September 2022 - Linux-stable-mirror

[PATCH V2 1/3] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

by Huacai Chen

When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/mips/kernel/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c index 4184d641f05e..33a02f3814f5 100644 --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c @@ -172,7 +172,7 @@ static void *c_start(struct seq_file *m, loff_t *pos) { unsigned long i = *pos; - return i < NR_CPUS ? (void *) (i + 1) : NULL; + return i < nr_cpu_ids ? (void *) (i + 1) : NULL; } static void *c_next(struct seq_file *m, void *v, loff_t *pos) -- 2.31.1

1 month, 3 weeks

5
14
0 0

[PATCH MANUALSEL 4.19 1/2] KVM: x86: Handle SRCU initialization failure during page track init

by Sasha Levin

From: Haimin Zhang <tcs_kernel(a)tencent.com> [ Upstream commit eb7511bf9182292ef1df1082d23039e856d1ddfb ] Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. Reported-by: TCS Robot <tcs_robot(a)tencent.com> Signed-off-by: Haimin Zhang <tcs_kernel(a)tencent.com> Message-Id: <1630636626-12262-1-git-send-email-tcs_kernel(a)tencent.com> [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/include/asm/kvm_page_track.h | 2 +- arch/x86/kvm/page_track.c | 4 ++-- arch/x86/kvm/x86.c | 7 ++++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h index 172f9749dbb2..5986bd4aacd6 100644 --- a/arch/x86/include/asm/kvm_page_track.h +++ b/arch/x86/include/asm/kvm_page_track.h @@ -46,7 +46,7 @@ struct kvm_page_track_notifier_node { struct kvm_page_track_notifier_node *node); }; -void kvm_page_track_init(struct kvm *kvm); +int kvm_page_track_init(struct kvm *kvm); void kvm_page_track_cleanup(struct kvm *kvm); void kvm_page_track_free_memslot(struct kvm_memory_slot *free, diff --git a/arch/x86/kvm/page_track.c b/arch/x86/kvm/page_track.c index 3052a59a3065..1f6b0d9b0c85 100644 --- a/arch/x86/kvm/page_track.c +++ b/arch/x86/kvm/page_track.c @@ -169,13 +169,13 @@ void kvm_page_track_cleanup(struct kvm *kvm) cleanup_srcu_struct(&head->track_srcu); } -void kvm_page_track_init(struct kvm *kvm) +int kvm_page_track_init(struct kvm *kvm) { struct kvm_page_track_notifier_head *head; head = &kvm->arch.track_notifier_head; - init_srcu_struct(&head->track_srcu); INIT_HLIST_HEAD(&head->track_notifier_list); + return init_srcu_struct(&head->track_srcu); } /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 417abc9ba1ad..70cb18f89029 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9039,9 +9039,15 @@ void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) { + int ret; + if (type) return -EINVAL; + ret = kvm_page_track_init(kvm); + if (ret) + return ret; + INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list); INIT_LIST_HEAD(&kvm->arch.active_mmu_pages); INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages); @@ -9068,7 +9074,6 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) INIT_DELAYED_WORK(&kvm->arch.kvmclock_sync_work, kvmclock_sync_fn); kvm_hv_init_vm(kvm); - kvm_page_track_init(kvm); kvm_mmu_init_vm(kvm); if (kvm_x86_ops->vm_init) -- 2.33.0

5 months, 1 week

4
4
0 0

FAILED: patch "[PATCH] ext4: fix bug_on in __es_tree_search" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d36f6ed761b53933b0b4126486c10d3da7751e7f Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Wed, 18 May 2022 20:08:16 +0800 Subject: [PATCH] ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk) The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3 In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics. To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx. Cc: stable(a)kernel.org Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 474479ce76e0..c148bb97b527 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -372,7 +372,7 @@ static int ext4_valid_extent_entries(struct inode *inode, { unsigned short entries; ext4_lblk_t lblock = 0; - ext4_lblk_t prev = 0; + ext4_lblk_t cur = 0; if (eh->eh_entries == 0) return 1; @@ -396,11 +396,11 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping extents */ lblock = le32_to_cpu(ext->ee_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_ext_pblock(ext); return 0; } - prev = lblock + ext4_ext_get_actual_len(ext) - 1; + cur = lblock + ext4_ext_get_actual_len(ext); ext++; entries--; } @@ -420,13 +420,13 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping index extents */ lblock = le32_to_cpu(ext_idx->ei_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_idx_pblock(ext_idx); return 0; } ext_idx++; entries--; - prev = lblock; + cur = lblock + 1; } } return 1;

6 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] bpf: Fix out of bounds access for ringbuf helpers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64620e0a1e712a778095bd35cbb277dc2259281f Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <daniel(a)iogearbox.net> Date: Tue, 11 Jan 2022 14:43:41 +0000 Subject: [PATCH] bpf: Fix out of bounds access for ringbuf helpers Both bpf_ringbuf_submit() and bpf_ringbuf_discard() have ARG_PTR_TO_ALLOC_MEM in their bpf_func_proto definition as their first argument. They both expect the result from a prior bpf_ringbuf_reserve() call which has a return type of RET_PTR_TO_ALLOC_MEM_OR_NULL. Meaning, after a NULL check in the code, the verifier will promote the register type in the non-NULL branch to a PTR_TO_MEM and in the NULL branch to a known zero scalar. Generally, pointer arithmetic on PTR_TO_MEM is allowed, so the latter could have an offset. The ARG_PTR_TO_ALLOC_MEM expects a PTR_TO_MEM register type. However, the non- zero result from bpf_ringbuf_reserve() must be fed into either bpf_ringbuf_submit() or bpf_ringbuf_discard() but with the original offset given it will then read out the struct bpf_ringbuf_hdr mapping. The verifier missed to enforce a zero offset, so that out of bounds access can be triggered which could be used to escalate privileges if unprivileged BPF was enabled (disabled by default in kernel). Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: <tr3e.wang(a)gmail.com> (SecCoder Security Lab) Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e0b3f4d683eb..c72c57a6684f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5318,9 +5318,15 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, case PTR_TO_BUF: case PTR_TO_BUF | MEM_RDONLY: case PTR_TO_STACK: + /* Some of the argument types nevertheless require a + * zero register offset. + */ + if (arg_type == ARG_PTR_TO_ALLOC_MEM) + goto force_off_check; break; /* All the rest must be rejected: */ default: +force_off_check: err = __check_ptr_off_reg(env, reg, regno, type == PTR_TO_BTF_ID); if (err < 0)

7 months

3
19
0 0

[PATCH] iio: afe: rescale: Fix logic bug

by Linus Walleij

When introducing support for processed channels I needed to invert the expression: if (!iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || !iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_err(dev, "source channel does not support raw/scale\n"); To the inverse, meaning detect when we can usse raw+scale rather than when we can not. This was the result: if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_info(dev, "using raw+scale source channel\n"); Ooops. Spot the error. Yep old George Boole came up and bit me. That should be an &&. The current code "mostly works" because we have not run into systems supporting only raw but not scale or only scale but not raw, and I doubt there are few using the rescaler on anything such, but let's fix the logic. Cc: Liam Beguin <liambeguin(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 53ebee949980 ("iio: afe: iio-rescale: Support processed channels") Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/iio/afe/iio-rescale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/afe/iio-rescale.c b/drivers/iio/afe/iio-rescale.c index 7e511293d6d1..dc426e1484f0 100644 --- a/drivers/iio/afe/iio-rescale.c +++ b/drivers/iio/afe/iio-rescale.c @@ -278,7 +278,7 @@ static int rescale_configure_channel(struct device *dev, chan->ext_info = rescale->ext_info; chan->type = rescale->cfg->type; - if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || + if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) && iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) { dev_info(dev, "using raw+scale source channel\n"); } else if (iio_channel_has_info(schan, IIO_CHAN_INFO_PROCESSED)) { -- 2.35.3

1 year, 2 months

6
17
0 0

[PATCH 5.17 000/298] 5.17.15-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.17.15 release. There are 298 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.17.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.17.15-rc1 Damien Le Moal <damien.lemoal(a)opensource.wdc.com> zonefs: fix handling of explicit_open option on mount Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Fix pipe clock imbalance Christoph Hellwig <hch(a)lst.de> block, loop: support partitions without scanning Davide Caratti <dcaratti(a)redhat.com> net/sched: act_police: more accurate MTU policing Pascal Hambourg <pascal(a)plouf.fr.eu.org> md/raid0: Ignore RAID0 layout if the second zone has only one device Jason A. Donenfeld <Jason(a)zx2c4.com> random: account for arch randomness in bits Jason A. Donenfeld <Jason(a)zx2c4.com> random: mark bootloader randomness code as __init Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid checking crng_ready() twice in random_init() KuoHsiang Chou <kuohsiang_chou(a)aspeedtech.com> drm/ast: Create threshold values for AST2600 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/32: Fix overread/overwrite of thread_struct via ptrace Jason Wang <jasowang(a)redhat.com> virtio-rng: make device ready before making request Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update VCN codec support for Yellow Carp Mohammad Zafar Ziya <Mohammadzafar.ziya(a)amd.com> drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Brian Norris <briannorris(a)chromium.org> drm/atomic: Force bridge self-refresh-exit on CRTC switch Brian Norris <briannorris(a)chromium.org> drm/bridge: analogix_dp: Support PSR-exit to disable transition Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/huge_memory: Fix xarray node memory leak Peter Zijlstra <peterz(a)infradead.org> cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Xie Yongji <xieyongji(a)bytedance.com> vduse: Fix NULL pointer dereference on sysfs access Mathias Nyman <mathias.nyman(a)linux.intel.com> Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix unexpected VLAN Rx in promisc mode on VF Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix bcast packets Rx on VF after promisc removal Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Jchao Sun <sunjunchao2870(a)gmail.com> writeback: Fix inode->i_io_list not be protected by inode->i_lock error Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix misuse of the cached connection on tuple changes Tan Tee Min <tee.min.tan(a)linux.intel.com> net: phy: dp83867: retrigger SGMII AN when link change Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Fix CQE recovery reset success Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix translation of concurrent positioning ranges Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix reading concurrent positioning ranges log David Safford <david.safford(a)gmail.com> KEYS: trusted: tpm2: Fix migratable logic Tyler Erickson <tyler.erickson(a)seagate.com> scsi: sd: Fix interpretation of VPD B9h length Shyam Prasad N <sprasad(a)microsoft.com> cifs: populate empty hostnames for extra channels Paulo Alcantara <pc(a)cjr.nz> cifs: fix reconnect on smb3 mount types Shyam Prasad N <sprasad(a)microsoft.com> cifs: return errors during session setup during reconnects Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek: Add quirk for HP Dev One Cameron Berkenpas <cam(a)neo-zeon.de> ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 huangwenhui <huangwenhuia(a)uniontech.com> ALSA: hda/conexant - Fix loopback issue with CX20632 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Skip generic sync EP parse for secondary EP Bedant Patnaik <bedant.patnaik(a)gmail.com> platform/x86: hp-wmi: Use zero insize parameter only when supported Jorge Lopez <jorge.lopez2(a)hp.com> platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05) Kuan-Ying Lee <Kuan-Ying.Lee(a)mediatek.com> scripts/gdb: change kernel config dumping method Jiasheng Jiang <jiasheng(a)iscas.ac.cn> platform/x86: barco-p50-gpio: Add check for platform_driver_register Xie Yongji <xieyongji(a)bytedance.com> vringh: Fix loop descriptors check in the indirect cases Kees Cook <keescook(a)chromium.org> nodemask: Fix return values to be unsigned Yury Norov <yury.norov(a)gmail.com> drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Steve French <stfrench(a)microsoft.com> cifs: version operations for smb20 unneeded when legacy support disabled Christian Borntraeger <borntraeger(a)linux.ibm.com> s390/gmap: voluntarily schedule during key setting Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Yu Kuai <yukuai3(a)huawei.com> nbd: fix io hung while disconnecting device Yu Kuai <yukuai3(a)huawei.com> nbd: fix race between nbd_alloc_config() and module removal Yu Kuai <yukuai3(a)huawei.com> nbd: call genl_unregister_family() first in nbd_cleanup() Peter Zijlstra <peterz(a)infradead.org> jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Peter Zijlstra <peterz(a)infradead.org> x86/cpu: Elide KCSAN for cpu_has() and friends Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix undefined behavior of is_arm_mapping_symbol() Johannes Berg <johannes.berg(a)intel.com> um: line: Use separate IRQs per line Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix missing thermal throttler status Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/amd/pm: fix a potential gpu_metrics_table memory leak Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/radeon: fix a possible null pointer dereference David Galiffi <David.Galiffi(a)amd.com> drm/amd/display: Check if modulo is 0 before dividing. Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Set lower cap for neigh_managed_work rearming Xiubo Li <xiubli(a)redhat.com> ceph: flush the mdlog for filesystem sync Venky Shankar <vshankar(a)redhat.com> ceph: allow ceph.dir.rctime xattr to be updatable Michal Kubecek <mkubecek(a)suse.cz> Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Hannes Reinecke <hare(a)suse.de> scsi: myrb: Fix up null pointer access on myrb_cleanup() Guoqing Jiang <guoqing.jiang(a)cloud.ionos.com> md: protect md_unregister_thread from reentrancy Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: fix connection dropped issue Liu Xinpeng <liuxp11(a)chinatelecom.cn> watchdog: wdat_wdt: Stop watchdog when rebooting the system Hao Luo <haoluo(a)google.com> kernfs: Separate kernfs_pr_cont_buf and rename_lock. John Ogness <john.ogness(a)linutronix.de> serial: msm_serial: disable interrupts in __msm_console_write() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in r871xu_drv_init() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in usb_read8() and friends Andre Przywara <andre.przywara(a)arm.com> clocksource/drivers/sp804: Avoid error on multiple instances bumwoo lee <bw365.lee(a)samsung.com> extcon: Modify extcon device to be created after driver data is set Dan Carpenter <dan.carpenter(a)oracle.com> extcon: Fix extcon_get_extcon_dev() error handling Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx: set NULL intfdata when probe fails Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> soundwire: qcom: adjust autoenumeration timeout Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: host: Stop setting the ACPI companion Marek Szyprowski <m.szyprowski(a)samsung.com> usb: dwc2: gadget: don't reset gadget's driver->bus Changbin Du <changbin.du(a)intel.com> sysrq: do not omit current cpu when showing backtrace of all active CPUs Hangyu Hua <hbh25y(a)gmail.com> char: xillybus: fix a refcount leak in cleanup_dev() Evan Green <evgreen(a)chromium.org> USB: hcd-pci: Fully suspend across freeze/thaw cycle Duoming Zhou <duoming(a)zju.edu.cn> drivers: usb: host: Fix deadlock in oxu_bus_suspend() Duoming Zhou <duoming(a)zju.edu.cn> drivers: tty: serial: Fix deadlock in sa1100_set_termios() Zhen Ni <nizhen(a)uniontech.com> USB: host: isp116x: check return value after calling platform_get_resource() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use different lane for second DisplayPort tunnel Huang Guobin <huangguobin4(a)huawei.com> tty: Fix a possible resource leak in icom_probe Zheyu Ma <zheyuma97(a)gmail.com> tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Kees Cook <keescook(a)chromium.org> lkdtm/usercopy: Expand size of "out of frame" object Miquel Raynal <miquel.raynal(a)bootlin.com> iio: st_sensors: Add a local lock for protecting odr Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Xiaoke Wang <xkernel.wang(a)foxmail.com> iio: dummy: iio_simple_dummy: check the return value of kstrdup() David Howells <dhowells(a)redhat.com> iov_iter: Fix iter_xarray_get_pages{,_alloc}() Etienne van der Linde <etienne.vanderlinde(a)corigine.com> nfp: flower: restructure flow-key for gre+vlan combination Linus Torvalds <torvalds(a)linux-foundation.org> drm: imx: fix compiler warning with gcc-12 Muchun Song <songmuchun(a)bytedance.com> tcp: use alloc_large_system_hash() to allocate table_perturb Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Miaoqian Lin <linmq006(a)gmail.com> net: altera: Fix refcount leak in altera_tse_mdio_create Willem de Bruijn <willemb(a)google.com> ip_gre: test csum_start instead of transport header Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, fail conflicting actions Feras Daoud <ferasda(a)nvidia.com> net/mlx5: Rearm the FW tracer after each tracer event Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5: Fix mlx5_get_next_dev() peer device matching Mark Bloch <mbloch(a)nvidia.com> net/mlx5: Lag, filter non compatible devices Masahiro Yamada <masahiroy(a)kernel.org> net: ipv6: unexport __init-annotated seg6_hmac_init() Masahiro Yamada <masahiroy(a)kernel.org> net: xfrm: unexport __init-annotated xfrm4_protocol_init() Masahiro Yamada <masahiroy(a)kernel.org> net: mdio: unexport __init-annotated mdio_bus_init() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: Fix handling of invalid descriptors in XSK TX batching API Magnus Karlsson <magnus.karlsson(a)intel.com> i40e: xsk: Move tmp desc array from driver to pool Gal Pressman <gal(a)nvidia.com> net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Miaoqian Lin <linmq006(a)gmail.com> net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Eric Dumazet <edumazet(a)google.com> bpf, arm64: Clear prog->jited_len along prog->jited Jan Beulich <jbeulich(a)suse.com> x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix a data-race in unix_dgram_peer_wake_me(). Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Masahiro Yamada <masahiroy(a)kernel.org> xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong type string definition Taehee Yoo <ap420073(a)gmail.com> amt: fix possible null-ptr-deref in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong usage of pskb_may_pull() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bail out early if hardware offload is not supported Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: memleak flow rule from commit path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release new hooks on unsupported flowtable flags Miaoqian Lin <linmq006(a)gmail.com> ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: always initialize flowtable hook list in transaction Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Trap RDMA segment overflows Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Force thread size increase with KASAN Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: delete flowtable hooks via transaction list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Florian Westphal <fw(a)strlen.de> netfilter: nat: really support inet nat without l3 address Steven Price <steven.price(a)arm.com> drm/panfrost: Job should reference MMU not file_priv Marek Vasut <marex(a)denx.de> drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Kinglong Mee <kinglongmee(a)gmail.com> xprtrdma: treat all calls not a bcall when bc_serv is NULL Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during file defragment Daniel Bristot de Oliveira <bristot(a)kernel.org> rtla/Makefile: Properly handle dependencies Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `mach_get_rtc_pll' Liao Chang <liaochang1(a)huawei.com> RISC-V: use memcpy for kexec_file mode Yang Yingliang <yangyingliang(a)huawei.com> video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Saurabh Sengar <ssengar(a)linux.microsoft.com> video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't hold the layoutget locks across multiple RPC calls Radhey Shyam Pandey <radhey.shyam.pandey(a)xilinx.com> dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `_init_sp' Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: set ZERO_PAGE() to the allocated zeroed page Lucas Tanure <tanureal(a)opensource.cirrus.com> i2c: cadence: Increase timeout per message if necessary Dongliang Mu <mudongliangabcd(a)gmail.com> f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu-v3: check return value after calling platform_get_resource() Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tracing: Avoid adding tracer option before update_tracer_options Jun Miao <jun.miao(a)intel.com> tracing: Fix sleeping function called from invalid context on RT kernel Jeff Xie <xiehuan09(a)gmail.com> tracing: Make tp_printk work on syscall tracepoints Masami Hiramatsu <mhiramat(a)kernel.org> bootconfig: Make the bootconfig.o as a normal object file Gong Yuanjun <ruc_gongyuanjun(a)163.com> mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: set DMA_INTERRUPT cap bit Linus Torvalds <torvalds(a)linux-foundation.org> bluetooth: don't use bitmaps for random flag accesses Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Leo Yan <leo.yan(a)linaro.org> perf c2c: Fix sorting in percent_rmt_hitm_cmp() Zhengjun Xing <zhengjun.xing(a)linux.intel.com> perf record: Support sample-read topdown metric group for hybrid platforms Kan Liang <kan.liang(a)linux.intel.com> perf parse-events: Move slots event for the hybrid platform too Kan Liang <kan.liang(a)linux.intel.com> perf evsel: Fixes topdown events in a weak group for the hybrid platform Saravana Kannan <saravanak(a)google.com> driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Hoang Le <hoang.h.le(a)dektech.com.au> tipc: check attribute length for bearer name Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix ax25 session cleanup problems Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: sd: Fix potential NULL pointer dereference Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() David Howells <dhowells(a)redhat.com> afs: Fix infinite loop found by xfstest generic/676 Haibo Chen <haibo.chen(a)nxp.com> gpio: pca953x: use the correct register address to do regcache sync Fabien Parent <fparent(a)baylibre.com> regulator: mt6315-regulator: fix invalid allowed mode Alexander Gordeev <agordeev(a)linux.ibm.com> s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Ziyang Xuan <william.xuanziyang(a)huawei.com> macsec: fix UAF bug for real_dev Dan Carpenter <dan.carpenter(a)oracle.com> octeontx2-af: fix error code in is_valid_offset() Jason Wang <jasowang(a)redhat.com> vdpa: ifcvf: set pci driver data in probe Eric Dumazet <edumazet(a)google.com> tcp: tcp_rtx_synack() can be called from process context Guoju Fang <gjfang(a)linux.alibaba.com> net: sched: add barrier to fix packet stuck problem for lockless qdisc Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Update netdev features after changing XDP state Changcheng Liu <jerrliu(a)nvidia.com> net/mlx5: correct ECE offset in query qp output Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Paul Blakey <paulb(a)nvidia.com> net/mlx5: CT: Fix header-rewrite re-use for tupels Maor Dickman <maord(a)nvidia.com> net/mlx5e: TC NIC mode, fix tc chains miss table Leon Romanovsky <leon(a)kernel.org> net/mlx5: Don't use already freed action pointer Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> virtio: pci: Fix an error handling path in vp_modern_probe() Eli Cohen <elic(a)nvidia.com> vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Haisu Wang <haisuwang(a)tencent.com> blk-mq: do not update io_ticks with passthrough requests Jens Axboe <axboe(a)kernel.dk> block: make bioset_exit() fully resilient against being called twice Íñigo Huguet <ihuguet(a)redhat.com> sfc: fix wrong tx channel offset with efx_separate_tx_channels Martin Habets <habetsm.xilinx(a)gmail.com> sfc: fix considering that all channels have TX queues Christoph Hellwig <hch(a)lst.de> block: use bio_queue_enter instead of blk_queue_enter in bio_poll Yu Xiao <yu.xiao(a)corigine.com> nfp: only report pause frame configuration for physical device Eric Dumazet <edumazet(a)google.com> tcp: add accessors to read/set tp->snd_cwnd Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: read-only pages should not be writable Yu Kuai <yukuai3(a)huawei.com> nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed Christoph Hellwig <hch(a)lst.de> block: take destination bvec offsets into account in bio_copy_data_iter Menglong Dong <imagedong(a)tencent.com> bpf: Fix probe read error in ___bpf_prog_run() Song Liu <song(a)kernel.org> selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix selftest after random: Urandom_read tracepoint removal Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: ubi_create_volume: Fix use-after-free when volume creation failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_do_fill_super Genjian Zhang <zhanggenjian123(a)gmail.com> ep93xx: clock: Do not return the address of the freed memory Alexander Lobakin <alexandr.lobakin(a)intel.com> modpost: fix removing numeric suffixes Miaoqian Lin <linmq006(a)gmail.com> net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Dan Carpenter <dan.carpenter(a)oracle.com> net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Vincent Ray <vray(a)kalrayinc.com> net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Michael Walle <michael(a)walle.cc> net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Eddie James <eajames(a)linux.ibm.com> spi: fsi: Fix spurious timeout liuyacan <liuyacan(a)corp.netease.com> net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Taehee Yoo <ap420073(a)gmail.com> amt: fix possible memory leak in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix return value of amt_update_handler() Jann Horn <jannh(a)google.com> s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Ming Lei <ming.lei(a)redhat.com> blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx Miaoqian Lin <linmq006(a)gmail.com> watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Miaoqian Lin <linmq006(a)gmail.com> watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Zhang Wensheng <zhangwensheng5(a)huawei.com> driver core: fix deadlock in __device_attach Schspa Shi <schspa(a)gmail.com> driver: base: fix UAF when driver_attach failed Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix warnings for unbind for serial Miaoqian Lin <linmq006(a)gmail.com> firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: stm32-usart: Correct CSIZE, bits, and parity Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sifive: Sanitize CSIZE and c_iflag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sh-sci: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: txx9: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: rda-uart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: digicolor-usart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: uartlite: Fix BRKINT clearing YueHaibing <yuehaibing(a)huawei.com> serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 John Ogness <john.ogness(a)linutronix.de> serial: meson: acquire port->lock in startup() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> staging: r8188eu: add check for kzalloc Miaoqian Lin <linmq006(a)gmail.com> rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Yang Yingliang <yangyingliang(a)huawei.com> rtc: mt6397: check return value after calling platform_get_resource() Howard Chiu <howard_chiu(a)aspeedtech.com> ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Samuel Holland <samuel(a)sholland.org> clocksource/drivers/riscv: Events are stopped during CPU suspend Miaoqian Lin <linmq006(a)gmail.com> soc: rockchip: Fix refcount leak in rockchip_grf_init Nícolas F. R. A. Prado <nfraprado(a)collabora.com> dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Li Jun <jun.li(a)nxp.com> extcon: ptn5150: Add queue work sync before driver release Xin Xiong <xiongx18(a)fudan.edu.cn> ksmbd: fix reference count leak in smb_check_perm_dacl() Guilherme G. Piccoli <gpiccoli(a)igalia.com> coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: prevent pm_runtime resume prior to system suspend Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix reset control imbalance Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix Runtime PM usage Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> export: fix string handling of namespace in EXPORT_SYMBOL_NS Maciej W. Rozycki <macro(a)orcam.me.uk> serial: sifive: Report actual baud base rather than fixed 115200 Linus Walleij <linus.walleij(a)linaro.org> power: supply: ab8500_fg: Allocate wq in probe Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Johan Hovold <johan+linaro(a)kernel.org> phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Guilherme G. Piccoli <gpiccoli(a)igalia.com> misc/pvpanic: Convert regular spinlock into trylock on panic path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: Fine tune the scale calibration values Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: fix read big scale voltage not right Miaoqian Lin <linmq006(a)gmail.com> iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Miaoqian Lin <linmq006(a)gmail.com> iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_probe() Bjorn Andersson <bjorn.andersson(a)linaro.org> usb: typec: mux: Check dev_set_name() return value Xiaomeng Tong <xiam0nd.tong(a)gmail.com> firmware: stratix10-svc: fix a missing check on list iterator Xiaomeng Tong <xiam0nd.tong(a)gmail.com> misc: fastrpc: fix an incorrect NULL check on list iterator SeongJae Park <sj(a)kernel.org> scripts/get_abi: Fix wrong script file name in the help message Zheng Yongjun <zhengyongjun3(a)huawei.com> usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: raspberrypi-poe: Fix endianness in firmware struct Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: lp3943: Fix duty calculation in case period was clamped Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Miaoqian Lin <linmq006(a)gmail.com> usb: musb: Fix missing of_node_put() in omap2430_probe Lin Ma <linma(a)zju.edu.cn> USB: storage: karma: fix rio_karma_init return Niels Dossche <dossche.niels(a)gmail.com> usb: usbip: add missing device lock on tweak configuration cmd Hangyu Hua <hbh25y(a)gmail.com> usb: usbip: fix a refcount leak in stub_probe() Samuel Holland <samuel(a)sholland.org> phy: rockchip-inno-usb2: Fix muxed interrupt support Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Ignore create mem entry for resource table Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Miaoqian Lin <linmq006(a)gmail.com> serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Daniel Gibson <daniel(a)gibson.sh> tty: n_tty: Restore EOF push handling behavior Miaoqian Lin <linmq006(a)gmail.com> tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Wang Weiyang <wangweiyang2(a)huawei.com> tty: goldfish: Use tty_port_destroy() to destroy port Christophe Leroy <christophe.leroy(a)csgroup.eu> lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP Jiasheng Jiang <jiasheng(a)iscas.ac.cn> lkdtm/bugs: Check for the NULL pointer after calling kmalloc Alexandru Tachici <alexandru.tachici(a)analog.com> iio: adc: ad7124: Remove shift from scan_type Jakob Koschel <jakobkoschel(a)gmail.com> staging: greybus: codecs: fix type confusion of list iterator variable Randy Dunlap <rdunlap(a)infradead.org> pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards ------------- Diffstat: Documentation/ABI/testing/sysfs-ata | 11 +- .../bindings/regulator/mt6315-regulator.yaml | 4 +- .../devicetree/bindings/remoteproc/mtk,scp.yaml | 44 ++-- Documentation/tools/rtla/Makefile | 14 +- Makefile | 4 +- arch/arm/boot/dts/aspeed-ast2600-evb.dts | 4 +- arch/arm/mach-ep93xx/clock.c | 10 +- arch/arm64/net/bpf_jit_comp.c | 1 + arch/m68k/Kconfig.machine | 1 + arch/m68k/include/asm/pgtable_no.h | 3 +- arch/m68k/kernel/setup_mm.c | 7 - arch/m68k/kernel/setup_no.c | 1 - arch/m68k/kernel/time.c | 9 + arch/mips/kernel/mips-cpc.c | 1 + arch/powerpc/Kconfig | 2 - arch/powerpc/include/asm/thread_info.h | 10 +- arch/powerpc/kernel/ptrace/ptrace-fpu.c | 20 +- arch/powerpc/kernel/ptrace/ptrace.c | 3 + arch/riscv/kernel/efi.c | 2 +- arch/riscv/kernel/machine_kexec.c | 4 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/kernel/entry.S | 6 +- arch/s390/mm/gmap.c | 14 ++ arch/um/drivers/chan_kern.c | 10 +- arch/um/drivers/line.c | 22 +- arch/um/drivers/line.h | 4 +- arch/um/drivers/ssl.c | 2 - arch/um/drivers/stdio_console.c | 2 - arch/um/include/asm/irq.h | 22 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/uaccess.h | 2 +- block/bio.c | 9 +- block/blk-core.c | 2 +- block/blk-mq.c | 10 +- block/genhd.c | 2 + drivers/ata/libata-core.c | 21 +- drivers/ata/libata-scsi.c | 2 +- drivers/ata/libata-transport.c | 2 +- drivers/ata/pata_octeon_cf.c | 3 + drivers/base/bus.c | 4 +- drivers/base/dd.c | 10 +- drivers/block/loop.c | 8 +- drivers/block/nbd.c | 55 +++-- drivers/bus/ti-sysc.c | 4 +- drivers/char/hw_random/virtio-rng.c | 2 + drivers/char/random.c | 15 +- drivers/char/xillybus/xillyusb.c | 1 + drivers/clocksource/timer-oxnas-rps.c | 2 +- drivers/clocksource/timer-riscv.c | 2 +- drivers/clocksource/timer-sp804.c | 10 +- drivers/dma/idxd/dma.c | 1 + drivers/dma/xilinx/zynqmp_dma.c | 5 +- drivers/extcon/extcon-axp288.c | 4 +- drivers/extcon/extcon-ptn5150.c | 11 + drivers/extcon/extcon.c | 33 +-- drivers/firmware/dmi-sysfs.c | 2 +- drivers/firmware/stratix10-svc.c | 12 +- drivers/gpio/gpio-pca953x.c | 19 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 1 + drivers/gpu/drm/amd/amdgpu/nv.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 3 + drivers/gpu/drm/ast/ast_mode.c | 5 +- drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 42 +++- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 16 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 9 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 5 +- drivers/gpu/drm/panfrost/panfrost_job.c | 6 +- drivers/gpu/drm/panfrost/panfrost_job.h | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 4 + drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 +- drivers/i2c/busses/i2c-cadence.c | 12 +- drivers/idle/intel_idle.c | 32 ++- drivers/iio/adc/ad7124.c | 1 - drivers/iio/adc/sc27xx_adc.c | 20 +- drivers/iio/adc/stmpe-adc.c | 8 +- drivers/iio/common/st_sensors/st_sensors_core.c | 24 +- drivers/iio/dummy/iio_simple_dummy.c | 20 +- drivers/iio/proximity/vl53l0x-i2c.c | 7 +- drivers/input/mouse/bcm5974.c | 7 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 5 +- drivers/md/md.c | 15 +- drivers/md/raid0.c | 31 +-- drivers/misc/cardreader/rtsx_usb.c | 1 + drivers/misc/fastrpc.c | 9 +- drivers/misc/lkdtm/bugs.c | 10 +- drivers/misc/lkdtm/lkdtm.h | 8 +- drivers/misc/lkdtm/usercopy.c | 17 +- drivers/misc/pvpanic/pvpanic.c | 10 +- drivers/mmc/core/block.c | 3 +- drivers/mtd/ubi/fastmap-wl.c | 69 ++++-- drivers/mtd/ubi/fastmap.c | 11 - drivers/mtd/ubi/ubi.h | 4 +- drivers/mtd/ubi/vmt.c | 1 - drivers/mtd/ubi/wl.c | 19 +- drivers/net/amt.c | 59 +++-- drivers/net/dsa/lantiq_gswip.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 1 + drivers/net/dsa/mv88e6xxx/serdes.c | 27 +-- drivers/net/ethernet/altera/altera_tse_main.c | 6 +- drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c | 1 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 11 - drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 - drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 72 ++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 + drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 1 + .../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/en/trap.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/pool.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 38 ++- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 37 ++- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 32 +-- drivers/net/ethernet/netronome/nfp/flower/match.c | 16 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 +- drivers/net/ethernet/sfc/efx_channels.c | 6 +- drivers/net/ethernet/sfc/net_driver.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 3 +- drivers/net/macsec.c | 7 + drivers/net/phy/dp83867.c | 29 +++ drivers/net/phy/mdio_bus.c | 1 - drivers/nfc/st21nfca/se.c | 53 +++-- drivers/pci/controller/dwc/pcie-qcom.c | 6 - drivers/pci/controller/pcie-brcmstb.c | 257 +++------------------ drivers/pcmcia/Kconfig | 2 +- drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +- drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +- drivers/platform/x86/barco-p50-gpio.c | 5 +- drivers/platform/x86/hp-wmi.c | 23 +- drivers/power/supply/ab8500_fg.c | 19 +- drivers/power/supply/axp288_charger.c | 17 +- drivers/power/supply/axp288_fuel_gauge.c | 1 - drivers/power/supply/charger-manager.c | 7 +- drivers/power/supply/max8997_charger.c | 8 +- drivers/pwm/pwm-lp3943.c | 1 + drivers/pwm/pwm-raspberrypi-poe.c | 2 +- drivers/remoteproc/imx_rproc.c | 3 + drivers/rpmsg/qcom_smd.c | 4 +- drivers/rpmsg/virtio_rpmsg_bus.c | 9 +- drivers/rtc/rtc-ftrtc010.c | 34 ++- drivers/rtc/rtc-mt6397.c | 2 + drivers/scsi/myrb.c | 11 +- drivers/scsi/sd.c | 3 +- drivers/soc/rockchip/grf.c | 2 + drivers/soundwire/intel.c | 3 + drivers/soundwire/qcom.c | 2 +- drivers/spi/spi-fsi.c | 12 +- drivers/staging/fieldbus/anybuss/host.c | 2 +- drivers/staging/greybus/audio_codec.c | 4 +- drivers/staging/r8188eu/core/rtw_xmit.c | 13 +- drivers/staging/r8188eu/include/rtw_xmit.h | 2 +- drivers/staging/rtl8192e/rtllib_softmac.c | 2 +- .../staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +- drivers/staging/rtl8712/os_intfs.c | 1 - drivers/staging/rtl8712/usb_intf.c | 12 +- drivers/staging/rtl8712/usb_ops.c | 27 ++- drivers/staging/rtl8723bs/core/rtw_mlme.c | 12 +- drivers/thunderbolt/tb.c | 19 +- drivers/thunderbolt/test.c | 16 +- drivers/thunderbolt/tunnel.c | 11 +- drivers/thunderbolt/tunnel.h | 4 +- drivers/tty/goldfish.c | 2 + drivers/tty/n_tty.c | 38 ++- drivers/tty/serial/8250/8250_aspeed_vuart.c | 2 + drivers/tty/serial/8250/8250_fintek.c | 8 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 2 +- drivers/tty/serial/digicolor-usart.c | 2 + drivers/tty/serial/fsl_lpuart.c | 24 +- drivers/tty/serial/icom.c | 2 +- drivers/tty/serial/meson_uart.c | 13 ++ drivers/tty/serial/msm_serial.c | 5 + drivers/tty/serial/owl-uart.c | 1 + drivers/tty/serial/rda-uart.c | 2 + drivers/tty/serial/sa1100.c | 4 +- drivers/tty/serial/serial_txx9.c | 2 + drivers/tty/serial/sh-sci.c | 6 +- drivers/tty/serial/sifive.c | 8 +- drivers/tty/serial/st-asc.c | 4 + drivers/tty/serial/stm32-usart.c | 15 +- drivers/tty/serial/uartlite.c | 3 +- drivers/tty/synclink_gt.c | 2 + drivers/tty/sysrq.c | 13 +- drivers/usb/core/hcd-pci.c | 4 +- drivers/usb/dwc2/gadget.c | 1 - drivers/usb/dwc3/drd.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/dwc3/gadget.c | 20 +- drivers/usb/dwc3/host.c | 2 - drivers/usb/host/isp116x-hcd.c | 6 +- drivers/usb/host/oxu210hp-hcd.c | 2 + drivers/usb/musb/omap2430.c | 1 + drivers/usb/phy/phy-omap-otg.c | 4 +- drivers/usb/storage/karma.c | 15 +- drivers/usb/typec/mux.c | 14 +- drivers/usb/typec/tcpm/fusb302.c | 4 +- drivers/usb/usbip/stub_dev.c | 2 +- drivers/usb/usbip/stub_rx.c | 2 + drivers/vdpa/ifcvf/ifcvf_main.c | 3 +- drivers/vdpa/vdpa.c | 13 +- drivers/vdpa/vdpa_user/vduse_dev.c | 7 +- drivers/vhost/vringh.c | 10 +- drivers/video/fbdev/hyperv_fb.c | 19 +- drivers/video/fbdev/pxa3xx-gcu.c | 12 +- drivers/virtio/virtio_pci_modern_dev.c | 1 + drivers/watchdog/rti_wdt.c | 2 +- drivers/watchdog/rzg2l_wdt.c | 46 ++-- drivers/watchdog/ts4800_wdt.c | 5 +- drivers/watchdog/wdat_wdt.c | 1 + drivers/xen/xlate_mmu.c | 1 - fs/afs/dir.c | 5 +- fs/ceph/mds_client.c | 33 ++- fs/ceph/xattr.c | 10 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsfs.h | 2 +- fs/cifs/cifsglob.h | 4 +- fs/cifs/connect.c | 4 + fs/cifs/misc.c | 27 ++- fs/cifs/sess.c | 5 +- fs/cifs/smb2ops.c | 7 +- fs/cifs/smb2pdu.c | 3 + fs/f2fs/checkpoint.c | 4 +- fs/f2fs/file.c | 1 + fs/fs-writeback.c | 37 ++- fs/inode.c | 2 +- fs/jffs2/fs.c | 1 + fs/kernfs/dir.c | 31 ++- fs/ksmbd/smbacl.c | 1 + fs/ksmbd/transport_rdma.c | 1 + fs/nfs/nfs4proc.c | 4 + fs/zonefs/super.c | 11 +- include/linux/export.h | 7 +- include/linux/extcon.h | 2 +- include/linux/genhd.h | 1 + include/linux/iio/common/st_sensors.h | 3 + include/linux/jump_label.h | 4 +- include/linux/mlx5/mlx5_ifc.h | 5 +- include/linux/nodemask.h | 38 +-- include/linux/random.h | 2 +- include/linux/xarray.h | 1 + include/net/ax25.h | 1 + include/net/bluetooth/hci_core.h | 17 +- include/net/flow_offload.h | 1 + include/net/netfilter/nf_tables.h | 1 - include/net/netfilter/nf_tables_offload.h | 2 +- include/net/sch_generic.h | 42 ++-- include/net/tcp.h | 19 +- include/net/xdp_sock_drv.h | 5 +- include/net/xsk_buff_pool.h | 1 + include/trace/events/tcp.h | 2 +- kernel/bpf/core.c | 14 +- kernel/trace/trace.c | 13 +- kernel/trace/trace_syscalls.c | 35 +-- lib/Makefile | 2 +- lib/iov_iter.c | 20 +- lib/nodemask.c | 4 +- lib/xarray.c | 5 +- mm/huge_memory.c | 3 +- net/ax25/af_ax25.c | 27 ++- net/ax25/ax25_dev.c | 1 + net/ax25/ax25_subr.c | 2 +- net/bluetooth/hci_core.c | 4 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 62 +++-- net/bluetooth/mgmt.c | 45 ++-- net/core/filter.c | 2 +- net/core/flow_offload.c | 6 + net/core/neighbour.c | 2 +- net/ipv4/inet_hashtables.c | 10 +- net/ipv4/ip_gre.c | 11 +- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_bbr.c | 20 +- net/ipv4/tcp_bic.c | 14 +- net/ipv4/tcp_cdg.c | 30 +-- net/ipv4/tcp_cong.c | 18 +- net/ipv4/tcp_cubic.c | 22 +- net/ipv4/tcp_dctcp.c | 11 +- net/ipv4/tcp_highspeed.c | 18 +- net/ipv4/tcp_htcp.c | 10 +- net/ipv4/tcp_hybla.c | 18 +- net/ipv4/tcp_illinois.c | 12 +- net/ipv4/tcp_input.c | 36 +-- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_lp.c | 6 +- net/ipv4/tcp_metrics.c | 12 +- net/ipv4/tcp_nv.c | 24 +- net/ipv4/tcp_output.c | 34 +-- net/ipv4/tcp_rate.c | 2 +- net/ipv4/tcp_scalable.c | 4 +- net/ipv4/tcp_vegas.c | 21 +- net/ipv4/tcp_veno.c | 24 +- net/ipv4/tcp_westwood.c | 3 +- net/ipv4/tcp_yeah.c | 30 +-- net/ipv4/xfrm4_protocol.c | 1 - net/ipv6/seg6_hmac.c | 1 - net/ipv6/tcp_ipv6.c | 2 +- net/key/af_key.c | 10 +- net/netfilter/nf_tables_api.c | 54 ++--- net/netfilter/nf_tables_offload.c | 23 +- net/netfilter/nft_nat.c | 3 +- net/openvswitch/actions.c | 6 + net/openvswitch/conntrack.c | 4 +- net/sched/act_police.c | 16 +- net/smc/af_smc.c | 1 + net/smc/smc_cdc.c | 2 +- net/sunrpc/xdr.c | 6 +- net/sunrpc/xprtrdma/rpc_rdma.c | 5 + net/sunrpc/xprtrdma/svc_rdma_rw.c | 4 +- net/tipc/bearer.c | 3 +- net/unix/af_unix.c | 2 +- net/xdp/xsk.c | 16 +- net/xdp/xsk_buff_pool.c | 7 + net/xdp/xsk_queue.h | 14 +- scripts/gdb/linux/config.py | 6 +- scripts/get_abi.pl | 4 +- scripts/mod/modpost.c | 5 +- security/keys/trusted-keys/trusted_tpm2.c | 4 +- sound/pci/hda/patch_conexant.c | 7 + sound/pci/hda/patch_realtek.c | 2 + sound/soc/codecs/rt5640.c | 11 +- sound/soc/codecs/rt5640.h | 2 + sound/soc/fsl/fsl_sai.h | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 + sound/usb/pcm.c | 5 +- sound/usb/quirks-table.h | 7 +- tools/perf/arch/x86/util/evlist.c | 5 +- tools/perf/arch/x86/util/evsel.c | 24 +- tools/perf/arch/x86/util/evsel.h | 7 + tools/perf/arch/x86/util/topdown.c | 46 ++-- tools/perf/arch/x86/util/topdown.h | 7 + tools/perf/builtin-c2c.c | 4 +- .../selftests/bpf/progs/test_stacktrace_build_id.c | 12 +- .../testing/selftests/net/forwarding/tc_police.sh | 52 +++++ tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++ tools/tracing/rtla/Makefile | 35 +++ 356 files changed, 2368 insertions(+), 1550 deletions(-)

1 year, 3 months

6
311
0 0

[PATCH 1/1] net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero

by Lee Jones

Currently, due to the sequential use of min_t() and clamp_t() macros, in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is not set, the logic sets tx_max to 0. This is then used to allocate the data area of the SKB requested later in cdc_ncm_fill_tx_frame(). This does not cause an issue presently because when memory is allocated during initialisation phase of SKB creation, more memory (512b) is allocated than is required for the SKB headers alone (320b), leaving some space (512b - 320b = 192b) for CDC data (172b). However, if more elements (for example 3 x u64 = [24b]) were added to one of the SKB header structs, say 'struct skb_shared_info', increasing its original size (320b [320b aligned]) to something larger (344b [384b aligned]), then suddenly the CDC data (172b) no longer fits in the spare SKB data area (512b - 384b = 128b). Consequently the SKB bounds checking semantics fails and panics: skbuff: skb_over_panic: text:ffffffff830a5b5f len:184 put:172 \ head:ffff888119227c00 data:ffff888119227c00 tail:0xb8 end:0x80 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:110! RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106 <snip> Call Trace: <IRQ> skb_over_panic+0x2c/0x30 net/core/skbuff.c:115 skb_put+0x205/0x210 net/core/skbuff.c:1877 skb_put_zero include/linux/skbuff.h:2270 [inline] cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1116 [inline] cdc_ncm_fill_tx_frame+0x127f/0x3d50 drivers/net/usb/cdc_ncm.c:1293 cdc_ncm_tx_fixup+0x98/0xf0 drivers/net/usb/cdc_ncm.c:1514 By overriding the max value with the default CDC_NCM_NTB_MAX_SIZE_TX when not offered through the system provided params, we ensure enough data space is allocated to handle the CDC data, meaning no crash will occur. Cc: stable(a)vger.kernel.org Cc: Oliver Neukum <oliver(a)neukum.org> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: linux-usb(a)vger.kernel.org Cc: netdev(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Fixes: 289507d3364f9 ("net: cdc_ncm: use sysfs for rx/tx aggregation tuning") Signed-off-by: Lee Jones <lee.jones(a)linaro.org> --- drivers/net/usb/cdc_ncm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 24753a4da7e60..e303b522efb50 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -181,6 +181,8 @@ static u32 cdc_ncm_check_tx_max(struct usbnet *dev, u32 new_tx) min = ctx->max_datagram_size + ctx->max_ndp_size + sizeof(struct usb_cdc_ncm_nth32); max = min_t(u32, CDC_NCM_NTB_MAX_SIZE_TX, le32_to_cpu(ctx->ncm_parm.dwNtbOutMaxSize)); + if (max == 0) + max = CDC_NCM_NTB_MAX_SIZE_TX; /* dwNtbOutMaxSize not set */ /* some devices set dwNtbOutMaxSize too low for the above default */ min = min(min, max); -- 2.34.0.384.gca35af8252-goog

1 year, 6 months

6
13
0 0

[PATCH 0/9] KVM backports to 5.10

by Rishabh Bhatnagar

This patch series backports a few VM preemption_status, steal_time and PV TLB flushing fixes to 5.10 stable kernel. Most of the changes backport cleanly except i had to work around a few becauseof missing support/APIs in 5.10 kernel. I have captured those in the changelog as well in the individual patches. Changelog - Use mark_page_dirty_in_slot api without kvm argument (KVM: x86: Fix recording of guest steal time / preempted status) - Avoid checking for xen_msr and SEV-ES conditions (KVM: x86: do not set st->preempted when going back to user space) - Use VCPU_STAT macro to expose preemption_reported and preemption_other fields (KVM: x86: do not report a vCPU as preempted outside instruction boundaries) David Woodhouse (2): KVM: x86: Fix recording of guest steal time / preempted status KVM: Fix steal time asm constraints Lai Jiangshan (1): KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior Paolo Bonzini (5): KVM: x86: do not set st->preempted when going back to user space KVM: x86: do not report a vCPU as preempted outside instruction boundaries KVM: x86: revalidate steal time cache if MSR value changes KVM: x86: do not report preemption if the steal time cache is stale KVM: x86: move guest_pv_has out of user_access section Sean Christopherson (1): KVM: x86: Remove obsolete disabling of page faults in kvm_arch_vcpu_put() arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 164 ++++++++++++++++++++++---------- 4 files changed, 122 insertions(+), 50 deletions(-) -- 2.37.1

1 year, 6 months

6
19
0 0

[PATCH v2 1/8] drm: Disable the cursor plane on atomic contexts with virtualized drivers

by Zack Rusin

From: Zack Rusin <zackr(a)vmware.com> Cursor planes on virtualized drivers have special meaning and require that the clients handle them in specific ways, e.g. the cursor plane should react to the mouse movement the way a mouse cursor would be expected to and the client is required to set hotspot properties on it in order for the mouse events to be routed correctly. This breaks the contract as specified by the "universal planes". Fix it by disabling the cursor planes on virtualized drivers while adding a foundation on top of which it's possible to special case mouse cursor planes for clients that want it. Disabling the cursor planes makes some kms compositors which were broken, e.g. Weston, fallback to software cursor which works fine or at least better than currently while having no effect on others, e.g. gnome-shell or kwin, which put virtualized drivers on a deny-list when running in atomic context to make them fallback to legacy kms and avoid this issue. Signed-off-by: Zack Rusin <zackr(a)vmware.com> Fixes: 681e7ec73044 ("drm: Allow userspace to ask for universal plane list (v2)") Cc: <stable(a)vger.kernel.org> # v5.4+ Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)linux.ie> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Gerd Hoffmann <kraxel(a)redhat.com> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Gurchetan Singh <gurchetansingh(a)chromium.org> Cc: Chia-I Wu <olvaffe(a)gmail.com> Cc: dri-devel(a)lists.freedesktop.org Cc: virtualization(a)lists.linux-foundation.org Cc: spice-devel(a)lists.freedesktop.org --- drivers/gpu/drm/drm_plane.c | 11 +++++++++++ drivers/gpu/drm/qxl/qxl_drv.c | 2 +- drivers/gpu/drm/vboxvideo/vbox_drv.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- include/drm/drm_drv.h | 10 ++++++++++ include/drm/drm_file.h | 12 ++++++++++++ 7 files changed, 38 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c index 726f2f163c26..e1e2a65c7119 100644 --- a/drivers/gpu/drm/drm_plane.c +++ b/drivers/gpu/drm/drm_plane.c @@ -667,6 +667,17 @@ int drm_mode_getplane_res(struct drm_device *dev, void *data, !file_priv->universal_planes) continue; + /* + * Unless userspace supports virtual cursor plane + * then if we're running on virtual driver do not + * advertise cursor planes because they'll be broken + */ + if (plane->type == DRM_PLANE_TYPE_CURSOR && + drm_core_check_feature(dev, DRIVER_VIRTUAL) && + file_priv->atomic && + !file_priv->supports_virtual_cursor_plane) + continue; + if (drm_lease_held(file_priv, plane->base.id)) { if (count < plane_resp->count_planes && put_user(plane->base.id, plane_ptr + count)) diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c index 1cb6f0c224bb..0e4212e05caa 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -281,7 +281,7 @@ static const struct drm_ioctl_desc qxl_ioctls[] = { }; static struct drm_driver qxl_driver = { - .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC, + .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC | DRIVER_VIRTUAL, .dumb_create = qxl_mode_dumb_create, .dumb_map_offset = drm_gem_ttm_dumb_map_offset, diff --git a/drivers/gpu/drm/vboxvideo/vbox_drv.c b/drivers/gpu/drm/vboxvideo/vbox_drv.c index f4f2bd79a7cb..84e75bcc3384 100644 --- a/drivers/gpu/drm/vboxvideo/vbox_drv.c +++ b/drivers/gpu/drm/vboxvideo/vbox_drv.c @@ -176,7 +176,7 @@ DEFINE_DRM_GEM_FOPS(vbox_fops); static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC, + DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC | DRIVER_VIRTUAL, .lastclose = drm_fb_helper_lastclose, diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c index 5f25a8d15464..3c5bb006159a 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.c +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c @@ -198,7 +198,8 @@ MODULE_AUTHOR("Alon Levy"); DEFINE_DRM_GEM_FOPS(virtio_gpu_driver_fops); static const struct drm_driver driver = { - .driver_features = DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC, + .driver_features = + DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_VIRTUAL, .open = virtio_gpu_driver_open, .postclose = virtio_gpu_driver_postclose, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 01a5b47e95f9..712f6ad0b014 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1581,7 +1581,7 @@ static const struct file_operations vmwgfx_driver_fops = { static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM, + DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM | DRIVER_VIRTUAL, .ioctls = vmw_ioctls, .num_ioctls = ARRAY_SIZE(vmw_ioctls), .master_set = vmw_master_set, diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h index f6159acb8856..c4cd7fc350d9 100644 --- a/include/drm/drm_drv.h +++ b/include/drm/drm_drv.h @@ -94,6 +94,16 @@ enum drm_driver_feature { * synchronization of command submission. */ DRIVER_SYNCOBJ_TIMELINE = BIT(6), + /** + * @DRIVER_VIRTUAL: + * + * Driver is running on top of virtual hardware. The most significant + * implication of this is a requirement of special handling of the + * cursor plane (e.g. cursor plane has to actually track the mouse + * cursor and the clients are required to set hotspot in order for + * the cursor planes to work correctly). + */ + DRIVER_VIRTUAL = BIT(7), /* IMPORTANT: Below are all the legacy flags, add new ones above. */ diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index e0a73a1e2df7..3e5c36891161 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -223,6 +223,18 @@ struct drm_file { */ bool is_master; + /** + * @supports_virtual_cursor_plane: + * + * This client is capable of handling the cursor plane with the + * restrictions imposed on it by the virtualized drivers. + * + * The implies that the cursor plane has to behave like a cursor + * i.e. track cursor movement. It also requires setting of the + * hotspot properties by the client on the cursor plane. + */ + bool supports_virtual_cursor_plane; + /** * @master: * -- 2.34.1

1 year, 6 months

6
12
0 0

[v4 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

by Yang Shi

The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> page_mapcount include/linux/mm.h:837 [inline] smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466 smaps_pte_entry fs/proc/task_mmu.c:538 [inline] smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601 walk_pmd_range mm/pagewalk.c:128 [inline] walk_pud_range mm/pagewalk.c:205 [inline] walk_p4d_range mm/pagewalk.c:240 [inline] walk_pgd_range mm/pagewalk.c:277 [inline] __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379 walk_page_vma+0x277/0x350 mm/pagewalk.c:530 smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768 smap_gather_stats fs/proc/task_mmu.c:741 [inline] show_smap+0xc6/0x440 fs/proc/task_mmu.c:822 seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272 seq_read+0x3e0/0x5b0 fs/seq_file.c:162 vfs_read+0x1b5/0x600 fs/read_write.c:479 ksys_read+0x12d/0x250 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7faa2af6c969 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faa2aefd288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007faa2aff4418 RCX: 00007faa2af6c969 RDX: 0000000000002025 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007faa2aff4410 R08: 00007faa2aefd700 R09: 0000000000000000 R10: 00007faa2aefd700 R11: 0000000000000246 R12: 00007faa2afc20ac R13: 00007fff7e6632bf R14: 00007faa2aefd400 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 24ec93ff95e4ac3d ]--- RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 The reproducer was trying to reading /proc/$PID/smaps when calling MADV_FREE at the mean time. MADV_FREE may split THPs if it is called for partial THP. It may trigger the below race: CPU A CPU B ----- ----- smaps walk: MADV_FREE: page_mapcount() PageCompound() split_huge_page() page = compound_head(page) PageDoubleMap(page) When calling PageDoubleMap() this page is not a tail page of THP anymore so the BUG is triggered. This could be fixed by elevated refcount of the page before calling mapcount, but it prevents from counting migration entries, and it seems overkilling because the race just could happen when PMD is split so all PTE entries of tail pages are actually migration entries, and smaps_account() does treat migration entries as mapcount == 1 as Kirill pointed out. Add a new parameter for smaps_account() to tell this entry is migration entry then skip calling page_mapcount(). Don't skip getting mapcount for device private entries since they do track references with mapcount. Pagemap also has the similar issue although it was not reported. Fixed it as well. Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()") Reported-by: syzbot+1f52b3a18d5633fa7f82(a)syzkaller.appspotmail.com Acked-by: David Hildenbrand <david(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Jann Horn <jannh(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Yang Shi <shy828301(a)gmail.com> --- v4: * s/Treated/Treat per David * Collected acked-by tag from David v3: * Fixed the fix tag, the one used by v2 was not accurate * Added comment about the risk calling page_mapcount() per David * Fix pagemap v2: * Added proper fix tag per Jann Horn * Rebased to the latest linus's tree fs/proc/task_mmu.c | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 18f8c3acbb85..bc2f46033231 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -440,7 +440,8 @@ static void smaps_page_accumulate(struct mem_size_stats *mss, } static void smaps_account(struct mem_size_stats *mss, struct page *page, - bool compound, bool young, bool dirty, bool locked) + bool compound, bool young, bool dirty, bool locked, + bool migration) { int i, nr = compound ? compound_nr(page) : 1; unsigned long size = nr * PAGE_SIZE; @@ -467,8 +468,15 @@ static void smaps_account(struct mem_size_stats *mss, struct page *page, * page_count(page) == 1 guarantees the page is mapped exactly once. * If any subpage of the compound page mapped with PTE it would elevate * page_count(). + * + * The page_mapcount() is called to get a snapshot of the mapcount. + * Without holding the page lock this snapshot can be slightly wrong as + * we cannot always read the mapcount atomically. It is not safe to + * call page_mapcount() even with PTL held if the page is not mapped, + * especially for migration entries. Treat regular migration entries + * as mapcount == 1. */ - if (page_count(page) == 1) { + if ((page_count(page) == 1) || migration) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty, locked, true); return; @@ -517,6 +525,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pte_present(*pte)) { page = vm_normal_page(vma, addr, *pte); @@ -536,8 +545,11 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, } else { mss->swap_pss += (u64)PAGE_SIZE << PSS_SHIFT; } - } else if (is_pfn_swap_entry(swpent)) + } else if (is_pfn_swap_entry(swpent)) { + if (is_migration_entry(swpent)) + migration = true; page = pfn_swap_entry_to_page(swpent); + } } else { smaps_pte_hole_lookup(addr, walk); return; @@ -546,7 +558,8 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, if (!page) return; - smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), locked); + smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), + locked, migration); } #ifdef CONFIG_TRANSPARENT_HUGEPAGE @@ -557,6 +570,7 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pmd_present(*pmd)) { /* FOLL_DUMP will return -EFAULT on huge zero page */ @@ -564,8 +578,10 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, } else if (unlikely(thp_migration_supported() && is_swap_pmd(*pmd))) { swp_entry_t entry = pmd_to_swp_entry(*pmd); - if (is_migration_entry(entry)) + if (is_migration_entry(entry)) { + migration = true; page = pfn_swap_entry_to_page(entry); + } } if (IS_ERR_OR_NULL(page)) return; @@ -577,7 +593,9 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, /* pass */; else mss->file_thp += HPAGE_PMD_SIZE; - smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), locked); + + smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), + locked, migration); } #else static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, @@ -1378,6 +1396,7 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, { u64 frame = 0, flags = 0; struct page *page = NULL; + bool migration = false; if (pte_present(pte)) { if (pm->show_pfn) @@ -1399,13 +1418,14 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, frame = swp_type(entry) | (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags |= PM_SWAP; + migration = is_migration_entry(entry); if (is_pfn_swap_entry(entry)) page = pfn_swap_entry_to_page(entry); } if (page && !PageAnon(page)) flags |= PM_FILE; - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; if (vma->vm_flags & VM_SOFTDIRTY) flags |= PM_SOFT_DIRTY; @@ -1421,6 +1441,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, spinlock_t *ptl; pte_t *pte, *orig_pte; int err = 0; + bool migration = false; #ifdef CONFIG_TRANSPARENT_HUGEPAGE ptl = pmd_trans_huge_lock(pmdp, vma); @@ -1461,11 +1482,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, if (pmd_swp_uffd_wp(pmd)) flags |= PM_UFFD_WP; VM_BUG_ON(!is_pmd_migration_entry(pmd)); + migration = is_migration_entry(entry); page = pfn_swap_entry_to_page(entry); } #endif - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; for (; addr != end; addr += PAGE_SIZE) { -- 2.26.3

1 year, 7 months

5
12
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2022