October 2022 - Linux-stable-mirror

[PATCH] ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on action required events

by Shuai Xue

There are two major types of uncorrected error (UC) : - Action Required: The error is detected and the processor already consumes the memory. OS requires to take action (for example, offline failure page/kill failure thread) to recover this uncorrectable error. - Action Optional: The error is detected out of processor execution context. Some data in the memory are corrupted. But the data have not been consumed. OS is optional to take action to recover this uncorrectable error. For X86 platforms, we can easily distinguish between these two types based on the MCA Bank. While for arm64 platform, the memory failure flags for all UCs which severity are GHES_SEV_RECOVERABLE are set as 0, a.k.a, Action Optional now. If UC is detected by a background scrubber, it is obviously an Action Optional error. For other errors, we should conservatively regard them as Action Required. cper_sec_mem_err::error_type identifies the type of error that occurred if CPER_MEM_VALID_ERROR_TYPE is set. So, set memory failure flags as 0 for Scrub Uncorrected Error (type 14). Otherwise, set memory failure flags as MF_ACTION_REQUIRED. Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> --- drivers/acpi/apei/ghes.c | 10 ++++++++-- include/linux/cper.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c index 80ad530583c9..6c03059cbfc6 100644 --- a/drivers/acpi/apei/ghes.c +++ b/drivers/acpi/apei/ghes.c @@ -474,8 +474,14 @@ static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata, if (sec_sev == GHES_SEV_CORRECTED && (gdata->flags & CPER_SEC_ERROR_THRESHOLD_EXCEEDED)) flags = MF_SOFT_OFFLINE; - if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) - flags = 0; + if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) { + if (mem_err->validation_bits & CPER_MEM_VALID_ERROR_TYPE) + flags = mem_err->error_type == CPER_MEM_SCRUB_UC ? + 0 : + MF_ACTION_REQUIRED; + else + flags = MF_ACTION_REQUIRED; + } if (flags != -1) return ghes_do_memory_failure(mem_err->physical_addr, flags); diff --git a/include/linux/cper.h b/include/linux/cper.h index eacb7dd7b3af..b77ab7636614 100644 --- a/include/linux/cper.h +++ b/include/linux/cper.h @@ -235,6 +235,9 @@ enum { #define CPER_MEM_VALID_BANK_ADDRESS 0x100000 #define CPER_MEM_VALID_CHIP_ID 0x200000 +#define CPER_MEM_SCRUB_CE 13 +#define CPER_MEM_SCRUB_UC 14 + #define CPER_MEM_EXT_ROW_MASK 0x3 #define CPER_MEM_EXT_ROW_SHIFT 16 -- 2.20.1.9.gb50a0d7

1 week

5
13
0 0

[PATCH v4 2/6] usb: dwc3: gadget: cancel requests instead of release after missed isoc

by Dan Vacura

From: Jeff Vanhoof <qjv001(a)motorola.com> arm-smmu related crashes seen after a Missed ISOC interrupt when no_interrupt=1 is used. This can happen if the hardware is still using the data associated with a TRB after the usb_request's ->complete call has been made. Instead of immediately releasing a request when a Missed ISOC interrupt has occurred, this change will add logic to cancel the request instead where it will eventually be released when the END_TRANSFER command has completed. This logic is similar to some of the cleanup done in dwc3_gadget_ep_dequeue. Fixes: 6d8a019614f3 ("usb: dwc3: gadget: check for Missed Isoc from event status") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jeff Vanhoof <qjv001(a)motorola.com> Co-developed-by: Dan Vacura <w36195(a)motorola.com> Signed-off-by: Dan Vacura <w36195(a)motorola.com> --- V1 -> V3: - no change, new patch in series V3 -> V4: - no change drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 8f9959ba9fd4..9b005d912241 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -943,6 +943,7 @@ struct dwc3_request { #define DWC3_REQUEST_STATUS_DEQUEUED 3 #define DWC3_REQUEST_STATUS_STALLED 4 #define DWC3_REQUEST_STATUS_COMPLETED 5 +#define DWC3_REQUEST_STATUS_MISSED_ISOC 6 #define DWC3_REQUEST_STATUS_UNKNOWN -1 u8 epnum; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 079cd333632e..411532c5c378 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2021,6 +2021,9 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep) case DWC3_REQUEST_STATUS_STALLED: dwc3_gadget_giveback(dep, req, -EPIPE); break; + case DWC3_REQUEST_STATUS_MISSED_ISOC: + dwc3_gadget_giveback(dep, req, -EXDEV); + break; default: dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); dwc3_gadget_giveback(dep, req, -ECONNRESET); @@ -3402,21 +3405,32 @@ static bool dwc3_gadget_endpoint_trbs_complete(struct dwc3_ep *dep, struct dwc3 *dwc = dep->dwc; bool no_started_trb = true; - dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); + if (status == -EXDEV) { + struct dwc3_request *tmp; + struct dwc3_request *req; - if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) - goto out; + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_stop_active_transfer(dep, true, true); - if (!dep->endpoint.desc) - return no_started_trb; + list_for_each_entry_safe(req, tmp, &dep->started_list, list) + dwc3_gadget_move_cancelled_request(req, + DWC3_REQUEST_STATUS_MISSED_ISOC); + } else { + dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); - if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && - list_empty(&dep->started_list) && - (list_empty(&dep->pending_list) || status == -EXDEV)) - dwc3_stop_active_transfer(dep, true, true); - else if (dwc3_gadget_ep_should_continue(dep)) - if (__dwc3_gadget_kick_transfer(dep) == 0) - no_started_trb = false; + if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) + goto out; + + if (!dep->endpoint.desc) + return no_started_trb; + + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && + list_empty(&dep->started_list) && list_empty(&dep->pending_list)) + dwc3_stop_active_transfer(dep, true, true); + else if (dwc3_gadget_ep_should_continue(dep)) + if (__dwc3_gadget_kick_transfer(dep) == 0) + no_started_trb = false; + } out: /* -- 2.34.1

1 week, 6 days

5
5
0 0

[PATCH] iio: afe: rescale: Fix logic bug

by Linus Walleij

When introducing support for processed channels I needed to invert the expression: if (!iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || !iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_err(dev, "source channel does not support raw/scale\n"); To the inverse, meaning detect when we can usse raw+scale rather than when we can not. This was the result: if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_info(dev, "using raw+scale source channel\n"); Ooops. Spot the error. Yep old George Boole came up and bit me. That should be an &&. The current code "mostly works" because we have not run into systems supporting only raw but not scale or only scale but not raw, and I doubt there are few using the rescaler on anything such, but let's fix the logic. Cc: Liam Beguin <liambeguin(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 53ebee949980 ("iio: afe: iio-rescale: Support processed channels") Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/iio/afe/iio-rescale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/afe/iio-rescale.c b/drivers/iio/afe/iio-rescale.c index 7e511293d6d1..dc426e1484f0 100644 --- a/drivers/iio/afe/iio-rescale.c +++ b/drivers/iio/afe/iio-rescale.c @@ -278,7 +278,7 @@ static int rescale_configure_channel(struct device *dev, chan->ext_info = rescale->ext_info; chan->type = rescale->cfg->type; - if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || + if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) && iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) { dev_info(dev, "using raw+scale source channel\n"); } else if (iio_channel_has_info(schan, IIO_CHAN_INFO_PROCESSED)) { -- 2.35.3

4 weeks

6
17
0 0

[PATCH 5.17 000/298] 5.17.15-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.17.15 release. There are 298 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.17.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.17.15-rc1 Damien Le Moal <damien.lemoal(a)opensource.wdc.com> zonefs: fix handling of explicit_open option on mount Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Fix pipe clock imbalance Christoph Hellwig <hch(a)lst.de> block, loop: support partitions without scanning Davide Caratti <dcaratti(a)redhat.com> net/sched: act_police: more accurate MTU policing Pascal Hambourg <pascal(a)plouf.fr.eu.org> md/raid0: Ignore RAID0 layout if the second zone has only one device Jason A. Donenfeld <Jason(a)zx2c4.com> random: account for arch randomness in bits Jason A. Donenfeld <Jason(a)zx2c4.com> random: mark bootloader randomness code as __init Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid checking crng_ready() twice in random_init() KuoHsiang Chou <kuohsiang_chou(a)aspeedtech.com> drm/ast: Create threshold values for AST2600 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/32: Fix overread/overwrite of thread_struct via ptrace Jason Wang <jasowang(a)redhat.com> virtio-rng: make device ready before making request Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update VCN codec support for Yellow Carp Mohammad Zafar Ziya <Mohammadzafar.ziya(a)amd.com> drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Brian Norris <briannorris(a)chromium.org> drm/atomic: Force bridge self-refresh-exit on CRTC switch Brian Norris <briannorris(a)chromium.org> drm/bridge: analogix_dp: Support PSR-exit to disable transition Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/huge_memory: Fix xarray node memory leak Peter Zijlstra <peterz(a)infradead.org> cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Xie Yongji <xieyongji(a)bytedance.com> vduse: Fix NULL pointer dereference on sysfs access Mathias Nyman <mathias.nyman(a)linux.intel.com> Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix unexpected VLAN Rx in promisc mode on VF Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix bcast packets Rx on VF after promisc removal Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Jchao Sun <sunjunchao2870(a)gmail.com> writeback: Fix inode->i_io_list not be protected by inode->i_lock error Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix misuse of the cached connection on tuple changes Tan Tee Min <tee.min.tan(a)linux.intel.com> net: phy: dp83867: retrigger SGMII AN when link change Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Fix CQE recovery reset success Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix translation of concurrent positioning ranges Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix reading concurrent positioning ranges log David Safford <david.safford(a)gmail.com> KEYS: trusted: tpm2: Fix migratable logic Tyler Erickson <tyler.erickson(a)seagate.com> scsi: sd: Fix interpretation of VPD B9h length Shyam Prasad N <sprasad(a)microsoft.com> cifs: populate empty hostnames for extra channels Paulo Alcantara <pc(a)cjr.nz> cifs: fix reconnect on smb3 mount types Shyam Prasad N <sprasad(a)microsoft.com> cifs: return errors during session setup during reconnects Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek: Add quirk for HP Dev One Cameron Berkenpas <cam(a)neo-zeon.de> ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 huangwenhui <huangwenhuia(a)uniontech.com> ALSA: hda/conexant - Fix loopback issue with CX20632 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Skip generic sync EP parse for secondary EP Bedant Patnaik <bedant.patnaik(a)gmail.com> platform/x86: hp-wmi: Use zero insize parameter only when supported Jorge Lopez <jorge.lopez2(a)hp.com> platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05) Kuan-Ying Lee <Kuan-Ying.Lee(a)mediatek.com> scripts/gdb: change kernel config dumping method Jiasheng Jiang <jiasheng(a)iscas.ac.cn> platform/x86: barco-p50-gpio: Add check for platform_driver_register Xie Yongji <xieyongji(a)bytedance.com> vringh: Fix loop descriptors check in the indirect cases Kees Cook <keescook(a)chromium.org> nodemask: Fix return values to be unsigned Yury Norov <yury.norov(a)gmail.com> drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Steve French <stfrench(a)microsoft.com> cifs: version operations for smb20 unneeded when legacy support disabled Christian Borntraeger <borntraeger(a)linux.ibm.com> s390/gmap: voluntarily schedule during key setting Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Yu Kuai <yukuai3(a)huawei.com> nbd: fix io hung while disconnecting device Yu Kuai <yukuai3(a)huawei.com> nbd: fix race between nbd_alloc_config() and module removal Yu Kuai <yukuai3(a)huawei.com> nbd: call genl_unregister_family() first in nbd_cleanup() Peter Zijlstra <peterz(a)infradead.org> jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Peter Zijlstra <peterz(a)infradead.org> x86/cpu: Elide KCSAN for cpu_has() and friends Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix undefined behavior of is_arm_mapping_symbol() Johannes Berg <johannes.berg(a)intel.com> um: line: Use separate IRQs per line Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix missing thermal throttler status Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/amd/pm: fix a potential gpu_metrics_table memory leak Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/radeon: fix a possible null pointer dereference David Galiffi <David.Galiffi(a)amd.com> drm/amd/display: Check if modulo is 0 before dividing. Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Set lower cap for neigh_managed_work rearming Xiubo Li <xiubli(a)redhat.com> ceph: flush the mdlog for filesystem sync Venky Shankar <vshankar(a)redhat.com> ceph: allow ceph.dir.rctime xattr to be updatable Michal Kubecek <mkubecek(a)suse.cz> Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Hannes Reinecke <hare(a)suse.de> scsi: myrb: Fix up null pointer access on myrb_cleanup() Guoqing Jiang <guoqing.jiang(a)cloud.ionos.com> md: protect md_unregister_thread from reentrancy Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: fix connection dropped issue Liu Xinpeng <liuxp11(a)chinatelecom.cn> watchdog: wdat_wdt: Stop watchdog when rebooting the system Hao Luo <haoluo(a)google.com> kernfs: Separate kernfs_pr_cont_buf and rename_lock. John Ogness <john.ogness(a)linutronix.de> serial: msm_serial: disable interrupts in __msm_console_write() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in r871xu_drv_init() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in usb_read8() and friends Andre Przywara <andre.przywara(a)arm.com> clocksource/drivers/sp804: Avoid error on multiple instances bumwoo lee <bw365.lee(a)samsung.com> extcon: Modify extcon device to be created after driver data is set Dan Carpenter <dan.carpenter(a)oracle.com> extcon: Fix extcon_get_extcon_dev() error handling Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx: set NULL intfdata when probe fails Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> soundwire: qcom: adjust autoenumeration timeout Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: host: Stop setting the ACPI companion Marek Szyprowski <m.szyprowski(a)samsung.com> usb: dwc2: gadget: don't reset gadget's driver->bus Changbin Du <changbin.du(a)intel.com> sysrq: do not omit current cpu when showing backtrace of all active CPUs Hangyu Hua <hbh25y(a)gmail.com> char: xillybus: fix a refcount leak in cleanup_dev() Evan Green <evgreen(a)chromium.org> USB: hcd-pci: Fully suspend across freeze/thaw cycle Duoming Zhou <duoming(a)zju.edu.cn> drivers: usb: host: Fix deadlock in oxu_bus_suspend() Duoming Zhou <duoming(a)zju.edu.cn> drivers: tty: serial: Fix deadlock in sa1100_set_termios() Zhen Ni <nizhen(a)uniontech.com> USB: host: isp116x: check return value after calling platform_get_resource() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use different lane for second DisplayPort tunnel Huang Guobin <huangguobin4(a)huawei.com> tty: Fix a possible resource leak in icom_probe Zheyu Ma <zheyuma97(a)gmail.com> tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Kees Cook <keescook(a)chromium.org> lkdtm/usercopy: Expand size of "out of frame" object Miquel Raynal <miquel.raynal(a)bootlin.com> iio: st_sensors: Add a local lock for protecting odr Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Xiaoke Wang <xkernel.wang(a)foxmail.com> iio: dummy: iio_simple_dummy: check the return value of kstrdup() David Howells <dhowells(a)redhat.com> iov_iter: Fix iter_xarray_get_pages{,_alloc}() Etienne van der Linde <etienne.vanderlinde(a)corigine.com> nfp: flower: restructure flow-key for gre+vlan combination Linus Torvalds <torvalds(a)linux-foundation.org> drm: imx: fix compiler warning with gcc-12 Muchun Song <songmuchun(a)bytedance.com> tcp: use alloc_large_system_hash() to allocate table_perturb Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Miaoqian Lin <linmq006(a)gmail.com> net: altera: Fix refcount leak in altera_tse_mdio_create Willem de Bruijn <willemb(a)google.com> ip_gre: test csum_start instead of transport header Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, fail conflicting actions Feras Daoud <ferasda(a)nvidia.com> net/mlx5: Rearm the FW tracer after each tracer event Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5: Fix mlx5_get_next_dev() peer device matching Mark Bloch <mbloch(a)nvidia.com> net/mlx5: Lag, filter non compatible devices Masahiro Yamada <masahiroy(a)kernel.org> net: ipv6: unexport __init-annotated seg6_hmac_init() Masahiro Yamada <masahiroy(a)kernel.org> net: xfrm: unexport __init-annotated xfrm4_protocol_init() Masahiro Yamada <masahiroy(a)kernel.org> net: mdio: unexport __init-annotated mdio_bus_init() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: Fix handling of invalid descriptors in XSK TX batching API Magnus Karlsson <magnus.karlsson(a)intel.com> i40e: xsk: Move tmp desc array from driver to pool Gal Pressman <gal(a)nvidia.com> net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Miaoqian Lin <linmq006(a)gmail.com> net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Eric Dumazet <edumazet(a)google.com> bpf, arm64: Clear prog->jited_len along prog->jited Jan Beulich <jbeulich(a)suse.com> x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix a data-race in unix_dgram_peer_wake_me(). Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Masahiro Yamada <masahiroy(a)kernel.org> xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong type string definition Taehee Yoo <ap420073(a)gmail.com> amt: fix possible null-ptr-deref in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong usage of pskb_may_pull() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bail out early if hardware offload is not supported Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: memleak flow rule from commit path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release new hooks on unsupported flowtable flags Miaoqian Lin <linmq006(a)gmail.com> ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: always initialize flowtable hook list in transaction Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Trap RDMA segment overflows Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Force thread size increase with KASAN Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: delete flowtable hooks via transaction list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Florian Westphal <fw(a)strlen.de> netfilter: nat: really support inet nat without l3 address Steven Price <steven.price(a)arm.com> drm/panfrost: Job should reference MMU not file_priv Marek Vasut <marex(a)denx.de> drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Kinglong Mee <kinglongmee(a)gmail.com> xprtrdma: treat all calls not a bcall when bc_serv is NULL Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during file defragment Daniel Bristot de Oliveira <bristot(a)kernel.org> rtla/Makefile: Properly handle dependencies Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `mach_get_rtc_pll' Liao Chang <liaochang1(a)huawei.com> RISC-V: use memcpy for kexec_file mode Yang Yingliang <yangyingliang(a)huawei.com> video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Saurabh Sengar <ssengar(a)linux.microsoft.com> video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't hold the layoutget locks across multiple RPC calls Radhey Shyam Pandey <radhey.shyam.pandey(a)xilinx.com> dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `_init_sp' Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: set ZERO_PAGE() to the allocated zeroed page Lucas Tanure <tanureal(a)opensource.cirrus.com> i2c: cadence: Increase timeout per message if necessary Dongliang Mu <mudongliangabcd(a)gmail.com> f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu-v3: check return value after calling platform_get_resource() Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tracing: Avoid adding tracer option before update_tracer_options Jun Miao <jun.miao(a)intel.com> tracing: Fix sleeping function called from invalid context on RT kernel Jeff Xie <xiehuan09(a)gmail.com> tracing: Make tp_printk work on syscall tracepoints Masami Hiramatsu <mhiramat(a)kernel.org> bootconfig: Make the bootconfig.o as a normal object file Gong Yuanjun <ruc_gongyuanjun(a)163.com> mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: set DMA_INTERRUPT cap bit Linus Torvalds <torvalds(a)linux-foundation.org> bluetooth: don't use bitmaps for random flag accesses Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Leo Yan <leo.yan(a)linaro.org> perf c2c: Fix sorting in percent_rmt_hitm_cmp() Zhengjun Xing <zhengjun.xing(a)linux.intel.com> perf record: Support sample-read topdown metric group for hybrid platforms Kan Liang <kan.liang(a)linux.intel.com> perf parse-events: Move slots event for the hybrid platform too Kan Liang <kan.liang(a)linux.intel.com> perf evsel: Fixes topdown events in a weak group for the hybrid platform Saravana Kannan <saravanak(a)google.com> driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Hoang Le <hoang.h.le(a)dektech.com.au> tipc: check attribute length for bearer name Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix ax25 session cleanup problems Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: sd: Fix potential NULL pointer dereference Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() David Howells <dhowells(a)redhat.com> afs: Fix infinite loop found by xfstest generic/676 Haibo Chen <haibo.chen(a)nxp.com> gpio: pca953x: use the correct register address to do regcache sync Fabien Parent <fparent(a)baylibre.com> regulator: mt6315-regulator: fix invalid allowed mode Alexander Gordeev <agordeev(a)linux.ibm.com> s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Ziyang Xuan <william.xuanziyang(a)huawei.com> macsec: fix UAF bug for real_dev Dan Carpenter <dan.carpenter(a)oracle.com> octeontx2-af: fix error code in is_valid_offset() Jason Wang <jasowang(a)redhat.com> vdpa: ifcvf: set pci driver data in probe Eric Dumazet <edumazet(a)google.com> tcp: tcp_rtx_synack() can be called from process context Guoju Fang <gjfang(a)linux.alibaba.com> net: sched: add barrier to fix packet stuck problem for lockless qdisc Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Update netdev features after changing XDP state Changcheng Liu <jerrliu(a)nvidia.com> net/mlx5: correct ECE offset in query qp output Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Paul Blakey <paulb(a)nvidia.com> net/mlx5: CT: Fix header-rewrite re-use for tupels Maor Dickman <maord(a)nvidia.com> net/mlx5e: TC NIC mode, fix tc chains miss table Leon Romanovsky <leon(a)kernel.org> net/mlx5: Don't use already freed action pointer Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> virtio: pci: Fix an error handling path in vp_modern_probe() Eli Cohen <elic(a)nvidia.com> vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Haisu Wang <haisuwang(a)tencent.com> blk-mq: do not update io_ticks with passthrough requests Jens Axboe <axboe(a)kernel.dk> block: make bioset_exit() fully resilient against being called twice Íñigo Huguet <ihuguet(a)redhat.com> sfc: fix wrong tx channel offset with efx_separate_tx_channels Martin Habets <habetsm.xilinx(a)gmail.com> sfc: fix considering that all channels have TX queues Christoph Hellwig <hch(a)lst.de> block: use bio_queue_enter instead of blk_queue_enter in bio_poll Yu Xiao <yu.xiao(a)corigine.com> nfp: only report pause frame configuration for physical device Eric Dumazet <edumazet(a)google.com> tcp: add accessors to read/set tp->snd_cwnd Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: read-only pages should not be writable Yu Kuai <yukuai3(a)huawei.com> nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed Christoph Hellwig <hch(a)lst.de> block: take destination bvec offsets into account in bio_copy_data_iter Menglong Dong <imagedong(a)tencent.com> bpf: Fix probe read error in ___bpf_prog_run() Song Liu <song(a)kernel.org> selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix selftest after random: Urandom_read tracepoint removal Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: ubi_create_volume: Fix use-after-free when volume creation failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_do_fill_super Genjian Zhang <zhanggenjian123(a)gmail.com> ep93xx: clock: Do not return the address of the freed memory Alexander Lobakin <alexandr.lobakin(a)intel.com> modpost: fix removing numeric suffixes Miaoqian Lin <linmq006(a)gmail.com> net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Dan Carpenter <dan.carpenter(a)oracle.com> net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Vincent Ray <vray(a)kalrayinc.com> net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Michael Walle <michael(a)walle.cc> net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Eddie James <eajames(a)linux.ibm.com> spi: fsi: Fix spurious timeout liuyacan <liuyacan(a)corp.netease.com> net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Taehee Yoo <ap420073(a)gmail.com> amt: fix possible memory leak in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix return value of amt_update_handler() Jann Horn <jannh(a)google.com> s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Ming Lei <ming.lei(a)redhat.com> blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx Miaoqian Lin <linmq006(a)gmail.com> watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Miaoqian Lin <linmq006(a)gmail.com> watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Zhang Wensheng <zhangwensheng5(a)huawei.com> driver core: fix deadlock in __device_attach Schspa Shi <schspa(a)gmail.com> driver: base: fix UAF when driver_attach failed Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix warnings for unbind for serial Miaoqian Lin <linmq006(a)gmail.com> firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: stm32-usart: Correct CSIZE, bits, and parity Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sifive: Sanitize CSIZE and c_iflag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sh-sci: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: txx9: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: rda-uart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: digicolor-usart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: uartlite: Fix BRKINT clearing YueHaibing <yuehaibing(a)huawei.com> serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 John Ogness <john.ogness(a)linutronix.de> serial: meson: acquire port->lock in startup() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> staging: r8188eu: add check for kzalloc Miaoqian Lin <linmq006(a)gmail.com> rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Yang Yingliang <yangyingliang(a)huawei.com> rtc: mt6397: check return value after calling platform_get_resource() Howard Chiu <howard_chiu(a)aspeedtech.com> ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Samuel Holland <samuel(a)sholland.org> clocksource/drivers/riscv: Events are stopped during CPU suspend Miaoqian Lin <linmq006(a)gmail.com> soc: rockchip: Fix refcount leak in rockchip_grf_init Nícolas F. R. A. Prado <nfraprado(a)collabora.com> dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Li Jun <jun.li(a)nxp.com> extcon: ptn5150: Add queue work sync before driver release Xin Xiong <xiongx18(a)fudan.edu.cn> ksmbd: fix reference count leak in smb_check_perm_dacl() Guilherme G. Piccoli <gpiccoli(a)igalia.com> coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: prevent pm_runtime resume prior to system suspend Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix reset control imbalance Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix Runtime PM usage Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> export: fix string handling of namespace in EXPORT_SYMBOL_NS Maciej W. Rozycki <macro(a)orcam.me.uk> serial: sifive: Report actual baud base rather than fixed 115200 Linus Walleij <linus.walleij(a)linaro.org> power: supply: ab8500_fg: Allocate wq in probe Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Johan Hovold <johan+linaro(a)kernel.org> phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Guilherme G. Piccoli <gpiccoli(a)igalia.com> misc/pvpanic: Convert regular spinlock into trylock on panic path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: Fine tune the scale calibration values Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: fix read big scale voltage not right Miaoqian Lin <linmq006(a)gmail.com> iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Miaoqian Lin <linmq006(a)gmail.com> iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_probe() Bjorn Andersson <bjorn.andersson(a)linaro.org> usb: typec: mux: Check dev_set_name() return value Xiaomeng Tong <xiam0nd.tong(a)gmail.com> firmware: stratix10-svc: fix a missing check on list iterator Xiaomeng Tong <xiam0nd.tong(a)gmail.com> misc: fastrpc: fix an incorrect NULL check on list iterator SeongJae Park <sj(a)kernel.org> scripts/get_abi: Fix wrong script file name in the help message Zheng Yongjun <zhengyongjun3(a)huawei.com> usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: raspberrypi-poe: Fix endianness in firmware struct Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: lp3943: Fix duty calculation in case period was clamped Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Miaoqian Lin <linmq006(a)gmail.com> usb: musb: Fix missing of_node_put() in omap2430_probe Lin Ma <linma(a)zju.edu.cn> USB: storage: karma: fix rio_karma_init return Niels Dossche <dossche.niels(a)gmail.com> usb: usbip: add missing device lock on tweak configuration cmd Hangyu Hua <hbh25y(a)gmail.com> usb: usbip: fix a refcount leak in stub_probe() Samuel Holland <samuel(a)sholland.org> phy: rockchip-inno-usb2: Fix muxed interrupt support Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Ignore create mem entry for resource table Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Miaoqian Lin <linmq006(a)gmail.com> serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Daniel Gibson <daniel(a)gibson.sh> tty: n_tty: Restore EOF push handling behavior Miaoqian Lin <linmq006(a)gmail.com> tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Wang Weiyang <wangweiyang2(a)huawei.com> tty: goldfish: Use tty_port_destroy() to destroy port Christophe Leroy <christophe.leroy(a)csgroup.eu> lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP Jiasheng Jiang <jiasheng(a)iscas.ac.cn> lkdtm/bugs: Check for the NULL pointer after calling kmalloc Alexandru Tachici <alexandru.tachici(a)analog.com> iio: adc: ad7124: Remove shift from scan_type Jakob Koschel <jakobkoschel(a)gmail.com> staging: greybus: codecs: fix type confusion of list iterator variable Randy Dunlap <rdunlap(a)infradead.org> pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards ------------- Diffstat: Documentation/ABI/testing/sysfs-ata | 11 +- .../bindings/regulator/mt6315-regulator.yaml | 4 +- .../devicetree/bindings/remoteproc/mtk,scp.yaml | 44 ++-- Documentation/tools/rtla/Makefile | 14 +- Makefile | 4 +- arch/arm/boot/dts/aspeed-ast2600-evb.dts | 4 +- arch/arm/mach-ep93xx/clock.c | 10 +- arch/arm64/net/bpf_jit_comp.c | 1 + arch/m68k/Kconfig.machine | 1 + arch/m68k/include/asm/pgtable_no.h | 3 +- arch/m68k/kernel/setup_mm.c | 7 - arch/m68k/kernel/setup_no.c | 1 - arch/m68k/kernel/time.c | 9 + arch/mips/kernel/mips-cpc.c | 1 + arch/powerpc/Kconfig | 2 - arch/powerpc/include/asm/thread_info.h | 10 +- arch/powerpc/kernel/ptrace/ptrace-fpu.c | 20 +- arch/powerpc/kernel/ptrace/ptrace.c | 3 + arch/riscv/kernel/efi.c | 2 +- arch/riscv/kernel/machine_kexec.c | 4 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/kernel/entry.S | 6 +- arch/s390/mm/gmap.c | 14 ++ arch/um/drivers/chan_kern.c | 10 +- arch/um/drivers/line.c | 22 +- arch/um/drivers/line.h | 4 +- arch/um/drivers/ssl.c | 2 - arch/um/drivers/stdio_console.c | 2 - arch/um/include/asm/irq.h | 22 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/uaccess.h | 2 +- block/bio.c | 9 +- block/blk-core.c | 2 +- block/blk-mq.c | 10 +- block/genhd.c | 2 + drivers/ata/libata-core.c | 21 +- drivers/ata/libata-scsi.c | 2 +- drivers/ata/libata-transport.c | 2 +- drivers/ata/pata_octeon_cf.c | 3 + drivers/base/bus.c | 4 +- drivers/base/dd.c | 10 +- drivers/block/loop.c | 8 +- drivers/block/nbd.c | 55 +++-- drivers/bus/ti-sysc.c | 4 +- drivers/char/hw_random/virtio-rng.c | 2 + drivers/char/random.c | 15 +- drivers/char/xillybus/xillyusb.c | 1 + drivers/clocksource/timer-oxnas-rps.c | 2 +- drivers/clocksource/timer-riscv.c | 2 +- drivers/clocksource/timer-sp804.c | 10 +- drivers/dma/idxd/dma.c | 1 + drivers/dma/xilinx/zynqmp_dma.c | 5 +- drivers/extcon/extcon-axp288.c | 4 +- drivers/extcon/extcon-ptn5150.c | 11 + drivers/extcon/extcon.c | 33 +-- drivers/firmware/dmi-sysfs.c | 2 +- drivers/firmware/stratix10-svc.c | 12 +- drivers/gpio/gpio-pca953x.c | 19 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 1 + drivers/gpu/drm/amd/amdgpu/nv.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 3 + drivers/gpu/drm/ast/ast_mode.c | 5 +- drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 42 +++- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 16 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 9 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 5 +- drivers/gpu/drm/panfrost/panfrost_job.c | 6 +- drivers/gpu/drm/panfrost/panfrost_job.h | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 4 + drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 +- drivers/i2c/busses/i2c-cadence.c | 12 +- drivers/idle/intel_idle.c | 32 ++- drivers/iio/adc/ad7124.c | 1 - drivers/iio/adc/sc27xx_adc.c | 20 +- drivers/iio/adc/stmpe-adc.c | 8 +- drivers/iio/common/st_sensors/st_sensors_core.c | 24 +- drivers/iio/dummy/iio_simple_dummy.c | 20 +- drivers/iio/proximity/vl53l0x-i2c.c | 7 +- drivers/input/mouse/bcm5974.c | 7 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 5 +- drivers/md/md.c | 15 +- drivers/md/raid0.c | 31 +-- drivers/misc/cardreader/rtsx_usb.c | 1 + drivers/misc/fastrpc.c | 9 +- drivers/misc/lkdtm/bugs.c | 10 +- drivers/misc/lkdtm/lkdtm.h | 8 +- drivers/misc/lkdtm/usercopy.c | 17 +- drivers/misc/pvpanic/pvpanic.c | 10 +- drivers/mmc/core/block.c | 3 +- drivers/mtd/ubi/fastmap-wl.c | 69 ++++-- drivers/mtd/ubi/fastmap.c | 11 - drivers/mtd/ubi/ubi.h | 4 +- drivers/mtd/ubi/vmt.c | 1 - drivers/mtd/ubi/wl.c | 19 +- drivers/net/amt.c | 59 +++-- drivers/net/dsa/lantiq_gswip.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 1 + drivers/net/dsa/mv88e6xxx/serdes.c | 27 +-- drivers/net/ethernet/altera/altera_tse_main.c | 6 +- drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c | 1 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 11 - drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 - drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 72 ++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 + drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 1 + .../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/en/trap.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/pool.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 38 ++- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 37 ++- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 32 +-- drivers/net/ethernet/netronome/nfp/flower/match.c | 16 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 +- drivers/net/ethernet/sfc/efx_channels.c | 6 +- drivers/net/ethernet/sfc/net_driver.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 3 +- drivers/net/macsec.c | 7 + drivers/net/phy/dp83867.c | 29 +++ drivers/net/phy/mdio_bus.c | 1 - drivers/nfc/st21nfca/se.c | 53 +++-- drivers/pci/controller/dwc/pcie-qcom.c | 6 - drivers/pci/controller/pcie-brcmstb.c | 257 +++------------------ drivers/pcmcia/Kconfig | 2 +- drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +- drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +- drivers/platform/x86/barco-p50-gpio.c | 5 +- drivers/platform/x86/hp-wmi.c | 23 +- drivers/power/supply/ab8500_fg.c | 19 +- drivers/power/supply/axp288_charger.c | 17 +- drivers/power/supply/axp288_fuel_gauge.c | 1 - drivers/power/supply/charger-manager.c | 7 +- drivers/power/supply/max8997_charger.c | 8 +- drivers/pwm/pwm-lp3943.c | 1 + drivers/pwm/pwm-raspberrypi-poe.c | 2 +- drivers/remoteproc/imx_rproc.c | 3 + drivers/rpmsg/qcom_smd.c | 4 +- drivers/rpmsg/virtio_rpmsg_bus.c | 9 +- drivers/rtc/rtc-ftrtc010.c | 34 ++- drivers/rtc/rtc-mt6397.c | 2 + drivers/scsi/myrb.c | 11 +- drivers/scsi/sd.c | 3 +- drivers/soc/rockchip/grf.c | 2 + drivers/soundwire/intel.c | 3 + drivers/soundwire/qcom.c | 2 +- drivers/spi/spi-fsi.c | 12 +- drivers/staging/fieldbus/anybuss/host.c | 2 +- drivers/staging/greybus/audio_codec.c | 4 +- drivers/staging/r8188eu/core/rtw_xmit.c | 13 +- drivers/staging/r8188eu/include/rtw_xmit.h | 2 +- drivers/staging/rtl8192e/rtllib_softmac.c | 2 +- .../staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +- drivers/staging/rtl8712/os_intfs.c | 1 - drivers/staging/rtl8712/usb_intf.c | 12 +- drivers/staging/rtl8712/usb_ops.c | 27 ++- drivers/staging/rtl8723bs/core/rtw_mlme.c | 12 +- drivers/thunderbolt/tb.c | 19 +- drivers/thunderbolt/test.c | 16 +- drivers/thunderbolt/tunnel.c | 11 +- drivers/thunderbolt/tunnel.h | 4 +- drivers/tty/goldfish.c | 2 + drivers/tty/n_tty.c | 38 ++- drivers/tty/serial/8250/8250_aspeed_vuart.c | 2 + drivers/tty/serial/8250/8250_fintek.c | 8 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 2 +- drivers/tty/serial/digicolor-usart.c | 2 + drivers/tty/serial/fsl_lpuart.c | 24 +- drivers/tty/serial/icom.c | 2 +- drivers/tty/serial/meson_uart.c | 13 ++ drivers/tty/serial/msm_serial.c | 5 + drivers/tty/serial/owl-uart.c | 1 + drivers/tty/serial/rda-uart.c | 2 + drivers/tty/serial/sa1100.c | 4 +- drivers/tty/serial/serial_txx9.c | 2 + drivers/tty/serial/sh-sci.c | 6 +- drivers/tty/serial/sifive.c | 8 +- drivers/tty/serial/st-asc.c | 4 + drivers/tty/serial/stm32-usart.c | 15 +- drivers/tty/serial/uartlite.c | 3 +- drivers/tty/synclink_gt.c | 2 + drivers/tty/sysrq.c | 13 +- drivers/usb/core/hcd-pci.c | 4 +- drivers/usb/dwc2/gadget.c | 1 - drivers/usb/dwc3/drd.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/dwc3/gadget.c | 20 +- drivers/usb/dwc3/host.c | 2 - drivers/usb/host/isp116x-hcd.c | 6 +- drivers/usb/host/oxu210hp-hcd.c | 2 + drivers/usb/musb/omap2430.c | 1 + drivers/usb/phy/phy-omap-otg.c | 4 +- drivers/usb/storage/karma.c | 15 +- drivers/usb/typec/mux.c | 14 +- drivers/usb/typec/tcpm/fusb302.c | 4 +- drivers/usb/usbip/stub_dev.c | 2 +- drivers/usb/usbip/stub_rx.c | 2 + drivers/vdpa/ifcvf/ifcvf_main.c | 3 +- drivers/vdpa/vdpa.c | 13 +- drivers/vdpa/vdpa_user/vduse_dev.c | 7 +- drivers/vhost/vringh.c | 10 +- drivers/video/fbdev/hyperv_fb.c | 19 +- drivers/video/fbdev/pxa3xx-gcu.c | 12 +- drivers/virtio/virtio_pci_modern_dev.c | 1 + drivers/watchdog/rti_wdt.c | 2 +- drivers/watchdog/rzg2l_wdt.c | 46 ++-- drivers/watchdog/ts4800_wdt.c | 5 +- drivers/watchdog/wdat_wdt.c | 1 + drivers/xen/xlate_mmu.c | 1 - fs/afs/dir.c | 5 +- fs/ceph/mds_client.c | 33 ++- fs/ceph/xattr.c | 10 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsfs.h | 2 +- fs/cifs/cifsglob.h | 4 +- fs/cifs/connect.c | 4 + fs/cifs/misc.c | 27 ++- fs/cifs/sess.c | 5 +- fs/cifs/smb2ops.c | 7 +- fs/cifs/smb2pdu.c | 3 + fs/f2fs/checkpoint.c | 4 +- fs/f2fs/file.c | 1 + fs/fs-writeback.c | 37 ++- fs/inode.c | 2 +- fs/jffs2/fs.c | 1 + fs/kernfs/dir.c | 31 ++- fs/ksmbd/smbacl.c | 1 + fs/ksmbd/transport_rdma.c | 1 + fs/nfs/nfs4proc.c | 4 + fs/zonefs/super.c | 11 +- include/linux/export.h | 7 +- include/linux/extcon.h | 2 +- include/linux/genhd.h | 1 + include/linux/iio/common/st_sensors.h | 3 + include/linux/jump_label.h | 4 +- include/linux/mlx5/mlx5_ifc.h | 5 +- include/linux/nodemask.h | 38 +-- include/linux/random.h | 2 +- include/linux/xarray.h | 1 + include/net/ax25.h | 1 + include/net/bluetooth/hci_core.h | 17 +- include/net/flow_offload.h | 1 + include/net/netfilter/nf_tables.h | 1 - include/net/netfilter/nf_tables_offload.h | 2 +- include/net/sch_generic.h | 42 ++-- include/net/tcp.h | 19 +- include/net/xdp_sock_drv.h | 5 +- include/net/xsk_buff_pool.h | 1 + include/trace/events/tcp.h | 2 +- kernel/bpf/core.c | 14 +- kernel/trace/trace.c | 13 +- kernel/trace/trace_syscalls.c | 35 +-- lib/Makefile | 2 +- lib/iov_iter.c | 20 +- lib/nodemask.c | 4 +- lib/xarray.c | 5 +- mm/huge_memory.c | 3 +- net/ax25/af_ax25.c | 27 ++- net/ax25/ax25_dev.c | 1 + net/ax25/ax25_subr.c | 2 +- net/bluetooth/hci_core.c | 4 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 62 +++-- net/bluetooth/mgmt.c | 45 ++-- net/core/filter.c | 2 +- net/core/flow_offload.c | 6 + net/core/neighbour.c | 2 +- net/ipv4/inet_hashtables.c | 10 +- net/ipv4/ip_gre.c | 11 +- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_bbr.c | 20 +- net/ipv4/tcp_bic.c | 14 +- net/ipv4/tcp_cdg.c | 30 +-- net/ipv4/tcp_cong.c | 18 +- net/ipv4/tcp_cubic.c | 22 +- net/ipv4/tcp_dctcp.c | 11 +- net/ipv4/tcp_highspeed.c | 18 +- net/ipv4/tcp_htcp.c | 10 +- net/ipv4/tcp_hybla.c | 18 +- net/ipv4/tcp_illinois.c | 12 +- net/ipv4/tcp_input.c | 36 +-- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_lp.c | 6 +- net/ipv4/tcp_metrics.c | 12 +- net/ipv4/tcp_nv.c | 24 +- net/ipv4/tcp_output.c | 34 +-- net/ipv4/tcp_rate.c | 2 +- net/ipv4/tcp_scalable.c | 4 +- net/ipv4/tcp_vegas.c | 21 +- net/ipv4/tcp_veno.c | 24 +- net/ipv4/tcp_westwood.c | 3 +- net/ipv4/tcp_yeah.c | 30 +-- net/ipv4/xfrm4_protocol.c | 1 - net/ipv6/seg6_hmac.c | 1 - net/ipv6/tcp_ipv6.c | 2 +- net/key/af_key.c | 10 +- net/netfilter/nf_tables_api.c | 54 ++--- net/netfilter/nf_tables_offload.c | 23 +- net/netfilter/nft_nat.c | 3 +- net/openvswitch/actions.c | 6 + net/openvswitch/conntrack.c | 4 +- net/sched/act_police.c | 16 +- net/smc/af_smc.c | 1 + net/smc/smc_cdc.c | 2 +- net/sunrpc/xdr.c | 6 +- net/sunrpc/xprtrdma/rpc_rdma.c | 5 + net/sunrpc/xprtrdma/svc_rdma_rw.c | 4 +- net/tipc/bearer.c | 3 +- net/unix/af_unix.c | 2 +- net/xdp/xsk.c | 16 +- net/xdp/xsk_buff_pool.c | 7 + net/xdp/xsk_queue.h | 14 +- scripts/gdb/linux/config.py | 6 +- scripts/get_abi.pl | 4 +- scripts/mod/modpost.c | 5 +- security/keys/trusted-keys/trusted_tpm2.c | 4 +- sound/pci/hda/patch_conexant.c | 7 + sound/pci/hda/patch_realtek.c | 2 + sound/soc/codecs/rt5640.c | 11 +- sound/soc/codecs/rt5640.h | 2 + sound/soc/fsl/fsl_sai.h | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 + sound/usb/pcm.c | 5 +- sound/usb/quirks-table.h | 7 +- tools/perf/arch/x86/util/evlist.c | 5 +- tools/perf/arch/x86/util/evsel.c | 24 +- tools/perf/arch/x86/util/evsel.h | 7 + tools/perf/arch/x86/util/topdown.c | 46 ++-- tools/perf/arch/x86/util/topdown.h | 7 + tools/perf/builtin-c2c.c | 4 +- .../selftests/bpf/progs/test_stacktrace_build_id.c | 12 +- .../testing/selftests/net/forwarding/tc_police.sh | 52 +++++ tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++ tools/tracing/rtla/Makefile | 35 +++ 356 files changed, 2368 insertions(+), 1550 deletions(-)

1 month, 1 week

6
311
0 0

[PATCH 1/1] net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero

by Lee Jones

Currently, due to the sequential use of min_t() and clamp_t() macros, in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is not set, the logic sets tx_max to 0. This is then used to allocate the data area of the SKB requested later in cdc_ncm_fill_tx_frame(). This does not cause an issue presently because when memory is allocated during initialisation phase of SKB creation, more memory (512b) is allocated than is required for the SKB headers alone (320b), leaving some space (512b - 320b = 192b) for CDC data (172b). However, if more elements (for example 3 x u64 = [24b]) were added to one of the SKB header structs, say 'struct skb_shared_info', increasing its original size (320b [320b aligned]) to something larger (344b [384b aligned]), then suddenly the CDC data (172b) no longer fits in the spare SKB data area (512b - 384b = 128b). Consequently the SKB bounds checking semantics fails and panics: skbuff: skb_over_panic: text:ffffffff830a5b5f len:184 put:172 \ head:ffff888119227c00 data:ffff888119227c00 tail:0xb8 end:0x80 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:110! RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106 <snip> Call Trace: <IRQ> skb_over_panic+0x2c/0x30 net/core/skbuff.c:115 skb_put+0x205/0x210 net/core/skbuff.c:1877 skb_put_zero include/linux/skbuff.h:2270 [inline] cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1116 [inline] cdc_ncm_fill_tx_frame+0x127f/0x3d50 drivers/net/usb/cdc_ncm.c:1293 cdc_ncm_tx_fixup+0x98/0xf0 drivers/net/usb/cdc_ncm.c:1514 By overriding the max value with the default CDC_NCM_NTB_MAX_SIZE_TX when not offered through the system provided params, we ensure enough data space is allocated to handle the CDC data, meaning no crash will occur. Cc: stable(a)vger.kernel.org Cc: Oliver Neukum <oliver(a)neukum.org> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: linux-usb(a)vger.kernel.org Cc: netdev(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Fixes: 289507d3364f9 ("net: cdc_ncm: use sysfs for rx/tx aggregation tuning") Signed-off-by: Lee Jones <lee.jones(a)linaro.org> --- drivers/net/usb/cdc_ncm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 24753a4da7e60..e303b522efb50 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -181,6 +181,8 @@ static u32 cdc_ncm_check_tx_max(struct usbnet *dev, u32 new_tx) min = ctx->max_datagram_size + ctx->max_ndp_size + sizeof(struct usb_cdc_ncm_nth32); max = min_t(u32, CDC_NCM_NTB_MAX_SIZE_TX, le32_to_cpu(ctx->ncm_parm.dwNtbOutMaxSize)); + if (max == 0) + max = CDC_NCM_NTB_MAX_SIZE_TX; /* dwNtbOutMaxSize not set */ /* some devices set dwNtbOutMaxSize too low for the above default */ min = min(min, max); -- 2.34.0.384.gca35af8252-goog

4 months, 2 weeks

6
13
0 0

[PATCH 0/9] KVM backports to 5.10

by Rishabh Bhatnagar

This patch series backports a few VM preemption_status, steal_time and PV TLB flushing fixes to 5.10 stable kernel. Most of the changes backport cleanly except i had to work around a few becauseof missing support/APIs in 5.10 kernel. I have captured those in the changelog as well in the individual patches. Changelog - Use mark_page_dirty_in_slot api without kvm argument (KVM: x86: Fix recording of guest steal time / preempted status) - Avoid checking for xen_msr and SEV-ES conditions (KVM: x86: do not set st->preempted when going back to user space) - Use VCPU_STAT macro to expose preemption_reported and preemption_other fields (KVM: x86: do not report a vCPU as preempted outside instruction boundaries) David Woodhouse (2): KVM: x86: Fix recording of guest steal time / preempted status KVM: Fix steal time asm constraints Lai Jiangshan (1): KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior Paolo Bonzini (5): KVM: x86: do not set st->preempted when going back to user space KVM: x86: do not report a vCPU as preempted outside instruction boundaries KVM: x86: revalidate steal time cache if MSR value changes KVM: x86: do not report preemption if the steal time cache is stale KVM: x86: move guest_pv_has out of user_access section Sean Christopherson (1): KVM: x86: Remove obsolete disabling of page faults in kvm_arch_vcpu_put() arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 164 ++++++++++++++++++++++---------- 4 files changed, 122 insertions(+), 50 deletions(-) -- 2.37.1

4 months, 3 weeks

6
19
0 0

[PATCH v2 1/8] drm: Disable the cursor plane on atomic contexts with virtualized drivers

by Zack Rusin

From: Zack Rusin <zackr(a)vmware.com> Cursor planes on virtualized drivers have special meaning and require that the clients handle them in specific ways, e.g. the cursor plane should react to the mouse movement the way a mouse cursor would be expected to and the client is required to set hotspot properties on it in order for the mouse events to be routed correctly. This breaks the contract as specified by the "universal planes". Fix it by disabling the cursor planes on virtualized drivers while adding a foundation on top of which it's possible to special case mouse cursor planes for clients that want it. Disabling the cursor planes makes some kms compositors which were broken, e.g. Weston, fallback to software cursor which works fine or at least better than currently while having no effect on others, e.g. gnome-shell or kwin, which put virtualized drivers on a deny-list when running in atomic context to make them fallback to legacy kms and avoid this issue. Signed-off-by: Zack Rusin <zackr(a)vmware.com> Fixes: 681e7ec73044 ("drm: Allow userspace to ask for universal plane list (v2)") Cc: <stable(a)vger.kernel.org> # v5.4+ Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)linux.ie> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Gerd Hoffmann <kraxel(a)redhat.com> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Gurchetan Singh <gurchetansingh(a)chromium.org> Cc: Chia-I Wu <olvaffe(a)gmail.com> Cc: dri-devel(a)lists.freedesktop.org Cc: virtualization(a)lists.linux-foundation.org Cc: spice-devel(a)lists.freedesktop.org --- drivers/gpu/drm/drm_plane.c | 11 +++++++++++ drivers/gpu/drm/qxl/qxl_drv.c | 2 +- drivers/gpu/drm/vboxvideo/vbox_drv.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- include/drm/drm_drv.h | 10 ++++++++++ include/drm/drm_file.h | 12 ++++++++++++ 7 files changed, 38 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c index 726f2f163c26..e1e2a65c7119 100644 --- a/drivers/gpu/drm/drm_plane.c +++ b/drivers/gpu/drm/drm_plane.c @@ -667,6 +667,17 @@ int drm_mode_getplane_res(struct drm_device *dev, void *data, !file_priv->universal_planes) continue; + /* + * Unless userspace supports virtual cursor plane + * then if we're running on virtual driver do not + * advertise cursor planes because they'll be broken + */ + if (plane->type == DRM_PLANE_TYPE_CURSOR && + drm_core_check_feature(dev, DRIVER_VIRTUAL) && + file_priv->atomic && + !file_priv->supports_virtual_cursor_plane) + continue; + if (drm_lease_held(file_priv, plane->base.id)) { if (count < plane_resp->count_planes && put_user(plane->base.id, plane_ptr + count)) diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c index 1cb6f0c224bb..0e4212e05caa 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -281,7 +281,7 @@ static const struct drm_ioctl_desc qxl_ioctls[] = { }; static struct drm_driver qxl_driver = { - .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC, + .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC | DRIVER_VIRTUAL, .dumb_create = qxl_mode_dumb_create, .dumb_map_offset = drm_gem_ttm_dumb_map_offset, diff --git a/drivers/gpu/drm/vboxvideo/vbox_drv.c b/drivers/gpu/drm/vboxvideo/vbox_drv.c index f4f2bd79a7cb..84e75bcc3384 100644 --- a/drivers/gpu/drm/vboxvideo/vbox_drv.c +++ b/drivers/gpu/drm/vboxvideo/vbox_drv.c @@ -176,7 +176,7 @@ DEFINE_DRM_GEM_FOPS(vbox_fops); static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC, + DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC | DRIVER_VIRTUAL, .lastclose = drm_fb_helper_lastclose, diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c index 5f25a8d15464..3c5bb006159a 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.c +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c @@ -198,7 +198,8 @@ MODULE_AUTHOR("Alon Levy"); DEFINE_DRM_GEM_FOPS(virtio_gpu_driver_fops); static const struct drm_driver driver = { - .driver_features = DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC, + .driver_features = + DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_VIRTUAL, .open = virtio_gpu_driver_open, .postclose = virtio_gpu_driver_postclose, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 01a5b47e95f9..712f6ad0b014 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1581,7 +1581,7 @@ static const struct file_operations vmwgfx_driver_fops = { static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM, + DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM | DRIVER_VIRTUAL, .ioctls = vmw_ioctls, .num_ioctls = ARRAY_SIZE(vmw_ioctls), .master_set = vmw_master_set, diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h index f6159acb8856..c4cd7fc350d9 100644 --- a/include/drm/drm_drv.h +++ b/include/drm/drm_drv.h @@ -94,6 +94,16 @@ enum drm_driver_feature { * synchronization of command submission. */ DRIVER_SYNCOBJ_TIMELINE = BIT(6), + /** + * @DRIVER_VIRTUAL: + * + * Driver is running on top of virtual hardware. The most significant + * implication of this is a requirement of special handling of the + * cursor plane (e.g. cursor plane has to actually track the mouse + * cursor and the clients are required to set hotspot in order for + * the cursor planes to work correctly). + */ + DRIVER_VIRTUAL = BIT(7), /* IMPORTANT: Below are all the legacy flags, add new ones above. */ diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index e0a73a1e2df7..3e5c36891161 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -223,6 +223,18 @@ struct drm_file { */ bool is_master; + /** + * @supports_virtual_cursor_plane: + * + * This client is capable of handling the cursor plane with the + * restrictions imposed on it by the virtualized drivers. + * + * The implies that the cursor plane has to behave like a cursor + * i.e. track cursor movement. It also requires setting of the + * hotspot properties by the client on the cursor plane. + */ + bool supports_virtual_cursor_plane; + /** * @master: * -- 2.34.1

5 months

6
12
0 0

[v4 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

by Yang Shi

The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> page_mapcount include/linux/mm.h:837 [inline] smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466 smaps_pte_entry fs/proc/task_mmu.c:538 [inline] smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601 walk_pmd_range mm/pagewalk.c:128 [inline] walk_pud_range mm/pagewalk.c:205 [inline] walk_p4d_range mm/pagewalk.c:240 [inline] walk_pgd_range mm/pagewalk.c:277 [inline] __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379 walk_page_vma+0x277/0x350 mm/pagewalk.c:530 smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768 smap_gather_stats fs/proc/task_mmu.c:741 [inline] show_smap+0xc6/0x440 fs/proc/task_mmu.c:822 seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272 seq_read+0x3e0/0x5b0 fs/seq_file.c:162 vfs_read+0x1b5/0x600 fs/read_write.c:479 ksys_read+0x12d/0x250 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7faa2af6c969 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faa2aefd288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007faa2aff4418 RCX: 00007faa2af6c969 RDX: 0000000000002025 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007faa2aff4410 R08: 00007faa2aefd700 R09: 0000000000000000 R10: 00007faa2aefd700 R11: 0000000000000246 R12: 00007faa2afc20ac R13: 00007fff7e6632bf R14: 00007faa2aefd400 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 24ec93ff95e4ac3d ]--- RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 The reproducer was trying to reading /proc/$PID/smaps when calling MADV_FREE at the mean time. MADV_FREE may split THPs if it is called for partial THP. It may trigger the below race: CPU A CPU B ----- ----- smaps walk: MADV_FREE: page_mapcount() PageCompound() split_huge_page() page = compound_head(page) PageDoubleMap(page) When calling PageDoubleMap() this page is not a tail page of THP anymore so the BUG is triggered. This could be fixed by elevated refcount of the page before calling mapcount, but it prevents from counting migration entries, and it seems overkilling because the race just could happen when PMD is split so all PTE entries of tail pages are actually migration entries, and smaps_account() does treat migration entries as mapcount == 1 as Kirill pointed out. Add a new parameter for smaps_account() to tell this entry is migration entry then skip calling page_mapcount(). Don't skip getting mapcount for device private entries since they do track references with mapcount. Pagemap also has the similar issue although it was not reported. Fixed it as well. Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()") Reported-by: syzbot+1f52b3a18d5633fa7f82(a)syzkaller.appspotmail.com Acked-by: David Hildenbrand <david(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Jann Horn <jannh(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Yang Shi <shy828301(a)gmail.com> --- v4: * s/Treated/Treat per David * Collected acked-by tag from David v3: * Fixed the fix tag, the one used by v2 was not accurate * Added comment about the risk calling page_mapcount() per David * Fix pagemap v2: * Added proper fix tag per Jann Horn * Rebased to the latest linus's tree fs/proc/task_mmu.c | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 18f8c3acbb85..bc2f46033231 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -440,7 +440,8 @@ static void smaps_page_accumulate(struct mem_size_stats *mss, } static void smaps_account(struct mem_size_stats *mss, struct page *page, - bool compound, bool young, bool dirty, bool locked) + bool compound, bool young, bool dirty, bool locked, + bool migration) { int i, nr = compound ? compound_nr(page) : 1; unsigned long size = nr * PAGE_SIZE; @@ -467,8 +468,15 @@ static void smaps_account(struct mem_size_stats *mss, struct page *page, * page_count(page) == 1 guarantees the page is mapped exactly once. * If any subpage of the compound page mapped with PTE it would elevate * page_count(). + * + * The page_mapcount() is called to get a snapshot of the mapcount. + * Without holding the page lock this snapshot can be slightly wrong as + * we cannot always read the mapcount atomically. It is not safe to + * call page_mapcount() even with PTL held if the page is not mapped, + * especially for migration entries. Treat regular migration entries + * as mapcount == 1. */ - if (page_count(page) == 1) { + if ((page_count(page) == 1) || migration) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty, locked, true); return; @@ -517,6 +525,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pte_present(*pte)) { page = vm_normal_page(vma, addr, *pte); @@ -536,8 +545,11 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, } else { mss->swap_pss += (u64)PAGE_SIZE << PSS_SHIFT; } - } else if (is_pfn_swap_entry(swpent)) + } else if (is_pfn_swap_entry(swpent)) { + if (is_migration_entry(swpent)) + migration = true; page = pfn_swap_entry_to_page(swpent); + } } else { smaps_pte_hole_lookup(addr, walk); return; @@ -546,7 +558,8 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, if (!page) return; - smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), locked); + smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), + locked, migration); } #ifdef CONFIG_TRANSPARENT_HUGEPAGE @@ -557,6 +570,7 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pmd_present(*pmd)) { /* FOLL_DUMP will return -EFAULT on huge zero page */ @@ -564,8 +578,10 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, } else if (unlikely(thp_migration_supported() && is_swap_pmd(*pmd))) { swp_entry_t entry = pmd_to_swp_entry(*pmd); - if (is_migration_entry(entry)) + if (is_migration_entry(entry)) { + migration = true; page = pfn_swap_entry_to_page(entry); + } } if (IS_ERR_OR_NULL(page)) return; @@ -577,7 +593,9 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, /* pass */; else mss->file_thp += HPAGE_PMD_SIZE; - smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), locked); + + smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), + locked, migration); } #else static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, @@ -1378,6 +1396,7 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, { u64 frame = 0, flags = 0; struct page *page = NULL; + bool migration = false; if (pte_present(pte)) { if (pm->show_pfn) @@ -1399,13 +1418,14 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, frame = swp_type(entry) | (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags |= PM_SWAP; + migration = is_migration_entry(entry); if (is_pfn_swap_entry(entry)) page = pfn_swap_entry_to_page(entry); } if (page && !PageAnon(page)) flags |= PM_FILE; - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; if (vma->vm_flags & VM_SOFTDIRTY) flags |= PM_SOFT_DIRTY; @@ -1421,6 +1441,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, spinlock_t *ptl; pte_t *pte, *orig_pte; int err = 0; + bool migration = false; #ifdef CONFIG_TRANSPARENT_HUGEPAGE ptl = pmd_trans_huge_lock(pmdp, vma); @@ -1461,11 +1482,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, if (pmd_swp_uffd_wp(pmd)) flags |= PM_UFFD_WP; VM_BUG_ON(!is_pmd_migration_entry(pmd)); + migration = is_migration_entry(entry); page = pfn_swap_entry_to_page(entry); } #endif - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; for (; addr != end; addr += PAGE_SIZE) { -- 2.26.3

5 months, 2 weeks

5
12
0 0

Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()

by Greg Kroah-Hartman

On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote: > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > wrote: > > > From: Stefan Roese <sr(a)denx.de> > > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ] > > > > There's an open regression related to this commit: > > https://bugzilla.kernel.org/show_bug.cgi?id=216373 This is already in the following released stable kernels: 5.10.137 5.15.61 5.18.18 5.19.2 I'll go drop it from the 4.19 and 5.4 queues, but when this gets resolved in Linus's tree, make sure there's a cc: stable on the fix so that we know to backport it to the above branches as well. Or at the least, a "Fixes:" tag. thanks, greg k-h

5 months, 2 weeks

5
14
0 0

[PATCH] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path

by Boris Brezillon

Make sure all bo->base.pages entries are either NULL or pointing to a valid page before calling drm_gem_shmem_put_pages(). Reported-by: Tomeu Vizoso <tomeu.vizoso(a)collabora.com> Cc: <stable(a)vger.kernel.org> Fixes: 187d2929206e ("drm/panfrost: Add support for GPU heap allocations") Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panfrost/panfrost_mmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c index 569509c2ba27..d76dff201ea6 100644 --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c @@ -460,6 +460,7 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, if (IS_ERR(pages[i])) { mutex_unlock(&bo->base.pages_lock); ret = PTR_ERR(pages[i]); + pages[i] = NULL; goto err_pages; } } -- 2.31.1

6 months

2
2
0 0

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2022