86: Avoid physical KASLR on older Dell systems Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Avoid legacy decompressor when doing EFI boot Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Perform SNP feature test while running in the firmware Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Prefer EFI memory attributes protocol over DXE services Ard Biesheuvel <ardb+git(a)google.com> x86/decompressor: Factor out kernel decompression and relocation Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Perform 4/5 level paging switch from the stub Ard Biesheuvel <ardb+git(a)google.com> efi/libstub: Add limit argument to efi_random_alloc() Ard Biesheuvel <ardb+git(a)google.com> efi/libstub: Add memory attribute protocol definitions Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Clear BSS in EFI handover protocol entrypoint Ard Biesheuvel <ardb+git(a)google.com> x86/decompressor: Avoid magic offsets for EFI handover entrypoint Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Simplify and clean up handover entry code Ard Biesheuvel <ardb+git(a)google.com> efi: efivars: prevent double registration Ard Biesheuvel <ardb+git(a)google.com> arm64: efi: Limit allocations to 48-bit addressable physical region Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Ard Biesheuvel <ardb(a)kernel.org> decompress: Use 8 byte alignment Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Move global symbol references to C code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Merge trampoline cleanup with switching code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Pass pgtable address to trampoline directly Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Only call the trampoline when changing paging levels Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Call trampoline directly from C code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Avoid the need for a stack in the 32-bit trampoline Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Use standard calling convention for trampoline Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Call trampoline as a normal function Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Assign paging related global variables earlier Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Store boot_params pointer in callee save register Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Branch straight to kernel entry point from C code Alexander Lobakin <alexandr.lobakin(a)intel.com> x86/boot: Robustify calling startup_{32,64}() from the decompressor code Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Make the deprecated EFI handover protocol optional Johan Hovold <johan+linaro(a)kernel.org> efi: verify that variable services are supported Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_check_sev_cbit() into .text Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_load_idt() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_load_idt() into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Pull global variable reference into startup32_load_idt() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed, efi: Merge multiple definitions of image_offset into one Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_pe_entry() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_entry out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_pe_entry into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move bootargs parsing out of 32-bit startup code Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move 32-bit entrypoint code into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S Ard Biesheuvel <ardb(a)kernel.org> efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/core: Update CMA destination address on rdma_resolve_addr Patrisious Haddad <phaddad(a)nvidia.com> RDMA/core: Refactor rdma_bind_addr Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: continue marking the first subflow as UNCONNECTED Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Neil Armstrong <neil.armstrong(a)linaro.org> Bluetooth: qca: add support for WCN7850 Neil Armstrong <neil.armstrong(a)linaro.org> Bluetooth: qca: use switch case for soc type behavior Luca Weiss <luca.weiss(a)fairphone.com> Bluetooth: btqca: Add WCN3988 support Min-Hua Chen <minhuadotchen(a)gmail.com> Bluetooth: btqca: use le32_to_cpu for ver.soc_id Steev Klimaszewski <steev(a)kali.org> Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Bluetooth: hci_qca: mark OF related data as maybe unused Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <linux(a)rempel-privat.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: don't force huge page alignment on 32 bit Gustavo A. R. Silva <gustavoars(a)kernel.org> RDMA/core: Fix multiple -Warray-bounds warnings Manivannan Sadhasivam <mani(a)kernel.org> iommu/arm-smmu-qcom: Limit the SMR groups to 128 Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' Abdun Nihaal <abdun.nihaal(a)gmail.com> fs/ntfs3: Fix NULL dereference in ni_write_inode Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Add length check in indx_get_root Arnd Bergmann <arnd(a)arndb.de> clk: tegra20: fix gcc-7 constant overflow warning Jia-Ju Bai <baijiaju1990(a)gmail.com> fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() Tomas Krcka <krckatom(a)amazon.de> iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any Chunyan Zhang <chunyan.zhang(a)unisoc.com> iommu/sprd: Release dma buffer to avoid memory leak Vicki Pfau <vi(a)endrift.com> Input: xpad - add constants for GIP interface numbers Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: gadget: Properly configure the device for remote wakeup Marek Vasut <marex(a)denx.de> ARM: dts: imx7s: Drop dma-apb interrupt-names Stefan Wahren <stefan.wahren(a)i2se.com> ARM: dts: imx: Adjust dma-apbh node name Xiaowei Bao <xiaowei.bao(a)nxp.com> PCI: layerscape: Add workaround for lost link capabilities during reset Frank Li <Frank.Li(a)nxp.com> PCI: layerscape: Add the endpoint linkup notifier support Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Add missing mutex_destroy() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Make fini symmetric to init Bjorn Helgaas <bhelgaas(a)google.com> net: restore alpha order to Ethernet devices in config Geert Uytterhoeven <geert+renesas(a)glider.be> of: overlay: Reorder struct fragment fields kerneldoc Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Mike Christie <michael.christie(a)oracle.com> scsi: core: Add struct for args to execution functions Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Neil Armstrong <neil.armstrong(a)linaro.org> drm/meson: fix unbind path if HDMI fails to bind Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Documentation/x86/boot.rst | 2 +- Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 4 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx6qdl.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/imx6ul.dtsi | 2 +- arch/arm/boot/dts/imx7s.dtsi | 3 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 + arch/arm64/include/asm/efi.h | 1 + arch/powerpc/platforms/pseries/iommu.c | 156 +++-- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++ arch/x86/Kconfig | 17 + arch/x86/boot/compressed/Makefile | 13 +- arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/efi_mixed.S | 328 +++++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ------ arch/x86/boot/compressed/head_32.S | 38 +- arch/x86/boot/compressed/head_64.S | 593 +++------------- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/mem_encrypt.S | 152 +++- arch/x86/boot/compressed/misc.c | 85 ++- arch/x86/boot/compressed/misc.h | 3 - arch/x86/boot/compressed/pgtable.h | 10 +- arch/x86/boot/compressed/pgtable_64.c | 94 ++- arch/x86/boot/compressed/sev.c | 114 +-- arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 2 + arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 + arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/boot.h | 10 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/efi.h | 14 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 27 +- arch/x86/include/asm/sev.h | 7 + arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/intel.c | 178 ++--- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 +- drivers/bluetooth/btqca.c | 104 ++- drivers/bluetooth/btqca.h | 23 +- drivers/bluetooth/hci_qca.c | 310 +++++++-- drivers/clk/tegra/clk-tegra20.c | 26 +- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/firmware/efi/efi.c | 22 + drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/alignedmem.c | 7 +- drivers/firmware/efi/libstub/arm64-stub.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 2 + drivers/firmware/efi/libstub/efistub.h | 32 +- drivers/firmware/efi/libstub/mem.c | 5 +- drivers/firmware/efi/libstub/randomalloc.c | 17 +- drivers/firmware/efi/libstub/x86-5lvl.c | 95 +++ drivers/firmware/efi/libstub/x86-stub.c | 319 +++++---- drivers/firmware/efi/libstub/x86-stub.h | 17 + drivers/firmware/efi/vars.c | 13 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 + drivers/gpu/drm/drm_buddy.c | 10 + drivers/gpu/drm/meson/meson_drv.c | 23 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/tegra/drm.c | 23 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma.c | 255 +++---- drivers/infiniband/core/cma_trace.h | 2 +- drivers/infiniband/core/user_mad.c | 23 +- drivers/input/joystick/xpad.c | 5 +- drivers/interconnect/core.c | 18 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 16 +- drivers/iommu/sprd-iommu.c | 29 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/Kconfig | 2 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 +- drivers/of/overlay.c | 2 +- drivers/of/property.c | 2 +- drivers/pci/controller/dwc/pci-layerscape-ep.c | 119 +++- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/scsi/scsi_lib.c | 52 +- drivers/scsi/sd.c | 26 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/usb/gadget/composite.c | 18 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/gadget/udc/core.c | 27 + drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/video/fbdev/core/fbcon.c | 8 +- drivers/xen/events/events_base.c | 5 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/btrfs/disk-io.c | 22 +- fs/btrfs/disk-io.h | 2 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/efivarfs/vars.c | 17 +- fs/exportfs/expfs.c | 8 +- fs/lockd/svc4proc.c | 1 + fs/lockd/svclock.c | 17 +- fs/lockd/svcproc.c | 1 + fs/lockd/svcsubs.c | 4 +- fs/locks.c | 24 +- fs/nfs/nfs4trace.h | 6 +- fs/nfs/nfstrace.h | 6 +- fs/nfs/write.c | 4 +- fs/nfsd/Kconfig | 19 +- fs/nfsd/Makefile | 5 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 39 +- fs/nfsd/flexfilelayout.c | 1 + fs/nfsd/netns.h | 2 +- fs/nfsd/nfs4callback.c | 72 ++ fs/nfsd/nfs4idmap.c | 1 + fs/nfsd/nfs4proc.c | 31 +- fs/nfsd/nfs4state.c | 316 ++++++--- fs/nfsd/nfs4xdr.c | 771 +++++++++++---------- fs/nfsd/nfsctl.c | 13 +- fs/nfsd/nfsd.h | 9 +- fs/nfsd/nfsfh.h | 10 +- fs/nfsd/nfsproc.c | 66 +- fs/nfsd/nfssvc.c | 8 +- fs/nfsd/state.h | 11 +- fs/nfsd/trace.h | 106 +++ fs/nfsd/vfs.c | 64 +- fs/nfsd/vfs.h | 1 + fs/nfsd/xdr4.h | 5 + fs/nfsd/xdr4cb.h | 6 + fs/ntfs3/frecord.c | 5 +- fs/ntfs3/fsntfs.c | 1 + fs/ntfs3/index.c | 11 +- include/linux/bvec.h | 2 +- include/linux/decompress/mm.h | 2 +- include/linux/efi.h | 1 + include/linux/fs.h | 14 + include/linux/netfilter.h | 4 + include/linux/nfs4.h | 13 + include/linux/usb/composite.h | 2 + include/linux/usb/gadget.h | 8 + include/net/ipv6_stubs.h | 5 + include/net/mctp.h | 1 + include/net/netfilter/nf_conntrack.h | 8 + include/scsi/scsi_device.h | 52 +- include/trace/events/rpcgss.h | 2 +- include/trace/events/rpcrdma.h | 4 +- include/trace/events/sunrpc.h | 2 +- include/trace/{events => misc}/fs.h | 0 include/trace/{events => misc}/nfs.h | 12 + include/trace/{events => misc}/rdma.h | 0 .../trace/{events/sunrpc_base.h => misc/sunrpc.h} | 0 include/uapi/linux/bpf.h | 31 +- include/uapi/linux/in6.h | 2 +- lib/nlattr.c | 4 + mm/huge_memory.c | 4 + net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 + net/core/filter.c | 30 +- net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mctp/route.c | 10 +- net/mptcp/diag.c | 5 +- net/mptcp/pm_netlink.c | 48 +- net/mptcp/pm_userspace.c | 12 +- net/mptcp/protocol.c | 56 +- net/mptcp/protocol.h | 13 +- net/mptcp/subflow.c | 15 +- net/netfilter/core.c | 16 + net/netfilter/nf_conntrack_core.c | 13 + net/netfilter/nf_conntrack_proto_tcp.c | 35 + net/netfilter/nf_tables_api.c | 7 + net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 11 +- net/unix/garbage.c | 21 +- net/wireless/nl80211.c | 2 + security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + tools/include/uapi/linux/bpf.h | 31 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 + 223 files changed, 4349 insertions(+), 2418 deletions(-)

1 year, 3 months

13
229
0 0

[PATCH 6.6 000/143] 6.6.21-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.21 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.21-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.21-rc1 Danilo Krummrich <dakr(a)redhat.com> drm/nouveau: don't fini scheduler before entity flush Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: rm subflow with v4/v4mapped addr Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_is_v6 Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: update userspace pm test helpers Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add chk_subflows_total helper Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add evts_get_info helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: use correct function name for resetting TCE tables Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Ensure safe user copy of completion record Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Remove shadow Event Log head stored in idxd Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Add HDMA remote interrupt configuration Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix the ch_count hdma callback Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix potential wake-up event loss Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid printing warning once on client side Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix iopt_access_list_id overwrite bug Nathan Chancellor <nathan(a)kernel.org> kbuild: Add -Wa,--fatal-warnings to as-instr invocation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Nathan Chancellor <nathan(a)kernel.org> RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Rob Clark <robdclark(a)chromium.org> soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin <tsung-hua.lin(a)amd.com> drm/amd/display: Add monitor patch for specific eDP Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Elad Nachman <enachman(a)marvell.com> mtd: rawnand: marvell: fix layouts Nhat Pham <nphamcs(a)gmail.com> mm: cachestat: fix folio read-after-free in cache walk Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Willian Wang <git(a)willian.wang> ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Gergo Koteles <soyer(a)irl.hu> ALSA: hda/realtek: tas2781: enable subwoofer volume control Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between ordered extent completion and fiemap Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix pte_leaf_size() for NAPOT Alexandre Ghiti <alexghiti(a)rivosinc.com> Revert "riscv: mm: support Svnapot in huge vmap" Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: ctr_get_width function for legacy is not defined Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: added capabilities for legacy PMU David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Conor Dooley <conor(a)kernel.org> RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix for initializing ASP1 mixer registers Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Don't add the same register patch multiple times Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Colin Ian King <colin.i.king(a)gmail.com> ASoC: qcom: Fix uninitialized pointer dmactl Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: qcom: convert not to use asoc_xxx() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc.h: convert asoc_xxx() to snd_soc_xxx() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <o.rempel(a)pengutronix.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix handling of multiple mcast groups Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix triggering coredump implementation Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <o.rempel(a)pengutronix.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Ming Lei <ming.lei(a)redhat.com> ublk: move ublk_cancel_dev() out of ub->mutex Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong allocation size update in smb2_open() Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l34: Fix GPIO name and drop legacy include Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> ubifs: fix possible dereference after free Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking ------------- Diffstat: Documentation/arch/x86/mds.rst | 34 +++- Makefile | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 ++ arch/powerpc/include/asm/rtas.h | 4 +- arch/powerpc/kernel/rtas.c | 9 +- arch/powerpc/platforms/pseries/iommu.c | 156 +++++++++++------ arch/riscv/Kconfig | 1 - arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/hugetlb.h | 2 + arch/riscv/include/asm/pgtable.h | 6 +- arch/riscv/include/asm/vmalloc.h | 61 +------ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cpufeature.c | 15 ++ arch/riscv/kernel/return_address.c | 48 +++++ arch/riscv/mm/hugetlbpage.c | 2 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 -- arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++--------- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 20 ++- drivers/block/ublk_drv.c | 40 +++-- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/hci_bcm4377.c | 3 +- drivers/bluetooth/hci_qca.c | 22 ++- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/dw-edma/dw-edma-v0-core.c | 17 ++ drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +++-- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 +- drivers/dma/fsl-edma-common.c | 2 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/dma/idxd/cdev.c | 2 +- drivers/dma/idxd/debugfs.c | 2 +- drivers/dma/idxd/idxd.h | 1 - drivers/dma/idxd/init.c | 15 +- drivers/dma/idxd/irq.c | 3 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 +++ drivers/gpu/drm/drm_buddy.c | 10 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +- drivers/gpu/drm/tegra/drm.c | 23 ++- drivers/iommu/iommufd/io_pagetable.c | 9 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 +++ drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 18 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 ++--- drivers/of/property.c | 2 +- drivers/perf/riscv_pmu.c | 18 +- drivers/perf/riscv_pmu_legacy.c | 10 +- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/pmdomain/qcom/rpmhpd.c | 7 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/pmic_glink.c | 21 +-- drivers/spi/spi-cadence-quadspi.c | 6 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/btrfs/disk-io.c | 22 +-- fs/btrfs/disk-io.h | 2 +- fs/btrfs/extent_io.c | 165 ++++++++++++++--- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/efivarfs/vars.c | 17 +- fs/nfs/write.c | 4 +- fs/smb/server/smb2pdu.c | 36 ++-- fs/ubifs/tnc.c | 1 + include/linux/bvec.h | 2 +- include/linux/netfilter.h | 1 + include/net/mctp.h | 1 + include/sound/soc-card.h | 6 +- include/sound/soc.h | 42 +++-- include/uapi/linux/in6.h | 2 +- lib/nlattr.c | 4 + mm/debug_vm_pgtable.c | 8 + mm/filemap.c | 51 +++--- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 ++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++++ net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 +- net/mctp/route.c | 10 +- net/mptcp/diag.c | 3 + net/mptcp/options.c | 2 +- net/mptcp/pm_userspace.c | 10 ++ net/mptcp/protocol.c | 52 +++++- net/mptcp/protocol.h | 21 +-- net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 40 +++-- net/unix/garbage.c | 21 +-- net/wireless/nl80211.c | 2 + scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/core/ump.c | 4 +- sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 32 +++- sound/soc/codecs/cs35l34.c | 4 +- sound/soc/codecs/cs35l56-shared.c | 8 +- sound/soc/codecs/cs35l56.c | 195 ++++++++++++++++++--- sound/soc/codecs/cs35l56.h | 1 + sound/soc/fsl/fsl_xcvr.c | 12 +- sound/soc/qcom/apq8016_sbc.c | 8 +- sound/soc/qcom/apq8096.c | 8 +- sound/soc/qcom/common.c | 6 +- sound/soc/qcom/lpass-cdc-dma.c | 18 +- sound/soc/qcom/lpass-platform.c | 50 +++--- sound/soc/qcom/qdsp6/q6apm-dai.c | 4 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 10 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/qcom/sc7180.c | 18 +- sound/soc/qcom/sc7280.c | 26 +-- sound/soc/qcom/sc8280xp.c | 8 +- sound/soc/qcom/sdm845.c | 36 ++-- sound/soc/qcom/sdw.c | 6 +- sound/soc/qcom/sm8250.c | 10 +- sound/soc/qcom/storm.c | 4 +- sound/soc/soc-card.c | 24 ++- sound/soc/soc-utils.c | 4 +- tools/net/ynl/lib/ynl.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 192 ++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 ++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 +++++---- 153 files changed, 1900 insertions(+), 904 deletions(-)

1 year, 3 months

12
155
0 0

[PATCH v4] USB:UAS:return ENODEV when submit urbs fail with device not attached

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v3->v4 - remove unused variable declaration in function uas_submit_urbs. drivers/usb/storage/uas.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..5930cfc03111 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 3 months

1
0
0 0

[PATCH v3] USB:UAS:return ENODEV when submit urbs fail with device not attached

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v2->v3 - Modify the description of this patch. - An error is returned directly when submitting URB fails. drivers/usb/storage/uas.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..689396777b6f 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,16 +541,15 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, @@ -562,9 +561,9 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +571,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +581,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +591,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +601,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +610,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +620,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +697,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 3 months

4
3
0 0

[PATCH STABLE v5.15.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c7d5566623ad..c37af50f312d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -424,8 +424,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH STABLE v5.10.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index fcb7eb6a6eca..c0a8f3c9e256 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -447,8 +447,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH STABLE v5.4.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index 034b0662fd3b..9cfd53eaeb4e 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -441,8 +441,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

1
0
0 0

[REGRESSION] kexec does firmware reboot in kernel v6.7.6

by Pavin Joseph

Hello everyone, #regzbot introduced v6.7.5..v6.7.6 I'm experiencing an issue where kexec does a full firmware reboot instead of kexec reboot. Issue first submitted at OpenSuse bugzilla [0]. OS details as follows: Distributor ID: openSUSE Description: openSUSE Tumbleweed-Slowroll Release: 20240213 Issue has been reproduced by building kernel from source. kexec works as expected in kernel v6.7.5. kexec does full firmware reboot in kernel v6.7.6. I followed the docs here [1] to perform git bisect and find the culprit, hope it's alright as I'm quite out of my depth here. Git bisect logs: git bisect start # status: waiting for both good and bad commits # bad: [b631f5b445dc3379f67ff63a2e4c58f22d4975dc] Linux 6.7.6 git bisect bad b631f5b445dc3379f67ff63a2e4c58f22d4975dc # status: waiting for good commit(s), bad commit known # good: [004dcea13dc10acaf1486d9939be4c793834c13c] Linux 6.7.5 git bisect good 004dcea13dc10acaf1486d9939be4c793834c13c Let me know if there's anything else I can do to help troubleshoot the issue. [0]: https://bugzilla.suse.com/show_bug.cgi?id=1220541 [1]: https://docs.kernel.org/admin-guide/bug-bisect.html Kind regards, Pavin Joseph.

1 year, 3 months

3
12
0 0

Linux 6.7.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.9 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/x86/mds.rst | 38 +- Makefile | 2 arch/arm64/crypto/aes-neonbs-glue.c | 11 arch/powerpc/include/asm/rtas.h | 4 arch/powerpc/kernel/rtas.c | 9 arch/powerpc/platforms/pseries/iommu.c | 156 +++++++---- arch/riscv/Kconfig | 1 arch/riscv/include/asm/csr.h | 2 arch/riscv/include/asm/ftrace.h | 5 arch/riscv/include/asm/hugetlb.h | 2 arch/riscv/include/asm/pgalloc.h | 20 + arch/riscv/include/asm/pgtable-64.h | 2 arch/riscv/include/asm/pgtable.h | 6 arch/riscv/include/asm/vmalloc.h | 61 ---- arch/riscv/kernel/Makefile | 2 arch/riscv/kernel/cpufeature.c | 17 + arch/riscv/kernel/return_address.c | 48 +++ arch/riscv/mm/hugetlbpage.c | 2 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 11 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/nospec-branch.h | 12 arch/x86/kernel/cpu/bugs.c | 15 - arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/cpu/intel.c | 178 ++++++------ arch/x86/kernel/e820.c | 8 arch/x86/kernel/nmi.c | 3 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 20 + drivers/bluetooth/btqca.c | 2 drivers/bluetooth/hci_bcm4377.c | 3 drivers/bluetooth/hci_qca.c | 22 + drivers/cpufreq/intel_pstate.c | 3 drivers/dma/dw-edma/dw-edma-v0-core.c | 17 + drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 drivers/dma/fsl-edma-common.c | 2 drivers/dma/fsl-qdma.c | 21 - drivers/dma/idxd/cdev.c | 2 drivers/dma/idxd/debugfs.c | 2 drivers/dma/idxd/idxd.h | 1 drivers/dma/idxd/init.c | 15 - drivers/dma/idxd/irq.c | 3 drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 ++ drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 9 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 9 drivers/gpu/drm/drm_buddy.c | 10 drivers/gpu/drm/nouveau/nouveau_drm.c | 5 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 drivers/gpu/drm/tegra/drm.c | 23 + drivers/gpu/host1x/dev.c | 15 - drivers/gpu/host1x/dev.h | 6 drivers/iommu/iommufd/io_pagetable.c | 9 drivers/iommu/iommufd/selftest.c | 27 + drivers/mfd/twl6030-irq.c | 10 drivers/mmc/core/mmc.c | 2 drivers/mmc/host/mmci_stm32_sdmmc.c | 24 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++- drivers/mtd/nand/raw/marvell_nand.c | 13 drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/freescale/fman/fman_memac.c | 18 - drivers/net/ethernet/intel/ice/ice_dpll.c | 91 +++++- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 5 drivers/net/veth.c | 40 +- drivers/of/property.c | 2 drivers/perf/riscv_pmu.c | 18 - drivers/perf/riscv_pmu_legacy.c | 10 drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 drivers/phy/qualcomm/phy-qcom-m31.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 10 drivers/pmdomain/arm/scmi_perf_domain.c | 3 drivers/pmdomain/qcom/rpmhpd.c | 7 drivers/power/supply/Kconfig | 1 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/pmic_glink.c | 21 - drivers/spi/spi-cadence-quadspi.c | 11 drivers/video/fbdev/core/fbcon.c | 8 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 + fs/btrfs/disk-io.c | 22 - fs/btrfs/disk-io.h | 2 fs/btrfs/extent_io.c | 103 ++++++- fs/btrfs/ioctl.c | 2 fs/btrfs/send.c | 17 - fs/btrfs/transaction.c | 2 fs/ceph/mdsmap.c | 7 fs/ceph/mdsmap.h | 6 fs/efivarfs/vars.c | 17 - fs/nfs/write.c | 4 include/linux/bvec.h | 2 include/linux/netfilter.h | 1 include/net/mctp.h | 1 include/sound/soc-card.h | 2 include/uapi/linux/in6.h | 2 kernel/trace/fprobe.c | 14 - lib/nlattr.c | 4 mm/debug_vm_pgtable.c | 8 mm/filemap.c | 51 +-- mm/migrate.c | 8 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/hci_sync.c | 7 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 ++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/rtnetlink.c | 11 net/hsr/hsr_forward.c | 2 net/ipv4/ip_tunnel.c | 28 +- net/ipv6/addrconf.c | 7 net/mctp/route.c | 10 net/mptcp/diag.c | 3 net/mptcp/options.c | 2 net/mptcp/pm_userspace.c | 10 net/mptcp/protocol.c | 52 +++ net/mptcp/protocol.h | 21 - net/netfilter/nf_conntrack_core.c | 1 net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 net/tls/tls_sw.c | 40 ++ net/unix/garbage.c | 21 - net/wireless/nl80211.c | 2 scripts/Kconfig.include | 2 scripts/Makefile.compiler | 2 security/landlock/fs.c | 4 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/core/ump.c | 4 sound/firewire/amdtp-stream.c | 2 sound/pci/hda/patch_realtek.c | 33 ++ sound/soc/codecs/cs35l45.c | 2 sound/soc/codecs/cs35l56-shared.c | 8 sound/soc/codecs/cs35l56.c | 195 ++++++++++++- sound/soc/codecs/cs35l56.h | 1 sound/soc/fsl/fsl_xcvr.c | 12 sound/soc/qcom/lpass-cdc-dma.c | 2 sound/soc/soc-card.c | 24 + tools/net/ynl/lib/ynl.c | 1 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 196 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 + tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 ++---- 158 files changed, 1877 insertions(+), 812 deletions(-) Alex Deucher (1): Revert "drm/amd/pm: resolve reboot exception for si oland" Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Alexander Stein (1): phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Alexandre Ghiti (3): riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Revert "riscv: mm: support Svnapot in huge vmap" riscv: Fix pte_leaf_size() for NAPOT Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Aneesh Kumar K.V (IBM) (1): mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Ard Biesheuvel (1): crypto: arm64/neonbs - fix out-of-bounds access on short input Arkadiusz Kubalewski (4): ice: fix dpll input pin phase_adjust value updates ice: fix dpll and dpll_pin data access on PF reset ice: fix dpll periodic work data updates on PF reset ice: fix pin phase adjust updates on PF reset Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Byungchul Park (1): mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Colin Ian King (1): ASoC: qcom: Fix uninitialized pointer dmactl Conor Dooley (1): RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Cristian Marussi (1): pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization Dan Carpenter (1): ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Danilo Krummrich (1): drm/nouveau: don't fini scheduler before entity flush David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Dmitry Baryshkov (1): phy: qcom-qmp-usb: fix v3 offsets data Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Elad Nachman (3): mtd: rawnand: marvell: fix layouts mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eniac Zhang (1): ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Fenghua Yu (2): dmaengine: idxd: Remove shadow Event Log head stored in idxd dmaengine: idxd: Ensure safe user copy of completion record Filipe Manana (3): btrfs: fix race between ordered extent completion and fiemap btrfs: fix double free of anonymous device after snapshot creation failure btrfs: send: don't issue unnecessary zero writes for trailing hole Florian Westphal (3): netlink: add nla be16/32 types to minlen array net: ip_tunnel: prevent perpetual headroom growth netfilter: bridge: confirm multicast packets before passing them up the stack Gaurav Batra (1): powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Geliang Tang (7): mptcp: map v4 address to v6 when destroying subflow selftests: mptcp: join: add ss mptcp support check selftests: mptcp: add evts_get_info helper selftests: mptcp: add chk_subflows_total helper selftests: mptcp: update userspace pm test helpers selftests: mptcp: add mptcp_lib_is_v6 selftests: mptcp: rm subflow with v4/v4mapped addr Gergo Koteles (1): ALSA: hda/realtek: tas2781: enable subwoofer volume control Greg Kroah-Hartman (1): Linux 6.7.9 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans Peter (1): ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (3): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory tools: ynl: fix handling of multiple mcast groups Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Janaki Ramaiah Thota (1): Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jay Ajit Mate (1): ALSA: hda/realtek: Fix top speaker connection on Dell Inspiron 16 Plus 7630 Jeremy Kerr (1): net: mctp: take ownership of skb in mctp_local_output Jiri Bohac (1): x86/e820: Don't reserve SETUP_RNG_SEED in e820 Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Jisheng Zhang (1): riscv: tlb: fix __p*d_free_tlb() Johan Hovold (1): Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Jonas Dreßler (1): Bluetooth: hci_sync: Check the correct flag before starting a scan Joy Zou (1): dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Kory Maincent (6): dmaengine: dw-edma: Fix the ch_count hdma callback dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix dmaengine: dw-edma: Add HDMA remote interrupt configuration dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kuniyuki Iwashima (2): af_unix: Fix task hung while purging oob_skb in GC. af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix accept_list when attempting to suspend Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Lukasz Majewski (1): net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Ma Jun (1): drm/amdgpu/pm: Fix the power1_min_cap value Masami Hiramatsu (Google) (1): fprobe: Fix to allocate entry_data_size buffer with rethook instances Matthew Auld (1): drm/buddy: fix range bias Matthieu Baerts (NGI0) (1): mptcp: avoid printing warning once on client side Mickaël Salaün (1): landlock: Fix asymmetric private inodes referring Mikko Perttunen (1): gpu: host1x: Skip reset assert on Tegra186 Ming Lei (1): block: define bvec_iter as __packed __aligned(4) Nathan Chancellor (2): RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH kbuild: Add -Wa,--fatal-warnings to as-instr invocation Nathan Lynch (1): powerpc/rtas: use correct function name for resetting TCE tables NeilBrown (1): NFS: Fix data corruption caused by congestion. Nhat Pham (1): mm: cachestat: fix folio read-after-free in cache walk Nicolin Chen (2): iommufd: Fix iopt_access_list_id overwrite bug iommufd: Fix protection fault in iommufd_test_syz_conv_iova Oleksij Rempel (3): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: lan78xx: fix "softirq work is pending" error igb: extend PTP timestamp adjustments to i211 Paolo Abeni (4): mptcp: push at DSS boundaries mptcp: fix snd_wnd initialization for passive socket mptcp: fix potential wake-up event loss mptcp: fix possible deadlock in subflow diag Paolo Bonzini (2): x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Pawan Gupta (5): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Peter Ujfalusi (1): mfd: twl6030-irq: Revert to use of_match_device() Richard Fitzgerald (8): ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp ASoC: cs35l56: Don't add the same register patch multiple times ASoC: cs35l56: Fix for initializing ASP1 mixer registers ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Rob Clark (1): soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin (1): drm/amd/display: Add monitor patch for specific eDP Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (4): tls: decrement decrypt_pending if no async completion will be called tls: fix peeking with sync+async decryption tls: separate no-async decryption request handling from async tls: fix use-after-free on failed backlog decryption Samuel Holland (1): riscv: Fix enabling cbo.zero when running in M-mode Saravana Kannan (1): of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Sid Pranjale (1): drm/nouveau: keep DMA buffers required for suspend/resume Srinivasan Shanmugam (1): drm/amd/display: Prevent potential buffer overflow in map_hw_resources Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (2): ALSA: Drop leftover snd-rtctimer stuff from Makefile ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Thierry Reding (1): drm/tegra: Remove existing framebuffer only if we support display Thomas Weißschuh (1): power: supply: mm8013: select REGMAP_I2C Théo Lebrun (2): spi: cadence-qspi: fix pointer reference in runtime PM hooks spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Vadim Shakirov (2): drivers: perf: added capabilities for legacy PMU drivers: perf: ctr_get_width function for legacy is not defined Vladimir Oltean (1): net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Willian Wang (1): ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Xiubo Li (1): ceph: switch to corrected encoding of max_xattr_size in mdsmap Yang Yingliang (1): phy: qcom: phy-qcom-m31: fix wrong pointer pass to PTR_ERR() Yangyu Chen (1): riscv: mm: fix NOCACHE_THEAD does not set bit[61] correctly Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yochai Hagvi (1): ice: fix connection state of DPLL and out pin Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (3): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: qca: Fix wrong event type for patch config command Bluetooth: qca: Fix triggering coredump implementation Zong Li (1): riscv: add CALLER_ADDRx support

1 year, 3 months

1
1
0 0

Linux 6.6.21

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.21 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/x86/mds.rst | 38 +- Makefile | 2 arch/arm64/crypto/aes-neonbs-glue.c | 11 arch/powerpc/include/asm/rtas.h | 4 arch/powerpc/kernel/rtas.c | 9 arch/powerpc/platforms/pseries/iommu.c | 156 +++++++---- arch/riscv/Kconfig | 1 arch/riscv/include/asm/ftrace.h | 5 arch/riscv/include/asm/hugetlb.h | 2 arch/riscv/include/asm/pgtable.h | 6 arch/riscv/include/asm/vmalloc.h | 61 ---- arch/riscv/kernel/Makefile | 2 arch/riscv/kernel/cpufeature.c | 15 + arch/riscv/kernel/return_address.c | 48 +++ arch/riscv/mm/hugetlbpage.c | 2 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 11 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/nospec-branch.h | 12 arch/x86/kernel/cpu/bugs.c | 15 - arch/x86/kernel/cpu/intel.c | 178 ++++++------ arch/x86/kernel/e820.c | 8 arch/x86/kernel/nmi.c | 3 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 20 + drivers/block/ublk_drv.c | 40 +- drivers/bluetooth/btqca.c | 2 drivers/bluetooth/hci_bcm4377.c | 3 drivers/bluetooth/hci_qca.c | 22 + drivers/cpufreq/intel_pstate.c | 3 drivers/dma/dw-edma/dw-edma-v0-core.c | 17 + drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 drivers/dma/fsl-edma-common.c | 2 drivers/dma/fsl-qdma.c | 21 - drivers/dma/idxd/cdev.c | 2 drivers/dma/idxd/debugfs.c | 2 drivers/dma/idxd/idxd.h | 1 drivers/dma/idxd/init.c | 15 - drivers/dma/idxd/irq.c | 3 drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 ++ drivers/gpu/drm/drm_buddy.c | 10 drivers/gpu/drm/nouveau/nouveau_drm.c | 5 drivers/gpu/drm/tegra/drm.c | 23 + drivers/iommu/iommufd/io_pagetable.c | 9 drivers/mmc/core/mmc.c | 2 drivers/mmc/host/mmci_stm32_sdmmc.c | 24 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++- drivers/mtd/nand/raw/marvell_nand.c | 13 drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/freescale/fman/fman_memac.c | 18 - drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 5 drivers/net/veth.c | 40 +- drivers/of/property.c | 2 drivers/perf/riscv_pmu.c | 18 - drivers/perf/riscv_pmu_legacy.c | 10 drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 drivers/pmdomain/qcom/rpmhpd.c | 7 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/pmic_glink.c | 21 - drivers/spi/spi-cadence-quadspi.c | 6 drivers/video/fbdev/core/fbcon.c | 8 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 + fs/btrfs/disk-io.c | 22 - fs/btrfs/disk-io.h | 2 fs/btrfs/extent_io.c | 103 ++++++- fs/btrfs/ioctl.c | 2 fs/btrfs/send.c | 17 - fs/btrfs/transaction.c | 2 fs/efivarfs/vars.c | 17 - fs/nfs/write.c | 4 fs/smb/server/smb2pdu.c | 36 +- fs/ubifs/tnc.c | 1 include/linux/bvec.h | 2 include/linux/netfilter.h | 1 include/net/mctp.h | 1 include/sound/soc-card.h | 6 include/sound/soc.h | 42 ++- include/uapi/linux/in6.h | 2 lib/nlattr.c | 4 mm/debug_vm_pgtable.c | 8 mm/filemap.c | 51 +-- net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/hci_sync.c | 7 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 ++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/rtnetlink.c | 11 net/hsr/hsr_forward.c | 2 net/ipv4/ip_tunnel.c | 28 +- net/ipv6/addrconf.c | 7 net/mctp/route.c | 10 net/mptcp/diag.c | 3 net/mptcp/options.c | 2 net/mptcp/pm_userspace.c | 10 net/mptcp/protocol.c | 52 +++ net/mptcp/protocol.h | 21 - net/netfilter/nf_conntrack_core.c | 1 net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 net/tls/tls_sw.c | 40 ++ net/unix/garbage.c | 21 - net/wireless/nl80211.c | 2 scripts/Kconfig.include | 2 scripts/Makefile.compiler | 2 security/landlock/fs.c | 4 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/core/ump.c | 4 sound/firewire/amdtp-stream.c | 2 sound/pci/hda/patch_realtek.c | 32 ++ sound/soc/codecs/cs35l34.c | 4 sound/soc/codecs/cs35l56-shared.c | 8 sound/soc/codecs/cs35l56.c | 195 ++++++++++++- sound/soc/codecs/cs35l56.h | 1 sound/soc/fsl/fsl_xcvr.c | 12 sound/soc/qcom/apq8016_sbc.c | 8 sound/soc/qcom/apq8096.c | 8 sound/soc/qcom/common.c | 6 sound/soc/qcom/lpass-cdc-dma.c | 18 - sound/soc/qcom/lpass-platform.c | 50 +-- sound/soc/qcom/qdsp6/q6apm-dai.c | 4 sound/soc/qcom/qdsp6/q6asm-dai.c | 10 sound/soc/qcom/qdsp6/q6routing.c | 4 sound/soc/qcom/sc7180.c | 18 - sound/soc/qcom/sc7280.c | 26 - sound/soc/qcom/sc8280xp.c | 8 sound/soc/qcom/sdm845.c | 36 +- sound/soc/qcom/sdw.c | 6 sound/soc/qcom/sm8250.c | 10 sound/soc/qcom/storm.c | 4 sound/soc/soc-card.c | 24 + sound/soc/soc-utils.c | 4 tools/net/ynl/lib/ynl.c | 1 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 196 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 + tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 ++---- 153 files changed, 1855 insertions(+), 887 deletions(-) Alex Deucher (1): Revert "drm/amd/pm: resolve reboot exception for si oland" Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Alexander Stein (1): phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Alexandre Ghiti (3): riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Revert "riscv: mm: support Svnapot in huge vmap" riscv: Fix pte_leaf_size() for NAPOT Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Aneesh Kumar K.V (IBM) (1): mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Ard Biesheuvel (1): crypto: arm64/neonbs - fix out-of-bounds access on short input Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Colin Ian King (1): ASoC: qcom: Fix uninitialized pointer dmactl Conor Dooley (1): RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization Dan Carpenter (1): ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Danilo Krummrich (1): drm/nouveau: don't fini scheduler before entity flush David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Elad Nachman (3): mtd: rawnand: marvell: fix layouts mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eniac Zhang (1): ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Fenghua Yu (2): dmaengine: idxd: Remove shadow Event Log head stored in idxd dmaengine: idxd: Ensure safe user copy of completion record Filipe Manana (3): btrfs: fix race between ordered extent completion and fiemap btrfs: fix double free of anonymous device after snapshot creation failure btrfs: send: don't issue unnecessary zero writes for trailing hole Florian Westphal (3): netlink: add nla be16/32 types to minlen array net: ip_tunnel: prevent perpetual headroom growth netfilter: bridge: confirm multicast packets before passing them up the stack Gaurav Batra (1): powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Geliang Tang (7): mptcp: map v4 address to v6 when destroying subflow selftests: mptcp: join: add ss mptcp support check selftests: mptcp: add evts_get_info helper selftests: mptcp: add chk_subflows_total helper selftests: mptcp: update userspace pm test helpers selftests: mptcp: add mptcp_lib_is_v6 selftests: mptcp: rm subflow with v4/v4mapped addr Gergo Koteles (1): ALSA: hda/realtek: tas2781: enable subwoofer volume control Greg Kroah-Hartman (1): Linux 6.6.21 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans Peter (1): ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (3): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory tools: ynl: fix handling of multiple mcast groups Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Janaki Ramaiah Thota (1): Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jeremy Kerr (1): net: mctp: take ownership of skb in mctp_local_output Jiri Bohac (1): x86/e820: Don't reserve SETUP_RNG_SEED in e820 Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Johan Hovold (1): Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Jonas Dreßler (1): Bluetooth: hci_sync: Check the correct flag before starting a scan Joy Zou (1): dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Konstantin Meskhidze (1): ubifs: fix possible dereference after free Kory Maincent (6): dmaengine: dw-edma: Fix the ch_count hdma callback dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix dmaengine: dw-edma: Add HDMA remote interrupt configuration dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kuninori Morimoto (2): ASoC: soc.h: convert asoc_xxx() to snd_soc_xxx() ASoC: qcom: convert not to use asoc_xxx() Kuniyuki Iwashima (2): af_unix: Fix task hung while purging oob_skb in GC. af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Linus Walleij (1): ASoC: cs35l34: Fix GPIO name and drop legacy include Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix accept_list when attempting to suspend Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Lukasz Majewski (1): net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Matthew Auld (1): drm/buddy: fix range bias Matthieu Baerts (NGI0) (1): mptcp: avoid printing warning once on client side Mickaël Salaün (1): landlock: Fix asymmetric private inodes referring Ming Lei (2): ublk: move ublk_cancel_dev() out of ub->mutex block: define bvec_iter as __packed __aligned(4) Namjae Jeon (1): ksmbd: fix wrong allocation size update in smb2_open() Nathan Chancellor (2): RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH kbuild: Add -Wa,--fatal-warnings to as-instr invocation Nathan Lynch (1): powerpc/rtas: use correct function name for resetting TCE tables NeilBrown (1): NFS: Fix data corruption caused by congestion. Nhat Pham (1): mm: cachestat: fix folio read-after-free in cache walk Nicolin Chen (1): iommufd: Fix iopt_access_list_id overwrite bug Oleksij Rempel (3): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: lan78xx: fix "softirq work is pending" error igb: extend PTP timestamp adjustments to i211 Paolo Abeni (4): mptcp: push at DSS boundaries mptcp: fix snd_wnd initialization for passive socket mptcp: fix potential wake-up event loss mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Pawan Gupta (5): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Richard Fitzgerald (8): ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp ASoC: cs35l56: Don't add the same register patch multiple times ASoC: cs35l56: Fix for initializing ASP1 mixer registers ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Rob Clark (1): soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin (1): drm/amd/display: Add monitor patch for specific eDP Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (4): tls: decrement decrypt_pending if no async completion will be called tls: fix peeking with sync+async decryption tls: separate no-async decryption request handling from async tls: fix use-after-free on failed backlog decryption Saravana Kannan (1): of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (2): ALSA: Drop leftover snd-rtctimer stuff from Makefile ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Thierry Reding (1): drm/tegra: Remove existing framebuffer only if we support display Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Vadim Shakirov (2): drivers: perf: added capabilities for legacy PMU drivers: perf: ctr_get_width function for legacy is not defined Vladimir Oltean (1): net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Willian Wang (1): ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (3): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: qca: Fix wrong event type for patch config command Bluetooth: qca: Fix triggering coredump implementation Zong Li (1): riscv: add CALLER_ADDRx support

1 year, 3 months

1
1
0 0

Linux 6.1.81

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.81 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/x86/boot.rst | 2 Documentation/x86/mds.rst | 38 MAINTAINERS | 7 Makefile | 2 arch/arm/boot/dts/imx23.dtsi | 2 arch/arm/boot/dts/imx28.dtsi | 2 arch/arm/boot/dts/imx6qdl.dtsi | 2 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/arm/boot/dts/imx6ul.dtsi | 2 arch/arm/boot/dts/imx7s.dtsi | 3 arch/arm64/crypto/aes-neonbs-glue.c | 11 arch/arm64/include/asm/efi.h | 1 arch/powerpc/platforms/pseries/iommu.c | 156 ++- arch/riscv/include/asm/ftrace.h | 5 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/Makefile | 2 arch/riscv/kernel/return_address.c | 48 arch/x86/Kconfig | 17 arch/x86/boot/compressed/Makefile | 13 arch/x86/boot/compressed/acpi.c | 14 arch/x86/boot/compressed/cmdline.c | 4 arch/x86/boot/compressed/efi_mixed.S | 328 ++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ---- arch/x86/boot/compressed/head_32.S | 38 arch/x86/boot/compressed/head_64.S | 593 ++---------- arch/x86/boot/compressed/ident_map_64.c | 7 arch/x86/boot/compressed/kaslr.c | 26 arch/x86/boot/compressed/mem_encrypt.S | 152 ++- arch/x86/boot/compressed/misc.c | 85 + arch/x86/boot/compressed/misc.h | 3 arch/x86/boot/compressed/pgtable.h | 10 arch/x86/boot/compressed/pgtable_64.c | 94 - arch/x86/boot/compressed/sev.c | 114 +- arch/x86/boot/header.S | 2 arch/x86/boot/tools/build.c | 2 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 11 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/boot.h | 10 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/efi.h | 14 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/nospec-branch.h | 27 arch/x86/include/asm/sev.h | 7 arch/x86/kernel/cpu/bugs.c | 15 arch/x86/kernel/cpu/intel.c | 178 +-- arch/x86/kernel/e820.c | 8 arch/x86/kernel/nmi.c | 3 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 12 drivers/bluetooth/btqca.c | 104 +- drivers/bluetooth/btqca.h | 23 drivers/bluetooth/hci_qca.c | 310 +++++- drivers/clk/tegra/clk-tegra20.c | 28 drivers/cpufreq/intel_pstate.c | 3 drivers/dma/fsl-qdma.c | 21 drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/firmware/efi/efi.c | 22 drivers/firmware/efi/libstub/Makefile | 1 drivers/firmware/efi/libstub/alignedmem.c | 7 drivers/firmware/efi/libstub/arm64-stub.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 2 drivers/firmware/efi/libstub/efistub.h | 32 drivers/firmware/efi/libstub/mem.c | 5 drivers/firmware/efi/libstub/randomalloc.c | 17 drivers/firmware/efi/libstub/x86-5lvl.c | 95 + drivers/firmware/efi/libstub/x86-stub.c | 315 +++--- drivers/firmware/efi/libstub/x86-stub.h | 17 drivers/firmware/efi/vars.c | 13 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 drivers/gpu/drm/drm_buddy.c | 10 drivers/gpu/drm/meson/meson_drv.c | 23 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/tegra/drm.c | 23 drivers/infiniband/core/cm_trace.h | 2 drivers/infiniband/core/cma.c | 255 ++--- drivers/infiniband/core/cma_trace.h | 2 drivers/infiniband/core/user_mad.c | 23 drivers/input/joystick/xpad.c | 5 drivers/interconnect/core.c | 18 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 16 drivers/iommu/sprd-iommu.c | 29 drivers/mmc/core/mmc.c | 2 drivers/mmc/host/mmci_stm32_sdmmc.c | 24 drivers/mmc/host/sdhci-xenon-phy.c | 48 drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/Kconfig | 2 drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 10 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 5 drivers/net/veth.c | 40 drivers/of/overlay.c | 2 drivers/of/property.c | 2 drivers/pci/controller/dwc/pci-layerscape-ep.c | 119 ++ drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/scsi/scsi_lib.c | 52 - drivers/scsi/sd.c | 26 drivers/soc/qcom/rpmhpd.c | 7 drivers/usb/gadget/composite.c | 18 drivers/usb/gadget/configfs.c | 3 drivers/usb/gadget/udc/core.c | 27 drivers/usb/gadget/udc/trace.h | 5 drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/video/fbdev/core/fbcon.c | 8 drivers/xen/events/events_base.c | 5 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 fs/btrfs/disk-io.c | 22 fs/btrfs/disk-io.h | 2 fs/btrfs/ioctl.c | 2 fs/btrfs/send.c | 17 fs/btrfs/transaction.c | 2 fs/efivarfs/vars.c | 17 fs/exportfs/expfs.c | 8 fs/lockd/svc4proc.c | 1 fs/lockd/svclock.c | 17 fs/lockd/svcproc.c | 1 fs/lockd/svcsubs.c | 4 fs/locks.c | 24 fs/nfs/nfs4trace.h | 6 fs/nfs/nfstrace.h | 6 fs/nfs/write.c | 4 fs/nfsd/Kconfig | 19 fs/nfsd/Makefile | 5 fs/nfsd/blocklayout.c | 1 fs/nfsd/blocklayoutxdr.c | 1 fs/nfsd/export.h | 1 fs/nfsd/filecache.c | 39 fs/nfsd/flexfilelayout.c | 1 fs/nfsd/netns.h | 2 fs/nfsd/nfs4callback.c | 72 + fs/nfsd/nfs4idmap.c | 1 fs/nfsd/nfs4proc.c | 31 fs/nfsd/nfs4state.c | 312 ++++-- fs/nfsd/nfs4xdr.c | 771 ++++++++-------- fs/nfsd/nfsctl.c | 13 fs/nfsd/nfsd.h | 9 fs/nfsd/nfsfh.h | 10 fs/nfsd/nfsproc.c | 66 - fs/nfsd/nfssvc.c | 8 fs/nfsd/state.h | 11 fs/nfsd/trace.h | 106 ++ fs/nfsd/vfs.c | 64 + fs/nfsd/vfs.h | 1 fs/nfsd/xdr4.h | 5 fs/nfsd/xdr4cb.h | 6 fs/ntfs3/frecord.c | 5 fs/ntfs3/fsntfs.c | 1 fs/ntfs3/index.c | 11 include/linux/bvec.h | 2 include/linux/decompress/mm.h | 2 include/linux/efi.h | 1 include/linux/fs.h | 14 include/linux/netfilter.h | 4 include/linux/nfs4.h | 13 include/linux/usb/composite.h | 2 include/linux/usb/gadget.h | 8 include/net/ipv6_stubs.h | 5 include/net/mctp.h | 1 include/net/netfilter/nf_conntrack.h | 8 include/scsi/scsi_device.h | 52 - include/trace/events/fs.h | 122 -- include/trace/events/nfs.h | 375 ------- include/trace/events/rdma.h | 168 --- include/trace/events/rpcgss.h | 2 include/trace/events/rpcrdma.h | 4 include/trace/events/sunrpc.h | 2 include/trace/events/sunrpc_base.h | 18 include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 ++++++++ include/trace/misc/rdma.h | 168 +++ include/trace/misc/sunrpc.h | 18 include/uapi/linux/bpf.h | 31 include/uapi/linux/in6.h | 2 lib/nlattr.c | 4 mm/huge_memory.c | 4 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/hci_sync.c | 7 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 + net/bridge/netfilter/nf_conntrack_bridge.c | 30 net/core/filter.c | 30 net/core/rtnetlink.c | 11 net/hsr/hsr_forward.c | 2 net/ipv4/ip_tunnel.c | 28 net/ipv4/netfilter/nf_reject_ipv4.c | 1 net/ipv6/addrconf.c | 7 net/ipv6/af_inet6.c | 1 net/ipv6/netfilter/nf_reject_ipv6.c | 1 net/mctp/route.c | 10 net/mptcp/diag.c | 5 net/mptcp/pm_netlink.c | 48 net/mptcp/pm_userspace.c | 12 net/mptcp/protocol.c | 56 + net/mptcp/protocol.h | 13 net/mptcp/subflow.c | 15 net/netfilter/core.c | 16 net/netfilter/nf_conntrack_core.c | 13 net/netfilter/nf_conntrack_proto_tcp.c | 35 net/netfilter/nf_tables_api.c | 7 net/netfilter/nft_compat.c | 20 net/netlink/af_netlink.c | 2 net/tls/tls_sw.c | 11 net/unix/garbage.c | 21 net/wireless/nl80211.c | 2 security/landlock/fs.c | 4 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/firewire/amdtp-stream.c | 2 sound/pci/hda/patch_realtek.c | 3 tools/include/uapi/linux/bpf.h | 31 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 227 files changed, 5027 insertions(+), 3096 deletions(-) Abdun Nihaal (1): fs/ntfs3: Fix NULL dereference in ni_write_inode Alex Deucher (2): Revert "drm/amd/pm: resolve reboot exception for si oland" drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Alexander Lobakin (1): x86/boot: Robustify calling startup_{32,64}() from the decompressor code Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Alexander Stein (1): phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Anna Schumaker (1): NFSD: Simplify READ_PLUS Ard Biesheuvel (49): crypto: arm64/neonbs - fix out-of-bounds access on short input efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S x86/boot/compressed: Move 32-bit entrypoint code into .text section x86/boot/compressed: Move bootargs parsing out of 32-bit startup code x86/boot/compressed: Move efi32_pe_entry into .text section x86/boot/compressed: Move efi32_entry out of head_64.S x86/boot/compressed: Move efi32_pe_entry() out of head_64.S x86/boot/compressed, efi: Merge multiple definitions of image_offset into one x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() x86/boot/compressed: Pull global variable reference into startup32_load_idt() x86/boot/compressed: Move startup32_load_idt() into .text section x86/boot/compressed: Move startup32_load_idt() out of head_64.S x86/boot/compressed: Move startup32_check_sev_cbit() into .text x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y x86/efi: Make the deprecated EFI handover protocol optional x86/efistub: Branch straight to kernel entry point from C code x86/decompressor: Store boot_params pointer in callee save register x86/decompressor: Assign paging related global variables earlier x86/decompressor: Call trampoline as a normal function x86/decompressor: Use standard calling convention for trampoline x86/decompressor: Avoid the need for a stack in the 32-bit trampoline x86/decompressor: Call trampoline directly from C code x86/decompressor: Only call the trampoline when changing paging levels x86/decompressor: Pass pgtable address to trampoline directly x86/decompressor: Merge trampoline cleanup with switching code x86/decompressor: Move global symbol references to C code decompress: Use 8 byte alignment arm64: efi: Limit allocations to 48-bit addressable physical region efi: efivars: prevent double registration x86/efistub: Simplify and clean up handover entry code x86/decompressor: Avoid magic offsets for EFI handover entrypoint x86/efistub: Clear BSS in EFI handover protocol entrypoint efi/libstub: Add memory attribute protocol definitions efi/libstub: Add limit argument to efi_random_alloc() x86/efistub: Perform 4/5 level paging switch from the stub x86/decompressor: Factor out kernel decompression and relocation x86/efistub: Prefer EFI memory attributes protocol over DXE services x86/efistub: Perform SNP feature test while running in the firmware x86/efistub: Avoid legacy decompressor when doing EFI boot efi/x86: Avoid physical KASLR on older Dell systems x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: efistub: Assign global boot_params variable efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags x86/efistub: Give up if memory attribute protocol returns an error Arnd Bergmann (2): clk: tegra20: fix gcc-7 constant overflow warning efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Bjorn Helgaas (1): net: restore alpha order to Ethernet devices in config Christophe Kerello (1): mmc: mmci: stm32: fix DMA API overlapping mappings warning Chuck Lever (15): NFSD: Flesh out a documenting comment for filecache.c NFSD: Clean up nfs4_preprocess_stateid_op() call sites NFSD: Trace stateids returned via DELEGRETURN NFSD: Trace delegation revocations NFSD: Use const pointers as parameters to fh_ helpers NFSD: Update file_hashtbl() helpers NFSD: Clean up nfsd4_init_file() NFSD: Add a nfsd4_file_hash_remove() helper NFSD: Clean up find_or_add_file() NFSD: Refactor find_file() NFSD: Use rhashtable for managing nfs4_file objects NFSD: Fix licensing header in filecache.c trace: Relocate event helper files NFSD: Use only RQ_DROPME to signal the need to drop a reply NFSD: Use set_bit(RQ_DROPME) Chunyan Zhang (1): iommu/sprd: Release dma buffer to avoid memory leak Colin Ian King (1): NFSD: Remove redundant assignment to variable host_err Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization Dai Ngo (6): NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker NFSD: add support for sending CB_RECALL_ANY NFSD: add delegation reaper to react to low memory condition NFSD: add CB_RECALL_ANY tracepoints NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time NFSD: replace delayed_work with work_struct for nfsd_client_shrinker David Disseldorp (1): exportfs: use pr_debug for unreachable debug statements David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Edward Lo (1): fs/ntfs3: Add length check in indx_get_root Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Elson Roy Serrao (1): usb: gadget: Properly configure the device for remote wakeup Eniac Zhang (1): ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Filipe Manana (2): btrfs: fix double free of anonymous device after snapshot creation failure btrfs: send: don't issue unnecessary zero writes for trailing hole Florian Westphal (4): netlink: add nla be16/32 types to minlen array net: ip_tunnel: prevent perpetual headroom growth netfilter: let reset rules clean out conntrack entries netfilter: bridge: confirm multicast packets before passing them up the stack Frank Li (1): PCI: layerscape: Add the endpoint linkup notifier support Gaurav Batra (1): powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Geert Uytterhoeven (1): of: overlay: Reorder struct fragment fields kerneldoc Geliang Tang (2): mptcp: map v4 address to v6 when destroying subflow selftests: mptcp: join: add ss mptcp support check Greg Kroah-Hartman (3): Revert "interconnect: Fix locking for runpm vs reclaim" Revert "interconnect: Teach lockdep about icc_bw_lock order" Linux 6.1.81 Gustavo A. R. Silva (1): RDMA/core: Fix multiple -Warray-bounds warnings Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans Peter (1): ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ido Schimmel (2): mlxsw: spectrum_acl_tcam: Make fini symmetric to init mlxsw: spectrum_acl_tcam: Add missing mutex_destroy() Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (2): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Janaki Ramaiah Thota (1): Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jeff Layton (11): nfsd: ignore requests to disable unsupported versions nfsd: move nfserrno() to vfs.c nfsd: allow disabling NFSv2 at compile time filelock: add a new locks_inode_context accessor function lockd: use locks_inode_context helper nfsd: use locks_inode_context helper nfsd: fix up the filecache laundrette scheduling lockd: set missing fl_flags field when retrieving args lockd: ensure we use the correct file descriptor when unlocking lockd: fix file selection in nlmsvc_cancel_blocked nfsd: don't destroy global nfs4_file table in per-net shutdown Jeremy Kerr (1): net: mctp: take ownership of skb in mctp_local_output Jia-Ju Bai (1): fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() Jiri Bohac (1): x86/e820: Don't reserve SETUP_RNG_SEED in e820 Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Johan Hovold (1): efi: verify that variable services are supported Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Jonas Dreßler (1): Bluetooth: hci_sync: Check the correct flag before starting a scan Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Kees Cook (1): NFSD: Avoid clashing function prototypes Krzysztof Kozlowski (1): Bluetooth: hci_qca: mark OF related data as maybe unused Kuniyuki Iwashima (2): af_unix: Fix task hung while purging oob_skb in GC. af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Louis DeLosSantos (1): bpf: Add table ID to bpf_fib_lookup BPF helper Luca Weiss (1): Bluetooth: btqca: Add WCN3988 support Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix accept_list when attempting to suspend Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Lukasz Majewski (1): net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Manivannan Sadhasivam (1): iommu/arm-smmu-qcom: Limit the SMR groups to 128 Marek Vasut (1): ARM: dts: imx7s: Drop dma-apb interrupt-names Martin Blumenstingl (1): drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (1): scsi: sd: usb_storage: uas: Access media prior to querying device properties Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Matthew Auld (1): drm/buddy: fix range bias Matthieu Baerts (NGI0) (1): mptcp: continue marking the first subflow as UNCONNECTED Maximilian Heyne (1): xen/events: close evtchn after mapping cleanup Mickaël Salaün (1): landlock: Fix asymmetric private inodes referring Mike Christie (1): scsi: core: Add struct for args to execution functions Min-Hua Chen (1): Bluetooth: btqca: use le32_to_cpu for ver.soc_id Ming Lei (1): block: define bvec_iter as __packed __aligned(4) Neil Armstrong (3): drm/meson: fix unbind path if HDMI fails to bind Bluetooth: qca: use switch case for soc type behavior Bluetooth: qca: add support for WCN7850 NeilBrown (1): NFS: Fix data corruption caused by congestion. Oleksij Rempel (3): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: lan78xx: fix "softirq work is pending" error igb: extend PTP timestamp adjustments to i211 Pablo Neira Ayuso (1): netfilter: nf_tables: disallow timeout for anonymous sets Paolo Abeni (6): mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation mptcp: push at DSS boundaries mptcp: fix snd_wnd initialization for passive socket mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Patrisious Haddad (1): RDMA/core: Refactor rdma_bind_addr Pawan Gupta (6): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (2): tls: decrement decrypt_pending if no async completion will be called tls: fix peeking with sync+async decryption Saravana Kannan (1): of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Shiraz Saleem (1): RDMA/core: Update CMA destination address on rdma_resolve_addr Steev Klimaszewski (1): Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 Stefan Wahren (1): ARM: dts: imx: Adjust dma-apbh node name Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Thierry Reding (1): drm/tegra: Remove existing framebuffer only if we support display Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Tomas Krcka (1): iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any Vicki Pfau (1): Input: xpad - add constants for GIP interface numbers Xiaowei Bao (1): PCI: layerscape: Add workaround for lost link capabilities during reset Xiu Jianfeng (1): NFSD: Use struct_size() helper in alloc_session() Yang Shi (1): mm: huge_memory: don't force huge page alignment on 32 bit Ye Bin (1): fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (2): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: qca: Fix wrong event type for patch config command Zong Li (1): riscv: add CALLER_ADDRx support

1 year, 3 months

1
1
0 0

Linux 5.15.151

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.151 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/riscv/include/asm/pgtable.h | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 drivers/dma/fsl-qdma.c | 21 - drivers/dma/ptdma/ptdma-dmaengine.c | 2 drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 drivers/interconnect/core.c | 18 - drivers/mmc/core/mmc.c | 2 drivers/mmc/host/sdhci-xenon-phy.c | 48 ++- drivers/mtd/nand/spi/gigadevice.c | 6 drivers/net/ethernet/intel/igb/igb_ptp.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 drivers/net/gtp.c | 12 drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/net/veth.c | 40 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/rpmhpd.c | 7 drivers/video/fbdev/core/fbcon.c | 8 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 + fs/cachefiles/bind.c | 3 fs/hugetlbfs/inode.c | 6 include/linux/netfilter.h | 14 include/net/ipv6_stubs.h | 5 include/net/netfilter/nf_conntrack.h | 8 include/net/strparser.h | 4 include/net/tls.h | 11 include/uapi/linux/bpf.h | 37 ++ include/uapi/linux/in6.h | 2 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 net/bluetooth/l2cap_core.c | 8 net/bridge/br_netfilter_hooks.c | 96 ++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 +++- net/core/rtnetlink.c | 11 net/ipv4/ip_tunnel.c | 28 + net/ipv4/netfilter/nf_reject_ipv4.c | 1 net/ipv6/addrconf.c | 7 net/ipv6/af_inet6.c | 1 net/ipv6/netfilter/nf_reject_ipv6.c | 1 net/mptcp/diag.c | 3 net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++- net/mptcp/subflow.c | 36 -- net/netfilter/core.c | 45 ++- net/netfilter/nf_conntrack_core.c | 21 + net/netfilter/nf_conntrack_netlink.c | 4 net/netfilter/nf_conntrack_proto_tcp.c | 35 ++ net/netfilter/nf_nat_core.c | 2 net/netfilter/nf_tables_api.c | 7 net/netfilter/nfnetlink_queue.c | 10 net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 net/tls/tls_device.c | 6 net/tls/tls_sw.c | 310 ++++++++++------------ net/unix/garbage.c | 22 - net/wireless/nl80211.c | 2 security/tomoyo/common.c | 3 sound/core/Makefile | 1 sound/firewire/amdtp-stream.c | 2 tools/include/uapi/linux/bpf.h | 37 ++ tools/testing/selftests/net/mptcp/config | 2 69 files changed, 984 insertions(+), 522 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Doug Smythies (1): cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (6): net: ip_tunnel: prevent perpetual headroom growth netfilter: nfnetlink_queue: silence bogus compiler warning netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook netfilter: make function op structures const netfilter: let reset rules clean out conntrack entries netfilter: bridge: confirm multicast packets before passing them up the stack Gal Pressman (1): Revert "tls: rx: move counting TlsDecryptErrors for sync" Geliang Tang (1): mptcp: add needs_id for netlink appending addr Greg Kroah-Hartman (3): Revert "interconnect: Fix locking for runpm vs reclaim" Revert "interconnect: Teach lockdep about icc_bw_lock order" Linux 5.15.151 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Jakub Kicinski (16): net: veth: clear GRO when clearing XDP even when down veth: try harder when allocating queue memory tls: rx: don't store the record type in socket context tls: rx: don't store the decryption status in socket context tls: rx: don't issue wake ups when data is decrypted tls: rx: refactor decrypt_skb_update() tls: hw: rx: use return value of tls_device_decrypted() to carry status tls: rx: drop unnecessary arguments from tls_setup_from_iter() tls: rx: don't report text length from the bowels of decrypt tls: rx: wrap decryption arguments in a structure tls: rx: factor out writing ContentType to cmsg tls: rx: don't track the async count tls: rx: move counting TlsDecryptErrors for sync tls: rx: assume crypto always calls our callback tls: rx: use async as an in-out argument net: tls: fix async vs NIC crypto offload Jakub Raczynski (1): stmmac: Clear variable when destroying workqueue Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jean Sacren (1): mptcp: clean up harmless false expressions Jiri Slaby (SUSE) (1): fbcon: always restore the old font data in fbcon_do_set_font() Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Justin Iurman (1): uapi: in6: replace temporary label with rfc9486 Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Kuniyuki Iwashima (1): af_unix: Drop oob_skb ref before purging queue in GC. Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Louis DeLosSantos (1): bpf: Add table ID to bpf_fib_lookup BPF helper Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Martin KaFai Lau (1): bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Matthieu Baerts (NGI0) (2): selftests: mptcp: add missing kconfig for NF Filter selftests: mptcp: add missing kconfig for NF Filter in v6 Max Krummenacher (1): Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oleksij Rempel (2): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected igb: extend PTP timestamp adjustments to i211 Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Pablo Neira Ayuso (1): netfilter: nf_tables: disallow timeout for anonymous sets Paolo Abeni (5): mptcp: move __mptcp_error_report in protocol.c mptcp: process pending subflow error on close mptcp: rename timer related helper to less confusing names mptcp: push at DSS boundaries mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Sabrina Dubroca (1): tls: decrement decrypt_pending if no async completion will be called Tadeusz Struk (1): dmaengine: ptdma: use consistent DMA masks Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Takashi Sakamoto (1): ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Vasily Averin (1): net: enable memcg accounting for veth queues Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (1): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR

1 year, 3 months

1
1
0 0

Linux 5.10.212

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.212 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/riscv/include/asm/pgtable.h | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++++++---------- drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/dma/fsl-qdma.c | 21 +- drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/gpio/gpiolib.c | 10 - drivers/mmc/core/mmc.c | 2 drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/spi/gigadevice.c | 81 +++++++-- drivers/net/gtp.c | 12 - drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/platform/x86/touchscreen_dmi.c | 4 drivers/power/supply/bq27xxx_battery_i2c.c | 4 drivers/soc/qcom/rpmhpd.c | 7 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 ++ fs/cachefiles/bind.c | 3 fs/ext4/mballoc.c | 39 ++-- fs/hugetlbfs/inode.c | 6 net/bluetooth/hci_core.c | 7 net/bluetooth/hci_event.c | 13 + net/bluetooth/l2cap_core.c | 8 net/core/rtnetlink.c | 11 - net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 net/mptcp/diag.c | 3 net/mptcp/protocol.c | 49 +++++ net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 net/wireless/nl80211.c | 2 security/tomoyo/common.c | 3 sound/core/Makefile | 1 36 files changed, 426 insertions(+), 192 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Andy Shevchenko (1): gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (2): ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() cachefiles: fix memory leak in cachefiles_add_cache() Bartosz Golaszewski (1): gpio: fix resource unwinding order in error path Bjorn Andersson (1): pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Chuanhong Guo (1): mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Davide Caratti (1): mptcp: fix double-free on socket dismantle Dimitris Vlachos (1): riscv: Sparse-Memory/vmemmap out-of-bounds fix Elad Nachman (2): mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (1): net: ip_tunnel: prevent perpetual headroom growth Greg Kroah-Hartman (1): Linux 5.10.212 Han Xu (1): mtd: spinand: gigadevice: Fix the get ecc status issue Hans de Goede (2): platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Paolo Abeni (1): mptcp: fix possible deadlock in subflow diag Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Reto Schneider (1): mtd: spinand: gigadevice: Support GD5F1GQ5UExxG Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Tetsuo Handa (1): tomoyo: fix UAF write bug in tomoyo_write_control() Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching Zijun Hu (1): Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 3 months

1
1
0 0

Linux 5.4.271

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.271 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/kernel/cpu/intel.c | 178 ++++++++++++++--------------- drivers/dma/fsl-qdma.c | 21 +-- drivers/firmware/efi/capsule-loader.c | 2 drivers/gpio/gpio-74x164.c | 4 drivers/mmc/core/mmc.c | 2 drivers/net/gtp.c | 12 - drivers/net/tun.c | 1 drivers/net/usb/dm9601.c | 2 drivers/net/usb/lan78xx.c | 3 drivers/power/supply/bq27xxx_battery_i2c.c | 4 fs/afs/dir.c | 4 fs/btrfs/dev-replace.c | 24 +++ fs/cachefiles/bind.c | 3 fs/hugetlbfs/inode.c | 6 net/bluetooth/hci_core.c | 7 - net/bluetooth/hci_event.c | 9 + net/bluetooth/l2cap_core.c | 8 + net/core/rtnetlink.c | 11 - net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 - net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 net/wireless/nl80211.c | 2 sound/core/Makefile | 1 25 files changed, 223 insertions(+), 140 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() Curtis Klein (1): dmaengine: fsl-qdma: init irq after reg initialization David Howells (1): afs: Fix endless loop in directory parsing David Sterba (1): btrfs: dev-replace: properly validate device names Eric Dumazet (1): ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Florian Westphal (1): net: ip_tunnel: prevent perpetual headroom growth Greg Kroah-Hartman (1): Linux 5.4.271 Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Lin Ma (1): rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Oscar Salvador (1): fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Paolo Bonzini (1): x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Peng Ma (1): dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching

1 year, 3 months

1
1
0 0

Linux 4.19.309

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.309 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 ++-- drivers/mmc/core/mmc.c | 2 ++ drivers/net/gtp.c | 12 ++++++------ drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 ++- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +++- fs/btrfs/dev-replace.c | 24 ++++++++++++++++++++---- fs/cachefiles/bind.c | 3 +++ net/bluetooth/hci_core.c | 7 ++++--- net/bluetooth/hci_event.c | 9 ++++++++- net/bluetooth/l2cap_core.c | 8 +++++++- net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 ++ sound/core/Makefile | 1 - 17 files changed, 64 insertions(+), 24 deletions(-) Alexander Ofitserov (1): gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Arnd Bergmann (1): efi/capsule-loader: fix incorrect allocation size Arturas Moskvinas (1): gpio: 74x164: Enable output pins after registers are reset Baokun Li (1): cachefiles: fix memory leak in cachefiles_add_cache() David Sterba (1): btrfs: dev-replace: properly validate device names Greg Kroah-Hartman (1): Linux 4.19.309 Hans de Goede (1): power: supply: bq27xxx-i2c: Do not free non existing IRQ Ivan Semenov (1): mmc: core: Fix eMMC initialization with 1-bit bus connection Javier Carrasco (1): net: usb: dm9601: fix wrong return value in dm9601_mdio_read Johannes Berg (1): wifi: nl80211: reject iftype change with mesh ID change Kai-Heng Feng (1): Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Oleksij Rempel (1): lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Ryosuke Yasuoka (1): netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Takashi Iwai (1): ALSA: Drop leftover snd-rtctimer stuff from Makefile Ying Hsu (1): Bluetooth: Avoid potential use-after-free in hci_error_reset Yunjian Wang (1): tun: Fix xdp_rxq_info's queue_index when detaching

1 year, 3 months

1
1
0 0

[PATCH 6.7 000/163] 6.7.9-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.9 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 07:46:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.9-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.9-rc2 Danilo Krummrich <dakr(a)redhat.com> drm/nouveau: don't fini scheduler before entity flush Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: rm subflow with v4/v4mapped addr Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_is_v6 Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: update userspace pm test helpers Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add chk_subflows_total helper Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add evts_get_info helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: use correct function name for resetting TCE tables Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Ensure safe user copy of completion record Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Remove shadow Event Log head stored in idxd Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: qcom-qmp-usb: fix v3 offsets data Yang Yingliang <yangyingliang(a)huawei.com> phy: qcom: phy-qcom-m31: fix wrong pointer pass to PTR_ERR() Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Add HDMA remote interrupt configuration Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix the ch_count hdma callback Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Peter Ujfalusi <peter.ujfalusi(a)gmail.com> mfd: twl6030-irq: Revert to use of_match_device() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix potential wake-up event loss Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid printing warning once on client side Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Byungchul Park <byungchul(a)sk.com> mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Fix to allocate entry_data_size buffer with rethook instances Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Cristian Marussi <cristian.marussi(a)arm.com> pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix protection fault in iommufd_test_syz_conv_iova Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix iopt_access_list_id overwrite bug Nathan Chancellor <nathan(a)kernel.org> kbuild: Add -Wa,--fatal-warnings to as-instr invocation Thomas Weißschuh <linux(a)weissschuh.net> power: supply: mm8013: select REGMAP_I2C Samuel Holland <samuel.holland(a)sifive.com> riscv: Save/restore envcfg CSR during CPU suspend Samuel Holland <samuel.holland(a)sifive.com> riscv: Add a custom ISA extension for the [ms]envcfg CSR Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix enabling cbo.zero when running in M-mode Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Nathan Chancellor <nathan(a)kernel.org> RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH Xiubo Li <xiubli(a)redhat.com> ceph: switch to corrected encoding of max_xattr_size in mdsmap Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Rob Clark <robdclark(a)chromium.org> soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin <tsung-hua.lin(a)amd.com> drm/amd/display: Add monitor patch for specific eDP Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the power1_min_cap value Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Elad Nachman <enachman(a)marvell.com> mtd: rawnand: marvell: fix layouts Nhat Pham <nphamcs(a)gmail.com> mm: cachestat: fix folio read-after-free in cache walk Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Willian Wang <git(a)willian.wang> ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Gergo Koteles <soyer(a)irl.hu> ALSA: hda/realtek: tas2781: enable subwoofer volume control Jay Ajit Mate <jay.mate15(a)gmail.com> ALSA: hda/realtek: Fix top speaker connection on Dell Inspiron 16 Plus 7630 Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Sid Pranjale <sidpranjale127(a)protonmail.com> drm/nouveau: keep DMA buffers required for suspend/resume Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between ordered extent completion and fiemap Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix pte_leaf_size() for NAPOT Alexandre Ghiti <alexghiti(a)rivosinc.com> Revert "riscv: mm: support Svnapot in huge vmap" Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: ctr_get_width function for legacy is not defined Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: added capabilities for legacy PMU Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Prevent potential buffer overflow in map_hw_resources David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Conor Dooley <conor(a)kernel.org> RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix for initializing ASP1 mixer registers Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Don't add the same register patch multiple times Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Yangyu Chen <cyy(a)cyyself.name> riscv: mm: fix NOCACHE_THEAD does not set bit[61] correctly Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Skip reset assert on Tegra186 Colin Ian King <colin.i.king(a)gmail.com> ASoC: qcom: Fix uninitialized pointer dmactl Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Jisheng Zhang <jszhang(a)kernel.org> riscv: tlb: fix __p*d_free_tlb() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <o.rempel(a)pengutronix.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix handling of multiple mcast groups Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix triggering coredump implementation Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <o.rempel(a)pengutronix.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix pin phase adjust updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll periodic work data updates on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll and dpll_pin data access on PF reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix dpll input pin phase_adjust value updates Yochai Hagvi <yochai.hagvi(a)intel.com> ice: fix connection state of DPLL and out pin Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking ------------- Diffstat: Documentation/arch/x86/mds.rst | 34 +++- Makefile | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 ++ arch/powerpc/include/asm/rtas.h | 4 +- arch/powerpc/kernel/rtas.c | 9 +- arch/powerpc/platforms/pseries/iommu.c | 156 +++++++++++------ arch/riscv/Kconfig | 1 - arch/riscv/include/asm/csr.h | 2 + arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/hugetlb.h | 2 + arch/riscv/include/asm/hwcap.h | 2 + arch/riscv/include/asm/pgalloc.h | 20 ++- arch/riscv/include/asm/pgtable-64.h | 2 +- arch/riscv/include/asm/pgtable.h | 6 +- arch/riscv/include/asm/suspend.h | 1 + arch/riscv/include/asm/vmalloc.h | 61 +------ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cpufeature.c | 31 +++- arch/riscv/kernel/return_address.c | 48 +++++ arch/riscv/kernel/suspend.c | 4 + arch/riscv/mm/hugetlbpage.c | 2 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 -- arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++--------- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 20 ++- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/hci_bcm4377.c | 3 +- drivers/bluetooth/hci_qca.c | 22 ++- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/dw-edma/dw-edma-v0-core.c | 17 ++ drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +++-- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 +- drivers/dma/fsl-edma-common.c | 2 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/dma/idxd/cdev.c | 2 +- drivers/dma/idxd/debugfs.c | 2 +- drivers/dma/idxd/idxd.h | 1 - drivers/dma/idxd/init.c | 15 +- drivers/dma/idxd/irq.c | 3 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 9 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 9 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 9 +- drivers/gpu/drm/drm_buddy.c | 10 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 +- drivers/gpu/drm/tegra/drm.c | 23 ++- drivers/gpu/host1x/dev.c | 15 +- drivers/gpu/host1x/dev.h | 6 + drivers/iommu/iommufd/io_pagetable.c | 9 +- drivers/iommu/iommufd/selftest.c | 27 ++- drivers/mfd/twl6030-irq.c | 10 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 +++ drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 18 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 91 ++++++++-- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 ++--- drivers/of/property.c | 2 +- drivers/perf/riscv_pmu.c | 18 +- drivers/perf/riscv_pmu_legacy.c | 10 +- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 10 +- drivers/pmdomain/arm/scmi_perf_domain.c | 3 + drivers/pmdomain/qcom/rpmhpd.c | 7 +- drivers/power/supply/Kconfig | 1 + drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/pmic_glink.c | 21 +-- drivers/spi/spi-cadence-quadspi.c | 11 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/btrfs/disk-io.c | 22 +-- fs/btrfs/disk-io.h | 2 +- fs/btrfs/extent_io.c | 165 ++++++++++++++--- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/ceph/mdsmap.c | 7 +- fs/ceph/mdsmap.h | 6 +- fs/efivarfs/vars.c | 17 +- fs/nfs/write.c | 4 +- include/linux/bvec.h | 2 +- include/linux/netfilter.h | 1 + include/net/mctp.h | 1 + include/sound/soc-card.h | 2 + include/uapi/linux/in6.h | 2 +- kernel/trace/fprobe.c | 14 +- lib/nlattr.c | 4 + mm/debug_vm_pgtable.c | 8 + mm/filemap.c | 51 +++--- mm/migrate.c | 8 + net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 ++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++++ net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 +- net/mctp/route.c | 10 +- net/mptcp/diag.c | 3 + net/mptcp/options.c | 2 +- net/mptcp/pm_userspace.c | 10 ++ net/mptcp/protocol.c | 52 +++++- net/mptcp/protocol.h | 21 +-- net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 40 +++-- net/unix/garbage.c | 21 +-- net/wireless/nl80211.c | 2 + scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/core/ump.c | 4 +- sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 33 +++- sound/soc/codecs/cs35l45.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 8 +- sound/soc/codecs/cs35l56.c | 195 ++++++++++++++++++--- sound/soc/codecs/cs35l56.h | 1 + sound/soc/fsl/fsl_xcvr.c | 12 +- sound/soc/qcom/lpass-cdc-dma.c | 2 +- sound/soc/soc-card.c | 24 ++- tools/net/ynl/lib/ynl.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 192 ++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 ++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 +++++---- 161 files changed, 1941 insertions(+), 831 deletions(-)

1 year, 3 months

6
14
0 0

[PATCH v2] mm: swap: Fix race between free_swap_and_cache() and swapoff()

by Ryan Roberts

There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Cc: stable(a)vger.kernel.org Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- Hi Andrew, Please replace v1 of this patch in mm-unstable with this version. Changes since v1: - Added comments for get_swap_device() as suggested by David - Moved check that swap entry is not free from get_swap_device() to free_swap_and_cache() since there are some paths that legitimately call with a free offset. I haven't addressed the recommendation by Huang Ying [1] to also revert commit 23b230ba8ac3 ("mm/swap: print bad swap offset entry in get_swap_device"). It should be done separately to this, and and we need to conclude discussion first. [1] https://lore.kernel.org/all/875xy0842q.fsf@yhuang6-desk2.ccr.corp.intel.com/ Thanks, Ryan mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/mm/swapfile.c b/mm/swapfile.c index 2b3a2d85e350..1155a6304119 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_locked(struct swap_info_struct *p, * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entry) if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH 5.10 00/41] 5.10.212-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.212 release. There are 41 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 11:31:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.212-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.212-rc2 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Chuanhong Guo <gch981213(a)gmail.com> mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Reto Schneider <reto.schneider(a)husqvarnagroup.com> mtd: spinand: gigadevice: Support GD5F1GQ5UExxG zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/x86/kernel/cpu/intel.c | 178 +++++++++++---------- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++-- drivers/mtd/nand/spi/gigadevice.c | 81 ++++++++-- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/platform/x86/touchscreen_dmi.c | 4 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/cachefiles/bind.c | 3 + fs/ext4/mballoc.c | 39 ++--- fs/hugetlbfs/inode.c | 6 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 +- net/mptcp/diag.c | 3 + net/mptcp/protocol.c | 49 ++++++ net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - 36 files changed, 430 insertions(+), 196 deletions(-)

1 year, 3 months

6
5
0 0

[PATCH STABLE v6.1.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c93dd6a31c31..c5968021fde0 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -423,8 +423,12 @@ int folio_migrate_mapping(struct address_space *mapping, if (folio_test_swapbacked(folio)) { __folio_set_swapbacked(newfolio); if (folio_test_swapcache(folio)) { + int i; + folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); + for (i = 0; i < nr; i++) + set_page_private(folio_page(newfolio, i), + page_private(folio_page(folio, i))); } entries = nr; } else { -- 2.43.0

1 year, 3 months

5
9
0 0

[PATCH 5.10/5.15] scsi: add a length check for VARIABLE_LENGTH_CMD commands

by Mikhail Ukhin

Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551af7424a7dace2a1ba05a7de8eae27. Backporting this commit would require significant changes to the code so it is bettter to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> --- drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index dfa090ccd21c..77589e911d3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev) if (unlikely(!scmd->cmd_len)) goto bad_cdb_len; + + if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32) + goto bad_cdb_len; if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) { if (unlikely(scmd->cmd_len > dev->cdb_len)) -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH 2/3] drm/i915/dsb: Fix DSB vblank waits when using VRR

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Looks like the undelayed vblank gets signalled exactly when the active period ends. That is a problem for DSB+VRR when we are already in vblank and expect DSB to start executing as soon as we send the push. Instead of starting the DSB just keeps on waiting for the undelayed vblank which won't signal until the end of the next frame's active period, which is far too late. The end result is that DSB won't have even started executing by the time the flips/etc. have completed. We then wait for an extra 1ms, after which we terminate the DSB and report a timeout: [drm] *ERROR* [CRTC:80:pipe A] DSB 0 timed out waiting for idle (current head=0xfedf4000, head=0x0, tail=0x1080) To fix this let's configure DSB to use the so called VRR "safe window" instead of the undelayed vblank to trigger the DSB vblank logic, when VRR is enabled. Cc: stable(a)vger.kernel.org Fixes: 34d8311f4a1c ("drm/i915/dsb: Re-instate DSB for LUT updates") Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/9927 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dsb.c b/drivers/gpu/drm/i915/display/intel_dsb.c index d62e050185e7..e4515bf92038 100644 --- a/drivers/gpu/drm/i915/display/intel_dsb.c +++ b/drivers/gpu/drm/i915/display/intel_dsb.c @@ -340,6 +340,17 @@ static int intel_dsb_dewake_scanline(const struct intel_crtc_state *crtc_state) return max(0, vblank_start - intel_usecs_to_scanlines(adjusted_mode, latency)); } +static u32 dsb_chicken(struct intel_crtc *crtc) +{ + if (crtc->mode_flags & I915_MODE_FLAG_VRR) + return DSB_CTRL_WAIT_SAFE_WINDOW | + DSB_CTRL_NO_WAIT_VBLANK | + DSB_INST_WAIT_SAFE_WINDOW | + DSB_INST_NO_WAIT_VBLANK; + else + return 0; +} + static void _intel_dsb_commit(struct intel_dsb *dsb, u32 ctrl, int dewake_scanline) { @@ -361,6 +372,9 @@ static void _intel_dsb_commit(struct intel_dsb *dsb, u32 ctrl, intel_de_write_fw(dev_priv, DSB_CTRL(pipe, dsb->id), ctrl | DSB_ENABLE); + intel_de_write_fw(dev_priv, DSB_CHICKEN(pipe, dsb->id), + dsb_chicken(crtc)); + intel_de_write_fw(dev_priv, DSB_HEAD(pipe, dsb->id), intel_dsb_buffer_ggtt_offset(&dsb->dsb_buf)); -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH 1/3] drm/i915/vrr: Generate VRR "safe window" for DSB

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Looks like TRANS_CHICKEN bit 31 means something totally different depending on the platform: TGL: generate VRR "safe window" for DSB ADL/DG2: make TRANS_SET_CONTEXT_LATENCY effective with VRR So far we've only set this on ADL/DG2, but when using DSB+VRR we also need to set it on TGL. And a quick test on MTL says it doesn't need this bit for either of those purposes, even though it's still documented as valid in bspec. Cc: stable(a)vger.kernel.org Fixes: 34d8311f4a1c ("drm/i915/dsb: Re-instate DSB for LUT updates") Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/9927 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_vrr.c | 7 ++++--- drivers/gpu/drm/i915/i915_reg.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_vrr.c b/drivers/gpu/drm/i915/display/intel_vrr.c index 5d905f932cb4..eb5bd0743902 100644 --- a/drivers/gpu/drm/i915/display/intel_vrr.c +++ b/drivers/gpu/drm/i915/display/intel_vrr.c @@ -187,10 +187,11 @@ void intel_vrr_set_transcoder_timings(const struct intel_crtc_state *crtc_state) enum transcoder cpu_transcoder = crtc_state->cpu_transcoder; /* - * TRANS_SET_CONTEXT_LATENCY with VRR enabled - * requires this chicken bit on ADL/DG2. + * This bit seems to have two meanings depending on the platform: + * TGL: generate VRR "safe window" for DSB vblank waits + * ADL/DG2: make TRANS_SET_CONTEXT_LATENCY effective with VRR */ - if (DISPLAY_VER(dev_priv) == 13) + if (IS_DISPLAY_VER(dev_priv, 12, 13)) intel_de_rmw(dev_priv, CHICKEN_TRANS(cpu_transcoder), 0, PIPE_VBLANK_WITH_DELAY); diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index e00557e1a57f..3b2e49ce29ba 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -4599,7 +4599,7 @@ #define MTL_CHICKEN_TRANS(trans) _MMIO_TRANS((trans), \ _MTL_CHICKEN_TRANS_A, \ _MTL_CHICKEN_TRANS_B) -#define PIPE_VBLANK_WITH_DELAY REG_BIT(31) /* ADL/DG2 */ +#define PIPE_VBLANK_WITH_DELAY REG_BIT(31) /* tgl+ */ #define SKL_UNMASK_VBL_TO_PIPE_IN_SRD REG_BIT(30) /* skl+ */ #define HSW_FRAME_START_DELAY_MASK REG_GENMASK(28, 27) #define HSW_FRAME_START_DELAY(x) REG_FIELD_PREP(HSW_FRAME_START_DELAY_MASK, x) -- 2.43.0

1 year, 3 months

2
1
0 0

@E-Commerce Solutions...!!!

by anjali rao

Hello There, Would you be interested in building your website? We are a professional Web Design & Development or Mobile Apps development company based in India. Our aim is to be the best in service and as such we offer a premium service at very competitive prices. *We specialize in:-* 1. Website Design 2. Web Development 3. Responsive Websites 4. PHP Development 5. E-Commerce Solutions 6. Mobile Apps Development We operate 24 x7. I will be happy to send you links to price list, money back guarantee, client rankings, client testimonials, “How we are different from others?”, and “Why should you choose us?” on receiving a response from you. Drop me a line if you need any assistance. *Kind Regards* Anjali

1 year, 3 months

1
0
0 0

[PATCH] platform/x86/intel/tpmi: Change vsec offset to u64

by Srinivas Pandruvada

The vsec offset can be 64 bit long depending on the PFS start. So change type to u64. Also use 64 bit formatting for seq_printf. Fixes: 47731fd2865f ("platform/x86/intel: Intel TPMI enumeration driver") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.3+ --- This is a forward looking change. There is no platform with this issue. This can go through regular cycle. drivers/platform/x86/intel/tpmi.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c index e73cdea67fff..910df7c654f4 100644 --- a/drivers/platform/x86/intel/tpmi.c +++ b/drivers/platform/x86/intel/tpmi.c @@ -96,7 +96,7 @@ struct intel_tpmi_pfs_entry { */ struct intel_tpmi_pm_feature { struct intel_tpmi_pfs_entry pfs_header; - unsigned int vsec_offset; + u64 vsec_offset; struct intel_vsec_device *vsec_dev; }; @@ -376,7 +376,7 @@ static int tpmi_pfs_dbg_show(struct seq_file *s, void *unused) read_blocked = feature_state.read_blocked ? 'Y' : 'N'; write_blocked = feature_state.write_blocked ? 'Y' : 'N'; } - seq_printf(s, "0x%02x\t\t0x%02x\t\t0x%04x\t\t0x%04x\t\t0x%02x\t\t0x%08x\t%c\t%c\t\t%c\t\t%c\n", + seq_printf(s, "0x%02x\t\t0x%02x\t\t0x%04x\t\t0x%04x\t\t0x%02x\t\t0x%016llx\t%c\t%c\t\t%c\t\t%c\n", pfs->pfs_header.tpmi_id, pfs->pfs_header.num_entries, pfs->pfs_header.entry_size, pfs->pfs_header.cap_offset, pfs->pfs_header.attribute, pfs->vsec_offset, locked, disabled, @@ -395,7 +395,8 @@ static int tpmi_mem_dump_show(struct seq_file *s, void *unused) struct intel_tpmi_pm_feature *pfs = s->private; int count, ret = 0; void __iomem *mem; - u32 off, size; + u32 size; + u64 off; u8 *buffer; size = TPMI_GET_SINGLE_ENTRY_SIZE(pfs); @@ -411,7 +412,7 @@ static int tpmi_mem_dump_show(struct seq_file *s, void *unused) mutex_lock(&tpmi_dev_lock); for (count = 0; count < pfs->pfs_header.num_entries; ++count) { - seq_printf(s, "TPMI Instance:%d offset:0x%x\n", count, off); + seq_printf(s, "TPMI Instance:%d offset:0x%llx\n", count, off); mem = ioremap(off, size); if (!mem) { -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH 5.4 00/25] 5.4.271-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.271 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.271-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.271-rc1 Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter ------------- Diffstat: Makefile | 4 +- arch/x86/kernel/cpu/intel.c | 178 +++++++++++++++-------------- drivers/dma/fsl-qdma.c | 25 ++-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/mmc/core/mmc.c | 2 + drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +++- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 9 +- net/bluetooth/l2cap_core.c | 8 +- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +++-- net/ipv6/addrconf.c | 7 +- net/netfilter/nft_compat.c | 20 ++++ net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 + sound/core/Makefile | 1 - 25 files changed, 226 insertions(+), 143 deletions(-)

1 year, 3 months

6
30
0 0

[PATCH net v3] net: stmmac: protect updates of 64-bit statistics counters

by Petr Tesarik

As explained by a comment in <linux/u64_stats_sync.h>, write side of struct u64_stats_sync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking readers forever. Such lockups have been observed in real world after stmmac_xmit() on one CPU raced with stmmac_napi_poll_tx() on another CPU. To fix the issue without introducing a new lock, split the statics into three parts: 1. fields updated only under the tx queue lock, 2. fields updated only during NAPI poll, 3. fields updated only from interrupt context, Updates to fields in the first two groups are already serialized through other locks. It is sufficient to split the existing struct u64_stats_sync so that each group has its own. Note that tx_set_ic_bit is updated from both contexts. Split this counter so that each context gets its own, and calculate their sum to get the total value in stmmac_get_ethtool_stats(). For the third group, multiple interrupts may be processed by different CPUs at the same time, but interrupts on the same CPU will not nest. Move fields from this group to a newly created per-cpu struct stmmac_pcpu_stats. Fixes: 133466c3bbe1 ("net: stmmac: use per-queue 64 bit statistics where necessary") Link: https://lore.kernel.org/netdev/Za173PhviYg-1qIn@torres.zugschlus.de/t/ Cc: stable(a)vger.kernel.org Signed-off-by: Petr Tesarik <petr(a)tesarici.cz> --- drivers/net/ethernet/stmicro/stmmac/common.h | 56 +++++--- .../net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 15 +- .../net/ethernet/stmicro/stmmac/dwmac4_lib.c | 15 +- .../net/ethernet/stmicro/stmmac/dwmac_lib.c | 15 +- .../ethernet/stmicro/stmmac/dwxgmac2_dma.c | 15 +- .../ethernet/stmicro/stmmac/stmmac_ethtool.c | 129 +++++++++++------ .../net/ethernet/stmicro/stmmac/stmmac_main.c | 133 +++++++++--------- 7 files changed, 221 insertions(+), 157 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/common.h b/drivers/net/ethernet/stmicro/stmmac/common.h index 721c1f8e892f..4aca20feb4b7 100644 --- a/drivers/net/ethernet/stmicro/stmmac/common.h +++ b/drivers/net/ethernet/stmicro/stmmac/common.h @@ -59,28 +59,51 @@ #undef FRAME_FILTER_DEBUG /* #define FRAME_FILTER_DEBUG */ +struct stmmac_q_tx_stats { + u64_stats_t tx_bytes; + u64_stats_t tx_set_ic_bit; + u64_stats_t tx_tso_frames; + u64_stats_t tx_tso_nfrags; +}; + +struct stmmac_napi_tx_stats { + u64_stats_t tx_packets; + u64_stats_t tx_pkt_n; + u64_stats_t poll; + u64_stats_t tx_clean; + u64_stats_t tx_set_ic_bit; +}; + struct stmmac_txq_stats { - u64 tx_bytes; - u64 tx_packets; - u64 tx_pkt_n; - u64 tx_normal_irq_n; - u64 napi_poll; - u64 tx_clean; - u64 tx_set_ic_bit; - u64 tx_tso_frames; - u64 tx_tso_nfrags; - struct u64_stats_sync syncp; + /* Updates protected by tx queue lock. */ + struct u64_stats_sync q_syncp; + struct stmmac_q_tx_stats q; + + /* Updates protected by NAPI poll logic. */ + struct u64_stats_sync napi_syncp; + struct stmmac_napi_tx_stats napi; } ____cacheline_aligned_in_smp; +struct stmmac_napi_rx_stats { + u64_stats_t rx_bytes; + u64_stats_t rx_packets; + u64_stats_t rx_pkt_n; + u64_stats_t poll; +}; + struct stmmac_rxq_stats { - u64 rx_bytes; - u64 rx_packets; - u64 rx_pkt_n; - u64 rx_normal_irq_n; - u64 napi_poll; - struct u64_stats_sync syncp; + /* Updates protected by NAPI poll logic. */ + struct u64_stats_sync napi_syncp; + struct stmmac_napi_rx_stats napi; } ____cacheline_aligned_in_smp; +/* Updates on each CPU protected by not allowing nested irqs. */ +struct stmmac_pcpu_stats { + struct u64_stats_sync syncp; + u64_stats_t rx_normal_irq_n[MTL_MAX_TX_QUEUES]; + u64_stats_t tx_normal_irq_n[MTL_MAX_RX_QUEUES]; +}; + /* Extra statistic and debug information exposed by ethtool */ struct stmmac_extra_stats { /* Transmit errors */ @@ -205,6 +228,7 @@ struct stmmac_extra_stats { /* per queue statistics */ struct stmmac_txq_stats txq_stats[MTL_MAX_TX_QUEUES]; struct stmmac_rxq_stats rxq_stats[MTL_MAX_RX_QUEUES]; + struct stmmac_pcpu_stats __percpu *pcpu_stats; unsigned long rx_dropped; unsigned long rx_errors; unsigned long tx_dropped; diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c index 137741b94122..b21d99faa2d0 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c @@ -441,8 +441,7 @@ static int sun8i_dwmac_dma_interrupt(struct stmmac_priv *priv, struct stmmac_extra_stats *x, u32 chan, u32 dir) { - struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[chan]; - struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[chan]; + struct stmmac_pcpu_stats *stats = this_cpu_ptr(priv->xstats.pcpu_stats); int ret = 0; u32 v; @@ -455,9 +454,9 @@ static int sun8i_dwmac_dma_interrupt(struct stmmac_priv *priv, if (v & EMAC_TX_INT) { ret |= handle_tx; - u64_stats_update_begin(&txq_stats->syncp); - txq_stats->tx_normal_irq_n++; - u64_stats_update_end(&txq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->tx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); } if (v & EMAC_TX_DMA_STOP_INT) @@ -479,9 +478,9 @@ static int sun8i_dwmac_dma_interrupt(struct stmmac_priv *priv, if (v & EMAC_RX_INT) { ret |= handle_rx; - u64_stats_update_begin(&rxq_stats->syncp); - rxq_stats->rx_normal_irq_n++; - u64_stats_update_end(&rxq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->rx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); } if (v & EMAC_RX_BUF_UA_INT) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c index 9470d3fd2ded..0d185e54eb7e 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c @@ -171,8 +171,7 @@ int dwmac4_dma_interrupt(struct stmmac_priv *priv, void __iomem *ioaddr, const struct dwmac4_addrs *dwmac4_addrs = priv->plat->dwmac4_addrs; u32 intr_status = readl(ioaddr + DMA_CHAN_STATUS(dwmac4_addrs, chan)); u32 intr_en = readl(ioaddr + DMA_CHAN_INTR_ENA(dwmac4_addrs, chan)); - struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[chan]; - struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[chan]; + struct stmmac_pcpu_stats *stats = this_cpu_ptr(priv->xstats.pcpu_stats); int ret = 0; if (dir == DMA_DIR_RX) @@ -201,15 +200,15 @@ int dwmac4_dma_interrupt(struct stmmac_priv *priv, void __iomem *ioaddr, } /* TX/RX NORMAL interrupts */ if (likely(intr_status & DMA_CHAN_STATUS_RI)) { - u64_stats_update_begin(&rxq_stats->syncp); - rxq_stats->rx_normal_irq_n++; - u64_stats_update_end(&rxq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->rx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_rx; } if (likely(intr_status & DMA_CHAN_STATUS_TI)) { - u64_stats_update_begin(&txq_stats->syncp); - txq_stats->tx_normal_irq_n++; - u64_stats_update_end(&txq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->tx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_tx; } diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c b/drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c index 7907d62d3437..85e18f9a22f9 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c @@ -162,8 +162,7 @@ static void show_rx_process_state(unsigned int status) int dwmac_dma_interrupt(struct stmmac_priv *priv, void __iomem *ioaddr, struct stmmac_extra_stats *x, u32 chan, u32 dir) { - struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[chan]; - struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[chan]; + struct stmmac_pcpu_stats *stats = this_cpu_ptr(priv->xstats.pcpu_stats); int ret = 0; /* read the status register (CSR5) */ u32 intr_status = readl(ioaddr + DMA_STATUS); @@ -215,16 +214,16 @@ int dwmac_dma_interrupt(struct stmmac_priv *priv, void __iomem *ioaddr, u32 value = readl(ioaddr + DMA_INTR_ENA); /* to schedule NAPI on real RIE event. */ if (likely(value & DMA_INTR_ENA_RIE)) { - u64_stats_update_begin(&rxq_stats->syncp); - rxq_stats->rx_normal_irq_n++; - u64_stats_update_end(&rxq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->rx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_rx; } } if (likely(intr_status & DMA_STATUS_TI)) { - u64_stats_update_begin(&txq_stats->syncp); - txq_stats->tx_normal_irq_n++; - u64_stats_update_end(&txq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->tx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_tx; } if (unlikely(intr_status & DMA_STATUS_ERI)) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c index 3cde695fec91..dd2ab6185c40 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c @@ -337,8 +337,7 @@ static int dwxgmac2_dma_interrupt(struct stmmac_priv *priv, struct stmmac_extra_stats *x, u32 chan, u32 dir) { - struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[chan]; - struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[chan]; + struct stmmac_pcpu_stats *stats = this_cpu_ptr(priv->xstats.pcpu_stats); u32 intr_status = readl(ioaddr + XGMAC_DMA_CH_STATUS(chan)); u32 intr_en = readl(ioaddr + XGMAC_DMA_CH_INT_EN(chan)); int ret = 0; @@ -367,15 +366,15 @@ static int dwxgmac2_dma_interrupt(struct stmmac_priv *priv, /* TX/RX NORMAL interrupts */ if (likely(intr_status & XGMAC_NIS)) { if (likely(intr_status & XGMAC_RI)) { - u64_stats_update_begin(&rxq_stats->syncp); - rxq_stats->rx_normal_irq_n++; - u64_stats_update_end(&rxq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->rx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_rx; } if (likely(intr_status & (XGMAC_TI | XGMAC_TBU))) { - u64_stats_update_begin(&txq_stats->syncp); - txq_stats->tx_normal_irq_n++; - u64_stats_update_end(&txq_stats->syncp); + u64_stats_update_begin(&stats->syncp); + u64_stats_inc(&stats->tx_normal_irq_n[chan]); + u64_stats_update_end(&stats->syncp); ret |= handle_tx; } } diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c index 42d27b97dd1d..ec44becf0e2d 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c @@ -549,44 +549,79 @@ stmmac_set_pauseparam(struct net_device *netdev, } } +static u64 stmmac_get_rx_normal_irq_n(struct stmmac_priv *priv, int q) +{ + u64 total; + int cpu; + + total = 0; + for_each_possible_cpu(cpu) { + struct stmmac_pcpu_stats *pcpu; + unsigned int start; + u64 irq_n; + + pcpu = per_cpu_ptr(priv->xstats.pcpu_stats, cpu); + do { + start = u64_stats_fetch_begin(&pcpu->syncp); + irq_n = u64_stats_read(&pcpu->rx_normal_irq_n[q]); + } while (u64_stats_fetch_retry(&pcpu->syncp, start)); + total += irq_n; + } + return total; +} + +static u64 stmmac_get_tx_normal_irq_n(struct stmmac_priv *priv, int q) +{ + u64 total; + int cpu; + + total = 0; + for_each_possible_cpu(cpu) { + struct stmmac_pcpu_stats *pcpu; + unsigned int start; + u64 irq_n; + + pcpu = per_cpu_ptr(priv->xstats.pcpu_stats, cpu); + do { + start = u64_stats_fetch_begin(&pcpu->syncp); + irq_n = u64_stats_read(&pcpu->tx_normal_irq_n[q]); + } while (u64_stats_fetch_retry(&pcpu->syncp, start)); + total += irq_n; + } + return total; +} + static void stmmac_get_per_qstats(struct stmmac_priv *priv, u64 *data) { u32 tx_cnt = priv->plat->tx_queues_to_use; u32 rx_cnt = priv->plat->rx_queues_to_use; unsigned int start; - int q, stat; - char *p; + int q; for (q = 0; q < tx_cnt; q++) { struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[q]; - struct stmmac_txq_stats snapshot; + u64 pkt_n; do { - start = u64_stats_fetch_begin(&txq_stats->syncp); - snapshot = *txq_stats; - } while (u64_stats_fetch_retry(&txq_stats->syncp, start)); + start = u64_stats_fetch_begin(&txq_stats->napi_syncp); + pkt_n = u64_stats_read(&txq_stats->napi.tx_pkt_n); + } while (u64_stats_fetch_retry(&txq_stats->napi_syncp, start)); - p = (char *)&snapshot + offsetof(struct stmmac_txq_stats, tx_pkt_n); - for (stat = 0; stat < STMMAC_TXQ_STATS; stat++) { - *data++ = (*(u64 *)p); - p += sizeof(u64); - } + *data++ = pkt_n; + *data++ = stmmac_get_tx_normal_irq_n(priv, q); } for (q = 0; q < rx_cnt; q++) { struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[q]; - struct stmmac_rxq_stats snapshot; + u64 pkt_n; do { - start = u64_stats_fetch_begin(&rxq_stats->syncp); - snapshot = *rxq_stats; - } while (u64_stats_fetch_retry(&rxq_stats->syncp, start)); + start = u64_stats_fetch_begin(&rxq_stats->napi_syncp); + pkt_n = u64_stats_read(&rxq_stats->napi.rx_pkt_n); + } while (u64_stats_fetch_retry(&rxq_stats->napi_syncp, start)); - p = (char *)&snapshot + offsetof(struct stmmac_rxq_stats, rx_pkt_n); - for (stat = 0; stat < STMMAC_RXQ_STATS; stat++) { - *data++ = (*(u64 *)p); - p += sizeof(u64); - } + *data++ = pkt_n; + *data++ = stmmac_get_rx_normal_irq_n(priv, q); } } @@ -645,39 +680,49 @@ static void stmmac_get_ethtool_stats(struct net_device *dev, pos = j; for (i = 0; i < rx_queues_count; i++) { struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[i]; - struct stmmac_rxq_stats snapshot; + struct stmmac_napi_rx_stats snapshot; + u64 n_irq; j = pos; do { - start = u64_stats_fetch_begin(&rxq_stats->syncp); - snapshot = *rxq_stats; - } while (u64_stats_fetch_retry(&rxq_stats->syncp, start)); - - data[j++] += snapshot.rx_pkt_n; - data[j++] += snapshot.rx_normal_irq_n; - normal_irq_n += snapshot.rx_normal_irq_n; - napi_poll += snapshot.napi_poll; + start = u64_stats_fetch_begin(&rxq_stats->napi_syncp); + snapshot = rxq_stats->napi; + } while (u64_stats_fetch_retry(&rxq_stats->napi_syncp, start)); + + data[j++] += u64_stats_read(&snapshot.rx_pkt_n); + n_irq = stmmac_get_rx_normal_irq_n(priv, i); + data[j++] += n_irq; + normal_irq_n += n_irq; + napi_poll += u64_stats_read(&snapshot.poll); } pos = j; for (i = 0; i < tx_queues_count; i++) { struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[i]; - struct stmmac_txq_stats snapshot; + struct stmmac_napi_tx_stats napi_snapshot; + struct stmmac_q_tx_stats q_snapshot; + u64 n_irq; j = pos; do { - start = u64_stats_fetch_begin(&txq_stats->syncp); - snapshot = *txq_stats; - } while (u64_stats_fetch_retry(&txq_stats->syncp, start)); - - data[j++] += snapshot.tx_pkt_n; - data[j++] += snapshot.tx_normal_irq_n; - normal_irq_n += snapshot.tx_normal_irq_n; - data[j++] += snapshot.tx_clean; - data[j++] += snapshot.tx_set_ic_bit; - data[j++] += snapshot.tx_tso_frames; - data[j++] += snapshot.tx_tso_nfrags; - napi_poll += snapshot.napi_poll; + start = u64_stats_fetch_begin(&txq_stats->q_syncp); + q_snapshot = txq_stats->q; + } while (u64_stats_fetch_retry(&txq_stats->q_syncp, start)); + do { + start = u64_stats_fetch_begin(&txq_stats->napi_syncp); + napi_snapshot = txq_stats->napi; + } while (u64_stats_fetch_retry(&txq_stats->napi_syncp, start)); + + data[j++] += u64_stats_read(&napi_snapshot.tx_pkt_n); + n_irq = stmmac_get_tx_normal_irq_n(priv, i); + data[j++] += n_irq; + normal_irq_n += n_irq; + data[j++] += u64_stats_read(&napi_snapshot.tx_clean); + data[j++] += u64_stats_read(&q_snapshot.tx_set_ic_bit) + + u64_stats_read(&napi_snapshot.tx_set_ic_bit); + data[j++] += u64_stats_read(&q_snapshot.tx_tso_frames); + data[j++] += u64_stats_read(&q_snapshot.tx_tso_nfrags); + napi_poll += u64_stats_read(&napi_snapshot.poll); } normal_irq_n += priv->xstats.rx_early_irq; data[j++] = normal_irq_n; diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c index 25519952f754..75d029704503 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c @@ -2482,7 +2482,6 @@ static bool stmmac_xdp_xmit_zc(struct stmmac_priv *priv, u32 queue, u32 budget) struct xdp_desc xdp_desc; bool work_done = true; u32 tx_set_ic_bit = 0; - unsigned long flags; /* Avoids TX time-out as we are sharing with slow path */ txq_trans_cond_update(nq); @@ -2566,9 +2565,9 @@ static bool stmmac_xdp_xmit_zc(struct stmmac_priv *priv, u32 queue, u32 budget) tx_q->cur_tx = STMMAC_GET_ENTRY(tx_q->cur_tx, priv->dma_conf.dma_tx_size); entry = tx_q->cur_tx; } - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->tx_set_ic_bit += tx_set_ic_bit; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_update_begin(&txq_stats->napi_syncp); + u64_stats_add(&txq_stats->napi.tx_set_ic_bit, tx_set_ic_bit); + u64_stats_update_end(&txq_stats->napi_syncp); if (tx_desc) { stmmac_flush_tx_descriptors(priv, queue); @@ -2616,7 +2615,6 @@ static int stmmac_tx_clean(struct stmmac_priv *priv, int budget, u32 queue, unsigned int bytes_compl = 0, pkts_compl = 0; unsigned int entry, xmits = 0, count = 0; u32 tx_packets = 0, tx_errors = 0; - unsigned long flags; __netif_tx_lock_bh(netdev_get_tx_queue(priv->dev, queue)); @@ -2782,11 +2780,11 @@ static int stmmac_tx_clean(struct stmmac_priv *priv, int budget, u32 queue, if (tx_q->dirty_tx != tx_q->cur_tx) *pending_packets = true; - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->tx_packets += tx_packets; - txq_stats->tx_pkt_n += tx_packets; - txq_stats->tx_clean++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_update_begin(&txq_stats->napi_syncp); + u64_stats_add(&txq_stats->napi.tx_packets, tx_packets); + u64_stats_add(&txq_stats->napi.tx_pkt_n, tx_packets); + u64_stats_inc(&txq_stats->napi.tx_clean); + u64_stats_update_end(&txq_stats->napi_syncp); priv->xstats.tx_errors += tx_errors; @@ -4213,7 +4211,6 @@ static netdev_tx_t stmmac_tso_xmit(struct sk_buff *skb, struct net_device *dev) struct stmmac_tx_queue *tx_q; bool has_vlan, set_ic; u8 proto_hdr_len, hdr; - unsigned long flags; u32 pay_len, mss; dma_addr_t des; int i; @@ -4378,13 +4375,13 @@ static netdev_tx_t stmmac_tso_xmit(struct sk_buff *skb, struct net_device *dev) netif_tx_stop_queue(netdev_get_tx_queue(priv->dev, queue)); } - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->tx_bytes += skb->len; - txq_stats->tx_tso_frames++; - txq_stats->tx_tso_nfrags += nfrags; + u64_stats_update_begin(&txq_stats->q_syncp); + u64_stats_add(&txq_stats->q.tx_bytes, skb->len); + u64_stats_inc(&txq_stats->q.tx_tso_frames); + u64_stats_add(&txq_stats->q.tx_tso_nfrags, nfrags); if (set_ic) - txq_stats->tx_set_ic_bit++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_inc(&txq_stats->q.tx_set_ic_bit); + u64_stats_update_end(&txq_stats->q_syncp); if (priv->sarc_type) stmmac_set_desc_sarc(priv, first, priv->sarc_type); @@ -4483,7 +4480,6 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) struct stmmac_tx_queue *tx_q; bool has_vlan, set_ic; int entry, first_tx; - unsigned long flags; dma_addr_t des; tx_q = &priv->dma_conf.tx_queue[queue]; @@ -4653,11 +4649,11 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) netif_tx_stop_queue(netdev_get_tx_queue(priv->dev, queue)); } - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->tx_bytes += skb->len; + u64_stats_update_begin(&txq_stats->q_syncp); + u64_stats_add(&txq_stats->q.tx_bytes, skb->len); if (set_ic) - txq_stats->tx_set_ic_bit++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_inc(&txq_stats->q.tx_set_ic_bit); + u64_stats_update_end(&txq_stats->q_syncp); if (priv->sarc_type) stmmac_set_desc_sarc(priv, first, priv->sarc_type); @@ -4921,12 +4917,11 @@ static int stmmac_xdp_xmit_xdpf(struct stmmac_priv *priv, int queue, set_ic = false; if (set_ic) { - unsigned long flags; tx_q->tx_count_frames = 0; stmmac_set_tx_ic(priv, tx_desc); - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->tx_set_ic_bit++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_update_begin(&txq_stats->q_syncp); + u64_stats_inc(&txq_stats->q.tx_set_ic_bit); + u64_stats_update_end(&txq_stats->q_syncp); } stmmac_enable_dma_transmission(priv, priv->ioaddr); @@ -5076,7 +5071,6 @@ static void stmmac_dispatch_skb_zc(struct stmmac_priv *priv, u32 queue, unsigned int len = xdp->data_end - xdp->data; enum pkt_hash_types hash_type; int coe = priv->hw->rx_csum; - unsigned long flags; struct sk_buff *skb; u32 hash; @@ -5106,10 +5100,10 @@ static void stmmac_dispatch_skb_zc(struct stmmac_priv *priv, u32 queue, skb_record_rx_queue(skb, queue); napi_gro_receive(&ch->rxtx_napi, skb); - flags = u64_stats_update_begin_irqsave(&rxq_stats->syncp); - rxq_stats->rx_pkt_n++; - rxq_stats->rx_bytes += len; - u64_stats_update_end_irqrestore(&rxq_stats->syncp, flags); + u64_stats_update_begin(&rxq_stats->napi_syncp); + u64_stats_inc(&rxq_stats->napi.rx_pkt_n); + u64_stats_add(&rxq_stats->napi.rx_bytes, len); + u64_stats_update_end(&rxq_stats->napi_syncp); } static bool stmmac_rx_refill_zc(struct stmmac_priv *priv, u32 queue, u32 budget) @@ -5191,7 +5185,6 @@ static int stmmac_rx_zc(struct stmmac_priv *priv, int limit, u32 queue) unsigned int desc_size; struct bpf_prog *prog; bool failure = false; - unsigned long flags; int xdp_status = 0; int status = 0; @@ -5346,9 +5339,9 @@ static int stmmac_rx_zc(struct stmmac_priv *priv, int limit, u32 queue) stmmac_finalize_xdp_rx(priv, xdp_status); - flags = u64_stats_update_begin_irqsave(&rxq_stats->syncp); - rxq_stats->rx_pkt_n += count; - u64_stats_update_end_irqrestore(&rxq_stats->syncp, flags); + u64_stats_update_begin(&rxq_stats->napi_syncp); + u64_stats_add(&rxq_stats->napi.rx_pkt_n, count); + u64_stats_update_end(&rxq_stats->napi_syncp); priv->xstats.rx_dropped += rx_dropped; priv->xstats.rx_errors += rx_errors; @@ -5386,7 +5379,6 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue) unsigned int desc_size; struct sk_buff *skb = NULL; struct stmmac_xdp_buff ctx; - unsigned long flags; int xdp_status = 0; int buf_sz; @@ -5646,11 +5638,11 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue) stmmac_rx_refill(priv, queue); - flags = u64_stats_update_begin_irqsave(&rxq_stats->syncp); - rxq_stats->rx_packets += rx_packets; - rxq_stats->rx_bytes += rx_bytes; - rxq_stats->rx_pkt_n += count; - u64_stats_update_end_irqrestore(&rxq_stats->syncp, flags); + u64_stats_update_begin(&rxq_stats->napi_syncp); + u64_stats_add(&rxq_stats->napi.rx_packets, rx_packets); + u64_stats_add(&rxq_stats->napi.rx_bytes, rx_bytes); + u64_stats_add(&rxq_stats->napi.rx_pkt_n, count); + u64_stats_update_end(&rxq_stats->napi_syncp); priv->xstats.rx_dropped += rx_dropped; priv->xstats.rx_errors += rx_errors; @@ -5665,13 +5657,12 @@ static int stmmac_napi_poll_rx(struct napi_struct *napi, int budget) struct stmmac_priv *priv = ch->priv_data; struct stmmac_rxq_stats *rxq_stats; u32 chan = ch->index; - unsigned long flags; int work_done; rxq_stats = &priv->xstats.rxq_stats[chan]; - flags = u64_stats_update_begin_irqsave(&rxq_stats->syncp); - rxq_stats->napi_poll++; - u64_stats_update_end_irqrestore(&rxq_stats->syncp, flags); + u64_stats_update_begin(&rxq_stats->napi_syncp); + u64_stats_inc(&rxq_stats->napi.poll); + u64_stats_update_end(&rxq_stats->napi_syncp); work_done = stmmac_rx(priv, budget, chan); if (work_done < budget && napi_complete_done(napi, work_done)) { @@ -5693,13 +5684,12 @@ static int stmmac_napi_poll_tx(struct napi_struct *napi, int budget) struct stmmac_txq_stats *txq_stats; bool pending_packets = false; u32 chan = ch->index; - unsigned long flags; int work_done; txq_stats = &priv->xstats.txq_stats[chan]; - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->napi_poll++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_update_begin(&txq_stats->napi_syncp); + u64_stats_inc(&txq_stats->napi.poll); + u64_stats_update_end(&txq_stats->napi_syncp); work_done = stmmac_tx_clean(priv, budget, chan, &pending_packets); work_done = min(work_done, budget); @@ -5729,17 +5719,16 @@ static int stmmac_napi_poll_rxtx(struct napi_struct *napi, int budget) struct stmmac_rxq_stats *rxq_stats; struct stmmac_txq_stats *txq_stats; u32 chan = ch->index; - unsigned long flags; rxq_stats = &priv->xstats.rxq_stats[chan]; - flags = u64_stats_update_begin_irqsave(&rxq_stats->syncp); - rxq_stats->napi_poll++; - u64_stats_update_end_irqrestore(&rxq_stats->syncp, flags); + u64_stats_update_begin(&rxq_stats->napi_syncp); + u64_stats_inc(&rxq_stats->napi.poll); + u64_stats_update_end(&rxq_stats->napi_syncp); txq_stats = &priv->xstats.txq_stats[chan]; - flags = u64_stats_update_begin_irqsave(&txq_stats->syncp); - txq_stats->napi_poll++; - u64_stats_update_end_irqrestore(&txq_stats->syncp, flags); + u64_stats_update_begin(&txq_stats->napi_syncp); + u64_stats_inc(&txq_stats->napi.poll); + u64_stats_update_end(&txq_stats->napi_syncp); tx_done = stmmac_tx_clean(priv, budget, chan, &tx_pending_packets); tx_done = min(tx_done, budget); @@ -7065,10 +7054,13 @@ static void stmmac_get_stats64(struct net_device *dev, struct rtnl_link_stats64 u64 tx_bytes; do { - start = u64_stats_fetch_begin(&txq_stats->syncp); - tx_packets = txq_stats->tx_packets; - tx_bytes = txq_stats->tx_bytes; - } while (u64_stats_fetch_retry(&txq_stats->syncp, start)); + start = u64_stats_fetch_begin(&txq_stats->q_syncp); + tx_bytes = u64_stats_read(&txq_stats->q.tx_bytes); + } while (u64_stats_fetch_retry(&txq_stats->q_syncp, start)); + do { + start = u64_stats_fetch_begin(&txq_stats->napi_syncp); + tx_packets = u64_stats_read(&txq_stats->napi.tx_packets); + } while (u64_stats_fetch_retry(&txq_stats->napi_syncp, start)); stats->tx_packets += tx_packets; stats->tx_bytes += tx_bytes; @@ -7080,10 +7072,10 @@ static void stmmac_get_stats64(struct net_device *dev, struct rtnl_link_stats64 u64 rx_bytes; do { - start = u64_stats_fetch_begin(&rxq_stats->syncp); - rx_packets = rxq_stats->rx_packets; - rx_bytes = rxq_stats->rx_bytes; - } while (u64_stats_fetch_retry(&rxq_stats->syncp, start)); + start = u64_stats_fetch_begin(&rxq_stats->napi_syncp); + rx_packets = u64_stats_read(&rxq_stats->napi.rx_packets); + rx_bytes = u64_stats_read(&rxq_stats->napi.rx_bytes); + } while (u64_stats_fetch_retry(&rxq_stats->napi_syncp, start)); stats->rx_packets += rx_packets; stats->rx_bytes += rx_bytes; @@ -7477,9 +7469,16 @@ int stmmac_dvr_probe(struct device *device, priv->dev = ndev; for (i = 0; i < MTL_MAX_RX_QUEUES; i++) - u64_stats_init(&priv->xstats.rxq_stats[i].syncp); - for (i = 0; i < MTL_MAX_TX_QUEUES; i++) - u64_stats_init(&priv->xstats.txq_stats[i].syncp); + u64_stats_init(&priv->xstats.rxq_stats[i].napi_syncp); + for (i = 0; i < MTL_MAX_TX_QUEUES; i++) { + u64_stats_init(&priv->xstats.txq_stats[i].q_syncp); + u64_stats_init(&priv->xstats.txq_stats[i].napi_syncp); + } + + priv->xstats.pcpu_stats = + devm_netdev_alloc_pcpu_stats(device, struct stmmac_pcpu_stats); + if (!priv->xstats.pcpu_stats) + return -ENOMEM; stmmac_set_ethtool_ops(ndev); priv->pause = pause; -- 2.43.0

1 year, 3 months

8
15
0 0

[PATCH 2/3] KVM: arm64: Fix host-programmed guest events in nVHE

by Oliver Upton

Programming PMU events in the host that count during guest execution is a feature supported by perf, e.g. perf stat -e cpu_cycles:G ./lkvm run While this works for VHE, the guest/host event bitmaps are not carried through to the hypervisor in the nVHE configuration. Make kvm_pmu_update_vcpu_events() conditional on whether or not _hardware_ supports PMUv3 rather than if the vCPU as vPMU enabled. Cc: stable(a)vger.kernel.org Fixes: 84d751a019a9 ("KVM: arm64: Pass pmu events to hyp via vcpu") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- include/kvm/arm_pmu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/kvm/arm_pmu.h b/include/kvm/arm_pmu.h index 4b9d8fb393a8..df32355e3e38 100644 --- a/include/kvm/arm_pmu.h +++ b/include/kvm/arm_pmu.h @@ -86,7 +86,7 @@ void kvm_vcpu_pmu_resync_el0(void); */ #define kvm_pmu_update_vcpu_events(vcpu) \ do { \ - if (!has_vhe() && kvm_vcpu_has_pmu(vcpu)) \ + if (!has_vhe() && kvm_arm_support_pmu_v3()) \ vcpu->arch.pmu.events = *kvm_get_pmu_events(); \ } while (0) -- 2.44.0.278.ge034bb2e1d-goog

1 year, 3 months

2
1
0 0

[PATCH v4 4/5] arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP

by Johan Hovold

Add the missing PCIe CX performance level votes to avoid relying on other drivers (e.g. USB or UFS) to maintain the nominal performance level required for Gen3 speeds. Fixes: 813e83157001 ("arm64: dts: qcom: sc8280xp/sa8540p: add PCIe2-4 nodes") Cc: stable(a)vger.kernel.org # 6.2 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi index 2fc8d3308844..a8279ba6a756 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi +++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi @@ -1780,6 +1780,7 @@ pcie4: pcie@1c00000 { reset-names = "pci"; power-domains = <&gcc PCIE_4_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie4_phy>; phy-names = "pciephy"; @@ -1878,6 +1879,7 @@ pcie3b: pcie@1c08000 { reset-names = "pci"; power-domains = <&gcc PCIE_3B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3b_phy>; phy-names = "pciephy"; @@ -1976,6 +1978,7 @@ pcie3a: pcie@1c10000 { reset-names = "pci"; power-domains = <&gcc PCIE_3A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3a_phy>; phy-names = "pciephy"; @@ -2077,6 +2080,7 @@ pcie2b: pcie@1c18000 { reset-names = "pci"; power-domains = <&gcc PCIE_2B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2b_phy>; phy-names = "pciephy"; @@ -2175,6 +2179,7 @@ pcie2a: pcie@1c20000 { reset-names = "pci"; power-domains = <&gcc PCIE_2A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2a_phy>; phy-names = "pciephy"; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH 4.19 00/16] 4.19.309-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.309 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.309-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.309-rc1 Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter ------------- Diffstat: Makefile | 4 ++-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 ++-- drivers/mmc/core/mmc.c | 2 ++ drivers/net/gtp.c | 12 ++++++------ drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 ++- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +++- fs/btrfs/dev-replace.c | 24 ++++++++++++++++++++---- fs/cachefiles/bind.c | 3 +++ net/bluetooth/hci_core.c | 7 ++++--- net/bluetooth/hci_event.c | 9 ++++++++- net/bluetooth/l2cap_core.c | 8 +++++++- net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 ++ sound/core/Makefile | 1 - 17 files changed, 65 insertions(+), 25 deletions(-)

1 year, 3 months

6
21
0 0

[PATCH v3 2/2] of: overlay: Synchronize of_overlay_remove() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_overlay_remove() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/overlay.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c index 2ae7e9d24a64..7a010a62b9d8 100644 --- a/drivers/of/overlay.c +++ b/drivers/of/overlay.c @@ -8,6 +8,7 @@ #define pr_fmt(fmt) "OF: overlay: " fmt +#include <linux/device.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/of.h> @@ -853,6 +854,14 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) { int i; + /* + * Wait for any ongoing device link removals before removing some of + * nodes. Drop the global lock while waiting + */ + mutex_unlock(&of_mutex); + device_link_wait_removal(); + mutex_lock(&of_mutex); + if (ovcs->cset.entries.next) of_changeset_destroy(&ovcs->cset); @@ -862,7 +871,6 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) ovcs->id = 0; } - for (i = 0; i < ovcs->count; i++) { of_node_put(ovcs->fragments[i].target); of_node_put(ovcs->fragments[i].overlay); -- 2.43.0

1 year, 3 months

4
9
0 0

[PATCH v1] riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board

by Shengyu Qu

Since commit b2cb2ae22278f1918f7526b89760ee00b4a81393 ("mfd: axp20x: Generalise handling without interrupt"), interrupt info part for the AXP15060 PMIC is not needed anymore for Statfive Visionfive 2 board. And this would cause kernel to try to enable interrupt line 0, which is not expected. So delete this part from device tree. Cc: stable(a)vger.kernel.org Fixes: b2cb2ae22278 ("mfd: axp20x: Generalise handling without interrupt") Reported-by: Bo Gan <ganboing(a)gmail.com> Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> --- arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index b89e9791efa7..6bebabe3fa37 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -189,9 +189,6 @@ &i2c5 { axp15060: pmic@36 { compatible = "x-powers,axp15060"; reg = <0x36>; - interrupts = <0>; - interrupt-controller; - #interrupt-cells = <1>; regulators { vcc_3v3: dcdc1 { -- 2.39.2

1 year, 3 months

3
2
0 0

[PATCH v2] media: mxl5xx: Move xpt structures off stack

by Nathan Chancellor

When building for LoongArch with clang 18.0.0, the stack usage of probe() is larger than the allowed 2048 bytes: drivers/media/dvb-frontends/mxl5xx.c:1698:12: warning: stack frame size (2368) exceeds limit (2048) in 'probe' [-Wframe-larger-than] 1698 | static int probe(struct mxl *state, struct mxl5xx_cfg *cfg) | ^ 1 warning generated. This is the result of the linked LLVM commit, which changes how the arrays of structures in config_ts() get handled with CONFIG_INIT_STACK_ZERO and CONFIG_INIT_STACK_PATTERN, which causes the above warning in combination with inlining, as config_ts() gets inlined into probe(). This warning can be easily fixed by moving the array of structures off of the stack via 'static const', which is a better location for these variables anyways because they are static data that is only ever read from, never modified, so allocating the stack space is wasteful. This drops the stack usage from 2368 bytes to 256 bytes with the same compiler and configuration. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1978 Link: https://github.com/llvm/llvm-project/commit/afe8b93ffdfef5d8879e1894b9d7dda… Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes in v2: - Rebase on latest media tree - Fix typo and link in the commit message (Miguel) - Pick up Miguel's reviewed-by and tested-by tags - Link to v1: https://lore.kernel.org/r/20240111-dvb-mxl5xx-move-structs-off-stack-v1-1-c… --- drivers/media/dvb-frontends/mxl5xx.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/media/dvb-frontends/mxl5xx.c b/drivers/media/dvb-frontends/mxl5xx.c index 4ebbcf05cc09..91e9c378397c 100644 --- a/drivers/media/dvb-frontends/mxl5xx.c +++ b/drivers/media/dvb-frontends/mxl5xx.c @@ -1381,57 +1381,57 @@ static int config_ts(struct mxl *state, enum MXL_HYDRA_DEMOD_ID_E demod_id, u32 nco_count_min = 0; u32 clk_type = 0; - struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 8, 1}, {0x90700010, 9, 1}, {0x90700010, 10, 1}, {0x90700010, 11, 1}, {0x90700010, 12, 1}, {0x90700010, 13, 1}, {0x90700010, 14, 1}, {0x90700010, 15, 1} }; - struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 16, 1}, {0x90700010, 17, 1}, {0x90700010, 18, 1}, {0x90700010, 19, 1}, {0x90700010, 20, 1}, {0x90700010, 21, 1}, {0x90700010, 22, 1}, {0x90700010, 23, 1} }; - struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 0, 1}, {0x90700014, 1, 1}, {0x90700014, 2, 1}, {0x90700014, 3, 1}, {0x90700014, 4, 1}, {0x90700014, 5, 1}, {0x90700014, 6, 1}, {0x90700014, 7, 1} }; - struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { {0x90700018, 0, 3}, {0x90700018, 4, 3}, {0x90700018, 8, 3}, {0x90700018, 12, 3}, {0x90700018, 16, 3}, {0x90700018, 20, 3}, {0x90700018, 24, 3}, {0x90700018, 28, 3} }; - struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 16, 1}, {0x9070000C, 17, 1}, {0x9070000C, 18, 1}, {0x9070000C, 19, 1}, {0x9070000C, 20, 1}, {0x9070000C, 21, 1}, {0x9070000C, 22, 1}, {0x9070000C, 23, 1} }; - struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 0, 1}, {0x90700010, 1, 1}, {0x90700010, 2, 1}, {0x90700010, 3, 1}, {0x90700010, 4, 1}, {0x90700010, 5, 1}, {0x90700010, 6, 1}, {0x90700010, 7, 1} }; - struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 0, 1}, {0x9070000C, 1, 1}, {0x9070000C, 2, 1}, {0x9070000C, 3, 1}, {0x9070000C, 4, 1}, {0x9070000C, 5, 1}, {0x9070000C, 6, 1}, {0x9070000C, 7, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 24, 1}, {0x9070000C, 25, 1}, {0x9070000C, 26, 1}, {0x9070000C, 27, 1}, {0x9070000C, 28, 1}, {0x9070000C, 29, 1}, {0x9070000C, 30, 1}, {0x9070000C, 31, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 8, 1}, {0x90700014, 9, 1}, {0x90700014, 10, 1}, {0x90700014, 11, 1}, {0x90700014, 12, 1}, {0x90700014, 13, 1}, {0x90700014, 14, 1}, {0x90700014, 15, 1} }; - struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { {0x907001D4, 0, 1}, {0x907001D4, 1, 1}, {0x907001D4, 2, 1}, {0x907001D4, 3, 1}, {0x907001D4, 4, 1}, {0x907001D4, 5, 1}, {0x907001D4, 6, 1}, {0x907001D4, 7, 1} }; - struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { {0x90700044, 16, 80}, {0x90700044, 16, 81}, {0x90700044, 16, 82}, {0x90700044, 16, 83}, {0x90700044, 16, 84}, {0x90700044, 16, 85}, --- base-commit: 8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 change-id: 20240111-dvb-mxl5xx-move-structs-off-stack-e12172b1ef02 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 3 months

1
0
0 0

[PATCH] kbuild: Disable two Clang specific enumeration warnings

by Nathan Chancellor

Clang enables -Wenum-enum-conversion and -Wenum-compare-conditional under -Wenum-conversion. A recent change in Clang strengthened these warnings and they appear frequently in common builds, primarily due to several instances in common headers but there are quite a few drivers that have individual instances as well. include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + | ~~~~~~~~~~~~~~~~~~~~~ ^ 509 | item]; | ~~~~ drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:955:24: warning: conditional expression between different enumeration types ('enum iwl_mac_beacon_flags' and 'enum iwl_mac_beacon_flags_v1') [-Wenum-compare-conditional] 955 | flags |= is_new_rate ? IWL_MAC_BEACON_CCK | ^ ~~~~~~~~~~~~~~~~~~ 956 | : IWL_MAC_BEACON_CCK_V1; | ~~~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:1120:21: warning: conditional expression between different enumeration types ('enum iwl_mac_beacon_flags' and 'enum iwl_mac_beacon_flags_v1') [-Wenum-compare-conditional] 1120 | 0) > 10 ? | ^ 1121 | IWL_MAC_BEACON_FILS : | ~~~~~~~~~~~~~~~~~~~ 1122 | IWL_MAC_BEACON_FILS_V1; | ~~~~~~~~~~~~~~~~~~~~~~ While doing arithmetic with different types of enums may be potentially problematic, inspecting several instances of the warning does not reveal any obvious problems. To silence the warnings at the source level, an integral cast must be added to each mismatched enum (which is incredibly ugly when done frequently) or the value must moved out of the enum to a macro, which can remove the type safety offered by enums in other places, such as assignments that would trigger -Wenum-conversion. As the warnings do not appear to have a high signal to noise ratio and the source level silencing options are not sustainable, disable the warnings unconditionally, as they will be enabled with -Wenum-conversion and are supported in all versions of clang that can build the kernel. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2002 Link: https://github.com/llvm/llvm-project/commit/8c2ae42b3e1c6aa7c18f873edcebff7… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- scripts/Makefile.extrawarn | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn index a9e552a1e910..6053aa22b8f5 100644 --- a/scripts/Makefile.extrawarn +++ b/scripts/Makefile.extrawarn @@ -81,6 +81,14 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=designated-init) # Warn if there is an enum types mismatch KBUILD_CFLAGS += $(call cc-option,-Wenum-conversion) +ifdef CONFIG_CC_IS_CLANG +# Clang enables these extra warnings under -Wenum-conversion but the kernel +# performs arithmetic using or has conditionals returning enums of different +# types in several different places, which is rarely a bug in the kernel's +# case, so disable the warnings. +KBUILD_CFLAGS += -Wno-enum-compare-conditional +KBUILD_CFLAGS += -Wno-enum-enum-conversion +endif # # W=1 - warnings which may be relevant and do not occur too often --- base-commit: 90d35da658da8cff0d4ecbb5113f5fac9d00eb72 change-id: 20240304-disable-extra-clang-enum-warnings-bf574c7c99fd Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 3 months

4
6
0 0

[PATCH STABLE v4.19.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index 171573613c39..893ea04498f7 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -514,8 +514,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH STABLE v5.4.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index 034b0662fd3b..9cfd53eaeb4e 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -441,8 +441,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH STABLE v5.10.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index fcb7eb6a6eca..c0a8f3c9e256 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -447,8 +447,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH v4 1/2] fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio

by Bart Van Assche

If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio. Suggested-by: Jens Axboe <axboe(a)kernel.dk> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 9 ++++++++- include/linux/fs.h | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/aio.c b/fs/aio.c index bb2ff48991f3..da18dbcfcb22 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -593,6 +593,13 @@ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) struct kioctx *ctx = req->ki_ctx; unsigned long flags; + /* + * kiocb didn't come from aio or is neither a read nor a write, hence + * ignore it. + */ + if (!(iocb->ki_flags & IOCB_AIO_RW)) + return; + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; @@ -1509,7 +1516,7 @@ static int aio_prep_rw(struct kiocb *req, const struct iocb *iocb) req->ki_complete = aio_complete_rw; req->private = NULL; req->ki_pos = iocb->aio_offset; - req->ki_flags = req->ki_filp->f_iocb_flags; + req->ki_flags = req->ki_filp->f_iocb_flags | IOCB_AIO_RW; if (iocb->aio_flags & IOCB_FLAG_RESFD) req->ki_flags |= IOCB_EVENTFD; if (iocb->aio_flags & IOCB_FLAG_IOPRIO) { diff --git a/include/linux/fs.h b/include/linux/fs.h index c9deac59c29a..d47306fe1121 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -352,6 +352,8 @@ enum rw_hint { * unrelated IO (like cache flushing, new IO generation, etc). */ #define IOCB_DIO_CALLER_COMP (1 << 22) +/* kiocb is a read or write operation submitted by fs/aio.c. */ +#define IOCB_AIO_RW (1 << 23) /* for use in trace events */ #define TRACE_IOCB_STRINGS \

1 year, 3 months

4
10
0 0

[PATCH 5.10.y 0/7] Delay VERW 5.10.y backport

by Pawan Gupta

This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. - The series includes a dependency commit f87bc8dc7a7c ("x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix"). - Patch 2 includes a change that adds runtime patching for jmp (instead of verw in original series) due to lack of rip-relative relocation support in kernels <v6.5. - Fixed warning: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction. - Resolved merge conflicts in: syscall_return_via_sysret in entry_64.S swapgs_restore_regs_and_return_to_usermode in entry_64.S. __vmx_vcpu_run in vmenter.S. vmx_update_fb_clear_dis in vmx.c. - Boot tested with KASLR and KPTI enabled. - Verified VERW being executed with mitigation ON. To: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- H. Peter Anvin (Intel) (1): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Pawan Gupta (5): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry.S | 23 ++++++++++++++++++++++ arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 10 ++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/asm.h | 5 +++++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/irqflags.h | 1 + arch/x86/include/asm/nospec-branch.h | 27 +++++++++++++------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 12 ++++++++---- 15 files changed, 111 insertions(+), 45 deletions(-) --- base-commit: 9985c44f239fa0db0f3b4a1aee80794f113c135c change-id: 20240304-delay-verw-backport-5-10-y-00aad69432f4 Best regards, -- Thanks, Pawan

1 year, 3 months

1
7
0 0

[PATCH v3 0/4] Disable automatic load CCS load balancing

by Andi Shyti

Hi, this series does basically two things: 1. Disables automatic load balancing as adviced by the hardware workaround. 2. Assigns all the CCS slices to one single user engine. The user will then be able to query only one CCS engine I'm using here the "Requires: " tag, but I'm not sure the commit id will be valid, on the other hand, I don't know what commit id I should use. Thanks Tvrtko, Matt and John for your reviews! Andi Changelog ========= v2 -> v3 - Simplified the algorithm for creating the list of the exported uabi engines. (Patch 1) (Thanks, Tvrtko) - Consider the fused engines when creating the uabi engine list (Patch 2) (Thanks, Matt) - Patch 4 now uses a the refactoring from patch 1, in a cleaner outcome. v1 -> v2 - In Patch 1 use the correct workaround number (thanks Matt). - In Patch 2 do not add the extra CCS engines to the exposed UABI engine list and adapt the engine counting accordingly (thanks Tvrtko). - Reword the commit of Patch 2 (thanks John). Andi Shyti (4): drm/i915/gt: Refactor uabi engine class/instance list creation drm/i915/gt: Do not exposed fused off engines. drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Enable only one CCS for compute workload drivers/gpu/drm/i915/gt/intel_engine_user.c | 52 ++++++++++++++++----- drivers/gpu/drm/i915/gt/intel_gt.c | 11 +++++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 3 ++ drivers/gpu/drm/i915/gt/intel_workarounds.c | 6 +++ 4 files changed, 60 insertions(+), 12 deletions(-) -- 2.43.0

1 year, 3 months

4
8
0 0

[PATCH] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

by Bart Van Assche

The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first. Reported-by: Eric Biggers <ebiggers(a)kernel.org> Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Fixes: b820de741ae4 ("fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index da18dbcfcb22..9cdaa2faa536 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -589,8 +589,8 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) { - struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw); - struct kioctx *ctx = req->ki_ctx; + struct aio_kiocb *req; + struct kioctx *ctx; unsigned long flags; /* @@ -600,9 +600,13 @@ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) if (!(iocb->ki_flags & IOCB_AIO_RW)) return; + req = container_of(iocb, struct aio_kiocb, rw); + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; + ctx = req->ki_ctx; + spin_lock_irqsave(&ctx->ctx_lock, flags); list_add_tail(&req->ki_list, &ctx->active_reqs); req->ki_cancel = cancel;

1 year, 3 months

4
3
0 0

[PATCH] arm64/mm: Add memory barrier for mm_cid

by levi.yun

Currently arm64's switch_mm() doesn't always have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the activly used cid when it fails to observe active task after it sets lazy_put. By adding an smp_mb() in arm64's check_and_switch_context(), Guarantee to observe active task after sched_mm_cid_remote_clear() success to set lazy_put. Signed-off-by: levi.yun <yeoreum.yun(a)arm.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- I'm really sorry if you got this multiple times. I had some problems with the SMTP server... arch/arm64/mm/context.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c index 188197590fc9..7a9e8e6647a0 100644 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -268,6 +268,11 @@ void check_and_switch_context(struct mm_struct *mm) */ if (!system_uses_ttbr0_pan()) cpu_switch_mm(mm->pgd, mm); + + /* + * See the comments on switch_mm_cid describing user -> user transition. + */ + smp_mb(); } unsigned long arm64_mm_context_get(struct mm_struct *mm) -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 year, 3 months

3
4
0 0

[PATCH v3] acpi: Use access_width over bit_width for system memory accesses

by Jarred White

To align with ACPI 6.3+, since bit_width can be any 8-bit value, we cannot depend on it being always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits we want to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fallback to using the bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> CC: srivatsabhat(a)linux.microsoft.com CC: stable(a)vger.kernel.org #5.15+ --- changelog: v1-->v2: https://lore.kernel.org/linux-acpi/20231216001312.1160-1-jarredwhite@linux.… 1. Fixed coding style errors 2. Backwards compatibility with ioremapping of address still an open question. Suggestions are welcomed. v2-->v3: 1. Created a fallback mechanism to revert to using the bit_width 2. Re-labeled macro to GET_BIT_WIDTH 3. Collapsed the if/else statements in the cpc_read() and cpc_write() routines drivers/acpi/cppc_acpi.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..57de7edda7a5 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using the bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,9 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + /* Check for access_width for the size, otherwise use bit_width */ + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +993,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1005,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1029,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1050,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1087,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break; -- 2.34.1

1 year, 3 months

3
3
0 0

[PATCH] Revert "fs/aio: Make io_cancel() generate completions again"

by Bart Van Assche

Patch "fs/aio: Make io_cancel() generate completions again" is based on the assumption that calling kiocb->ki_cancel() does not complete R/W requests. This is incorrect: the two drivers that call kiocb_set_cancel_fn() callers set a cancellation function that calls usb_ep_dequeue(). According to its documentation, usb_ep_dequeue() calls the completion routine with status -ECONNRESET. Hence this revert. Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Reported-by: syzbot+b91eb2ed18f599dd3c31(a)syzkaller.appspotmail.com Fixes: 54cbc058d86b ("fs/aio: Make io_cancel() generate completions again") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 28223f511931..da18dbcfcb22 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -2165,11 +2165,14 @@ COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id, #endif /* sys_io_cancel: - * Attempts to cancel an iocb previously passed to io_submit(). If the - * operation is successfully cancelled 0 is returned. May fail with - * -EFAULT if any of the data structures pointed to are invalid. May - * fail with -EINVAL if aio_context specified by ctx_id is invalid. Will - * fail with -ENOSYS if not implemented. + * Attempts to cancel an iocb previously passed to io_submit. If + * the operation is successfully cancelled, the resulting event is + * copied into the memory pointed to by result without being placed + * into the completion queue and 0 is returned. May fail with + * -EFAULT if any of the data structures pointed to are invalid. + * May fail with -EINVAL if aio_context specified by ctx_id is + * invalid. May fail with -EAGAIN if the iocb specified was not + * cancelled. Will fail with -ENOSYS if not implemented. */ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, struct io_event __user *, result) @@ -2200,12 +2203,14 @@ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, } spin_unlock_irq(&ctx->ctx_lock); - /* - * The result argument is no longer used - the io_event is always - * delivered via the ring buffer. - */ - if (ret == 0 && kiocb->rw.ki_flags & IOCB_AIO_RW) - aio_complete_rw(&kiocb->rw, -EINTR); + if (!ret) { + /* + * The result argument is no longer used - the io_event is + * always delivered via the ring buffer. -EINPROGRESS indicates + * cancellation is progress: + */ + ret = -EINPROGRESS; + } percpu_ref_put(&ctx->users);

1 year, 3 months

3
4
0 0

[PATCH 5.15 00/84] 5.15.151-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.151 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.151-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.151-rc1 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Gal Pressman <gal(a)nvidia.com> Revert "tls: rx: move counting TlsDecryptErrors for sync" Jakub Kicinski <kuba(a)kernel.org> net: tls: fix async vs NIC crypto offload Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Max Krummenacher <max.krummenacher(a)toradex.com> Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Jean Sacren <sakiwit(a)gmail.com> mptcp: clean up harmless false expressions Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: rename timer related helper to less confusing names Paolo Abeni <pabeni(a)redhat.com> mptcp: process pending subflow error on close Paolo Abeni <pabeni(a)redhat.com> mptcp: move __mptcp_error_report in protocol.c Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Jakub Kicinski <kuba(a)kernel.org> tls: rx: use async as an in-out argument Jakub Kicinski <kuba(a)kernel.org> tls: rx: assume crypto always calls our callback Jakub Kicinski <kuba(a)kernel.org> tls: rx: move counting TlsDecryptErrors for sync Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't track the async count Jakub Kicinski <kuba(a)kernel.org> tls: rx: factor out writing ContentType to cmsg Jakub Kicinski <kuba(a)kernel.org> tls: rx: wrap decryption arguments in a structure Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't report text length from the bowels of decrypt Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop unnecessary arguments from tls_setup_from_iter() Jakub Kicinski <kuba(a)kernel.org> tls: hw: rx: use return value of tls_device_decrypted() to carry status Jakub Kicinski <kuba(a)kernel.org> tls: rx: refactor decrypt_skb_update() Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't issue wake ups when data is decrypted Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the decryption status in socket context Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the record type in socket context Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Florian Westphal <fw(a)strlen.de> netfilter: make function op structures const Florian Westphal <fw(a)strlen.de> netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: silence bogus compiler warning Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Vasily Averin <vvs(a)openvz.org> net: enable memcg accounting for veth queues Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++++ arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 +- drivers/interconnect/core.c | 18 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +++- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/net/veth.c | 40 +-- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- include/linux/netfilter.h | 14 +- include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_conntrack.h | 8 + include/net/strparser.h | 4 + include/net/tls.h | 11 +- include/uapi/linux/bpf.h | 37 ++- include/uapi/linux/in6.h | 2 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 ++++- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mptcp/diag.c | 3 + net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++-- net/mptcp/subflow.c | 36 --- net/netfilter/core.c | 45 +-- net/netfilter/nf_conntrack_core.c | 21 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_proto_tcp.c | 35 +++ net/netfilter/nf_nat_core.c | 2 +- net/netfilter/nf_tables_api.c | 7 + net/netfilter/nfnetlink_queue.c | 10 +- net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/tls/tls_device.c | 6 +- net/tls/tls_sw.c | 316 ++++++++++------------ net/unix/garbage.c | 22 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- tools/include/uapi/linux/bpf.h | 37 ++- tools/testing/selftests/net/mptcp/config | 2 + 72 files changed, 1046 insertions(+), 529 deletions(-)

1 year, 3 months

7
91
0 0

Re: [PATCH,V2] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU

by Kalle Valo

Larry Finger <Larry.Finger(a)gmail.com> wrote: > From: Nick Morrow <morrownr(a)gmail.com> > > Add VID/PIDs that are known to be missing for this driver. > > Removed /* 8811CU */ and /* 8821CU */ as they are redundant > since the file is specific to those chips. > > Removed /* TOTOLINK A650UA v3 */ as the manufacturer. It has a REALTEK > VID so it may not be specific to this adapter. > > Verified and tested. > > Cc: stable(a)vger.kernel.org > Signed-off-by: Nick Morrow <morrownr(a)gmail.com> > Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > Acked-by: Ping-Ke Shih <pkshih(a)realtek.com> Patch applied to wireless-next.git, thanks. b8a62478f3b1 wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU -- https://patchwork.kernel.org/project/linux-wireless/patch/4ume7mjw63u7.XlMU… https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatc…

1 year, 3 months

1
0
0 0

+ mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been added to the -mm mm-unstable branch. Its filename is mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Tue, 5 Mar 2024 15:13:49 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was valid. This wasn't present in get_swap_device() so I've added it. I couldn't find any existing get_swap_device() call sites where this extra check would cause any false alarms. Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240305151349.3781428-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1281,7 +1281,9 @@ struct swap_info_struct *get_swap_device smp_rmb(); offset = swp_offset(entry); if (offset >= si->max) - goto put_out; + goto bad_offset; + if (data_race(!si->swap_map[swp_offset(entry)])) + goto bad_free; return si; bad_nofile: @@ -1289,9 +1291,14 @@ bad_nofile: out: return NULL; put_out: - pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); percpu_ref_put(&si->users); return NULL; +bad_offset: + pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); + goto put_out; +bad_free: + pr_err("%s: %s%08lx\n", __func__, Unused_offset, entry.val); + goto put_out; } static unsigned char __swap_entry_free(struct swap_info_struct *p, @@ -1609,13 +1616,14 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch

1 year, 3 months

1
0
0 0

Re: [PATCH 6.7 000/161] 6.7.9-rc3 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 3 months

1
0
0 0

[PATCH STABLE v5.15.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c7d5566623ad..c37af50f312d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -424,8 +424,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 3 months

3
2
0 0

[PATCH] LoongArch: Define the __io_aw() hook as mmiowb()

by Huacai Chen

Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of mmiowb()") remove all mmiowb() in drivers, but it says: "NOTE: mmiowb() has only ever guaranteed ordering in conjunction with spin_unlock(). However, pairing each mmiowb() removal in this patch with the corresponding call to spin_unlock() is not at all trivial, so there is a small chance that this change may regress any drivers incorrectly relying on mmiowb() to order MMIO writes between CPUs using lock-free synchronisation." The mmio in radeon_ring_commit() is protected by a mutex rather than a spinlock, but in the mutex fastpath it behaves similar to spinlock. We can add mmiowb() calls in the radeon driver but the maintainer says he doesn't like such a workaround, and radeon is not the only example of mutex protected mmio. So we should extend the mmiowb tracking system from spinlock to mutex, and maybe other locking primitives. This is not easy and error prone, so we solve it in the architectural code, by simply defining the __io_aw() hook as mmiowb(). And we no longer need to override queued_spin_unlock() so use the generic definition. Without this, we get such an error when run 'glxgears' on weak ordering architectures such as LoongArch: radeon 0000:04:00.0: ring 0 stalled for more than 10324msec radeon 0000:04:00.0: ring 3 stalled for more than 10240msec radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3) radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) Link: https://lore.kernel.org/dri-devel/29df7e26-d7a8-4f67-b988-44353c4270ac@amd.… Link: https://lore.kernel.org/linux-arch/20240301130532.3953167-1-chenhuacai@loon… Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 ++ arch/loongarch/include/asm/qspinlock.h | 18 ------------------ 3 files changed, 3 insertions(+), 18 deletions(-) delete mode 100644 arch/loongarch/include/asm/qspinlock.h diff --git a/arch/loongarch/include/asm/Kbuild b/arch/loongarch/include/asm/Kbuild index a97c0edbb866..2dbec7853ae8 100644 --- a/arch/loongarch/include/asm/Kbuild +++ b/arch/loongarch/include/asm/Kbuild @@ -6,6 +6,7 @@ generic-y += mcs_spinlock.h generic-y += parport.h generic-y += early_ioremap.h generic-y += qrwlock.h +generic-y += qspinlock.h generic-y += rwsem.h generic-y += segment.h generic-y += user.h diff --git a/arch/loongarch/include/asm/io.h b/arch/loongarch/include/asm/io.h index c486c2341b66..4a8adcca329b 100644 --- a/arch/loongarch/include/asm/io.h +++ b/arch/loongarch/include/asm/io.h @@ -71,6 +71,8 @@ extern void __memcpy_fromio(void *to, const volatile void __iomem *from, size_t #define memcpy_fromio(a, c, l) __memcpy_fromio((a), (c), (l)) #define memcpy_toio(c, a, l) __memcpy_toio((c), (a), (l)) +#define __io_aw() mmiowb() + #include <asm-generic/io.h> #define ARCH_HAS_VALID_PHYS_ADDR_RANGE diff --git a/arch/loongarch/include/asm/qspinlock.h b/arch/loongarch/include/asm/qspinlock.h deleted file mode 100644 index 34f43f8ad591..000000000000 --- a/arch/loongarch/include/asm/qspinlock.h +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#ifndef _ASM_QSPINLOCK_H -#define _ASM_QSPINLOCK_H - -#include <asm-generic/qspinlock_types.h> - -#define queued_spin_unlock queued_spin_unlock - -static inline void queued_spin_unlock(struct qspinlock *lock) -{ - compiletime_assert_atomic_type(lock->locked); - c_sync(); - WRITE_ONCE(lock->locked, 0); -} - -#include <asm-generic/qspinlock.h> - -#endif /* _ASM_QSPINLOCK_H */ -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reinstate commit 88b065943cb5 ("drm/i915/dsi: Do display on sequence later on icl+"), for the most part. Turns out some machines (eg. Chuwi Minibook X) really do need that updated order. It is also the order the Windows driver uses. However we can't just undo the revert since that would again break Lenovo 82TQ. After staring at the VBT sequences for both machines I've concluded that the Lenovo 82TQ sequences look somewhat broken: - INIT_OTP is not present at all - what should be in INIT_OTP is found in DISPLAY_ON - what should be in DISPLAY_ON is found in BACKLIGHT_ON (along with the actual backlight stuff) The Chuwi Minibook X on the other hand has a full complement of sequences in its VBT. So let's try to deal with the broken sequences in the Lenovo 82TQ VBT by simply swapping the (non-existent) INIT_OTP sequence with the DISPLAY_ON sequence. Thus we execute DISPLAY_ON when intending to execute INIT_OTP, and execute nothing at all when intending to execute DISPLAY_ON. That should be 100% equivalent to the revert, for such broken VBTs. Cc: stable(a)vger.kernel.org Fixes: dc524d05974f ("Revert "drm/i915/dsi: Do display on sequence later on icl+"") References: https://gitlab.freedesktop.org/drm/intel/-/issues/10071 Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10334 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 43 +++++++++++++++++++---- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/display/icl_dsi.c b/drivers/gpu/drm/i915/display/icl_dsi.c index eda4a8b88590..ac456a2275db 100644 --- a/drivers/gpu/drm/i915/display/icl_dsi.c +++ b/drivers/gpu/drm/i915/display/icl_dsi.c @@ -1155,7 +1155,6 @@ static void gen11_dsi_powerup_panel(struct intel_encoder *encoder) } intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_INIT_OTP); - intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON); /* ensure all panel commands dispatched before enabling transcoder */ wait_for_cmds_dispatched_to_panel(encoder); @@ -1256,6 +1255,8 @@ static void gen11_dsi_enable(struct intel_atomic_state *state, /* step6d: enable dsi transcoder */ gen11_dsi_enable_transcoder(encoder); + intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON); + /* step7: enable backlight */ intel_backlight_enable(crtc_state, conn_state); intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_BACKLIGHT_ON); diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index 343726de9aa7..373291d10af9 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1955,16 +1955,12 @@ static int get_init_otp_deassert_fragment_len(struct drm_i915_private *i915, * these devices we split the init OTP sequence into a deassert sequence and * the actual init OTP part. */ -static void fixup_mipi_sequences(struct drm_i915_private *i915, - struct intel_panel *panel) +static void vlv_fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) { u8 *init_otp; int len; - /* Limit this to VLV for now. */ - if (!IS_VALLEYVIEW(i915)) - return; - /* Limit this to v1 vid-mode sequences */ if (panel->vbt.dsi.config->is_cmd_mode || panel->vbt.dsi.seq_version != 1) @@ -2000,6 +1996,41 @@ static void fixup_mipi_sequences(struct drm_i915_private *i915, panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] = init_otp + len - 1; } +/* + * Some machines (eg. Lenovo 82TQ) appear to have broken + * VBT sequences: + * - INIT_OTP is not present at all + * - what should be in INIT_OTP is in DISPLAY_ON + * - what should be in DISPLAY_ON is in BACKLIGHT_ON + * (along with the actual backlight stuff) + * + * To make those work we simply swap DISPLAY_ON and INIT_OTP. + * + * TODO: Do we need to limit this to specific machines, + * or examine the contents of the sequences to + * avoid false positives? + */ +static void icl_fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) +{ + if (!panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] && + panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]) { + drm_dbg_kms(&i915->drm, "Broken VBT: Swapping INIT_OTP and DISPLAY_ON sequences\n"); + + swap(panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP], + panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]); + } +} + +static void fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) +{ + if (DISPLAY_VER(i915) >= 11) + icl_fixup_mipi_sequences(i915, panel); + else if (IS_VALLEYVIEW(i915)) + vlv_fixup_mipi_sequences(i915, panel); +} + static void parse_mipi_sequence(struct drm_i915_private *i915, struct intel_panel *panel) -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH v2] mmc: tmio: avoid concurrent runs of mmc_request_done()

by Wolfram Sang

With the to-be-fixed commit, the reset_work handler cleared 'host->mrq' outside of the spinlock protected critical section. That leaves a small race window during execution of 'tmio_mmc_reset()' where the done_work handler could grab a pointer to the now invalid 'host->mrq'. Both would use it to call mmc_request_done() causing problems (see link below). However, 'host->mrq' cannot simply be cleared earlier inside the critical section. That would allow new mrqs to come in asynchronously while the actual reset of the controller still needs to be done. So, like 'tmio_mmc_set_ios()', an ERR_PTR is used to prevent new mrqs from coming in but still avoiding concurrency between work handlers. Reported-by: Dirk Behme <dirk.behme(a)de.bosch.com> Closes: https://lore.kernel.org/all/20240220061356.3001761-1-dirk.behme@de.bosch.co… Fixes: df3ef2d3c92c ("mmc: protect the tmio_mmc driver against a theoretical race") Signed-off-by: Wolfram Sang <wsa+renesas(a)sang-engineering.com> Tested-by: Dirk Behme <dirk.behme(a)de.bosch.com> Reviewed-by: Dirk Behme <dirk.behme(a)de.bosch.com> Cc: stable(a)vger.kernel.org # 3.0+ --- Change since v1/RFT: added Dirk's tags and stable tag @Ulf: this is nasty, subtle stuff. Would be awesome to have it in 6.8 already! drivers/mmc/host/tmio_mmc_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mmc/host/tmio_mmc_core.c b/drivers/mmc/host/tmio_mmc_core.c index be7f18fd4836..c253d176db69 100644 --- a/drivers/mmc/host/tmio_mmc_core.c +++ b/drivers/mmc/host/tmio_mmc_core.c @@ -259,6 +259,8 @@ static void tmio_mmc_reset_work(struct work_struct *work) else mrq->cmd->error = -ETIMEDOUT; + /* No new calls yet, but disallow concurrent tmio_mmc_done_work() */ + host->mrq = ERR_PTR(-EBUSY); host->cmd = NULL; host->data = NULL; -- 2.43.0

1 year, 3 months

3
2
0 0

[PATCH v2 1/2] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf

by Karol Herbst

If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call. Fixes: b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") Cc: Danilo Krummrich <dakr(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v6.6+ Signed-off-by: Karol Herbst <kherbst(a)redhat.com> Reviewed-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Danilo Krummrich <dakr(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240304183157.1587152-1-kher… --- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c index 49c2bcbef1299..5a887d67dc0e8 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c @@ -764,7 +764,7 @@ nouveau_gem_ioctl_pushbuf(struct drm_device *dev, void *data, return -ENOMEM; if (unlikely(nouveau_cli_uvmm(cli))) - return -ENOSYS; + return nouveau_abi16_put(abi16, -ENOSYS); list_for_each_entry(temp, &abi16->channels, head) { if (temp->chan->chid == req->channel) { -- 2.44.0

1 year, 3 months

1
0
0 0

[PATCH 1/1] xhci: Fix failure to detect ring expansion need.

by Mathias Nyman

Ring expansion checker may incorrectly assume a completely full ring is empty, missing the need for expansion. This is due to a special empty ring case where the dequeue ends up ahead of the enqueue pointer. This is seen when enqueued TRBs fill up exactly a segment, with enqueue then pointing to the end link TRB. Once those TRBs are handled the dequeue pointer will follow the link TRB and end up pointing to the first entry on the next segment, past the enqueue. This same enqueue - dequeue condition can be true if a ring is full, with enqueue ending on that last link TRB before the dequeue pointer on the next segment. This can be seen when queuing several ~510 small URBs via usbfs in one go before a single one is handled (i.e. dequeue not moved from first entry in segment). Expand the ring already when enqueue reaches the link TRB before the dequeue segment, instead of expanding it when enqueue moves into the dequeue segment. Reported-by: Chris Yokum <linux-usb(a)mail.totalphase.com> Closes: https://lore.kernel.org/all/949223224.833962.1709339266739.JavaMail.zimbra@… Tested-by: Chris Yokum <linux-usb(a)mail.totalphase.com> Fixes: f5af638f0609 ("xhci: Fix transfer ring expansion size calculation") Cc: stable(a)vger.kernel.org # v6.5+ Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index f0d8a607ff21..4f64b814d4aa 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -326,7 +326,13 @@ static unsigned int xhci_ring_expansion_needed(struct xhci_hcd *xhci, struct xhc /* how many trbs will be queued past the enqueue segment? */ trbs_past_seg = enq_used + num_trbs - (TRBS_PER_SEGMENT - 1); - if (trbs_past_seg <= 0) + /* + * Consider expanding the ring already if num_trbs fills the current + * segment (i.e. trbs_past_seg == 0), not only when num_trbs goes into + * the next segment. Avoids confusing full ring with special empty ring + * case below + */ + if (trbs_past_seg < 0) return 0; /* Empty ring special case, enqueue stuck on link trb while dequeue advanced */ -- 2.25.1

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030538-luckiness-crevice-fa39@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030537-amiss-payable-3723@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 3 months

1
0
0 0

[PATCH 5.10 00/42] 5.10.212-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.212 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.212-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.212-rc1 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Chuanhong Guo <gch981213(a)gmail.com> mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Reto Schneider <reto.schneider(a)husqvarnagroup.com> mtd: spinand: gigadevice: Support GD5F1GQ5UExxG zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++++++ arch/x86/kernel/cpu/intel.c | 178 +++++++++++---------- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++-- drivers/mtd/nand/spi/gigadevice.c | 81 ++++++++-- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/platform/x86/touchscreen_dmi.c | 4 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/cachefiles/bind.c | 3 + fs/ext4/mballoc.c | 39 ++--- fs/hugetlbfs/inode.c | 6 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 +- net/mptcp/diag.c | 3 + net/mptcp/protocol.c | 49 ++++++ net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - 39 files changed, 485 insertions(+), 196 deletions(-)

1 year, 3 months

5
46
0 0

[PATCH v2] btrfs: scrub: fix false alerts on zoned device scrubing

by Qu Wenruo

[BUG] When using zoned devices (zbc), scrub would always report super block errors like the following: # btrfs scrub start -fB /mnt/btrfs/ Starting scrub on devid 1 scrub done for b7b5c759-1baa-4561-a0ca-b8d0babcde56 Scrub started: Tue Mar 5 12:49:14 2024 Status: finished Duration: 0:00:00 Total to scrub: 288.00KiB Rate: 288.00KiB/s Error summary: super=2 Corrected: 0 Uncorrectable: 0 Unverified: 0 [CAUSE] Since the very beginning of scrub, we always go with btrfs_sb_offset() to grab the super blocks. This is fine for regular btrfs filesystems, but for zoned btrfs, super blocks are stored in dedicated zones with a ring buffer like structure. This means the old btrfs_sb_offset() is not able to give the correct bytenr for us to grabbing the super blocks, thus except the primary super block, the rest would be garbage and cause the above false alerts. [FIX] Instead of btrfs_sb_offset(), go with btrfs_sb_log_location() which is zoned friendly, to grab the correct super block location. This would introduce new error patterns, as btrfs_sb_log_location() can fail with extra errors. Here for -ENOENT we just end the scrub as there are no more super blocks. For other errors, we record it as a super block error and exit. Reported-by: WA AM <waautomata(a)gmail.com> Link: https://lore.kernel.org/all/CANU2Z0EvUzfYxczLgGUiREoMndE9WdQnbaawV5Fv5gNXpt… CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: Johannes Thumshirn <Johannes.Thumshirn(a)wdc.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/scrub.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- Changelog: v2: - Use READ to replace the number 0 - Continue checking the next super block if we hit a non-ENOENT error diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index c4bd0e60db59..201b547aac4c 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2788,7 +2788,6 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, struct btrfs_device *scrub_dev) { int i; - u64 bytenr; u64 gen; int ret = 0; struct page *page; @@ -2812,7 +2811,17 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, gen = btrfs_get_last_trans_committed(fs_info); for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) { - bytenr = btrfs_sb_offset(i); + u64 bytenr; + + ret = btrfs_sb_log_location(scrub_dev, i, READ, &bytenr); + if (ret == -ENOENT) + break; + if (ret < 0) { + spin_lock(&sctx->stat_lock); + sctx->stat.super_errors++; + spin_unlock(&sctx->stat_lock); + continue; + } if (bytenr + BTRFS_SUPER_INFO_SIZE > scrub_dev->commit_total_bytes) break; -- 2.44.0

1 year, 3 months

1
1
0 0

[PATCH] btrfs: scrub: fix false alerts on zoned device scrubing

by Qu Wenruo

[BUG] When using zoned devices (zbc), scrub would always report super block errors like the following: # btrfs scrub start -fB /mnt/btrfs/ Starting scrub on devid 1 scrub done for b7b5c759-1baa-4561-a0ca-b8d0babcde56 Scrub started: Tue Mar 5 12:49:14 2024 Status: finished Duration: 0:00:00 Total to scrub: 288.00KiB Rate: 288.00KiB/s Error summary: super=2 Corrected: 0 Uncorrectable: 0 Unverified: 0 [CAUSE] Since the very beginning of scrub, we always go with btrfs_sb_offset() to grab the super blocks. This is fine for regular btrfs filesystems, but for zoned btrfs, super blocks are stored in dedicated zones with a ring buffer like structure. This means the old btrfs_sb_offset() is not able to give the correct bytenr for us to grabbing the super blocks, thus except the primary super block, the rest would be garbage and cause the above false alerts. [FIX] Instead of btrfs_sb_offset(), go with btrfs_sb_log_location() which is zoned friendly, to grab the correct super block location. This would introduce new error patterns, as btrfs_sb_log_location() can fail with extra errors. Here for -ENOENT we just end the scrub as there are no more super blocks. For other errors, we record it as a super block error and exit. Reported-by: WA AM <waautomata(a)gmail.com> Link: https://lore.kernel.org/all/CANU2Z0EvUzfYxczLgGUiREoMndE9WdQnbaawV5Fv5gNXpt… CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Johannes Thumshirn <Johannes.Thumshirn(a)wdc.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/scrub.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index c4bd0e60db59..e1b67baa4072 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2788,7 +2788,6 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, struct btrfs_device *scrub_dev) { int i; - u64 bytenr; u64 gen; int ret = 0; struct page *page; @@ -2812,7 +2811,17 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, gen = btrfs_get_last_trans_committed(fs_info); for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) { - bytenr = btrfs_sb_offset(i); + u64 bytenr; + + ret = btrfs_sb_log_location(scrub_dev, i, 0, &bytenr); + if (ret == -ENOENT) + break; + if (ret < 0) { + spin_lock(&sctx->stat_lock); + sctx->stat.super_errors++; + spin_unlock(&sctx->stat_lock); + break; + } if (bytenr + BTRFS_SUPER_INFO_SIZE > scrub_dev->commit_total_bytes) break; -- 2.44.0

1 year, 3 months

2
2
0 0

[PATCH v3 09/10] arm64: dts: qcom: sc8280xp-x13s: disable ASPM L0s for NVMe and modem

by Johan Hovold

There are indications that ASPM L0s is not working very well on this machine so disable it also for the NVMe and modem controllers for now. Note that this is done as a precaution based on problems with the Wi-Fi on the X13s as well as the NVMe, modem and Wi-Fi on the sc8280xp-crd reference design (the NVMe controller on my X13s does not support L0s and the machine lacks a modem). Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 9567b82db9a5..057e4d9d3c0f 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -695,6 +695,8 @@ keyboard@68 { }; &pcie2a { + aspm-no-l0s; + perst-gpios = <&tlmm 143 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 145 GPIO_ACTIVE_LOW>; @@ -714,6 +716,8 @@ &pcie2a_phy { }; &pcie3a { + aspm-no-l0s; + perst-gpios = <&tlmm 151 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v3 08/10] arm64: dts: qcom: sc8280xp-x13s: disable ASPM L0s for Wi-Fi

by Johan Hovold

Enabling ASPM L0s on the Lenovo Thinkpad X13s results in Correctable Errors (BadTLP, Timeout) when accessing the Wi-Fi controller so disable it for now. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index eb8a16aa233e..9567b82db9a5 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -734,6 +734,7 @@ &pcie3a_phy { &pcie4 { max-link-speed = <2>; + aspm-no-l0s; perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v3 07/10] arm64: dts: qcom: sc8280xp-crd: disable ASPM L0s for modem and Wi-Fi

by Johan Hovold

There are indications that ASPM L0s is not working very well on this machine so disable it also for the modem and Wi-Fi controllers for now. This specifically avoids having the modem and Wi-Fi controllers bounce in an out of L0s when not used (the modem still bounces in and out of L1) as well as intermittent Correctable errors on the Wi-Fi link when not used. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts index 7e94a68d5d9f..8fc0380f65a0 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts @@ -546,6 +546,8 @@ &pcie2a_phy { }; &pcie3a { + aspm-no-l0s; + perst-gpios = <&tlmm 151 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; @@ -566,6 +568,7 @@ &pcie3a_phy { &pcie4 { max-link-speed = <2>; + aspm-no-l0s; perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v3 06/10] arm64: dts: qcom: sc8280xp-crd: disable ASPM L0s for NVMe

by Johan Hovold

Enabling ASPM L0s on the CRD results in a large amount of Correctable Errors (Timeout) when accessing the NVMe controller so disable it for now. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts index 41215567b3ae..7e94a68d5d9f 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts @@ -525,6 +525,8 @@ keyboard@68 { }; &pcie2a { + aspm-no-l0s; + perst-gpios = <&tlmm 143 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 145 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v3 05/10] arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP

by Johan Hovold

Add the missing PCIe CX performance level votes to avoid relying on other drivers (e.g. USB or UFS) to maintain the nominal performance level required for Gen3 speeds. Fixes: 813e83157001 ("arm64: dts: qcom: sc8280xp/sa8540p: add PCIe2-4 nodes") Cc: stable(a)vger.kernel.org # 6.2 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi index c8e84c53935c..424d143ee26a 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi +++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi @@ -1780,6 +1780,7 @@ pcie4: pcie@1c00000 { reset-names = "pci"; power-domains = <&gcc PCIE_4_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie4_phy>; phy-names = "pciephy"; @@ -1878,6 +1879,7 @@ pcie3b: pcie@1c08000 { reset-names = "pci"; power-domains = <&gcc PCIE_3B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3b_phy>; phy-names = "pciephy"; @@ -1976,6 +1978,7 @@ pcie3a: pcie@1c10000 { reset-names = "pci"; power-domains = <&gcc PCIE_3A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3a_phy>; phy-names = "pciephy"; @@ -2077,6 +2080,7 @@ pcie2b: pcie@1c18000 { reset-names = "pci"; power-domains = <&gcc PCIE_2B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2b_phy>; phy-names = "pciephy"; @@ -2175,6 +2179,7 @@ pcie2a: pcie@1c20000 { reset-names = "pci"; power-domains = <&gcc PCIE_2A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2a_phy>; phy-names = "pciephy"; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v3 04/10] PCI: qcom: Add support for disabling ASPM L0s in devicetree

by Johan Hovold

Commit 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") started enabling ASPM unconditionally when the hardware claims to support it. This triggers Correctable Errors for some PCIe devices on machines like the Lenovo ThinkPad X13s, which could indicate an incomplete driver ASPM implementation or that the hardware does in fact not support L0s. Add support for disabling ASPM L0s in the devicetree when it is not supported on a particular machine and controller. Note that only the 1.9.0 ops enable ASPM currently. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 09d485df34b9..0fb5dc06d2ef 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -273,6 +273,25 @@ static int qcom_pcie_start_link(struct dw_pcie *pci) return 0; } +static void qcom_pcie_clear_aspm_l0s(struct dw_pcie *pci) +{ + u16 offset; + u32 val; + + if (!of_property_read_bool(pci->dev->of_node, "aspm-no-l0s")) + return; + + offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + + dw_pcie_dbi_ro_wr_en(pci); + + val = readl(pci->dbi_base + offset + PCI_EXP_LNKCAP); + val &= ~PCI_EXP_LNKCAP_ASPM_L0S; + writel(val, pci->dbi_base + offset + PCI_EXP_LNKCAP); + + dw_pcie_dbi_ro_wr_dis(pci); +} + static void qcom_pcie_clear_hpc(struct dw_pcie *pci) { u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); @@ -962,6 +981,7 @@ static int qcom_pcie_init_2_7_0(struct qcom_pcie *pcie) static int qcom_pcie_post_init_2_7_0(struct qcom_pcie *pcie) { + qcom_pcie_clear_aspm_l0s(pcie->pci); qcom_pcie_clear_hpc(pcie->pci); return 0; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v2 0/3] Support intra-function call validation

by Rui Qi

Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. When compiling the sample code for kernel live patching, the following message is displayed when enabled: livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack Reproduction steps: 1.git checkout v5.4.269 -b v5.4.269 2.make defconfig 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m 4. make -j bzImage 5. make samples/livepatch/livepatch-sample.ko 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M 7. insmod livepatch-sample.ko Kernel live patch cannot complete successfully. After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows: [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack ...... BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269 After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"), which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support. Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, allowing the kernel live patching feature to work correctly. Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Rui Qi (1): x86/speculation: Support intra-function call validation arch/x86/include/asm/nospec-branch.h | 7 ++ include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 64 +++++++++++++++++-- 5 files changed, 91 insertions(+), 5 deletions(-) -- 2.39.2 (Apple Git-143)

1 year, 3 months

2
9
0 0

RE: [PATCH 3/5] virtio_blk: Fix device surprise removal

by Parav Pandit

> From: Parav Pandit <parav(a)nvidia.com> > Sent: Tuesday, March 5, 2024 12:06 PM > > When the PCI device is surprise removed, requests won't complete from the > device. These IOs are never completed and disk deletion hangs indefinitely. > > Fix it by aborting the IOs which the device will never complete when the VQ is > broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however timeout can take > very long time. For unresponsive device, quickly completing the request with > error enables users and upper layer to react quickly. > > Verified with multiple device unplug cycles with pending IOs in virtio used ring > and some pending with device. > > Also verified without surprise removal. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: lirongqing(a)baidu.com > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Co-developed-by: Chaitanya Kulkarni <kch(a)nvidia.com> > Signed-off-by: Chaitanya Kulkarni <kch(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > --- Please ignore this patch, I am still debugging and verifying it. Incorrectly it got CCed to stable. I am sorry for the noise. > changelog: > v0->v1: > - addressed comments from Ming and Michael > - changed the flow to not depend on broken vq anymore to avoid > the race of missing the detection > - flow updated to quiesce request queue and device, followed by > syncing with any ongoing interrupt handler or callbacks, > finally finishing the requests which are not completed by device > with error. > --- > drivers/block/virtio_blk.c | 46 +++++++++++++++++++++++++++++++++++- > -- > 1 file changed, 43 insertions(+), 3 deletions(-) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index > 2bf14a0e2815..1956172b4b1a 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1562,9 +1562,52 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_cancel_request(struct request *rq, void *data) { > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + return true; > +} > + > static void virtblk_remove(struct virtio_device *vdev) { > struct virtio_blk *vblk = vdev->priv; > + int i; > + > + /* Block upper layer to not get any new requests */ > + blk_mq_quiesce_queue(vblk->disk->queue); > + > + mutex_lock(&vblk->vdev_mutex); > + > + /* Stop all the virtqueues and configuration change notification and > also > + * synchronize with pending interrupt handlers. > + */ > + virtio_reset_device(vdev); > + > + mutex_unlock(&vblk->vdev_mutex); > + > + /* Syncronize with any callback handlers for request completion */ > + for (i = 0; i < vblk->num_vqs; i++) > + virtblk_done(vblk->vqs[i].vq); > + > + blk_sync_queue(vblk->disk->queue); > + > + /* At this point block layer and device/transport are quiet; > + * hence, safely complete all the pending requests with error. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_cancel_request, > vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* > + * Unblock any pending dispatch I/Os before we destroy device. From > + * del_gendisk() -> __blk_mark_disk_dead(disk) will set GD_DEAD flag, > + * that will make sure any new I/O from bio_queue_enter() to fail. > + */ > + blk_mq_unquiesce_queue(vblk->disk->queue); > > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > @@ -1574,9 +1617,6 @@ static void virtblk_remove(struct virtio_device > *vdev) > > mutex_lock(&vblk->vdev_mutex); > > - /* Stop all the virtqueues. */ > - virtio_reset_device(vdev); > - > /* Virtqueues are stopped, nothing can use vblk->vdev anymore. */ > vblk->vdev = NULL; > > -- > 2.34.1

1 year, 3 months

1
0
0 0

[PATCH] tee: optee: Fix kernel panic caused by incorrect error handling

by Sumit Garg

The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = 0 [ 15.425031] FSC = 0x05: level 1 translation fault [ 15.429922] Data abort info: [ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000 [ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000 [ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") lead to the introduction of this bug. So fix it appropriately. Reported-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218542 Fixes: 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") Cc: stable(a)vger.kernel.org Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> --- drivers/tee/optee/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c index 9d2afac96acc..d296c70ddfdc 100644 --- a/drivers/tee/optee/device.c +++ b/drivers/tee/optee/device.c @@ -90,13 +90,14 @@ static int optee_register_device(const uuid_t *device_uuid, u32 func) if (rc) { pr_err("device registration failed, err: %d\n", rc); put_device(&optee_device->dev); + return rc; } if (func == PTA_CMD_GET_DEVICES_SUPP) device_create_file(&optee_device->dev, &dev_attr_need_supplicant); - return rc; + return 0; } static int __optee_enumerate_devices(u32 func) -- 2.34.1

1 year, 3 months

3
4
0 0

Re: [PATCH 6.7 000/162] 6.7.9-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] init-kconfig-lower-gcc-version-check-for-warray-bounds.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: init/Kconfig: lower GCC version check for -Warray-bounds has been removed from the -mm tree. Its filename was init-kconfig-lower-gcc-version-check-for-warray-bounds.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: init/Kconfig: lower GCC version check for -Warray-bounds Date: Fri, 23 Feb 2024 09:08:27 -0800 We continue to see false positives from -Warray-bounds even in GCC 10, which is getting reported in a few places[1] still: security/security.c:811:2: warning: `memcpy' offset 32 is out of the bounds [0, 0] [-Warray-bounds] Lower the GCC version check from 11 to 10. Link: https://lkml.kernel.org/r/20240223170824.work.768-kees@kernel.org Reported-by: Lu Yao <yaolu(a)kylinos.cn> Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/ Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.c… [1] Signed-off-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Paul Moore <paul(a)paul-moore.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: "Gustavo A. R. Silva" <gustavoars(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Marc Aur��le La France <tsi(a)tuyoix.net> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Randy Dunlap <rdunlap(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/init/Kconfig~init-kconfig-lower-gcc-version-check-for-warray-bounds +++ a/init/Kconfig @@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5) default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough) -# Currently, disable gcc-11+ array-bounds globally. +# Currently, disable gcc-10+ array-bounds globally. # It's still broken in gcc-13, so no upper bound yet. -config GCC11_NO_ARRAY_BOUNDS +config GCC10_NO_ARRAY_BOUNDS def_bool y config CC_NO_ARRAY_BOUNDS bool - default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS + default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS # Currently, disable -Wstringop-overflow for GCC globally. config GCC_NO_STRINGOP_OVERFLOW _ Patches currently in -mm which might be from keescook(a)chromium.org are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close has been removed from the -mm tree. Its filename was mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close Date: Thu, 22 Feb 2024 22:59:31 +0100 When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Link: https://lkml.kernel.org/r/20240222215930.14637-2-vbabka@suse.cz Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/mmap.c~mm-mmap-fix-vma_merge-case-7-with-vma_ops-close +++ a/mm/mmap.c @@ -954,13 +954,21 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; remove = curr; } else { /* case 5 */ adjust = curr; adj_start = (end - curr->vm_start); } + if (!err) + err = dup_anon_vma(prev, curr, &anon_dup); } } else { /* merge_next */ vma_start_write(next); _ Patches currently in -mm which might be from vbabka(a)suse.cz are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails Date: Thu, 22 Feb 2024 16:08:15 +0800 After ptep_clear_flush(), if we find that src_folio is pinned we will fail UFFDIO_MOVE and put src_folio back to src_pte entry, but the change to src_folio->{mapping,index} is not restored in this process. This is not what we expected, so fix it. This can cause the rmap for that page to be invalid, possibly resulting in memory corruption. At least swapout+migration would no longer work, because we might fail to locate the mappings of that folio. Link: https://lkml.kernel.org/r/20240222080815.46291-1-zhengqi.arch@bytedance.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails +++ a/mm/userfaultfd.c @@ -914,9 +914,6 @@ static int move_present_pte(struct mm_st goto out; } - folio_move_anon_rmap(src_folio, dst_vma); - WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); - orig_src_pte = ptep_clear_flush(src_vma, src_addr, src_pte); /* Folio got pinned from under us. Put it back and fail the move. */ if (folio_maybe_dma_pinned(src_folio)) { @@ -925,6 +922,9 @@ static int move_present_pte(struct mm_st goto out; } + folio_move_anon_rmap(src_folio, dst_vma); + WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); + orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); /* Follow mremap() behavior and treat the entry dirty after the move */ orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are mm-pgtable-correct-the-wrong-comment-about-ptdesc-__page_flags.patch mm-pgtable-add-missing-pt_index-to-struct-ptdesc.patch s390-supplement-for-ptdesc-conversion.patch

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations has been removed from the -mm tree. Its filename was mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Date: Wed, 21 Feb 2024 12:43:58 +0100 Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/gfp.h | 9 +++++++++ mm/compaction.c | 7 +------ mm/page_alloc.c | 10 ++++++---- mm/vmscan.c | 5 ++++- 4 files changed, 20 insertions(+), 11 deletions(-) --- a/include/linux/gfp.h~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t g return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC --- a/mm/compaction.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); --- a/mm/page_alloc.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ restart: * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ retry: /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ retry: * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) --- a/mm/vmscan.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(stru { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0)) _ Patches currently in -mm which might be from vbabka(a)suse.cz are

1 year, 3 months

1
0
0 0

[PATCH 5.10] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> [apanyaki: backport to v5.10-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 24e39984914f..f608663bdfd5 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -885,8 +885,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -929,8 +929,6 @@ static void __unbind_from_irq(unsigned int irq) if (VALID_EVTCHN(evtchn)) { unsigned int cpu = cpu_from_irq(irq); - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -943,6 +941,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 3 months

3
3
0 0

[PATCH v2] serial: Lock console when calling into driver before registration

by Peter Collingbourne

During the handoff from earlycon to the real console driver, we have two separate drivers operating on the same device concurrently. In the case of the 8250 driver these concurrent accesses cause problems due to the driver's use of banked registers, controlled by LCR.DLAB. It is possible for the setup(), config_port(), pm() and set_mctrl() callbacks to set DLAB, which can cause the earlycon code that intends to access TX to instead access DLL, leading to missed output and corruption on the serial line due to unintended modifications to the baud rate. In particular, for setup() we have: univ8250_console_setup() -> serial8250_console_setup() -> uart_set_options() -> serial8250_set_termios() -> serial8250_do_set_termios() -> serial8250_do_set_divisor() For config_port() we have: serial8250_config_port() -> autoconfig() For pm() we have: serial8250_pm() -> serial8250_do_pm() -> serial8250_set_sleep() For set_mctrl() we have (for some devices): serial8250_set_mctrl() -> omap8250_set_mctrl() -> __omap8250_set_mctrl() To avoid such problems, let's make it so that the console is locked during pre-registration calls to these callbacks, which will prevent the earlycon driver from running concurrently. Remove the partial solution to this problem in the 8250 driver that locked the console only during autoconfig_irq(), as this would result in a deadlock with the new approach. The console continues to be locked during autoconfig_irq() because it can only be called through uart_configure_port(). Although this patch introduces more locking than strictly necessary (and in particular it also locks during the call to rs485_config() which is not affected by this issue as far as I can tell), it follows the principle that it is the responsibility of the generic console code to manage the earlycon handoff by ensuring that earlycon and real console driver code cannot run concurrently, and not the individual drivers. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Reviewed-by: John Ogness <john.ogness(a)linutronix.de> Link: https://linux-review.googlesource.com/id/I7cf8124dcebf8618e6b2ee543fa5b2553… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_port.c | 6 ------ drivers/tty/serial/serial_core.c | 12 ++++++++++++ kernel/printk/printk.c | 21 ++++++++++++++++++--- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8ca061d3bbb9..1d65055dde27 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -1329,9 +1329,6 @@ static void autoconfig_irq(struct uart_8250_port *up) inb_p(ICP); } - if (uart_console(port)) - console_lock(); - /* forget possible initially masked and pending IRQ */ probe_irq_off(probe_irq_on()); save_mcr = serial8250_in_MCR(up); @@ -1371,9 +1368,6 @@ static void autoconfig_irq(struct uart_8250_port *up) if (port->flags & UPF_FOURPORT) outb_p(save_ICP, ICP); - if (uart_console(port)) - console_unlock(); - port->irq = (irq > 0) ? irq : 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index d6a58a9e072a..ff85ebd3a007 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2608,7 +2608,12 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, port->type = PORT_UNKNOWN; flags |= UART_CONFIG_TYPE; } + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); port->ops->config_port(port, flags); + if (uart_console(port)) + console_unlock(); } if (port->type != PORT_UNKNOWN) { @@ -2616,6 +2621,10 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_report_port(drv, port); + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); + /* Power up port for set_mctrl() */ uart_change_pm(state, UART_PM_STATE_ON); @@ -2632,6 +2641,9 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_rs485_config(port); + if (uart_console(port)) + console_unlock(); + /* * If this driver supports console, and it hasn't been * successfully registered yet, try to re-register it. diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index f2444b581e16..f51e4e5a869d 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -3263,6 +3263,21 @@ static int __init keep_bootcon_setup(char *str) early_param("keep_bootcon", keep_bootcon_setup); +static int console_call_setup(struct console *newcon, char *options) +{ + int err; + + if (!newcon->setup) + return 0; + + /* Synchronize with possible boot console. */ + console_lock(); + err = newcon->setup(newcon, options); + console_unlock(); + + return err; +} + /* * This is called by register_console() to try to match * the newly registered console with any of the ones selected @@ -3298,8 +3313,8 @@ static int try_enable_preferred_console(struct console *newcon, if (_braille_register_console(newcon, c)) return 0; - if (newcon->setup && - (err = newcon->setup(newcon, c->options)) != 0) + err = console_call_setup(newcon, c->options); + if (err != 0) return err; } newcon->flags |= CON_ENABLED; @@ -3325,7 +3340,7 @@ static void try_enable_default_console(struct console *newcon) if (newcon->index < 0) newcon->index = 0; - if (newcon->setup && newcon->setup(newcon, NULL) != 0) + if (console_call_setup(newcon, NULL) != 0) return; newcon->flags |= CON_ENABLED; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 3 months

2
2
0 0

[PATCH v3] serial: Lock console when calling into driver before registration

by Peter Collingbourne

During the handoff from earlycon to the real console driver, we have two separate drivers operating on the same device concurrently. In the case of the 8250 driver these concurrent accesses cause problems due to the driver's use of banked registers, controlled by LCR.DLAB. It is possible for the setup(), config_port(), pm() and set_mctrl() callbacks to set DLAB, which can cause the earlycon code that intends to access TX to instead access DLL, leading to missed output and corruption on the serial line due to unintended modifications to the baud rate. In particular, for setup() we have: univ8250_console_setup() -> serial8250_console_setup() -> uart_set_options() -> serial8250_set_termios() -> serial8250_do_set_termios() -> serial8250_do_set_divisor() For config_port() we have: serial8250_config_port() -> autoconfig() For pm() we have: serial8250_pm() -> serial8250_do_pm() -> serial8250_set_sleep() For set_mctrl() we have (for some devices): serial8250_set_mctrl() -> omap8250_set_mctrl() -> __omap8250_set_mctrl() To avoid such problems, let's make it so that the console is locked during pre-registration calls to these callbacks, which will prevent the earlycon driver from running concurrently. Remove the partial solution to this problem in the 8250 driver that locked the console only during autoconfig_irq(), as this would result in a deadlock with the new approach. The console continues to be locked during autoconfig_irq() because it can only be called through uart_configure_port(). Although this patch introduces more locking than strictly necessary (and in particular it also locks during the call to rs485_config() which is not affected by this issue as far as I can tell), it follows the principle that it is the responsibility of the generic console code to manage the earlycon handoff by ensuring that earlycon and real console driver code cannot run concurrently, and not the individual drivers. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Reviewed-by: John Ogness <john.ogness(a)linutronix.de> Link: https://linux-review.googlesource.com/id/I7cf8124dcebf8618e6b2ee543fa5b2553… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org --- v3: - switch to if (err) v2: - add some comments drivers/tty/serial/8250/8250_port.c | 6 ------ drivers/tty/serial/serial_core.c | 12 ++++++++++++ kernel/printk/printk.c | 21 ++++++++++++++++++--- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8ca061d3bbb9..1d65055dde27 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -1329,9 +1329,6 @@ static void autoconfig_irq(struct uart_8250_port *up) inb_p(ICP); } - if (uart_console(port)) - console_lock(); - /* forget possible initially masked and pending IRQ */ probe_irq_off(probe_irq_on()); save_mcr = serial8250_in_MCR(up); @@ -1371,9 +1368,6 @@ static void autoconfig_irq(struct uart_8250_port *up) if (port->flags & UPF_FOURPORT) outb_p(save_ICP, ICP); - if (uart_console(port)) - console_unlock(); - port->irq = (irq > 0) ? irq : 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index d6a58a9e072a..ff85ebd3a007 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2608,7 +2608,12 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, port->type = PORT_UNKNOWN; flags |= UART_CONFIG_TYPE; } + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); port->ops->config_port(port, flags); + if (uart_console(port)) + console_unlock(); } if (port->type != PORT_UNKNOWN) { @@ -2616,6 +2621,10 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_report_port(drv, port); + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); + /* Power up port for set_mctrl() */ uart_change_pm(state, UART_PM_STATE_ON); @@ -2632,6 +2641,9 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_rs485_config(port); + if (uart_console(port)) + console_unlock(); + /* * If this driver supports console, and it hasn't been * successfully registered yet, try to re-register it. diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index f2444b581e16..89f2aa2e1172 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -3263,6 +3263,21 @@ static int __init keep_bootcon_setup(char *str) early_param("keep_bootcon", keep_bootcon_setup); +static int console_call_setup(struct console *newcon, char *options) +{ + int err; + + if (!newcon->setup) + return 0; + + /* Synchronize with possible boot console. */ + console_lock(); + err = newcon->setup(newcon, options); + console_unlock(); + + return err; +} + /* * This is called by register_console() to try to match * the newly registered console with any of the ones selected @@ -3298,8 +3313,8 @@ static int try_enable_preferred_console(struct console *newcon, if (_braille_register_console(newcon, c)) return 0; - if (newcon->setup && - (err = newcon->setup(newcon, c->options)) != 0) + err = console_call_setup(newcon, c->options); + if (err) return err; } newcon->flags |= CON_ENABLED; @@ -3325,7 +3340,7 @@ static void try_enable_default_console(struct console *newcon) if (newcon->index < 0) newcon->index = 0; - if (newcon->setup && newcon->setup(newcon, NULL) != 0) + if (console_call_setup(newcon, NULL) != 0) return; newcon->flags |= CON_ENABLED; -- 2.44.0.278.ge034bb2e1d-goog

1 year, 3 months

1
0
0 0

[PATCH v2] Bluetooth: btnxpuart: Fix btnxpuart_close

by Francesco Dolcini

From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Fix scheduling while atomic BUG in btnxpuart_close(), properly purge the transmit queue and free the receive skb. [ 10.973809] BUG: scheduling while atomic: kworker/u9:0/80/0x00000002 ... [ 10.980740] CPU: 3 PID: 80 Comm: kworker/u9:0 Not tainted 6.8.0-rc7-0.0.0-devel-00005-g61fdfceacf09 #1 [ 10.980751] Hardware name: Toradex Verdin AM62 WB on Dahlia Board (DT) [ 10.980760] Workqueue: hci0 hci_power_off [bluetooth] [ 10.981169] Call trace: ... [ 10.981363] uart_update_mctrl+0x58/0x78 [ 10.981373] uart_dtr_rts+0x104/0x114 [ 10.981381] tty_port_shutdown+0xd4/0xdc [ 10.981396] tty_port_close+0x40/0xbc [ 10.981407] uart_close+0x34/0x9c [ 10.981414] ttyport_close+0x50/0x94 [ 10.981430] serdev_device_close+0x40/0x50 [ 10.981442] btnxpuart_close+0x24/0x98 [btnxpuart] [ 10.981469] hci_dev_close_sync+0x2d8/0x718 [bluetooth] [ 10.981728] hci_dev_do_close+0x2c/0x70 [bluetooth] [ 10.981862] hci_power_off+0x20/0x64 [bluetooth] Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Cc: stable(a)vger.kernel.org Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Reviewed-by: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> [ fd: reword commit message ] Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- v2: - reword commit message - added rb neeraj v1: https://lore.kernel.org/all/20231018145540.34014-2-marcel@ziswiler.com/ --- drivers/bluetooth/btnxpuart.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index 55b6e3dcd4ec..0b93c2ff29e4 100644 --- a/drivers/bluetooth/btnxpuart.c +++ b/drivers/bluetooth/btnxpuart.c @@ -1252,6 +1252,9 @@ static int btnxpuart_close(struct hci_dev *hdev) ps_wakeup(nxpdev); serdev_device_close(nxpdev->serdev); + skb_queue_purge(&nxpdev->txq); + kfree_skb(nxpdev->rx_skb); + nxpdev->rx_skb = NULL; clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); return 0; } -- 2.39.2

1 year, 3 months

2
1
0 0

[PATCH 5.15] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> [apanyaki: backport to v5.15-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index ee691b20d4a3..04ff194fecf4 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -936,8 +936,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -981,8 +981,6 @@ static void __unbind_from_irq(unsigned int irq) unsigned int cpu = cpu_from_irq(irq); struct xenbus_device *dev; - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -1000,6 +998,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 3 months

1
0
0 0

[PATCH 6.1] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 00f8e349921d..96b96516c980 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -937,8 +937,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -982,8 +982,6 @@ static void __unbind_from_irq(unsigned int irq) unsigned int cpu = cpu_from_irq(irq); struct xenbus_device *dev; - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -1001,6 +999,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 3 months

1
0
0 0

[PATCH stable v6.7] drm/nouveau: don't fini scheduler before entity flush

by Danilo Krummrich

This bug is present in v6.7 only, since the scheduler design has been re-worked in v6.8. Client scheduler entities must be flushed before an associated GPU scheduler is teared down. Otherwise the entitiy might still hold a pointer to the scheduler's runqueue which is freed at scheduler tear down already. [ 305.224293] ================================================================== [ 305.224297] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224310] Read of size 8 at addr ffff8881440a8f48 by task rmmod/4436 [ 305.224317] CPU: 10 PID: 4436 Comm: rmmod Tainted: G U 6.7.6-100.fc38.x86_64+debug #1 [ 305.224321] Hardware name: Dell Inc. Precision 7550/01PXFR, BIOS 1.27.0 11/08/2023 [ 305.224324] Call Trace: [ 305.224327] <TASK> [ 305.224329] dump_stack_lvl+0x76/0xd0 [ 305.224336] print_report+0xcf/0x670 [ 305.224342] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224352] ? __virt_addr_valid+0x215/0x410 [ 305.224359] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224368] kasan_report+0xa6/0xe0 [ 305.224373] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224385] drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224395] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched] [ 305.224406] ? rcu_is_watching+0x15/0xb0 [ 305.224413] drm_sched_entity_destroy+0x17/0x20 [gpu_sched] [ 305.224422] nouveau_cli_fini+0x6c/0x120 [nouveau] [ 305.224658] nouveau_drm_device_fini+0x2ac/0x490 [nouveau] [ 305.224871] nouveau_drm_remove+0x18e/0x220 [nouveau] [ 305.225082] ? __pfx_nouveau_drm_remove+0x10/0x10 [nouveau] [ 305.225290] ? rcu_is_watching+0x15/0xb0 [ 305.225295] ? _raw_spin_unlock_irqrestore+0x66/0x80 [ 305.225299] ? trace_hardirqs_on+0x16/0x100 [ 305.225304] ? _raw_spin_unlock_irqrestore+0x4f/0x80 [ 305.225310] pci_device_remove+0xa3/0x1d0 [ 305.225316] device_release_driver_internal+0x379/0x540 [ 305.225322] driver_detach+0xc5/0x180 [ 305.225327] bus_remove_driver+0x11e/0x2a0 [ 305.225333] pci_unregister_driver+0x2a/0x250 [ 305.225339] nouveau_drm_exit+0x1f/0x970 [nouveau] [ 305.225548] __do_sys_delete_module+0x350/0x580 [ 305.225554] ? __pfx___do_sys_delete_module+0x10/0x10 [ 305.225562] ? syscall_enter_from_user_mode+0x26/0x90 [ 305.225567] ? rcu_is_watching+0x15/0xb0 [ 305.225571] ? syscall_enter_from_user_mode+0x26/0x90 [ 305.225575] ? trace_hardirqs_on+0x16/0x100 [ 305.225580] do_syscall_64+0x61/0xe0 [ 305.225584] ? rcu_is_watching+0x15/0xb0 [ 305.225587] ? syscall_exit_to_user_mode+0x1f/0x50 [ 305.225592] ? trace_hardirqs_on_prepare+0xe3/0x100 [ 305.225596] ? do_syscall_64+0x70/0xe0 [ 305.225600] ? trace_hardirqs_on_prepare+0xe3/0x100 [ 305.225604] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.225609] RIP: 0033:0x7f6148f3592b [ 305.225650] Code: 73 01 c3 48 8b 0d dd 04 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ad 04 0c 00 f7 d8 64 89 01 48 [ 305.225653] RSP: 002b:00007ffe89986f08 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 305.225659] RAX: ffffffffffffffda RBX: 000055cbb036e900 RCX: 00007f6148f3592b [ 305.225662] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055cbb036e968 [ 305.225664] RBP: 00007ffe89986f30 R08: 1999999999999999 R09: 0000000000000000 [ 305.225667] R10: 00007f6148fa6ac0 R11: 0000000000000206 R12: 0000000000000000 [ 305.225670] R13: 00007ffe89987190 R14: 000055cbb036e900 R15: 0000000000000000 [ 305.225678] </TASK> [ 305.225683] Allocated by task 484: [ 305.225685] kasan_save_stack+0x33/0x60 [ 305.225690] kasan_set_track+0x25/0x30 [ 305.225693] __kasan_kmalloc+0x8f/0xa0 [ 305.225696] drm_sched_init+0x3c7/0xce0 [gpu_sched] [ 305.225705] nouveau_sched_init+0xd2/0x110 [nouveau] [ 305.225913] nouveau_drm_device_init+0x130/0x3290 [nouveau] [ 305.226121] nouveau_drm_probe+0x1ab/0x6b0 [nouveau] [ 305.226329] local_pci_probe+0xda/0x190 [ 305.226333] pci_device_probe+0x23a/0x780 [ 305.226337] really_probe+0x3df/0xb80 [ 305.226341] __driver_probe_device+0x18c/0x450 [ 305.226345] driver_probe_device+0x4a/0x120 [ 305.226348] __driver_attach+0x1e5/0x4a0 [ 305.226351] bus_for_each_dev+0x106/0x190 [ 305.226355] bus_add_driver+0x2a1/0x570 [ 305.226358] driver_register+0x134/0x460 [ 305.226361] do_one_initcall+0xd3/0x430 [ 305.226366] do_init_module+0x238/0x770 [ 305.226370] load_module+0x5581/0x6f10 [ 305.226374] __do_sys_init_module+0x1f2/0x220 [ 305.226377] do_syscall_64+0x61/0xe0 [ 305.226381] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.226387] Freed by task 4436: [ 305.226389] kasan_save_stack+0x33/0x60 [ 305.226392] kasan_set_track+0x25/0x30 [ 305.226396] kasan_save_free_info+0x2b/0x50 [ 305.226399] __kasan_slab_free+0x10b/0x1a0 [ 305.226402] slab_free_freelist_hook+0x12b/0x1e0 [ 305.226406] __kmem_cache_free+0xd4/0x1d0 [ 305.226410] drm_sched_fini+0x178/0x320 [gpu_sched] [ 305.226418] nouveau_drm_device_fini+0x2a0/0x490 [nouveau] [ 305.226624] nouveau_drm_remove+0x18e/0x220 [nouveau] [ 305.226832] pci_device_remove+0xa3/0x1d0 [ 305.226836] device_release_driver_internal+0x379/0x540 [ 305.226840] driver_detach+0xc5/0x180 [ 305.226843] bus_remove_driver+0x11e/0x2a0 [ 305.226847] pci_unregister_driver+0x2a/0x250 [ 305.226850] nouveau_drm_exit+0x1f/0x970 [nouveau] [ 305.227056] __do_sys_delete_module+0x350/0x580 [ 305.227060] do_syscall_64+0x61/0xe0 [ 305.227064] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.227070] The buggy address belongs to the object at ffff8881440a8f00 which belongs to the cache kmalloc-128 of size 128 [ 305.227073] The buggy address is located 72 bytes inside of freed 128-byte region [ffff8881440a8f00, ffff8881440a8f80) [ 305.227078] The buggy address belongs to the physical page: [ 305.227081] page:00000000627efa0a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1440a8 [ 305.227085] head:00000000627efa0a order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 305.227088] flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 305.227093] page_type: 0xffffffff() [ 305.227097] raw: 0017ffffc0000840 ffff8881000428c0 ffffea0005b33500 dead000000000002 [ 305.227100] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 305.227102] page dumped because: kasan: bad access detected [ 305.227106] Memory state around the buggy address: [ 305.227109] ffff8881440a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 305.227112] ffff8881440a8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 305.227114] >ffff8881440a8f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 305.227117] ^ [ 305.227120] ffff8881440a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 305.227122] ffff8881440a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 305.227125] ================================================================== Cc: <stable(a)vger.kernel.org> # v6.7 only Reported-by: Karol Herbst <kherbst(a)redhat.com> Closes: https://gist.githubusercontent.com/karolherbst/a20eb0f937a06ed6aabe2ac2ca3d… Fixes: b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") Signed-off-by: Danilo Krummrich <dakr(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 50589f982d1a..75545da9d1e9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -708,10 +708,11 @@ nouveau_drm_device_fini(struct drm_device *dev) } mutex_unlock(&drm->clients_lock); - nouveau_sched_fini(drm); - nouveau_cli_fini(&drm->client); nouveau_cli_fini(&drm->master); + + nouveau_sched_fini(drm); + nvif_parent_dtor(&drm->parent); mutex_destroy(&drm->clients_lock); kfree(drm); -- 2.44.0

1 year, 3 months

2
4
0 0

FAILED: patch "[PATCH] mptcp: fix double-free on socket dismantle" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 10048689def7e40a4405acda16fdc6477d4ecc5c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-plausible-harmonics-a964@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 10048689def7 ("mptcp: fix double-free on socket dismantle") 7e8b88ec35ee ("mptcp: consolidate passive msk socket initialization") a88d0092b24b ("mptcp: simplify subflow_syn_recv_sock()") 2bb9a37f0e19 ("mptcp: avoid unneeded address copy") b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets") 3a236aef280e ("mptcp: refactor passive socket initialization") 7d803344fdc3 ("mptcp: fix deadlock in fastopen error path") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") f2bb566f5c97 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 10048689def7e40a4405acda16fdc6477d4ecc5c Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:18 +0100 Subject: [PATCH] mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0 __do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 __kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130 __sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0 __netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888485950880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff888485950900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950980: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc Something similar (a refcount underflow) happens with CALIPSO/IPv6. Fix this by duplicating IP / IPv6 options after clone, so that ip{,6}_sock_destruct() doesn't end up freeing the same memory area twice. Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections") Cc: stable(a)vger.kernel.org Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-8-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2c8f931c6d5b..7833a49f6214 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3178,8 +3178,50 @@ static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } + +static void mptcp_copy_ip6_options(struct sock *newsk, const struct sock *sk) +{ + const struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + struct ipv6_pinfo *newnp; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + net_warn_ratelimited("%s: Failed to copy ip6 options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} #endif +static void mptcp_copy_ip_options(struct sock *newsk, const struct sock *sk) +{ + struct ip_options_rcu *inet_opt, *newopt = NULL; + const struct inet_sock *inet = inet_sk(sk); + struct inet_sock *newinet; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + net_warn_ratelimited("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + struct sock *mptcp_sk_clone_init(const struct sock *sk, const struct mptcp_options_received *mp_opt, struct sock *ssk, @@ -3200,6 +3242,13 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_init_sock(nsk); +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + if (nsk->sk_family == AF_INET6) + mptcp_copy_ip6_options(nsk, sk); + else +#endif + mptcp_copy_ip_options(nsk, sk); + msk = mptcp_sk(nsk); msk->local_key = subflow_req->local_key; msk->token = subflow_req->token;

1 year, 3 months

3
2
0 0

[PATCH] btrfs: qgroup: verify btrfs_qgroup_inherit parameter

by Qu Wenruo

[BUG] Currently btrfs can create subvolume with an invalid qgroup inherit without triggering any error: # mkfs.btrfs -O quota -f $dev # mount $dev $mnt # btrfs subvolume create -i 2/0 $mnt/subv1 # btrfs qgroup show -prce --sync $mnt Qgroupid Referenced Exclusive Path -------- ---------- --------- ---- 0/5 16.00KiB 16.00KiB <toplevel> 0/256 16.00KiB 16.00KiB subv1 [CAUSE] We only do a very basic size check for btrfs_qgroup_inherit structure, but never really verify if the values are correct. Thus in btrfs_qgroup_inherit() function, we have to skip non-existing qgroups, and never return any error. [FIX] Fix the behavior and introduce extra checks: - Introduce early check for btrfs_qgroup_inherit structure Not only the size, but also all the qgroup ids would be verifyed. And the timing is very early, so we can return error early. This early check is very important for snapshot creation, as snapshot is delayed to transaction commit. - Drop support for btrfs_qgroup_inherit::num_ref_copies and num_excl_copies Those two members are used to specify to copy refr/excl numbers from other qgroups. This would definitely mark qgroup inconsistent, and btrfs-progs has dropped the support for them for a long time. It's time to drop the support for kernel. - Verify the supported btrfs_qgroup_inherit::flags Just in case we want to add extra flags for btrfs_qgroup_inherit. Now above subvolume creation would fail with -ENOENT other than silently ignore the non-existing qgroup. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/ioctl.c | 16 +++--------- fs/btrfs/qgroup.c | 52 ++++++++++++++++++++++++++++++++++++++ fs/btrfs/qgroup.h | 3 +++ include/uapi/linux/btrfs.h | 1 + 4 files changed, 59 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 8b80fbea1e72..c19ce2e292dc 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1382,7 +1382,7 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, if (vol_args->flags & BTRFS_SUBVOL_RDONLY) readonly = true; if (vol_args->flags & BTRFS_SUBVOL_QGROUP_INHERIT) { - u64 nums; + struct btrfs_fs_info *fs_info = inode_to_fs_info(file_inode(file)); if (vol_args->size < sizeof(*inherit) || vol_args->size > PAGE_SIZE) { @@ -1395,19 +1395,9 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, goto free_args; } - if (inherit->num_qgroups > PAGE_SIZE || - inherit->num_ref_copies > PAGE_SIZE || - inherit->num_excl_copies > PAGE_SIZE) { - ret = -EINVAL; + ret = btrfs_qgroup_check_inherit(fs_info, inherit, vol_args->size); + if (ret < 0) goto free_inherit; - } - - nums = inherit->num_qgroups + 2 * inherit->num_ref_copies + - 2 * inherit->num_excl_copies; - if (vol_args->size != struct_size(inherit, qgroups, nums)) { - ret = -EINVAL; - goto free_inherit; - } } ret = __btrfs_ioctl_snap_create(file, file_mnt_idmap(file), diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c index 4fa83c76b37b..66968092b554 100644 --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -3046,6 +3046,58 @@ int btrfs_run_qgroups(struct btrfs_trans_handle *trans) return ret; } +int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info, + struct btrfs_qgroup_inherit *inherit, + size_t size) +{ + if (inherit->flags & ~BTRFS_QGROUP_INHERIT_FLAGS_SUPP) + return -EOPNOTSUPP; + if (size < sizeof(*inherit) || size > PAGE_SIZE) + return -EINVAL; + + /* + * In the past we allow btrfs_qgroup_inherit to specify to copy + * refr/excl numbers directly from other qgroups. + * This behavior has been disable in btrfs-progs for a very long time, + * but here we should also disable them for kernel, as this behavior + * is known to mark qgroup inconsistent, and a rescan would wipe out the + * change anyway. + * + * So here we just reject any btrfs_qgroup_inherit with num_ref_copies or + * num_excl_copies. + */ + if (inherit->num_ref_copies || inherit->num_excl_copies) + return -EINVAL; + + if (inherit->num_qgroups > PAGE_SIZE) + return -EINVAL; + + if (size != struct_size(inherit, qgroups, inherit->num_qgroups)) + return -EINVAL; + + /* + * Now check all the remaining qgroups, they should all: + * - Exist + * - Be higher level qgroups. + */ + for (int i = 0; i < inherit->num_qgroups; i++) { + struct btrfs_qgroup *qgroup; + u64 qgroupid = inherit->qgroups[i]; + + if (btrfs_qgroup_level(qgroupid) == 0) + return -EINVAL; + + spin_lock(&fs_info->qgroup_lock); + qgroup = find_qgroup_rb(fs_info, qgroupid); + if (!qgroup) { + spin_unlock(&fs_info->qgroup_lock); + return -ENOENT; + } + spin_unlock(&fs_info->qgroup_lock); + } + return 0; +} + static int qgroup_auto_inherit(struct btrfs_fs_info *fs_info, u64 inode_rootid, struct btrfs_qgroup_inherit **inherit) diff --git a/fs/btrfs/qgroup.h b/fs/btrfs/qgroup.h index 1f664261c064..706640be0ec2 100644 --- a/fs/btrfs/qgroup.h +++ b/fs/btrfs/qgroup.h @@ -350,6 +350,9 @@ int btrfs_qgroup_account_extent(struct btrfs_trans_handle *trans, u64 bytenr, struct ulist *new_roots); int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans); int btrfs_run_qgroups(struct btrfs_trans_handle *trans); +int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info, + struct btrfs_qgroup_inherit *inherit, + size_t size); int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, u64 objectid, u64 inode_rootid, struct btrfs_qgroup_inherit *inherit); diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h index f8bc34a6bcfa..cdf6ad872149 100644 --- a/include/uapi/linux/btrfs.h +++ b/include/uapi/linux/btrfs.h @@ -92,6 +92,7 @@ struct btrfs_qgroup_limit { * struct btrfs_qgroup_inherit.flags */ #define BTRFS_QGROUP_INHERIT_SET_LIMITS (1ULL << 0) +#define BTRFS_QGROUP_INHERIT_FLAGS_SUPP (BTRFS_QGROUP_INHERIT_SET_LIMITS) struct btrfs_qgroup_inherit { __u64 flags; -- 2.43.2

1 year, 3 months

3
3
0 0

FAILED: patch "[PATCH] mptcp: fix double-free on socket dismantle" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 10048689def7e40a4405acda16fdc6477d4ecc5c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030452-appliance-decidable-ccdb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 10048689def7 ("mptcp: fix double-free on socket dismantle") 7e8b88ec35ee ("mptcp: consolidate passive msk socket initialization") a88d0092b24b ("mptcp: simplify subflow_syn_recv_sock()") 2bb9a37f0e19 ("mptcp: avoid unneeded address copy") b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets") 3a236aef280e ("mptcp: refactor passive socket initialization") 7d803344fdc3 ("mptcp: fix deadlock in fastopen error path") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") f2bb566f5c97 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 10048689def7e40a4405acda16fdc6477d4ecc5c Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:18 +0100 Subject: [PATCH] mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0 __do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 __kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130 __sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0 __netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888485950880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff888485950900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950980: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc Something similar (a refcount underflow) happens with CALIPSO/IPv6. Fix this by duplicating IP / IPv6 options after clone, so that ip{,6}_sock_destruct() doesn't end up freeing the same memory area twice. Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections") Cc: stable(a)vger.kernel.org Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-8-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2c8f931c6d5b..7833a49f6214 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3178,8 +3178,50 @@ static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } + +static void mptcp_copy_ip6_options(struct sock *newsk, const struct sock *sk) +{ + const struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + struct ipv6_pinfo *newnp; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + net_warn_ratelimited("%s: Failed to copy ip6 options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} #endif +static void mptcp_copy_ip_options(struct sock *newsk, const struct sock *sk) +{ + struct ip_options_rcu *inet_opt, *newopt = NULL; + const struct inet_sock *inet = inet_sk(sk); + struct inet_sock *newinet; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + net_warn_ratelimited("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + struct sock *mptcp_sk_clone_init(const struct sock *sk, const struct mptcp_options_received *mp_opt, struct sock *ssk, @@ -3200,6 +3242,13 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_init_sock(nsk); +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + if (nsk->sk_family == AF_INET6) + mptcp_copy_ip6_options(nsk, sk); + else +#endif + mptcp_copy_ip_options(nsk, sk); + msk = mptcp_sk(nsk); msk->local_key = subflow_req->local_key; msk->token = subflow_req->token;

1 year, 3 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-swimsuit-antacid-a0dd@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 3 months

3
7
0 0

FAILED: patch "[PATCH] mptcp: fix snd_wnd initialization for passive socket" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x adf1bb78dab55e36d4d557aa2fb446ebcfe9e5ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030417-jaws-icky-a0f2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: adf1bb78dab5 ("mptcp: fix snd_wnd initialization for passive socket") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From adf1bb78dab55e36d4d557aa2fb446ebcfe9e5ce Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:15 +0100 Subject: [PATCH] mptcp: fix snd_wnd initialization for passive socket Such value should be inherited from the first subflow, but passive sockets always used 'rsk_rcv_wnd'. Fixes: 6f8a612a33e4 ("mptcp: keep track of advertised windows right edge") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-5-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 442fa7d9b57a..2c8f931c6d5b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3211,7 +3211,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, msk->write_seq = subflow_req->idsn + 1; msk->snd_nxt = msk->write_seq; msk->snd_una = msk->write_seq; - msk->wnd_end = msk->snd_nxt + req->rsk_rcv_wnd; + msk->wnd_end = msk->snd_nxt + tcp_sk(ssk)->snd_wnd; msk->setsockopt_seq = mptcp_sk(sk)->setsockopt_seq; mptcp_init_sched(msk, mptcp_sk(sk)->sched);

1 year, 3 months

3
2
0 0

Re: [PATCH] libceph: init the cursor when preparing the sparse read

by Ilya Dryomov

On Mon, Mar 4, 2024 at 3:00 PM Xiubo Li <xiubli(a)redhat.com> wrote: > > > On 3/4/24 19:02, Ilya Dryomov wrote: > > On Mon, Mar 4, 2024 at 2:02 AM Xiubo Li <xiubli(a)redhat.com> wrote: > > On 3/2/24 00:16, Ilya Dryomov wrote: > > On Thu, Feb 29, 2024 at 5:22 AM <xiubli(a)redhat.com> wrote: > > From: Xiubo Li <xiubli(a)redhat.com> > > The osd code has remove cursor initilizing code and this will make > the sparse read state into a infinite loop. We should initialize > the cursor just before each sparse-read in messnger v2. > > Cc: stable(a)vger.kernel.org > URL: https://tracker.ceph.com/issues/64607 > Fixes: 8e46a2d068c9 ("libceph: just wait for more data to be available on the socket") > Reported-by: Luis Henriques <lhenriques(a)suse.de> > Signed-off-by: Xiubo Li <xiubli(a)redhat.com> > --- > net/ceph/messenger_v2.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c > index a0ca5414b333..7ae0f80100f4 100644 > --- a/net/ceph/messenger_v2.c > +++ b/net/ceph/messenger_v2.c > @@ -2025,6 +2025,7 @@ static int prepare_sparse_read_cont(struct ceph_connection *con) > static int prepare_sparse_read_data(struct ceph_connection *con) > { > struct ceph_msg *msg = con->in_msg; > + u64 len = con->in_msg->sparse_read_total ? : data_len(con->in_msg); > > Hi Xiubo, > > Why is sparse_read_total being tested here? Isn't this function > supposed to be called only for sparse reads, after the state is set to > IN_S_PREPARE_SPARSE_DATA based on a similar test: > > if (msg->sparse_read_total) > con->v2.in_state = IN_S_PREPARE_SPARSE_DATA; > else > con->v2.in_state = IN_S_PREPARE_READ_DATA; > > Then the patch could be simplified and just be: > > diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c > index a0ca5414b333..ab3ab130a911 100644 > --- a/net/ceph/messenger_v2.c > +++ b/net/ceph/messenger_v2.c > @@ -2034,6 +2034,9 @@ static int prepare_sparse_read_data(struct > ceph_connection *con) > if (!con_secure(con)) > con->in_data_crc = -1; > > + ceph_msg_data_cursor_init(&con->v2.in_cursor, con->in_msg, > + con->in_msg->sparse_read_total); > + > reset_in_kvecs(con); > con->v2.in_state = IN_S_PREPARE_SPARSE_DATA_CONT; > con->v2.data_len_remain = data_len(msg); > > Else where should we do the test like this ? > > Hi Xiubo, > > I suspect you copied this test from prepare_message_data() in msgr1, > where that function is called unconditionally for all reads. In msgr2, > prepare_sparse_read_data() is called conditionally, so the test just > seems bogus. > > That said, CephFS is the only user of sparse read code, so you should > know better at this point ;) > > As we know the 'sparse_read_total' it's a dedicated member and will be set only in sparse-read case. > > In msgr1 for all the read cases they will call "prepare_message_data()", so I just did this check in "prepare_message_data()". Right. > > While for msgr2 it's a little different from msg1 and it won't call 'prepare_read_data()' for all the reads, and for sparse-read it has its own dedicated helper, which is "prepare_sparse_read_data()". Right. > So I just did this check in 'prepare_sparse_read_data()' instead. This where I'm getting lost. Why do a "is this a sparse read" check in a helper that is dedicated to sparse reads and isn't called for anything else? > For "prepare_read_data()" it doesn't make any sense to check "sparse_read_total". Right, so why doesn't the same go for prepare_sparse_read_data()? Thanks, Ilya

1 year, 3 months

1
0
0 0

Seaside Serendipity: Stock Up on Our Functional and Fashionable Beach Chairs.

by Justcool Furniture

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030421-badly-bucket-6555@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") f4a75e9d1100 ("selftests: mptcp: run userspace pm tests slower") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 3 months

2
6
0 0

[PATCH 6.7.y v2 0/5] Delay VERW - 6.7.y backport

by Pawan Gupta

v2: - Dropped already backported patch "x86/bugs: Add asm helpers for executing VERW". https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… - Boot tested with KASLR and KPTI enabled. - Rebased to v6.7.8 v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-7-y-v1-0-ab25f6431… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 2/7: A conflict was resolved for the hunk swapgs_restore_regs_and_return_to_usermode. Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (4): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/arch/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 ------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 20 +++++++++++++++---- 11 files changed, 75 insertions(+), 45 deletions(-) --- base-commit: d6d6c49dbf4512f1421f5e42896e2d70dc121f9a change-id: 20240226-delay-verw-backport-6-7-y-a2cb3f26bb90 Best regards, -- Thanks, Pawan

1 year, 3 months

2
6
0 0

[PATCH] libceph: init the cursor when preparing the sparse read

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> The osd code has remove cursor initilizing code and this will make the sparse read state into a infinite loop. We should initialize the cursor just before each sparse-read in messnger v2. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/64607 Fixes: 8e46a2d068c9 ("libceph: just wait for more data to be available on the socket") Reported-by: Luis Henriques <lhenriques(a)suse.de> Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- net/ceph/messenger_v2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c index a0ca5414b333..7ae0f80100f4 100644 --- a/net/ceph/messenger_v2.c +++ b/net/ceph/messenger_v2.c @@ -2025,6 +2025,7 @@ static int prepare_sparse_read_cont(struct ceph_connection *con) static int prepare_sparse_read_data(struct ceph_connection *con) { struct ceph_msg *msg = con->in_msg; + u64 len = con->in_msg->sparse_read_total ? : data_len(con->in_msg); dout("%s: starting sparse read\n", __func__); @@ -2034,6 +2035,8 @@ static int prepare_sparse_read_data(struct ceph_connection *con) if (!con_secure(con)) con->in_data_crc = -1; + ceph_msg_data_cursor_init(&con->v2.in_cursor, con->in_msg, len); + reset_in_kvecs(con); con->v2.in_state = IN_S_PREPARE_SPARSE_DATA_CONT; con->v2.data_len_remain = data_len(msg); -- 2.43.0

1 year, 3 months

4
10
0 0

[PATCH net 0/2] selftests: mptcp: fixes for diag.sh

by Matthieu Baerts (NGI0)

Here are two patches fixing issues in MPTCP diag.sh kselftest: - Patch 1 makes sure the exit code is '1' in case of error, and not the test ID, not to return an exit code that would be wrongly interpreted by the ksefltests framework, e.g. '4' means 'skip'. - Patch 2 avoids waiting for unnecessary conditions, which can cause timeouts in some very slow environments. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt Matthieu Baerts (NGI0) (1): selftests: mptcp: diag: avoid extra waiting tools/testing/selftests/net/mptcp/diag.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) --- base-commit: 1c61728be22c1cb49c1be88693e72d8c06b1c81e change-id: 20240301-upstream-net-20240301-selftests-mptcp-diag-exit-timeout-207d7925b7c0 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 3 months

2
2
0 0

[PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> These are the remaining patches that bring v6.1 in sync with v6.6 in terms of support for 4k section alignment and strict separation of executable and writable mappings. More details in [0]. [0] https://lkml.kernel.org/r/CAMj1kXE5y%2B6Fef1SqsePO1p8eGEL_qKR9ZkNPNKb-y6P8-… Ard Biesheuvel (15): arm64: efi: Limit allocations to 48-bit addressable physical region x86/efistub: Simplify and clean up handover entry code x86/decompressor: Avoid magic offsets for EFI handover entrypoint x86/efistub: Clear BSS in EFI handover protocol entrypoint x86/decompressor: Move global symbol references to C code efi/libstub: Add limit argument to efi_random_alloc() x86/efistub: Perform 4/5 level paging switch from the stub x86/decompressor: Factor out kernel decompression and relocation x86/efistub: Prefer EFI memory attributes protocol over DXE services x86/efistub: Perform SNP feature test while running in the firmware x86/efistub: Avoid legacy decompressor when doing EFI boot efi/x86: Avoid physical KASLR on older Dell systems x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: efistub: Assign global boot_params variable Evgeniy Baskov (1): efi/libstub: Add memory attribute protocol definitions Johan Hovold (1): efi: efivars: prevent double registration Yuntao Wang (1): efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Documentation/x86/boot.rst | 2 +- arch/arm64/include/asm/efi.h | 1 + arch/x86/boot/compressed/Makefile | 5 + arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/efi_mixed.S | 107 +++---- arch/x86/boot/compressed/head_32.S | 32 --- arch/x86/boot/compressed/head_64.S | 63 +---- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/misc.c | 69 +++-- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 9 +- arch/x86/boot/compressed/sev.c | 114 ++++---- arch/x86/include/asm/boot.h | 10 + arch/x86/include/asm/efi.h | 14 +- arch/x86/include/asm/sev.h | 7 + drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/alignedmem.c | 2 + drivers/firmware/efi/libstub/arm64-stub.c | 7 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 2 + drivers/firmware/efi/libstub/efistub.h | 28 +- drivers/firmware/efi/libstub/mem.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 14 +- drivers/firmware/efi/libstub/x86-5lvl.c | 95 +++++++ drivers/firmware/efi/libstub/x86-stub.c | 295 +++++++++++--------- drivers/firmware/efi/libstub/x86-stub.h | 17 ++ drivers/firmware/efi/vars.c | 13 +- include/linux/efi.h | 1 + 29 files changed, 560 insertions(+), 402 deletions(-) create mode 100644 drivers/firmware/efi/libstub/x86-5lvl.c create mode 100644 drivers/firmware/efi/libstub/x86-stub.h -- 2.44.0.278.ge034bb2e1d-goog

1 year, 3 months

2
19
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030422-dinner-rotten-5ef3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") f4a75e9d1100 ("selftests: mptcp: run userspace pm tests slower") 03668c65d153 ("selftests: mptcp: join: rework detailed report") 9e86a297796b ("selftests: mptcp: sockopt: format subtests results in TAP") 7f117cd37c61 ("selftests: mptcp: join: format subtests results in TAP") c4192967e62f ("selftests: mptcp: lib: format subtests results in TAP") e198ad759273 ("selftests: mptcp: userspace_pm: uniform results printing") 8320b1387a15 ("selftests: mptcp: userspace_pm: fix shellcheck warnings") e141c1e8e4c1 ("selftests: mptcp: userspace pm: don't stop if error") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 966c6c3adfb1 ("selftests: mptcp: userspace_pm: report errors with 'remove' tests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 3 months

3
5
0 0

[PATCH stable 6.1] NFS: Fix data corruption caused by congestion.

by NeilBrown

when AOP_WRITEPAGE_ACTIVATE is returned (as NFS does when it detects congestion) it is important that the page is redirtied. nfs_writepage_locked() doesn't do this, so files can become corrupted as writes can be lost. Note that this is not needed in v6.8 as AOP_WRITEPAGE_ACTIVATE cannot be returned. It is needed for kernels v5.18..v6.7. From 6.3 onward the patch is different as it needs to mention "folio", not "page". Reported-and-tested-by: Jacek Tomaka <Jacek.Tomaka(a)poczta.fm> Fixes: 6df25e58532b ("nfs: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> --- fs/nfs/write.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/nfs/write.c b/fs/nfs/write.c index f41d24b54fd1..6a0606668417 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -667,8 +667,10 @@ static int nfs_writepage_locked(struct page *page, int err; if (wbc->sync_mode == WB_SYNC_NONE && - NFS_SERVER(inode)->write_congested) + NFS_SERVER(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } nfs_inc_stats(inode, NFSIOS_VFSWRITEPAGE); nfs_pageio_init_write(&pgio, inode, 0, -- 2.43.0

1 year, 3 months

2
1
0 0

[REGRESSION][PATCH 5.15 v1] Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"

by max.oss.09＠gmail.com

From: Max Krummenacher <max.krummenacher(a)toradex.com> This reverts commit ef4a40953c8076626875ff91c41e210fcee7a6fd. The commit was applied to make further commits apply cleanly, but the commit depends on other commits in the same patchset. I.e. the controlling DSI host would need a change too. Thus one would need to backport the full patchset changing the DSI hosts and all downstream DSI device drivers. Revert the commit and fix up the conflicts with the backported fixes to the lt8912b driver. Signed-off-by: Max Krummenacher <max.krummenacher(a)toradex.com> Conflicts: drivers/gpu/drm/bridge/lontium-lt8912b.c --- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/bridge/lontium-lt8912b.c b/drivers/gpu/drm/bridge/lontium-lt8912b.c index 6891863ed5104..e16b0fc0cda0f 100644 --- a/drivers/gpu/drm/bridge/lontium-lt8912b.c +++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c @@ -571,6 +571,10 @@ static int lt8912_bridge_attach(struct drm_bridge *bridge, if (ret) goto error; + ret = lt8912_attach_dsi(lt); + if (ret) + goto error; + return 0; error: @@ -726,15 +730,8 @@ static int lt8912_probe(struct i2c_client *client, drm_bridge_add(&lt->bridge); - ret = lt8912_attach_dsi(lt); - if (ret) - goto err_attach; - return 0; -err_attach: - drm_bridge_remove(&lt->bridge); - lt8912_free_i2c(lt); err_i2c: lt8912_put_dt(lt); err_dt_parse: -- 2.42.0

1 year, 3 months

2
1
0 0

EFI/x86 backports for v6.1

by Ard Biesheuvel

Please consider the patches below for backporting to v6.1. They should all apply cleanly in the given order. These are prerequisites for NX compat support on x86, but the remaining changes do not apply cleanly and will be sent as a patch series at a later date. By themselves, these changes not only constitute a reasonable cleanup, they are also needed for future support of x86s [0] CPUs that are no longer able to transition out of long mode. Documentation/x86/boot.rst | 2 +- arch/x86/Kconfig | 17 + arch/x86/boot/compressed/Makefile | 8 +- arch/x86/boot/compressed/efi_mixed.S | 383 +++++++++++++++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ---------- arch/x86/boot/compressed/head_32.S | 25 +- arch/x86/boot/compressed/head_64.S | 566 ++++++----------------------- arch/x86/boot/compressed/mem_encrypt.S | 152 +++++++- arch/x86/boot/compressed/misc.c | 34 +- arch/x86/boot/compressed/misc.h | 2 - arch/x86/boot/compressed/pgtable.h | 10 +- arch/x86/boot/compressed/pgtable_64.c | 87 ++--- arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 2 + drivers/firmware/efi/efi.c | 22 ++ drivers/firmware/efi/libstub/alignedmem.c | 5 +- drivers/firmware/efi/libstub/arm64-stub.c | 6 +- drivers/firmware/efi/libstub/efistub.h | 6 +- drivers/firmware/efi/libstub/mem.c | 3 +- drivers/firmware/efi/libstub/randomalloc.c | 5 +- drivers/firmware/efi/libstub/x86-stub.c | 53 ++- drivers/firmware/efi/vars.c | 13 +- include/linux/decompress/mm.h | 2 +- 23 files changed, 805 insertions(+), 795 deletions(-) [0] https://www.intel.com/content/www/us/en/developer/articles/technical/envisi… 9cf42bca30e9 efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory cb8bda8ad443 x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S e2ab9eab324c x86/boot/compressed: Move 32-bit entrypoint code into .text section 5c3a85f35b58 x86/boot/compressed: Move bootargs parsing out of 32-bit startup code 91592b5c0c2f x86/boot/compressed: Move efi32_pe_entry into .text section 73a6dec80e2a x86/boot/compressed: Move efi32_entry out of head_64.S 7f22ca396778 x86/boot/compressed: Move efi32_pe_entry() out of head_64.S 4b52016247ae x86/boot/compressed, efi: Merge multiple definitions of image_offset into one 630f337f0c4f x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk 6aac80a8da46 x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() d73a257f7f86 x86/boot/compressed: Pull global variable reference into startup32_load_idt() c6355995ba47 x86/boot/compressed: Move startup32_load_idt() into .text section 9ea813be3d34 x86/boot/compressed: Move startup32_load_idt() out of head_64.S b5d854cd4b6a x86/boot/compressed: Move startup32_check_sev_cbit() into .text 9d7eaae6a071 x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S 30c9ca16a527 x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() 61de13df9590 x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y bad267f9e18f efi: verify that variable services are supported 0217a40d7ba6 efi: efivars: prevent double registration cc3fdda2876e x86/efi: Make the deprecated EFI handover protocol optional 7734a0f31e99 x86/boot: Robustify calling startup_{32,64}() from the decompressor code d2d7a54f69b6 x86/efistub: Branch straight to kernel entry point from C code df9215f15206 x86/efistub: Simplify and clean up handover entry code 127920645876 x86/decompressor: Avoid magic offsets for EFI handover entrypoint d7156b986d4c x86/efistub: Clear BSS in EFI handover protocol entrypoint 8b63cba746f8 x86/decompressor: Store boot_params pointer in callee save register 00c6b0978ec1 x86/decompressor: Assign paging related global variables earlier e8972a76aa90 x86/decompressor: Call trampoline as a normal function 918a7a04e717 x86/decompressor: Use standard calling convention for trampoline bd328aa01ff7 x86/decompressor: Avoid the need for a stack in the 32-bit trampoline 64ef578b6b68 x86/decompressor: Call trampoline directly from C code f97b67a773cd x86/decompressor: Only call the trampoline when changing paging levels cb83cece57e1 x86/decompressor: Pass pgtable address to trampoline directly 03dda95137d3 x86/decompressor: Merge trampoline cleanup with switching code 24388292e2d7 x86/decompressor: Move global symbol references to C code 8217ad0a435f decompress: Use 8 byte alignment

1 year, 3 months

2
2
0 0

[PATCH v5.15-v5.4] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

by Vamsi Krishna Brahmajosyula

From: Oscar Salvador <osalvador(a)suse.de> commit 79d72c68c58784a3e1cd2378669d51bfd0cb7498 upstream. When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hcd(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula(a)broadcom.com> --- fs/hugetlbfs/inode.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 54379ee573b1..9b6004bc96de 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1234,6 +1234,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1278,11 +1279,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps >> 20); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size: -- 2.43.2

1 year, 3 months

2
1
0 0

[PATCH] mm/huge_memory: fix swap entry values of tail pages of THP

by Charan Teja Kalla

An anon THP page is first added to swap cache before reclaiming it. Initially, each tail page contains the proper swap entry value(stored in ->private field) which is filled from add_to_swap_cache(). After migrating the THP page sitting on the swap cache, only the swap entry of the head page is filled(see folio_migrate_mapping()). Now when this page is tried to split(one case is when this page is again migrated, see migrate_pages()->try_split_thp()), the tail pages ->private is not stored with proper swap entry values. When this tail page is now try to be freed, as part of it delete_from_swap_cache() is called which operates on the wrong swap cache index and eventually replaces the wrong swap cache index with shadow/NULL value, frees the page. This leads to the state with a swap cache containing the freed page. This issue can manifest in many forms and the most common thing observed is the rcu stall during the swapin (see mapping_get_entry()). On the recent kernels, this issues is indirectly getting fixed with the series[1], to be specific[2]. When tried to back port this series, it is observed many merge conflicts and also seems dependent on many other changes. As backporting to LTS branches is not a trivial one, the similar change from [2] is picked as a fix. [1] https://lore.kernel.org/all/20230821160849.531668-1-david@redhat.com/ [2] https://lore.kernel.org/all/20230821160849.531668-5-david@redhat.com/ Closes: https://lore.kernel.org/linux-mm/69cb784f-578d-ded1-cd9f-c6db04696336@quici… Fixes: 3417013e0d18 ("mm/migrate: Add folio_migrate_mapping()") Cc: <stable(a)vger.kernel.org> # see patch description, applicable to <=6.1 Signed-off-by: Charan Teja Kalla <quic_charante(a)quicinc.com> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 5957794..cc5273f 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2477,6 +2477,8 @@ static void __split_huge_page_tail(struct page *head, int tail, if (!folio_test_swapcache(page_folio(head))) { VM_WARN_ON_ONCE_PAGE(page_tail->private != 0, page_tail); page_tail->private = 0; + } else { + set_page_private(page_tail, (unsigned long)head->private + tail); } /* Page flags must be visible before we make the page non-compound. */ -- 2.7.4

1 year, 3 months

5
16
0 0

Please apply commit 5b750b22530fe53bf7fd6a30baacd53ada26911b to linux-6.1.y

by Nathan Chancellor

Hi Greg and Sasha, Please apply upstream commit 5b750b22530f ("drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml") to linux-6.1.y, as it is needed to avoid instances of -Wframe-larger-than in allmodconfig, which has -Werror enabled. It applies cleanly for me and it is already in 6.6 and 6.7. The fixes tag is not entirely accurate and commit e63e35f0164c ("drm/amd/display: Increase frame-larger-than for all display_mode_vba files"), which was recently applied to that tree, depends on it (I should have made that clearer in the patch). If there are any issues, please let me know. Cheers, Nathan

1 year, 3 months

2
1
0 0

[PATCH 4.19/5.4/5.10/5.15] cachefiles: fix memory leak in cachefiles_add_cache()

by Baokun Li

commit e21a2f17566cbd64926fb8f16323972f7a064444 upstream. The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks. Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240217081431.796809-1-libaokun1@huawei.com Acked-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/cachefiles/bind.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 4a717d400807..9b34d46bf8ee 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -249,6 +249,8 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) kmem_cache_free(cachefiles_object_jar, fsdef); error_root_object: cachefiles_end_secure(cache, saved_cred); + put_cred(cache->cache_cred); + cache->cache_cred = NULL; pr_err("Failed to register: %d\n", ret); return ret; } @@ -269,6 +271,7 @@ void cachefiles_daemon_unbind(struct cachefiles_cache *cache) dput(cache->graveyard); mntput(cache->mnt); + put_cred(cache->cache_cred); kfree(cache->rootdirname); kfree(cache->secctx); -- 2.31.1

1 year, 3 months

2
1
0 0

[PATCH] usb: serial: Add device ID for cp210x

by Cameron Williams

Add device ID for a (probably fake) CP2102 UART device. lsusb -v output: Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.10 bDeviceClass 0 [unknown] bDeviceSubClass 0 [unknown] bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x11ca VeriFone Inc idProduct 0x0212 Verifone USB to Printer bcdDevice 1.00 iManufacturer 1 Silicon Labs iProduct 2 Verifone USB to Printer iSerial 3 0001 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x0020 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 [unknown] bInterfaceProtocol 0 iInterface 2 Verifone USB to Printer Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Device Status: 0x0000 (Bus Powered) Signed-off-by: Cameron Williams <cang1(a)live.co.uk> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index 923e0ed85..d339d81f6 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -177,6 +177,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0xF004) }, /* Elan Digital Systems USBcount50 */ { USB_DEVICE(0x10C5, 0xEA61) }, /* Silicon Labs MobiData GPRS USB Modem */ { USB_DEVICE(0x10CE, 0xEA6A) }, /* Silicon Labs MobiData GPRS USB Modem 100EU */ + { USB_DEVICE(0x11CA, 0x0212) }, /* Verifone USB to Printer (UART, CP2102) */ { USB_DEVICE(0x12B8, 0xEC60) }, /* Link G4 ECU */ { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */ { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */ -- 2.43.1

1 year, 3 months

2
1
0 0

[PATCH v3 0/5] Pinephone video out fixes (flipping between two frames)

by Frank Oltmanns

On some pinephones the video output sometimes freezes (flips between two frames) [1]. It seems to be that the reason for this behaviour is that PLL-MIPI is outside its limits, and the GPU is not running at a fixed rate. In this patch series I propose the following changes: 1. sunxi-ng: Adhere to the following constraints given in the Allwinner A64 Manual regarding PLL-MIPI: * M/N <= 3 * (PLL_VIDEO0)/M >= 24MHz * 500MHz <= clockrate <= 1400MHz 2. Remove two operating points from the A64 DTS OPPs, so that the GPU runs at a fixed rate of 432 MHz. Note, that when pinning the GPU to 432 MHz the issue [1] completely disappears for me. I've searched the BSP and could not find any indication that supports the idea of having the three OPPs. The only frequency I found in the BPSs for A64 is 432 MHz, which has also proven stable for me. Another bigger change compared to the previous version is that I've removed the patch to adapt the XBD599 panel's timings to Allwinner A64's PLL-MIPI new constraints from this series. Mainly, because I'm currently evaluationg other options that may or may not work. (It may work at least until HDMI support is upstreamed.) I'll probably resend the patch at a later point in time. I very much appreciate your feedback! [1] https://gitlab.com/postmarketOS/pmaports/-/issues/805 Signed-off-by: Frank Oltmanns <frank(a)oltmanns.dev> --- Changes in v3: - dts: Pin GPU to 432 MHz. - nkm and a64: Move minimum and maximum rate handling to the common part of the sunxi-ng driver. - Removed st7703 patch from series. - Link to v2: https://lore.kernel.org/r/20240205-pinephone-pll-fixes-v2-0-96a46a2d8c9b@ol… Changes in v2: - dts: Increase minimum GPU frequency to 192 MHz. - nkm and a64: Add minimum and maximum rate for PLL-MIPI. - nkm: Use the same approach for skipping invalid rates in ccu_nkm_find_best() as in ccu_nkm_find_best_with_parent_adj(). - nkm: Improve names for ratio struct members and hence get rid of describing comments. - nkm and a64: Correct description in the commit messages: M/N <= 3 - Remove patches for nm as they were not needed. - st7703: Rework the commit message to cover more background for the change. - Link to v1: https://lore.kernel.org/r/20231218-pinephone-pll-fixes-v1-0-e238b6ed6dc1@ol… --- Frank Oltmanns (5): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI clk: sunxi-ng: nkm: Support constraints on m/n ratio and parent rate clk: sunxi-ng: a64: Add constraints on PLL-MIPI's n/m ratio and parent rate arm64: dts: allwinner: a64: Run GPU at 432 MHz arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 8 -------- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 14 +++++++++----- drivers/clk/sunxi-ng/ccu_common.c | 15 +++++++++++++++ drivers/clk/sunxi-ng/ccu_common.h | 3 +++ drivers/clk/sunxi-ng/ccu_nkm.c | 21 +++++++++++++++++++++ drivers/clk/sunxi-ng/ccu_nkm.h | 2 ++ 6 files changed, 50 insertions(+), 13 deletions(-) --- base-commit: 216c1282dde38ca87ebdf1ccacee5a0682901574 change-id: 20231218-pinephone-pll-fixes-0ccdfde273e4 Best regards, -- Frank Oltmanns <frank(a)oltmanns.dev>

1 year, 3 months

2
4
0 0

[PATCH 5.10/5.15/6.1 0/1] soundwire: stream: use consistent pattern for freeing buffers

by Daniil Dulov

Svacer reports NULL-pointer dereference and double free issues in do_bank_switch() in case sdw_ml_sync_bank_switch() returns an error not on the first iteration of the list_for_each_entry() loop. These problems are present in 5.10, 5.15 and 6.1 stable releases. These problems have been fixed by the following upstream patch that can be cleanly applied to 5.10, 5.15 and 6.1 branches.

1 year, 3 months

1
1
0 0

Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1

by Brennan Lamoreaux

Hi stable maintainers, The following patch in mainline is listed as a fix for CVE-2023-2176: 8d037973d48c026224ab285e6a06985ccac6f7bf (RDMA/core: Refactor rdma_bind_addr) And the following is a fix for a regression in the above patch: 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95 (RDMA/core: Update CMA destination address on rdma_resolve_addr) To my knowledge, at least back to v6.1 is vulnerable to this same bug. Since these should apply directly to 6.1.y, can these be picked up for that branch? Regards, Brennan

1 year, 3 months

3
7
0 0

[PATCH 6.1.y v2 0/6] Delay VERW - 6.1.y backport

by Pawan Gupta

v2: - Runtime patch jmp instead of verw in macro CLEAR_CPU_BUFFERS due to lack of relative addressing support in relocations in kernels <v6.5. - Rebased to v6.1.80 - Boot tested with KASLR and KPTI enabled. - Fixed warning: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction - Verified VERW being executed with mitigation ON, and not being executed with mitigation turned OFF. - Rebased to v6.1.80. v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-1-y-v1-0-b3a2c5b9b… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 1,2,5 and 6 needed conflict resolution. I saw a few new warnings: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction I tried using REACHABLE, but that did not fix the warning. For the below warning: vmlinux.o: warning: objtool: .altinstr_replacement+0x17: unsupported relocation in alternatives section not sure if this is related to this series or a pre-existing warning, I will check later without this series. I am not too concerned because the alternative did substitute verw correctly: entry_SYSCALL_64: ... 0xffffffff8200013d <+253>: swapgs 0xffffffff82000140 <+256>: verw 0xffffffff82000000 0xffffffff82000148 <+264>: sysretq 0xffffffff8200014b <+267>: int3 Cc: Dave Hansen <dave.hansen(a)linux.intel.com> To: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (5): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry.S | 23 ++++++++++++++++++++++ arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 27 +++++++++++++------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 12 ++++++++---- 13 files changed, 106 insertions(+), 46 deletions(-) --- base-commit: a3eb3a74aa8c94e6c8130b55f3b031f29162868c change-id: 20240226-delay-verw-backport-6-1-y-4b0cec84087c Best regards, -- Thanks, Pawan

1 year, 3 months

1
6
0 0

FAILED: patch "[PATCH] mptcp: push at DSS boundaries" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b9cd26f640a308ea314ad23532de9a8592cd09d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030448-walrus-tribunal-7b38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b9cd26f640a3 ("mptcp: push at DSS boundaries") 1094c6fe7280 ("mptcp: fix possible divide by zero") 8ce568ed06ce ("mptcp: drop tx skb cache") 4e14867d5e91 ("mptcp: tune re-injections for csum enabled mode") 2948d0a1e5ae ("mptcp: factor out __mptcp_retrans helper()") eaeef1ce55ec ("mptcp: fix memory accounting on allocation error") d489ded1a369 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9cd26f640a308ea314ad23532de9a8592cd09d2 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:14 +0100 Subject: [PATCH] mptcp: push at DSS boundaries when inserting not contiguous data in the subflow write queue, the protocol creates a new skb and prevent the TCP stack from merging it later with already queued skbs by setting the EOR marker. Still no push flag is explicitly set at the end of previous GSO packet, making the aggregation on the receiver side sub-optimal - and packetdrill self-tests less predictable. Explicitly mark the end of not contiguous DSS with the push flag. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-4-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 948606a537da..442fa7d9b57a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1260,6 +1260,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext = mptcp_get_ext(skb); if (!mptcp_skb_can_collapse_to(data_seq, skb, mpext)) { TCP_SKB_CB(skb)->eor = 1; + tcp_mark_push(tcp_sk(ssk), skb); goto alloc_skb; }

1 year, 3 months

3
2
0 0

How to increase conversions on your website?

by Ray Galt

Hi there! Are you interested in increasing your customer base through your company's website? We're transforming the virtual world into tangible profits by creating functional, responsive websites and profitable online stores, optimized for search engine rankings. Whether you need a simple website or a complex web application, our team of experts utilizes advanced tools to deliver fast and user-friendly products. Would you be interested in hearing more about what we can do for you in this regard? Best regards Ray Galt

1 year, 3 months

1
0
0 0

[PATCH v3] i2c: acpi: Unbind mux adapters before delete

by Hamish Martin

There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When this table is loaded we see the creation of a device for the overall PCA9548 chip and 8 further devices - one i2c_adapter each for the mux channels. These are all bound to their ACPI equivalents via an eventual invocation of acpi_bind_one(). When we unload the SSDT overlay we run into the problem. The ACPI devices are deleted as normal via acpi_device_del_work_fn() and the acpi_device_del_list. However, the following warning and stack trace is output as the deletion does not go smoothly: ------------[ cut here ]------------ kernfs: can not remove 'physical_node', no directory WARNING: CPU: 1 PID: 11 at fs/kernfs/dir.c:1674 kernfs_remove_by_name_ns+0xb9/0xc0 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u128:0 Not tainted 6.8.0-rc6+ #1 Hardware name: congatec AG conga-B7E3/conga-B7E3, BIOS 5.13 05/16/2023 Workqueue: kacpi_hotplug acpi_device_del_work_fn RIP: 0010:kernfs_remove_by_name_ns+0xb9/0xc0 Code: e4 00 48 89 ef e8 07 71 db ff 5b b8 fe ff ff ff 5d 41 5c 41 5d e9 a7 55 e4 00 0f 0b eb a6 48 c7 c7 f0 38 0d 9d e8 97 0a d5 ff <0f> 0b eb dc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffff9f864008fb28 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8ef90a8d4940 RCX: 0000000000000000 RDX: ffff8f000e267d10 RSI: ffff8f000e25c780 RDI: ffff8f000e25c780 RBP: ffff8ef9186f9870 R08: 0000000000013ffb R09: 00000000ffffbfff R10: 00000000ffffbfff R11: ffff8f000e0a0000 R12: ffff9f864008fb50 R13: ffff8ef90c93dd60 R14: ffff8ef9010d0958 R15: ffff8ef9186f98c8 FS: 0000000000000000(0000) GS:ffff8f000e240000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48f5253a08 CR3: 00000003cb82e000 CR4: 00000000003506f0 Call Trace: <TASK> ? kernfs_remove_by_name_ns+0xb9/0xc0 ? __warn+0x7c/0x130 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? report_bug+0x171/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? kernfs_remove_by_name_ns+0xb9/0xc0 acpi_unbind_one+0x108/0x180 device_del+0x18b/0x490 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_del_adapter.part.0+0x1bf/0x250 i2c_mux_del_adapters+0xa1/0xe0 i2c_device_remove+0x1e/0x80 device_release_driver_internal+0x19a/0x200 bus_remove_device+0xbf/0x100 device_del+0x157/0x490 ? __pfx_device_match_fwnode+0x10/0x10 ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_acpi_notify+0x10f/0x140 notifier_call_chain+0x58/0xd0 blocking_notifier_call_chain+0x3a/0x60 acpi_device_del_work_fn+0x85/0x1d0 process_one_work+0x134/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe3/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> ---[ end trace 0000000000000000 ]--- ... repeated 7 more times, 1 for each channel of the mux ... The issue is that the binding of the ACPI devices to their peer I2C adapters is not correctly cleaned up. Digging deeper into the issue we see that the deletion order is such that the ACPI devices matching the mux channel i2c adapters are deleted first during the SSDT overlay removal. For each of the channels we see a call to i2c_acpi_notify() with ACPI_RECONFIG_DEVICE_REMOVE but, because these devices are not actually i2c_clients, nothing is done for them. Later on, after each of the mux channels has been dealt with, we come to delete the i2c_client representing the PCA9548 device. This is the call stack we see above, whereby the kernel cleans up the i2c_client including destruction of the mux and its channel adapters. At this point we do attempt to unbind from the ACPI peers but those peers no longer exist and so we hit the kernfs errors. The fix is to augment i2c_acpi_notify() to handle i2c_adapters. But, given that the life cycle of the adapters is linked to the i2c_client, instead of deleting the i2c_adapters during the i2c_acpi_notify(), we just trigger unbinding of the ACPI device from the adapter device, and allow the clean up of the adapter to continue in the way it always has. Signed-off-by: Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)kernel.org> Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") Cc: <stable(a)vger.kernel.org> # v4.8+ --- drivers/i2c/i2c-core-acpi.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index d6037a328669..67fa8deccef6 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -445,6 +445,11 @@ static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev) return i2c_find_device_by_fwnode(acpi_fwnode_handle(adev)); } +static struct i2c_adapter *i2c_acpi_find_adapter_by_adev(struct acpi_device *adev) +{ + return i2c_find_adapter_by_fwnode(acpi_fwnode_handle(adev)); +} + static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, void *arg) { @@ -471,11 +476,17 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, break; client = i2c_acpi_find_client_by_adev(adev); - if (!client) - break; + if (client) { + i2c_unregister_device(client); + put_device(&client->dev); + } + + adapter = i2c_acpi_find_adapter_by_adev(adev); + if (adapter) { + acpi_device_notify_remove(&adapter->dev); + put_device(&adapter->dev); + } - i2c_unregister_device(client); - put_device(&client->dev); break; } -- 2.43.0

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: move __mptcp_error_report in protocol.c" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d5fbeff1ab812b6c473b6924bee8748469462e2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100421-divisible-bacterium-18b5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5fbeff1ab812b6c473b6924bee8748469462e2c Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:46 +0200 Subject: [PATCH] mptcp: move __mptcp_error_report in protocol.c This will simplify the next patch ("mptcp: process pending subflow error on close"). No functional change intended. Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a7fc16f5175d..915860027b1a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -770,6 +770,42 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) return moved; } +void __mptcp_error_report(struct sock *sk) +{ + struct mptcp_subflow_context *subflow; + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + int err = sock_error(ssk); + int ssk_state; + + if (!err) + continue; + + /* only propagate errors on fallen-back sockets or + * on MPC connect + */ + if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) + continue; + + /* We need to propagate only transition to CLOSE state. + * Orphaned socket will see such state change via + * subflow_sched_work_if_closed() and that path will properly + * destroy the msk as needed. + */ + ssk_state = inet_sk_state_load(ssk); + if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) + inet_sk_state_store(sk, ssk_state); + WRITE_ONCE(sk->sk_err, -err); + + /* This barrier is coupled with smp_rmb() in mptcp_poll() */ + smp_wmb(); + sk_error_report(sk); + break; + } +} + /* In most cases we will be able to lock the mptcp socket. If its already * owned, we need to defer to the work queue to avoid ABBA deadlock. */ diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 9bf3c7bc1762..2f40c23fdb0d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1362,42 +1362,6 @@ void mptcp_space(const struct sock *ssk, int *space, int *full_space) *full_space = mptcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf)); } -void __mptcp_error_report(struct sock *sk) -{ - struct mptcp_subflow_context *subflow; - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_for_each_subflow(msk, subflow) { - struct sock *ssk = mptcp_subflow_tcp_sock(subflow); - int err = sock_error(ssk); - int ssk_state; - - if (!err) - continue; - - /* only propagate errors on fallen-back sockets or - * on MPC connect - */ - if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) - continue; - - /* We need to propagate only transition to CLOSE state. - * Orphaned socket will see such state change via - * subflow_sched_work_if_closed() and that path will properly - * destroy the msk as needed. - */ - ssk_state = inet_sk_state_load(ssk); - if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) - inet_sk_state_store(sk, ssk_state); - WRITE_ONCE(sk->sk_err, -err); - - /* This barrier is coupled with smp_rmb() in mptcp_poll() */ - smp_wmb(); - sk_error_report(sk); - break; - } -} - static void subflow_error_report(struct sock *ssk) { struct sock *sk = mptcp_subflow_ctx(ssk)->conn;

1 year, 3 months

3
2
0 0

[PATCH 6.1.y] mptcp: continue marking the first subflow as UNCONNECTED

by Matthieu Baerts (NGI0)

After the 'Fixes' commit mentioned below, which is a partial backport, the MPTCP worker was no longer marking the first subflow as "UNCONNECTED" when the socket was transitioning to TCP_CLOSE state. As a result, in v6.1, it was no longer possible to reconnect to the just disconnected socket. Continue to do that like before, only for the first subflow. A few refactoring have been done around the 'msk->subflow' in later versions, and it looks like this is not needed to do that there, but still needed in v6.1. Without that, the 'disconnect' tests from the mptcp_connect.sh selftest fail: they repeat the transfer 3 times by reconnecting to the server each time. Fixes: 7857e35ef10e ("mptcp: get rid of msk->subflow") Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - This is specific to the 6.1 version having the partial backport. --- net/mptcp/protocol.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index cdabb00648bd2..125825db642cc 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2440,6 +2440,8 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, need_push = (flags & MPTCP_CF_PUSH) && __mptcp_retransmit_pending_data(sk); if (!dispose_it) { __mptcp_subflow_disconnect(ssk, subflow, flags); + if (msk->subflow && ssk == msk->subflow->sk) + msk->subflow->state = SS_UNCONNECTED; release_sock(ssk); goto out; -- 2.43.0

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030400-blooper-quaking-0f36@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 4a64981dfee9 ("mm/mempolicy: convert migrate_page_add() to migrate_folio_add()") 3dae02bbd07f ("mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()") de1f5055523e ("mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()") 07bb1fbaa2bb ("mm/damon/paddr: convert damon_pa_*() to use a folio") f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") 07e8c82b5eff ("madvise: convert madvise_cold_or_pageout_pte_range() to use folios") 18250e78f9c7 ("mm/damon/paddr: support DAMOS filters") fd3b1bc3c86e ("mm/madvise: fix madvise_pageout for private file mappings") 7438899b0b8d ("folio-compat: remove try_to_release_page()") 64ab3195ea07 ("khugepage: replace try_to_release_page() with filemap_release_folio()") ece62684dcfb ("hugetlbfs: convert hugetlb_delete_from_page_cache() to use folios") 241f68859656 ("mm/migrate_device.c: refactor migrate_vma and migrate_deivce_coherent_page()") 16ce101db85d ("mm/memory.c: fix race when faulting a device private page") fa27759af4a6 ("hugetlb: clean up code checking for fault/truncation races") c86272287bc6 ("hugetlb: create remove_inode_single_folio to remove single file folio") 7e1813d48dd3 ("hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030457-nineteen-synthesis-5112@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 4a64981dfee9 ("mm/mempolicy: convert migrate_page_add() to migrate_folio_add()") 3dae02bbd07f ("mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()") de1f5055523e ("mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()") 07bb1fbaa2bb ("mm/damon/paddr: convert damon_pa_*() to use a folio") f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") 07e8c82b5eff ("madvise: convert madvise_cold_or_pageout_pte_range() to use folios") 18250e78f9c7 ("mm/damon/paddr: support DAMOS filters") fd3b1bc3c86e ("mm/madvise: fix madvise_pageout for private file mappings") 7438899b0b8d ("folio-compat: remove try_to_release_page()") 64ab3195ea07 ("khugepage: replace try_to_release_page() with filemap_release_folio()") ece62684dcfb ("hugetlbfs: convert hugetlb_delete_from_page_cache() to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-recite-camera-0413@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iommufd/selftest: Fix mock_dev_num bug" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fde372df96afddcda3ec94944351f2a14f7cd98d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-fester-semester-873a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fde372df96af ("iommufd/selftest: Fix mock_dev_num bug") 47f2bd2ff382 ("iommufd/selftest: Check the bus type during probe") 65fe32f7a447 ("iommufd/selftest: Add nested domain allocation for mock domain") 2bdabb8e82f5 ("iommu: Pass in parent domain with user_data to domain_alloc_user op") 9744a7ab62cc ("iommufd: Rename IOMMUFD_OBJ_HW_PAGETABLE to IOMMUFD_OBJ_HWPT_PAGING") 266ce58989ba ("iommufd/selftest: Test IOMMU_HWPT_ALLOC_DIRTY_TRACKING") e04b23c8d4ed ("iommufd/selftest: Expand mock_domain with dev_flags") 421a511a293f ("iommu/amd: Access/Dirty bit support in IOPTEs") 134288158a41 ("iommu/amd: Add domain_alloc_user based domain allocation") e2a4b2947849 ("iommufd: Add IOMMU_HWPT_SET_DIRTY_TRACKING") 750e2e902b71 ("iommu: Add iommu_domain ops for dirty tracking") c97d1b20d383 ("iommu/vt-d: Add domain_alloc_user op") 408663619fcf ("iommufd/selftest: Add domain_alloc_user() support in iommu mock") 4ff542163397 ("iommufd: Support allocating nested parent domain") 89d63875d80e ("iommufd: Flow user flags for domain allocation to domain_alloc_user()") 7975b722087f ("iommufd: Use the domain_alloc_user() op for domain allocation") 909f4abd1097 ("iommu: Add new iommu op to create domains owned by userspace") bb812e0069ce ("iommufd/selftest: Iterate idev_ids in mock_domain's alloc_hwpt test") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fde372df96afddcda3ec94944351f2a14f7cd98d Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:46 -0800 Subject: [PATCH] iommufd/selftest: Fix mock_dev_num bug Syzkaller reported the following bug: sysfs: cannot create duplicate filename '/devices/iommufd_mock4' Call Trace: sysfs_warn_dup+0x71/0x90 sysfs_create_dir_ns+0x1ee/0x260 ? sysfs_create_mount_point+0x80/0x80 ? spin_bug+0x1d0/0x1d0 ? do_raw_spin_unlock+0x54/0x220 kobject_add_internal+0x221/0x970 kobject_add+0x11c/0x1e0 ? lockdep_hardirqs_on_prepare+0x273/0x3e0 ? kset_create_and_add+0x160/0x160 ? kobject_put+0x5d/0x390 ? bus_get_dev_root+0x4a/0x60 ? kobject_put+0x5d/0x390 device_add+0x1d5/0x1550 ? __fw_devlink_link_to_consumers.isra.0+0x1f0/0x1f0 ? __init_waitqueue_head+0xcb/0x150 iommufd_test+0x462/0x3b60 ? lock_release+0x1fe/0x640 ? __might_fault+0x117/0x170 ? reacquire_held_locks+0x4b0/0x4b0 ? iommufd_selftest_destroy+0xd0/0xd0 ? __might_fault+0xbe/0x170 iommufd_fops_ioctl+0x256/0x350 ? iommufd_option+0x180/0x180 ? __lock_acquire+0x1755/0x45f0 __x64_sys_ioctl+0xa13/0x1640 The bug is triggered when Syzkaller created multiple mock devices but didn't destroy them in the same sequence, messing up the mock_dev_num counter. Replace the atomic with an mock_dev_ida. Cc: stable(a)vger.kernel.org Fixes: 23a1b46f15d5 ("iommufd/selftest: Make the mock iommu driver into a real driver") Link: https://lore.kernel.org/r/5af41d5af6d5c013cc51de01427abb8141b3587e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 8abf9747773e..2bfe77bd351d 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -36,7 +36,7 @@ static struct mock_bus_type iommufd_mock_bus_type = { }, }; -static atomic_t mock_dev_num; +static DEFINE_IDA(mock_dev_ida); enum { MOCK_DIRTY_TRACK = 1, @@ -123,6 +123,7 @@ enum selftest_obj_type { struct mock_dev { struct device dev; unsigned long flags; + int id; }; struct selftest_obj { @@ -631,7 +632,7 @@ static void mock_dev_release(struct device *dev) { struct mock_dev *mdev = container_of(dev, struct mock_dev, dev); - atomic_dec(&mock_dev_num); + ida_free(&mock_dev_ida, mdev->id); kfree(mdev); } @@ -653,8 +654,12 @@ static struct mock_dev *mock_dev_create(unsigned long dev_flags) mdev->dev.release = mock_dev_release; mdev->dev.bus = &iommufd_mock_bus_type.bus; - rc = dev_set_name(&mdev->dev, "iommufd_mock%u", - atomic_inc_return(&mock_dev_num)); + rc = ida_alloc(&mock_dev_ida, GFP_KERNEL); + if (rc < 0) + goto err_put; + mdev->id = rc; + + rc = dev_set_name(&mdev->dev, "iommufd_mock%u", mdev->id); if (rc) goto err_put;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iommufd/selftest: Fix mock_dev_num bug" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x fde372df96afddcda3ec94944351f2a14f7cd98d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-backlog-ouch-0e53@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: fde372df96af ("iommufd/selftest: Fix mock_dev_num bug") 47f2bd2ff382 ("iommufd/selftest: Check the bus type during probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fde372df96afddcda3ec94944351f2a14f7cd98d Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:46 -0800 Subject: [PATCH] iommufd/selftest: Fix mock_dev_num bug Syzkaller reported the following bug: sysfs: cannot create duplicate filename '/devices/iommufd_mock4' Call Trace: sysfs_warn_dup+0x71/0x90 sysfs_create_dir_ns+0x1ee/0x260 ? sysfs_create_mount_point+0x80/0x80 ? spin_bug+0x1d0/0x1d0 ? do_raw_spin_unlock+0x54/0x220 kobject_add_internal+0x221/0x970 kobject_add+0x11c/0x1e0 ? lockdep_hardirqs_on_prepare+0x273/0x3e0 ? kset_create_and_add+0x160/0x160 ? kobject_put+0x5d/0x390 ? bus_get_dev_root+0x4a/0x60 ? kobject_put+0x5d/0x390 device_add+0x1d5/0x1550 ? __fw_devlink_link_to_consumers.isra.0+0x1f0/0x1f0 ? __init_waitqueue_head+0xcb/0x150 iommufd_test+0x462/0x3b60 ? lock_release+0x1fe/0x640 ? __might_fault+0x117/0x170 ? reacquire_held_locks+0x4b0/0x4b0 ? iommufd_selftest_destroy+0xd0/0xd0 ? __might_fault+0xbe/0x170 iommufd_fops_ioctl+0x256/0x350 ? iommufd_option+0x180/0x180 ? __lock_acquire+0x1755/0x45f0 __x64_sys_ioctl+0xa13/0x1640 The bug is triggered when Syzkaller created multiple mock devices but didn't destroy them in the same sequence, messing up the mock_dev_num counter. Replace the atomic with an mock_dev_ida. Cc: stable(a)vger.kernel.org Fixes: 23a1b46f15d5 ("iommufd/selftest: Make the mock iommu driver into a real driver") Link: https://lore.kernel.org/r/5af41d5af6d5c013cc51de01427abb8141b3587e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 8abf9747773e..2bfe77bd351d 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -36,7 +36,7 @@ static struct mock_bus_type iommufd_mock_bus_type = { }, }; -static atomic_t mock_dev_num; +static DEFINE_IDA(mock_dev_ida); enum { MOCK_DIRTY_TRACK = 1, @@ -123,6 +123,7 @@ enum selftest_obj_type { struct mock_dev { struct device dev; unsigned long flags; + int id; }; struct selftest_obj { @@ -631,7 +632,7 @@ static void mock_dev_release(struct device *dev) { struct mock_dev *mdev = container_of(dev, struct mock_dev, dev); - atomic_dec(&mock_dev_num); + ida_free(&mock_dev_ida, mdev->id); kfree(mdev); } @@ -653,8 +654,12 @@ static struct mock_dev *mock_dev_create(unsigned long dev_flags) mdev->dev.release = mock_dev_release; mdev->dev.bus = &iommufd_mock_bus_type.bus; - rc = dev_set_name(&mdev->dev, "iommufd_mock%u", - atomic_inc_return(&mock_dev_num)); + rc = ida_alloc(&mock_dev_ida, GFP_KERNEL); + if (rc < 0) + goto err_put; + mdev->id = rc; + + rc = dev_set_name(&mdev->dev, "iommufd_mock%u", mdev->id); if (rc) goto err_put;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iommufd: Fix protection fault in iommufd_test_syz_conv_iova" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cf7c2789822db8b5efa34f5ebcf1621bc0008d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030407-headway-blustery-23f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cf7c2789822d ("iommufd: Fix protection fault in iommufd_test_syz_conv_iova") bd7a282650b8 ("iommufd: Add iommufd_ctx to iommufd_put_object()") 65fe32f7a447 ("iommufd/selftest: Add nested domain allocation for mock domain") 2bdabb8e82f5 ("iommu: Pass in parent domain with user_data to domain_alloc_user op") b5021cb264e6 ("iommufd: Share iommufd_hwpt_alloc with IOMMUFD_OBJ_HWPT_NESTED") 89db31635c87 ("iommufd: Derive iommufd_hwpt_paging from iommufd_hw_pagetable") 58d84f430dc7 ("iommufd/device: Wrap IOMMUFD_OBJ_HWPT_PAGING-only configurations") 9744a7ab62cc ("iommufd: Rename IOMMUFD_OBJ_HW_PAGETABLE to IOMMUFD_OBJ_HWPT_PAGING") 2ccabf81ddff ("iommufd: Only enforce cache coherency in iommufd_hw_pagetable_alloc") a9af47e382a4 ("iommufd/selftest: Test IOMMU_HWPT_GET_DIRTY_BITMAP") 7adf267d66d1 ("iommufd/selftest: Test IOMMU_HWPT_SET_DIRTY_TRACKING") 266ce58989ba ("iommufd/selftest: Test IOMMU_HWPT_ALLOC_DIRTY_TRACKING") e04b23c8d4ed ("iommufd/selftest: Expand mock_domain with dev_flags") 421a511a293f ("iommu/amd: Access/Dirty bit support in IOPTEs") 134288158a41 ("iommu/amd: Add domain_alloc_user based domain allocation") b9a60d6f850e ("iommufd: Add IOMMU_HWPT_GET_DIRTY_BITMAP") e2a4b2947849 ("iommufd: Add IOMMU_HWPT_SET_DIRTY_TRACKING") 5f9bdbf4c658 ("iommufd: Add a flag to enforce dirty tracking on attach") 750e2e902b71 ("iommu: Add iommu_domain ops for dirty tracking") b5f9e63278d6 ("iommufd: Correct IOMMU_HWPT_ALLOC_NEST_PARENT description") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf7c2789822db8b5efa34f5ebcf1621bc0008d48 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:47 -0800 Subject: [PATCH] iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] Call Trace: lock_acquire lock_acquire+0x1ce/0x4f0 down_read+0x93/0x4a0 iommufd_test_syz_conv_iova+0x56/0x1f0 iommufd_test_access_rw.isra.0+0x2ec/0x390 iommufd_test+0x1058/0x1e30 iommufd_fops_ioctl+0x381/0x510 vfs_ioctl __do_sys_ioctl __se_sys_ioctl __x64_sys_ioctl+0x170/0x1e0 do_syscall_x64 do_syscall_64+0x71/0x140 This is because the new iommufd_access_change_ioas() sets access->ioas to NULL during its process, so the lock might be gone in a concurrent racing context. Fix this by doing the same access->ioas sanity as iommufd_access_rw() and iommufd_access_pin_pages() functions do. Cc: stable(a)vger.kernel.org Fixes: 9227da7816dd ("iommufd: Add iommufd_access_change_ioas(_id) helpers") Link: https://lore.kernel.org/r/3f1932acaf1dd494d404c04364d73ce8f57f3e5e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 2bfe77bd351d..d59e199a8705 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -63,8 +63,8 @@ enum { * In syzkaller mode the 64 bit IOVA is converted into an nth area and offset * value. This has a much smaller randomization space and syzkaller can hit it. */ -static unsigned long iommufd_test_syz_conv_iova(struct io_pagetable *iopt, - u64 *iova) +static unsigned long __iommufd_test_syz_conv_iova(struct io_pagetable *iopt, + u64 *iova) { struct syz_layout { __u32 nth_area; @@ -88,6 +88,21 @@ static unsigned long iommufd_test_syz_conv_iova(struct io_pagetable *iopt, return 0; } +static unsigned long iommufd_test_syz_conv_iova(struct iommufd_access *access, + u64 *iova) +{ + unsigned long ret; + + mutex_lock(&access->ioas_lock); + if (!access->ioas) { + mutex_unlock(&access->ioas_lock); + return 0; + } + ret = __iommufd_test_syz_conv_iova(&access->ioas->iopt, iova); + mutex_unlock(&access->ioas_lock); + return ret; +} + void iommufd_test_syz_conv_iova_id(struct iommufd_ucmd *ucmd, unsigned int ioas_id, u64 *iova, u32 *flags) { @@ -100,7 +115,7 @@ void iommufd_test_syz_conv_iova_id(struct iommufd_ucmd *ucmd, ioas = iommufd_get_ioas(ucmd->ictx, ioas_id); if (IS_ERR(ioas)) return; - *iova = iommufd_test_syz_conv_iova(&ioas->iopt, iova); + *iova = __iommufd_test_syz_conv_iova(&ioas->iopt, iova); iommufd_put_object(ucmd->ictx, &ioas->obj); } @@ -1161,7 +1176,7 @@ static int iommufd_test_access_pages(struct iommufd_ucmd *ucmd, } if (flags & MOCK_FLAGS_ACCESS_SYZ) - iova = iommufd_test_syz_conv_iova(&staccess->access->ioas->iopt, + iova = iommufd_test_syz_conv_iova(staccess->access, &cmd->access_pages.iova); npages = (ALIGN(iova + length, PAGE_SIZE) - @@ -1263,8 +1278,8 @@ static int iommufd_test_access_rw(struct iommufd_ucmd *ucmd, } if (flags & MOCK_FLAGS_ACCESS_SYZ) - iova = iommufd_test_syz_conv_iova(&staccess->access->ioas->iopt, - &cmd->access_rw.iova); + iova = iommufd_test_syz_conv_iova(staccess->access, + &cmd->access_rw.iova); rc = iommufd_access_rw(staccess->access, iova, tmp, length, flags); if (rc)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] riscv: Add a custom ISA extension for the [ms]envcfg CSR" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 4774848fef6041716a4883217eb75f6b10eb183b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030445-rants-grading-f698@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 4774848fef60 ("riscv: Add a custom ISA extension for the [ms]envcfg CSR") aec3353963b8 ("riscv: add ISA extension parsing for vector crypto") 0d8295ed975b ("riscv: add ISA extension parsing for scalar crypto") e45f463a9b01 ("riscv: add ISA extension parsing for Zbc") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4774848fef6041716a4883217eb75f6b10eb183b Mon Sep 17 00:00:00 2001 From: Samuel Holland <samuel.holland(a)sifive.com> Date: Tue, 27 Feb 2024 22:55:34 -0800 Subject: [PATCH] riscv: Add a custom ISA extension for the [ms]envcfg CSR The [ms]envcfg CSR was added in version 1.12 of the RISC-V privileged ISA (aka S[ms]1p12). However, bits in this CSR are defined by several other extensions which may be implemented separately from any particular version of the privileged ISA (for example, some unrelated errata may prevent an implementation from claiming conformance with Ss1p12). As a result, Linux cannot simply use the privileged ISA version to determine if the CSR is present. It must also check if any of these other extensions are implemented. It also cannot probe the existence of the CSR at runtime, because Linux does not require Sstrict, so (in the absence of additional information) it cannot know if a CSR at that address is [ms]envcfg or part of some non-conforming vendor extension. Since there are several standard extensions that imply the existence of the [ms]envcfg CSR, it becomes unwieldy to check for all of them wherever the CSR is accessed. Instead, define a custom Xlinuxenvcfg ISA extension bit that is implied by the other extensions and denotes that the CSR exists as defined in the privileged ISA, containing at least one of the fields common between menvcfg and senvcfg. This extension does not need to be parsed from the devicetree or ISA string because it can only be implemented as a subset of some other standard extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Conor Dooley <conor.dooley(a)microchip.com> Reviewed-by: Andrew Jones <ajones(a)ventanamicro.com> Link: https://lore.kernel.org/r/20240228065559.3434837-3-samuel.holland@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..1f2d2599c655 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -81,6 +81,8 @@ #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_XLINUXENVCFG 127 + #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..dacffef68ce2 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -201,6 +201,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +/* + * While the [ms]envcfg CSRs were not defined until version 1.12 of the RISC-V + * privileged ISA, the existence of the CSRs is implied by any extension which + * specifies [ms]envcfg bit(s). Hence, we define a custom ISA extension for the + * existence of the CSR, and treat it as a subset of those other extensions. + */ +static const unsigned int riscv_xlinuxenvcfg_exts[] = { + RISCV_ISA_EXT_XLINUXENVCFG +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -250,8 +260,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(c, RISCV_ISA_EXT_c), __RISCV_ISA_EXT_DATA(v, RISCV_ISA_EXT_v), __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h), - __RISCV_ISA_EXT_DATA(zicbom, RISCV_ISA_EXT_ZICBOM), - __RISCV_ISA_EXT_DATA(zicboz, RISCV_ISA_EXT_ZICBOZ), + __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM, riscv_xlinuxenvcfg_exts), + __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ, riscv_xlinuxenvcfg_exts), __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR), __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND), __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR),

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030412-frisbee-unframed-7c15@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") 043cb41a85de ("riscv: introduce interfaces to patch kernel code") 6bd33e1ece52 ("riscv: add nommu support") a4c3733d32a7 ("riscv: abstract out CSR names for supervisor vs machine mode") 0c3ac28931d5 ("riscv: separate MMIO functions into their own header file") 00a5bf3a8ca3 ("RISC-V: Add PCIe I/O BAR memory mapping") 1e1ac1cb651a ("Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030411-default-joylessly-3437@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") 043cb41a85de ("riscv: introduce interfaces to patch kernel code") 6bd33e1ece52 ("riscv: add nommu support") a4c3733d32a7 ("riscv: abstract out CSR names for supervisor vs machine mode") 0c3ac28931d5 ("riscv: separate MMIO functions into their own header file") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: fix PHY init clock stability" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8e9f25a290ae0016353c9ea13314c95fb3207812 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030401-cushy-sterility-1d74@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8e9f25a290ae ("mmc: sdhci-xenon: fix PHY init clock stability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e9f25a290ae0016353c9ea13314c95fb3207812 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 22:09:30 +0200 Subject: [PATCH] mmc: sdhci-xenon: fix PHY init clock stability Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222200930.1277665-1-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: fix PHY init clock stability" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8e9f25a290ae0016353c9ea13314c95fb3207812 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030400-debate-conclude-99e5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8e9f25a290ae ("mmc: sdhci-xenon: fix PHY init clock stability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e9f25a290ae0016353c9ea13314c95fb3207812 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 22:09:30 +0200 Subject: [PATCH] mmc: sdhci-xenon: fix PHY init clock stability Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222200930.1277665-1-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: add timeout for PHY init complete" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030409-purchase-uselessly-906f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 09e23823ae9a ("mmc: sdhci-xenon: add timeout for PHY init complete") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 21:17:14 +0200 Subject: [PATCH] mmc: sdhci-xenon: add timeout for PHY init complete AC5X spec says PHY init complete bit must be polled until zero. We see cases in which timeout can take longer than the standard calculation on AC5X, which is expected following the spec comment above. According to the spec, we must wait as long as it takes for that bit to toggle on AC5X. Cap that with 100 delay loops so we won't get stuck forever. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222191714.1216470-3-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index c3096230a969..cc9d28b75eb9 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -110,6 +110,8 @@ #define XENON_EMMC_PHY_LOGIC_TIMING_ADJUST (XENON_EMMC_PHY_REG_BASE + 0x18) #define XENON_LOGIC_TIMING_VALUE 0x00AA8977 +#define XENON_MAX_PHY_TIMEOUT_LOOPS 100 + /* * List offset of PHY registers and some special register values * in eMMC PHY 5.0 or eMMC PHY 5.1 @@ -278,18 +280,27 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) /* get the wait time */ wait /= clock; wait++; - /* wait for host eMMC PHY init completes */ - udelay(wait); - reg = sdhci_readl(host, phy_regs->timing_adj); - reg &= XENON_PHY_INITIALIZAION; - if (reg) { + /* + * AC5X spec says bit must be polled until zero. + * We see cases in which timeout can take longer + * than the standard calculation on AC5X, which is + * expected following the spec comment above. + * According to the spec, we must wait as long as + * it takes for that bit to toggle on AC5X. + * Cap that with 100 delay loops so we won't get + * stuck here forever: + */ + + ret = read_poll_timeout(sdhci_readl, reg, + !(reg & XENON_PHY_INITIALIZAION), + wait, XENON_MAX_PHY_TIMEOUT_LOOPS * wait, + false, host, phy_regs->timing_adj); + if (ret) dev_err(mmc_dev(host->mmc), "eMMC PHY init cannot complete after %d us\n", - wait); - return -ETIMEDOUT; - } + wait * XENON_MAX_PHY_TIMEOUT_LOOPS); - return 0; + return ret; } #define ARMADA_3700_SOC_PAD_1_8V 0x1

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: add timeout for PHY init complete" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030408-hyphen-moonwalk-5e0e@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 09e23823ae9a ("mmc: sdhci-xenon: add timeout for PHY init complete") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 21:17:14 +0200 Subject: [PATCH] mmc: sdhci-xenon: add timeout for PHY init complete AC5X spec says PHY init complete bit must be polled until zero. We see cases in which timeout can take longer than the standard calculation on AC5X, which is expected following the spec comment above. According to the spec, we must wait as long as it takes for that bit to toggle on AC5X. Cap that with 100 delay loops so we won't get stuck forever. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222191714.1216470-3-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index c3096230a969..cc9d28b75eb9 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -110,6 +110,8 @@ #define XENON_EMMC_PHY_LOGIC_TIMING_ADJUST (XENON_EMMC_PHY_REG_BASE + 0x18) #define XENON_LOGIC_TIMING_VALUE 0x00AA8977 +#define XENON_MAX_PHY_TIMEOUT_LOOPS 100 + /* * List offset of PHY registers and some special register values * in eMMC PHY 5.0 or eMMC PHY 5.1 @@ -278,18 +280,27 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) /* get the wait time */ wait /= clock; wait++; - /* wait for host eMMC PHY init completes */ - udelay(wait); - reg = sdhci_readl(host, phy_regs->timing_adj); - reg &= XENON_PHY_INITIALIZAION; - if (reg) { + /* + * AC5X spec says bit must be polled until zero. + * We see cases in which timeout can take longer + * than the standard calculation on AC5X, which is + * expected following the spec comment above. + * According to the spec, we must wait as long as + * it takes for that bit to toggle on AC5X. + * Cap that with 100 delay loops so we won't get + * stuck here forever: + */ + + ret = read_poll_timeout(sdhci_readl, reg, + !(reg & XENON_PHY_INITIALIZAION), + wait, XENON_MAX_PHY_TIMEOUT_LOOPS * wait, + false, host, phy_regs->timing_adj); + if (ret) dev_err(mmc_dev(host->mmc), "eMMC PHY init cannot complete after %d us\n", - wait); - return -ETIMEDOUT; - } + wait * XENON_MAX_PHY_TIMEOUT_LOOPS); - return 0; + return ret; } #define ARMADA_3700_SOC_PAD_1_8V 0x1

1 year, 3 months

1
0
0 0

[PATCH regression fix] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume

by Hans de Goede

When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the device has already been turned off by the runtime-suspend handler and if configured for wakeup and the device is runtime-suspended at this point then it is not turned back on to serve as a wakeup source. Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable the regulators which as a side effect made calling poweroff() twice ok. Now that poweroff() correctly disables the regulators, doing this twice triggers a WARN() in the regulator core: unbalanced disables for regulator-dummy WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable ... Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if already runtime-suspended and add a poweron() call when necessary to make wakeup work. lis3lv02d_i2c_resume() has similar issues, with an added weirness that it always powers on the device if it is runtime suspended, after which the first runtime-resume will call poweron() again, causing the enabled count for the regulator to increase by 1 every suspend/resume. These unbalanced regulator_enable() calls cause the regulator to never be turned off and trigger the following WARN() on driver unbind: WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put Fix this by making lis3lv02d_i2c_resume() mirror the new suspend(). Fixes: b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback") Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/regressions/5fc6da74-af0a-4aac-b4d5-a000b39a63a5@mo… Cc: stable(a)vger.kernel.org Cc: regressions(a)lists.linux.dev Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c index c6eb27d46cb0..15119584473c 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c +++ b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c @@ -198,8 +198,14 @@ static int lis3lv02d_i2c_suspend(struct device *dev) struct i2c_client *client = to_i2c_client(dev); struct lis3lv02d *lis3 = i2c_get_clientdata(client); - if (!lis3->pdata || !lis3->pdata->wakeup_flags) + /* Turn on for wakeup if turned off by runtime suspend */ + if (lis3->pdata && lis3->pdata->wakeup_flags) { + if (pm_runtime_suspended(dev)) + lis3lv02d_poweron(lis3); + /* For non wakeup turn off if not already turned off by runtime suspend */ + } else if (!pm_runtime_suspended(dev)) lis3lv02d_poweroff(lis3); + return 0; } @@ -208,13 +214,12 @@ static int lis3lv02d_i2c_resume(struct device *dev) struct i2c_client *client = to_i2c_client(dev); struct lis3lv02d *lis3 = i2c_get_clientdata(client); - /* - * pm_runtime documentation says that devices should always - * be powered on at resume. Pm_runtime turns them off after system - * wide resume is complete. - */ - if (!lis3->pdata || !lis3->pdata->wakeup_flags || - pm_runtime_suspended(dev)) + /* Turn back off if turned on for wakeup and runtime suspended*/ + if (lis3->pdata && lis3->pdata->wakeup_flags) { + if (pm_runtime_suspended(dev)) + lis3lv02d_poweroff(lis3); + /* For non wakeup turn back on if not runtime suspended */ + } else if (!pm_runtime_suspended(dev)) lis3lv02d_poweron(lis3); return 0; -- 2.43.0

1 year, 3 months

4
4
0 0

FAILED: patch "[PATCH] ceph: switch to corrected encoding of max_xattr_size in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 51d31149a88b5c5a8d2d33f06df93f6187a25b4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030406-ambiguity-strict-2ed2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 51d31149a88b ("ceph: switch to corrected encoding of max_xattr_size in mdsmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51d31149a88b5c5a8d2d33f06df93f6187a25b4c Mon Sep 17 00:00:00 2001 From: Xiubo Li <xiubli(a)redhat.com> Date: Mon, 19 Feb 2024 13:14:32 +0800 Subject: [PATCH] ceph: switch to corrected encoding of max_xattr_size in mdsmap The addition of bal_rank_mask with encoding version 17 was merged into ceph.git in Oct 2022 and made it into v18.2.0 release normally. A few months later, the much delayed addition of max_xattr_size got merged, also with encoding version 17, placed before bal_rank_mask in the encoding -- but it didn't make v18.2.0 release. The way this ended up being resolved on the MDS side is that bal_rank_mask will continue to be encoded in version 17 while max_xattr_size is now encoded in version 18. This does mean that older kernels will misdecode version 17, but this is also true for v18.2.0 and v18.2.1 clients in userspace. The best we can do is backport this adjustment -- see ceph.git commit 78abfeaff27fee343fb664db633de5b221699a73 for details. [ idryomov: changelog ] Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/64440 Fixes: d93231a6bc8a ("ceph: prevent a client from exceeding the MDS maximum xattr size") Signed-off-by: Xiubo Li <xiubli(a)redhat.com> Reviewed-by: Patrick Donnelly <pdonnell(a)ibm.com> Reviewed-by: Venky Shankar <vshankar(a)redhat.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index fae97c25ce58..8109aba66e02 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -380,10 +380,11 @@ struct ceph_mdsmap *ceph_mdsmap_decode(struct ceph_mds_client *mdsc, void **p, ceph_decode_skip_8(p, end, bad_ext); /* required_client_features */ ceph_decode_skip_set(p, end, 64, bad_ext); + /* bal_rank_mask */ + ceph_decode_skip_string(p, end, bad_ext); + } + if (mdsmap_ev >= 18) { ceph_decode_64_safe(p, end, m->m_max_xattr_size, bad_ext); - } else { - /* This forces the usage of the (sync) SETXATTR Op */ - m->m_max_xattr_size = 0; } bad_ext: doutc(cl, "m_enabled: %d, m_damaged: %d, m_num_laggy: %d\n", diff --git a/fs/ceph/mdsmap.h b/fs/ceph/mdsmap.h index 89f1931f1ba6..1f2171dd01bf 100644 --- a/fs/ceph/mdsmap.h +++ b/fs/ceph/mdsmap.h @@ -27,7 +27,11 @@ struct ceph_mdsmap { u32 m_session_timeout; /* seconds */ u32 m_session_autoclose; /* seconds */ u64 m_max_file_size; - u64 m_max_xattr_size; /* maximum size for xattrs blob */ + /* + * maximum size for xattrs blob. + * Zeroed by default to force the usage of the (sync) SETXATTR Op. + */ + u64 m_max_xattr_size; u32 m_max_mds; /* expected up:active mds number */ u32 m_num_active_mds; /* actual up:active mds number */ u32 possible_max_rank; /* possible max rank index */

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ceph: switch to corrected encoding of max_xattr_size in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51d31149a88b5c5a8d2d33f06df93f6187a25b4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030405-life-despair-ad2e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 51d31149a88b ("ceph: switch to corrected encoding of max_xattr_size in mdsmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51d31149a88b5c5a8d2d33f06df93f6187a25b4c Mon Sep 17 00:00:00 2001 From: Xiubo Li <xiubli(a)redhat.com> Date: Mon, 19 Feb 2024 13:14:32 +0800 Subject: [PATCH] ceph: switch to corrected encoding of max_xattr_size in mdsmap The addition of bal_rank_mask with encoding version 17 was merged into ceph.git in Oct 2022 and made it into v18.2.0 release normally. A few months later, the much delayed addition of max_xattr_size got merged, also with encoding version 17, placed before bal_rank_mask in the encoding -- but it didn't make v18.2.0 release. The way this ended up being resolved on the MDS side is that bal_rank_mask will continue to be encoded in version 17 while max_xattr_size is now encoded in version 18. This does mean that older kernels will misdecode version 17, but this is also true for v18.2.0 and v18.2.1 clients in userspace. The best we can do is backport this adjustment -- see ceph.git commit 78abfeaff27fee343fb664db633de5b221699a73 for details. [ idryomov: changelog ] Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/64440 Fixes: d93231a6bc8a ("ceph: prevent a client from exceeding the MDS maximum xattr size") Signed-off-by: Xiubo Li <xiubli(a)redhat.com> Reviewed-by: Patrick Donnelly <pdonnell(a)ibm.com> Reviewed-by: Venky Shankar <vshankar(a)redhat.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index fae97c25ce58..8109aba66e02 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -380,10 +380,11 @@ struct ceph_mdsmap *ceph_mdsmap_decode(struct ceph_mds_client *mdsc, void **p, ceph_decode_skip_8(p, end, bad_ext); /* required_client_features */ ceph_decode_skip_set(p, end, 64, bad_ext); + /* bal_rank_mask */ + ceph_decode_skip_string(p, end, bad_ext); + } + if (mdsmap_ev >= 18) { ceph_decode_64_safe(p, end, m->m_max_xattr_size, bad_ext); - } else { - /* This forces the usage of the (sync) SETXATTR Op */ - m->m_max_xattr_size = 0; } bad_ext: doutc(cl, "m_enabled: %d, m_damaged: %d, m_num_laggy: %d\n", diff --git a/fs/ceph/mdsmap.h b/fs/ceph/mdsmap.h index 89f1931f1ba6..1f2171dd01bf 100644 --- a/fs/ceph/mdsmap.h +++ b/fs/ceph/mdsmap.h @@ -27,7 +27,11 @@ struct ceph_mdsmap { u32 m_session_timeout; /* seconds */ u32 m_session_autoclose; /* seconds */ u64 m_max_file_size; - u64 m_max_xattr_size; /* maximum size for xattrs blob */ + /* + * maximum size for xattrs blob. + * Zeroed by default to force the usage of the (sync) SETXATTR Op. + */ + u64 m_max_xattr_size; u32 m_max_mds; /* expected up:active mds number */ u32 m_num_active_mds; /* actual up:active mds number */ u32 possible_max_rank; /* possible max rank index */

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030457-stalemate-feast-3b12@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") fe8d33bd33d5 ("mmc: mmci_sdmmc: fix DMA API warning overlapping mappings") 127e6e98ca9b ("mmc: mmci_sdmmc: Replace sg_dma_xxx macros") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-crudeness-popcorn-ce16@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030453-spectacle-evade-eaed@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030434-underling-helmet-8fbe@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030433-nickname-giblet-5b8d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030433-wand-unicorn-9af0@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b979f2d50a099f3402418d7ff5f26c3952fb08bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-jolly-catcall-c2e8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b979f2d50a09 ("soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free") 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") f86955f2b1ff ("soc: qcom: pmic_glink: fix connector type to be DisplayPort") 5692aeea5bcb ("soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b979f2d50a099f3402418d7ff5f26c3952fb08bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Sat, 17 Feb 2024 16:02:25 +0100 Subject: [PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit'] Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: <stable(a)vger.kernel.org> # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-4-johan+l… diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x b979f2d50a099f3402418d7ff5f26c3952fb08bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030452-unlatch-jailer-3f13@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: b979f2d50a09 ("soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free") 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b979f2d50a099f3402418d7ff5f26c3952fb08bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Sat, 17 Feb 2024 16:02:25 +0100 Subject: [PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit'] Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: <stable(a)vger.kernel.org> # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-4-johan+l… diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix double free of anonymous device after snapshot" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e2b54eaf28df0c978626c9736b94f003b523b451 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-ensure-outward-f8cc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e2b54eaf28df ("btrfs: fix double free of anonymous device after snapshot creation failure") e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") caae78e03234 ("btrfs: move common inode creation code into btrfs_create_new_inode()") 3538d68dbd97 ("btrfs: reserve correct number of items for inode creation") 5f465bf1f15a ("btrfs: factor out common part of btrfs_{mknod,create,mkdir}()") a1fd0c35ffe3 ("btrfs: allocate inode outside of btrfs_new_inode()") 305eaac00911 ("btrfs: set inode flags earlier in btrfs_new_inode()") 6437d4583531 ("btrfs: move btrfs_get_free_objectid() call into btrfs_new_inode()") 23c24ef8e418 ("btrfs: don't pass parent objectid to btrfs_new_inode() explicitly") 75b993cf4305 ("btrfs: remove unused mnt_userns parameter from __btrfs_set_acl") c51fa51190f9 ("btrfs: remove unnecessary set_nlink() in btrfs_create_subvol_root()") 6d831f7ef9f0 ("btrfs: remove unnecessary inode_set_bytes(0) call") 9124e15f2798 ("btrfs: remove unnecessary btrfs_i_size_write(0) calls") 81512e89f2b7 ("btrfs: get rid of btrfs_add_nondir()") 2256e901f5bd ("btrfs: fix anon_dev leak in create_subvol()") c16218714307 ("btrfs: reserve correct number of items for rename") 1b58ae0e4d3e ("btrfs: skip transaction commit after failure to create subvolume") 33fab972497a ("btrfs: fix double free of anon_dev after failure to create subvolume") b7ef5f3a6f37 ("btrfs: loop only once over data sizes array when inserting an item batch") 086dcbfa50d3 ("btrfs: insert items in batches when logging a directory when possible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2b54eaf28df0c978626c9736b94f003b523b451 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 23 Feb 2024 16:38:43 +0000 Subject: [PATCH] btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking; 5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK> btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 </TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(), so this change may not fix the case triggered by syzbot. To fix at least the code path from the example above, change btrfs_get_root_ref() and its callers to receive a dev_t pointer argument for the anonymous device number, so that in case it frees the number, it also resets it to 0, so that up in the call chain we don't attempt to do the double free. CC: stable(a)vger.kernel.org # 5.10+ Link: https://lore.kernel.org/linux-btrfs/000000000000f673a1061202f630@google.com/ Fixes: e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index e71ef97d0a7c..c843563914ca 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1307,12 +1307,12 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info) * * @objectid: root id * @anon_dev: preallocated anonymous block device number for new roots, - * pass 0 for new allocation. + * pass NULL for a new allocation. * @check_ref: whether to check root item references, If true, return -ENOENT * for orphan roots */ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev, + u64 objectid, dev_t *anon_dev, bool check_ref) { struct btrfs_root *root; @@ -1342,9 +1342,9 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * that common but still possible. In that case, we just need * to free the anon_dev. */ - if (unlikely(anon_dev)) { - free_anon_bdev(anon_dev); - anon_dev = 0; + if (unlikely(anon_dev && *anon_dev)) { + free_anon_bdev(*anon_dev); + *anon_dev = 0; } if (check_ref && btrfs_root_refs(&root->root_item) == 0) { @@ -1366,7 +1366,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, goto fail; } - ret = btrfs_init_fs_root(root, anon_dev); + ret = btrfs_init_fs_root(root, anon_dev ? *anon_dev : 0); if (ret) goto fail; @@ -1402,7 +1402,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * root's anon_dev to 0 to avoid a double free, once by btrfs_put_root() * and once again by our caller. */ - if (anon_dev) + if (anon_dev && *anon_dev) root->anon_dev = 0; btrfs_put_root(root); return ERR_PTR(ret); @@ -1418,7 +1418,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref) { - return btrfs_get_root_ref(fs_info, objectid, 0, check_ref); + return btrfs_get_root_ref(fs_info, objectid, NULL, check_ref); } /* @@ -1426,11 +1426,11 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, * the anonymous block device id * * @objectid: tree objectid - * @anon_dev: if zero, allocate a new anonymous block device or use the - * parameter value + * @anon_dev: if NULL, allocate a new anonymous block device or use the + * parameter value if not NULL */ struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev) + u64 objectid, dev_t *anon_dev) { return btrfs_get_root_ref(fs_info, objectid, anon_dev, true); } diff --git a/fs/btrfs/disk-io.h b/fs/btrfs/disk-io.h index 9413726b329b..eb3473d1c1ac 100644 --- a/fs/btrfs/disk-io.h +++ b/fs/btrfs/disk-io.h @@ -61,7 +61,7 @@ void btrfs_free_fs_roots(struct btrfs_fs_info *fs_info); struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref); struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev); + u64 objectid, dev_t *anon_dev); struct btrfs_root *btrfs_get_fs_root_commit_root(struct btrfs_fs_info *fs_info, struct btrfs_path *path, u64 objectid); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index fb2323b323bf..b004e3b75311 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -721,7 +721,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, free_extent_buffer(leaf); leaf = NULL; - new_root = btrfs_get_new_fs_root(fs_info, objectid, anon_dev); + new_root = btrfs_get_new_fs_root(fs_info, objectid, &anon_dev); if (IS_ERR(new_root)) { ret = PTR_ERR(new_root); btrfs_abort_transaction(trans, ret); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index c52807d97efa..bf8e64c766b6 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1834,7 +1834,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, } key.offset = (u64)-1; - pending->snap = btrfs_get_new_fs_root(fs_info, objectid, pending->anon_dev); + pending->snap = btrfs_get_new_fs_root(fs_info, objectid, &pending->anon_dev); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); pending->snap = NULL;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix double free of anonymous device after snapshot" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e2b54eaf28df0c978626c9736b94f003b523b451 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030451-curtly-phoney-bfc5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e2b54eaf28df ("btrfs: fix double free of anonymous device after snapshot creation failure") e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") caae78e03234 ("btrfs: move common inode creation code into btrfs_create_new_inode()") 3538d68dbd97 ("btrfs: reserve correct number of items for inode creation") 5f465bf1f15a ("btrfs: factor out common part of btrfs_{mknod,create,mkdir}()") a1fd0c35ffe3 ("btrfs: allocate inode outside of btrfs_new_inode()") 305eaac00911 ("btrfs: set inode flags earlier in btrfs_new_inode()") 6437d4583531 ("btrfs: move btrfs_get_free_objectid() call into btrfs_new_inode()") 23c24ef8e418 ("btrfs: don't pass parent objectid to btrfs_new_inode() explicitly") 75b993cf4305 ("btrfs: remove unused mnt_userns parameter from __btrfs_set_acl") c51fa51190f9 ("btrfs: remove unnecessary set_nlink() in btrfs_create_subvol_root()") 6d831f7ef9f0 ("btrfs: remove unnecessary inode_set_bytes(0) call") 9124e15f2798 ("btrfs: remove unnecessary btrfs_i_size_write(0) calls") 81512e89f2b7 ("btrfs: get rid of btrfs_add_nondir()") 2256e901f5bd ("btrfs: fix anon_dev leak in create_subvol()") c16218714307 ("btrfs: reserve correct number of items for rename") 1b58ae0e4d3e ("btrfs: skip transaction commit after failure to create subvolume") 33fab972497a ("btrfs: fix double free of anon_dev after failure to create subvolume") b7ef5f3a6f37 ("btrfs: loop only once over data sizes array when inserting an item batch") 086dcbfa50d3 ("btrfs: insert items in batches when logging a directory when possible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2b54eaf28df0c978626c9736b94f003b523b451 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 23 Feb 2024 16:38:43 +0000 Subject: [PATCH] btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking; 5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK> btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 </TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(), so this change may not fix the case triggered by syzbot. To fix at least the code path from the example above, change btrfs_get_root_ref() and its callers to receive a dev_t pointer argument for the anonymous device number, so that in case it frees the number, it also resets it to 0, so that up in the call chain we don't attempt to do the double free. CC: stable(a)vger.kernel.org # 5.10+ Link: https://lore.kernel.org/linux-btrfs/000000000000f673a1061202f630@google.com/ Fixes: e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index e71ef97d0a7c..c843563914ca 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1307,12 +1307,12 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info) * * @objectid: root id * @anon_dev: preallocated anonymous block device number for new roots, - * pass 0 for new allocation. + * pass NULL for a new allocation. * @check_ref: whether to check root item references, If true, return -ENOENT * for orphan roots */ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev, + u64 objectid, dev_t *anon_dev, bool check_ref) { struct btrfs_root *root; @@ -1342,9 +1342,9 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * that common but still possible. In that case, we just need * to free the anon_dev. */ - if (unlikely(anon_dev)) { - free_anon_bdev(anon_dev); - anon_dev = 0; + if (unlikely(anon_dev && *anon_dev)) { + free_anon_bdev(*anon_dev); + *anon_dev = 0; } if (check_ref && btrfs_root_refs(&root->root_item) == 0) { @@ -1366,7 +1366,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, goto fail; } - ret = btrfs_init_fs_root(root, anon_dev); + ret = btrfs_init_fs_root(root, anon_dev ? *anon_dev : 0); if (ret) goto fail; @@ -1402,7 +1402,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * root's anon_dev to 0 to avoid a double free, once by btrfs_put_root() * and once again by our caller. */ - if (anon_dev) + if (anon_dev && *anon_dev) root->anon_dev = 0; btrfs_put_root(root); return ERR_PTR(ret); @@ -1418,7 +1418,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref) { - return btrfs_get_root_ref(fs_info, objectid, 0, check_ref); + return btrfs_get_root_ref(fs_info, objectid, NULL, check_ref); } /* @@ -1426,11 +1426,11 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, * the anonymous block device id * * @objectid: tree objectid - * @anon_dev: if zero, allocate a new anonymous block device or use the - * parameter value + * @anon_dev: if NULL, allocate a new anonymous block device or use the + * parameter value if not NULL */ struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev) + u64 objectid, dev_t *anon_dev) { return btrfs_get_root_ref(fs_info, objectid, anon_dev, true); } diff --git a/fs/btrfs/disk-io.h b/fs/btrfs/disk-io.h index 9413726b329b..eb3473d1c1ac 100644 --- a/fs/btrfs/disk-io.h +++ b/fs/btrfs/disk-io.h @@ -61,7 +61,7 @@ void btrfs_free_fs_roots(struct btrfs_fs_info *fs_info); struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref); struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev); + u64 objectid, dev_t *anon_dev); struct btrfs_root *btrfs_get_fs_root_commit_root(struct btrfs_fs_info *fs_info, struct btrfs_path *path, u64 objectid); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index fb2323b323bf..b004e3b75311 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -721,7 +721,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, free_extent_buffer(leaf); leaf = NULL; - new_root = btrfs_get_new_fs_root(fs_info, objectid, anon_dev); + new_root = btrfs_get_new_fs_root(fs_info, objectid, &anon_dev); if (IS_ERR(new_root)) { ret = PTR_ERR(new_root); btrfs_abort_transaction(trans, ret); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index c52807d97efa..bf8e64c766b6 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1834,7 +1834,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, } key.offset = (u64)-1; - pending->snap = btrfs_get_new_fs_root(fs_info, objectid, pending->anon_dev); + pending->snap = btrfs_get_new_fs_root(fs_info, objectid, &pending->anon_dev); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); pending->snap = NULL;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] TOMOYO: Add policy namespace support." failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x bd03a3e4c9a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030412-composer-onset-5496@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sun, 26 Jun 2011 23:19:52 +0900 Subject: [PATCH] TOMOYO: Add policy namespace support. Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris(a)namei.org> diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index e882f17065f2..ef2172f29583 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -151,13 +151,15 @@ static unsigned int tomoyo_log_count; /** * tomoyo_get_audit - Get audit mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * @is_granted: True if granted log, false otherwise. * * Returns true if this request should be audited, false otherwise. */ -static bool tomoyo_get_audit(const u8 profile, const u8 index, +static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, + const u8 profile, const u8 index, const bool is_granted) { u8 mode; @@ -165,7 +167,7 @@ static bool tomoyo_get_audit(const u8 profile, const u8 index, struct tomoyo_profile *p; if (!tomoyo_policy_loaded) return false; - p = tomoyo_profile(profile); + p = tomoyo_profile(ns, profile); if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) return false; mode = p->config[index]; @@ -194,7 +196,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, char *buf; struct tomoyo_log *entry; bool quota_exceeded = false; - if (!tomoyo_get_audit(r->profile, r->type, r->granted)) + if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted)) goto out; buf = tomoyo_init_log(r, len, fmt, args); if (!buf) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 507ebf01e43b..50481d2cf970 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -11,12 +11,6 @@ #include <linux/security.h> #include "common.h" -/* Profile version. Currently only 20090903 is defined. */ -static unsigned int tomoyo_profile_version; - -/* Profile table. Memory is allocated as needed. */ -static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; - /* String table for operation mode. */ const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { [TOMOYO_CONFIG_DISABLED] = "disabled", @@ -216,6 +210,50 @@ static void tomoyo_set_slash(struct tomoyo_io_buffer *head) tomoyo_set_string(head, "/"); } +/* List of namespaces. */ +LIST_HEAD(tomoyo_namespace_list); +/* True if namespace other than tomoyo_kernel_namespace is defined. */ +static bool tomoyo_namespace_enabled; + +/** + * tomoyo_init_policy_namespace - Initialize namespace. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * + * Returns nothing. + */ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) +{ + unsigned int idx; + for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) + INIT_LIST_HEAD(&ns->acl_group[idx]); + for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) + INIT_LIST_HEAD(&ns->group_list[idx]); + for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) + INIT_LIST_HEAD(&ns->policy_list[idx]); + ns->profile_version = 20100903; + tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); + list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); +} + +/** + * tomoyo_print_namespace - Print namespace header. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) +{ + if (!tomoyo_namespace_enabled) + return; + tomoyo_set_string(head, + container_of(head->r.ns, + struct tomoyo_policy_namespace, + namespace_list)->name); + tomoyo_set_space(head); +} + /** * tomoyo_print_name_union - Print a tomoyo_name_union. * @@ -283,23 +321,25 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, /** * tomoyo_assign_profile - Create a new profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to create. * * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. */ -static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) +static struct tomoyo_profile *tomoyo_assign_profile +(struct tomoyo_policy_namespace *ns, const unsigned int profile) { struct tomoyo_profile *ptr; struct tomoyo_profile *entry; if (profile >= TOMOYO_MAX_PROFILES) return NULL; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (ptr) return ptr; entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (!ptr && tomoyo_memory_ok(entry)) { ptr = entry; ptr->default_config = TOMOYO_CONFIG_DISABLED | @@ -310,7 +350,7 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; mb(); /* Avoid out-of-order execution. */ - tomoyo_profile_ptr[profile] = ptr; + ns->profile_ptr[profile] = ptr; entry = NULL; } mutex_unlock(&tomoyo_policy_lock); @@ -322,14 +362,16 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) /** * tomoyo_profile - Find a profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to find. * * Returns pointer to "struct tomoyo_profile". */ -struct tomoyo_profile *tomoyo_profile(const u8 profile) +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile) { static struct tomoyo_profile tomoyo_null_profile; - struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; + struct tomoyo_profile *ptr = ns->profile_ptr[profile]; if (!ptr) ptr = &tomoyo_null_profile; return ptr; @@ -454,13 +496,14 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) unsigned int i; char *cp; struct tomoyo_profile *profile; - if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) + if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) + == 1) return 0; i = simple_strtoul(data, &cp, 10); if (*cp != '-') return -EINVAL; data = cp + 1; - profile = tomoyo_assign_profile(i); + profile = tomoyo_assign_profile(head->w.ns, i); if (!profile) return -EINVAL; cp = strchr(data, '='); @@ -518,19 +561,25 @@ static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) static void tomoyo_read_profile(struct tomoyo_io_buffer *head) { u8 index; + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); const struct tomoyo_profile *profile; + if (head->r.eof) + return; next: index = head->r.index; - profile = tomoyo_profile_ptr[index]; + profile = ns->profile_ptr[index]; switch (head->r.step) { case 0: - tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 20090903); + tomoyo_print_namespace(head); + tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", + ns->profile_version); head->r.step++; break; case 1: for ( ; head->r.index < TOMOYO_MAX_PROFILES; head->r.index++) - if (tomoyo_profile_ptr[head->r.index]) + if (ns->profile_ptr[head->r.index]) break; if (head->r.index == TOMOYO_MAX_PROFILES) return; @@ -541,6 +590,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) u8 i; const struct tomoyo_path_info *comment = profile->comment; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-COMMENT=", index); tomoyo_set_string(head, comment ? comment->name : ""); tomoyo_set_lf(head); @@ -555,6 +605,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) break; case 3: { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); tomoyo_print_config(head, profile->default_config); head->r.bit = 0; @@ -568,6 +619,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) const u8 config = profile->config[i]; if (config == TOMOYO_CONFIG_USE_DEFAULT) continue; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", tomoyo_mac_keywords[i]); tomoyo_print_config(head, config); @@ -607,8 +659,10 @@ static int tomoyo_update_manager_entry(const char *manager, { struct tomoyo_manager e = { }; struct tomoyo_acl_param param = { + /* .ns = &tomoyo_kernel_namespace, */ .is_delete = is_delete, - .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER], + .list = &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], }; int error = is_delete ? -ENOENT : -ENOMEM; if (tomoyo_domain_def(manager)) { @@ -640,13 +694,12 @@ static int tomoyo_update_manager_entry(const char *manager, static int tomoyo_write_manager(struct tomoyo_io_buffer *head) { char *data = head->write_buf; - bool is_delete = tomoyo_str_starts(&data, "delete "); if (!strcmp(data, "manage_by_non_root")) { - tomoyo_manage_by_non_root = !is_delete; + tomoyo_manage_by_non_root = !head->w.is_delete; return 0; } - return tomoyo_update_manager_entry(data, is_delete); + return tomoyo_update_manager_entry(data, head->w.is_delete); } /** @@ -660,8 +713,8 @@ static void tomoyo_read_manager(struct tomoyo_io_buffer *head) { if (head->r.eof) return; - list_for_each_cookie(head->r.acl, - &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { + list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER]) { struct tomoyo_manager *ptr = list_entry(head->r.acl, typeof(*ptr), head.list); if (ptr->head.is_deleted) @@ -694,8 +747,8 @@ static bool tomoyo_manager(void) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && ptr->is_domain && !tomoyo_pathcmp(domainname, ptr->manager)) { found = true; @@ -707,8 +760,8 @@ static bool tomoyo_manager(void) exe = tomoyo_get_exe(); if (!exe) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && !ptr->is_domain && !strcmp(exe, ptr->manager->name)) { found = true; @@ -729,7 +782,7 @@ static bool tomoyo_manager(void) } /** - * tomoyo_select_one - Parse select command. + * tomoyo_select_domain - Parse select command. * * @head: Pointer to "struct tomoyo_io_buffer". * @data: String to parse. @@ -738,16 +791,15 @@ static bool tomoyo_manager(void) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) +static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, + const char *data) { unsigned int pid; struct tomoyo_domain_info *domain = NULL; bool global_pid = false; - - if (!strcmp(data, "allow_execute")) { - head->r.print_execute_only = true; - return true; - } + if (strncmp(data, "select ", 7)) + return false; + data += 7; if (sscanf(data, "pid=%u", &pid) == 1 || (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { struct task_struct *p; @@ -818,6 +870,7 @@ static int tomoyo_delete_domain(char *domainname) /** * tomoyo_write_domain2 - Write domain policy. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @list: Pointer to "struct list_head". * @data: Policy to be interpreted. * @is_delete: True if it is a delete request. @@ -826,10 +879,12 @@ static int tomoyo_delete_domain(char *domainname) * * Caller holds tomoyo_read_lock(). */ -static int tomoyo_write_domain2(struct list_head *list, char *data, +static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, + struct list_head *list, char *data, const bool is_delete) { struct tomoyo_acl_param param = { + .ns = ns, .list = list, .data = data, .is_delete = is_delete, @@ -862,37 +917,28 @@ static int tomoyo_write_domain2(struct list_head *list, char *data, static int tomoyo_write_domain(struct tomoyo_io_buffer *head) { char *data = head->write_buf; + struct tomoyo_policy_namespace *ns; struct tomoyo_domain_info *domain = head->w.domain; - bool is_delete = false; - bool is_select = false; + const bool is_delete = head->w.is_delete; + bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); unsigned int profile; - - if (tomoyo_str_starts(&data, "delete ")) - is_delete = true; - else if (tomoyo_str_starts(&data, "select ")) - is_select = true; - if (is_select && tomoyo_select_one(head, data)) - return 0; - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; - if (tomoyo_domain_def(data)) { + if (*data == '<') { domain = NULL; if (is_delete) tomoyo_delete_domain(data); else if (is_select) domain = tomoyo_find_domain(data); else - domain = tomoyo_assign_domain(data, 0); + domain = tomoyo_assign_domain(data, false); head->w.domain = domain; return 0; } if (!domain) return -EINVAL; - + ns = domain->ns; if (sscanf(data, "use_profile %u", &profile) == 1 && profile < TOMOYO_MAX_PROFILES) { - if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) + if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) domain->profile = (u8) profile; return 0; } @@ -910,7 +956,8 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) domain->transition_failed = !is_delete; return 0; } - return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete); + return tomoyo_write_domain2(ns, &domain->acl_info_list, data, + is_delete); } /** @@ -924,9 +971,11 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) static void tomoyo_set_group(struct tomoyo_io_buffer *head, const char *category) { - if (head->type == TOMOYO_EXCEPTIONPOLICY) + if (head->type == TOMOYO_EXCEPTIONPOLICY) { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "acl_group %u ", head->r.acl_group_index); + } tomoyo_set_string(head, category); } @@ -956,7 +1005,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { if (!(perm & (1 << bit))) continue; - if (head->r.print_execute_only && + if (head->r.print_transition_related_only && bit != TOMOYO_TYPE_EXECUTE) continue; if (first) { @@ -970,7 +1019,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, if (first) return true; tomoyo_print_name_union(head, &ptr->name); - } else if (head->r.print_execute_only) { + } else if (head->r.print_transition_related_only) { return true; } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { struct tomoyo_path2_acl *ptr = @@ -1147,8 +1196,8 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) domain = tomoyo_find_domain(cp + 1); if (strict_strtoul(data, 10, &profile)) return -EINVAL; - if (domain && profile < TOMOYO_MAX_PROFILES - && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) + if (domain && (!tomoyo_policy_loaded || + head->w.ns->profile_ptr[(u8) profile])) domain->profile = (u8) profile; return 0; } @@ -1246,10 +1295,12 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) } static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { - [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain", - [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain", - [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain", - [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain", + [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", + [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", + [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", }; static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { @@ -1268,19 +1319,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { */ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) { + const bool is_delete = head->w.is_delete; struct tomoyo_acl_param param = { + .ns = head->w.ns, + .is_delete = is_delete, .data = head->write_buf, }; u8 i; - param.is_delete = tomoyo_str_starts(&param.data, "delete "); - if (!param.is_delete && tomoyo_str_starts(&param.data, "select ") && - !strcmp(param.data, "execute_only")) { - head->r.print_execute_only = true; - return 0; - } - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; if (tomoyo_str_starts(&param.data, "aggregator ")) return tomoyo_write_aggregator(&param); for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) @@ -1294,8 +1339,9 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) char *data; group = simple_strtoul(param.data, &data, 10); if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') - return tomoyo_write_domain2(&tomoyo_acl_group[group], - data, param.is_delete); + return tomoyo_write_domain2 + (head->w.ns, &head->w.ns->acl_group[group], + data, is_delete); } return -EINVAL; } @@ -1312,7 +1358,10 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) */ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->group_list[idx]; + list_for_each_cookie(head->r.group, list) { struct tomoyo_group *group = list_entry(head->r.group, typeof(*group), head.list); list_for_each_cookie(head->r.acl, &group->member_list) { @@ -1322,6 +1371,7 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) continue; if (!tomoyo_flush(head)) return false; + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_group_name[idx]); tomoyo_set_string(head, group->group_name->name); if (idx == TOMOYO_PATH_GROUP) { @@ -1355,7 +1405,10 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) */ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->policy_list[idx]; + list_for_each_cookie(head->r.acl, list) { struct tomoyo_acl_head *acl = container_of(head->r.acl, typeof(*acl), list); if (acl->is_deleted) @@ -1367,6 +1420,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_transition_control *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_transition_type [ptr->type]); tomoyo_set_string(head, ptr->program ? @@ -1381,6 +1435,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_aggregator *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, "aggregator "); tomoyo_set_string(head, ptr->original_name->name); @@ -1407,6 +1462,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) */ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); if (head->r.eof) return; while (head->r.step < TOMOYO_MAX_POLICY && @@ -1423,7 +1480,7 @@ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) + TOMOYO_MAX_ACL_GROUPS) { head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY - TOMOYO_MAX_GROUP; - if (!tomoyo_read_domain2(head, &tomoyo_acl_group + if (!tomoyo_read_domain2(head, &ns->acl_group [head->r.acl_group_index])) return; head->r.step++; @@ -1484,7 +1541,8 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) return; snprintf(buffer, len - 1, "%s", cp); tomoyo_normalize_line(buffer); - tomoyo_write_domain2(&domain->acl_info_list, buffer, false); + tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, + false); kfree(buffer); } @@ -1895,6 +1953,45 @@ int tomoyo_poll_control(struct file *file, poll_table *wait) return head->poll(file, wait); } +/** + * tomoyo_set_namespace_cursor - Set namespace to read. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) +{ + struct list_head *ns; + if (head->type != TOMOYO_EXCEPTIONPOLICY && + head->type != TOMOYO_PROFILE) + return; + /* + * If this is the first read, or reading previous namespace finished + * and has more namespaces to read, update the namespace cursor. + */ + ns = head->r.ns; + if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { + /* Clearing is OK because tomoyo_flush() returned true. */ + memset(&head->r, 0, sizeof(head->r)); + head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; + } +} + +/** + * tomoyo_has_more_namespace - Check for unread namespaces. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns true if we have more entries to print, false otherwise. + */ +static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) +{ + return (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) && head->r.eof && + head->r.ns->next != &tomoyo_namespace_list; +} + /** * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. * @@ -1919,13 +2016,53 @@ int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, head->read_user_buf_avail = buffer_len; if (tomoyo_flush(head)) /* Call the policy handler. */ - head->read(head); - tomoyo_flush(head); + do { + tomoyo_set_namespace_cursor(head); + head->read(head); + } while (tomoyo_flush(head) && + tomoyo_has_more_namespace(head)); len = head->read_user_buf - buffer; mutex_unlock(&head->io_sem); return len; } +/** + * tomoyo_parse_policy - Parse a policy line. + * + * @head: Poiter to "struct tomoyo_io_buffer". + * @line: Line to parse. + * + * Returns 0 on success, negative value otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) +{ + /* Delete request? */ + head->w.is_delete = !strncmp(line, "delete ", 7); + if (head->w.is_delete) + memmove(line, line + 7, strlen(line + 7) + 1); + /* Selecting namespace to update. */ + if (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) { + if (*line == '<') { + char *cp = strchr(line, ' '); + if (cp) { + *cp++ = '\0'; + head->w.ns = tomoyo_assign_namespace(line); + memmove(line, cp, strlen(cp) + 1); + } else + head->w.ns = NULL; + } else + head->w.ns = &tomoyo_kernel_namespace; + /* Don't allow updating if namespace is invalid. */ + if (!head->w.ns) + return -ENOENT; + } + /* Do the update. */ + return head->write(head); +} + /** * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. * @@ -1941,27 +2078,31 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, const char __user *buffer, const int buffer_len) { int error = buffer_len; - int avail_len = buffer_len; + size_t avail_len = buffer_len; char *cp0 = head->write_buf; - if (!head->write) return -ENOSYS; if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT; - /* Don't allow updating policies by non manager programs. */ - if (head->write != tomoyo_write_pid && - head->write != tomoyo_write_domain && - head->write != tomoyo_write_exception && !tomoyo_manager()) - return -EPERM; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; /* Read a line and dispatch it to the policy handler. */ while (avail_len > 0) { char c; if (head->w.avail >= head->writebuf_size - 1) { - error = -ENOMEM; - break; - } else if (get_user(c, buffer)) { + const int len = head->writebuf_size * 2; + char *cp = kzalloc(len, GFP_NOFS); + if (!cp) { + error = -ENOMEM; + break; + } + memmove(cp, cp0, head->w.avail); + kfree(cp0); + head->write_buf = cp; + cp0 = cp; + head->writebuf_size = len; + } + if (get_user(c, buffer)) { error = -EFAULT; break; } @@ -1973,8 +2114,40 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, cp0[head->w.avail - 1] = '\0'; head->w.avail = 0; tomoyo_normalize_line(cp0); - head->write(head); + if (!strcmp(cp0, "reset")) { + head->w.ns = &tomoyo_kernel_namespace; + head->w.domain = NULL; + memset(&head->r, 0, sizeof(head->r)); + continue; + } + /* Don't allow updating policies by non manager programs. */ + switch (head->type) { + case TOMOYO_PROCESS_STATUS: + /* This does not write anything. */ + break; + case TOMOYO_DOMAINPOLICY: + if (tomoyo_select_domain(head, cp0)) + continue; + /* fall through */ + case TOMOYO_EXCEPTIONPOLICY: + if (!strcmp(cp0, "select transition_only")) { + head->r.print_transition_related_only = true; + continue; + } + /* fall through */ + default: + if (!tomoyo_manager()) { + error = -EPERM; + goto out; + } + } + switch (tomoyo_parse_policy(head, cp0)) { + case -EPERM: + error = -EPERM; + goto out; + } } +out: mutex_unlock(&head->io_sem); return error; } @@ -2019,27 +2192,27 @@ void tomoyo_check_profile(void) struct tomoyo_domain_info *domain; const int idx = tomoyo_read_lock(); tomoyo_policy_loaded = true; - /* Check all profiles currently assigned to domains are defined. */ + printk(KERN_INFO "TOMOYO: 2.4.0\n"); list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { const u8 profile = domain->profile; - if (tomoyo_profile_ptr[profile]) + const struct tomoyo_policy_namespace *ns = domain->ns; + if (ns->profile_version != 20100903) + printk(KERN_ERR + "Profile version %u is not supported.\n", + ns->profile_version); + else if (!ns->profile_ptr[profile]) + printk(KERN_ERR + "Profile %u (used by '%s') is not defined.\n", + profile, domain->domainname->name); + else continue; - printk(KERN_ERR "You need to define profile %u before using it.\n", - profile); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " + printk(KERN_ERR + "Userland tools for TOMOYO 2.4 must be installed and " + "policy must be initialized.\n"); + printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " "for more information.\n"); - panic("Profile %u (used by '%s') not defined.\n", - profile, domain->domainname->name); + panic("STOP!"); } tomoyo_read_unlock(idx); - if (tomoyo_profile_version != 20090903) { - printk(KERN_ERR "You need to install userland programs for " - "TOMOYO 2.3 and initialize policy configuration.\n"); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " - "for more information.\n"); - panic("Profile version %u is not supported.\n", - tomoyo_profile_version); - } - printk(KERN_INFO "TOMOYO: 2.3.0\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 4bc3975516cb..53c8798e38b7 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -74,10 +74,6 @@ enum tomoyo_group_id { TOMOYO_MAX_GROUP }; -/* A domain definition starts with <kernel>. */ -#define TOMOYO_ROOT_NAME "<kernel>" -#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) - /* Index numbers for type of numeric values. */ enum tomoyo_value_type { TOMOYO_VALUE_TYPE_INVALID, @@ -89,6 +85,8 @@ enum tomoyo_value_type { /* Index numbers for domain transition control keywords. */ enum tomoyo_transition_type { /* Do not change this order, */ + TOMOYO_TRANSITION_CONTROL_NO_RESET, + TOMOYO_TRANSITION_CONTROL_RESET, TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, TOMOYO_TRANSITION_CONTROL_INITIALIZE, TOMOYO_TRANSITION_CONTROL_NO_KEEP, @@ -246,6 +244,8 @@ struct tomoyo_shared_acl_head { atomic_t users; } __packed; +struct tomoyo_policy_namespace; + /* Structure for request info. */ struct tomoyo_request_info { struct tomoyo_domain_info *domain; @@ -359,6 +359,8 @@ struct tomoyo_domain_info { struct list_head acl_info_list; /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; + /* Namespace for this domain. Never NULL. */ + struct tomoyo_policy_namespace *ns; u8 profile; /* Profile number to use. */ u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ @@ -423,6 +425,7 @@ struct tomoyo_mount_acl { struct tomoyo_acl_param { char *data; struct list_head *list; + struct tomoyo_policy_namespace *ns; bool is_delete; }; @@ -443,6 +446,7 @@ struct tomoyo_io_buffer { char __user *read_user_buf; int read_user_buf_avail; struct { + struct list_head *ns; struct list_head *domain; struct list_head *group; struct list_head *acl; @@ -455,14 +459,16 @@ struct tomoyo_io_buffer { u8 w_pos; bool eof; bool print_this_domain_only; - bool print_execute_only; + bool print_transition_related_only; const char *w[TOMOYO_MAX_IO_READ_QUEUE]; } r; struct { + struct tomoyo_policy_namespace *ns; /* The position currently writing to. */ struct tomoyo_domain_info *domain; /* Bytes available for writing. */ int avail; + bool is_delete; } w; /* Buffer for reading. */ char *read_buf; @@ -533,8 +539,27 @@ struct tomoyo_time { u8 sec; }; +/* Structure for policy namespace. */ +struct tomoyo_policy_namespace { + /* Profile table. Memory is allocated as needed. */ + struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; + /* List of "struct tomoyo_group". */ + struct list_head group_list[TOMOYO_MAX_GROUP]; + /* List of policy. */ + struct list_head policy_list[TOMOYO_MAX_POLICY]; + /* The global ACL referred by "use_group" keyword. */ + struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; + /* List for connecting to tomoyo_namespace_list list. */ + struct list_head namespace_list; + /* Profile version. Currently only 20100903 is defined. */ + unsigned int profile_version; + /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ + const char *name; +}; + /********** Function prototypes. **********/ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); bool tomoyo_str_starts(char **src, const char *find); const char *tomoyo_get_exe(void); void tomoyo_normalize_line(unsigned char *buffer); @@ -553,7 +578,8 @@ tomoyo_compare_name_union(const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); bool tomoyo_compare_number_union(const unsigned long value, const struct tomoyo_number_union *ptr); -int tomoyo_get_mode(const u8 profile, const u8 index); +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index); void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); bool tomoyo_correct_domain(const unsigned char *domainname); @@ -589,8 +615,11 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile); -struct tomoyo_profile *tomoyo_profile(const u8 profile); + const bool transit); +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile); +struct tomoyo_policy_namespace *tomoyo_assign_namespace +(const char *domainname); struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, @@ -646,6 +675,8 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param); bool tomoyo_permstr(const char *string, const char *keyword); const char *tomoyo_yesno(const unsigned int value); +void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); void tomoyo_read_log(struct tomoyo_io_buffer *head); @@ -661,8 +692,6 @@ extern struct srcu_struct tomoyo_ss; /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; /* Lock for protecting policy. */ @@ -671,10 +700,10 @@ extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; -extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The kernel's domain. */ extern struct tomoyo_domain_info tomoyo_kernel_domain; +extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; +extern struct list_head tomoyo_namespace_list; extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; @@ -809,6 +838,16 @@ static inline bool tomoyo_same_number_union a->value_type[1] == b->value_type[1]; } +/** + * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. + * + * Returns pointer to "struct tomoyo_policy_namespace" for current thread. + */ +static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) +{ + return tomoyo_domain()->ns; +} + #if defined(CONFIG_SLOB) /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index af5f325e2f33..71acebc747c3 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -12,9 +12,6 @@ /* Variables definitions.*/ -/* The global ACL referred by "use_group" keyword. */ -struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The initial domain. */ struct tomoyo_domain_info tomoyo_kernel_domain; @@ -158,7 +155,7 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, } if (!retried) { retried = true; - list = &tomoyo_acl_group[domain->group]; + list = &domain->ns->acl_group[domain->group]; goto retry; } r->granted = false; @@ -167,13 +164,10 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, /* The list for "struct tomoyo_domain_info". */ LIST_HEAD(tomoyo_domain_list); -struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; - /** * tomoyo_last_word - Get last component of a domainname. * - * @domainname: Domainname to check. + * @name: Domainname to check. * * Returns the last word of @domainname. */ @@ -247,7 +241,7 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, if (!e.domainname) goto out; } - param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_transition_control); out: @@ -257,59 +251,88 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, } /** - * tomoyo_transition_type - Get domain transition type. + * tomoyo_scan_transition - Try to find specific domain transition type. * - * @domainname: The name of domain. - * @program: The name of program. + * @list: Pointer to "struct list_head". + * @domainname: The name of current domain. + * @program: The name of requested program. + * @last_name: The last component of @domainname. + * @type: One of values in "enum tomoyo_transition_type". * - * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program - * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing - * @program suppresses domain transition, others otherwise. + * Returns true if found one, false otherwise. * * Caller holds tomoyo_read_lock(). */ -static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname, - const struct tomoyo_path_info *program) +static inline bool tomoyo_scan_transition +(const struct list_head *list, const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program, const char *last_name, + const enum tomoyo_transition_type type) { const struct tomoyo_transition_control *ptr; - const char *last_name = tomoyo_last_word(domainname->name); - u8 type; - for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) { - next: - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_TRANSITION_CONTROL], - head.list) { - if (ptr->head.is_deleted || ptr->type != type) - continue; - if (ptr->domainname) { - if (!ptr->is_last_name) { - if (ptr->domainname != domainname) - continue; - } else { - /* - * Use direct strcmp() since this is - * unlikely used. - */ - if (strcmp(ptr->domainname->name, - last_name)) - continue; - } - } - if (ptr->program && - tomoyo_pathcmp(ptr->program, program)) - continue; - if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) { + list_for_each_entry_rcu(ptr, list, head.list) { + if (ptr->head.is_deleted || ptr->type != type) + continue; + if (ptr->domainname) { + if (!ptr->is_last_name) { + if (ptr->domainname != domainname) + continue; + } else { /* - * Do not check for initialize_domain if - * no_initialize_domain matched. + * Use direct strcmp() since this is + * unlikely used. */ - type = TOMOYO_TRANSITION_CONTROL_NO_KEEP; - goto next; + if (strcmp(ptr->domainname->name, last_name)) + continue; } - goto done; } + if (ptr->program && tomoyo_pathcmp(ptr->program, program)) + continue; + return true; + } + return false; +} + +/** + * tomoyo_transition_type - Get domain transition type. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * @domainname: The name of current domain. + * @program: The name of requested program. + * + * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes + * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if + * executing @program reinitializes domain transition within that namespace, + * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname , + * others otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static enum tomoyo_transition_type tomoyo_transition_type +(const struct tomoyo_policy_namespace *ns, + const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program) +{ + const char *last_name = tomoyo_last_word(domainname->name); + enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET; + while (type < TOMOYO_MAX_TRANSITION_TYPE) { + const struct list_head * const list = + &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + if (!tomoyo_scan_transition(list, domainname, program, + last_name, type)) { + type++; + continue; + } + if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET && + type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) + break; + /* + * Do not check for reset_domain if no_reset_domain matched. + * Do not check for initialize_domain if no_initialize_domain + * matched. + */ + type++; + type++; } - done: return type; } @@ -355,7 +378,7 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) if (!e.original_name || !e.aggregated_name || e.aggregated_name->is_patterned) /* No patterns allowed. */ goto out; - param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]; + param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_aggregator); out: @@ -365,53 +388,171 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) } /** - * tomoyo_assign_domain - Create a domain. + * tomoyo_find_namespace - Find specified namespace. + * + * @name: Name of namespace to find. + * @len: Length of @name. + * + * Returns pointer to "struct tomoyo_policy_namespace" if found, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static struct tomoyo_policy_namespace *tomoyo_find_namespace +(const char *name, const unsigned int len) +{ + struct tomoyo_policy_namespace *ns; + list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { + if (strncmp(name, ns->name, len) || + (name[len] && name[len] != ' ')) + continue; + return ns; + } + return NULL; +} + +/** + * tomoyo_assign_namespace - Create a new namespace. + * + * @domainname: Name of namespace to create. + * + * Returns pointer to "struct tomoyo_policy_namespace" on success, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname) +{ + struct tomoyo_policy_namespace *ptr; + struct tomoyo_policy_namespace *entry; + const char *cp = domainname; + unsigned int len = 0; + while (*cp && *cp++ != ' ') + len++; + ptr = tomoyo_find_namespace(domainname, len); + if (ptr) + return ptr; + if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) + return NULL; + entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); + if (!entry) + return NULL; + if (mutex_lock_interruptible(&tomoyo_policy_lock)) + goto out; + ptr = tomoyo_find_namespace(domainname, len); + if (!ptr && tomoyo_memory_ok(entry)) { + char *name = (char *) (entry + 1); + ptr = entry; + memmove(name, domainname, len); + name[len] = '\0'; + entry->name = name; + tomoyo_init_policy_namespace(entry); + entry = NULL; + } + mutex_unlock(&tomoyo_policy_lock); +out: + kfree(entry); + return ptr; +} + +/** + * tomoyo_namespace_jump - Check for namespace jump. + * + * @domainname: Name of domain. + * + * Returns true if namespace differs, false otherwise. + */ +static bool tomoyo_namespace_jump(const char *domainname) +{ + const char *namespace = tomoyo_current_namespace()->name; + const int len = strlen(namespace); + return strncmp(domainname, namespace, len) || + (domainname[len] && domainname[len] != ' '); +} + +/** + * tomoyo_assign_domain - Create a domain or a namespace. * * @domainname: The name of domain. - * @profile: Profile number to assign if the domain was newly created. + * @transit: True if transit to domain found or created. * * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. * * Caller holds tomoyo_read_lock(). */ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile) + const bool transit) { - struct tomoyo_domain_info *entry; - struct tomoyo_domain_info *domain = NULL; - const struct tomoyo_path_info *saved_domainname; - bool found = false; - - if (!tomoyo_correct_domain(domainname)) + struct tomoyo_domain_info e = { }; + struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); + bool created = false; + if (entry) { + if (transit) { + /* + * Since namespace is created at runtime, profiles may + * not be created by the moment the process transits to + * that domain. Do not perform domain transition if + * profile for that domain is not yet created. + */ + if (!entry->ns->profile_ptr[entry->profile]) + return NULL; + } + return entry; + } + /* Requested domain does not exist. */ + /* Don't create requested domain if domainname is invalid. */ + if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || + !tomoyo_correct_domain(domainname)) return NULL; - saved_domainname = tomoyo_get_name(domainname); - if (!saved_domainname) + /* + * Since definition of profiles and acl_groups may differ across + * namespaces, do not inherit "use_profile" and "use_group" settings + * by automatically creating requested domain upon domain transition. + */ + if (transit && tomoyo_namespace_jump(domainname)) + return NULL; + e.ns = tomoyo_assign_namespace(domainname); + if (!e.ns) + return NULL; + /* + * "use_profile" and "use_group" settings for automatically created + * domains are inherited from current domain. These are 0 for manually + * created domains. + */ + if (transit) { + const struct tomoyo_domain_info *domain = tomoyo_domain(); + e.profile = domain->profile; + e.group = domain->group; + } + e.domainname = tomoyo_get_name(domainname); + if (!e.domainname) return NULL; - entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { - if (domain->is_deleted || - tomoyo_pathcmp(saved_domainname, domain->domainname)) - continue; - found = true; - break; - } - if (!found && tomoyo_memory_ok(entry)) { - INIT_LIST_HEAD(&entry->acl_info_list); - entry->domainname = saved_domainname; - saved_domainname = NULL; - entry->profile = profile; - list_add_tail_rcu(&entry->list, &tomoyo_domain_list); - domain = entry; - entry = NULL; - found = true; + entry = tomoyo_find_domain(domainname); + if (!entry) { + entry = tomoyo_commit_ok(&e, sizeof(e)); + if (entry) { + INIT_LIST_HEAD(&entry->acl_info_list); + list_add_tail_rcu(&entry->list, &tomoyo_domain_list); + created = true; + } } mutex_unlock(&tomoyo_policy_lock); - out: - tomoyo_put_name(saved_domainname); - kfree(entry); - return found ? domain : NULL; +out: + tomoyo_put_name(e.domainname); + if (entry && transit) { + if (created) { + struct tomoyo_request_info r; + tomoyo_init_request_info(&r, entry, + TOMOYO_MAC_FILE_EXECUTE); + r.granted = false; + tomoyo_write_log(&r, "use_profile %u\n", + entry->profile); + tomoyo_write_log(&r, "use_group %u\n", entry->group); + } + } + return entry; } /** @@ -434,6 +575,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bool is_enforce; int retval = -ENOMEM; bool need_kfree = false; + bool reject_on_transition_failure = false; struct tomoyo_path_info rn = { }; /* real name */ mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); @@ -457,8 +599,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) /* Check 'aggregator' directive. */ { struct tomoyo_aggregator *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_AGGREGATOR], head.list) { + struct list_head *list = + &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; + /* Check 'aggregator' directive. */ + list_for_each_entry_rcu(ptr, list, head.list) { if (ptr->head.is_deleted || !tomoyo_path_matches_pattern(&rn, ptr->original_name)) @@ -492,11 +636,21 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } /* Calculate domain to transit to. */ - switch (tomoyo_transition_type(old_domain->domainname, &rn)) { + switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, + &rn)) { + case TOMOYO_TRANSITION_CONTROL_RESET: + /* Transit to the root of specified namespace. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); + /* + * Make do_execve() fail if domain transition across namespaces + * has failed. + */ + reject_on_transition_failure = true; + break; case TOMOYO_TRANSITION_CONTROL_INITIALIZE: - /* Transit to the child of tomoyo_kernel_domain domain. */ - snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " " - "%s", rn.name); + /* Transit to the child of current namespace's root. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", + old_domain->ns->name, rn.name); break; case TOMOYO_TRANSITION_CONTROL_KEEP: /* Keep current domain. */ @@ -519,19 +673,25 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } break; } - if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10) - goto done; - domain = tomoyo_find_domain(tmp); if (!domain) - domain = tomoyo_assign_domain(tmp, old_domain->profile); - done: + domain = tomoyo_assign_domain(tmp, true); if (domain) - goto out; - printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp); - if (is_enforce) - retval = -EPERM; - else - old_domain->transition_failed = true; + retval = 0; + else if (reject_on_transition_failure) { + printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); + retval = -ENOMEM; + } else if (r.mode == TOMOYO_CONFIG_ENFORCING) + retval = -ENOMEM; + else { + retval = 0; + if (!old_domain->transition_failed) { + old_domain->transition_failed = true; + r.granted = false; + tomoyo_write_log(&r, "%s", "transition_failed\n"); + printk(KERN_WARNING + "ERROR: Domain '%s' not defined.\n", tmp); + } + } out: if (!domain) domain = old_domain; diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 4f8526af9069..323ddc73a125 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -603,7 +603,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, int error; r->type = tomoyo_p2mac[operation]; - r->mode = tomoyo_get_mode(r->profile, r->type); + r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); if (r->mode == TOMOYO_CONFIG_DISABLED) return 0; r->param_type = TOMOYO_TYPE_PATH_ACL; diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 412ee8309c23..782e844dca7f 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -292,15 +292,12 @@ static bool tomoyo_collect_acl(struct list_head *list) static void tomoyo_collect_entry(void) { int i; + enum tomoyo_policy_id id; + struct tomoyo_policy_namespace *ns; + int idx; if (mutex_lock_interruptible(&tomoyo_policy_lock)) return; - for (i = 0; i < TOMOYO_MAX_POLICY; i++) { - if (!tomoyo_collect_member(i, &tomoyo_policy_list[i])) - goto unlock; - } - for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) - if (!tomoyo_collect_acl(&tomoyo_acl_group[i])) - goto unlock; + idx = tomoyo_read_lock(); { struct tomoyo_domain_info *domain; list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { @@ -317,39 +314,49 @@ static void tomoyo_collect_entry(void) goto unlock; } } + list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) { + for (id = 0; id < TOMOYO_MAX_POLICY; id++) + if (!tomoyo_collect_member(id, &ns->policy_list[id])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) + if (!tomoyo_collect_acl(&ns->acl_group[i])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_GROUP; i++) { + struct list_head *list = &ns->group_list[i]; + struct tomoyo_group *group; + switch (i) { + case 0: + id = TOMOYO_ID_PATH_GROUP; + break; + default: + id = TOMOYO_ID_NUMBER_GROUP; + break; + } + list_for_each_entry(group, list, head.list) { + if (!tomoyo_collect_member + (id, &group->member_list)) + goto unlock; + if (!list_empty(&group->member_list) || + atomic_read(&group->head.users)) + continue; + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, + &group->head.list)) + goto unlock; + } + } + } for (i = 0; i < TOMOYO_MAX_HASH; i++) { - struct tomoyo_name *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], head.list) { - if (atomic_read(&ptr->head.users)) + struct list_head *list = &tomoyo_name_list[i]; + struct tomoyo_shared_acl_head *ptr; + list_for_each_entry(ptr, list, list) { + if (atomic_read(&ptr->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->head.list)) + if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list)) goto unlock; } } - for (i = 0; i < TOMOYO_MAX_GROUP; i++) { - struct list_head *list = &tomoyo_group_list[i]; - int id; - struct tomoyo_group *group; - switch (i) { - case 0: - id = TOMOYO_ID_PATH_GROUP; - break; - default: - id = TOMOYO_ID_NUMBER_GROUP; - break; - } - list_for_each_entry(group, list, head.list) { - if (!tomoyo_collect_member(id, &group->member_list)) - goto unlock; - if (!list_empty(&group->member_list) || - atomic_read(&group->head.users)) - continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, - &group->head.list)) - goto unlock; - } - } - unlock: +unlock: + tomoyo_read_unlock(idx); mutex_unlock(&tomoyo_policy_lock); } diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 7a0493943d6d..39d012823f84 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -118,7 +118,7 @@ struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, return NULL; if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list = &tomoyo_group_list[idx]; + list = &param->ns->group_list[idx]; list_for_each_entry(group, list, head.list) { if (e.group_name != group->group_name) continue; @@ -199,27 +199,23 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) return ptr ? &ptr->entry : NULL; } +/* Initial namespace.*/ +struct tomoyo_policy_namespace tomoyo_kernel_namespace; + /** * tomoyo_mm_init - Initialize mm related code. */ void __init tomoyo_mm_init(void) { int idx; - - for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) - INIT_LIST_HEAD(&tomoyo_policy_list[idx]); - for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) - INIT_LIST_HEAD(&tomoyo_group_list[idx]); for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) INIT_LIST_HEAD(&tomoyo_name_list[idx]); + tomoyo_kernel_namespace.name = "<kernel>"; + tomoyo_init_policy_namespace(&tomoyo_kernel_namespace); + tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); - for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) - INIT_LIST_HEAD(&tomoyo_acl_group[idx]); - tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME); + tomoyo_kernel_domain.domainname = tomoyo_get_name("<kernel>"); list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list); - idx = tomoyo_read_lock(); - if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain) - panic("Can't register tomoyo_kernel_domain"); #if 0 /* Will be replaced with tomoyo_load_builtin_policy(). */ { @@ -230,7 +226,6 @@ void __init tomoyo_mm_init(void) TOMOYO_TRANSITION_CONTROL_INITIALIZE); } #endif - tomoyo_read_unlock(idx); } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) */ bool tomoyo_correct_domain(const unsigned char *domainname) { - if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, - TOMOYO_ROOT_NAME_LEN)) - goto out; - domainname += TOMOYO_ROOT_NAME_LEN; - if (!*domainname) + if (!domainname || !tomoyo_domain_def(domainname)) + return false; + domainname = strchr(domainname, ' '); + if (!domainname++) return true; - if (*domainname++ != ' ') - goto out; while (1) { const unsigned char *cp = strchr(domainname, ' '); if (!cp) break; if (*domainname != '/' || !tomoyo_correct_word2(domainname, cp - domainname)) - goto out; + return false; domainname = cp + 1; } return tomoyo_correct_path(domainname); - out: - return false; } /** @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) */ bool tomoyo_domain_def(const unsigned char *buffer) { - return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); + const unsigned char *cp; + int len; + if (*buffer != '<') + return false; + cp = strchr(buffer, ' '); + if (!cp) + len = strlen(buffer); + else + len = cp - buffer; + if (buffer[len - 1] != '>' || + !tomoyo_correct_word2(buffer + 1, len - 2)) + return false; + return true; } /** @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) /** * tomoyo_get_mode - Get MAC mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * * Returns mode. */ -int tomoyo_get_mode(const u8 profile, const u8 index) +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index) { u8 mode; const u8 category = TOMOYO_MAC_CATEGORY_FILE; if (!tomoyo_policy_loaded) return TOMOYO_CONFIG_DISABLED; - mode = tomoyo_profile(profile)->config[index]; + mode = tomoyo_profile(ns, profile)->config[index]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->config[category]; + mode = tomoyo_profile(ns, profile)->config[category]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->default_config; + mode = tomoyo_profile(ns, profile)->default_config; return mode & 3; } @@ -872,25 +881,10 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, profile = domain->profile; r->profile = profile; r->type = index; - r->mode = tomoyo_get_mode(profile, index); + r->mode = tomoyo_get_mode(domain->ns, profile, index); return r->mode; } -/** - * tomoyo_last_word - Get last component of a line. - * - * @line: A line. - * - * Returns the last word of a line. - */ -const char *tomoyo_last_word(const char *name) -{ - const char *cp = strrchr(name, ' '); - if (cp) - return cp + 1; - return name; -} - /** * tomoyo_domain_quota_is_ok - Check for domain's quota. * @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) if (perm & (1 << i)) count++; } - if (count < tomoyo_profile(domain->profile)-> + if (count < tomoyo_profile(domain->ns, domain->profile)-> pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) return true; if (!domain->quota_warned) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] TOMOYO: Add policy namespace support." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bd03a3e4c9a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030411-calculate-dragonish-2e1a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sun, 26 Jun 2011 23:19:52 +0900 Subject: [PATCH] TOMOYO: Add policy namespace support. Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris(a)namei.org> diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index e882f17065f2..ef2172f29583 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -151,13 +151,15 @@ static unsigned int tomoyo_log_count; /** * tomoyo_get_audit - Get audit mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * @is_granted: True if granted log, false otherwise. * * Returns true if this request should be audited, false otherwise. */ -static bool tomoyo_get_audit(const u8 profile, const u8 index, +static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, + const u8 profile, const u8 index, const bool is_granted) { u8 mode; @@ -165,7 +167,7 @@ static bool tomoyo_get_audit(const u8 profile, const u8 index, struct tomoyo_profile *p; if (!tomoyo_policy_loaded) return false; - p = tomoyo_profile(profile); + p = tomoyo_profile(ns, profile); if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) return false; mode = p->config[index]; @@ -194,7 +196,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, char *buf; struct tomoyo_log *entry; bool quota_exceeded = false; - if (!tomoyo_get_audit(r->profile, r->type, r->granted)) + if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted)) goto out; buf = tomoyo_init_log(r, len, fmt, args); if (!buf) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 507ebf01e43b..50481d2cf970 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -11,12 +11,6 @@ #include <linux/security.h> #include "common.h" -/* Profile version. Currently only 20090903 is defined. */ -static unsigned int tomoyo_profile_version; - -/* Profile table. Memory is allocated as needed. */ -static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; - /* String table for operation mode. */ const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { [TOMOYO_CONFIG_DISABLED] = "disabled", @@ -216,6 +210,50 @@ static void tomoyo_set_slash(struct tomoyo_io_buffer *head) tomoyo_set_string(head, "/"); } +/* List of namespaces. */ +LIST_HEAD(tomoyo_namespace_list); +/* True if namespace other than tomoyo_kernel_namespace is defined. */ +static bool tomoyo_namespace_enabled; + +/** + * tomoyo_init_policy_namespace - Initialize namespace. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * + * Returns nothing. + */ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) +{ + unsigned int idx; + for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) + INIT_LIST_HEAD(&ns->acl_group[idx]); + for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) + INIT_LIST_HEAD(&ns->group_list[idx]); + for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) + INIT_LIST_HEAD(&ns->policy_list[idx]); + ns->profile_version = 20100903; + tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); + list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); +} + +/** + * tomoyo_print_namespace - Print namespace header. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) +{ + if (!tomoyo_namespace_enabled) + return; + tomoyo_set_string(head, + container_of(head->r.ns, + struct tomoyo_policy_namespace, + namespace_list)->name); + tomoyo_set_space(head); +} + /** * tomoyo_print_name_union - Print a tomoyo_name_union. * @@ -283,23 +321,25 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, /** * tomoyo_assign_profile - Create a new profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to create. * * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. */ -static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) +static struct tomoyo_profile *tomoyo_assign_profile +(struct tomoyo_policy_namespace *ns, const unsigned int profile) { struct tomoyo_profile *ptr; struct tomoyo_profile *entry; if (profile >= TOMOYO_MAX_PROFILES) return NULL; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (ptr) return ptr; entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (!ptr && tomoyo_memory_ok(entry)) { ptr = entry; ptr->default_config = TOMOYO_CONFIG_DISABLED | @@ -310,7 +350,7 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; mb(); /* Avoid out-of-order execution. */ - tomoyo_profile_ptr[profile] = ptr; + ns->profile_ptr[profile] = ptr; entry = NULL; } mutex_unlock(&tomoyo_policy_lock); @@ -322,14 +362,16 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) /** * tomoyo_profile - Find a profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to find. * * Returns pointer to "struct tomoyo_profile". */ -struct tomoyo_profile *tomoyo_profile(const u8 profile) +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile) { static struct tomoyo_profile tomoyo_null_profile; - struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; + struct tomoyo_profile *ptr = ns->profile_ptr[profile]; if (!ptr) ptr = &tomoyo_null_profile; return ptr; @@ -454,13 +496,14 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) unsigned int i; char *cp; struct tomoyo_profile *profile; - if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) + if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) + == 1) return 0; i = simple_strtoul(data, &cp, 10); if (*cp != '-') return -EINVAL; data = cp + 1; - profile = tomoyo_assign_profile(i); + profile = tomoyo_assign_profile(head->w.ns, i); if (!profile) return -EINVAL; cp = strchr(data, '='); @@ -518,19 +561,25 @@ static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) static void tomoyo_read_profile(struct tomoyo_io_buffer *head) { u8 index; + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); const struct tomoyo_profile *profile; + if (head->r.eof) + return; next: index = head->r.index; - profile = tomoyo_profile_ptr[index]; + profile = ns->profile_ptr[index]; switch (head->r.step) { case 0: - tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 20090903); + tomoyo_print_namespace(head); + tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", + ns->profile_version); head->r.step++; break; case 1: for ( ; head->r.index < TOMOYO_MAX_PROFILES; head->r.index++) - if (tomoyo_profile_ptr[head->r.index]) + if (ns->profile_ptr[head->r.index]) break; if (head->r.index == TOMOYO_MAX_PROFILES) return; @@ -541,6 +590,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) u8 i; const struct tomoyo_path_info *comment = profile->comment; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-COMMENT=", index); tomoyo_set_string(head, comment ? comment->name : ""); tomoyo_set_lf(head); @@ -555,6 +605,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) break; case 3: { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); tomoyo_print_config(head, profile->default_config); head->r.bit = 0; @@ -568,6 +619,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) const u8 config = profile->config[i]; if (config == TOMOYO_CONFIG_USE_DEFAULT) continue; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", tomoyo_mac_keywords[i]); tomoyo_print_config(head, config); @@ -607,8 +659,10 @@ static int tomoyo_update_manager_entry(const char *manager, { struct tomoyo_manager e = { }; struct tomoyo_acl_param param = { + /* .ns = &tomoyo_kernel_namespace, */ .is_delete = is_delete, - .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER], + .list = &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], }; int error = is_delete ? -ENOENT : -ENOMEM; if (tomoyo_domain_def(manager)) { @@ -640,13 +694,12 @@ static int tomoyo_update_manager_entry(const char *manager, static int tomoyo_write_manager(struct tomoyo_io_buffer *head) { char *data = head->write_buf; - bool is_delete = tomoyo_str_starts(&data, "delete "); if (!strcmp(data, "manage_by_non_root")) { - tomoyo_manage_by_non_root = !is_delete; + tomoyo_manage_by_non_root = !head->w.is_delete; return 0; } - return tomoyo_update_manager_entry(data, is_delete); + return tomoyo_update_manager_entry(data, head->w.is_delete); } /** @@ -660,8 +713,8 @@ static void tomoyo_read_manager(struct tomoyo_io_buffer *head) { if (head->r.eof) return; - list_for_each_cookie(head->r.acl, - &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { + list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER]) { struct tomoyo_manager *ptr = list_entry(head->r.acl, typeof(*ptr), head.list); if (ptr->head.is_deleted) @@ -694,8 +747,8 @@ static bool tomoyo_manager(void) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && ptr->is_domain && !tomoyo_pathcmp(domainname, ptr->manager)) { found = true; @@ -707,8 +760,8 @@ static bool tomoyo_manager(void) exe = tomoyo_get_exe(); if (!exe) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && !ptr->is_domain && !strcmp(exe, ptr->manager->name)) { found = true; @@ -729,7 +782,7 @@ static bool tomoyo_manager(void) } /** - * tomoyo_select_one - Parse select command. + * tomoyo_select_domain - Parse select command. * * @head: Pointer to "struct tomoyo_io_buffer". * @data: String to parse. @@ -738,16 +791,15 @@ static bool tomoyo_manager(void) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) +static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, + const char *data) { unsigned int pid; struct tomoyo_domain_info *domain = NULL; bool global_pid = false; - - if (!strcmp(data, "allow_execute")) { - head->r.print_execute_only = true; - return true; - } + if (strncmp(data, "select ", 7)) + return false; + data += 7; if (sscanf(data, "pid=%u", &pid) == 1 || (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { struct task_struct *p; @@ -818,6 +870,7 @@ static int tomoyo_delete_domain(char *domainname) /** * tomoyo_write_domain2 - Write domain policy. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @list: Pointer to "struct list_head". * @data: Policy to be interpreted. * @is_delete: True if it is a delete request. @@ -826,10 +879,12 @@ static int tomoyo_delete_domain(char *domainname) * * Caller holds tomoyo_read_lock(). */ -static int tomoyo_write_domain2(struct list_head *list, char *data, +static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, + struct list_head *list, char *data, const bool is_delete) { struct tomoyo_acl_param param = { + .ns = ns, .list = list, .data = data, .is_delete = is_delete, @@ -862,37 +917,28 @@ static int tomoyo_write_domain2(struct list_head *list, char *data, static int tomoyo_write_domain(struct tomoyo_io_buffer *head) { char *data = head->write_buf; + struct tomoyo_policy_namespace *ns; struct tomoyo_domain_info *domain = head->w.domain; - bool is_delete = false; - bool is_select = false; + const bool is_delete = head->w.is_delete; + bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); unsigned int profile; - - if (tomoyo_str_starts(&data, "delete ")) - is_delete = true; - else if (tomoyo_str_starts(&data, "select ")) - is_select = true; - if (is_select && tomoyo_select_one(head, data)) - return 0; - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; - if (tomoyo_domain_def(data)) { + if (*data == '<') { domain = NULL; if (is_delete) tomoyo_delete_domain(data); else if (is_select) domain = tomoyo_find_domain(data); else - domain = tomoyo_assign_domain(data, 0); + domain = tomoyo_assign_domain(data, false); head->w.domain = domain; return 0; } if (!domain) return -EINVAL; - + ns = domain->ns; if (sscanf(data, "use_profile %u", &profile) == 1 && profile < TOMOYO_MAX_PROFILES) { - if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) + if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) domain->profile = (u8) profile; return 0; } @@ -910,7 +956,8 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) domain->transition_failed = !is_delete; return 0; } - return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete); + return tomoyo_write_domain2(ns, &domain->acl_info_list, data, + is_delete); } /** @@ -924,9 +971,11 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) static void tomoyo_set_group(struct tomoyo_io_buffer *head, const char *category) { - if (head->type == TOMOYO_EXCEPTIONPOLICY) + if (head->type == TOMOYO_EXCEPTIONPOLICY) { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "acl_group %u ", head->r.acl_group_index); + } tomoyo_set_string(head, category); } @@ -956,7 +1005,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { if (!(perm & (1 << bit))) continue; - if (head->r.print_execute_only && + if (head->r.print_transition_related_only && bit != TOMOYO_TYPE_EXECUTE) continue; if (first) { @@ -970,7 +1019,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, if (first) return true; tomoyo_print_name_union(head, &ptr->name); - } else if (head->r.print_execute_only) { + } else if (head->r.print_transition_related_only) { return true; } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { struct tomoyo_path2_acl *ptr = @@ -1147,8 +1196,8 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) domain = tomoyo_find_domain(cp + 1); if (strict_strtoul(data, 10, &profile)) return -EINVAL; - if (domain && profile < TOMOYO_MAX_PROFILES - && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) + if (domain && (!tomoyo_policy_loaded || + head->w.ns->profile_ptr[(u8) profile])) domain->profile = (u8) profile; return 0; } @@ -1246,10 +1295,12 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) } static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { - [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain", - [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain", - [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain", - [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain", + [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", + [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", + [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", }; static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { @@ -1268,19 +1319,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { */ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) { + const bool is_delete = head->w.is_delete; struct tomoyo_acl_param param = { + .ns = head->w.ns, + .is_delete = is_delete, .data = head->write_buf, }; u8 i; - param.is_delete = tomoyo_str_starts(&param.data, "delete "); - if (!param.is_delete && tomoyo_str_starts(&param.data, "select ") && - !strcmp(param.data, "execute_only")) { - head->r.print_execute_only = true; - return 0; - } - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; if (tomoyo_str_starts(&param.data, "aggregator ")) return tomoyo_write_aggregator(&param); for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) @@ -1294,8 +1339,9 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) char *data; group = simple_strtoul(param.data, &data, 10); if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') - return tomoyo_write_domain2(&tomoyo_acl_group[group], - data, param.is_delete); + return tomoyo_write_domain2 + (head->w.ns, &head->w.ns->acl_group[group], + data, is_delete); } return -EINVAL; } @@ -1312,7 +1358,10 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) */ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->group_list[idx]; + list_for_each_cookie(head->r.group, list) { struct tomoyo_group *group = list_entry(head->r.group, typeof(*group), head.list); list_for_each_cookie(head->r.acl, &group->member_list) { @@ -1322,6 +1371,7 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) continue; if (!tomoyo_flush(head)) return false; + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_group_name[idx]); tomoyo_set_string(head, group->group_name->name); if (idx == TOMOYO_PATH_GROUP) { @@ -1355,7 +1405,10 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) */ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->policy_list[idx]; + list_for_each_cookie(head->r.acl, list) { struct tomoyo_acl_head *acl = container_of(head->r.acl, typeof(*acl), list); if (acl->is_deleted) @@ -1367,6 +1420,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_transition_control *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_transition_type [ptr->type]); tomoyo_set_string(head, ptr->program ? @@ -1381,6 +1435,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_aggregator *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, "aggregator "); tomoyo_set_string(head, ptr->original_name->name); @@ -1407,6 +1462,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) */ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); if (head->r.eof) return; while (head->r.step < TOMOYO_MAX_POLICY && @@ -1423,7 +1480,7 @@ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) + TOMOYO_MAX_ACL_GROUPS) { head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY - TOMOYO_MAX_GROUP; - if (!tomoyo_read_domain2(head, &tomoyo_acl_group + if (!tomoyo_read_domain2(head, &ns->acl_group [head->r.acl_group_index])) return; head->r.step++; @@ -1484,7 +1541,8 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) return; snprintf(buffer, len - 1, "%s", cp); tomoyo_normalize_line(buffer); - tomoyo_write_domain2(&domain->acl_info_list, buffer, false); + tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, + false); kfree(buffer); } @@ -1895,6 +1953,45 @@ int tomoyo_poll_control(struct file *file, poll_table *wait) return head->poll(file, wait); } +/** + * tomoyo_set_namespace_cursor - Set namespace to read. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) +{ + struct list_head *ns; + if (head->type != TOMOYO_EXCEPTIONPOLICY && + head->type != TOMOYO_PROFILE) + return; + /* + * If this is the first read, or reading previous namespace finished + * and has more namespaces to read, update the namespace cursor. + */ + ns = head->r.ns; + if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { + /* Clearing is OK because tomoyo_flush() returned true. */ + memset(&head->r, 0, sizeof(head->r)); + head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; + } +} + +/** + * tomoyo_has_more_namespace - Check for unread namespaces. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns true if we have more entries to print, false otherwise. + */ +static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) +{ + return (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) && head->r.eof && + head->r.ns->next != &tomoyo_namespace_list; +} + /** * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. * @@ -1919,13 +2016,53 @@ int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, head->read_user_buf_avail = buffer_len; if (tomoyo_flush(head)) /* Call the policy handler. */ - head->read(head); - tomoyo_flush(head); + do { + tomoyo_set_namespace_cursor(head); + head->read(head); + } while (tomoyo_flush(head) && + tomoyo_has_more_namespace(head)); len = head->read_user_buf - buffer; mutex_unlock(&head->io_sem); return len; } +/** + * tomoyo_parse_policy - Parse a policy line. + * + * @head: Poiter to "struct tomoyo_io_buffer". + * @line: Line to parse. + * + * Returns 0 on success, negative value otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) +{ + /* Delete request? */ + head->w.is_delete = !strncmp(line, "delete ", 7); + if (head->w.is_delete) + memmove(line, line + 7, strlen(line + 7) + 1); + /* Selecting namespace to update. */ + if (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) { + if (*line == '<') { + char *cp = strchr(line, ' '); + if (cp) { + *cp++ = '\0'; + head->w.ns = tomoyo_assign_namespace(line); + memmove(line, cp, strlen(cp) + 1); + } else + head->w.ns = NULL; + } else + head->w.ns = &tomoyo_kernel_namespace; + /* Don't allow updating if namespace is invalid. */ + if (!head->w.ns) + return -ENOENT; + } + /* Do the update. */ + return head->write(head); +} + /** * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. * @@ -1941,27 +2078,31 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, const char __user *buffer, const int buffer_len) { int error = buffer_len; - int avail_len = buffer_len; + size_t avail_len = buffer_len; char *cp0 = head->write_buf; - if (!head->write) return -ENOSYS; if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT; - /* Don't allow updating policies by non manager programs. */ - if (head->write != tomoyo_write_pid && - head->write != tomoyo_write_domain && - head->write != tomoyo_write_exception && !tomoyo_manager()) - return -EPERM; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; /* Read a line and dispatch it to the policy handler. */ while (avail_len > 0) { char c; if (head->w.avail >= head->writebuf_size - 1) { - error = -ENOMEM; - break; - } else if (get_user(c, buffer)) { + const int len = head->writebuf_size * 2; + char *cp = kzalloc(len, GFP_NOFS); + if (!cp) { + error = -ENOMEM; + break; + } + memmove(cp, cp0, head->w.avail); + kfree(cp0); + head->write_buf = cp; + cp0 = cp; + head->writebuf_size = len; + } + if (get_user(c, buffer)) { error = -EFAULT; break; } @@ -1973,8 +2114,40 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, cp0[head->w.avail - 1] = '\0'; head->w.avail = 0; tomoyo_normalize_line(cp0); - head->write(head); + if (!strcmp(cp0, "reset")) { + head->w.ns = &tomoyo_kernel_namespace; + head->w.domain = NULL; + memset(&head->r, 0, sizeof(head->r)); + continue; + } + /* Don't allow updating policies by non manager programs. */ + switch (head->type) { + case TOMOYO_PROCESS_STATUS: + /* This does not write anything. */ + break; + case TOMOYO_DOMAINPOLICY: + if (tomoyo_select_domain(head, cp0)) + continue; + /* fall through */ + case TOMOYO_EXCEPTIONPOLICY: + if (!strcmp(cp0, "select transition_only")) { + head->r.print_transition_related_only = true; + continue; + } + /* fall through */ + default: + if (!tomoyo_manager()) { + error = -EPERM; + goto out; + } + } + switch (tomoyo_parse_policy(head, cp0)) { + case -EPERM: + error = -EPERM; + goto out; + } } +out: mutex_unlock(&head->io_sem); return error; } @@ -2019,27 +2192,27 @@ void tomoyo_check_profile(void) struct tomoyo_domain_info *domain; const int idx = tomoyo_read_lock(); tomoyo_policy_loaded = true; - /* Check all profiles currently assigned to domains are defined. */ + printk(KERN_INFO "TOMOYO: 2.4.0\n"); list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { const u8 profile = domain->profile; - if (tomoyo_profile_ptr[profile]) + const struct tomoyo_policy_namespace *ns = domain->ns; + if (ns->profile_version != 20100903) + printk(KERN_ERR + "Profile version %u is not supported.\n", + ns->profile_version); + else if (!ns->profile_ptr[profile]) + printk(KERN_ERR + "Profile %u (used by '%s') is not defined.\n", + profile, domain->domainname->name); + else continue; - printk(KERN_ERR "You need to define profile %u before using it.\n", - profile); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " + printk(KERN_ERR + "Userland tools for TOMOYO 2.4 must be installed and " + "policy must be initialized.\n"); + printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " "for more information.\n"); - panic("Profile %u (used by '%s') not defined.\n", - profile, domain->domainname->name); + panic("STOP!"); } tomoyo_read_unlock(idx); - if (tomoyo_profile_version != 20090903) { - printk(KERN_ERR "You need to install userland programs for " - "TOMOYO 2.3 and initialize policy configuration.\n"); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " - "for more information.\n"); - panic("Profile version %u is not supported.\n", - tomoyo_profile_version); - } - printk(KERN_INFO "TOMOYO: 2.3.0\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 4bc3975516cb..53c8798e38b7 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -74,10 +74,6 @@ enum tomoyo_group_id { TOMOYO_MAX_GROUP }; -/* A domain definition starts with <kernel>. */ -#define TOMOYO_ROOT_NAME "<kernel>" -#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) - /* Index numbers for type of numeric values. */ enum tomoyo_value_type { TOMOYO_VALUE_TYPE_INVALID, @@ -89,6 +85,8 @@ enum tomoyo_value_type { /* Index numbers for domain transition control keywords. */ enum tomoyo_transition_type { /* Do not change this order, */ + TOMOYO_TRANSITION_CONTROL_NO_RESET, + TOMOYO_TRANSITION_CONTROL_RESET, TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, TOMOYO_TRANSITION_CONTROL_INITIALIZE, TOMOYO_TRANSITION_CONTROL_NO_KEEP, @@ -246,6 +244,8 @@ struct tomoyo_shared_acl_head { atomic_t users; } __packed; +struct tomoyo_policy_namespace; + /* Structure for request info. */ struct tomoyo_request_info { struct tomoyo_domain_info *domain; @@ -359,6 +359,8 @@ struct tomoyo_domain_info { struct list_head acl_info_list; /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; + /* Namespace for this domain. Never NULL. */ + struct tomoyo_policy_namespace *ns; u8 profile; /* Profile number to use. */ u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ @@ -423,6 +425,7 @@ struct tomoyo_mount_acl { struct tomoyo_acl_param { char *data; struct list_head *list; + struct tomoyo_policy_namespace *ns; bool is_delete; }; @@ -443,6 +446,7 @@ struct tomoyo_io_buffer { char __user *read_user_buf; int read_user_buf_avail; struct { + struct list_head *ns; struct list_head *domain; struct list_head *group; struct list_head *acl; @@ -455,14 +459,16 @@ struct tomoyo_io_buffer { u8 w_pos; bool eof; bool print_this_domain_only; - bool print_execute_only; + bool print_transition_related_only; const char *w[TOMOYO_MAX_IO_READ_QUEUE]; } r; struct { + struct tomoyo_policy_namespace *ns; /* The position currently writing to. */ struct tomoyo_domain_info *domain; /* Bytes available for writing. */ int avail; + bool is_delete; } w; /* Buffer for reading. */ char *read_buf; @@ -533,8 +539,27 @@ struct tomoyo_time { u8 sec; }; +/* Structure for policy namespace. */ +struct tomoyo_policy_namespace { + /* Profile table. Memory is allocated as needed. */ + struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; + /* List of "struct tomoyo_group". */ + struct list_head group_list[TOMOYO_MAX_GROUP]; + /* List of policy. */ + struct list_head policy_list[TOMOYO_MAX_POLICY]; + /* The global ACL referred by "use_group" keyword. */ + struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; + /* List for connecting to tomoyo_namespace_list list. */ + struct list_head namespace_list; + /* Profile version. Currently only 20100903 is defined. */ + unsigned int profile_version; + /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ + const char *name; +}; + /********** Function prototypes. **********/ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); bool tomoyo_str_starts(char **src, const char *find); const char *tomoyo_get_exe(void); void tomoyo_normalize_line(unsigned char *buffer); @@ -553,7 +578,8 @@ tomoyo_compare_name_union(const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); bool tomoyo_compare_number_union(const unsigned long value, const struct tomoyo_number_union *ptr); -int tomoyo_get_mode(const u8 profile, const u8 index); +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index); void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); bool tomoyo_correct_domain(const unsigned char *domainname); @@ -589,8 +615,11 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile); -struct tomoyo_profile *tomoyo_profile(const u8 profile); + const bool transit); +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile); +struct tomoyo_policy_namespace *tomoyo_assign_namespace +(const char *domainname); struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, @@ -646,6 +675,8 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param); bool tomoyo_permstr(const char *string, const char *keyword); const char *tomoyo_yesno(const unsigned int value); +void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); void tomoyo_read_log(struct tomoyo_io_buffer *head); @@ -661,8 +692,6 @@ extern struct srcu_struct tomoyo_ss; /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; /* Lock for protecting policy. */ @@ -671,10 +700,10 @@ extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; -extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The kernel's domain. */ extern struct tomoyo_domain_info tomoyo_kernel_domain; +extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; +extern struct list_head tomoyo_namespace_list; extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; @@ -809,6 +838,16 @@ static inline bool tomoyo_same_number_union a->value_type[1] == b->value_type[1]; } +/** + * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. + * + * Returns pointer to "struct tomoyo_policy_namespace" for current thread. + */ +static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) +{ + return tomoyo_domain()->ns; +} + #if defined(CONFIG_SLOB) /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index af5f325e2f33..71acebc747c3 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -12,9 +12,6 @@ /* Variables definitions.*/ -/* The global ACL referred by "use_group" keyword. */ -struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The initial domain. */ struct tomoyo_domain_info tomoyo_kernel_domain; @@ -158,7 +155,7 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, } if (!retried) { retried = true; - list = &tomoyo_acl_group[domain->group]; + list = &domain->ns->acl_group[domain->group]; goto retry; } r->granted = false; @@ -167,13 +164,10 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, /* The list for "struct tomoyo_domain_info". */ LIST_HEAD(tomoyo_domain_list); -struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; - /** * tomoyo_last_word - Get last component of a domainname. * - * @domainname: Domainname to check. + * @name: Domainname to check. * * Returns the last word of @domainname. */ @@ -247,7 +241,7 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, if (!e.domainname) goto out; } - param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_transition_control); out: @@ -257,59 +251,88 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, } /** - * tomoyo_transition_type - Get domain transition type. + * tomoyo_scan_transition - Try to find specific domain transition type. * - * @domainname: The name of domain. - * @program: The name of program. + * @list: Pointer to "struct list_head". + * @domainname: The name of current domain. + * @program: The name of requested program. + * @last_name: The last component of @domainname. + * @type: One of values in "enum tomoyo_transition_type". * - * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program - * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing - * @program suppresses domain transition, others otherwise. + * Returns true if found one, false otherwise. * * Caller holds tomoyo_read_lock(). */ -static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname, - const struct tomoyo_path_info *program) +static inline bool tomoyo_scan_transition +(const struct list_head *list, const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program, const char *last_name, + const enum tomoyo_transition_type type) { const struct tomoyo_transition_control *ptr; - const char *last_name = tomoyo_last_word(domainname->name); - u8 type; - for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) { - next: - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_TRANSITION_CONTROL], - head.list) { - if (ptr->head.is_deleted || ptr->type != type) - continue; - if (ptr->domainname) { - if (!ptr->is_last_name) { - if (ptr->domainname != domainname) - continue; - } else { - /* - * Use direct strcmp() since this is - * unlikely used. - */ - if (strcmp(ptr->domainname->name, - last_name)) - continue; - } - } - if (ptr->program && - tomoyo_pathcmp(ptr->program, program)) - continue; - if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) { + list_for_each_entry_rcu(ptr, list, head.list) { + if (ptr->head.is_deleted || ptr->type != type) + continue; + if (ptr->domainname) { + if (!ptr->is_last_name) { + if (ptr->domainname != domainname) + continue; + } else { /* - * Do not check for initialize_domain if - * no_initialize_domain matched. + * Use direct strcmp() since this is + * unlikely used. */ - type = TOMOYO_TRANSITION_CONTROL_NO_KEEP; - goto next; + if (strcmp(ptr->domainname->name, last_name)) + continue; } - goto done; } + if (ptr->program && tomoyo_pathcmp(ptr->program, program)) + continue; + return true; + } + return false; +} + +/** + * tomoyo_transition_type - Get domain transition type. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * @domainname: The name of current domain. + * @program: The name of requested program. + * + * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes + * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if + * executing @program reinitializes domain transition within that namespace, + * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname , + * others otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static enum tomoyo_transition_type tomoyo_transition_type +(const struct tomoyo_policy_namespace *ns, + const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program) +{ + const char *last_name = tomoyo_last_word(domainname->name); + enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET; + while (type < TOMOYO_MAX_TRANSITION_TYPE) { + const struct list_head * const list = + &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + if (!tomoyo_scan_transition(list, domainname, program, + last_name, type)) { + type++; + continue; + } + if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET && + type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) + break; + /* + * Do not check for reset_domain if no_reset_domain matched. + * Do not check for initialize_domain if no_initialize_domain + * matched. + */ + type++; + type++; } - done: return type; } @@ -355,7 +378,7 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) if (!e.original_name || !e.aggregated_name || e.aggregated_name->is_patterned) /* No patterns allowed. */ goto out; - param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]; + param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_aggregator); out: @@ -365,53 +388,171 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) } /** - * tomoyo_assign_domain - Create a domain. + * tomoyo_find_namespace - Find specified namespace. + * + * @name: Name of namespace to find. + * @len: Length of @name. + * + * Returns pointer to "struct tomoyo_policy_namespace" if found, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static struct tomoyo_policy_namespace *tomoyo_find_namespace +(const char *name, const unsigned int len) +{ + struct tomoyo_policy_namespace *ns; + list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { + if (strncmp(name, ns->name, len) || + (name[len] && name[len] != ' ')) + continue; + return ns; + } + return NULL; +} + +/** + * tomoyo_assign_namespace - Create a new namespace. + * + * @domainname: Name of namespace to create. + * + * Returns pointer to "struct tomoyo_policy_namespace" on success, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname) +{ + struct tomoyo_policy_namespace *ptr; + struct tomoyo_policy_namespace *entry; + const char *cp = domainname; + unsigned int len = 0; + while (*cp && *cp++ != ' ') + len++; + ptr = tomoyo_find_namespace(domainname, len); + if (ptr) + return ptr; + if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) + return NULL; + entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); + if (!entry) + return NULL; + if (mutex_lock_interruptible(&tomoyo_policy_lock)) + goto out; + ptr = tomoyo_find_namespace(domainname, len); + if (!ptr && tomoyo_memory_ok(entry)) { + char *name = (char *) (entry + 1); + ptr = entry; + memmove(name, domainname, len); + name[len] = '\0'; + entry->name = name; + tomoyo_init_policy_namespace(entry); + entry = NULL; + } + mutex_unlock(&tomoyo_policy_lock); +out: + kfree(entry); + return ptr; +} + +/** + * tomoyo_namespace_jump - Check for namespace jump. + * + * @domainname: Name of domain. + * + * Returns true if namespace differs, false otherwise. + */ +static bool tomoyo_namespace_jump(const char *domainname) +{ + const char *namespace = tomoyo_current_namespace()->name; + const int len = strlen(namespace); + return strncmp(domainname, namespace, len) || + (domainname[len] && domainname[len] != ' '); +} + +/** + * tomoyo_assign_domain - Create a domain or a namespace. * * @domainname: The name of domain. - * @profile: Profile number to assign if the domain was newly created. + * @transit: True if transit to domain found or created. * * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. * * Caller holds tomoyo_read_lock(). */ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile) + const bool transit) { - struct tomoyo_domain_info *entry; - struct tomoyo_domain_info *domain = NULL; - const struct tomoyo_path_info *saved_domainname; - bool found = false; - - if (!tomoyo_correct_domain(domainname)) + struct tomoyo_domain_info e = { }; + struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); + bool created = false; + if (entry) { + if (transit) { + /* + * Since namespace is created at runtime, profiles may + * not be created by the moment the process transits to + * that domain. Do not perform domain transition if + * profile for that domain is not yet created. + */ + if (!entry->ns->profile_ptr[entry->profile]) + return NULL; + } + return entry; + } + /* Requested domain does not exist. */ + /* Don't create requested domain if domainname is invalid. */ + if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || + !tomoyo_correct_domain(domainname)) return NULL; - saved_domainname = tomoyo_get_name(domainname); - if (!saved_domainname) + /* + * Since definition of profiles and acl_groups may differ across + * namespaces, do not inherit "use_profile" and "use_group" settings + * by automatically creating requested domain upon domain transition. + */ + if (transit && tomoyo_namespace_jump(domainname)) + return NULL; + e.ns = tomoyo_assign_namespace(domainname); + if (!e.ns) + return NULL; + /* + * "use_profile" and "use_group" settings for automatically created + * domains are inherited from current domain. These are 0 for manually + * created domains. + */ + if (transit) { + const struct tomoyo_domain_info *domain = tomoyo_domain(); + e.profile = domain->profile; + e.group = domain->group; + } + e.domainname = tomoyo_get_name(domainname); + if (!e.domainname) return NULL; - entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { - if (domain->is_deleted || - tomoyo_pathcmp(saved_domainname, domain->domainname)) - continue; - found = true; - break; - } - if (!found && tomoyo_memory_ok(entry)) { - INIT_LIST_HEAD(&entry->acl_info_list); - entry->domainname = saved_domainname; - saved_domainname = NULL; - entry->profile = profile; - list_add_tail_rcu(&entry->list, &tomoyo_domain_list); - domain = entry; - entry = NULL; - found = true; + entry = tomoyo_find_domain(domainname); + if (!entry) { + entry = tomoyo_commit_ok(&e, sizeof(e)); + if (entry) { + INIT_LIST_HEAD(&entry->acl_info_list); + list_add_tail_rcu(&entry->list, &tomoyo_domain_list); + created = true; + } } mutex_unlock(&tomoyo_policy_lock); - out: - tomoyo_put_name(saved_domainname); - kfree(entry); - return found ? domain : NULL; +out: + tomoyo_put_name(e.domainname); + if (entry && transit) { + if (created) { + struct tomoyo_request_info r; + tomoyo_init_request_info(&r, entry, + TOMOYO_MAC_FILE_EXECUTE); + r.granted = false; + tomoyo_write_log(&r, "use_profile %u\n", + entry->profile); + tomoyo_write_log(&r, "use_group %u\n", entry->group); + } + } + return entry; } /** @@ -434,6 +575,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bool is_enforce; int retval = -ENOMEM; bool need_kfree = false; + bool reject_on_transition_failure = false; struct tomoyo_path_info rn = { }; /* real name */ mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); @@ -457,8 +599,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) /* Check 'aggregator' directive. */ { struct tomoyo_aggregator *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_AGGREGATOR], head.list) { + struct list_head *list = + &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; + /* Check 'aggregator' directive. */ + list_for_each_entry_rcu(ptr, list, head.list) { if (ptr->head.is_deleted || !tomoyo_path_matches_pattern(&rn, ptr->original_name)) @@ -492,11 +636,21 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } /* Calculate domain to transit to. */ - switch (tomoyo_transition_type(old_domain->domainname, &rn)) { + switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, + &rn)) { + case TOMOYO_TRANSITION_CONTROL_RESET: + /* Transit to the root of specified namespace. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); + /* + * Make do_execve() fail if domain transition across namespaces + * has failed. + */ + reject_on_transition_failure = true; + break; case TOMOYO_TRANSITION_CONTROL_INITIALIZE: - /* Transit to the child of tomoyo_kernel_domain domain. */ - snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " " - "%s", rn.name); + /* Transit to the child of current namespace's root. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", + old_domain->ns->name, rn.name); break; case TOMOYO_TRANSITION_CONTROL_KEEP: /* Keep current domain. */ @@ -519,19 +673,25 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } break; } - if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10) - goto done; - domain = tomoyo_find_domain(tmp); if (!domain) - domain = tomoyo_assign_domain(tmp, old_domain->profile); - done: + domain = tomoyo_assign_domain(tmp, true); if (domain) - goto out; - printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp); - if (is_enforce) - retval = -EPERM; - else - old_domain->transition_failed = true; + retval = 0; + else if (reject_on_transition_failure) { + printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); + retval = -ENOMEM; + } else if (r.mode == TOMOYO_CONFIG_ENFORCING) + retval = -ENOMEM; + else { + retval = 0; + if (!old_domain->transition_failed) { + old_domain->transition_failed = true; + r.granted = false; + tomoyo_write_log(&r, "%s", "transition_failed\n"); + printk(KERN_WARNING + "ERROR: Domain '%s' not defined.\n", tmp); + } + } out: if (!domain) domain = old_domain; diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 4f8526af9069..323ddc73a125 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -603,7 +603,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, int error; r->type = tomoyo_p2mac[operation]; - r->mode = tomoyo_get_mode(r->profile, r->type); + r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); if (r->mode == TOMOYO_CONFIG_DISABLED) return 0; r->param_type = TOMOYO_TYPE_PATH_ACL; diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 412ee8309c23..782e844dca7f 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -292,15 +292,12 @@ static bool tomoyo_collect_acl(struct list_head *list) static void tomoyo_collect_entry(void) { int i; + enum tomoyo_policy_id id; + struct tomoyo_policy_namespace *ns; + int idx; if (mutex_lock_interruptible(&tomoyo_policy_lock)) return; - for (i = 0; i < TOMOYO_MAX_POLICY; i++) { - if (!tomoyo_collect_member(i, &tomoyo_policy_list[i])) - goto unlock; - } - for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) - if (!tomoyo_collect_acl(&tomoyo_acl_group[i])) - goto unlock; + idx = tomoyo_read_lock(); { struct tomoyo_domain_info *domain; list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { @@ -317,39 +314,49 @@ static void tomoyo_collect_entry(void) goto unlock; } } + list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) { + for (id = 0; id < TOMOYO_MAX_POLICY; id++) + if (!tomoyo_collect_member(id, &ns->policy_list[id])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) + if (!tomoyo_collect_acl(&ns->acl_group[i])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_GROUP; i++) { + struct list_head *list = &ns->group_list[i]; + struct tomoyo_group *group; + switch (i) { + case 0: + id = TOMOYO_ID_PATH_GROUP; + break; + default: + id = TOMOYO_ID_NUMBER_GROUP; + break; + } + list_for_each_entry(group, list, head.list) { + if (!tomoyo_collect_member + (id, &group->member_list)) + goto unlock; + if (!list_empty(&group->member_list) || + atomic_read(&group->head.users)) + continue; + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, + &group->head.list)) + goto unlock; + } + } + } for (i = 0; i < TOMOYO_MAX_HASH; i++) { - struct tomoyo_name *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], head.list) { - if (atomic_read(&ptr->head.users)) + struct list_head *list = &tomoyo_name_list[i]; + struct tomoyo_shared_acl_head *ptr; + list_for_each_entry(ptr, list, list) { + if (atomic_read(&ptr->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->head.list)) + if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list)) goto unlock; } } - for (i = 0; i < TOMOYO_MAX_GROUP; i++) { - struct list_head *list = &tomoyo_group_list[i]; - int id; - struct tomoyo_group *group; - switch (i) { - case 0: - id = TOMOYO_ID_PATH_GROUP; - break; - default: - id = TOMOYO_ID_NUMBER_GROUP; - break; - } - list_for_each_entry(group, list, head.list) { - if (!tomoyo_collect_member(id, &group->member_list)) - goto unlock; - if (!list_empty(&group->member_list) || - atomic_read(&group->head.users)) - continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, - &group->head.list)) - goto unlock; - } - } - unlock: +unlock: + tomoyo_read_unlock(idx); mutex_unlock(&tomoyo_policy_lock); } diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 7a0493943d6d..39d012823f84 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -118,7 +118,7 @@ struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, return NULL; if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list = &tomoyo_group_list[idx]; + list = &param->ns->group_list[idx]; list_for_each_entry(group, list, head.list) { if (e.group_name != group->group_name) continue; @@ -199,27 +199,23 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) return ptr ? &ptr->entry : NULL; } +/* Initial namespace.*/ +struct tomoyo_policy_namespace tomoyo_kernel_namespace; + /** * tomoyo_mm_init - Initialize mm related code. */ void __init tomoyo_mm_init(void) { int idx; - - for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) - INIT_LIST_HEAD(&tomoyo_policy_list[idx]); - for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) - INIT_LIST_HEAD(&tomoyo_group_list[idx]); for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) INIT_LIST_HEAD(&tomoyo_name_list[idx]); + tomoyo_kernel_namespace.name = "<kernel>"; + tomoyo_init_policy_namespace(&tomoyo_kernel_namespace); + tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); - for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) - INIT_LIST_HEAD(&tomoyo_acl_group[idx]); - tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME); + tomoyo_kernel_domain.domainname = tomoyo_get_name("<kernel>"); list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list); - idx = tomoyo_read_lock(); - if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain) - panic("Can't register tomoyo_kernel_domain"); #if 0 /* Will be replaced with tomoyo_load_builtin_policy(). */ { @@ -230,7 +226,6 @@ void __init tomoyo_mm_init(void) TOMOYO_TRANSITION_CONTROL_INITIALIZE); } #endif - tomoyo_read_unlock(idx); } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) */ bool tomoyo_correct_domain(const unsigned char *domainname) { - if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, - TOMOYO_ROOT_NAME_LEN)) - goto out; - domainname += TOMOYO_ROOT_NAME_LEN; - if (!*domainname) + if (!domainname || !tomoyo_domain_def(domainname)) + return false; + domainname = strchr(domainname, ' '); + if (!domainname++) return true; - if (*domainname++ != ' ') - goto out; while (1) { const unsigned char *cp = strchr(domainname, ' '); if (!cp) break; if (*domainname != '/' || !tomoyo_correct_word2(domainname, cp - domainname)) - goto out; + return false; domainname = cp + 1; } return tomoyo_correct_path(domainname); - out: - return false; } /** @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) */ bool tomoyo_domain_def(const unsigned char *buffer) { - return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); + const unsigned char *cp; + int len; + if (*buffer != '<') + return false; + cp = strchr(buffer, ' '); + if (!cp) + len = strlen(buffer); + else + len = cp - buffer; + if (buffer[len - 1] != '>' || + !tomoyo_correct_word2(buffer + 1, len - 2)) + return false; + return true; } /** @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) /** * tomoyo_get_mode - Get MAC mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * * Returns mode. */ -int tomoyo_get_mode(const u8 profile, const u8 index) +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index) { u8 mode; const u8 category = TOMOYO_MAC_CATEGORY_FILE; if (!tomoyo_policy_loaded) return TOMOYO_CONFIG_DISABLED; - mode = tomoyo_profile(profile)->config[index]; + mode = tomoyo_profile(ns, profile)->config[index]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->config[category]; + mode = tomoyo_profile(ns, profile)->config[category]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->default_config; + mode = tomoyo_profile(ns, profile)->default_config; return mode & 3; } @@ -872,25 +881,10 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, profile = domain->profile; r->profile = profile; r->type = index; - r->mode = tomoyo_get_mode(profile, index); + r->mode = tomoyo_get_mode(domain->ns, profile, index); return r->mode; } -/** - * tomoyo_last_word - Get last component of a line. - * - * @line: A line. - * - * Returns the last word of a line. - */ -const char *tomoyo_last_word(const char *name) -{ - const char *cp = strrchr(name, ' '); - if (cp) - return cp + 1; - return name; -} - /** * tomoyo_domain_quota_is_ok - Check for domain's quota. * @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) if (perm & (1 << i)) count++; } - if (count < tomoyo_profile(domain->profile)-> + if (count < tomoyo_profile(domain->ns, domain->profile)-> pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) return true; if (!domain->quota_warned) {

1 year, 3 months

1
0
0 0

[PATCH 6.6.y v2 0/5] Delay VERW - 6.6.y backport

by Pawan Gupta

v2: - Dropped already backported patch "x86/bugs: Add asm helpers for executing VERW" https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… - Booted fine with KASLR and KPTI enabled. - Rebased to v6.6.20 v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-6-y-v1-0-aa17b2922… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 2/6 needed a conflict to be resolved for the hunk swapgs_restore_regs_and_return_to_usermode. This is only compile and boot tested on qemu. Cc: Dave Hansen <dave.hansen(a)linux.intel.com> To: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (4): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/arch/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 ------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 20 +++++++++++++++---- 11 files changed, 75 insertions(+), 45 deletions(-) --- base-commit: 9b4a8eac17f0d840729384618b4b1e876233026c change-id: 20240226-delay-verw-backport-6-6-y-2cda3298e600 Best regards, -- Thanks, Pawan

1 year, 3 months

1
5
0 0

patch "iio: accel: adxl367: fix I2C FIFO data register" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: adxl367: fix I2C FIFO data register to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 11dadb631007324c7a8bcb2650eda88ed2b9eed0 Mon Sep 17 00:00:00 2001 From: Cosmin Tanislav <demonsingur(a)gmail.com> Date: Wed, 7 Feb 2024 05:36:51 +0200 Subject: iio: accel: adxl367: fix I2C FIFO data register As specified in the datasheet, the I2C FIFO data register is 0x18, not 0x42. 0x42 was used by mistake when adapting the ADXL372 driver. Fix this mistake. Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240207033657.206171-2-demonsingur@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/adxl367_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/accel/adxl367_i2c.c b/drivers/iio/accel/adxl367_i2c.c index b595fe94f3a3..62c74bdc0d77 100644 --- a/drivers/iio/accel/adxl367_i2c.c +++ b/drivers/iio/accel/adxl367_i2c.c @@ -11,7 +11,7 @@ #include "adxl367.h" -#define ADXL367_I2C_FIFO_DATA 0x42 +#define ADXL367_I2C_FIFO_DATA 0x18 struct adxl367_i2c_state { struct regmap *regmap; -- 2.44.0

1 year, 3 months

1
0
0 0

patch "iio: accel: adxl367: fix DEVID read after reset" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: adxl367: fix DEVID read after reset to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 1b926914bbe4e30cb32f268893ef7d82a85275b8 Mon Sep 17 00:00:00 2001 From: Cosmin Tanislav <demonsingur(a)gmail.com> Date: Wed, 7 Feb 2024 05:36:50 +0200 Subject: iio: accel: adxl367: fix DEVID read after reset regmap_read_poll_timeout() will not sleep before reading, causing the first read to return -ENXIO on I2C, since the chip does not respond to it while it is being reset. The datasheet specifies that a soft reset operation has a latency of 7.5ms. Add a 15ms sleep between reset and reading the DEVID register, and switch to a simple regmap_read() call. Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240207033657.206171-1-demonsingur@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/adxl367.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/iio/accel/adxl367.c b/drivers/iio/accel/adxl367.c index 90b7ae6d42b7..484fe2e9fb17 100644 --- a/drivers/iio/accel/adxl367.c +++ b/drivers/iio/accel/adxl367.c @@ -1429,9 +1429,11 @@ static int adxl367_verify_devid(struct adxl367_state *st) unsigned int val; int ret; - ret = regmap_read_poll_timeout(st->regmap, ADXL367_REG_DEVID, val, - val == ADXL367_DEVID_AD, 1000, 10000); + ret = regmap_read(st->regmap, ADXL367_REG_DEVID, &val); if (ret) + return dev_err_probe(st->dev, ret, "Failed to read dev id\n"); + + if (val != ADXL367_DEVID_AD) return dev_err_probe(st->dev, -ENODEV, "Invalid dev id 0x%02X, expected 0x%02X\n", val, ADXL367_DEVID_AD); @@ -1510,6 +1512,8 @@ int adxl367_probe(struct device *dev, const struct adxl367_ops *ops, if (ret) return ret; + fsleep(15000); + ret = adxl367_verify_devid(st); if (ret) return ret; -- 2.44.0

1 year, 3 months

1
0
0 0

patch "iio: pressure: Fixes BMP38x and BMP390 SPI support" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: Fixes BMP38x and BMP390 SPI support to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From a9dd9ba323114f366eb07f1d9630822f8df6cbb2 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Mon, 19 Feb 2024 20:13:59 +0100 Subject: iio: pressure: Fixes BMP38x and BMP390 SPI support According to the datasheet of BMP38x and BMP390 devices, for an SPI read operation the first byte that is returned needs to be dropped, and the rest of the bytes are the actual data returned from the sensor. Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Acked-by: Angel Iglesias <ang.iglesiasg(a)gmail.com> Link: https://lore.kernel.org/r/20240219191359.18367-1-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-spi.c | 50 ++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index e8a5fed07e88..a444d4b2978b 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -4,6 +4,7 @@ * * Inspired by the older BMP085 driver drivers/misc/bmp085-spi.c */ +#include <linux/bits.h> #include <linux/module.h> #include <linux/spi/spi.h> #include <linux/err.h> @@ -35,6 +36,34 @@ static int bmp280_regmap_spi_read(void *context, const void *reg, return spi_write_then_read(spi, reg, reg_size, val, val_size); } +static int bmp380_regmap_spi_read(void *context, const void *reg, + size_t reg_size, void *val, size_t val_size) +{ + struct spi_device *spi = to_spi_device(context); + u8 rx_buf[4]; + ssize_t status; + + /* + * Maximum number of consecutive bytes read for a temperature or + * pressure measurement is 3. + */ + if (val_size > 3) + return -EINVAL; + + /* + * According to the BMP3xx datasheets, for a basic SPI read opertion, + * the first byte needs to be dropped and the rest are the requested + * data. + */ + status = spi_write_then_read(spi, reg, 1, rx_buf, val_size + 1); + if (status) + return status; + + memcpy(val, rx_buf + 1, val_size); + + return 0; +} + static struct regmap_bus bmp280_regmap_bus = { .write = bmp280_regmap_spi_write, .read = bmp280_regmap_spi_read, @@ -42,10 +71,19 @@ static struct regmap_bus bmp280_regmap_bus = { .val_format_endian_default = REGMAP_ENDIAN_BIG, }; +static struct regmap_bus bmp380_regmap_bus = { + .write = bmp280_regmap_spi_write, + .read = bmp380_regmap_spi_read, + .read_flag_mask = BIT(7), + .reg_format_endian_default = REGMAP_ENDIAN_BIG, + .val_format_endian_default = REGMAP_ENDIAN_BIG, +}; + static int bmp280_spi_probe(struct spi_device *spi) { const struct spi_device_id *id = spi_get_device_id(spi); const struct bmp280_chip_info *chip_info; + struct regmap_bus *bmp_regmap_bus; struct regmap *regmap; int ret; @@ -58,8 +96,18 @@ static int bmp280_spi_probe(struct spi_device *spi) chip_info = spi_get_device_match_data(spi); + switch (chip_info->chip_id[0]) { + case BMP380_CHIP_ID: + case BMP390_CHIP_ID: + bmp_regmap_bus = &bmp380_regmap_bus; + break; + default: + bmp_regmap_bus = &bmp280_regmap_bus; + break; + } + regmap = devm_regmap_init(&spi->dev, - &bmp280_regmap_bus, + bmp_regmap_bus, &spi->dev, chip_info->regmap_config); if (IS_ERR(regmap)) { -- 2.44.0

1 year, 3 months

1
0
0 0

[PATCH] serial: 8250_dw: Do not reclock if already at correct rate

by Peter Collingbourne

When userspace opens the console, we call set_termios() passing a termios with the console's configured baud rate. Currently this causes dw8250_set_termios() to disable and then re-enable the UART clock at the same frequency as it was originally. This can cause corruption of any concurrent console output. Fix it by skipping the reclocking if we are already at the correct rate. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Link: https://linux-review.googlesource.com/id/I2e3761d239cbf29ed41412e5338f30bff… Fixes: 4e26b134bd17 ("serial: 8250_dw: clock rate handling for all ACPI platforms") Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_dw.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index 2d1f350a4bea..c1d43f040c43 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -357,9 +357,9 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, long rate; int ret; - clk_disable_unprepare(d->clk); rate = clk_round_rate(d->clk, newrate); - if (rate > 0) { + if (rate > 0 && p->uartclk != rate) { + clk_disable_unprepare(d->clk); /* * Note that any clock-notifer worker will block in * serial8250_update_uartclk() until we are done. @@ -367,8 +367,8 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, ret = clk_set_rate(d->clk, newrate); if (!ret) p->uartclk = rate; + clk_prepare_enable(d->clk); } - clk_prepare_enable(d->clk); dw8250_do_set_termios(p, termios, old); } -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 3 months

3
2
0 0

patch "iio: adc: rockchip_saradc: use mask for write_enable bitfield" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: use mask for write_enable bitfield to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 5b4e4b72034f85f7a0cdd147d3d729c5a22c8764 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:22 +0100 Subject: iio: adc: rockchip_saradc: use mask for write_enable bitfield Some of the registers on the SARADCv2 have bits write protected except if another bit is set. This is usually done by having the lowest 16 bits store the data to write and the highest 16 bits specify which of the 16 lowest bits should have their value written to the hardware block. The write_enable mask for the channel selection was incorrect because it was just the value shifted by 16 bits, which means it would only ever write bits and never clear them. So e.g. if someone starts a conversion on channel 5, the lowest 4 bits would be 0x5, then starts a conversion on channel 0, it would still be 5. Instead of shifting the value by 16 as the mask, let's use the OR'ing of the appropriate masks shifted by 16. Note that this is not an issue currently because the only SARADCv2 currently supported has a reset defined in its Device Tree, that reset resets the SARADC controller before starting a conversion on a channel. However, this reset is handled as optional by the probe function and thus proper masking should be used in the event an SARADCv2 without a reset ever makes it upstream. Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-2-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index 2da8d6f3241a..1c0042fbbb54 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -102,12 +102,12 @@ static void rockchip_saradc_start_v2(struct rockchip_saradc *info, int chn) writel_relaxed(0xc, info->regs + SARADC_T_DAS_SOC); writel_relaxed(0x20, info->regs + SARADC_T_PD_SOC); val = FIELD_PREP(SARADC2_EN_END_INT, 1); - val |= val << 16; + val |= SARADC2_EN_END_INT << 16; writel_relaxed(val, info->regs + SARADC2_END_INT_EN); val = FIELD_PREP(SARADC2_START, 1) | FIELD_PREP(SARADC2_SINGLE_MODE, 1) | FIELD_PREP(SARADC2_CONV_CHANNELS, chn); - val |= val << 16; + val |= (SARADC2_START | SARADC2_SINGLE_MODE | SARADC2_CONV_CHANNELS) << 16; writel(val, info->regs + SARADC2_CONV_CON); } -- 2.44.0

1 year, 3 months

1
0
0 0

patch "iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From b0a4546df24a4f8c59b2d05ae141bd70ceccc386 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:21 +0100 Subject: iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 The SARADCv2 on RK3588 (the only SoC currently supported that has an SARADCv2) selects the channel through the channel_sel bitfield which is the 4 lowest bits, therefore the mask should be GENMASK(3, 0) and not GENMASK(15, 0). Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-1-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index dd94667a623b..2da8d6f3241a 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -52,7 +52,7 @@ #define SARADC2_START BIT(4) #define SARADC2_SINGLE_MODE BIT(5) -#define SARADC2_CONV_CHANNELS GENMASK(15, 0) +#define SARADC2_CONV_CHANNELS GENMASK(3, 0) struct rockchip_saradc; -- 2.44.0

1 year, 3 months

1
0
0 0

patch "iio: adc: rockchip_saradc: use mask for write_enable bitfield" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: use mask for write_enable bitfield to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 5b4e4b72034f85f7a0cdd147d3d729c5a22c8764 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:22 +0100 Subject: iio: adc: rockchip_saradc: use mask for write_enable bitfield Some of the registers on the SARADCv2 have bits write protected except if another bit is set. This is usually done by having the lowest 16 bits store the data to write and the highest 16 bits specify which of the 16 lowest bits should have their value written to the hardware block. The write_enable mask for the channel selection was incorrect because it was just the value shifted by 16 bits, which means it would only ever write bits and never clear them. So e.g. if someone starts a conversion on channel 5, the lowest 4 bits would be 0x5, then starts a conversion on channel 0, it would still be 5. Instead of shifting the value by 16 as the mask, let's use the OR'ing of the appropriate masks shifted by 16. Note that this is not an issue currently because the only SARADCv2 currently supported has a reset defined in its Device Tree, that reset resets the SARADC controller before starting a conversion on a channel. However, this reset is handled as optional by the probe function and thus proper masking should be used in the event an SARADCv2 without a reset ever makes it upstream. Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-2-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index 2da8d6f3241a..1c0042fbbb54 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -102,12 +102,12 @@ static void rockchip_saradc_start_v2(struct rockchip_saradc *info, int chn) writel_relaxed(0xc, info->regs + SARADC_T_DAS_SOC); writel_relaxed(0x20, info->regs + SARADC_T_PD_SOC); val = FIELD_PREP(SARADC2_EN_END_INT, 1); - val |= val << 16; + val |= SARADC2_EN_END_INT << 16; writel_relaxed(val, info->regs + SARADC2_END_INT_EN); val = FIELD_PREP(SARADC2_START, 1) | FIELD_PREP(SARADC2_SINGLE_MODE, 1) | FIELD_PREP(SARADC2_CONV_CHANNELS, chn); - val |= val << 16; + val |= (SARADC2_START | SARADC2_SINGLE_MODE | SARADC2_CONV_CHANNELS) << 16; writel(val, info->regs + SARADC2_CONV_CON); } -- 2.44.0

1 year, 3 months

1
0
0 0

patch "iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From b0a4546df24a4f8c59b2d05ae141bd70ceccc386 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:21 +0100 Subject: iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 The SARADCv2 on RK3588 (the only SoC currently supported that has an SARADCv2) selects the channel through the channel_sel bitfield which is the 4 lowest bits, therefore the mask should be GENMASK(3, 0) and not GENMASK(15, 0). Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-1-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index dd94667a623b..2da8d6f3241a 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -52,7 +52,7 @@ #define SARADC2_START BIT(4) #define SARADC2_SINGLE_MODE BIT(5) -#define SARADC2_CONV_CHANNELS GENMASK(15, 0) +#define SARADC2_CONV_CHANNELS GENMASK(3, 0) struct rockchip_saradc; -- 2.44.0

1 year, 3 months

1
0
0 0

Linux 6.7.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.8 kernel. Only users that had build problems with 6.7.7 need to upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/ntfs3/frecord.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.7.8 Mark O'Donovan (1): fs/ntfs3: fix build without CONFIG_NTFS3_LZX_XPRESS

1 year, 3 months

1
1
0 0

Linux 6.6.20

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.20 kernel. Only users that had build problems with 6.6.19 need to upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/ntfs3/frecord.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.6.20 Mark O'Donovan (1): fs/ntfs3: fix build without CONFIG_NTFS3_LZX_XPRESS

1 year, 3 months

1
1
0 0

Linux 6.6.19

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.19 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/conf.py | 6 Makefile | 2 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 arch/arm/boot/dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 arch/arm/boot/dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 16 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/include/asm/acpi.h | 4 arch/loongarch/kernel/acpi.c | 4 arch/loongarch/kernel/setup.c | 4 arch/loongarch/kernel/smp.c | 122 +- arch/loongarch/vdso/Makefile | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/parisc/kernel/unwind.c | 14 arch/powerpc/include/asm/ppc-pci.h | 10 arch/powerpc/kernel/iommu.c | 23 arch/powerpc/platforms/pseries/pci_dlpar.c | 4 arch/s390/pci/pci.c | 2 arch/sparc/Makefile | 2 arch/sparc/video/Makefile | 2 arch/x86/entry/entry.S | 23 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/nospec-branch.h | 13 arch/x86/mm/numa.c | 21 block/blk-map.c | 13 drivers/accel/ivpu/ivpu_drv.c | 5 drivers/accel/ivpu/ivpu_hw_37xx.c | 2 drivers/accel/ivpu/ivpu_hw_40xx.c | 9 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/ata/ahci.c | 49 - drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 +- drivers/ata/libata-core.c | 4 drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/bus/imx-weim.c | 2 drivers/cache/ax45mp_cache.c | 4 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/acpi.c | 46 - drivers/cxl/core/pci.c | 6 drivers/dma/apple-admac.c | 5 drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 38 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 4 drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 14 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 drivers/gpu/drm/amd/display/dc/link/link_validation.c | 62 + drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 182 +++- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 9 drivers/gpu/drm/drm_syncobj.c | 19 drivers/gpu/drm/i915/display/intel_sdvo.c | 10 drivers/gpu/drm/i915/display/intel_tv.c | 10 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hid/hid-logitech-hidpp.c | 2 drivers/hid/hid-nvidia-shield.c | 4 drivers/hwmon/coretemp.c | 2 drivers/hwmon/nct6775-core.c | 14 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/mlx5/cong.c | 6 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-mbigen.c | 8 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 +- drivers/md/dm-integrity.c | 91 +- drivers/md/dm-verity-target.c | 86 +- drivers/md/dm-verity.h | 6 drivers/md/md.c | 6 drivers/misc/open-dice.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/ipa/ipa_interrupt.c | 2 drivers/net/phy/realtek.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 drivers/nvme/host/fc.c | 47 - drivers/nvme/target/fc.c | 131 +-- drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi/irqdomain.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 67 + drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/max5970-regulator.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/sd.c | 26 drivers/scsi/smartpqi/smartpqi.h | 1 drivers/scsi/smartpqi/smartpqi_init.c | 88 +- drivers/spi/spi-cs42l43.c | 5 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-intel-pci.c | 1 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 - drivers/tty/serial/stm32-usart.c | 4 drivers/ufs/core/ufshcd.c | 5 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/gadget/udc/omap_udc.c | 3 drivers/usb/roles/class.c | 29 drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/usb/typec/tcpm/tcpm.c | 3 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 + drivers/vfio/iova_bitmap.c | 25 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 drivers/xen/events/events_2l.c | 8 drivers/xen/events/events_base.c | 426 ++++------ drivers/xen/events/events_internal.h | 1 drivers/xen/evtchn.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/defrag.c | 2 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/erofs/namei.c | 28 fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 45 - fs/ntfs3/attrlist.c | 12 fs/ntfs3/bitmap.c | 4 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 53 + fs/ntfs3/frecord.c | 17 fs/ntfs3/fslog.c | 232 ++--- fs/ntfs3/fsntfs.c | 27 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 25 fs/ntfs3/namei.c | 12 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 23 fs/ntfs3/record.c | 18 fs/ntfs3/super.c | 49 - fs/ntfs3/xattr.c | 6 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 12 fs/smb/client/connect.c | 11 fs/smb/client/dfs.c | 7 fs/smb/client/file.c | 3 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/sess.c | 5 fs/smb/client/smb2pdu.c | 26 fs/smb/client/transport.c | 18 include/linux/ceph/osd_client.h | 3 include/linux/fs.h | 2 include/linux/memblock.h | 2 include/linux/mlx5/mlx5_ifc.h | 2 include/linux/swap.h | 5 include/net/ipv6_stubs.h | 5 include/net/netfilter/nf_flow_table.h | 2 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 5 include/uapi/linux/bpf.h | 10 include/xen/events.h | 4 kernel/bpf/helpers.c | 5 kernel/sched/rt.c | 9 lib/Kconfig.debug | 1 mm/damon/lru_sort.c | 43 - mm/damon/reclaim.c | 18 mm/memblock.c | 5 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 7 net/bridge/br_switchdev.c | 84 + net/ceph/osd_client.c | 18 net/core/filter.c | 18 net/core/skmsg.c | 7 net/devlink/core.c | 12 net/devlink/port.c | 2 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 net/ipv6/addrconf.c | 21 net/ipv6/af_inet6.c | 1 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/mlme.c | 1 net/mac80211/scan.c | 30 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 8 net/mptcp/fastopen.c | 6 net/mptcp/mib.c | 1 net/mptcp/mib.h | 8 net/mptcp/options.c | 9 net/mptcp/pm_netlink.c | 74 + net/mptcp/pm_userspace.c | 52 + net/mptcp/protocol.c | 69 + net/mptcp/protocol.h | 25 net/mptcp/subflow.c | 86 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 17 net/netfilter/nf_tables_api.c | 81 - net/phonet/datagram.c | 4 net/phonet/pep.c | 41 net/sched/act_mirred.c | 147 +-- net/sched/cls_flower.c | 5 net/switchdev/switchdev.c | 73 + net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 3 scripts/bpf_doc.py | 2 sound/pci/hda/hda_intel.c | 6 sound/soc/amd/acp/acp-mach-common.c | 9 sound/soc/codecs/wm_adsp.c | 29 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/include/uapi/linux/bpf.h | 10 tools/net/ynl/lib/ynl.c | 19 tools/testing/selftests/drivers/net/bonding/bond_options.sh | 2 tools/testing/selftests/iommu/config | 5 tools/testing/selftests/mm/uffd-unit-tests.c | 6 tools/testing/selftests/net/forwarding/tc_actions.sh | 3 tools/testing/selftests/net/mptcp/diag.sh | 46 - tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 tools/testing/selftests/net/mptcp/simult_flows.sh | 3 tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 tools/testing/selftests/riscv/mm/mmap_test.h | 3 tools/testing/selftests/riscv/vector/v_initval_nolibc.c | 2 tools/testing/selftests/riscv/vector/vstate_prctl.c | 4 299 files changed, 3611 insertions(+), 1716 deletions(-) Aaro Koskinen (1): usb: gadget: omap_udc: fix USB gadget regression on Palm TE Alex Elder (1): net: ipa: don't overrun IPA suspend interrupt registers Alexander Stein (1): arm64: dts: tqma8mpql: fix audio codec iov-supply Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alice Chao (1): scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andrzej Kacprowski (1): accel/ivpu: Don't enable any tiles by default on VPU40xx Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio RDMA/srpt: Support specifying the srpt_service_guid parameter Benjamin Berg (1): wifi: iwlwifi: do not announce EPCS support Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Charles Keepax (1): spi: cs42l43: Handle error from devm_pm_runtime_enable Chen Jun (1): irqchip/mbigen: Don't use bus_get_dev_root() to find the parent Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Chengming Zhou (1): mm/zswap: invalidate duplicate entry when !zswap_enabled Chris Morgan (1): arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Christoph Müllner (2): tools: selftests: riscv: Fix compile warnings in vector tests tools: selftests: riscv: Fix compile warnings in mm tests Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (1): sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): ata: libata-core: Do not try to set sleeping devices to standby Dan Carpenter (2): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() xen/events: fix error code in xen_bind_pirq_msi_to_irq() Dan Williams (1): cxl/acpi: Fix load failures due to single window creation failure Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() David Strahan (1): scsi: smartpqi: Add new controller PCI IDs Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (2): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Fainelli (1): net: bcmasp: Indicate MAC is in charge of PHY PM Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gaurav Batra (1): powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Geliang Tang (7): mptcp: add CurrEstab MIB counter support mptcp: use mptcp_set_state mptcp: add needs_id for userspace appending addr selftests: mptcp: diag: check CURRESTAB counters selftests: mptcp: add mptcp_lib_get_counter mptcp: userspace pm send RM_ADDR for ID 0 mptcp: add needs_id for netlink appending addr Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.6.19 Guenter Roeck (3): lib/Kconfig.debug: TEST_IOV_ITER depends on MMU parisc: Fix stack unwinder hwmon: (nct6775) Fix access to temperature configuration registers Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hangbin Liu (1): selftests: bonding: set active slave to primary eth1 specifically Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (3): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (4): LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] LoongArch: Call early_init_fdt_scan_reserved_mem() earlier LoongArch: Disable IRQ before init_fn() for nonboot CPUs LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jacek Lawrynowicz (1): accel/ivpu: Disable d3hot_delay on all NPU generations Jakub Kicinski (4): net/sched: act_mirred: use the backlog for mirred ingress net/sched: act_mirred: don't override retval if we already lost the skb tools: ynl: make sure we always pass yarg to mnl_cb_run tools: ynl: don't leak mcast_groups on init error Jan Kiszka (1): riscv/efistub: Ensure GP-relative addressing is not used Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Javier Martinez Canillas (1): sparc: Fix undefined reference to fb_is_primary_device Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Jianbo Liu (1): net/sched: flower: Add lock protection when remove filter handle Jiri Kosina (1): HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Jiri Pirko (1): devlink: fix port dump cmd type Joao Martins (3): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (3): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Jonathan Corbet (1): docs: Instruct LaTeX to cope with deeper nesting Juergen Gross (4): xen/events: reduce externally visible helper functions xen/events: remove some simple helpers from events_base.c xen/events: drop xen_allocate_irqs_dynamic() xen/events: modify internal [un]bind interfaces Justin Chen (1): net: bcmasp: Sanity check is off by one Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (2): RDMA/bnxt_re: Return error for SRQ resize RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion LoongArch: vDSO: Disable UBSAN instrumentation Konstantin Komarov (20): fs/ntfs3: Improve alternative boot processing fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Reduce stack usage fs/ntfs3: Fix multithreaded stress test fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add file_modified fs/ntfs3: Drop suid and sgid bits as a part of fpunch fs/ntfs3: Implement super_operations::shutdown fs/ntfs3: ntfs3_forced_shutdown use int instead of bool fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Use kvfree to free memory allocated by kvmalloc fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Use i_size_read and i_size_write fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Fixed overflow check in mi_enum_attr() fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Krystian Pradzynski (1): accel/ivpu/40xx: Stop passing SKU boot parameters to FW Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (2): dmaengine: ti: edma: Add some null pointer checks to the edma_probe HID: nvidia-shield: Add missing null pointer checks to LED initialization Lad Prabhakar (1): cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lijo Lazar (1): drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Liming Sun (1): platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Lino Sanfilippo (2): serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled serial: amba-pl011: Fix DMA transmission in RS485 mode Lucas Stach (1): bus: imx-weim: fix valid range check Lukas Wunner (1): ARM: dts: Fix TPM schema violations Mahesh Rajashekhara (1): scsi: smartpqi: Fix logical volume rescan race condition Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Marek Vasut (1): arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mario Limonciello (1): platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (2): arm64/sme: Restore SME registers on exit from suspend arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Zhang (1): IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Martin Blumenstingl (2): regulator: pwm-regulator: Add validity checks in continuous .get_voltage drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (2): scsi: sd: usb_storage: uas: Access media prior to querying device properties scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Matthieu Baerts (NGI0) (9): selftests: mptcp: userspace_pm: unique subtest names selftests: mptcp: simult flows: fix some subtest names selftests: mptcp: pm nl: also list skipped tests selftests: mptcp: pm nl: avoid error msg on older kernels selftests: mptcp: diag: fix bash warnings on older kernels selftests: mptcp: diag: unique 'in use' subtest names selftests: mptcp: diag: unique 'cestab' subtest names selftests: mptcp: join: stop transfer when check is done (part 1) selftests: mptcp: join: stop transfer when check is done (part 2) Maxime Ripard (1): drm/i915/tv: Fix TV mode Maximilian Heyne (1): xen/events: close evtchn after mapping cleanup Meenakshikumar Somasundaram (1): drm/amd/display: Add dpia display mode validation logic Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mika Westerberg (1): spi: intel-pci: Add support for Arrow Lake SPI serial flash Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Muhammad Usama Anjum (1): selftests/iommu: fix the config fragment Mukul Joshi (1): drm/amdkfd: Use correct drm device for cgroup permission check Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nathan Chancellor (1): drm/amd/display: Avoid enum conversion warning Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Ondrej Jirman (1): Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Pablo Neira Ayuso (3): netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (6): mptcp: fix more tx path fields initialization mptcp: corner case locking for rx path fields initialization mptcp: fix lockless access in subflow ULP diag mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation Patrick Rudolph (1): regulator (max5970): Fix IRQ handler Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawan Gupta (1): x86/bugs: Add asm helpers for executing VERW Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peichen Huang (1): drm/amd/display: Request usb4 bw for mst streams Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Qu Wenruo (1): btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Rui Salvaterra (2): ALSA: hda: Replace numeric device IDs with constant values ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup Sebastian Andrzej Siewior (1): xsk: Add truesize to skb_add_rx_frag(). SeongJae Park (2): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (8): cifs: open_cached_dir should not rely on primary channel cifs: cifs_pick_channel should try selecting active channels cifs: translate network errors on send to -ECONNABORTED cifs: helper function to check replayable error codes cifs: make sure that channel scaling is done only once cifs: do not search for channel if server is terminating cifs: change tcon status when need_reconnect is set on it cifs: handle cases where multiple sessions share connection Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (3): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz drm/amd/display: fixed integer types and null check locations Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam (1): drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Stanley.Yang (1): drm/amdgpu: Fix shared buff copy to user Steve French (2): smb3: clarify mount warning smb3: add missing null server pointer check Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Szuying Chen (1): ata: ahci: add identifiers for ASM2116 series adapters Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Terry Tritton (1): selftests/mm: uffd-unit-test check if huge page size is 0 Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (3): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref devlink: fix possible use-after-free and memory leaks in devlink_init() Venkata Prasad Potturu (1): ASoC: amd: acp: Add check for cpu dai link initialization Victor Nogueira (1): net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (3): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: dw-edma: increase size of 'name' in debugfs code Viresh Kumar (1): xen: evtchn: Allow shared registration of IRQ handers Wachowski, Karol (1): accel/ivpu: Force snooping for MMU writes Wayne Lin (1): drm/amd/display: adjust few initialization order in dm Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xiubo Li (1): libceph: fail sparse-read if the data length doesn't match Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (1): md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 3 months

2
3
0 0

6.6.19 won't compile with " [*] Compile the kernel with warnings as errors"

by Rainer Fiebig

The problem seems to be in fs/ntfs3/frecord.c. Original messages were in German, so here's my translation (original at the end of the post): [...] CC lib/zstd/common/zstd_common.o CC arch/x86/kernel/cpu/feat_ctl.o fs/ntfs3/frecord.c: In Funktion »ni_read_frame«: fs/ntfs3/frecord.c:2460:16: Error: variable >>i_size<< is not used" [-Werror=unused-variable] 2460 | loff_t i_size = i_size_read(&ni->vfs_inode); | ^~~~~~ AR lib/zstd/built-in.a [...] cc1: All warnings are treated as errors make[4]: *** [scripts/Makefile.build:243: fs/ntfs3/frecord.o] error 1 make[3]: *** [scripts/Makefile.build:480: fs/ntfs3] error 2 make[3]: *** Waiting for not yet finished processes.... [...] Let me know if you need further information. Thanks. Rainer -- Original messages: [...] CC lib/zstd/common/zstd_common.o CC arch/x86/kernel/cpu/feat_ctl.o fs/ntfs3/frecord.c: In Funktion »ni_read_frame«: fs/ntfs3/frecord.c:2460:16: Fehler: Variable »i_size« wird nicht verwendet [-Werror=unused-variable] 2460 | loff_t i_size = i_size_read(&ni->vfs_inode); | ^~~~~~ AR lib/zstd/built-in.a CC lib/bug.o CC fs/udf/inode.o CC arch/x86/kernel/cpu/intel.o CC arch/x86/kernel/process_64.o CC kernel/events/callchain.o CC lib/buildid.o cc1: Alle Warnungen werden als Fehler behandelt make[4]: *** [scripts/Makefile.build:243: fs/ntfs3/frecord.o] Fehler 1 make[3]: *** [scripts/Makefile.build:480: fs/ntfs3] Fehler 2 make[3]: *** Es wird auf noch nicht beendete Prozesse gewartet.... CC kernel/events/hw_breakpoint.o CC lib/clz_tab.o CC lib/cmdline.o CC fs/udf/lowlevel.o [...] -- The truth always turns out to be simpler than you thought. Richard Feynman

1 year, 3 months

3
3
0 0

Linux 6.7.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.7 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/conf.py | 6 Documentation/dev-tools/kunit/usage.rst | 10 Makefile | 2 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 arch/arm/boot/dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 arch/arm/boot/dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 16 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/include/asm/acpi.h | 4 arch/loongarch/kernel/acpi.c | 4 arch/loongarch/kernel/setup.c | 4 arch/loongarch/kernel/smp.c | 122 ++--- arch/loongarch/vdso/Makefile | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/parisc/kernel/unwind.c | 14 arch/powerpc/include/asm/ppc-pci.h | 10 arch/powerpc/kernel/iommu.c | 23 arch/powerpc/kvm/book3s_hv.c | 26 + arch/powerpc/kvm/book3s_hv_nestedv2.c | 20 arch/powerpc/platforms/pseries/pci_dlpar.c | 4 arch/s390/pci/pci.c | 2 arch/sparc/Makefile | 2 arch/sparc/video/Makefile | 2 arch/x86/entry/entry.S | 23 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/nospec-branch.h | 13 arch/x86/kernel/traps.c | 2 arch/x86/mm/numa.c | 21 block/blk-map.c | 13 drivers/accel/ivpu/ivpu_drv.c | 5 drivers/accel/ivpu/ivpu_hw_37xx.c | 2 drivers/accel/ivpu/ivpu_hw_40xx.c | 9 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/ata/ahci.c | 44 + drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 +++-- drivers/ata/libata-core.c | 59 +- drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/bus/imx-weim.c | 2 drivers/cache/ax45mp_cache.c | 4 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/acpi.c | 46 + drivers/cxl/core/pci.c | 49 +- drivers/dma/apple-admac.c | 5 drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpio/gpiolib.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 57 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 4 drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 14 drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c | 1 drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c | 18 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 4 drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 + drivers/gpu/drm/amd/display/dc/link/link_factory.c | 26 - drivers/gpu/drm/amd/display/dc/link/link_validation.c | 62 ++ drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 182 +++++-- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 9 drivers/gpu/drm/drm_buddy.c | 4 drivers/gpu/drm/drm_syncobj.c | 19 drivers/gpu/drm/i915/display/intel_sdvo.c | 10 drivers/gpu/drm/i915/display/intel_tv.c | 10 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 5 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 18 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hid/hid-logitech-hidpp.c | 2 drivers/hid/hid-nvidia-shield.c | 4 drivers/hwmon/coretemp.c | 2 drivers/hwmon/nct6775-core.c | 14 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/mlx5/cong.c | 6 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 45 - drivers/iommu/intel/iommu.c | 87 +++ drivers/iommu/intel/iommu.h | 7 drivers/iommu/intel/nested.c | 14 drivers/iommu/intel/pasid.c | 5 drivers/iommu/intel/pasid.h | 1 drivers/iommu/iommu-sva.c | 2 drivers/iommu/iommufd/hw_pagetable.c | 3 drivers/iommu/iommufd/iova_bitmap.c | 68 ++ drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-mbigen.c | 8 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 +++- drivers/md/dm-integrity.c | 91 +++ drivers/md/dm-verity-target.c | 86 +++ drivers/md/dm-verity.h | 6 drivers/md/md.c | 70 +-- drivers/md/raid10.c | 16 drivers/md/raid5.c | 29 - drivers/misc/open-dice.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/ipa/ipa_interrupt.c | 2 drivers/net/phy/realtek.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 drivers/nvme/host/fc.c | 47 -- drivers/nvme/target/fc.c | 137 +++-- drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/msi/irqdomain.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++ drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/think-lmi.c | 20 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 + drivers/platform/x86/x86-android-tablets/core.c | 3 drivers/platform/x86/x86-android-tablets/lenovo.c | 1 drivers/platform/x86/x86-android-tablets/x86-android-tablets.h | 1 drivers/regulator/max5970-regulator.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/sd.c | 26 + drivers/scsi/smartpqi/smartpqi.h | 1 drivers/scsi/smartpqi/smartpqi_init.c | 88 +++ drivers/spi/spi-cs42l43.c | 5 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-intel-pci.c | 1 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 +- drivers/tty/serial/stm32-usart.c | 4 drivers/ufs/core/ufshcd.c | 7 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/gadget/udc/omap_udc.c | 3 drivers/usb/roles/class.c | 29 - drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/usb/typec/tcpm/tcpm.c | 3 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 ++- drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/defrag.c | 2 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/ceph/caps.c | 6 fs/ceph/mds_client.c | 9 fs/ceph/mds_client.h | 2 fs/ceph/super.h | 2 fs/erofs/namei.c | 28 - fs/ext4/extents.c | 111 +++- fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 45 + fs/ntfs3/attrlist.c | 12 fs/ntfs3/bitmap.c | 4 fs/ntfs3/dir.c | 44 + fs/ntfs3/file.c | 72 ++- fs/ntfs3/frecord.c | 19 fs/ntfs3/fslog.c | 232 ++++------ fs/ntfs3/fsntfs.c | 29 + fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 32 + fs/ntfs3/namei.c | 12 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 25 - fs/ntfs3/record.c | 18 fs/ntfs3/super.c | 49 +- fs/ntfs3/xattr.c | 6 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 12 fs/smb/client/connect.c | 11 fs/smb/client/dfs.c | 7 fs/smb/client/file.c | 3 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/sess.c | 5 fs/smb/client/smb2pdu.c | 26 + fs/smb/client/transport.c | 18 include/kunit/resource.h | 21 include/linux/ceph/osd_client.h | 3 include/linux/fs.h | 2 include/linux/iommu.h | 12 include/linux/memblock.h | 2 include/linux/mlx5/mlx5_ifc.h | 2 include/linux/swap.h | 5 include/net/netfilter/nf_flow_table.h | 2 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 5 kernel/bpf/helpers.c | 5 lib/Kconfig.debug | 1 lib/kunit/kunit-test.c | 5 lib/kunit/test.c | 6 mm/damon/core.c | 15 mm/damon/lru_sort.c | 43 + mm/damon/reclaim.c | 18 mm/memblock.c | 6 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 7 net/bridge/br_switchdev.c | 84 ++- net/ceph/osd_client.c | 18 net/core/skmsg.c | 7 net/core/sock.c | 23 net/devlink/core.c | 12 net/devlink/port.c | 2 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 + net/ipv4/udp.c | 7 net/ipv6/addrconf.c | 21 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/debugfs_netdev.c | 4 net/mac80211/debugfs_netdev.h | 5 net/mac80211/iface.c | 2 net/mac80211/mlme.c | 8 net/mac80211/scan.c | 30 - net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 8 net/mptcp/fastopen.c | 6 net/mptcp/mib.c | 1 net/mptcp/mib.h | 8 net/mptcp/options.c | 9 net/mptcp/pm_netlink.c | 74 ++- net/mptcp/pm_userspace.c | 15 net/mptcp/protocol.c | 69 +- net/mptcp/protocol.h | 25 - net/mptcp/subflow.c | 86 ++- net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 17 net/netfilter/nf_tables_api.c | 81 +-- net/phonet/datagram.c | 4 net/phonet/pep.c | 41 + net/sched/act_mirred.c | 147 +++--- net/sched/cls_flower.c | 5 net/switchdev/switchdev.c | 73 +++ net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 - net/unix/af_unix.c | 19 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 3 scripts/bpf_doc.py | 2 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/hda_intel.c | 6 sound/soc/amd/acp/acp-mach-common.c | 9 sound/soc/codecs/wm_adsp.c | 29 - sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/net/ynl/lib/ynl.c | 19 tools/testing/selftests/drivers/net/bonding/bond_options.sh | 2 tools/testing/selftests/iommu/config | 5 tools/testing/selftests/mm/uffd-unit-tests.c | 6 tools/testing/selftests/net/forwarding/tc_actions.sh | 3 tools/testing/selftests/net/mptcp/diag.sh | 46 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +--- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 tools/testing/selftests/net/mptcp/simult_flows.sh | 3 tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 tools/testing/selftests/riscv/hwprobe/cbo.c | 6 tools/testing/selftests/riscv/hwprobe/hwprobe.c | 4 tools/testing/selftests/riscv/mm/mmap_test.h | 3 tools/testing/selftests/riscv/vector/v_initval_nolibc.c | 2 tools/testing/selftests/riscv/vector/vstate_prctl.c | 4 339 files changed, 3835 insertions(+), 1815 deletions(-) Aaro Koskinen (1): usb: gadget: omap_udc: fix USB gadget regression on Palm TE Alex Elder (1): net: ipa: don't overrun IPA suspend interrupt registers Alexander Stein (1): arm64: dts: tqma8mpql: fix audio codec iov-supply Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alice Chao (1): scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Amit Machhiwal (1): KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat' Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andrzej Kacprowski (1): accel/ivpu: Don't enable any tiles by default on VPU40xx Anshuman Khandual (1): mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Arunpravin Paneer Selvam (1): drm/buddy: Modify duplicate list_splice_tail call Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio RDMA/srpt: Support specifying the srpt_service_guid parameter Benjamin Berg (1): wifi: iwlwifi: do not announce EPCS support Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Charlene Liu (1): drm/amd/display: fix USB-C flag update after enc10 feature init Charles Keepax (1): spi: cs42l43: Handle error from devm_pm_runtime_enable Chen Jun (1): irqchip/mbigen: Don't use bus_get_dev_root() to find the parent Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Chengming Zhou (1): mm/zswap: invalidate duplicate entry when !zswap_enabled Chhayly Leang (1): ALSA: hda: cs35l41: Support ASUS Zenbook UM3402YAR Chris Morgan (1): arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Christoph Müllner (4): tools: selftests: riscv: Fix compile warnings in hwprobe tools: selftests: riscv: Fix compile warnings in cbo tools: selftests: riscv: Fix compile warnings in vector tests tools: selftests: riscv: Fix compile warnings in mm tests Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Damien Le Moal (2): ata: libata-core: Do not try to set sleeping devices to standby ata: libata-core: Do not call ata_dev_power_set_standby() twice Dan Carpenter (2): scsi: ufs: Uninitialized variable in ufshcd_devfreq_target() drm/nouveau/mmu/r535: uninitialized variable in r535_bar_new_() Dan Williams (1): cxl/acpi: Fix load failures due to single window creation failure Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (9): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: free queue and assoc directly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() David Gow (1): kunit: Add a macro to wrap a deferred action function David Strahan (1): scsi: smartpqi: Add new controller PCI IDs Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Dmytro Laktyushkin (1): drm/amd/display: Fix DPSTREAM CLK on and off sequence Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Emil Renner Berthing (1): gpiolib: Handle no pin_ranges in gpiochip_generic_config() Eric Dumazet (3): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid net: implement lockless setsockopt(SO_PEEK_OFF) Erik Kurzinger (2): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Fainelli (1): net: bcmasp: Indicate MAC is in charge of PHY PM Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gaurav Batra (1): powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Geliang Tang (6): mptcp: add CurrEstab MIB counter support mptcp: use mptcp_set_state mptcp: add needs_id for userspace appending addr mptcp: add needs_id for netlink appending addr selftests: mptcp: diag: check CURRESTAB counters selftests: mptcp: add mptcp_lib_get_counter Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.7.7 Guenter Roeck (3): lib/Kconfig.debug: TEST_IOV_ITER depends on MMU parisc: Fix stack unwinder hwmon: (nct6775) Fix access to temperature configuration registers Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hangbin Liu (1): selftests: bonding: set active slave to primary eth1 specifically Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (4): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: x86-android-tablets: Fix keyboard touchscreen on Lenovo Yogabook1 X90 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (4): LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] LoongArch: Call early_init_fdt_scan_reserved_mem() earlier LoongArch: Disable IRQ before init_fn() for nonboot CPUs LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jacek Lawrynowicz (1): accel/ivpu: Disable d3hot_delay on all NPU generations Jakub Kicinski (4): net/sched: act_mirred: use the backlog for mirred ingress net/sched: act_mirred: don't override retval if we already lost the skb tools: ynl: make sure we always pass yarg to mnl_cb_run tools: ynl: don't leak mcast_groups on init error Jason Gunthorpe (3): iommufd: Reject non-zero data_type if no data_len is provided s390: use the correct count for __iowrite64_copy() iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock Javier Martinez Canillas (1): sparc: Fix undefined reference to fb_is_primary_device Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Jianbo Liu (1): net/sched: flower: Add lock protection when remove filter handle Jiri Kosina (1): HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Jiri Pirko (1): devlink: fix port dump cmd type Joao Martins (4): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Handle recording beyond the mapped pages iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (5): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: fix driver debugfs for vif type change wifi: mac80211: initialize SMPS mode correctly wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Jonathan Corbet (1): docs: Instruct LaTeX to cope with deeper nesting Justin Chen (1): net: bcmasp: Sanity check is off by one Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (2): RDMA/bnxt_re: Return error for SRQ resize RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion LoongArch: vDSO: Disable UBSAN instrumentation Kenzo Gomez (1): ALSA: hda: cs35l41: Support additional ASUS Zenbook UX3402VA Konstantin Komarov (23): fs/ntfs3: Improve alternative boot processing fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Reduce stack usage fs/ntfs3: Fix multithreaded stress test fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Correct use bh_read fs/ntfs3: Add file_modified fs/ntfs3: Drop suid and sgid bits as a part of fpunch fs/ntfs3: Implement super_operations::shutdown fs/ntfs3: ntfs3_forced_shutdown use int instead of bool fs/ntfs3: Add and fix comments fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Fix c/mtime typo fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Use kvfree to free memory allocated by kvmalloc fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Use i_size_read and i_size_write fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Fixed overflow check in mi_enum_attr() fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Krystian Pradzynski (1): accel/ivpu/40xx: Stop passing SKU boot parameters to FW Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (2): dmaengine: ti: edma: Add some null pointer checks to the edma_probe HID: nvidia-shield: Add missing null pointer checks to LED initialization Lad Prabhakar (1): cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lewis Huang (1): drm/amd/display: Only allow dig mapping to pwrseq in new asic Li Ming (1): cxl/pci: Skip to handle RAS errors if CXL.mem device is detached Lijo Lazar (1): drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Liming Sun (1): platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Lino Sanfilippo (2): serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled serial: amba-pl011: Fix DMA transmission in RS485 mode Lucas Stach (1): bus: imx-weim: fix valid range check Lukas Wunner (1): ARM: dts: Fix TPM schema violations Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Mahesh Rajashekhara (1): scsi: smartpqi: Fix logical volume rescan race condition Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Marek Vasut (1): arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (2): arm64/sme: Restore SME registers on exit from suspend arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Pearson (1): platform/x86: think-lmi: Fix password opcode ordering for workstations Mark Zhang (1): IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Martin Blumenstingl (2): regulator: pwm-regulator: Add validity checks in continuous .get_voltage drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (2): scsi: sd: usb_storage: uas: Access media prior to querying device properties scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Matthieu Baerts (NGI0) (9): selftests: mptcp: userspace_pm: unique subtest names selftests: mptcp: simult flows: fix some subtest names selftests: mptcp: pm nl: also list skipped tests selftests: mptcp: pm nl: avoid error msg on older kernels selftests: mptcp: diag: fix bash warnings on older kernels selftests: mptcp: diag: unique 'in use' subtest names selftests: mptcp: diag: unique 'cestab' subtest names selftests: mptcp: join: stop transfer when check is done (part 1) selftests: mptcp: join: stop transfer when check is done (part 2) Maxime Ripard (1): drm/i915/tv: Fix TV mode Meenakshikumar Somasundaram (1): drm/amd/display: Add dpia display mode validation logic Melissa Wen (1): drm/amd/display: fix null-pointer dereference on edid reading Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mika Westerberg (1): spi: intel-pci: Add support for Arrow Lake SPI serial flash Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Muhammad Usama Anjum (1): selftests/iommu: fix the config fragment Mukul Joshi (1): drm/amdkfd: Use correct drm device for cgroup permission check Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nathan Chancellor (1): drm/amd/display: Avoid enum conversion warning Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Ondrej Jirman (1): Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Pablo Neira Ayuso (3): netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (6): mptcp: fix more tx path fields initialization mptcp: corner case locking for rx path fields initialization mptcp: fix lockless access in subflow ULP diag mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation Patrick Rudolph (1): regulator (max5970): Fix IRQ handler Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawan Gupta (1): x86/bugs: Add asm helpers for executing VERW Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peichen Huang (1): drm/amd/display: Request usb4 bw for mst streams Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Qu Wenruo (1): btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Roman Li (1): drm/amd/display: Disable ips before dc interrupt setting Rui Salvaterra (2): ALSA: hda: Replace numeric device IDs with constant values ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup Sebastian Andrzej Siewior (1): xsk: Add truesize to skb_add_rx_frag(). SeongJae Park (3): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/core: check apply interval in damon_do_apply_schemes() mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (8): cifs: open_cached_dir should not rely on primary channel cifs: cifs_pick_channel should try selecting active channels cifs: translate network errors on send to -ECONNABORTED cifs: helper function to check replayable error codes cifs: make sure that channel scaling is done only once cifs: do not search for channel if server is terminating cifs: change tcon status when need_reconnect is set on it cifs: handle cases where multiple sessions share connection Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (3): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz drm/amd/display: fixed integer types and null check locations Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam (2): drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Stanley.Yang (1): drm/amdgpu: Fix shared buff copy to user Steve French (2): smb3: clarify mount warning smb3: add missing null server pointer check Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Terry Tritton (1): selftests/mm: uffd-unit-test check if huge page size is 0 Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Timur Tabi (1): drm/nouveau: nvkm_gsp_radix3_sg() should use nvkm_gsp_mem_ctor() Tina Zhang (1): iommu: Add mm_get_enqcmd_pasid() helper function Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (3): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref devlink: fix possible use-after-free and memory leaks in devlink_init() Venkata Prasad Potturu (1): ASoC: amd: acp: Add check for cpu dai link initialization Victor Nogueira (1): net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (3): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: dw-edma: increase size of 'name' in debugfs code Wachowski, Karol (1): accel/ivpu: Force snooping for MMU writes Wayne Lin (1): drm/amd/display: adjust few initialization order in dm Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xiubo Li (2): libceph: fail sparse-read if the data length doesn't match ceph: always check dir caps asynchronously Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Liu (6): iommu/vt-d: Update iotlb in nested domain attach iommu/vt-d: Track nested domains in parent iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking() iommu/vt-d: Wrap the dirty tracking loop to be a helper iommu/vt-d: Add missing dirty tracking set for parent domain iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (6): md: Don't ignore suspended array in md_check_recovery() md: Don't ignore read-only array in md_check_recovery() md: Make sure md_do_sync() will set MD_RECOVERY_DONE md: Don't register sync_thread for reshape directly md: Don't suspend the array for interrupted reshape md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 3 months

2
2
0 0

[PATCH v2] usb: port: Don't try to peer unused USB ports based on location

by Mathias Nyman

Unused USB ports may have bogus location data in ACPI PLD tables. This causes port peering failures as these unused USB2 and USB3 ports location may match. Due to these failures the driver prints a "usb: port power management may be unreliable" warning, and unnecessarily blocks port power off during runtime suspend. This was debugged on a couple DELL systems where the unused ports all returned zeroes in their location data. Similar bugreports exist for other systems. Don't try to peer or match ports that have connect type set to USB_PORT_NOT_USED. Fixes: 3bfd659baec8 ("usb: find internal hub tier mismatch via acpi") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218465 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218486 Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Link: https://lore.kernel.org/linux-usb/5406d361-f5b7-4309-b0e6-8c94408f7d75@molg… Cc: stable(a)vger.kernel.org # v3.16+ Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- v1 -> v2 - Improve commit message - Add missing Fixes, Closes and Link tags - send this patch separately for easier picking to usb-linus drivers/usb/core/port.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index c628c1abc907..4d63496f98b6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -573,7 +573,7 @@ static int match_location(struct usb_device *peer_hdev, void *p) struct usb_hub *peer_hub = usb_hub_to_struct_hub(peer_hdev); struct usb_device *hdev = to_usb_device(port_dev->dev.parent->parent); - if (!peer_hub) + if (!peer_hub || port_dev->connect_type == USB_PORT_NOT_USED) return 0; hcd = bus_to_hcd(hdev->bus); @@ -584,7 +584,8 @@ static int match_location(struct usb_device *peer_hdev, void *p) for (port1 = 1; port1 <= peer_hdev->maxchild; port1++) { peer = peer_hub->ports[port1 - 1]; - if (peer && peer->location == port_dev->location) { + if (peer && peer->connect_type != USB_PORT_NOT_USED && + peer->location == port_dev->location) { link_peers_report(port_dev, peer); return 1; /* done */ } -- 2.25.1

1 year, 3 months

2
4
0 0

[PATCH] etnaviv: Restore some id values

by Christian Gmeiner

From: Christian Gmeiner <cgmeiner(a)igalia.com> The hwdb selection logic as a feature that allows it to mark some fields as 'don't care'. If we match with such a field we memcpy(..) the current etnaviv_chip_identity into ident. This step can overwrite some id values read from the GPU with the 'don't care' value. Fix this issue by restoring the affected values after the memcpy(..). As this is crucial for user space to know when this feature works as expected increment the minor version too. Fixes: 4078a1186dd3 ("drm/etnaviv: update hwdb selection logic") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Gmeiner <cgmeiner(a)igalia.com> --- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 6228ce603248..9a2965741dab 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -494,7 +494,7 @@ static const struct drm_driver etnaviv_drm_driver = { .desc = "etnaviv DRM", .date = "20151214", .major = 1, - .minor = 3, + .minor = 4, }; /* diff --git a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c index 67201242438b..1e38d66702f1 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c @@ -265,6 +265,9 @@ static const struct etnaviv_chip_identity etnaviv_chip_identities[] = { bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) { struct etnaviv_chip_identity *ident = &gpu->identity; + const u32 product_id = ident->product_id; + const u32 customer_id = ident->customer_id; + const u32 eco_id = ident->eco_id; int i; for (i = 0; i < ARRAY_SIZE(etnaviv_chip_identities); i++) { @@ -278,6 +281,17 @@ bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) etnaviv_chip_identities[i].eco_id == ~0U)) { memcpy(ident, &etnaviv_chip_identities[i], sizeof(*ident)); + + /* Restore some id values if ~0U aka 'don't care' is used. */ + if (etnaviv_chip_identities[i].product_id == ~0U) + ident->product_id = product_id; + + if (etnaviv_chip_identities[i].customer_id == ~0U) + ident->customer_id = customer_id; + + if (etnaviv_chip_identities[i].eco_id == ~0U) + ident->eco_id = eco_id; + return true; } } -- 2.44.0

1 year, 3 months

3
3
0 0

[PATCH v2] drm/etnaviv: Restore some id values

by Christian Gmeiner

From: Christian Gmeiner <cgmeiner(a)igalia.com> The hwdb selection logic as a feature that allows it to mark some fields as 'don't care'. If we match with such a field we memcpy(..) the current etnaviv_chip_identity into ident. This step can overwrite some id values read from the GPU with the 'don't care' value. Fix this issue by restoring the affected values after the memcpy(..). As this is crucial for user space to know when this feature works as expected increment the minor version too. Fixes: 4078a1186dd3 ("drm/etnaviv: update hwdb selection logic") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Gmeiner <cgmeiner(a)igalia.com> --- V1 -> V2: Fixed patch subject line and removed not needed if clauses. drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 6228ce603248..9a2965741dab 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -494,7 +494,7 @@ static const struct drm_driver etnaviv_drm_driver = { .desc = "etnaviv DRM", .date = "20151214", .major = 1, - .minor = 3, + .minor = 4, }; /* diff --git a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c index 67201242438b..8665f2658d51 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c @@ -265,6 +265,9 @@ static const struct etnaviv_chip_identity etnaviv_chip_identities[] = { bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) { struct etnaviv_chip_identity *ident = &gpu->identity; + const u32 product_id = ident->product_id; + const u32 customer_id = ident->customer_id; + const u32 eco_id = ident->eco_id; int i; for (i = 0; i < ARRAY_SIZE(etnaviv_chip_identities); i++) { @@ -278,6 +281,12 @@ bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) etnaviv_chip_identities[i].eco_id == ~0U)) { memcpy(ident, &etnaviv_chip_identities[i], sizeof(*ident)); + + /* Restore some id values as ~0U aka 'don't care' might been used. */ + ident->product_id = product_id; + ident->customer_id = customer_id; + ident->eco_id = eco_id; + return true; } } -- 2.44.0

1 year, 3 months

1
0
0 0

Linux 5.15.150

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.150 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-platform-asus-wmi | 9 Makefile | 2 arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 arch/arm/boot/dts/bcm53573.dtsi | 20 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 79 arch/arm64/include/asm/exception.h | 5 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/arm64/mm/mmu.c | 4 arch/mips/include/asm/vpe.h | 1 arch/mips/kernel/smp-cps.c | 8 arch/mips/kernel/traps.c | 8 arch/mips/kernel/vpe-mt.c | 7 arch/mips/lantiq/prom.c | 6 arch/powerpc/kernel/eeh_driver.c | 71 arch/powerpc/kernel/rtas.c | 24 arch/powerpc/perf/hv-24x7.c | 42 arch/powerpc/platforms/powernv/pci-ioda.c | 3 arch/powerpc/platforms/pseries/lpar.c | 20 arch/powerpc/platforms/pseries/lparcfg.c | 20 arch/riscv/include/asm/parse_asm.h | 2 arch/s390/pci/pci.c | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/include/asm/text-patching.h | 30 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/fpu/signal.c | 12 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/paravirt.c | 23 arch/x86/kernel/static_call.c | 2 arch/x86/net/bpf_jit_comp.c | 2 drivers/acpi/button.c | 9 drivers/acpi/property.c | 4 drivers/acpi/resource.c | 35 drivers/acpi/video_detect.c | 34 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 6 drivers/ata/ahci_ceva.c | 125 - drivers/ata/ahci_da850.c | 47 drivers/ata/ahci_dm816.c | 4 drivers/ata/libahci_platform.c | 133 - drivers/block/nbd.c | 3 drivers/block/virtio_blk.c | 7 drivers/clk/clk.c | 11 drivers/clk/imx/clk-imx8mp.c | 23 drivers/clk/imx/clk.c | 3 drivers/clk/qcom/gcc-qcs404.c | 24 drivers/clk/qcom/gpucc-sc7180.c | 7 drivers/clk/qcom/gpucc-sdm845.c | 7 drivers/clk/renesas/renesas-cpg-mssr.c | 8 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/i915/display/intel_display_debugfs.c | 4 drivers/gpu/drm/i915/i915_reg.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 2 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hwmon/coretemp.c | 2 drivers/i2c/busses/i2c-imx.c | 97 - drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/sw/siw/siw_cm.c | 1 drivers/infiniband/sw/siw/siw_verbs.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/misc/iqs269a.c | 335 +-- drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/ads7846.c | 23 drivers/md/dm-crypt.c | 6 drivers/md/md.c | 14 drivers/md/raid10.c | 2 drivers/mmc/host/jz4740_mmc.c | 10 drivers/mmc/host/mxcmmc.c | 6 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/ethernet/intel/igb/igb_main.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/realtek/r8169_main.c | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 29 drivers/net/gtp.c | 10 drivers/net/wireless/ath/ath11k/mac.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 131 - drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi.c | 2 drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/pwm-regulator.c | 3 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/mediatek/mtk-pm-domains.c | 15 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/tty/serial/8250/8250_port.c | 18 drivers/tty/serial/amba-pl011.c | 60 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/host/xhci-hub.c | 228 +- drivers/usb/host/xhci-mem.c | 10 drivers/usb/host/xhci-ring.c | 13 drivers/usb/host/xhci.h | 9 drivers/usb/roles/class.c | 29 drivers/vdpa/mlx5/core/mr.c | 1 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/disk-io.c | 3 fs/cifs/connect.c | 19 fs/cifs/smb2file.c | 1 fs/cifs/smb2ops.c | 54 fs/cifs/smb2pdu.c | 113 - fs/cifs/smb2proto.h | 16 fs/erofs/decompressor.c | 34 fs/exfat/dir.c | 15 fs/exfat/exfat_fs.h | 5 fs/ext4/extents.c | 111 - fs/ext4/mballoc.c | 70 fs/f2fs/gc.c | 41 fs/ksmbd/smb2pdu.c | 8 fs/ntfs3/attrib.c | 20 fs/ntfs3/attrlist.c | 8 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 2 fs/ntfs3/fslog.c | 14 fs/ntfs3/fsntfs.c | 24 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 14 fs/ntfs3/record.c | 16 fs/ntfs3/xattr.c | 3 fs/zonefs/super.c | 68 include/dt-bindings/clock/imx8mp-clock.h | 10 include/linux/ahci_platform.h | 5 include/linux/bpf.h | 14 include/linux/clk-provider.h | 15 include/linux/fs.h | 2 include/linux/pm.h | 80 include/linux/sched.h | 4 include/linux/sched/signal.h | 2 include/linux/socket.h | 5 include/net/netfilter/nf_flow_table.h | 4 include/net/tcp.h | 2 kernel/bpf/bpf_lru_list.c | 21 kernel/bpf/bpf_lru_list.h | 7 kernel/bpf/helpers.c | 76 kernel/bpf/verifier.c | 3 kernel/sched/fair.c | 2 kernel/sched/rt.c | 10 kernel/sysctl.c | 4 kernel/time/posix-timers.c | 31 kernel/trace/bpf_trace.c | 39 lib/debugobjects.c | 9 mm/userfaultfd.c | 14 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/core/devlink.c | 5 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/mlme.c | 1 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mptcp/diag.c | 6 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 41 net/netfilter/nf_tables_api.c | 3 net/netfilter/nft_flow_offload.c | 12 net/packet/af_packet.c | 12 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_api.c | 20 net/sched/sch_atm.c | 710 ------- net/sched/sch_cbq.c | 1817 ------------------- net/sched/sch_dsmark.c | 522 ----- net/tls/tls_main.c | 2 net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 net/wireless/wext-core.c | 6 scripts/bpf_doc.py | 2 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/include/uapi/linux/fscrypt.h | 3 tools/perf/trace/beauty/include/linux/socket.h | 2 tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 tools/virtio/linux/kernel.h | 2 tools/virtio/linux/vringh.h | 1 219 files changed, 2291 insertions(+), 4618 deletions(-) Alex Bee (2): arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alexey Khoroshilov (1): clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Andrei Vagin (1): x86/fpu: Stop relying on userspace for info to fault in xsave buffer Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnaldo Carvalho de Melo (2): tools headers UAPI: Sync linux/fscrypt.h with the kernel sources perf beauty: Update copy of linux/socket.h with the kernel sources Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (5): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: regenerate buddy after block freeing failed if under fc replay ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Borislav Petkov (AMD) (2): Revert "x86/ftrace: Use alternative RET encoding" Revert "x86/alternative: Make custom return thunk unconditional" Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Byungki Lee (1): f2fs: write checkpoint during FG_GC Chao Yu (1): f2fs: don't set GC_FAILURE_PIN for background GC Chen-Yu Tsai (2): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Chuansheng Liu (1): drm/i915/dg1: Update DMC_DEBUG3 register Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (2): i2c: imx: Add timer for handling the stop condition i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): zonefs: Improve error handling Dan Carpenter (1): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Daniel Axtens (1): powerpc/eeh: Small refactor of eeh_handle_normal_event() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Dave Marchevsky (1): bpf: Merge printk and seq_printf VARARG max macros David Sterba (1): btrfs: add xxhash to fast checksum implementations Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Baryshkov (4): clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Eli Cohen (1): vdpa/mlx5: Don't clear mr struct on destroy MR Enzo Matsumiya (1): cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Eugen Hristev (1): pmdomain: mediatek: fix race conditions with genpd FUKAUMI Naoki (1): arm64: dts: rockchip: fix regulator name on rk3399-rock-4 Fedor Pchelkin (1): ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (4): netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: can't schedule in nft_chain_validate Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Frederic Barrat (1): powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Ganesh Goudar (1): powerpc/eeh: Set channel state after notifying the drivers Gao Xiang (1): erofs: fix lz4 inplace decompression Geert Uytterhoeven (2): pmdomain: renesas: r8a77980-sysc: CR7 must be always on clk: renesas: cpg-mssr: Remove superfluous check in resume code Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.15.150 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Guo Zhengkui (1): drm/nouveau/instmem: fix uninitialized_var.cocci warning Guoqing Jiang (2): RDMA/siw: Balance the reference of cep->kref in the error path RDMA/siw: Correct wrong debug message Gustavo A. R. Silva (1): wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (7): platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Heiko Stuebner (2): RISC-V: fix funct4 definition for c.jalr in parse_asm.h arm64: dts: rockchip: set num-cs property for spi on px30 Heiner Kallweit (1): r8169: use new PM macros Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Hui Su (1): kernel/sched: Remove dl_boosted flag comment Ilpo Järvinen (1): serial: 8250: Remove serial_rs485 sanitization from em485 Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jeff LaBundy (5): Input: iqs269a - drop unused device node references Input: iqs269a - configure device with a single block write Input: iqs269a - increase interrupt handler return delay Input: iqs269a - do not poll during suspend or resume Input: iqs269a - do not poll during ATI Jiri Olsa (3): bpf: Add struct for bin_args arg in bpf_bprintf_prepare bpf: Do cleanup in bpf_bprintf_cleanup only when needed bpf: Remove trace_printk_lock Johannes Berg (2): wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: iwlwifi: mvm: avoid baid size integer overflow Jonathan Cameron (1): Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (1): net: dev: Convert sa_data to flexible array in struct sockaddr Kellen Renshaw (1): ACPI: resource: Add ASUS model S5402ZA to quirks Konstantin Komarov (10): fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (1): arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Li Jun (2): clk: imx: imx8mp: add shared clk gate for usb suspend clk dt-bindings: clocks: imx8mp: Add ID for usb suspend clock Lino Sanfilippo (1): serial: amba-pl011: Fix DMA transmission in RS485 mode Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Luca Ellero (3): Input: ads7846 - don't report pressure for ads7845 Input: ads7846 - always set last command to PWRDOWN Input: ads7846 - don't check penirq immediately for 7845 Lucas Stach (1): clk: imx8mp: add clkout1/2 support Luke D. Jones (1): platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute Magali Lemes (1): selftests: net: vrf-xfrm-tests: change authentication and encryption algos Marek Vasut (1): clk: imx8mp: Add DISP2 pixel clock Mark Rutland (1): arm64: mm: fix VA-range sanity check Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Martin KaFai Lau (2): bpf: Address KCSAN report on bpf_lru_list bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Mathias Nyman (6): xhci: cleanup xhci_hub_control port references xhci: move port specific items such as state completions to port structure xhci: rename resume_done to resume_timestamp xhci: clear usb2 resume related variables in one place. xhci: decouple usb2 port resume and get_port_status request handling xhci: track port suspend state correctly in unsuccessful resume cases Maxime Bizon (1): wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nathan Lynch (5): powerpc/pseries/lparcfg: add missing RTAS retry status handling powerpc/perf/hv-24x7: add missing RTAS retry status handling powerpc/pseries/lpar: add missing RTAS retry status handling powerpc/rtas: make all exports GPL powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Pablo Neira Ayuso (3): netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paul Cercueil (5): PM: core: Redefine pm_ptr() macro PM: core: Add new *_PM_OPS macros, deprecate old ones mmc: jz4740: Use the new PM macros mmc: mxc: Use the new PM macros PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA Paulo Alcantara (3): smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peilin Ye (1): net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Peng Fan (1): clk: imx: avoid memory leak Peter Zijlstra (5): x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Petr Oros (1): devlink: report devlink_port_type_warn source device Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Rafał Miłecki (3): ARM: dts: BCM53573: Drop nonexistent #usb-cells ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Randy Dunlap (4): MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set MIPS: vpe-mt: drop physical_memsize clk: linux/clk-provider.h: fix kernel-doc warnings and typos scsi: jazz_esp: Only build if SCSI core is builtin Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sakari Ailus (1): acpi: property: Let args be NULL in __acpi_node_get_property_reference Samuel Holland (1): mtd: rawnand: sunxi: Fix the size of the last OOB region Serge Semin (2): ata: libahci_platform: Convert to using devm bulk clocks API ata: libahci_platform: Introduce reset assertion/deassertion methods Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (2): cifs: add a warning when the in-flight count goes negative cifs: fix mid leak during reconnection after timeout threshold Stefano Garzarella (1): tools/virtio: fix build Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tamim Khan (2): ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA Tetsuo Handa (1): debugobjects: Recheck debug_objects_enabled before reporting Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Gleixner (1): posix-timers: Ensure timer ID search-loop limit is valid Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wang Qing (1): net: ethernet: ti: add missing of_node_put before return Wolfram Sang (2): spi: sh-msiof: avoid integer overflow in constants packet: move from strlcpy with unused retval to strscpy Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yicong Yang (1): sched/fair: Don't balance task to its current running CPU Yifan Zhang (1): drm/amdgpu: init iommu after amdkfd device init Ying Hsu (1): igb: Fix igb_down hung on surprise removal Youngmin Nam (1): arm64: set __exception_irq_entry with __irq_entry as a default Yu Kuai (2): md: fix data corruption for raid456 when reshape restart while grow up md/raid10: prevent soft lockup while flush writes Yuezhang Mo (1): exfat: support dynamic allocate bh for exfat_entry_set_cache Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return Zhong Jinghua (1): nbd: Add the maximum limit of allocated index in nbd_dev_add

1 year, 3 months

1
1
0 0

Linux 6.1.80

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.80 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 14 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/kernel/smp.c | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/s390/pci/pci.c | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/static_call.c | 2 arch/x86/mm/numa.c | 21 arch/x86/net/bpf_jit_comp.c | 2 block/blk-map.c | 13 drivers/ata/ahci.c | 49 drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 drivers/ata/libata-core.c | 4 drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/core/pci.c | 6 drivers/dma/apple-admac.c | 5 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hwmon/coretemp.c | 2 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 drivers/md/dm-integrity.c | 91 drivers/md/dm-verity-target.c | 86 drivers/md/dm-verity.h | 6 drivers/md/md.c | 6 drivers/misc/open-dice.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/phy/realtek.c | 4 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 131 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi/irqdomain.c | 2 drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/smartpqi/smartpqi_init.c | 5 drivers/soc/mediatek/mtk-pm-domains.c | 15 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 drivers/ufs/core/ufshcd.c | 1 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 drivers/vfio/iova_bitmap.c | 25 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/erofs/compress.h | 4 fs/erofs/decompressor.c | 60 fs/erofs/decompressor_lzma.c | 4 fs/erofs/internal.h | 28 fs/erofs/namei.c | 28 fs/erofs/super.c | 72 fs/erofs/zmap.c | 23 fs/ext4/extents.c | 111 fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 20 fs/ntfs3/attrlist.c | 8 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 2 fs/ntfs3/fslog.c | 14 fs/ntfs3/fsntfs.c | 24 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 14 fs/ntfs3/record.c | 25 fs/ntfs3/xattr.c | 3 fs/smb/client/cached_dir.c | 2 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 2 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/smb2pdu.c | 6 fs/smb/client/transport.c | 15 include/linux/fs.h | 2 include/linux/memblock.h | 2 include/linux/socket.h | 5 include/linux/swap.h | 5 include/net/netfilter/nf_flow_table.h | 4 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 4 kernel/bpf/helpers.c | 5 kernel/sched/rt.c | 12 mm/damon/lru_sort.c | 43 mm/damon/reclaim.c | 18 mm/memblock.c | 5 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 2 net/bridge/br_switchdev.c | 84 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/core/skmsg.c | 7 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 net/ipv6/addrconf.c | 21 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/mlme.c | 1 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 6 net/mptcp/pm_netlink.c | 24 net/mptcp/pm_userspace.c | 54 net/mptcp/protocol.h | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 41 net/netfilter/nf_tables_api.c | 87 net/netfilter/nft_flow_offload.c | 12 net/packet/af_packet.c | 10 net/phonet/datagram.c | 4 net/phonet/pep.c | 41 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 706 ---- net/sched/sch_cbq.c | 1727 ---------- net/sched/sch_dsmark.c | 518 -- net/switchdev/switchdev.c | 73 net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 net/wireless/nl80211.c | 1 scripts/bpf_doc.py | 2 sound/soc/codecs/wm_adsp.c | 29 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json | 94 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json | 184 - tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json | 140 201 files changed, 1952 insertions(+), 4290 deletions(-) Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Borislav Petkov (AMD) (1): Revert "x86/alternative: Make custom return thunk unconditional" Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (2): sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Damien Le Moal (1): ata: libata-core: Do not try to set sleeping devices to standby Dan Carpenter (1): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Edward Lo (1): fs/ntfs3: Enhance the attribute size check Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Eugen Hristev (1): pmdomain: mediatek: fix race conditions with genpd Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (2): erofs: simplify compression configuration parser erofs: fix inconsistent per-file compression format Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Geliang Tang (4): mptcp: make userspace_pm_append_new_local_addr static mptcp: add needs_id for userspace appending addr mptcp: userspace pm send RM_ADDR for ID 0 mptcp: add needs_id for netlink appending addr Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.1.80 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (3): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (1): LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Kiszka (1): riscv/efistub: Ensure GP-relative addressing is not used Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Joao Martins (3): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (2): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion net: dev: Convert sa_data to flexible array in struct sockaddr Konstantin Komarov (10): fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lino Sanfilippo (1): serial: amba-pl011: Fix DMA transmission in RS485 mode Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Mario Limonciello (1): platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (1): arm64/sme: Restore SME registers on exit from suspend Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Martin K. Petersen (1): scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Pablo Neira Ayuso (5): netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: rename function to destroy hook list netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (2): x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup SeongJae Park (2): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (2): cifs: open_cached_dir should not rely on primary channel cifs: translate network errors on send to -ECONNABORTED Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (2): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Steve French (1): smb3: clarify mount warning Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Szuying Chen (1): ata: ahci: add identifiers for ASM2116 series adapters Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (1): md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 3 months

1
1
0 0

Linux 5.10.211

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.211 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 arch/arm/boot/dts/imx6sx.dtsi | 6 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/powerpc/kernel/hw_breakpoint.c | 76 arch/s390/pci/pci.c | 2 arch/x86/include/asm/cpu_entry_area.h | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/include/asm/text-patching.h | 30 arch/x86/include/asm/uaccess.h | 142 + arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/paravirt.c | 22 arch/x86/kernel/static_call.c | 2 arch/x86/net/bpf_jit_comp.c | 2 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/ataflop.c | 56 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/irqchip/irq-mips-gic.c | 2 drivers/md/dm-crypt.c | 6 drivers/media/pci/ttpci/av7110_av.c | 4 drivers/mtd/nand/spi/macronix.c | 20 drivers/net/ethernet/microchip/lan743x_ethtool.c | 9 drivers/net/gtp.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 14 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 10 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 11 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/msi.c | 2 drivers/platform/x86/intel-vbtn.c | 6 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/tty/hvc/hvc_xen.c | 19 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/ctree.h | 2 fs/btrfs/dir-item.c | 122 - fs/btrfs/inode.c | 48 fs/btrfs/tree-checker.c | 25 fs/btrfs/tree-log.c | 14 fs/cifs/smb2ops.c | 19 fs/cifs/smb2pdu.c | 93 - fs/cifs/smb2proto.h | 12 fs/erofs/decompressor.c | 24 fs/ext4/extents.c | 111 - fs/ext4/mballoc.c | 33 fs/jbd2/checkpoint.c | 137 - fs/zonefs/super.c | 68 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/linux/sched/task_stack.h | 2 include/linux/socket.h | 5 include/net/tcp.h | 2 kernel/sched/rt.c | 10 kernel/seccomp.c | 10 kernel/sysctl.c | 4 mm/userfaultfd.c | 14 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/hsr/hsr_framereg.c | 16 net/hsr/hsr_framereg.h | 1 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mptcp/diag.c | 6 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 12 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 709 -------- net/sched/sch_cbq.c | 1816 ---------------------- net/sched/sch_dsmark.c | 521 ------ net/tls/tls_main.c | 2 net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 2 sound/soc/fsl/fsl_micfil.c | 15 sound/soc/intel/boards/bytcht_es8316.c | 14 sound/soc/intel/boards/bytcr_rt5640.c | 46 sound/soc/intel/boards/bytcr_rt5651.c | 41 sound/soc/sunxi/sun4i-spdif.c | 5 123 files changed, 1257 insertions(+), 3684 deletions(-) Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andy Shevchenko (1): ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (3): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: regenerate buddy after block freeing failed if under fc replay Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Benjamin Gray (1): powerpc/watchpoints: Annotate atomic context in more places Borislav Petkov (1): task_stack, x86/cea: Force-inline stack helpers Borislav Petkov (AMD) (2): Revert "x86/ftrace: Use alternative RET encoding" Revert "x86/alternative: Make custom return thunk unconditional" Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): zonefs: Improve error handling Dan Carpenter (1): media: av7110: prevent underflow in write_ts_to_decoder() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (4): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Filipe Manana (2): btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (1): erofs: fix lz4 inplace decompression Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.10.211 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Beulich (1): x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jiaxun Yang (1): irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable Johannes Berg (2): iwlwifi: mvm: do more useful queue sync accounting iwlwifi: mvm: write queue_sync_state only for sync Josef Bacik (1): btrfs: tree-checker: check for overlapping extent items Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): seccomp: Invalidate seccomp mode to catch death failures net: dev: Convert sa_data to flexible array in struct sockaddr Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (1): arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Marcos Paulo de Souza (1): btrfs: introduce btrfs_lookup_match_dir Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Max Verevkin (1): platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Michael Schmitz (2): block: ataflop: fix breakage introduced at blk-mq refactoring block: ataflop: more blk-mq refactoring fixes Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (3): smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (6): x86/uaccess: Implement macros for CMPXCHG on user addresses x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Pierre-Louis Bossart (2): ASoC: Intel: boards: harden codec property handling ASoC: Intel: boards: get codec device with ACPI instead of bus search Rafał Miłecki (1): ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ravi Bangoria (1): powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions Roger Pau Monne (1): hvc/xen: prevent concurrent accesses to the shared ring Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sebastian Andrzej Siewior (1): hsr: Avoid double remove of a node. Sergej Bauer (1): lan743x: fix for potential NULL pointer dereference with bare card Shengjiu Wang (1): ASoC: fsl_micfil: register platform component before registering cpu dai Shyam Prasad N (1): cifs: add a warning when the in-flight count goes negative Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (2): spi: sh-msiof: avoid integer overflow in constants packet: move from strlcpy with unused retval to strscpy Xiaolei Wang (1): ARM: dts: imx: Set default tuning step for imx6sx usdhc Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. YouChing Lin (1): mtd: spinand: macronix: Add support for MX35LFxGE4AD Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (3): ext4: correct the hole length returned by ext4_map_blocks() jbd2: remove redundant buffer io error checks jbd2: recheck chechpointing non-dirty buffer Zhihao Cheng (1): jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 3 months

1
1
0 0

Linux 5.4.270

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.270 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/s390/pci/pci.c | 2 arch/x86/kernel/alternative.c | 13 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 18 drivers/md/dm-crypt.c | 6 drivers/md/dm-integrity.c | 11 drivers/net/gtp.c | 10 drivers/nvme/target/fc.c | 8 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/pci-tegra.c | 17 drivers/pci/msi.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 23 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-mt7621.c | 8 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/iomap/buffered-io.c | 3 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/net/tcp.h | 1 kernel/sched/rt.c | 10 kernel/sysctl.c | 4 mm/memcontrol.c | 6 mm/userfaultfd.c | 14 net/bridge/br_device.c | 2 net/ipv4/af_inet.c | 2 net/ipv4/devinet.c | 21 net/ipv4/tcp.c | 27 net/ipv4/tcp_input.c | 4 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1818 ---------------------- net/sched/sch_dsmark.c | 523 ------ net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + sound/pci/hda/patch_realtek.c | 6 sound/soc/sunxi/sun4i-spdif.c | 5 tools/testing/selftests/bpf/test_verifier.c | 13 virt/kvm/arm/vgic/vgic-its.c | 5 79 files changed, 562 insertions(+), 3254 deletions(-) Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (2): RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Björn Töpel (1): selftests/bpf: Avoid running unprivileged tests with alignment requirements Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Christophe JAILLET (2): spi: mt7621: Fix an error message in mt7621_spi_probe() PCI: tegra: Fix OF node reference leak Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (1): nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (3): tcp: add annotations around sk->sk_shutdown accesses ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.4.270 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Icenowy Zheng (1): Revert "drm/sun4i: dsi: Change the start delay calculation" Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Kai-Heng Feng (1): ALSA: hda/realtek - Enable micmute LED on and HP system Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kirill A. Shutemov (1): x86/alternatives: Disable KASAN in apply_alternatives() Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lee Jones (1): pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Matthew Wilcox (Oracle) (1): iomap: Set all uptodate bits for an Uptodate page Miaoqian Lin (1): pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (2): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() dm-crypt: don't modify the data when using authenticated encryption Nathan Chancellor (1): drm/amdgpu: Fix type of second parameter in trans_msg() callback Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Nikolay Aleksandrov (1): net: bridge: clear bridge's private skb space on xmit Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Pali Rohár (1): PCI: tegra: Fix reporting GPIO error value Paolo Abeni (1): tcp: factor out __tcp_close() helper Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sireesh Kodali (1): arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Soheil Hassas Yeganeh (1): tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Trek (1): drm/amdgpu: Check for valid number of registers to read Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 3 months

1
1
0 0

Linux 4.19.308

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.308 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/s390/pci/pci.c | 2 drivers/ata/ahci.c | 5 drivers/block/virtio_blk.c | 7 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 drivers/infiniband/ulp/iser/iser_verbs.c | 9 drivers/infiniband/ulp/isert/ib_isert.c | 2 drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 10 drivers/infiniband/ulp/srpt/ib_srpt.c | 52 drivers/md/dm-crypt.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 65 drivers/net/gtp.c | 10 drivers/pci/msi.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/rdma/rdma_vt.h | 2 kernel/sched/rt.c | 10 kernel/sysctl.c | 5 mm/memcontrol.c | 23 mm/userfaultfd.c | 14 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 708 -------- net/sched/sch_cbq.c | 1823 ---------------------- net/sched/sch_dsmark.c | 519 ------ net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + virt/kvm/arm/vgic/vgic-its.c | 5 55 files changed, 411 insertions(+), 3258 deletions(-) Aaro Koskinen (1): net: stmmac: fix notifier registration Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (3): RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (2): stmmac: no need to check return value of debugfs_create functions Linux 4.19.308 Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (2): RDMA/ulp: Use dev_name instead of ibdev->name s390: use the correct count for __iowrite64_copy() Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Roman Gushchin (1): mm: memcontrol: switch to rcu protection in drain_all_stock() Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (1): dmaengine: shdma: increase size of 'dev_id' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 3 months

1
1
0 0

RE: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

by Simon Kirby

Hi, I bisected a regression where reading from a Bluetooth device gets stuck in recvfrom() calls. The device here is a Wii Balance Board, using https://github.com/initialstate/beerfridge/blob/master/wiiboard_test.py; this worked fine in v6.6.1 and v6.6.8, but when I tried on a v6.6.14 build, the script no longer outputs any readings. 1d576c3a5af850bf11fbd103f9ba11aa6d6061fb is the first bad commit which maps to upstream commit 2e07e8348ea454615e268222ae3fc240421be768: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg With this commit in place, as also in v6.7 and v6.7.6, the script does not output anything _unless_ I strace the process, in which case a bunch of recvmsg() syscalls are shown, and then it hangs again. If I ^C the strace and run it a few times, eventually the script will get enough data and output a reading. If I don't strace the script, a hung task warning appears: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u9:1 state:D stack:0 pid:121 tgid:121 ppid:2 flags:0x00004000 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> On 6.8-rc6 with lockdep enabled, I get the following output: [ 22.122337] wlan0: associated [ 4547.622339] INFO: task kworker/u9:1:3528 blocked for more than 30 seconds. [ 4547.622530] ===================================================== [ 4547.622531] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 4547.622535] 6.8.0-rc6-lemon #190 Not tainted [ 4547.622538] ----------------------------------------------------- [ 4547.622540] khungtaskd/39 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 4547.622546] ffff888101554cf8 ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0}, at: __flush_work+0x4b/0x3f0 [ 4547.622569] and this task is already holding: [ 4547.622571] ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622586] which would create a new lock dependency: [ 4547.622587] (console_owner){....}-{0:0} -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622596] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 4547.622598] (&trans_pcie->irq_lock){+.-.}-{3:3} [ 4547.622601] ... which became SOFTIRQ-irq-safe at: [ 4547.622603] lock_acquire+0xb0/0x280 [ 4547.622611] _raw_spin_lock+0x2b/0x40 [ 4547.622618] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622627] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622634] net_rx_action+0x137/0x2a0 [ 4547.622639] __do_softirq+0xc7/0x402 [ 4547.622645] do_softirq+0x42/0xa0 [ 4547.622651] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622657] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622665] irq_thread_fn+0x1b/0x60 [ 4547.622670] irq_thread+0xe0/0x190 [ 4547.622675] kthread+0xe3/0x120 [ 4547.622679] ret_from_fork+0x2c/0x50 [ 4547.622684] ret_from_fork_asm+0x1b/0x30 [ 4547.622692] to a SOFTIRQ-irq-unsafe lock: [ 4547.622694] ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622698] ... which became SOFTIRQ-irq-unsafe at: [ 4547.622699] ... [ 4547.622700] lock_acquire+0xb0/0x280 [ 4547.622706] process_one_work+0x199/0x480 [ 4547.622713] worker_thread+0x1be/0x3b0 [ 4547.622719] kthread+0xe3/0x120 [ 4547.622722] ret_from_fork+0x2c/0x50 [ 4547.622725] ret_from_fork_asm+0x1b/0x30 [ 4547.622731] other info that might help us debug this: [ 4547.622732] Chain exists of: &trans_pcie->irq_lock --> console_owner --> (work_completion)(&(&ops->cursor_work)->work) [ 4547.622739] Possible interrupt unsafe locking scenario: [ 4547.622741] CPU0 CPU1 [ 4547.622742] ---- ---- [ 4547.622742] lock((work_completion)(&(&ops->cursor_work)->work)); [ 4547.622745] local_irq_disable(); [ 4547.622746] lock(&trans_pcie->irq_lock); [ 4547.622749] lock(console_owner); [ 4547.622751] <Interrupt> [ 4547.622752] lock(&trans_pcie->irq_lock); [ 4547.622754] *** DEADLOCK *** [ 4547.622755] 5 locks held by khungtaskd/39: [ 4547.622759] #0: ffffffff836f14e0 (rcu_read_lock){....}-{1:3}, at: watchdog+0xd8/0x7b0 [ 4547.622778] #1: ffffffff836ee820 (console_lock){+.+.}-{0:0}, at: _printk+0x47/0x50 [ 4547.622789] #2: ffffffff836ee870 (console_srcu){....}-{0:0}, at: console_flush_all+0x74/0x4e0 [ 4547.622800] #3: ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622810] #4: ffffffff837d8758 (printing_lock){....}-{3:3}, at: vt_console_print+0x47/0x430 [ 4547.622822] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 4547.622824] -> (&trans_pcie->irq_lock){+.-.}-{3:3} { [ 4547.622830] HARDIRQ-ON-W at: [ 4547.622833] lock_acquire+0xb0/0x280 [ 4547.622839] _raw_spin_lock_bh+0x33/0x40 [ 4547.622845] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.622853] iwl_pci_probe+0x28/0x810 [ 4547.622859] pci_device_probe+0x94/0x120 [ 4547.622865] really_probe+0x15e/0x2f0 [ 4547.622872] __driver_probe_device+0x6e/0x110 [ 4547.622878] driver_probe_device+0x1a/0xe0 [ 4547.622884] __driver_attach+0x87/0x190 [ 4547.622890] bus_for_each_dev+0x66/0xb0 [ 4547.622894] bus_add_driver+0xea/0x1f0 [ 4547.622898] driver_register+0x54/0x100 [ 4547.622905] iwl_pci_register_driver+0x1a/0x40 [ 4547.622911] do_one_initcall+0x50/0x250 [ 4547.622918] kernel_init_freeable+0x243/0x3e0 [ 4547.622927] kernel_init+0x15/0x1a0 [ 4547.622931] ret_from_fork+0x2c/0x50 [ 4547.622935] ret_from_fork_asm+0x1b/0x30 [ 4547.622941] IN-SOFTIRQ-W at: [ 4547.622943] lock_acquire+0xb0/0x280 [ 4547.622948] _raw_spin_lock+0x2b/0x40 [ 4547.622953] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622961] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622966] net_rx_action+0x137/0x2a0 [ 4547.622971] __do_softirq+0xc7/0x402 [ 4547.622978] do_softirq+0x42/0xa0 [ 4547.622983] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622989] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622996] irq_thread_fn+0x1b/0x60 [ 4547.623002] irq_thread+0xe0/0x190 [ 4547.623006] kthread+0xe3/0x120 [ 4547.623011] ret_from_fork+0x2c/0x50 [ 4547.623014] ret_from_fork_asm+0x1b/0x30 [ 4547.623020] INITIAL USE at: [ 4547.623022] lock_acquire+0xb0/0x280 [ 4547.623027] _raw_spin_lock_bh+0x33/0x40 [ 4547.623032] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.623038] iwl_pci_probe+0x28/0x810 [ 4547.623043] pci_device_probe+0x94/0x120 [ 4547.623047] really_probe+0x15e/0x2f0 [ 4547.623053] __driver_probe_device+0x6e/0x110 [ 4547.623059] driver_probe_device+0x1a/0xe0 [ 4547.623064] __driver_attach+0x87/0x190 [ 4547.623070] bus_for_each_dev+0x66/0xb0 [ 4547.623073] bus_add_driver+0xea/0x1f0 [ 4547.623077] driver_register+0x54/0x100 [ 4547.623084] iwl_pci_register_driver+0x1a/0x40 [ 4547.623090] do_one_initcall+0x50/0x250 [ 4547.623096] kernel_init_freeable+0x243/0x3e0 [ 4547.623103] kernel_init+0x15/0x1a0 [ 4547.623107] ret_from_fork+0x2c/0x50 [ 4547.623110] ret_from_fork_asm+0x1b/0x30 [ 4547.623116] } [ 4547.623118] ... key at: [<ffffffff8502fe90>] __key.20+0x0/0x10 [ 4547.623129] -> (&trans_pcie->reg_lock){+...}-{3:3} { [ 4547.623134] HARDIRQ-ON-W at: [ 4547.623137] lock_acquire+0xb0/0x280 [ 4547.623142] _raw_spin_lock_bh+0x33/0x40 [ 4547.623147] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623151] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623160] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623165] iwl_pci_probe+0x42/0x810 [ 4547.623171] pci_device_probe+0x94/0x120 [ 4547.623175] really_probe+0x15e/0x2f0 [ 4547.623181] __driver_probe_device+0x6e/0x110 [ 4547.623186] driver_probe_device+0x1a/0xe0 [ 4547.623192] __driver_attach+0x87/0x190 [ 4547.623197] bus_for_each_dev+0x66/0xb0 [ 4547.623201] bus_add_driver+0xea/0x1f0 [ 4547.623205] driver_register+0x54/0x100 [ 4547.623211] iwl_pci_register_driver+0x1a/0x40 [ 4547.623217] do_one_initcall+0x50/0x250 [ 4547.623223] kernel_init_freeable+0x243/0x3e0 [ 4547.623229] kernel_init+0x15/0x1a0 [ 4547.623233] ret_from_fork+0x2c/0x50 [ 4547.623236] ret_from_fork_asm+0x1b/0x30 [ 4547.623242] INITIAL USE at: [ 4547.623244] lock_acquire+0xb0/0x280 [ 4547.623249] _raw_spin_lock_bh+0x33/0x40 [ 4547.623254] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623257] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623266] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623271] iwl_pci_probe+0x42/0x810 [ 4547.623277] pci_device_probe+0x94/0x120 [ 4547.623281] really_probe+0x15e/0x2f0 [ 4547.623286] __driver_probe_device+0x6e/0x110 [ 4547.623292] driver_probe_device+0x1a/0xe0 [ 4547.623297] __driver_attach+0x87/0x190 [ 4547.623303] bus_for_each_dev+0x66/0xb0 [ 4547.623306] bus_add_driver+0xea/0x1f0 [ 4547.623310] driver_register+0x54/0x100 [ 4547.623316] iwl_pci_register_driver+0x1a/0x40 [ 4547.623323] do_one_initcall+0x50/0x250 [ 4547.623328] kernel_init_freeable+0x243/0x3e0 [ 4547.623334] kernel_init+0x15/0x1a0 [ 4547.623338] ret_from_fork+0x2c/0x50 [ 4547.623342] ret_from_fork_asm+0x1b/0x30 [ 4547.623347] } [ 4547.623348] ... key at: [<ffffffff8502fe80>] __key.19+0x0/0x10 [ 4547.623358] ... acquired at: [ 4547.623359] _raw_spin_lock_bh+0x33/0x40 [ 4547.623364] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623368] iwl_pcie_apm_init+0x6e/0x1c0 [ 4547.623372] iwl_trans_pcie_start_fw+0x224/0x670 [ 4547.623377] iwl_mvm_load_ucode_wait_alive+0xd3/0x5a0 [ 4547.623383] iwl_run_init_mvm_ucode+0x8c/0x3a0 [ 4547.623387] iwl_mvm_start_get_nvm+0x87/0x210 [ 4547.623393] iwl_op_mode_mvm_start+0x962/0xb30 [ 4547.623399] _iwl_op_mode_start.isra.0+0x72/0xb0 [ 4547.623403] iwl_opmode_register+0x6a/0xe0 [ 4547.623408] iwl_mvm_init+0x21/0x60 [ 4547.623413] do_one_initcall+0x50/0x250 [ 4547.623419] kernel_init_freeable+0x243/0x3e0 [ 4547.623425] kernel_init+0x15/0x1a0 [ 4547.623429] ret_from_fork+0x2c/0x50 [ 4547.623432] ret_from_fork_asm+0x1b/0x30 [ 4547.623441] -> (console_owner){....}-{0:0} { [ 4547.623446] INITIAL USE at: [ 4547.623452] lock_acquire+0xb0/0x280 [ 4547.623457] console_flush_all+0x1f2/0x4e0 [ 4547.623463] console_unlock+0x33/0x110 [ 4547.623469] vprintk_emit+0x9f/0x320 [ 4547.623475] _printk+0x47/0x50 [ 4547.623479] register_console+0x34b/0x4d0 [ 4547.623485] con_init+0x200/0x270 [ 4547.623494] console_init+0x4a/0x1e0 [ 4547.623504] start_kernel+0x2b9/0x660 [ 4547.623510] x86_64_start_reservations+0x18/0x30 [ 4547.623517] x86_64_start_kernel+0xad/0xc0 [ 4547.623522] secondary_startup_64_no_verify+0x170/0x17b [ 4547.623528] } [ 4547.623529] ... key at: [<ffffffff8367e600>] console_owner_dep_map+0x0/0x28 [ 4547.623538] ... acquired at: [ 4547.623540] console_flush_all+0x1f2/0x4e0 [ 4547.623545] console_unlock+0x33/0x110 [ 4547.623551] vprintk_emit+0x9f/0x320 [ 4547.623557] dev_vprintk_emit+0xce/0x160 [ 4547.623562] dev_printk_emit+0x3d/0x50 [ 4547.623566] _dev_info+0x5b/0x70 [ 4547.623572] __iwl_info+0x58/0x60 [ 4547.623576] iwl_pci_probe+0x11c/0x810 [ 4547.623582] pci_device_probe+0x94/0x120 [ 4547.623587] really_probe+0x15e/0x2f0 [ 4547.623592] __driver_probe_device+0x6e/0x110 [ 4547.623598] driver_probe_device+0x1a/0xe0 [ 4547.623603] __driver_attach+0x87/0x190 [ 4547.623609] bus_for_each_dev+0x66/0xb0 [ 4547.623612] bus_add_driver+0xea/0x1f0 [ 4547.623616] driver_register+0x54/0x100 [ 4547.623622] iwl_pci_register_driver+0x1a/0x40 [ 4547.623629] do_one_initcall+0x50/0x250 [ 4547.623634] kernel_init_freeable+0x243/0x3e0 [ 4547.623640] kernel_init+0x15/0x1a0 [ 4547.623644] ret_from_fork+0x2c/0x50 [ 4547.623648] ret_from_fork_asm+0x1b/0x30 [ 4547.623654] the dependencies between the lock to be acquired [ 4547.623655] and SOFTIRQ-irq-unsafe lock: [ 4547.623665] -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} { [ 4547.623670] HARDIRQ-ON-W at: [ 4547.623672] lock_acquire+0xb0/0x280 [ 4547.623677] process_one_work+0x199/0x480 [ 4547.623684] worker_thread+0x1be/0x3b0 [ 4547.623690] kthread+0xe3/0x120 [ 4547.623694] ret_from_fork+0x2c/0x50 [ 4547.623698] ret_from_fork_asm+0x1b/0x30 [ 4547.623704] SOFTIRQ-ON-W at: [ 4547.623705] lock_acquire+0xb0/0x280 [ 4547.623710] process_one_work+0x199/0x480 [ 4547.623716] worker_thread+0x1be/0x3b0 [ 4547.623722] kthread+0xe3/0x120 [ 4547.623725] ret_from_fork+0x2c/0x50 [ 4547.623729] ret_from_fork_asm+0x1b/0x30 [ 4547.623734] INITIAL USE at: [ 4547.623736] lock_acquire+0xb0/0x280 [ 4547.623741] process_one_work+0x199/0x480 [ 4547.623747] worker_thread+0x1be/0x3b0 [ 4547.623753] kthread+0xe3/0x120 [ 4547.623757] ret_from_fork+0x2c/0x50 [ 4547.623760] ret_from_fork_asm+0x1b/0x30 [ 4547.623766] } [ 4547.623767] ... key at: [<ffffffff850211b0>] __key.1+0x0/0x10 [ 4547.623775] ... acquired at: [ 4547.623777] lock_acquire+0xb0/0x280 [ 4547.623781] __flush_work+0x56/0x3f0 [ 4547.623789] __cancel_work_timer+0xd3/0x160 [ 4547.623796] fbcon_cursor+0x138/0x170 [ 4547.623802] hide_cursor+0x26/0xc0 [ 4547.623807] vt_console_print+0x41e/0x430 [ 4547.623814] console_flush_all+0x206/0x4e0 [ 4547.623820] console_unlock+0x33/0x110 [ 4547.623825] vprintk_emit+0x9f/0x320 [ 4547.623831] _printk+0x47/0x50 [ 4547.623834] watchdog+0x53a/0x7b0 [ 4547.623838] kthread+0xe3/0x120 [ 4547.623841] ret_from_fork+0x2c/0x50 [ 4547.623845] ret_from_fork_asm+0x1b/0x30 [ 4547.623851] stack backtrace: [ 4547.623854] CPU: 2 PID: 39 Comm: khungtaskd Not tainted 6.8.0-rc6-lemon #190 [ 4547.623860] Hardware name: LENOVO 80MK/VIUU4, BIOS C6CN29WW 09/02/2015 [ 4547.623862] Call Trace: [ 4547.623865] <TASK> [ 4547.623867] dump_stack_lvl+0x4a/0x80 [ 4547.623879] check_irq_usage+0x8aa/0xb10 [ 4547.623886] ? check_path.constprop.0+0x24/0x50 [ 4547.623896] ? check_noncircular+0x6d/0x120 [ 4547.623902] ? __lock_acquire+0x146a/0x25c0 [ 4547.623907] __lock_acquire+0x146a/0x25c0 [ 4547.623913] lock_acquire+0xb0/0x280 [ 4547.623918] ? __flush_work+0x4b/0x3f0 [ 4547.623925] ? __flush_work+0x4b/0x3f0 [ 4547.623932] __flush_work+0x56/0x3f0 [ 4547.623939] ? __flush_work+0x4b/0x3f0 [ 4547.623946] ? __lock_acquire+0x3ef/0x25c0 [ 4547.623952] __cancel_work_timer+0xd3/0x160 [ 4547.623960] fbcon_cursor+0x138/0x170 [ 4547.623965] hide_cursor+0x26/0xc0 [ 4547.623971] vt_console_print+0x41e/0x430 [ 4547.623977] ? lock_release+0xb5/0x230 [ 4547.623982] ? console_flush_all+0x1c9/0x4e0 [ 4547.623988] console_flush_all+0x206/0x4e0 [ 4547.623994] ? console_flush_all+0x1c9/0x4e0 [ 4547.624001] console_unlock+0x33/0x110 [ 4547.624007] vprintk_emit+0x9f/0x320 [ 4547.624013] _printk+0x47/0x50 [ 4547.624017] watchdog+0x53a/0x7b0 [ 4547.624021] ? __pfx_watchdog+0x10/0x10 [ 4547.624025] kthread+0xe3/0x120 [ 4547.624029] ? __pfx_kthread+0x10/0x10 [ 4547.624033] ret_from_fork+0x2c/0x50 [ 4547.624037] ? __pfx_kthread+0x10/0x10 [ 4547.624041] ret_from_fork_asm+0x1b/0x30 [ 4547.624049] </TASK> [ 4548.028173] Not tainted 6.8.0-rc6-lemon #190 [ 4548.029491] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4548.031047] task:kworker/u9:1 state:D stack:0 pid:3528 tgid:3528 ppid:2 flags:0x00004000 [ 4548.032620] Workqueue: hci0 hci_rx_work [ 4548.034099] Call Trace: [ 4548.035572] <TASK> [ 4548.036925] __schedule+0x427/0xd10 [ 4548.038382] ? schedule+0xf7/0x140 [ 4548.039822] schedule+0x45/0x140 [ 4548.041201] __lock_sock+0x86/0xf0 [ 4548.042601] ? __pfx_autoremove_wake_function+0x10/0x10 [ 4548.044030] lock_sock_nested+0x61/0x70 [ 4548.045390] l2cap_sock_recv_cb+0x21/0xa0 [ 4548.046842] l2cap_recv_frame+0x5be/0x2e70 [ 4548.048283] ? hci_rx_work+0x431/0x830 [ 4548.049701] ? lock_release+0xb5/0x230 [ 4548.051145] ? __mutex_unlock_slowpath+0x25/0x270 [ 4548.052524] hci_rx_work+0x457/0x830 [ 4548.053945] ? process_one_work+0x157/0x480 [ 4548.055460] process_one_work+0x1ca/0x480 [ 4548.056862] worker_thread+0x1be/0x3b0 [ 4548.058281] ? __pfx_worker_thread+0x10/0x10 [ 4548.059783] kthread+0xe3/0x120 [ 4548.061141] ? __pfx_kthread+0x10/0x10 [ 4548.062600] ret_from_fork+0x2c/0x50 [ 4548.064064] ? __pfx_kthread+0x10/0x10 [ 4548.065436] ret_from_fork_asm+0x1b/0x30 [ 4548.066867] </TASK> [ 4548.068313] INFO: lockdep is turned off. # cat /proc/3526/stack [<0>] __skb_wait_for_more_packets+0xfa/0x150 [<0>] __skb_recv_datagram+0x59/0xa0 [<0>] skb_recv_datagram+0x29/0x40 [<0>] bt_sock_recvmsg+0x42/0x1c0 [<0>] l2cap_sock_recvmsg+0x5d/0x170 [<0>] __sys_recvfrom+0x14e/0x160 [<0>] __x64_sys_recvfrom+0x1f/0x30 [<0>] do_syscall_64+0x75/0x150 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 This is on my laptop with iwlwifi, but at first I saw it on my desktop with Ethernet (and Intel 9260 Bluetooth). I can get another lockdep capture if that would be helpful. Simon-

1 year, 3 months

3
3
0 0

[PATCH v2] PM: suspend: Set mem_sleep_current during kernel command line setup

by Maulik Shah

psci_init_system_suspend() invokes suspend_set_ops() very early during bootup even before kernel command line for mem_sleep_default is setup. This leads to kernel command line mem_sleep_default=s2idle not working as mem_sleep_current gets changed to deep via suspend_set_ops() and never changes back to s2idle. Set mem_sleep_current along with mem_sleep_default during kernel command line setup as default suspend mode. Fixes: faf7ec4a92c0 ("drivers: firmware: psci: add system suspend support") CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Maulik Shah <quic_mkshah(a)quicinc.com> --- Changes in v2: - Set mem_sleep_current during mem_sleep_default kernel command line setup - Update commit message accordingly - Retain Fixes: tag - Link to v1: https://lore.kernel.org/r/20240219-suspend_ops_late_init-v1-1-6330ca9597fa@… --- kernel/power/suspend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/power/suspend.c b/kernel/power/suspend.c index 742eb26618cc..e3ae93bbcb9b 100644 --- a/kernel/power/suspend.c +++ b/kernel/power/suspend.c @@ -192,6 +192,7 @@ static int __init mem_sleep_default_setup(char *str) if (mem_sleep_labels[state] && !strcmp(str, mem_sleep_labels[state])) { mem_sleep_default = state; + mem_sleep_current = state; break; } --- base-commit: d37e1e4c52bc60578969f391fb81f947c3e83118 change-id: 20240219-suspend_ops_late_init-27fb0b15baee Best regards, -- Maulik Shah <quic_mkshah(a)quicinc.com>

1 year, 3 months

3
2
0 0

[PATCH] ubi: eba: properly rollback inside self_check_eba

by Fedor Pchelkin

In case of a memory allocation failure in the volumes loop we can only process the already allocated scan_eba and fm_eba array elements on the error path - others are still uninitialized. Found by Linux Verification Center (linuxtesting.org). Fixes: 00abf3041590 ("UBI: Add self_check_eba()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/mtd/ubi/eba.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 8d1f0e05892c..6f5eadb1598d 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -1557,6 +1557,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, GFP_KERNEL); if (!fm_eba[i]) { ret = -ENOMEM; + kfree(scan_eba[i]); goto out_free; } @@ -1592,7 +1593,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, } out_free: - for (i = 0; i < num_volumes; i++) { + while (--i >= 0) { if (!ubi->volumes[i]) continue; -- 2.43.2

1 year, 3 months

2
1
0 0

[PATCH 4.19.y 8/9] loop: Check for overflow while configuring loop

by Genjian

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit c490a0b5a4f36da3918181a8acdc6991d967c5f3 ] The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the offset. loop_device has lo_offset of type loff_t (see line 52 of loop.c), which is typdef-chained to long long, whereas loop_info64 has lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h). The function directly copies offset from info to the device as follows (See line 980 of loop.c): lo->lo_offset = info->lo_offset; This results in an overflow, which triggers a warning in iomap_iter() due to a call to iomap_iter_done() which has: WARN_ON_ONCE(iter->iomap.offset > iter->pos); Thus, check for negative value during loop_set_status_from_info(). Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a2… Reported-and-tested-by: syzbot+a8e049cd3abd342936b6(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20220823160810.181275-1-code@siddh.me Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Genjian Zhang <zhanggenjian(a)kylinos.cn> --- drivers/block/loop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 0fefd21f0c71..c1caa3e2355f 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1271,6 +1271,11 @@ loop_set_status_from_info(struct loop_device *lo, lo->lo_offset = info->lo_offset; lo->lo_sizelimit = info->lo_sizelimit; + + /* loff_t vars have been assigned __u64 */ + if (lo->lo_offset < 0 || lo->lo_sizelimit < 0) + return -EOVERFLOW; + memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE); memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE); lo->lo_file_name[LO_NAME_SIZE-1] = 0; -- 2.25.1

1 year, 3 months

1
0
0 0

GET BACK TO ME

by Hala Farooq Almoayyed

1 year, 3 months

1
0
0 0

[PATCH -fixes v4 2/3] riscv: Add a custom ISA extension for the [ms]envcfg CSR

by Samuel Holland

The [ms]envcfg CSR was added in version 1.12 of the RISC-V privileged ISA (aka S[ms]1p12). However, bits in this CSR are defined by several other extensions which may be implemented separately from any particular version of the privileged ISA (for example, some unrelated errata may prevent an implementation from claiming conformance with Ss1p12). As a result, Linux cannot simply use the privileged ISA version to determine if the CSR is present. It must also check if any of these other extensions are implemented. It also cannot probe the existence of the CSR at runtime, because Linux does not require Sstrict, so (in the absence of additional information) it cannot know if a CSR at that address is [ms]envcfg or part of some non-conforming vendor extension. Since there are several standard extensions that imply the existence of the [ms]envcfg CSR, it becomes unwieldy to check for all of them wherever the CSR is accessed. Instead, define a custom Xlinuxenvcfg ISA extension bit that is implied by the other extensions and denotes that the CSR exists as defined in the privileged ISA, containing at least one of the fields common between menvcfg and senvcfg. This extension does not need to be parsed from the devicetree or ISA string because it can only be implemented as a subset of some other standard extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v4: - New patch for v4 arch/riscv/include/asm/hwcap.h | 2 ++ arch/riscv/kernel/cpufeature.c | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..1f2d2599c655 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -81,6 +81,8 @@ #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_XLINUXENVCFG 127 + #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..dacffef68ce2 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -201,6 +201,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +/* + * While the [ms]envcfg CSRs were not defined until version 1.12 of the RISC-V + * privileged ISA, the existence of the CSRs is implied by any extension which + * specifies [ms]envcfg bit(s). Hence, we define a custom ISA extension for the + * existence of the CSR, and treat it as a subset of those other extensions. + */ +static const unsigned int riscv_xlinuxenvcfg_exts[] = { + RISCV_ISA_EXT_XLINUXENVCFG +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -250,8 +260,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(c, RISCV_ISA_EXT_c), __RISCV_ISA_EXT_DATA(v, RISCV_ISA_EXT_v), __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h), - __RISCV_ISA_EXT_DATA(zicbom, RISCV_ISA_EXT_ZICBOM), - __RISCV_ISA_EXT_DATA(zicboz, RISCV_ISA_EXT_ZICBOZ), + __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM, riscv_xlinuxenvcfg_exts), + __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ, riscv_xlinuxenvcfg_exts), __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR), __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND), __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR), -- 2.43.1

1 year, 3 months

4
5
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 3 months

1
0
0 0

Re: [REGRESSION] LVM-on-LVM: error while submitting device barriers

by Patrick Plenefisch

I'm unsure if this is just an LVM bug, or a BTRFS+LVM interaction bug, but LVM is definitely involved somehow. Upgrading from 5.10 to 6.1, I noticed one of my filesystems was read-only. In dmesg, I found: BTRFS error (device dm-75): bdev /dev/mapper/lvm-brokenDisk errs: wr 0, rd 0, flush 1, corrupt 0, gen 0 BTRFS warning (device dm-75): chunk 13631488 missing 1 devices, max tolerance is 0 for writable mount BTRFS: error (device dm-75) in write_all_supers:4379: errno=-5 IO failure (errors while submitting device barriers.) BTRFS info (device dm-75: state E): forced readonly BTRFS warning (device dm-75: state E): Skipping commit of aborted transaction. BTRFS: error (device dm-75: state EA) in cleanup_transaction:1992: errno=-5 IO failure At first I suspected a btrfs error, but a scrub found no errors, and it continued to be read-write on 5.10 kernels. Here is my setup: /dev/lvm/brokenDisk is a lvm-on-lvm volume. I have /dev/sd{a,b,c,d} (of varying sizes) in a lower VG, which has three LVs, all raid1 volumes. Two of the volumes are further used as PV's for an upper VGs. One of the upper VGs has no issues. The non-PV LV has no issue. The remaining one, /dev/lowerVG/lvmPool, hosting nested LVM, is used as a PV for VG "lvm", and has 3 volumes inside. Two of those volumes have no issues (and are btrfs), but the last one is /dev/lvm/brokenDisk. This volume is the only one that exhibits this behavior, so something is special. Or described as layers: /dev/sd{a,b,c,d} => PV => VG "lowerVG" /dev/lowerVG/single (RAID1 LV) => BTRFS, works fine /dev/lowerVG/works (RAID1 LV) => PV => VG "workingUpper" /dev/workingUpper/{a,b,c} => BTRFS, works fine /dev/lowerVG/lvmPool (RAID1 LV) => PV => VG "lvm" /dev/lvm/{a,b} => BTRFS, works fine /dev/lvm/brokenDisk => BTRFS, Exhibits errors After some investigation, here is what I've found: 1. This regression was introduced in 5.19. 5.18 and earlier kernels I can keep this filesystem rw and everything works as expected, while 5.19.0 and later the filesystem is immediately ro on any write attempt. I couldn't build rc1, but I did confirm rc2 already has this regression. 2. Passing /dev/lvm/brokenDisk to a KVM VM as /dev/vdb with an unaffected kernel inside the vm exhibits the ro barrier problem on unaffected kernels. 3. Passing /dev/lowerVG/lvmPool to a KVM VM as /dev/vdb with an affected kernel inside the VM and using LVM inside the VM exhibits correct behavior (I can keep the filesystem rw, no barrier errors on host or guest) 4. A discussion in IRC with BTRFS folks, and they think the BTRFS filesystem is fine (btrfs check and btrfs scrub also agree) 5. The dmesg error can be delayed indefinitely by not writing to the disk, or reading with noatime 6. This affects Debian, Ubuntu, NixOS, and Solus, so I'm fairly certain it's distro-agnostic, and purely a kernel issue. 7. I can't reproduce this with other LVM-on-LVM setups, so I think the asymmetric nature of the raid1 volume is potentially contributing 8. There are no new smart errors/failures on any of the disks, disks are healthy 9. I previously had raidintegrity=y and caching enabled. They didn't affect the issue #regzbot introduced v5.18..v5.19-rc2 Patrick

1 year, 3 months

3
5
0 0

[PATCH AUTOSEL 5.4 1/6] RDMA/mlx5: Relax DEVX access upon modify commands

by Sasha Levin

From: Yishai Hadas <yishaih(a)nvidia.com> [ Upstream commit be551ee1574280ef8afbf7c271212ac3e38933ef ] Relax DEVX access upon modify commands to be UVERBS_ACCESS_READ. The kernel doesn't need to protect what firmware protects, or what causes no damage to anyone but the user. As firmware needs to protect itself from parallel access to the same object, don't block parallel modify/query commands on the same object in the kernel side. This change will allow user space application to run parallel updates to different entries in the same bulk object. Tested-by: Tamar Mashiah <tmashiah(a)nvidia.com> Signed-off-by: Yishai Hadas <yishaih(a)nvidia.com> Reviewed-by: Michael Guralnik <michaelgur(a)nvidia.com> Link: https://lore.kernel.org/r/7407d5ed35dc427c1097699e12b49c01e1073406.17064339… Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/devx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c index 26cc7bbcdfe6a..7a3b56c150799 100644 --- a/drivers/infiniband/hw/mlx5/devx.c +++ b/drivers/infiniband/hw/mlx5/devx.c @@ -2811,7 +2811,7 @@ DECLARE_UVERBS_NAMED_METHOD( MLX5_IB_METHOD_DEVX_OBJ_MODIFY, UVERBS_ATTR_IDR(MLX5_IB_ATTR_DEVX_OBJ_MODIFY_HANDLE, UVERBS_IDR_ANY_OBJECT, - UVERBS_ACCESS_WRITE, + UVERBS_ACCESS_READ, UA_MANDATORY), UVERBS_ATTR_PTR_IN( MLX5_IB_ATTR_DEVX_OBJ_MODIFY_CMD_IN, -- 2.43.0

1 year, 3 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/8] RDMA/mlx5: Fix fortify source warning while accessing Eth segment

by Sasha Levin

From: Leon Romanovsky <leonro(a)nvidia.com> [ Upstream commit 4d5e86a56615cc387d21c629f9af8fb0e958d350 ] ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy [last unloaded: mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x72/0x90 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __warn+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x19/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] dev_hard_start_xmit+0x8e/0x1e0 ? validate_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 tcp_push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_64+0x59/0x90 ? do_user_addr_fault+0x1d0/0x640 ? exit_to_user_mode_prepare+0x3b/0xd0 ? irqentry_exit_to_user_mode+0x9/0x20 ? irqentry_exit+0x43/0x50 ? exc_page_fault+0x92/0x1b0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fc03ad14a37 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007ffdf8697fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000008024 RCX: 00007fc03ad14a37 RDX: 0000000000008024 RSI: 0000556f46bd8270 RDI: 0000000000000003 RBP: 0000556f46bb1800 R08: 0000000000007fe3 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000556f46bc66b0 R14: 000000000000000a R15: 0000556f46bb2f50 </TASK> ---[ end trace 0000000000000000 ]--- Link: https://lore.kernel.org/r/8228ad34bd1a25047586270f7b1fb4ddcd046282.17064339… Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/wr.c | 2 +- include/linux/mlx5/qp.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/wr.c b/drivers/infiniband/hw/mlx5/wr.c index d6038fb6c50c6..19fd440a6ce38 100644 --- a/drivers/infiniband/hw/mlx5/wr.c +++ b/drivers/infiniband/hw/mlx5/wr.c @@ -128,7 +128,7 @@ static void set_eth_seg(const struct ib_send_wr *wr, struct mlx5_ib_qp *qp, */ copysz = min_t(u64, *cur_edge - (void *)eseg->inline_hdr.start, left); - memcpy(eseg->inline_hdr.start, pdata, copysz); + memcpy(eseg->inline_hdr.data, pdata, copysz); stride = ALIGN(sizeof(struct mlx5_wqe_eth_seg) - sizeof(eseg->inline_hdr.start) + copysz, 16); *size += stride / 16; diff --git a/include/linux/mlx5/qp.h b/include/linux/mlx5/qp.h index d75ef8aa8fac0..28d44061d6700 100644 --- a/include/linux/mlx5/qp.h +++ b/include/linux/mlx5/qp.h @@ -261,7 +261,10 @@ struct mlx5_wqe_eth_seg { union { struct { __be16 sz; - u8 start[2]; + union { + u8 start[2]; + DECLARE_FLEX_ARRAY(u8, data); + }; } inline_hdr; struct { __be16 type; -- 2.43.0

1 year, 3 months

1
7
0 0

[PATCH AUTOSEL 6.6 01/22] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 3 months

1
21
0 0

[PATCH AUTOSEL 6.7 01/24] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 3 months

1
23
0 0

[PATCH 5.15 000/245] 5.15.150-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.150 release. There are 245 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.150-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.150-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't schedule in nft_chain_validate Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix scheduling-while-atomic splat Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Shyam Prasad N <nspmangalore(a)gmail.com> cifs: fix mid leak during reconnection after timeout threshold Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Corey Minyard <minyard(a)acm.org> i2c: imx: Add timer for handling the stop condition Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: simplify route logic Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Guo Zhengkui <guozhengkui(a)vivo.com> drm/nouveau/instmem: fix uninitialized_var.cocci warning Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Introduce reset assertion/deassertion methods Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Convert to using devm bulk clocks API Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: track port suspend state correctly in unsuccessful resume cases Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: decouple usb2 port resume and get_port_status request handling Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: clear usb2 resume related variables in one place. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: rename resume_done to resume_timestamp Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: move port specific items such as state completions to port structure Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: cleanup xhci_hub_control port references Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA Kellen Renshaw <kellen.renshaw(a)canonical.com> ACPI: resource: Add ASUS model S5402ZA to quirks Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix regulator name on rk3399-rock-4 Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support dynamic allocate bh for exfat_entry_set_cache Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: avoid baid size integer overflow Ying Hsu <yinghsu(a)chromium.org> igb: Fix igb_down hung on surprise removal Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Petr Oros <poros(a)redhat.com> devlink: report devlink_port_type_warn source device Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Address KCSAN report on bpf_lru_list Maxime Bizon <mbizon(a)freebox.fr> wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Yicong Yang <yangyicong(a)hisilicon.com> sched/fair: Don't balance task to its current running CPU Mark Rutland <mark.rutland(a)arm.com> arm64: mm: fix VA-range sanity check Youngmin Nam <youngmin.nam(a)samsung.com> arm64: set __exception_irq_entry with __irq_entry as a default Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 Hans de Goede <hdegoede(a)redhat.com> ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A David Sterba <dsterba(a)suse.com> btrfs: add xxhash to fast checksum implementations Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure timer ID search-loop limit is valid Yu Kuai <yukuai3(a)huawei.com> md/raid10: prevent soft lockup while flush writes Yu Kuai <yukuai3(a)huawei.com> md: fix data corruption for raid456 when reshape restart while grow up Zhong Jinghua <zhongjinghua(a)huawei.com> nbd: Add the maximum limit of allocated index in nbd_dev_add Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: add rescheduling points during loop detection walks Peilin Ye <peilin.ye(a)bytedance.com> net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during ATI Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during suspend or resume Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Paul Cercueil <paul(a)crapouillou.net> PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Paul Cercueil <paul(a)crapouillou.net> mmc: mxc: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> mmc: jz4740: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> PM: core: Add new *_PM_OPS macros, deprecate old ones Paul Cercueil <paul(a)crapouillou.net> PM: core: Redefine pm_ptr() macro Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: Set channel state after notifying the drivers Daniel Axtens <dja(a)axtens.net> powerpc/eeh: Small refactor of eeh_handle_normal_event() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: make all exports GPL Wang Qing <wangqing(a)vivo.com> net: ethernet: ti: add missing of_node_put before return Li Jun <jun.li(a)nxp.com> dt-bindings: clocks: imx8mp: Add ID for usb suspend clock Lucas Stach <l.stach(a)pengutronix.de> clk: imx8mp: add clkout1/2 support Marek Vasut <marex(a)denx.de> clk: imx8mp: Add DISP2 pixel clock Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Remove serial_rs485 sanitization from em485 Enzo Matsumiya <ematsumiya(a)suse.de> cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() Hui Su <suhui_kernel(a)163.com> kernel/sched: Remove dl_boosted flag comment Chuansheng Liu <chuansheng.liu(a)intel.com> drm/i915/dg1: Update DMC_DEBUG3 register Byungki Lee <dominicus79(a)gmail.com> f2fs: write checkpoint during FG_GC Chao Yu <chao(a)kernel.org> f2fs: don't set GC_FAILURE_PIN for background GC Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: init iommu after amdkfd device init Stefano Garzarella <sgarzare(a)redhat.com> tools/virtio: fix build Arnaldo Carvalho de Melo <acme(a)redhat.com> perf beauty: Update copy of linux/socket.h with the kernel sources Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers UAPI: Sync linux/fscrypt.h with the kernel sources Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Sakari Ailus <sakari.ailus(a)linux.intel.com> acpi: property: Let args be NULL in __acpi_node_get_property_reference Luke D. Jones <luke(a)ljones.dev> platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute Randy Dunlap <rdunlap(a)infradead.org> clk: linux/clk-provider.h: fix kernel-doc warnings and typos Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Correct wrong debug message Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Balance the reference of cep->kref in the error path Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent #usb-cells Magali Lemes <magali.lemes(a)canonical.com> selftests: net: vrf-xfrm-tests: change authentication and encryption algos Eli Cohen <elic(a)nvidia.com> vdpa/mlx5: Don't clear mr struct on destroy MR Randy Dunlap <rdunlap(a)infradead.org> MIPS: vpe-mt: drop physical_memsize Randy Dunlap <rdunlap(a)infradead.org> MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lpar: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/perf/hv-24x7: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lparcfg: add missing RTAS retry status handling Chen-Yu Tsai <wenst(a)chromium.org> clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC Frederic Barrat <fbarrat(a)linux.ibm.com> powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't check penirq immediately for 7845 Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - always set last command to PWRDOWN Peng Fan <peng.fan(a)nxp.com> clk: imx: avoid memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Remove superfluous check in resume code Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't report pressure for ads7845 Alexey Khoroshilov <khoroshilov(a)ispras.ru> clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - increase interrupt handler return delay Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - configure device with a single block write Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - drop unused device node references Heiko Stuebner <heiko.stuebner(a)vrull.eu> RISC-V: fix funct4 definition for c.jalr in parse_asm.h Samuel Holland <samuel(a)sholland.org> mtd: rawnand: sunxi: Fix the size of the last OOB region Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents Li Jun <jun.li(a)nxp.com> clk: imx: imx8mp: add shared clk gate for usb suspend clk Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Peter Zijlstra <peterz(a)infradead.org> x86/ftrace: Use alternative RET encoding Peter Zijlstra <peterz(a)infradead.org> x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra <peterz(a)infradead.org> x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/ftrace: Use alternative RET encoding" Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix lz4 inplace decompression Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Jiri Olsa <jolsa(a)kernel.org> bpf: Remove trace_printk_lock Jiri Olsa <jolsa(a)kernel.org> bpf: Do cleanup in bpf_bprintf_cleanup only when needed Jiri Olsa <jolsa(a)kernel.org> bpf: Add struct for bin_args arg in bpf_bprintf_prepare Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Merge printk and seq_printf VARARG max macros Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Documentation/ABI/testing/sysfs-platform-asus-wmi | 9 + Makefile | 4 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 - arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 - arch/arm/boot/dts/bcm53573.dtsi | 20 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 79 +- arch/arm64/include/asm/exception.h | 5 - arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/arm64/mm/mmu.c | 4 +- arch/mips/include/asm/vpe.h | 1 - arch/mips/kernel/smp-cps.c | 8 +- arch/mips/kernel/traps.c | 8 +- arch/mips/kernel/vpe-mt.c | 7 +- arch/mips/lantiq/prom.c | 6 - arch/powerpc/kernel/eeh_driver.c | 71 +- arch/powerpc/kernel/rtas.c | 24 +- arch/powerpc/perf/hv-24x7.c | 42 +- arch/powerpc/platforms/powernv/pci-ioda.c | 3 +- arch/powerpc/platforms/pseries/lpar.c | 20 +- arch/powerpc/platforms/pseries/lparcfg.c | 20 +- arch/riscv/include/asm/parse_asm.h | 2 +- arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/include/asm/text-patching.h | 46 +- arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/fpu/signal.c | 12 +- arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/paravirt.c | 23 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- drivers/acpi/button.c | 9 + drivers/acpi/property.c | 4 + drivers/acpi/resource.c | 35 + drivers/acpi/video_detect.c | 34 + drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 6 +- drivers/ata/ahci_ceva.c | 125 +- drivers/ata/ahci_da850.c | 45 +- drivers/ata/ahci_dm816.c | 4 +- drivers/ata/libahci_platform.c | 135 +- drivers/block/nbd.c | 3 +- drivers/block/virtio_blk.c | 7 +- drivers/clk/clk.c | 11 + drivers/clk/imx/clk-imx8mp.c | 23 +- drivers/clk/imx/clk.c | 3 +- drivers/clk/qcom/gcc-qcs404.c | 24 +- drivers/clk/qcom/gpucc-sc7180.c | 7 +- drivers/clk/qcom/gpucc-sdm845.c | 7 +- drivers/clk/renesas/renesas-cpg-mssr.c | 8 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 6 +- .../gpu/drm/i915/display/intel_display_debugfs.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 2 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hwmon/coretemp.c | 2 +- drivers/i2c/busses/i2c-imx.c | 97 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/sw/siw/siw_cm.c | 1 - drivers/infiniband/sw/siw/siw_verbs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs269a.c | 335 ++-- drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/ads7846.c | 23 +- drivers/md/dm-crypt.c | 6 + drivers/md/md.c | 14 +- drivers/md/raid10.c | 2 + drivers/mmc/host/jz4740_mmc.c | 10 +- drivers/mmc/host/mxcmmc.c | 6 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 29 +- drivers/net/gtp.c | 10 +- drivers/net/wireless/ath/ath11k/mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 131 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi.c | 2 +- drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/pwm-regulator.c | 3 + drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/mediatek/mtk-pm-domains.c | 15 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/tty/serial/8250/8250_port.c | 18 +- drivers/tty/serial/amba-pl011.c | 60 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/host/xhci-hub.c | 228 +-- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 13 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/roles/class.c | 29 +- drivers/vdpa/mlx5/core/mr.c | 1 - drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/disk-io.c | 3 + fs/cifs/connect.c | 19 +- fs/cifs/smb2file.c | 1 - fs/cifs/smb2ops.c | 54 +- fs/cifs/smb2pdu.c | 115 +- fs/cifs/smb2proto.h | 16 +- fs/erofs/decompressor.c | 34 +- fs/exfat/dir.c | 15 + fs/exfat/exfat_fs.h | 5 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 70 +- fs/f2fs/gc.c | 39 +- fs/ksmbd/smb2pdu.c | 8 +- fs/ntfs3/attrib.c | 20 +- fs/ntfs3/attrlist.c | 8 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 2 + fs/ntfs3/fslog.c | 14 +- fs/ntfs3/fsntfs.c | 24 + fs/ntfs3/inode.c | 2 +- fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 14 +- fs/ntfs3/record.c | 16 +- fs/ntfs3/xattr.c | 3 + fs/zonefs/super.c | 68 +- include/dt-bindings/clock/imx8mp-clock.h | 10 +- include/linux/ahci_platform.h | 5 +- include/linux/bpf.h | 14 +- include/linux/clk-provider.h | 15 +- include/linux/fs.h | 2 + include/linux/pm.h | 80 +- include/linux/sched.h | 4 - include/linux/sched/signal.h | 2 +- include/linux/socket.h | 5 +- include/net/netfilter/nf_flow_table.h | 4 +- include/net/tcp.h | 2 +- kernel/bpf/bpf_lru_list.c | 21 +- kernel/bpf/bpf_lru_list.h | 7 +- kernel/bpf/helpers.c | 76 +- kernel/bpf/verifier.c | 3 +- kernel/sched/fair.c | 2 +- kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + kernel/time/posix-timers.c | 31 +- kernel/trace/bpf_trace.c | 39 +- lib/debugobjects.c | 9 + mm/userfaultfd.c | 14 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/devlink.c | 5 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/mlme.c | 1 + net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mptcp/diag.c | 6 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 41 +- net/netfilter/nf_tables_api.c | 3 + net/netfilter/nft_flow_offload.c | 14 +- net/packet/af_packet.c | 12 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_api.c | 20 +- net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1817 -------------------- net/sched/sch_dsmark.c | 522 ------ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + net/wireless/wext-core.c | 6 + scripts/bpf_doc.py | 2 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + tools/include/uapi/linux/fscrypt.h | 3 +- tools/perf/trace/beauty/include/linux/socket.h | 2 + tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +- tools/virtio/linux/kernel.h | 2 +- tools/virtio/linux/vringh.h | 1 + 218 files changed, 2296 insertions(+), 4619 deletions(-)

1 year, 3 months

12
261
0 0

[PATCH] block: Remove special-casing of compound pages

by Matthew Wilcox (Oracle)

The special casing was originally added in pre-git history; reproducing the commit log here: > commit a318a92567d77 > Author: Andrew Morton <akpm(a)osdl.org> > Date: Sun Sep 21 01:42:22 2003 -0700 > > [PATCH] Speed up direct-io hugetlbpage handling > > This patch short-circuits all the direct-io page dirtying logic for > higher-order pages. Without this, we pointlessly bounce BIOs up to > keventd all the time. In the last twenty years, compound pages have become used for more than just hugetlb. Rewrite these functions to operate on folios instead of pages and remove the special case for hugetlbfs; I don't think it's needed any more (and if it is, we can put it back in as a call to folio_test_hugetlb()). This was found by inspection; as far as I can tell, this bug can lead to pages used as the destination of a direct I/O read not being marked as dirty. If those pages are then reclaimed by the MM without being dirtied for some other reason, they won't be written out. Then when they're faulted back in, they will not contain the data they should. It'll take a pretty unusual setup to produce this problem with several races all going the wrong way. This problem predates the folio work; it could for example have been triggered by mmaping a THP in tmpfs and using that as the target of an O_DIRECT read. Fixes: 800d8c63b2e98 ("shmem: add huge pages support") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- block/bio.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/block/bio.c b/block/bio.c index 8672179213b9..f46d8ec71fbd 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1171,13 +1171,22 @@ EXPORT_SYMBOL(bio_add_folio); void __bio_release_pages(struct bio *bio, bool mark_dirty) { - struct bvec_iter_all iter_all; - struct bio_vec *bvec; + struct folio_iter fi; + + bio_for_each_folio_all(fi, bio) { + struct page *page; + size_t done = 0; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (mark_dirty && !PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); - bio_release_page(bio, bvec->bv_page); + if (mark_dirty) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); + } + page = folio_page(fi.folio, fi.offset / PAGE_SIZE); + do { + bio_release_page(bio, page++); + done += PAGE_SIZE; + } while (done < fi.length); } } EXPORT_SYMBOL_GPL(__bio_release_pages); @@ -1455,18 +1464,12 @@ EXPORT_SYMBOL(bio_free_pages); * bio_set_pages_dirty() and bio_check_pages_dirty() are support functions * for performing direct-IO in BIOs. * - * The problem is that we cannot run set_page_dirty() from interrupt context + * The problem is that we cannot run folio_mark_dirty() from interrupt context * because the required locks are not interrupt-safe. So what we can do is to * mark the pages dirty _before_ performing IO. And in interrupt context, * check that the pages are still dirty. If so, fine. If not, redirty them * in process context. * - * We special-case compound pages here: normally this means reads into hugetlb - * pages. The logic in here doesn't really work right for compound pages - * because the VM does not uniformly chase down the head page in all cases. - * But dirtiness of compound pages is pretty meaningless anyway: the VM doesn't - * handle them at all. So we skip compound pages here at an early stage. - * * Note that this code is very hard to test under normal circumstances because * direct-io pins the pages with get_user_pages(). This makes * is_page_cache_freeable return false, and the VM will not clean the pages. @@ -1482,12 +1485,12 @@ EXPORT_SYMBOL(bio_free_pages); */ void bio_set_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; - struct bvec_iter_all iter_all; + struct folio_iter fi; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); + bio_for_each_folio_all(fi, bio) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); } } @@ -1530,12 +1533,11 @@ static void bio_dirty_fn(struct work_struct *work) void bio_check_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; + struct folio_iter fi; unsigned long flags; - struct bvec_iter_all iter_all; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageDirty(bvec->bv_page) && !PageCompound(bvec->bv_page)) + bio_for_each_folio_all(fi, bio) { + if (!folio_test_dirty(fi.folio)) goto defer; } -- 2.40.1

1 year, 3 months

7
10
0 0

[PATCH v2] cpufreq: Limit resolving a frequency to policy min/max

by Shivnandan Kumar

Resolving a frequency to an efficient one should not transgress policy->max (which can be set for thermal reason) and policy->min. Currently there is possibility where scaling_cur_freq can exceed scaling_max_freq when scaling_max_freq is inefficient frequency. Add additional check to ensure that resolving a frequency will respect policy->min/max. Cc: <stable(a)vger.kernel.org> Fixes: 1f39fa0dccff ("cpufreq: Introducing CPUFREQ_RELATION_E") Signed-off-by: Shivnandan Kumar <quic_kshivnan(a)quicinc.com> -- Changes in v2: -rename function name from cpufreq_table_index_is_in_limits to cpufreq_is_in_limits -remove redundant outer parenthesis in return statement -Make comment single line -- --- include/linux/cpufreq.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h index afda5f24d3dd..7741244dee6e 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h @@ -1021,6 +1021,19 @@ static inline int cpufreq_table_find_index_c(struct cpufreq_policy *policy, efficiencies); } +static inline bool cpufreq_is_in_limits(struct cpufreq_policy *policy, + int idx) +{ + unsigned int freq; + + if (idx < 0) + return false; + + freq = policy->freq_table[idx].frequency; + + return freq == clamp_val(freq, policy->min, policy->max); +} + static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, unsigned int target_freq, unsigned int relation) @@ -1054,7 +1067,8 @@ static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, return 0; } - if (idx < 0 && efficiencies) { + /* Limit frequency index to honor policy->min/max */ + if (!cpufreq_is_in_limits(policy, idx) && efficiencies) { efficiencies = false; goto retry; } -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 3 months

2
2
0 0

[PATCH AUTOSEL 6.6 01/21] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index f96f821a7b50d..acc559652d6eb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 3 months

4
24
0 0

Re: [PATCH net] gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

by Pablo Neira Ayuso

On Thu, Feb 29, 2024 at 11:37:28AM +0300, Vasiliy Kovalev wrote: [...] > This patch fixes another problem, but a similar one, since the sequence is > incorrect when registering subsystems. > > Initially, the registration sequence in the gtp module was as follows: > > 1) rtnl_link_register(); > > 2) genl_register_family(); > > 3) register_pernet_subsys(); > > During debugging of the module, when starting the syzkaller reproducer, it > turned out that after genl_register_family() (2), > > without waiting for register_pernet_subsys()(3), the /.dumpit/ event is > triggered, in which the data of the unregistered pernet subsystem is > accessed. > > That is, the bug was fixed by the commit > > 136cfaca2256 ("gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()")[1] > > and the registration sequence became as follows: > > 1) rtnl_link_register(); > > 2) register_pernet_subsys(); > > 3) genl_register_family(); > > However, syzkaller has discovered another problem: > > after registering rtnl_link_register, the .newlink event is triggered, in > which the data of the unregistered pernet subsystem is accessed. > > This problem is reproducible on current stable kernels and the latest > upstream kernel 6.8-rc6, in which the patch 136cfaca2256 [1] is applied. > > Therefore, the correct sequence should be as follows: > > 1)register_pernet_subsys(); > > 2) rtnl_link_register(); > > 3) genl_register_family(); > > The proposed patch is developed on top of the commit changes [1], does not > conflict with it and fixes the described bug. > > [1] https://lore.kernel.org/lkml/20240220160434.29bcaf43@kernel.org/T/#mb1f72c2… Thanks for explaining, fix LGTM.

1 year, 3 months

1
0
0 0

[PATCH rc 0/3] iommufd: Fix three bugs found by Syzkaller

by Nicolin Chen

Jason has been running Syzkaller that found three bugs. Fix them properly. Nicolin Chen (3): iommufd: Fix iopt_access_list_id overwrite bug iommufd/selftest: Fix mock_dev_num bug iommufd: Fix protection fault in iommufd_test_syz_conv_iova drivers/iommu/iommufd/io_pagetable.c | 9 ++++--- drivers/iommu/iommufd/selftest.c | 40 +++++++++++++++++++++------- 2 files changed, 36 insertions(+), 13 deletions(-) -- 2.43.0

1 year, 3 months

3
6
0 0

[PATCH AUTOSEL 4.19 1/3] ASoC: rt5645: Make LattePanda board DMI match more precise

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 551539a8606e28cb2a130f8ef3e9834235b456c4 ] The DMI strings used for the LattePanda board DMI quirks are very generic. Using the dmidecode database from https://linux-hardware.org/ shows that the chosen DMI strings also match the following 2 laptops which also have a rt5645 codec: Insignia NS-P11W7100 https://linux-hardware.org/?computer=E092FFF8BA04 Insignia NS-P10W8100 https://linux-hardware.org/?computer=AFB6C0BF7934 All 4 hw revisions of the LattePanda board have "S70CR" in their BIOS version DMI strings: DF-BI-7-S70CR100-* DF-BI-7-S70CR110-* DF-BI-7-S70CR200-* LP-BS-7-S70CR700-* See e.g. https://linux-hardware.org/?computer=D98250A817C0 Add a partial (non exact) DMI match on this string to make the LattePanda board DMI match more precise to avoid false-positive matches. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240211212736.179605-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 37ad3bee66a47..352aefddc7d70 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -3796,6 +3796,16 @@ static const struct dmi_system_id dmi_platform_data[] = { DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"), DMI_EXACT_MATCH(DMI_BOARD_NAME, "Cherry Trail CR"), DMI_EXACT_MATCH(DMI_BOARD_VERSION, "Default string"), + /* + * Above strings are too generic, LattePanda BIOS versions for + * all 4 hw revisions are: + * DF-BI-7-S70CR100-* + * DF-BI-7-S70CR110-* + * DF-BI-7-S70CR200-* + * LP-BS-7-S70CR700-* + * Do a partial match for S70CR to avoid false positive matches. + */ + DMI_MATCH(DMI_BIOS_VERSION, "S70CR"), }, .driver_data = (void *)&lattepanda_board_platform_data, }, -- 2.43.0

1 year, 3 months

1
2
0 0

[PATCH AUTOSEL 5.4 1/5] selftests: tls: use exact comparison in recv_partial

by Sasha Levin

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 49d821064c44cb5ffdf272905236012ea9ce50e3 ] This exact case was fail for async crypto and we weren't catching it. Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 837206dbe5d6e..81bb3cc6704f8 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -580,12 +580,12 @@ TEST_F(tls, recv_partial) memset(recv_mem, 0, sizeof(recv_mem)); EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), + MSG_WAITALL), strlen(test_str_first)); EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); memset(recv_mem, 0, sizeof(recv_mem)); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), + MSG_WAITALL), strlen(test_str_second)); EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 0); } -- 2.43.0

1 year, 3 months

1
4
0 0

[PATCH AUTOSEL 5.15 1/7] btrfs: add and use helper to check if block group is used

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 1693d5442c458ae8d5b0d58463b873cd879569ed ] Add a helper function to determine if a block group is being used and make use of it at btrfs_delete_unused_bgs(). This helper will also be used in future code changes. Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/block-group.c | 3 +-- fs/btrfs/block-group.h | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 4ca6828586af5..a2bac7196d18b 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1330,8 +1330,7 @@ void btrfs_delete_unused_bgs(struct btrfs_fs_info *fs_info) } spin_lock(&block_group->lock); - if (block_group->reserved || block_group->pinned || - block_group->used || block_group->ro || + if (btrfs_is_block_group_used(block_group) || block_group->ro || list_is_singular(&block_group->list)) { /* * We want to bail if we made new allocations or have diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index a15868d607a92..f042c1c85a255 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -211,6 +211,13 @@ static inline u64 btrfs_block_group_end(struct btrfs_block_group *block_group) return (block_group->start + block_group->length); } +static inline bool btrfs_is_block_group_used(const struct btrfs_block_group *bg) +{ + lockdep_assert_held(&bg->lock); + + return (bg->used > 0 || bg->reserved > 0 || bg->pinned > 0); +} + static inline bool btrfs_is_block_group_data_only( struct btrfs_block_group *block_group) { -- 2.43.0

1 year, 3 months

1
6
0 0