August 2021 - Linux-stable-mirror

[PATCH v2] x86/mm: fix kern_addr_valid to cope with existing but not present entries

by Mike Rapoport

From: Mike Rapoport <rppt(a)linux.ibm.com> Jiri Olsa reported a fault when running: # cat /proc/kallsyms | grep ksys_read ffffffff8136d580 T ksys_read # objdump -d --start-address=0xffffffff8136d580 --stop-address=0xffffffff8136d590 /proc/kcore /proc/kcore: file format elf64-x86-64 Segmentation fault krava33 login: [ 68.330612] general protection fault, probably for non-canonical address 0xf887ffcbff000: 0000 [#1] SMP PTI [ 68.333118] CPU: 12 PID: 1079 Comm: objdump Not tainted 5.14.0-rc5qemu+ #508 [ 68.334922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-4.fc34 04/01/2014 [ 68.336945] RIP: 0010:kern_addr_valid+0x150/0x300 [ 68.338082] Code: 1f 40 00 48 8b 0d e8 12 61 01 48 85 f6 0f 85 ca 00 00 00 48 81 e1 00 f0 ff ff 48 21 c1 48 b8 00 00 00 00 80 88 ff ff 48 01 ca <48> 8b 3c 02 48 f7 c7 9f ff ff ff 0f 84 d8 fe ff ff 48 89 f8 0f 1f [ 68.342220] RSP: 0018:ffffc90000bcbc38 EFLAGS: 00010206 [ 68.343428] RAX: ffff888000000000 RBX: 0000000000001000 RCX: 000ffffffcbff000 [ 68.345029] RDX: 000ffffffcbff000 RSI: 0000000000000000 RDI: 800ffffffcbff062 [ 68.346599] RBP: ffffc90000bcbea8 R08: 0000000000001000 R09: 0000000000000000 [ 68.349000] R10: 0000000000000000 R11: 0000000000001000 R12: 00007fcc0fd80010 [ 68.350804] R13: ffffffff83400000 R14: 0000000000400000 R15: ffffffff843d23e0 [ 68.352609] FS: 00007fcc111fcc80(0000) GS:ffff888275e00000(0000) knlGS:0000000000000000 [ 68.354638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.356104] CR2: 00007fcc0fd80000 CR3: 000000011226e004 CR4: 0000000000770ee0 [ 68.357896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.359694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.361597] PKRU: 55555554 [ 68.362460] Call Trace: [ 68.363252] read_kcore+0x57f/0x920 [ 68.364289] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.365630] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.366955] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.368277] ? trace_hardirqs_on+0x1b/0xd0 [ 68.369462] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.370793] ? lock_acquire+0x195/0x2f0 [ 68.371920] ? lock_acquire+0x195/0x2f0 [ 68.373035] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.374364] ? lock_acquire+0x195/0x2f0 [ 68.375498] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.376831] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.379883] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.381268] ? lock_release+0x22b/0x3e0 [ 68.382458] ? _raw_spin_unlock+0x1f/0x30 [ 68.383685] ? __handle_mm_fault+0xcfc/0x15f0 [ 68.384994] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.386389] ? lock_acquire+0x195/0x2f0 [ 68.387573] ? rcu_read_lock_sched_held+0x12/0x80 [ 68.388969] ? lock_release+0x22b/0x3e0 [ 68.390145] proc_reg_read+0x55/0xa0 [ 68.391257] ? vfs_read+0x78/0x1b0 [ 68.392336] vfs_read+0xa7/0x1b0 [ 68.393328] ksys_read+0x68/0xe0 [ 68.394308] do_syscall_64+0x3b/0x90 [ 68.395391] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.396804] RIP: 0033:0x7fcc11cf92e2 [ 68.397824] Code: c0 e9 b2 fe ff ff 50 48 8d 3d ea 2e 0a 00 e8 95 e9 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 68.402420] RSP: 002b:00007ffd6e0f8da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 68.404357] RAX: ffffffffffffffda RBX: 0000565439305b20 RCX: 00007fcc11cf92e2 [ 68.406061] RDX: 0000000000800000 RSI: 00007fcc0f980010 RDI: 0000000000000003 [ 68.407747] RBP: 00007fcc11dcd300 R08: 0000000000000003 R09: 00007fcc0d980010 [ 68.410937] R10: 0000000003826000 R11: 0000000000000246 R12: 00007fcc0f980010 [ 68.412624] R13: 0000000000000d68 R14: 00007fcc11dcc700 R15: 0000000000800000 [ 68.414322] Modules linked in: intel_rapl_msr intel_rapl_common nfit kvm_intel kvm irqbypass rapl iTCO_wdt iTCO_vendor_support i2c_i801 i2c_smbus lpc_ich drm drm_panel_orientation_quirks zram xfs crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel [ 68.419591] ---[ end trace e2c30f827226966b ]--- [ 68.420969] RIP: 0010:kern_addr_valid+0x150/0x300 [ 68.422308] Code: 1f 40 00 48 8b 0d e8 12 61 01 48 85 f6 0f 85 ca 00 00 00 48 81 e1 00 f0 ff ff 48 21 c1 48 b8 00 00 00 00 80 88 ff ff 48 01 ca <48> 8b 3c 02 48 f7 c7 9f ff ff ff 0f 84 d8 fe ff ff 48 89 f8 0f 1f [ 68.426826] RSP: 0018:ffffc90000bcbc38 EFLAGS: 00010206 [ 68.428150] RAX: ffff888000000000 RBX: 0000000000001000 RCX: 000ffffffcbff000 [ 68.429813] RDX: 000ffffffcbff000 RSI: 0000000000000000 RDI: 800ffffffcbff062 [ 68.431465] RBP: ffffc90000bcbea8 R08: 0000000000001000 R09: 0000000000000000 [ 68.433115] R10: 0000000000000000 R11: 0000000000001000 R12: 00007fcc0fd80010 [ 68.434768] R13: ffffffff83400000 R14: 0000000000400000 R15: ffffffff843d23e0 [ 68.436423] FS: 00007fcc111fcc80(0000) GS:ffff888275e00000(0000) knlGS:0000000000000000 [ 68.438354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.442077] CR2: 00007fcc0fd80000 CR3: 000000011226e004 CR4: 0000000000770ee0 [ 68.443727] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.445370] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.447010] PKRU: 55555554 The fault happens because kern_addr_valid() dereferences existent but not present PMD in the high kernel mappings. Such PMDs are created when free_kernel_image_pages() frees regions larger than 2Mb. In this case a part of the freed memory is mapped with PMDs and the set_memory_np_noalias() -> ... -> __change_page_attr() sequence will mark the PMD as not present rather than wipe it completely. Make kern_addr_valid() to check whether higher level page table entries are present before trying to dereference them to fix this issue and to avoid similar issues in the future. Reported-by: Jiri Olsa <jolsa(a)redhat.com> Signed-off-by: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> # 4.4+ --- v2: * drop pXd_none() checks and leave only pXd_present(), per David v1: https://lore.kernel.org/lkml/20210817135854.25407-1-rppt@kernel.org arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index ddeaba947eb3..879886c6cc53 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1433,18 +1433,18 @@ int kern_addr_valid(unsigned long addr) return 0; p4d = p4d_offset(pgd, addr); - if (p4d_none(*p4d)) + if (!p4d_present(*p4d)) return 0; pud = pud_offset(p4d, addr); - if (pud_none(*pud)) + if (!pud_present(*pud)) return 0; if (pud_large(*pud)) return pfn_valid(pud_pfn(*pud)); pmd = pmd_offset(pud, addr); - if (pmd_none(*pmd)) + if (!pmd_present(*pmd)) return 0; if (pmd_large(*pmd)) -- 2.28.0

3 years, 2 months

6
10
0 0

[PATCH] Revert "wcn36xx: Enable firmware link monitoring"

by Loic Poulain

This reverts commit 8def9ec46a5fafc0abcf34489a9e8a787bca984d. The firmware keep-alive does not cause any event in case of error such as non acked. It's just a basic keep alive to prevent the AP to kick-off the station due to inactivity. So let mac80211 submit its own monitoring packet (probe/null) and disconnect on timeout. Note: We want to keep firmware keep alive to prevent kick-off when host is in suspend-to-mem (no mac80211 monitor packet). Ideally fw keep alive should be enabled in suspend path and disabled in resume path to prevent having both firmware and mac80211 submitting periodic null packets. This fixes non detected AP leaving issues in active mode (nothing monitors beacon or connection). Cc: stable(a)vger.kernel.org Fixes: 8def9ec46a5f ("wcn36xx: Enable firmware link monitoring") Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> --- drivers/net/wireless/ath/wcn36xx/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c index 216bc34..128d25d 100644 --- a/drivers/net/wireless/ath/wcn36xx/main.c +++ b/drivers/net/wireless/ath/wcn36xx/main.c @@ -1362,7 +1362,6 @@ static int wcn36xx_init_ieee80211(struct wcn36xx *wcn) ieee80211_hw_set(wcn->hw, HAS_RATE_CONTROL); ieee80211_hw_set(wcn->hw, SINGLE_SCAN_ON_ALL_BANDS); ieee80211_hw_set(wcn->hw, REPORTS_TX_ACK_STATUS); - ieee80211_hw_set(wcn->hw, CONNECTION_MONITOR); wcn->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) | BIT(NL80211_IFTYPE_AP) | -- 2.7.4

3 years, 2 months

3
6
0 0

[PATCH 4.19.y] net: dsa: mt7530: disable learning on standalone ports

by DENG Qingfang

This is a partial backport of commit 5a30833b9a16f8d1aa15de06636f9317ca51f9df ("net: dsa: mt7530: support MDB and bridge flag operations") upstream. Make sure that the standalone ports start up with learning disabled. Signed-off-by: DENG Qingfang <dqfext(a)gmail.com> --- drivers/net/dsa/mt7530.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index 6335c4ea0957..67dfab774618 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -803,6 +803,8 @@ mt7530_port_bridge_join(struct dsa_switch *ds, int port, PCR_MATRIX_MASK, PCR_MATRIX(port_bitmap)); priv->ports[port].pm |= PCR_MATRIX(port_bitmap); + mt7530_clear(priv, MT7530_PSC_P(port), SA_DIS); + mutex_unlock(&priv->reg_mutex); return 0; @@ -907,6 +909,8 @@ mt7530_port_bridge_leave(struct dsa_switch *ds, int port, mt7530_port_set_vlan_unaware(ds, port); + mt7530_set(priv, MT7530_PSC_P(port), SA_DIS); + mutex_unlock(&priv->reg_mutex); } @@ -1287,11 +1291,15 @@ mt7530_setup(struct dsa_switch *ds) mt7530_rmw(priv, MT7530_PCR_P(i), PCR_MATRIX_MASK, PCR_MATRIX_CLR); - if (dsa_is_cpu_port(ds, i)) + if (dsa_is_cpu_port(ds, i)) { mt7530_cpu_port_enable(priv, i); - else + } else { mt7530_port_disable(ds, i, NULL); + /* Disable learning by default on all user ports */ + mt7530_set(priv, MT7530_PSC_P(i), SA_DIS); + } + /* Enable consistent egress tag */ mt7530_rmw(priv, MT7530_PVC_P(i), PVC_EG_TAG_MASK, PVC_EG_TAG(MT7530_VLAN_EG_CONSISTENT)); -- 2.25.1

3 years, 2 months

3
7
0 0

[PATCH AUTOSEL 5.13 01/14] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats

by Sasha Levin

From: Krzysztof Hałasa <khalasa(a)piap.pl> [ Upstream commit 7cca7c8096e2c8a4149405438329b5035d0744f0 ] Video captured in 1400x1050 resolution (bytesperline aka stride = 1408 bytes) is invalid. Fix it. Signed-off-by: Krzysztof Halasa <khalasa(a)piap.pl> Link: https://lore.kernel.org/r/m3y2bmq7a4.fsf@t19.piap.pl [p.zabel(a)pengutronix.de: added "gpu: ipu-v3:" prefix to commit description] Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/ipu-v3/ipu-cpmem.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/drivers/gpu/ipu-v3/ipu-cpmem.c b/drivers/gpu/ipu-v3/ipu-cpmem.c index a1c85d1521f5..82b244cb313e 100644 --- a/drivers/gpu/ipu-v3/ipu-cpmem.c +++ b/drivers/gpu/ipu-v3/ipu-cpmem.c @@ -585,21 +585,21 @@ static const struct ipu_rgb def_bgra_16 = { .bits_per_pixel = 16, }; -#define Y_OFFSET(pix, x, y) ((x) + pix->width * (y)) -#define U_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * ((y) / 2) / 2) + (x) / 2) -#define V_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * pix->height / 4) + \ - (pix->width * ((y) / 2) / 2) + (x) / 2) -#define U2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * (y) / 2) + (x) / 2) -#define V2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * pix->height / 2) + \ - (pix->width * (y) / 2) + (x) / 2) -#define UV_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * ((y) / 2)) + (x)) -#define UV2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ - (pix->width * y) + (x)) +#define Y_OFFSET(pix, x, y) ((x) + pix->bytesperline * (y)) +#define U_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) +#define V_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * pix->height / 4) + \ + (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) +#define U2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * (y) / 2) + (x) / 2) +#define V2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * pix->height / 2) + \ + (pix->bytesperline * (y) / 2) + (x) / 2) +#define UV_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * ((y) / 2)) + (x)) +#define UV2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ + (pix->bytesperline * y) + (x)) #define NUM_ALPHA_CHANNELS 7 -- 2.30.2

3 years, 2 months

3
17
0 0

[PATCH v3 00/28] cxl_test: Enable CXL Topology and UAPI regression tests

by Dan Williams

Changes since v1* [1]: - Rearrange setters to be next to getters (Jonathan) - Fix endian bug in nsl_set_slot() (kbuild robot) - Return NULL instead of !name (Jonathan) - Use {import,export}_uuid() where UUIDs are used in external interface structures (Andy) - Fix uuid_to_nvdimm_class() to be static (kbuild robot) - Fixup changelog to note uuid copying fixups (Jonathan) - Fix the broken nlabel/nrange confusion for CXL labels (Jonathan) - Add a dedicated nlabel validation helper - Add nrange helpers for CXL - Introduce __mock to fix unnecessary global symbols (kbuild robot) - Include core.h to fix some missing prototype warnings (kbuild robot) - Fix excessive stack usage from devm_cxl_add_decoder() (kbuild robot) - Add spec reference for namespace label fields (Jonathan) - Fix uninitialized variable use in cxl_nvdimm_probe() (kbuild robot) - Move cxl region definition to its own patch for readability (Jonathan) - Move exclusive command validation to cxl_validate_cmd_from_user() (Ben) - Fix exclusive command locking (Ben) - Fold in Alison's acpi_pci_find_root() fix and rebase (Alison) - Rebase on 0day-induced fixups of the baseline [1]: https://lore.kernel.org/r/162854806653.1980150.3354618413963083778.stgit@dw… Note that there were some one-off direct replies marked v2, but now this set supersedes those. --- Changed or new(*) patches since v1 are: [ PATCH v3 03/28] libnvdimm/labels: Introduce label setter helpers [ PATCH v3 09/28] libnvdimm/labels: Add address-abstraction uuid definitions [ PATCH v3 10/28] libnvdimm/labels: Add uuid helpers [*PATCH v3 11/28] libnvdimm/label: Add a helper for nlabel validation [*PATCH v3 12/28] libnvdimm/labels: Introduce the concept of multi-range namespace labels [*PATCH v3 13/28] libnvdimm/label: Define CXL region labels [ PATCH v3 14/28] libnvdimm/labels: Introduce CXL labels [ PATCH v3 17/28] cxl/mbox: Move mailbox and other non-PCI specific infrastructure to the core [ PATCH v3 20/28] cxl/mbox: Add exclusive kernel command support [ PATCH v3 21/28] cxl/pmem: Translate NVDIMM label commands to CXL label commands [ PATCH v3 22/28] cxl/pmem: Add support for multiple nvdimm-bridge objects [*PATCH v3 23/28] cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports [ PATCH v3 24/28] tools/testing/cxl: Introduce a mocked-up CXL port hierarchy [ PATCH v3 27/28] tools/testing/cxl: Introduce a mock memory device + driver [*PATCH v3 28/28] cxl/core: Split decoder setup into alloc + add --- As mentioned in patch 24 in this series the response of upstream QEMU community to CXL device emulation has been underwhelming to date. Even if that picked up it still results in a situation where new driver features and new test capabilities for those features are split across multiple repositories. The "nfit_test" approach of mocking up platform resources via an external test module continues to yield positive results catching regressions early and often. So this attempts to repeat that success with a "cxl_test" module to inject custom crafted topologies and command responses into the CXL subsystem's sysfs and ioctl UAPIs. The first target for cxl_test to verify is the integration of CXL with LIBNVDIMM and the new support for the CXL namespace label + region-label format. The first 14 patches introduce support for the new label format. The next 9 patches rework the CXL PCI driver and to move more common infrastructure into the core for the unit test environment to reuse. The largest change here is disconnecting the mailbox command processing infrastructure from the PCI specific transport. The unit test environment replaces the PCI transport with a custom backend with mocked responses to command requests. Patch 24 introduces just enough mocked functionality for the cxl_acpi driver to load against cxl_test resources. Patch 21 fixes the first bug discovered by this framework, namely that HDM decoder target list maps were not being filled out. Finally patches 26 and 27 introduce a cxl_test representation of memory expander devices. In this initial implementation these memory expander targets implement just enough command support to pass the basic driver init sequence and enable label command passthrough to LIBNVDIMM. The topology of cxl_test includes: - (4) platform fixed memory windows. One each of a x1-volatile, x4-volatile, x1-persistent, and x4-persistent. - (4) Host bridges each with (2) root ports - (8) CXL memory expanders, one for each root port - Each memory expander device supports the GET_SUPPORTED_LOGS, GET_LOG, IDENTIFY, GET_LSA, and SET_LSA commands. Going forward the expectation is that where possible new UAPI visible subsystem functionality comes with cxl_test emulation of the same. The build process for cxl_test is: make M=tools/testing/cxl make M=tools/testing/cxl modules_install The implementation methodology of the test module is the same as nfit_test where the bulk of the emulation comes from replacing symbols that cxl_acpi and the cxl_core import with mocked implementation of those symbols. See the "--wrap=" lines in tools/testing/cxl/Kbuild. Some symbols need to be replaced, but are local to the modules like match_add_root_ports(). In those cases the local symbol is marked __weak (via __mock) with a strong implementation coming from tools/testing/cxl/. The goal being to be minimally invasive to production code paths. --- Alison Schofield (1): cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports Dan Williams (27): libnvdimm/labels: Introduce getters for namespace label fields libnvdimm/labels: Add isetcookie validation helper libnvdimm/labels: Introduce label setter helpers libnvdimm/labels: Add a checksum calculation helper libnvdimm/labels: Add blk isetcookie set / validation helpers libnvdimm/labels: Add blk special cases for nlabel and position helpers libnvdimm/labels: Add type-guid helpers libnvdimm/labels: Add claim class helpers libnvdimm/labels: Add address-abstraction uuid definitions libnvdimm/labels: Add uuid helpers libnvdimm/label: Add a helper for nlabel validation libnvdimm/labels: Introduce the concept of multi-range namespace labels libnvdimm/label: Define CXL region labels libnvdimm/labels: Introduce CXL labels cxl/pci: Make 'struct cxl_mem' device type generic cxl/mbox: Introduce the mbox_send operation cxl/mbox: Move mailbox and other non-PCI specific infrastructure to the core cxl/pci: Use module_pci_driver cxl/mbox: Convert 'enabled_cmds' to DECLARE_BITMAP cxl/mbox: Add exclusive kernel command support cxl/pmem: Translate NVDIMM label commands to CXL label commands cxl/pmem: Add support for multiple nvdimm-bridge objects tools/testing/cxl: Introduce a mocked-up CXL port hierarchy cxl/bus: Populate the target list at decoder create cxl/mbox: Move command definitions to common location tools/testing/cxl: Introduce a mock memory device + driver cxl/core: Split decoder setup into alloc + add Documentation/driver-api/cxl/memory-devices.rst | 3 drivers/cxl/acpi.c | 143 ++- drivers/cxl/core/Makefile | 1 drivers/cxl/core/bus.c | 87 +- drivers/cxl/core/core.h | 8 drivers/cxl/core/mbox.c | 798 +++++++++++++++++ drivers/cxl/core/memdev.c | 115 ++- drivers/cxl/core/pmem.c | 32 + drivers/cxl/cxl.h | 45 + drivers/cxl/cxlmem.h | 188 ++++ drivers/cxl/pci.c | 1051 +---------------------- drivers/cxl/pmem.c | 160 +++- drivers/nvdimm/btt.c | 11 drivers/nvdimm/btt_devs.c | 14 drivers/nvdimm/core.c | 40 - drivers/nvdimm/label.c | 361 +++++--- drivers/nvdimm/label.h | 121 ++- drivers/nvdimm/namespace_devs.c | 204 ++-- drivers/nvdimm/nd-core.h | 5 drivers/nvdimm/nd.h | 289 ++++++ drivers/nvdimm/pfn_devs.c | 2 include/linux/nd.h | 4 tools/testing/cxl/Kbuild | 38 + tools/testing/cxl/config_check.c | 13 tools/testing/cxl/mock_acpi.c | 109 ++ tools/testing/cxl/mock_pmem.c | 24 + tools/testing/cxl/test/Kbuild | 10 tools/testing/cxl/test/cxl.c | 587 +++++++++++++ tools/testing/cxl/test/mem.c | 255 ++++++ tools/testing/cxl/test/mock.c | 171 ++++ tools/testing/cxl/test/mock.h | 27 + 31 files changed, 3422 insertions(+), 1494 deletions(-) create mode 100644 drivers/cxl/core/mbox.c create mode 100644 tools/testing/cxl/Kbuild create mode 100644 tools/testing/cxl/config_check.c create mode 100644 tools/testing/cxl/mock_acpi.c create mode 100644 tools/testing/cxl/mock_pmem.c create mode 100644 tools/testing/cxl/test/Kbuild create mode 100644 tools/testing/cxl/test/cxl.c create mode 100644 tools/testing/cxl/test/mem.c create mode 100644 tools/testing/cxl/test/mock.c create mode 100644 tools/testing/cxl/test/mock.h base-commit: ceeb0da0a0322bcba4c50ab3cf97fe9a7aa8a2e4

3 years, 2 months

2
3
0 0

[PATCH regression fix] firmware/dmi: Move product_sku info to the end of the modalias

by Hans de Goede

Commit e26f023e01ef ("firmware/dmi: Include product_sku info to modalias") added a new field to the modalias in the middle of the modalias, breaking some existing udev/hwdb matches on the whole modalias without a wildcard ('*') in between the pvr and rvn fields. All modalias matches in e.g. : https://github.com/systemd/systemd/blob/main/hwdb.d/60-sensor.hwdb deliberately end in ':*' so that new fields can be added at *the end* of the modalias, but adding a new field in the middle like this breaks things. Move the new sku field to the end of the modalias to fix some hwdb entries no longer matching. The new sku field has already been put to use in 2 new hwdb entries: sensor:modalias:platform:HID-SENSOR-200073:dmi:*svnDell*:sku0A3E:* ACCEL_LOCATION=base sensor:modalias:platform:HID-SENSOR-200073:dmi:*svnDell*:sku0B0B:* ACCEL_LOCATION=base The wildcard use before and after the sku in these matches means that they should keep working with the sku moved to the end. Note that there is a second instance of in essence the same problem, commit f5152f4ded3c ("firmware/dmi: Report DMI Bios & EC firmware release") Added 2 new br and efr fields in the middle of the modalias. This too breaks some hwdb modalias matches, but this has gone unnoticed for over a year. So some newer hwdb modalias matches actually depend on these fields being in the middle of the string. Moving these to the end now would break 3 hwdb entries, while fixing 8 entries. Since there is no good answer for the new br and efr fields I have chosen to leave these as is. Instead I'll submit a hwdb update to put a wildcard at the place where these fields may or may not be present depending on the kernel version. BugLink: https://github.com/systemd/systemd/issues/20550 Link: https://github.com/systemd/systemd/pull/20562 Fixes: e26f023e01ef ("firmware/dmi: Include product_sku info to modalias") Cc: stable(a)vger.kernel.org Cc: Kai-Chuan Hsieh <kaichuan.hsieh(a)canonical.com> Cc: Erwan Velu <e.velu(a)criteo.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/firmware/dmi-id.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/dmi-id.c b/drivers/firmware/dmi-id.c index 4d5421d14a41..940ddf916202 100644 --- a/drivers/firmware/dmi-id.c +++ b/drivers/firmware/dmi-id.c @@ -73,6 +73,10 @@ static void ascii_filter(char *d, const char *s) static ssize_t get_modalias(char *buffer, size_t buffer_size) { + /* + * Note new fields need to be added at the end to keep compatibility + * with udev's hwdb which does matches on "`cat dmi/id/modalias`*". + */ static const struct mafield { const char *prefix; int field; @@ -85,13 +89,13 @@ static ssize_t get_modalias(char *buffer, size_t buffer_size) { "svn", DMI_SYS_VENDOR }, { "pn", DMI_PRODUCT_NAME }, { "pvr", DMI_PRODUCT_VERSION }, - { "sku", DMI_PRODUCT_SKU }, { "rvn", DMI_BOARD_VENDOR }, { "rn", DMI_BOARD_NAME }, { "rvr", DMI_BOARD_VERSION }, { "cvn", DMI_CHASSIS_VENDOR }, { "ct", DMI_CHASSIS_TYPE }, { "cvr", DMI_CHASSIS_VERSION }, + { "sku", DMI_PRODUCT_SKU }, { NULL, DMI_NONE } }; -- 2.31.1

3 years, 2 months

2
2
0 0

[PATCH 5.13 000/127] 5.13.13-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 5.13.13 release. There are 127 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu 26 Aug 2021 04:55:18 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.13.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Adrian Larumbe (1): dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers Alan Stern (2): USB: core: Avoid WARNings for 0-length descriptor requests USB: core: Fix incorrect pipe calculation in do_proc_control() Andreas Persson (1): mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards Andrew Delgadillo (1): arm64: clean vdso & vdso32 files Andy Shevchenko (1): ptp_pch: Restore dependency on PCI Anshuman Gupta (1): drm/i915: Tweaked Wa_14010685332 for all PCHs Apurva Nandan (1): spi: cadence-quadspi: Fix check condition for DTR ops Arkadiusz Kubalewski (1): i40e: Fix ATR queue selection Arnd Bergmann (1): mt76: fix enum type mismatch Bing Guo (1): drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X Bjorn Andersson (1): clk: qcom: gdsc: Ensure regulator init state matches GDSC state Caleb Connolly (1): arm64: dts: qcom: sdm845-oneplus: fix reserved-mem Christophe Kerello (1): mmc: mmci: stm32: Check when the voltage switch procedure should be done Christophe Leroy (3): powerpc/32s: Move setup_{kuep/kuap}() into {kuep/kuap}.c powerpc/32s: Refactor update of user segment registers powerpc/32s: Fix random crashes by adding isync() after locking/unlocking KUEP Dan Carpenter (1): mtd: rawnand: Add a check in of_get_nand_secure_regions() Dave Gerlach (1): ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218 Dinghao Liu (1): net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 Dmitry Osipenko (1): opp: Drop empty-table checks from _put functions Dong Aisheng (1): clk: imx6q: fix uart earlycon unwork Dongliang Mu (2): ipack: tpci200: fix many double free issues in tpci200_pci_probe ipack: tpci200: fix memory leak in the tpci200_register Eli Cohen (2): vdpa/mlx5: Avoid destroying MR on empty iotlb vdpa/mlx5: Fix queue type selection logic Elliot Berman (1): cfi: Use rcu_read_{un}lock_sched_notrace Ezequiel Garcia (1): iommu/dma: Fix leak in non-contiguous API Frank Wunderlich (1): iommu: Check if group is NULL before remove device Hans de Goede (1): usb: typec: tcpm: Fix VDMs sometimes not being forwarded to alt-mode drivers Harshvardhan Jha (2): net: xfrm: Fix end of loop tests for list_for_each_entry scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() Hayes Wang (2): r8152: fix writing USB_BP2_EN r8152: fix the maximum number of PLA bp for RTL8153C Ido Schimmel (1): Revert "flow_offload: action should not be NULL when it is referenced" Igor Pylypiv (1): scsi: pm80xx: Fix TMF task completion race condition Ilya Leoshkevich (1): bpf: Clear zext_dst of dead insns Ivan T. Ivanov (1): net: usb: lan78xx: don't modify phy_device state concurrently Jakub Kicinski (4): bnxt: don't lock the tx queue from napi poll bnxt: disable napi before canceling DIM bnxt: make sure xmit_more + errors does not miss doorbells bnxt: count Tx drops Jaroslav Kysela (1): ALSA: hda - fix the 'Capture Switch' value change notifications Jason Wang (1): virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO Jeff Layton (1): fs: warn about impending deprecation of mandatory locks Jens Axboe (2): io_uring: only assign io_uring_enter() SQPOLL error in actual error case io_uring: fix xa_alloc_cycle() error return value check Johannes Berg (1): mac80211: fix locking in ieee80211_restart_work() Johannes Weiner (1): mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim José Roberto de Souza (1): drm/i915: Skip display interruption setup when display is not available Kai-Heng Feng (1): ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 Kristin Paget (1): ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop Krzysztof Wilczyński (1): PCI/sysfs: Use correct variable for the legacy_mem sysfs object Lahav Schlesinger (1): vrf: Reset skb conntrack connection on VRF rcv Linus Torvalds (1): pipe: avoid unnecessary EPOLLET wakeups under normal loads Liu Yi L (1): iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() Lukas Bulwahn (1): tracing: define needed config DYNAMIC_FTRACE_WITH_ARGS Lukasz Luba (1): cpufreq: arm_scmi: Fix error path when allocation failed Manivannan Sadhasivam (1): mtd: rawnand: Fix probe failure due to of_get_nand_secure_regions() Marcin Bachry (1): PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI Marco Elver (1): kfence: fix is_kfence_address() for addresses below KFENCE_POOL_SIZE Marek Behún (1): cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant Matthieu Baerts (1): mptcp: full fully established support after ADD_ADDR Maxim Kochetkov (2): soc: fsl: qe: convert QE interrupt controller to platform_device soc: fsl: qe: fix static checker warning Michael Chan (2): bnxt_en: Disable aRFS if running on 212 firmware bnxt_en: Add missing DMA memory barriers Mike Kravetz (1): hugetlb: don't pass page cache pages to restore_reserve_on_error Nadav Amit (1): io_uring: Use WRITE_ONCE() when writing to sq_flags Naoya Horiguchi (2): mm,hwpoison: make get_hwpoison_page() call get_any_page() mm/hwpoison: retry with shake_page() for unhandlable pages NeilBrown (1): btrfs: prevent rename2 from exchanging a subvol with a directory from different parents Nicolas Saenz Julienne (2): mmc: sdhci-iproc: Cap min clock frequency on BCM2711 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 Niklas Schnelle (1): s390/pci: fix use after free of zpci_dev Oleksij Rempel (1): net: usb: asix: refactor asix_read_phy_addr() and handle errors on return Paolo Abeni (1): mptcp: fix memory leak on address flush Parav Pandit (1): virtio: Protect vqs list access Pavel Begunkov (1): io_uring: fix code style problems Pavel Skripkin (1): net: 6pack: fix slab-out-of-bounds in decode_data Peter Ujfalusi (1): dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available Peter Zijlstra (1): perf/x86: Fix out of bound MSR access Petko Manolov (1): net: usb: pegasus: Check the return value of get_geristers() and friends; Petr Pavlu (1): riscv: Fix a number of free'd resources in init_resources() Petr Vorel (3): arm64: dts: qcom: msm8992-bullhead: Remove PSCI arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem mapping arm64: dts: qcom: msm8994-angler: Disable cont_splash_mem Pingfan Liu (1): tracing: Apply trace filters on all output channels Prabhakar Kushwaha (1): qede: fix crash in rmmod qede while automatic debug collection Qingqing Zhuo (1): drm/amd/display: workaround for hard hang on HPD on native DP Randy Dunlap (1): dccp: add do-while-0 stubs for dccp_pr_debug macros Saravana Kannan (2): net: mdio-mux: Don't ignore memory allocation errors net: mdio-mux: Handle -EPROBE_DEFER correctly Sasha Levin (1): Linux 5.13.13-rc1 Shaik Sajida Bhanu (1): mmc: sdhci-msm: Update the software timeout value for sdhc Sreekanth Reddy (1): scsi: core: Avoid printing an error if target_alloc() returns -ENXIO Srinivas Kandagatla (5): arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x slimbus: messaging: start transaction ids from 1 instead of zero slimbus: messaging: check for valid transaction id slimbus: ngd: set correct device for pm slimbus: ngd: reset dma setup during runtime pm Steven Rostedt (VMware) (1): tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name Sudeep Holla (1): ARM: dts: nomadik: Fix up interrupt controller node names Sylwester Dziedziuch (1): iavf: Fix ping is lost after untrusted VF had tried to change MAC Takashi Iwai (2): ALSA: hda/via: Apply runtime PM workaround for ASUS B23E ASoC: intel: atom: Fix breakage for PCM buffer address setup Toke Høiland-Jørgensen (1): sch_cake: fix srchost/dsthost hashing mode Tony Lindgren (1): bus: ti-sysc: Fix error handling for sysc_check_active_timer() Uwe Kleine-König (1): spi: spi-mux: Add module info needed for autoloading Vincent Fu (1): kyber: make trace_block_rq call consistent with documentation Vincent Whitchurch (1): mmc: dw_mmc: Fix hang on data CRC error Vladimir Oltean (2): net: mscc: ocelot: allow forwarding from bridge ports to the tag_8021q CPU port net: dpaa2-switch: disable the control interface on error path Wang Hai (1): ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path Xie Yongji (5): vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() vhost: Fix the calculation in vhost_overflow() vdpa_sim: Fix return value check for vdpa_alloc_device() vp_vdpa: Fix return value check for vdpa_alloc_device() vDPA/ifcvf: Fix return value check for vdpa_alloc_device() Ye Bin (1): scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() Yifan Zhang (1): drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir. Yu Kuai (1): dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() Zhan Liu (1): drm/amd/display: Use DCN30 watermark calc for DCN301 jason-jh.lin (2): drm/mediatek: Add AAL output size configuration drm/mediatek: Add component_del in OVL and COLOR remove function kaixi.fan (1): ovs: clear skb->tstamp in forwarding path lijinlin (1): scsi: core: Fix capacity set to zero after offlinining device Makefile | 4 +- arch/arm/boot/dts/am43x-epos-evm.dts | 2 +- arch/arm/boot/dts/ste-nomadik-stn8815.dtsi | 4 +- arch/arm64/Makefile | 2 + .../dts/qcom/msm8992-bullhead-rev-101.dts | 12 ++ .../boot/dts/qcom/msm8994-angler-rev-101.dts | 4 + .../boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 +- .../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 4 +- arch/powerpc/include/asm/book3s/32/kup.h | 41 ++++ arch/powerpc/include/asm/book3s/32/mmu-hash.h | 27 +++ arch/powerpc/include/asm/kup.h | 5 +- arch/powerpc/mm/book3s32/Makefile | 1 + arch/powerpc/mm/book3s32/kuap.c | 11 + arch/powerpc/mm/book3s32/kuep.c | 37 +--- arch/powerpc/mm/book3s32/mmu.c | 20 -- arch/riscv/kernel/setup.c | 4 +- arch/s390/pci/pci.c | 6 + arch/s390/pci/pci_bus.h | 5 + arch/x86/events/core.c | 12 +- block/kyber-iosched.c | 2 +- drivers/bus/ti-sysc.c | 4 +- drivers/clk/imx/clk-imx6q.c | 2 +- drivers/clk/qcom/gdsc.c | 54 +++-- drivers/cpufreq/armada-37xx-cpufreq.c | 6 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/dma/of-dma.c | 9 +- drivers/dma/sh/usb-dmac.c | 2 +- drivers/dma/xilinx/xilinx_dma.c | 12 ++ drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 21 +- .../amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 4 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_optc.c | 2 +- .../amd/display/dc/dcn301/dcn301_resource.c | 96 +-------- .../drm/i915/display/intel_display_power.c | 16 +- drivers/gpu/drm/i915/i915_irq.c | 60 +++--- drivers/gpu/drm/mediatek/mtk_disp_color.c | 2 + drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 2 + drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 2 + drivers/iommu/dma-iommu.c | 1 + drivers/iommu/intel/pasid.c | 10 +- drivers/iommu/intel/pasid.h | 6 + drivers/iommu/iommu.c | 3 + drivers/ipack/carriers/tpci200.c | 60 +++--- drivers/mmc/host/dw_mmc.c | 6 +- drivers/mmc/host/mmci_stm32_sdmmc.c | 7 +- drivers/mmc/host/sdhci-iproc.c | 21 +- drivers/mmc/host/sdhci-msm.c | 18 ++ drivers/mtd/chips/cfi_cmdset_0002.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 113 ++++++---- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + .../ethernet/freescale/dpaa2/dpaa2-switch.c | 36 ++-- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 +- drivers/net/ethernet/intel/iavf/iavf.h | 1 + drivers/net/ethernet/intel/iavf/iavf_main.c | 1 + .../net/ethernet/intel/iavf/iavf_virtchnl.c | 47 ++++- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 5 +- drivers/net/ethernet/mscc/ocelot.c | 1 + drivers/net/ethernet/qlogic/qede/qede.h | 1 + drivers/net/ethernet/qlogic/qede/qede_main.c | 8 + .../ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 4 +- drivers/net/hamradio/6pack.c | 6 + drivers/net/mdio/mdio-mux.c | 36 ++-- drivers/net/usb/asix.h | 3 +- drivers/net/usb/asix_common.c | 31 +-- drivers/net/usb/asix_devices.c | 15 +- drivers/net/usb/ax88172a.c | 5 + drivers/net/usb/lan78xx.c | 16 +- drivers/net/usb/pegasus.c | 108 +++++++--- drivers/net/usb/r8152.c | 23 +- drivers/net/virtio_net.c | 14 +- drivers/net/vrf.c | 4 + .../net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt7915/mcu.h | 3 +- .../net/wireless/mediatek/mt76/mt7921/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt7921/mcu.h | 3 +- drivers/opp/core.c | 15 -- drivers/pci/pci-sysfs.c | 2 +- drivers/pci/quirks.c | 1 + drivers/ptp/Kconfig | 3 +- drivers/scsi/device_handler/scsi_dh_rdac.c | 4 +- drivers/scsi/megaraid/megaraid_mm.c | 21 +- drivers/scsi/pm8001/pm8001_sas.c | 32 ++- drivers/scsi/scsi_scan.c | 3 +- drivers/scsi/scsi_sysfs.c | 9 +- drivers/slimbus/messaging.c | 7 +- drivers/slimbus/qcom-ngd-ctrl.c | 22 +- drivers/soc/fsl/qe/qe_ic.c | 84 ++++---- drivers/spi/spi-cadence-quadspi.c | 21 +- drivers/spi/spi-mux.c | 8 + drivers/usb/core/devio.c | 2 +- drivers/usb/core/message.c | 6 + drivers/usb/typec/tcpm/tcpm.c | 13 +- drivers/vdpa/ifcvf/ifcvf_main.c | 4 +- drivers/vdpa/mlx5/core/mr.c | 9 - drivers/vdpa/mlx5/net/mlx5_vnet.c | 14 +- drivers/vdpa/vdpa_sim/vdpa_sim.c | 4 +- drivers/vdpa/virtio_pci/vp_vdpa.c | 4 +- drivers/vhost/vdpa.c | 3 +- drivers/vhost/vhost.c | 10 +- drivers/virtio/virtio.c | 1 + drivers/virtio/virtio_ring.c | 8 + fs/btrfs/inode.c | 10 +- fs/io_uring.c | 37 ++-- fs/namespace.c | 6 +- fs/pipe.c | 15 +- include/linux/kfence.h | 7 +- include/linux/memcontrol.h | 29 +-- include/linux/mlx5/mlx5_ifc_vdpa.h | 10 +- include/linux/pipe_fs_i.h | 2 + include/linux/virtio.h | 1 + include/net/flow_offload.h | 12 +- kernel/bpf/verifier.c | 1 + kernel/cfi.c | 8 +- kernel/trace/Kconfig | 5 + kernel/trace/trace.c | 18 +- kernel/trace/trace.h | 32 --- kernel/trace/trace_events_hist.c | 2 + mm/hugetlb.c | 21 +- mm/memory-failure.c | 196 ++++++++++-------- mm/vmscan.c | 27 ++- net/dccp/dccp.h | 6 +- net/mac80211/main.c | 2 + net/mptcp/options.c | 10 +- net/mptcp/pm_netlink.c | 44 ++-- net/openvswitch/vport.c | 1 + net/sched/sch_cake.c | 2 +- net/xfrm/xfrm_ipcomp.c | 2 +- sound/pci/hda/hda_generic.c | 10 +- sound/pci/hda/patch_realtek.c | 12 +- sound/pci/hda/patch_via.c | 1 + sound/soc/intel/atom/sst-mfld-platform-pcm.c | 2 +- 131 files changed, 1202 insertions(+), 778 deletions(-) create mode 100644 arch/powerpc/mm/book3s32/kuap.c -- 2.30.2

3 years, 2 months

8
142
0 0

Linux kernel 4.19 and below misses the patch - "fbmem: add margin check to fb_check_caps()"

by Dongliang Mu

Hi stable maintainers, It seems that Linux kernel 4.19 and below miss the patch - "fbmem: add margin check to fb_check_caps()" [1]. Linux kernel 5.4 and up is already merged this patch[2]. Are there any special issues about this patch? Why do maintainers miss such a patch? If I have any misunderstanding, please let me know. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… -- My best regards to you. No System Is Safe! Dongliang Mu

3 years, 2 months

2
4
0 0

[PATCH v2] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls

by Peter Collingbourne

A common implementation of isatty(3) involves calling a ioctl passing a dummy struct argument and checking whether the syscall failed -- bionic and glibc use TCGETS (passing a struct termios), and musl uses TIOCGWINSZ (passing a struct winsize). If the FD is a socket, we will copy sizeof(struct ifreq) bytes of data from the argument and return -EFAULT if that fails. The result is that the isatty implementations may return a non-POSIX-compliant value in errno in the case where part of the dummy struct argument is inaccessible, as both struct termios and struct winsize are smaller than struct ifreq (at least on arm64). Although there is usually enough stack space following the argument on the stack that this did not present a practical problem up to now, with MTE stack instrumentation it's more likely for the copy to fail, as the memory following the struct may have a different tag. Fix the problem by adding an early check for whether the ioctl is a valid socket ioctl, and return -ENOTTY if it isn't. Fixes: 44c02a2c3dc5 ("dev_ioctl(): move copyin/copyout to callers") Link: https://linux-review.googlesource.com/id/I869da6cf6daabc3e4b7b82ac979683ba0… Signed-off-by: Peter Collingbourne <pcc(a)google.com> Cc: <stable(a)vger.kernel.org> # 4.19 --- v2: - simplify check by using _IOC_TYPE() - move function inline into header include/linux/netdevice.h | 4 ++++ net/socket.c | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index eaf5bb008aa9..d65ce093e5a7 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -4012,6 +4012,10 @@ int netdev_rx_handler_register(struct net_device *dev, void netdev_rx_handler_unregister(struct net_device *dev); bool dev_valid_name(const char *name); +static inline bool is_socket_ioctl_cmd(unsigned int cmd) +{ + return _IOC_TYPE(cmd) == SOCK_IOC_TYPE; +} int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_copyout); int dev_ifconf(struct net *net, struct ifconf *, int); diff --git a/net/socket.c b/net/socket.c index 0b2dad3bdf7f..8808b3617dac 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1109,7 +1109,7 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, rtnl_unlock(); if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf))) err = -EFAULT; - } else { + } else if (is_socket_ioctl_cmd(cmd)) { struct ifreq ifr; bool need_copyout; if (copy_from_user(&ifr, argp, sizeof(struct ifreq))) @@ -1118,6 +1118,8 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, if (!err && need_copyout) if (copy_to_user(argp, &ifr, sizeof(struct ifreq))) return -EFAULT; + } else { + err = -ENOTTY; } return err; } @@ -3306,6 +3308,8 @@ static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd, struct ifreq ifreq; u32 data32; + if (!is_socket_ioctl_cmd(cmd)) + return -ENOTTY; if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ)) return -EFAULT; if (get_user(data32, &u_ifreq32->ifr_data)) -- 2.33.0.259.gc128427fd7-goog

3 years, 2 months

4
6
0 0

[PATCH 4.14 0/4] BPF fixes for CVE-2021-3444 and CVE-2021-3600

by Thadeu Lima de Souza Cascardo

The upstream changes necessary to fix these CVEs rely on the presence of JMP32, which is not a small backport and brings its own potential set of necessary follow-ups. Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix involving the use of the AX register. This has been tested against the test_verifier in 4.14.y tree and some tests specific to the two referred CVEs. The test_bpf module was also tested. Daniel Borkmann (4): bpf: Do not use ax register in interpreter on div/mod bpf: fix subprog verifier bypass by div/mod by 0 exception bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero include/linux/filter.h | 24 ++++++++++++++++++++++++ kernel/bpf/core.c | 40 +++++++++++++++------------------------- kernel/bpf/verifier.c | 39 +++++++++++++++++++++++++++++++-------- net/core/filter.c | 9 ++++++++- 4 files changed, 78 insertions(+), 34 deletions(-) -- 2.30.2

3 years, 2 months

3
8
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2021