October 2021 - Linux-stable-mirror

[PATCH] PCI: endpoint: Fix use after free in pci_epf_remove_cfs()

by Shunsuke Mie

All of entries are freed in a loop, however, the freed entry is accessed by list_del() after the loop. When epf driver that includes pci-epf-test unload, the pci_epf_remove_cfs() is called, and occurred the use after free. Therefore, kernel panics randomly after or while the module unloading. I tested this patch with r8a77951-Salvator-xs boards. Fixes: ef1433f ("PCI: endpoint: Create configfs entry for each pci_epf_device_id table entry") Signed-off-by: Shunsuke Mie <mie(a)igel.co.jp> --- drivers/pci/endpoint/pci-epf-core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pci/endpoint/pci-epf-core.c b/drivers/pci/endpoint/pci-epf-core.c index e9289d10f822..538e902b0ba6 100644 --- a/drivers/pci/endpoint/pci-epf-core.c +++ b/drivers/pci/endpoint/pci-epf-core.c @@ -202,8 +202,10 @@ static void pci_epf_remove_cfs(struct pci_epf_driver *driver) return; mutex_lock(&pci_epf_mutex); - list_for_each_entry_safe(group, tmp, &driver->epf_group, group_entry) + list_for_each_entry_safe(group, tmp, &driver->epf_group, group_entry) { + list_del(&group->group_entry); pci_ep_cfs_remove_epf_group(group); + } list_del(&driver->epf_group); mutex_unlock(&pci_epf_mutex); } -- 2.17.1

2 years, 4 months

3
4
0 0

[PATCH] selftests: KVM: avoid failures due to reserved HyperTransport region

by Paolo Bonzini

Accessing guest physical addresses at 0xFFFD_0000_0000 and above causes a failure on AMD processors because those addresses are reserved by HyperTransport (this is not documented). Avoid selftests failures by reserving those guest physical addresses. Fixes: ef4c9f4f6546 ("KVM: selftests: Fix 32-bit truncation of vm_get_max_gfn()") Cc: stable(a)vger.kernel.org Cc: David Matlack <dmatlack(a)google.com> Reported-by: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- tools/testing/selftests/kvm/lib/kvm_util.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 10a8ed691c66..d995cc9836ee 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -309,6 +309,12 @@ struct kvm_vm *vm_create(enum vm_guest_mode mode, uint64_t phy_pages, int perm) /* Limit physical addresses to PA-bits. */ vm->max_gfn = ((1ULL << vm->pa_bits) >> vm->page_shift) - 1; +#ifdef __x86_64__ + /* Avoid reserved HyperTransport region on AMD processors. */ + if (vm->pa_bits == 48) + vm->max_gfn = 0xfffcfffff; +#endif + /* Allocate and setup memory for guest. */ vm->vpages_mapped = sparsebit_alloc(); if (phy_pages != 0) -- 2.27.0

2 years, 4 months

4
7
0 0

[PATCH 5.10 000/290] 5.10.24-rc1 review

by gregkh＠linuxfoundation.org

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> This is the start of the stable review cycle for the 5.10.24 release. There are 290 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Mar 2021 13:55:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.24-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.24-rc1 Christoph Hellwig <hch(a)lst.de> RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size Andrew Scull <ascull(a)google.com> KVM: arm64: Fix nVHE hyp panic host context restore Juergen Gross <jgross(a)suse.com> xen/events: avoid handling the same event on two cpus at the same time Juergen Gross <jgross(a)suse.com> xen/events: don't unmask an event channel when an eoi is pending Mike Rapoport <rppt(a)kernel.org> mm/page_alloc.c: refactor initialization of struct page for holes in memory layout Marc Zyngier <maz(a)kernel.org> KVM: arm64: Ensure I-cache isolation between vcpus of a same VM Suren Baghdasaryan <surenb(a)google.com> mm/madvise: replace ptrace attach requirement for process_madvise Nadav Amit <namit(a)vmware.com> mm/userfaultfd: fix memory corruption due to writeprotect Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix exclusive limit for IPA size Marc Zyngier <maz(a)kernel.org> KVM: arm64: Reject VM creation when the default IPA size is unsupported Suzuki K Poulose <suzuki.poulose(a)arm.com> KVM: arm64: nvhe: Save the SPE context early Will Deacon <will(a)kernel.org> KVM: arm64: Avoid corrupting vCPU context register in guest exit Jia He <justin.he(a)arm.com> KVM: arm64: Fix range alignment when walking page tables Wanpeng Li <wanpengli(a)tencent.com> KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged Sean Christopherson <seanjc(a)google.com> KVM: x86: Ensure deadline timer has truly expired before posting its IRQ Andy Lutomirski <luto(a)kernel.org> x86/entry: Fix entry/exit mismatch on failed fast 32-bit syscalls Joerg Roedel <jroedel(a)suse.de> x86/sev-es: Use __copy_from_user_inatomic() Joerg Roedel <jroedel(a)suse.de> x86/sev-es: Correctly track IRQ states in runtime #VC handler Thomas Gleixner <tglx(a)linutronix.de> x86/entry: Move nmi entry/exit into common code Joerg Roedel <jroedel(a)suse.de> x86/sev-es: Check regs->sp is trusted before adjusting #VC IST stack Joerg Roedel <jroedel(a)suse.de> x86/sev-es: Introduce ip_within_syscall_gap() helper Josh Poimboeuf <jpoimboe(a)redhat.com> x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 Lior Ribak <liorribak(a)gmail.com> binfmt_misc: fix possible deadlock in bm_register_write Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc: Fix missing declaration of [en/dis]able_kernel_vsx() Nicholas Piggin <npiggin(a)gmail.com> powerpc: Fix inverted SET_FULL_REGS bitop Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() Ard Biesheuvel <ardb(a)kernel.org> efi: stub: omit SetVirtualAddressMap() if marked unsupported in RT_PROP table Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched/membarrier: fix missing local execution of ipi_sync_rq_state() Arnd Bergmann <arnd(a)arndb.de> linux/compiler-clang.h: define HAVE_BUILTIN_BSWAP* Minchan Kim <minchan(a)kernel.org> zram: fix return value on writeback_store Alexey Dobriyan <adobriyan(a)gmail.com> prctl: fix PR_SET_MM_AUXV kernel stack leak Matthew Wilcox (Oracle) <willy(a)infradead.org> include/linux/sched/mm.h: use rcu_dereference in in_vfork() Arnd Bergmann <arnd(a)arndb.de> stop_machine: mark helpers __always_inline Peter Zijlstra <peterz(a)infradead.org> seqlock,lockdep: Fix seqcount_latch_init() Daniel Axtens <dja(a)axtens.net> powerpc/64s/exception: Clean up a missed SRR specifier Anna-Maria Behnsen <anna-maria(a)linutronix.de> hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Set PERF_ATTACH_SCHED_CB for large PEBS and LBR Kan Liang <kan.liang(a)linux.intel.com> perf/core: Flush PMU internal buffers for per-CPU events Ard Biesheuvel <ardb(a)kernel.org> arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds Daiyue Zhang <zhangdaiyue1(a)huawei.com> configfs: fix a use-after-free in __configfs_open_file James Smart <jsmart2021(a)gmail.com> nvme-fc: fix racing controller reset and create association Jia-Ju Bai <baijiaju1990(a)gmail.com> block: rsxx: fix error return code of rsxx_pci_probe() Ondrej Mosnacek <omosnace(a)redhat.com> NFSv4.2: fix return value of _nfs4_get_security_label() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't gratuitously clear the inode cache when lookup failed Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't revalidate the directory permissions on a lookup failure Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Set memalloc_nofs_save() for sync tasks Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory Wei Yongjun <weiyongjun1(a)huawei.com> cpufreq: qcom-hw: Fix return value check in qcom_cpufreq_hw_cpu_init() Shawn Guo <shawn.guo(a)linaro.org> cpufreq: qcom-hw: fix dereferencing freed memory 'data' Sergey Shtylyov <s.shtylyov(a)omprussia.ru> sh_eth: fix TRSCER mask for R7S72100 Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: pcl818: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: pcl711: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: me4000: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: dmm32at: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: das800: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: das6402: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: adv_pci1710: Fix endian problem for AI command data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: addi_apci_1500: Fix endian problem for command sample Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: addi_apci_1032: Fix endian problem for COS sample Lee Gibson <leegib(a)gmail.com> staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan Lee Gibson <leegib(a)gmail.com> staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd Dan Carpenter <dan.carpenter(a)oracle.com> staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8712: unterminated string leads to read overflow Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> misc: fastrpc: restrict user apps from sending kernel RPC messages Shile Zhang <shile.zhang(a)linux.alibaba.com> misc/pvpanic: Export module FDT device table Alexander Shiyan <shc_work(a)mail.ru> Revert "serial: max310x: rework RX interrupt handling" Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix vudc usbip_sockfd_store races leading to gpf Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix vhci_hcd attach_store() races leading to gpf Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix stub_dev usbip_sockfd_store() races leading to gpf Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix vudc to check for stream socket Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix vhci_hcd to check for stream socket Shuah Khan <skhan(a)linuxfoundation.org> usbip: fix stub_dev to check for stream socket Sebastian Reichel <sebastian.reichel(a)collabora.com> USB: serial: cp210x: add some more GE USB IDs Karan Singhal <karan.singhal(a)acuitybrands.com> USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter Niv Sardi <xaiki(a)evilgiggle.com> USB: serial: ch341: add new Product ID Pavel Skripkin <paskripkin(a)gmail.com> USB: serial: io_edgeport: fix memory leak in edge_startup Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state Forest Crossman <cyrozap(a)gmail.com> usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Improve detection of device initiated wake signal. Stanislaw Gruszka <stf_xl(a)wp.pl> usb: xhci: do not perform Soft Retry for some xHCI hosts Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM Pete Zaitcev <zaitcev(a)redhat.com> USB: usblp: fix a hang in poll() if disconnected Matthias Kaehlcke <mka(a)chromium.org> usb: dwc3: qcom: Honor wakeup enabled/disabled state Shawn Guo <shawn.guo(a)linaro.org> usb: dwc3: qcom: add ACPI device id for sc8180x Shawn Guo <shawn.guo(a)linaro.org> usb: dwc3: qcom: add URS Host support for sdm845 ACPI boot Serge Semin <Sergey.Semin(a)baikalelectronics.ru> usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement Ruslan Bilovol <ruslan.bilovol(a)gmail.com> usb: gadget: f_uac1: stop playback on function disable Ruslan Bilovol <ruslan.bilovol(a)gmail.com> usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot Dan Carpenter <dan.carpenter(a)oracle.com> USB: gadget: u_ether: Fix a configfs return code Wei Yongjun <weiyongjun1(a)huawei.com> USB: gadget: udc: s3c2410_udc: fix return value check in s3c2410_udc_probe() Yorick de Wid <ydewid(a)gmail.com> Goodix Fingerprint device is not a modem Paulo Alcantara <pc(a)cjr.nz> cifs: do not send close in compound create+close requests Frank Li <lznuaa(a)gmail.com> mmc: cqhci: Fix random crash when remove mmc module/card Adrian Hunter <adrian.hunter(a)intel.com> mmc: core: Fix partition switch time for eMMC Yann Gautier <yann.gautier(a)foss.st.com> mmc: mmci: Add MMC_CAP_NEED_RSP_BUSY for the stm32 variants Juergen Gross <jgross(a)suse.com> xen/events: reset affinity of 2-level event when tearing it down Heikki Krogerus <heikki.krogerus(a)linux.intel.com> software node: Fix node registration Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging IO request during DASD driver unbind Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging DASD driver unbind Rob Herring <robh(a)kernel.org> arm64: perf: Fix 64-bit event counter read truncation Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Map hotplugged memory as Normal Tagged Andrey Konovalov <andreyknvl(a)google.com> arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL Jan Kara <jack(a)suse.cz> block: Try to handle busy underlying device on discard Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> block: Discard page cache of zone reset target range Eric W. Biederman <ebiederm(a)xmission.com> Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Pavel Skripkin <paskripkin(a)gmail.com> ALSA: usb-audio: fix use after free in usb_audio_disconnect Pavel Skripkin <paskripkin(a)gmail.com> ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Apply the control quirk to Plantronics headsets Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Avoid spurious unsol event handling during S3/S4 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Flush pending unsolicited events before suspend Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Drop the BATCH workaround for AMD controllers Simeon Simeonoff <sim.simeonoff(a)gmail.com> ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook G5 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Cancel pending works before suspend John Ernberg <john.ernberg(a)actia.se> ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk Ard Biesheuvel <ardb(a)kernel.org> ARM: efistub: replace adrl pseudo-op with adr_l macro invocation Ard Biesheuvel <ardb(a)kernel.org> ARM: assembler: introduce adr_l, ldr_l and str_l macros Jian Cai <jiancai(a)google.com> ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler Jeremy Linton <jeremy.linton(a)arm.com> mmc: sdhci: Update firmware interface API AngeloGioacchino Del Regno <angelogioacchino.delregno(a)somainline.org> clk: qcom: gpucc-msm8998: Add resets, cxc, fix flags on gpu_gx_gdsc Aleksandr Miloserdov <a.miloserdov(a)yadro.com> scsi: target: core: Prevent underflow for service actions Aleksandr Miloserdov <a.miloserdov(a)yadro.com> scsi: target: core: Add cmd length set before cmd complete Mike Christie <michael.christie(a)oracle.com> scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling Lin Feng <linf(a)wangsu.com> sysctl.c: fix underflow value setting risk in vm_table David Hildenbrand <david(a)redhat.com> drivers/base/memory: don't store phys_device in memory blocks Heiko Carstens <hca(a)linux.ibm.com> s390/smp: __smp_rescan_cpus() - move cpumask away from stack Andrey Konovalov <andreyknvl(a)google.com> kasan: fix memory corruption in kasan_bitops_tags test Keita Suzuki <keitasuzuki.park(a)sslab.ics.keio.ac.jp> i40e: Fix memory leak in i40e_probe Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: Fix pci_register_io_range() memory leak Sasha Levin <sashal(a)kernel.org> kbuild: clamp SUBLEVEL to 255 Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to processed freed blocks until mballoc is initialized Bjorn Helgaas <bhelgaas(a)google.com> PCI/LINK: Remove bandwidth notification Arnd Bergmann <arnd(a)arndb.de> drivers/base: build kunit tests without structleak plugin Krzysztof Wilczyński <kw(a)linux.com> PCI: mediatek: Add missing of_node_put() to fix reference leak Martin Kaiser <martin(a)kaiser.cx> PCI: xgene-msi: Fix race in installing chained irq handler Ronald Tschalär <ronald(a)innovation.ch> Input: applespi - don't wait for responses to commands indefinitely. Khalid Aziz <khalid.aziz(a)oracle.com> sparc64: Use arch_validate_flags() to validate ADI flag Andreas Larsson <andreas(a)gaisler.com> sparc32: Limit memblock allocation to low memory AngeloGioacchino Del Regno <angelogioacchino.delregno(a)somainline.org> clk: qcom: gdsc: Implement NO_RET_PERIPH flag Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> iommu/amd: Fix performance counter initialization Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Fix stack trace not displaying final frame Filipe Laíns <lains(a)riseup.net> HID: logitech-dj: add support for the new lightspeed connection iteration Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> powerpc/perf: Record counter overflow always if SAMPLE_IP is unset Nicholas Piggin <npiggin(a)gmail.com> powerpc: improve handling of unrecoverable system reset Alain Volmat <alain.volmat(a)foss.st.com> spi: stm32: make spurious and overrun interrupts visible Oliver O'Halloran <oohall(a)gmail.com> powerpc/pci: Add ppc_md.discover_phbs() Lubomir Rintel <lkundrak(a)v3.sk> Platform: OLPC: Fix probe error handling Jeremy Linton <jeremy.linton(a)arm.com> mmc: sdhci-iproc: Add ACPI bindings for the RPi Chaotian Jing <chaotian.jing(a)mediatek.com> mmc: mediatek: fix race condition between msdc_request_timeout and irq Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Clear PRQ overflow only when PRQ is empty Steven J. Magnani <magnani(a)ieee.org> udf: fix silent AED tagLocation corruption Jaegeuk Kim <jaegeuk(a)kernel.org> scsi: ufs: WB is only available on LUN #0 to #7 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: optimize cacheline to minimize HW race condition Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: faster irq code to minimize HW race condition Kalle Valo <kvalo(a)codeaurora.org> ath11k: fix AP mode for QCA6390 Carl Huang <cjhuang(a)codeaurora.org> ath11k: start vdev if a bss peer is already created Ritesh Singh <ritesi(a)codeaurora.org> ath11k: peer delete synchronization with firmware Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: initialize RFS/RSS memories for unused ports too Arnd Bergmann <arnd(a)arndb.de> enetc: Fix unused var build warning for CONFIG_OF DENG Qingfang <dqfext(a)gmail.com> net: dsa: tag_mtk: fix 802.1ad VLAN egress Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ar9331: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_gswip: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_dsa: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_brcm: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_edsa: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_lan9303: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_mtk: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ocelot: let DSA core deal with TX reallocation Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_qca: let DSA core deal with TX reallocation Christian Eggers <ceggers(a)arri.de> net: dsa: trailer: don't allocate additional memory for padding/tagging Christian Eggers <ceggers(a)arri.de> net: dsa: tag_ksz: don't allocate additional memory for padding/tagging Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: implement a central TX reallocation procedure Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix notification for pending buffers during teardown Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: improve completion of pending TX buffers Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: remove QETH_QDIO_BUF_HANDLED_DELAYED state Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't replace a fully completed async TX buffer Jian Shen <shenjian15(a)huawei.com> net: hns3: fix error mask definition of flow director Aurelien Aptel <aaptel(a)suse.com> cifs: fix credit accounting for extra channel Hans Verkuil <hverkuil(a)xs4all.nl> media: rc: compile rc-cec.c into rc-core Biju Das <biju.das.jz(a)bp.renesas.com> media: v4l: vsp1: Fix bru null pointer access Biju Das <biju.das.jz(a)bp.renesas.com> media: v4l: vsp1: Fix uif null pointer access Dafna Hirschfeld <dafna.hirschfeld(a)collabora.com> media: rkisp1: params: fix wrong bits settings Maxim Mikityanskiy <maxtram95(a)gmail.com> media: usbtv: Fix deadlock on suspend Sergey Shtylyov <s.shtylyov(a)omprussia.ru> sh_eth: fix TRSCER mask for R7S9210 Colin Ian King <colin.king(a)canonical.com> qxl: Fix uninitialised struct field head.surface_id Wang Qing <wangqing(a)vivo.com> s390/crypto: return -EFAULT if copy_to_user() fails Eric Farman <farman(a)linux.ibm.com> s390/cio: return -EFAULT if copy_to_user() fails Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915: Wedge the GPU if command parser setup fails Noralf Trønnes <noralf(a)tronnes.org> drm/shmem-helpers: vunmap: Don't put pages for dma-buf Artem Lapkin <art(a)khadas.com> drm: meson_drv add shutdown function Thomas Zimmermann <tzimmermann(a)suse.de> drm: Use USB controller's DMA mask when importing dmabufs Neil Roberts <nroberts(a)igalia.com> drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff Neil Roberts <nroberts(a)igalia.com> drm/shmem-helper: Check for purged buffers in fault handler Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/display: handle aux backlight in backlight_get_brightness Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/display: don't assert in set backlight function Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/display: simplify backlight setting Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: bug fix for pcie dpm Holger Hoffstätte <holger(a)applied-asynchrony.com> drm/amd/display: Fix nested FPU context in dcn21_validate_bandwidth() Holger Hoffstätte <holger(a)applied-asynchrony.com> drm/amdgpu/display: use GFP_ATOMIC in dcn21_validate_bandwidth_fp() Takashi Iwai <tiwai(a)suse.de> drm/amd/display: Add a backlight module option Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/compat: Clear bounce structures Johan Hovold <johan(a)kernel.org> gpio: fix gpio-device list corruption Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Read "gpio-line-names" from a firmware node Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Allow to find GpioInt() resource by name and index Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Add ACPI_GPIO_QUIRK_ABSOLUTE_NUMBER quirk Edwin Peer <edwin.peer(a)broadcom.com> bnxt_en: reliably allocate IRQ table on reset to avoid crash Wang Qing <wangqing(a)vivo.com> s390/cio: return -EFAULT if copy_to_user() fails again Jian Shen <shenjian15(a)huawei.com> net: hns3: fix bug when calculating the TCAM table info Jian Shen <shenjian15(a)huawei.com> net: hns3: fix query vlan mask value error for flow director Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf report: Fix -F for branch & mem modes Ian Rogers <irogers(a)google.com> perf traceevent: Ensure read cmdlines are null terminated. Danielle Ratson <danieller(a)nvidia.com> mlxsw: spectrum_ethtool: Add an external speed to PTYS register Danielle Ratson <danieller(a)nvidia.com> selftests: forwarding: Fix race condition in mirror installation Arnd Bergmann <arnd(a)arndb.de> net: phy: make mdio_bus_phy_suspend/resume as __maybe_unused Yinjun Zhang <yinjun.zhang(a)corigine.com> ethtool: fix the check logic of at least one channel for RX/TX Joakim Zhang <qiangqing.zhang(a)nxp.com> net: stmmac: fix wrongly set buffer2 valid when sph unsupport Joakim Zhang <qiangqing.zhang(a)nxp.com> net: stmmac: fix watchdog timeout during suspend/resume stress test Joakim Zhang <qiangqing.zhang(a)nxp.com> net: stmmac: stop each tx channel independently Antonio Terceiro <antonio.terceiro(a)linaro.org> perf build: Fix ccache usage in $(CC) when generating arch errno table Kun-Chuan Hsieh <jetswayss(a)gmail.com> tools/resolve_btfids: Fix build error with older host toolchains Antony Antony <antony(a)phenome.org> ixgbe: fail to create xfrm offload of IPsec tunnel mode SA Hayes Wang <hayeswang(a)realtek.com> r8169: fix r8168fp_adjust_ocp_cmd function Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix memory leak after failed TX Buffer allocation Jia-Ju Bai <baijiaju1990(a)gmail.com> net: qrtr: fix error return code of qrtr_sendmsg() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: allow hardware timestamping on TX queues with tc-etf enabled Paul Cercueil <paul(a)crapouillou.net> net: davicom: Fix regulator not turned off on driver removal Paul Cercueil <paul(a)crapouillou.net> net: davicom: Fix regulator not turned off on failed probe Xie He <xie.he.0141(a)gmail.com> net: lapbether: Remove netif_start_queue / netif_stop_queue Wong Vee Khee <vee.khee.wong(a)intel.com> stmmac: intel: Fixes clock registration error seen for multiple interfaces Ong Boon Leong <boon.leong.ong(a)intel.com> net: stmmac: Fix VLAN filter delete timeout issue in Intel mGBE SGMII Paul Moore <paul(a)paul-moore.com> cipso,calipso: resolve a number of problems with the DOI refcounts Hillf Danton <hdanton(a)sina.com> netdevsim: init u64 stats for 32bit hardware Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: allow qmimux add/del with master up Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII PCS being forced to SPEED_UNKNOWN instead of SPEED_10 Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: properly reject destination IP keys in VCAP IS1 Maximilian Heyne <mheyne(a)amazon.de> net: sched: avoid duplicates in classes dump Ido Schimmel <idosch(a)nvidia.com> nexthop: Do not flush blackhole nexthops when loopback goes down Ong Boon Leong <boon.leong.ong(a)intel.com> net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 Kevin(Yudong) Yang <yyd(a)google.com> net/mlx4_en: update moderation when config reset Biao Huang <biao.huang(a)mediatek.com> net: ethernet: mtk-star-emac: fix wrong unmap in RX handling Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: keep RX ring consumer index in sync with hardware Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: force the RGMII speed and duplex instead of operating in inband mode Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: don't disable VLAN filtering in IFF_PROMISC mode Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: take the MDIO lock only once per NAPI poll cycle Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: don't overwrite the RSS indirection table when initializing Sergey Shtylyov <s.shtylyov(a)omprussia.ru> sh_eth: fix TRSCER mask for SH771x DENG Qingfang <dqfext(a)gmail.com> net: dsa: tag_rtl4_a: fix egress tags Jakub Kicinski <kuba(a)kernel.org> docs: networking: drop special stable handling Linus Torvalds <torvalds(a)linux-foundation.org> Revert "mm, slub: consider rest of partial list if acquire_slab() fails" Paulo Alcantara <pc(a)cjr.nz> cifs: return proper error code in statfs(2) Christian Brauner <christian.brauner(a)ubuntu.com> mount: fix mounting of detached mounts onto targets that reside on shared mounts Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/603: Fix protection of user pages mapped with PROT_NONE Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: dma: do not report truncated frames to mac80211 Jiri Wiesner <jwiesner(a)suse.com> ibmvnic: always store valid MAC address Michal Suchanek <msuchanek(a)suse.de> ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning. Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> libbpf: Clear map_info before each bpf_obj_get_info_by_fd Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> samples, bpf: Add missing munmap in xdpsock Yauheni Kaliuta <yauheni.kaliuta(a)redhat.com> selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier Hangbin Liu <liuhangbin(a)gmail.com> selftests/bpf: No need to drop the packet when there is no geneve opt Ilya Leoshkevich <iii(a)linux.ibm.com> selftests/bpf: Use the last page in test_snprintf_btf on s390 Guangbin Huang <huangguangbin2(a)huawei.com> net: phy: fix save wrong speed and duplex problem if autoneg is on Jason A. Donenfeld <Jason(a)zx2c4.com> net: always use icmp{,v6}_ndo_send from ndo_start_xmit Vasily Averin <vvs(a)virtuozzo.com> netfilter: x_tables: gpf inside xt_find_revision() Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: undo erroneous tcp edemux lookup Eric Dumazet <edumazet(a)google.com> tcp: add sanity tests to TCP_QUEUE_SEQ Arjun Roy <arjunroy(a)google.com> tcp: Fix sign comparison bug in getsockopt(TCP_ZEROCOPY_RECEIVE) Torin Cooper-Bennun <torin(a)maxiluxsystems.com> can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before entering Normal Mode Joakim Zhang <qiangqing.zhang(a)nxp.com> can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode Joakim Zhang <qiangqing.zhang(a)nxp.com> can: flexcan: enable RX FIFO after FRZ/HALT valid Joakim Zhang <qiangqing.zhang(a)nxp.com> can: flexcan: assert FRZ bit in flexcan_chip_freeze() Oleksij Rempel <linux(a)rempel-privat.de> can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership Matthias Schiffer <mschiffer(a)universe-factory.net> net: l2tp: reduce log level of messages in receive path, add counter instead Balazs Nemeth <bnemeth(a)redhat.com> net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 Balazs Nemeth <bnemeth(a)redhat.com> net: check if protocol extracted by virtio_net_hdr_set_proto is correct Daniel Borkmann <daniel(a)iogearbox.net> net: Fix gro aggregation for udp encaps with zero csum Felix Fietkau <nbd(a)nbd.name> ath9k: fix transmitting to stations in dynamic SMPS mode Maciej W. Rozycki <macro(a)orcam.me.uk> crypto: mips/poly1305 - enable for all MIPS processors Jakub Kicinski <kuba(a)kernel.org> ethernet: alx: fix order of calls on resume Greg Kurz <groug(a)kaod.org> powerpc/pseries: Don't enforce MSI affinity with kdump Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> powerpc/perf: Fix handling of privilege level checks in perf interrupt context Dmitry V. Levin <ldv(a)altlinux.org> uapi: nfnetlink_cthelper.h: fix userspace compilation error ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-memory | 5 +- Documentation/admin-guide/mm/memory-hotplug.rst | 4 +- Documentation/gpu/todo.rst | 21 +++ Documentation/networking/netdev-FAQ.rst | 78 +------- Documentation/process/stable-kernel-rules.rst | 6 - Documentation/process/submitting-patches.rst | 5 - Documentation/virt/kvm/api.rst | 3 + Makefile | 16 +- arch/arm/boot/compressed/head.S | 3 +- arch/arm/include/asm/assembler.h | 84 +++++++++ arch/arm/kernel/iwmmxt.S | 89 ++++----- arch/arm/kernel/iwmmxt.h | 47 +++++ arch/arm64/include/asm/kvm_asm.h | 4 +- arch/arm64/include/asm/kvm_hyp.h | 8 +- arch/arm64/include/asm/memory.h | 5 + arch/arm64/include/asm/mmu_context.h | 5 +- arch/arm64/include/asm/pgtable-prot.h | 1 - arch/arm64/include/asm/pgtable.h | 3 + arch/arm64/kernel/head.S | 2 +- arch/arm64/kernel/perf_event.c | 2 +- arch/arm64/kvm/arm.c | 7 +- arch/arm64/kvm/hyp/entry.S | 2 +- arch/arm64/kvm/hyp/nvhe/debug-sr.c | 12 +- arch/arm64/kvm/hyp/nvhe/host.S | 20 +-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 4 +- arch/arm64/kvm/hyp/nvhe/switch.c | 14 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 1 + arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 3 +- arch/arm64/kvm/reset.c | 12 +- arch/arm64/mm/init.c | 12 ++ arch/arm64/mm/mmu.c | 5 +- arch/mips/crypto/Makefile | 4 +- arch/powerpc/include/asm/code-patching.h | 2 +- arch/powerpc/include/asm/machdep.h | 3 + arch/powerpc/include/asm/ptrace.h | 7 +- arch/powerpc/include/asm/switch_to.h | 10 ++ arch/powerpc/kernel/asm-offsets.c | 2 +- arch/powerpc/kernel/exceptions-64s.S | 2 +- arch/powerpc/kernel/head_book3s_32.S | 9 +- arch/powerpc/kernel/pci-common.c | 10 ++ arch/powerpc/kernel/process.c | 2 +- arch/powerpc/kernel/traps.c | 5 +- arch/powerpc/perf/core-book3s.c | 23 ++- arch/powerpc/platforms/pseries/msi.c | 25 ++- arch/s390/kernel/smp.c | 2 +- arch/sparc/include/asm/mman.h | 54 +++--- arch/sparc/mm/init_32.c | 3 + arch/x86/entry/common.c | 37 +--- arch/x86/entry/entry_64_compat.S | 2 + arch/x86/events/intel/core.c | 5 +- arch/x86/include/asm/idtentry.h | 3 - arch/x86/include/asm/insn-eval.h | 2 + arch/x86/include/asm/proto.h | 1 + arch/x86/include/asm/ptrace.h | 15 ++ arch/x86/kernel/cpu/mce/core.c | 6 +- arch/x86/kernel/kvmclock.c | 19 +- arch/x86/kernel/nmi.c | 6 +- arch/x86/kernel/sev-es.c | 22 ++- arch/x86/kernel/traps.c | 16 +- arch/x86/kernel/unwind_orc.c | 12 +- arch/x86/kvm/lapic.c | 11 +- arch/x86/lib/insn-eval.c | 66 +++++-- block/blk-zoned.c | 38 +++- crypto/Kconfig | 2 +- drivers/base/memory.c | 25 +-- drivers/base/swnode.c | 3 + drivers/base/test/Makefile | 1 + drivers/block/rsxx/core.c | 1 + drivers/block/zram/zram_drv.c | 11 +- drivers/clk/qcom/gdsc.c | 10 +- drivers/clk/qcom/gdsc.h | 3 +- drivers/clk/qcom/gpucc-msm8998.c | 8 +- drivers/cpufreq/qcom-cpufreq-hw.c | 6 +- drivers/firmware/efi/libstub/efi-stub.c | 16 ++ drivers/gpio/gpio-pca953x.c | 78 +++----- drivers/gpio/gpiolib-acpi.c | 19 +- drivers/gpio/gpiolib.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 ++--- drivers/gpu/drm/amd/display/dc/core/dc_link.c | 1 - .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 6 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 48 +++++ .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 66 +++++++ .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 48 ++--- drivers/gpu/drm/drm_gem_shmem_helper.c | 32 ++-- drivers/gpu/drm/drm_ioc32.c | 11 ++ drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 +- drivers/gpu/drm/i915/i915_cmd_parser.c | 19 +- drivers/gpu/drm/i915/i915_drv.h | 2 +- drivers/gpu/drm/meson/meson_drv.c | 11 ++ drivers/gpu/drm/qxl/qxl_display.c | 1 + drivers/gpu/drm/tiny/gm12u320.c | 44 ++++- drivers/gpu/drm/udl/udl_drv.c | 17 ++ drivers/gpu/drm/udl/udl_drv.h | 1 + drivers/gpu/drm/udl/udl_main.c | 10 ++ drivers/hid/hid-logitech-dj.c | 7 +- drivers/i2c/busses/i2c-rcar.c | 13 +- drivers/infiniband/core/umem.c | 8 +- drivers/input/keyboard/applespi.c | 21 ++- drivers/iommu/amd/init.c | 45 +++-- drivers/iommu/intel/svm.c | 13 +- drivers/media/platform/vsp1/vsp1_drm.c | 6 +- drivers/media/rc/Makefile | 1 + drivers/media/rc/keymaps/Makefile | 1 - drivers/media/rc/keymaps/rc-cec.c | 28 ++- drivers/media/rc/rc-main.c | 6 + drivers/media/usb/usbtv/usbtv-audio.c | 2 +- drivers/misc/fastrpc.c | 5 + drivers/misc/pvpanic.c | 1 + drivers/mmc/core/bus.c | 11 +- drivers/mmc/core/mmc.c | 15 +- drivers/mmc/host/mmci.c | 10 +- drivers/mmc/host/mtk-sd.c | 18 +- drivers/mmc/host/mxs-mmc.c | 2 +- drivers/mmc/host/sdhci-iproc.c | 18 ++ drivers/mmc/host/sdhci.c | 8 +- drivers/net/Kconfig | 2 +- drivers/net/can/flexcan.c | 24 ++- drivers/net/can/m_can/tcan4x5x.c | 6 +- drivers/net/dsa/sja1105/sja1105_main.c | 2 +- drivers/net/ethernet/atheros/alx/main.c | 7 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +- drivers/net/ethernet/davicom/dm9000.c | 21 ++- drivers/net/ethernet/freescale/enetc/enetc.c | 93 +++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 5 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 18 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 117 +++++++++--- drivers/net/ethernet/freescale/enetc/enetc_vf.c | 7 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 6 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 7 +- drivers/net/ethernet/ibm/ibmvnic.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 5 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 5 + drivers/net/ethernet/mediatek/mtk_star_emac.c | 5 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 + drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 + drivers/net/ethernet/mellanox/mlxsw/reg.h | 1 + .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 5 + drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 3 +- drivers/net/ethernet/mscc/ocelot_flower.c | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 2 +- drivers/net/ethernet/renesas/sh_eth.c | 7 + drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 5 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 9 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 19 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 4 - .../net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 19 +- drivers/net/netdevsim/netdev.c | 1 + drivers/net/phy/phy.c | 6 +- drivers/net/phy/phy_device.c | 6 +- drivers/net/usb/qmi_wwan.c | 14 -- drivers/net/wan/lapbether.c | 3 - drivers/net/wireless/ath/ath11k/core.c | 1 + drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mac.c | 25 ++- drivers/net/wireless/ath/ath11k/peer.c | 61 ++++++- drivers/net/wireless/ath/ath11k/peer.h | 4 + drivers/net/wireless/ath/ath11k/wmi.c | 17 +- drivers/net/wireless/ath/ath9k/ath9k.h | 3 +- drivers/net/wireless/ath/ath9k/xmit.c | 6 + drivers/net/wireless/mediatek/mt76/dma.c | 11 +- drivers/nvme/host/fc.c | 2 +- drivers/pci/controller/pci-xgene-msi.c | 10 +- drivers/pci/controller/pcie-mediatek.c | 7 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/Kconfig | 8 - drivers/pci/pcie/Makefile | 1 - drivers/pci/pcie/bw_notification.c | 138 -------------- drivers/pci/pcie/portdrv.h | 6 - drivers/pci/pcie/portdrv_pci.c | 1 - drivers/platform/olpc/olpc-ec.c | 15 +- drivers/s390/block/dasd.c | 6 +- drivers/s390/cio/vfio_ccw_ops.c | 6 +- drivers/s390/crypto/vfio_ap_ops.c | 2 +- drivers/s390/net/qeth_core.h | 5 +- drivers/s390/net/qeth_core_main.c | 200 ++++++++++----------- drivers/scsi/libiscsi.c | 11 +- drivers/scsi/ufs/ufs-sysfs.c | 3 +- drivers/scsi/ufs/ufs.h | 6 +- drivers/scsi/ufs/ufshcd.c | 2 +- drivers/spi/spi-stm32.c | 15 +- drivers/staging/comedi/drivers/addi_apci_1032.c | 4 +- drivers/staging/comedi/drivers/addi_apci_1500.c | 18 +- drivers/staging/comedi/drivers/adv_pci1710.c | 10 +- drivers/staging/comedi/drivers/das6402.c | 2 +- drivers/staging/comedi/drivers/das800.c | 2 +- drivers/staging/comedi/drivers/dmm32at.c | 2 +- drivers/staging/comedi/drivers/me4000.c | 2 +- drivers/staging/comedi/drivers/pcl711.c | 2 +- drivers/staging/comedi/drivers/pcl818.c | 2 +- drivers/staging/ks7010/ks_wlan_net.c | 6 +- drivers/staging/media/rkisp1/rkisp1-params.c | 1 - drivers/staging/rtl8188eu/core/rtw_ap.c | 5 + drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 6 +- drivers/staging/rtl8192e/rtl8192e/rtl_wx.c | 7 +- drivers/staging/rtl8192u/r8192U_wx.c | 6 +- drivers/staging/rtl8712/rtl871x_cmd.c | 6 +- drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2 +- drivers/target/target_core_pr.c | 15 +- drivers/target/target_core_transport.c | 15 +- drivers/tty/serial/max310x.c | 29 +-- drivers/usb/class/cdc-acm.c | 5 + drivers/usb/class/usblp.c | 16 +- drivers/usb/core/usb.c | 32 ++++ drivers/usb/dwc3/dwc3-qcom.c | 77 +++++++- drivers/usb/gadget/function/f_uac1.c | 1 + drivers/usb/gadget/function/f_uac2.c | 2 +- drivers/usb/gadget/function/u_ether_configfs.h | 5 +- drivers/usb/gadget/udc/s3c2410_udc.c | 4 +- drivers/usb/host/xhci-pci.c | 13 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/host/xhci.c | 78 ++++---- drivers/usb/host/xhci.h | 1 + drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/serial/ch341.c | 1 + drivers/usb/serial/cp210x.c | 3 + drivers/usb/serial/io_edgeport.c | 26 +-- drivers/usb/usbip/stub_dev.c | 42 ++++- drivers/usb/usbip/vhci_sysfs.c | 39 +++- drivers/usb/usbip/vudc_sysfs.c | 49 ++++- drivers/xen/events/events_2l.c | 22 ++- drivers/xen/events/events_base.c | 140 +++++++++++---- drivers/xen/events/events_fifo.c | 7 - drivers/xen/events/events_internal.h | 14 +- fs/binfmt_misc.c | 29 ++- fs/block_dev.c | 11 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsglob.h | 11 +- fs/cifs/connect.c | 10 +- fs/cifs/sess.c | 1 + fs/cifs/smb2inode.c | 1 + fs/cifs/smb2misc.c | 8 +- fs/cifs/smb2ops.c | 10 +- fs/cifs/smb2proto.h | 3 +- fs/cifs/transport.c | 2 +- fs/configfs/file.c | 6 +- fs/ext4/super.c | 9 +- fs/nfs/dir.c | 40 +++-- fs/nfs/nfs4proc.c | 2 +- fs/pnode.h | 2 +- fs/udf/inode.c | 9 +- include/linux/acpi.h | 10 +- include/linux/can/skb.h | 8 +- include/linux/compiler-clang.h | 6 + include/linux/entry-common.h | 39 +++- include/linux/gpio/consumer.h | 2 + include/linux/memory.h | 3 +- include/linux/perf_event.h | 2 + include/linux/pgtable.h | 4 + include/linux/sched/mm.h | 3 +- include/linux/seqlock.h | 5 +- include/linux/stop_machine.h | 11 +- include/linux/usb.h | 2 + include/linux/virtio_net.h | 7 +- include/media/rc-map.h | 7 + include/target/target_core_backend.h | 1 + include/uapi/linux/l2tp.h | 1 + include/uapi/linux/netfilter/nfnetlink_cthelper.h | 2 +- kernel/entry/common.c | 36 ++++ kernel/events/core.c | 42 ++++- kernel/sched/membarrier.c | 4 +- kernel/sys.c | 2 +- kernel/sysctl.c | 8 +- kernel/time/hrtimer.c | 60 ++++--- lib/logic_pio.c | 3 + lib/test_kasan.c | 10 +- mm/madvise.c | 13 +- mm/memory.c | 8 + mm/memory_hotplug.c | 2 +- mm/page_alloc.c | 158 ++++++++-------- mm/slub.c | 2 +- net/dsa/slave.c | 45 +++++ net/dsa/tag_ar9331.c | 3 - net/dsa/tag_brcm.c | 3 - net/dsa/tag_dsa.c | 5 - net/dsa/tag_edsa.c | 4 - net/dsa/tag_gswip.c | 5 - net/dsa/tag_ksz.c | 73 +------- net/dsa/tag_lan9303.c | 9 - net/dsa/tag_mtk.c | 22 ++- net/dsa/tag_ocelot.c | 7 - net/dsa/tag_qca.c | 3 - net/dsa/tag_rtl4_a.c | 12 +- net/dsa/tag_trailer.c | 31 +--- net/ethtool/channels.c | 26 +-- net/ipv4/cipso_ipv4.c | 11 +- net/ipv4/ip_tunnel.c | 5 +- net/ipv4/ip_vti.c | 6 +- net/ipv4/nexthop.c | 10 +- net/ipv4/tcp.c | 26 ++- net/ipv4/udp_offload.c | 2 +- net/ipv6/calipso.c | 14 +- net/ipv6/ip6_gre.c | 16 +- net/ipv6/ip6_tunnel.c | 10 +- net/ipv6/ip6_vti.c | 6 +- net/ipv6/sit.c | 2 +- net/l2tp/l2tp_core.c | 41 +++-- net/l2tp/l2tp_core.h | 1 + net/l2tp/l2tp_netlink.c | 6 + net/mpls/mpls_gso.c | 3 + net/netfilter/nf_nat_proto.c | 25 ++- net/netfilter/x_tables.c | 6 +- net/netlabel/netlabel_cipso_v4.c | 3 + net/qrtr/qrtr.c | 4 +- net/sched/sch_api.c | 8 +- net/sunrpc/sched.c | 5 +- samples/bpf/xdpsock_user.c | 2 + security/commoncap.c | 12 +- sound/pci/hda/hda_bind.c | 4 + sound/pci/hda/hda_controller.c | 7 - sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_ca0132.c | 1 + sound/pci/hda/patch_conexant.c | 62 +++++-- sound/pci/hda/patch_hdmi.c | 13 ++ sound/usb/card.c | 6 + sound/usb/quirks.c | 11 +- sound/usb/usbaudio.h | 1 + tools/bpf/resolve_btfids/main.c | 5 + tools/lib/bpf/xsk.c | 5 +- tools/perf/Makefile.perf | 2 +- tools/perf/util/sort.c | 4 +- tools/perf/util/trace-event-read.c | 1 + .../selftests/bpf/progs/netif_receive_skb.c | 13 +- .../testing/selftests/bpf/progs/test_tunnel_kern.c | 6 +- .../testing/selftests/bpf/verifier/array_access.c | 3 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 9 + 333 files changed, 3007 insertions(+), 1742 deletions(-)

2 years, 4 months

19
320
0 0

[PATCH v2] x86/sme: Explicitly map new EFI memmap table as encrypted

by Tom Lendacky

Reserving memory using efi_mem_reserve() calls into the x86 efi_arch_mem_reserve() function. This function will insert a new EFI memory descriptor into the EFI memory map representing the area of memory to be reserved and marking it as EFI runtime memory. As part of adding this new entry, a new EFI memory map is allocated and mapped. The mapping is where a problem can occur. This new EFI memory map is mapped using early_memremap(). If the allocated memory comes from an area that is marked as EFI_BOOT_SERVICES_DATA memory in the current EFI memory map, then it will be mapped unencrypted (see memremap_is_efi_data() and the call to efi_mem_type()). However, during replacement of the old EFI memory map with the new EFI memory map, efi_mem_type() is disabled, resulting in the new EFI memory map always being mapped encrypted in efi.memmap. This will cause a kernel crash later in the boot. Since it is known that the new EFI memory map will always be mapped encrypted when efi_memmap_install() is called, explicitly map the new EFI memory map as encrypted (using early_memremap_prot()) when inserting the new memory map entry. Cc: <stable(a)vger.kernel.org> # 4.14.x Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear") Acked-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> --- Changes for v2: - Update/expand commit message to (hopefully) make it easier to read and understand - Add a comment around the use of the early_memremap_prot() call --- arch/x86/platform/efi/quirks.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c index b15ebfe40a73..14f8f20d727a 100644 --- a/arch/x86/platform/efi/quirks.c +++ b/arch/x86/platform/efi/quirks.c @@ -277,7 +277,19 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size) return; } - new = early_memremap(data.phys_map, data.size); + /* + * When SME is active, early_memremap() can map the memory unencrypted + * if the allocation came from EFI_BOOT_SERVICES_DATA (see + * memremap_is_efi_data() and the call to efi_mem_type()). However, + * when efi_memmap_install() is called to replace the memory map, + * efi_mem_type() is "disabled" and so the memory will always be mapped + * encrypted. To avoid this possible mismatch between the mappings, + * always map the newly allocated memmap memory as encrypted. + * + * When SME is not active, this behaves just like early_memremap(). + */ + new = early_memremap_prot(data.phys_map, data.size, + pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL))); if (!new) { pr_err("Failed to map new boot services memmap\n"); return; -- 2.33.1

2 years, 4 months

3
9
0 0

[PATCH] media: uvcvideo: fix division by zero at stream start

by Johan Hovold

Add the missing bulk-endpoint max-packet sanity check to probe() to avoid division by zero in uvc_alloc_urb_buffers() in case a malicious device has broken descriptors (or when doing descriptor fuzz testing). Note that USB core will reject URBs submitted for endpoints with zero wMaxPacketSize but that drivers doing packet-size calculations still need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip endpoint descriptors with maxpacket=0")). Fixes: c0efd232929c ("V4L/DVB (8145a): USB Video Class driver") Cc: stable(a)vger.kernel.org # 2.6.26 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/media/usb/uvc/uvc_video.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index e16464606b14..85ac5c1081b6 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1958,6 +1958,10 @@ static int uvc_video_start_transfer(struct uvc_streaming *stream, if (ep == NULL) return -EIO; + /* Reject broken descriptors. */ + if (usb_endpoint_maxp(&ep->desc) == 0) + return -EIO; + ret = uvc_init_video_bulk(stream, ep, gfp_flags); } -- 2.32.0

2 years, 4 months

3
8
0 0

[PATCH v3] usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle

by Fabio Estevam

When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 1.498170] Mem abort info: [ 1.500966] ESR = 0x96000044 [ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.509356] SET = 0, FnV = 0 [ 1.512416] EA = 0, S1PTW = 0 [ 1.515569] FSC = 0x04: level 0 translation fault [ 1.520458] Data abort info: [ 1.523349] ISV = 0, ISS = 0x00000044 [ 1.527196] CM = 0, WnR = 1 [ 1.530176] [0000000000000098] user address but active_mm is swapper [ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 1.542125] Modules linked in: [ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3 [ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT) [ 1.557133] Workqueue: events_unbound deferred_probe_work_func [ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) [ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510 [ 1.573973] lr : imx7d_charger_detection+0x22c/0x510 This happens because the charger functions check for the phy presence inside the imx_usbmisc_data structure (data->usb_phy), but the chipidea core populates the usb_phy passed via 'phys' inside 'struct ci_hdrc' (ci->usb_phy) instead. This causes the NULL pointer dereference inside imx7d_charger_detection(). Fix it by also searching for 'phys' in case 'fsl,usbphy' is not found. Tested on a imx7s-warp board. Cc: stable(a)vger.kernel.org Fixes: 746f316b753a ("usb: chipidea: introduce imx7d USB charger detection") Reported-by: Heiko Thiery <heiko.thiery(a)gmail.com> Signed-off-by: Fabio Estevam <festevam(a)gmail.com> Reviewed-by: Frieder Schrempf <frieder.schrempf(a)kontron.de> --- Changes since v2: - Added Frieder's reviewed-by tag. - Cc stable - Improved the commit log and fixed typo in 'dereferenced' drivers/usb/chipidea/ci_hdrc_imx.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 8b7bc10b6e8b..f1d100671ee6 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -420,11 +420,16 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) data->phy = devm_usb_get_phy_by_phandle(dev, "fsl,usbphy", 0); if (IS_ERR(data->phy)) { ret = PTR_ERR(data->phy); - /* Return -EINVAL if no usbphy is available */ - if (ret == -ENODEV) - data->phy = NULL; - else - goto err_clk; + if (ret == -ENODEV) { + data->phy = devm_usb_get_phy_by_phandle(dev, "phys", 0); + if (IS_ERR(data->phy)) { + ret = PTR_ERR(data->phy); + if (ret == -ENODEV) + data->phy = NULL; + else + goto err_clk; + } + } } pdata.usb_phy = data->phy; -- 2.25.1

2 years, 5 months

5
10
0 0

[PATCH v5] aio: Add support for the POLLFREE

by Ramji Jiyani

Add support for the POLLFREE flag to force complete iocb inline in aio_poll_wake(). A thread may use it to signal it's exit and/or request to cleanup while pending poll request. In this case, aio_poll_wake() needs to make sure it doesn't keep any reference to the queue entry before returning from wake to avoid possible use after free via poll_cancel() path. UAF issue was found during binder and aio interactions in certain sequence of events [1]. The POLLFREE flag is no more exclusive to the epoll and is being shared with the aio. Remove comment from poll.h to avoid confusion. [1] https://lore.kernel.org/r/CAKUd0B_TCXRY4h1hTztfwWbNSFQqsudDLn2S_28csgWZmZAG… Fixes: af5c72b1fc7a ("Fix aio_poll() races") Signed-off-by: Ramji Jiyani <ramjiyani(a)google.com> Reviewed-by: Jeff Moyer <jmoyer(a)redhat.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Cc: stable(a)vger.kernel.org # 4.19+ --- Changes since v1: - Removed parenthesis around POLLFREE macro definition as per review. - Updated description to refer UAF issue discussion this patch fixes. - Updated description to remove reference to parenthesis change. - Added Reviewed-by from Jeff Moyer Changes since v2: - Added Fixes tag. - Added stable tag for backporting on 4.19+ LTS releases Changes since v3: - Updated patch description - Updated Fixes tag to issue manifestation origin Changes since v4: - Added Reviewed-by from Christoph Hellwig --- fs/aio.c | 45 ++++++++++++++++++--------------- include/uapi/asm-generic/poll.h | 2 +- 2 files changed, 26 insertions(+), 21 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 51b08ab01dff..5d539c05df42 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1674,6 +1674,7 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, { struct poll_iocb *req = container_of(wait, struct poll_iocb, wait); struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll); + struct kioctx *ctx = iocb->ki_ctx; __poll_t mask = key_to_poll(key); unsigned long flags; @@ -1683,29 +1684,33 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync, list_del_init(&req->wait.entry); - if (mask && spin_trylock_irqsave(&iocb->ki_ctx->ctx_lock, flags)) { - struct kioctx *ctx = iocb->ki_ctx; + /* + * Use irqsave/irqrestore because not all filesystems (e.g. fuse) + * call this function with IRQs disabled and because IRQs have to + * be disabled before ctx_lock is obtained. + */ + if (mask & POLLFREE) { + /* Force complete iocb inline to remove refs to deleted entry */ + spin_lock_irqsave(&ctx->ctx_lock, flags); + } else if (!(mask && spin_trylock_irqsave(&ctx->ctx_lock, flags))) { + /* Can't complete iocb inline; schedule for later */ + schedule_work(&req->work); + return 1; + } - /* - * Try to complete the iocb inline if we can. Use - * irqsave/irqrestore because not all filesystems (e.g. fuse) - * call this function with IRQs disabled and because IRQs - * have to be disabled before ctx_lock is obtained. - */ - list_del(&iocb->ki_list); - iocb->ki_res.res = mangle_poll(mask); - req->done = true; - if (iocb->ki_eventfd && eventfd_signal_allowed()) { - iocb = NULL; - INIT_WORK(&req->work, aio_poll_put_work); - schedule_work(&req->work); - } - spin_unlock_irqrestore(&ctx->ctx_lock, flags); - if (iocb) - iocb_put(iocb); - } else { + /* complete iocb inline */ + list_del(&iocb->ki_list); + iocb->ki_res.res = mangle_poll(mask); + req->done = true; + if (iocb->ki_eventfd && eventfd_signal_allowed()) { + iocb = NULL; + INIT_WORK(&req->work, aio_poll_put_work); schedule_work(&req->work); } + spin_unlock_irqrestore(&ctx->ctx_lock, flags); + if (iocb) + iocb_put(iocb); + return 1; } diff --git a/include/uapi/asm-generic/poll.h b/include/uapi/asm-generic/poll.h index 41b509f410bf..f9c520ce4bf4 100644 --- a/include/uapi/asm-generic/poll.h +++ b/include/uapi/asm-generic/poll.h @@ -29,7 +29,7 @@ #define POLLRDHUP 0x2000 #endif -#define POLLFREE (__force __poll_t)0x4000 /* currently only for epoll */ +#define POLLFREE (__force __poll_t)0x4000 #define POLL_BUSY_LOOP (__force __poll_t)0x8000 -- 2.33.0.1079.g6e70778dc9-goog

2 years, 5 months

2
2
0 0

[PATCH v2 1/5] mtd: rawnand/davinci: Don't calculate ECC when reading page

by Paul Cercueil

The function nand_davinci_read_page_hwecc_oob_first() does read the ECC data from the OOB area. Therefore it does not need to calculate the ECC as it is already available. Cc: <stable(a)vger.kernel.org> # v5.2 Fixes: a0ac778eb82c ("mtd: rawnand: ingenic: Add support for the JZ4740") Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> --- drivers/mtd/nand/raw/davinci_nand.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/mtd/nand/raw/davinci_nand.c b/drivers/mtd/nand/raw/davinci_nand.c index 118da9944e3b..89de24d3bb7a 100644 --- a/drivers/mtd/nand/raw/davinci_nand.c +++ b/drivers/mtd/nand/raw/davinci_nand.c @@ -394,7 +394,6 @@ static int nand_davinci_read_page_hwecc_oob_first(struct nand_chip *chip, int eccsteps = chip->ecc.steps; uint8_t *p = buf; uint8_t *ecc_code = chip->ecc.code_buf; - uint8_t *ecc_calc = chip->ecc.calc_buf; unsigned int max_bitflips = 0; /* Read the OOB area first */ @@ -420,8 +419,6 @@ static int nand_davinci_read_page_hwecc_oob_first(struct nand_chip *chip, if (ret) return ret; - chip->ecc.calculate(chip, p, &ecc_calc[i]); - stat = chip->ecc.correct(chip, p, &ecc_code[i], NULL); if (stat == -EBADMSG && (chip->ecc.options & NAND_ECC_GENERIC_ERASED_CHECK)) { -- 2.33.0

2 years, 5 months

2
9
0 0

FAILED: patch "[PATCH] tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4030a6e6a6a4a42ff8c18414c9e0c93e24cc70b8 Mon Sep 17 00:00:00 2001 From: Paul Burton <paulburton(a)google.com> Date: Thu, 1 Jul 2021 10:24:07 -0700 Subject: [PATCH] tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT Currently tgid_map is sized at PID_MAX_DEFAULT entries, which means that on systems where pid_max is configured higher than PID_MAX_DEFAULT the ftrace record-tgid option doesn't work so well. Any tasks with PIDs higher than PID_MAX_DEFAULT are simply not recorded in tgid_map, and don't show up in the saved_tgids file. In particular since systemd v243 & above configure pid_max to its highest possible 1<<22 value by default on 64 bit systems this renders the record-tgids option of little use. Increase the size of tgid_map to the configured pid_max instead, allowing it to cover the full range of PIDs up to the maximum value of PID_MAX_LIMIT if the system is configured that way. On 64 bit systems with pid_max == PID_MAX_LIMIT this will increase the size of tgid_map from 256KiB to 16MiB. Whilst this 64x increase in memory overhead sounds significant 64 bit systems are presumably best placed to accommodate it, and since tgid_map is only allocated when the record-tgid option is actually used presumably the user would rather it spends sufficient memory to actually record the tgids they expect. The size of tgid_map could also increase for CONFIG_BASE_SMALL=y configurations, but these seem unlikely to be systems upon which people are both configuring a large pid_max and running ftrace with record-tgid anyway. Of note is that we only allocate tgid_map once, the first time that the record-tgid option is enabled. Therefore its size is only set once, to the value of pid_max at the time the record-tgid option is first enabled. If a user increases pid_max after that point, the saved_tgids file will not contain entries for any tasks with pids beyond the earlier value of pid_max. Link: https://lkml.kernel.org/r/20210701172407.889626-2-paulburton@google.com Fixes: d914ba37d714 ("tracing: Add support for recording tgid of tasks") Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Joel Fernandes <joelaf(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Paul Burton <paulburton(a)google.com> [ Fixed comment coding style ] Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4843076d67d3..14f56e9fa001 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2191,8 +2191,15 @@ void tracing_reset_all_online_cpus(void) } } +/* + * The tgid_map array maps from pid to tgid; i.e. the value stored at index i + * is the tgid last observed corresponding to pid=i. + */ static int *tgid_map; +/* The maximum valid index into tgid_map. */ +static size_t tgid_map_max; + #define SAVED_CMDLINES_DEFAULT 128 #define NO_CMDLINE_MAP UINT_MAX static arch_spinlock_t trace_cmdline_lock = __ARCH_SPIN_LOCK_UNLOCKED; @@ -2468,24 +2475,41 @@ void trace_find_cmdline(int pid, char comm[]) preempt_enable(); } +static int *trace_find_tgid_ptr(int pid) +{ + /* + * Pairs with the smp_store_release in set_tracer_flag() to ensure that + * if we observe a non-NULL tgid_map then we also observe the correct + * tgid_map_max. + */ + int *map = smp_load_acquire(&tgid_map); + + if (unlikely(!map || pid > tgid_map_max)) + return NULL; + + return &map[pid]; +} + int trace_find_tgid(int pid) { - if (unlikely(!tgid_map || !pid || pid > PID_MAX_DEFAULT)) - return 0; + int *ptr = trace_find_tgid_ptr(pid); - return tgid_map[pid]; + return ptr ? *ptr : 0; } static int trace_save_tgid(struct task_struct *tsk) { + int *ptr; + /* treat recording of idle task as a success */ if (!tsk->pid) return 1; - if (unlikely(!tgid_map || tsk->pid > PID_MAX_DEFAULT)) + ptr = trace_find_tgid_ptr(tsk->pid); + if (!ptr) return 0; - tgid_map[tsk->pid] = tsk->tgid; + *ptr = tsk->tgid; return 1; } @@ -5225,6 +5249,8 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled) { + int *map; + if ((mask == TRACE_ITER_RECORD_TGID) || (mask == TRACE_ITER_RECORD_CMD)) lockdep_assert_held(&event_mutex); @@ -5247,10 +5273,19 @@ int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled) trace_event_enable_cmd_record(enabled); if (mask == TRACE_ITER_RECORD_TGID) { - if (!tgid_map) - tgid_map = kvcalloc(PID_MAX_DEFAULT + 1, - sizeof(*tgid_map), - GFP_KERNEL); + if (!tgid_map) { + tgid_map_max = pid_max; + map = kvcalloc(tgid_map_max + 1, sizeof(*tgid_map), + GFP_KERNEL); + + /* + * Pairs with smp_load_acquire() in + * trace_find_tgid_ptr() to ensure that if it observes + * the tgid_map we just allocated then it also observes + * the corresponding tgid_map_max value. + */ + smp_store_release(&tgid_map, map); + } if (!tgid_map) { tr->trace_flags &= ~TRACE_ITER_RECORD_TGID; return -ENOMEM; @@ -5664,18 +5699,14 @@ static void *saved_tgids_next(struct seq_file *m, void *v, loff_t *pos) { int pid = ++(*pos); - if (pid > PID_MAX_DEFAULT) - return NULL; - - return &tgid_map[pid]; + return trace_find_tgid_ptr(pid); } static void *saved_tgids_start(struct seq_file *m, loff_t *pos) { - if (!tgid_map || *pos > PID_MAX_DEFAULT) - return NULL; + int pid = *pos; - return &tgid_map[*pos]; + return trace_find_tgid_ptr(pid); } static void saved_tgids_stop(struct seq_file *m, void *v)

2 years, 5 months

3
2
0 0

FAILED: patch "[PATCH] bootconfig: init: Fix memblock leak in xbc_make_cmdline()" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1ae43851b18afe861120ebd7c426dc44f06bb2bd Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Thu, 16 Sep 2021 15:23:12 +0900 Subject: [PATCH] bootconfig: init: Fix memblock leak in xbc_make_cmdline() Free unused memblock in a error case to fix memblock leak in xbc_make_cmdline(). Link: https://lkml.kernel.org/r/163177339181.682366.8713781325929549256.stgit@dev… Fixes: 51887d03aca1 ("bootconfig: init: Allow admin to use bootconfig for kernel command line") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/init/main.c b/init/main.c index 81a79a77db46..3c4054a95545 100644 --- a/init/main.c +++ b/init/main.c @@ -382,6 +382,7 @@ static char * __init xbc_make_cmdline(const char *key) ret = xbc_snprint_cmdline(new_cmdline, len + 1, root); if (ret < 0 || ret > len) { pr_err("Failed to print extra kernel cmdline.\n"); + memblock_free_ptr(new_cmdline, len + 1); return NULL; }

2 years, 5 months

3
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2021