January 2023 - Linux-stable-mirror

[PATCH 0/2] net/af_packet: Fix kernel BUG in __skb_gso_segment

by Tudor Ambarus

The series is intended for stable(a)vger.kernel.org # 5.4+ Syzkaller reported the following bug on linux-5.{4, 10, 15}.y: https://syzkaller.appspot.com/bug?id=ce5575575f074c33ff80d104f5baee26f22e95… The upstream commit that introduces this bug is: 1ed1d5921139 ("net: skip virtio_net_hdr_set_proto if protocol already set") Upstream fixes the bug with the following commits, one of which introduces new support: e9d3f80935b6 ("net/af_packet: make sure to pull mac header") dfed913e8b55 ("net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO") The additional logic and risk backported seems manageable. The blammed commit introduces a kernel BUG in __skb_gso_segment for AF_PACKET SOCK_RAW GSO VLAN tagged packets. What happens is that virtio_net_hdr_set_proto() exists early as skb->protocol is already set to ETH_P_ALL. Then in packet_parse_headers() skb->protocol is set to ETH_P_8021AD, but neither the network header position is adjusted, nor the mac header is pulled. Thus when we get to validate the xmit skb and enter skb_mac_gso_segment(), skb->mac_len has value 14, but vlan_depth gets updated to 18 after skb_network_protocol() is called. This causes the BUG_ON from __skb_pull(skb, vlan_depth) to be hit, as the mac header has not been pulled yet. The fixes from upstream backported cleanly without conflicts. I updated the commit message of the first patch to describe the problem encountered, and added Cc, Fixes, Reported-by and Tested-by tags. For the second patch I just added Cc to stable indicating the versions to be fixed, and added my Tested and Signed-off-by tags. I tested the patches on linux-5.{4, 10, 15}.y. Eric Dumazet (1): net/af_packet: make sure to pull mac header Hangbin Liu (1): net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO net/packet/af_packet.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) -- 2.34.1

2 years, 1 month

2
3
0 0

Please apply to v5.15 stable: 96017bf90397 ("rcu-tasks: Simplify trc_read_check_handler() atomic operations")

by Joel Fernandes

Hello, Please apply 96017bf90397 ("rcu-tasks: Simplify trc_read_check_handler() atomic operations") to the stable v5.15 stable kernel. It made it in v5.16. I confirmed the patch fixes the following splat which happens twice on TRACE02: [ 765.941351] WARNING: CPU: 0 PID: 80 at kernel/rcu/tasks.h:895 trc_read_check_handler+0x61/0xe0 [ 765.949880] Modules linked in: [ 765.953006] CPU: 0 PID: 80 Comm: rcu_torture_rea Not tainted 5.15.86-rc1+ #25 [ 765.959982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 765.967964] RIP: 0010:trc_read_check_handler+0x61/0xe0 [ 765.973050] Code: 01 00 89 c0 48 03 2c c5 80 f8 a5 ae c6 45 00 00 [..] [ 765.991768] RSP: 0000:ffffa64ac0003fb0 EFLAGS: 00010047 [ 765.997042] RAX: ffffffffad4f8610 RBX: ffffa26b41bd3000 RCX: ffffa26b5f4ac8c0 [ 766.004418] RDX: 0000000000000000 RSI: ffffffffae978121 RDI: ffffa26b41bd3000 [ 766.011502] RBP: ffffa26b41bd6000 R08: ffffa26b41bd3000 R09: 0000000000000000 [ 766.018778] R10: 0000000000000000 R11: ffffa64ac0003ff8 R12: 0000000000000000 [ 766.025943] R13: ffffa26b5f4ac8c0 R14: 0000000000000000 R15: 0000000000000000 [ 766.034383] FS: 0000000000000000(0000) GS:ffffa26b5f400000(0000) knlGS:0000000000000000 [ 766.042925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 766.048775] CR2: 0000000000000000 CR3: 0000000001924000 CR4: 00000000000006f0 [ 766.055991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 766.063135] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 766.070711] Call Trace: [ 766.073515] <IRQ> [ 766.075807] flush_smp_call_function_queue+0xec/0x1a0 [ 766.081087] __sysvec_call_function_single+0x3e/0x1d0 [ 766.086466] sysvec_call_function_single+0x89/0xc0 [ 766.091431] </IRQ> [ 766.093713] <TASK> [ 766.095930] asm_sysvec_call_function_single+0x16/0x20 Full kernel logs: http://box.joelfernandes.org:9080/job/rcutorture_stable/job/Linux%20Stable%… Cheers, - Joel

2 years, 1 month

2
2
0 0

[PATCH 5.10 0/2] wifi: rtlwifi: 8192de: fix IQK reload checking

by Semyon Verchenko

SVACE reports always true condition issue at tl92d_phy_reload_iqk_setting() in 5.10 stable releases. The problem has been fixed by the following patches which can be cleanly applied to the 5.10 branch. Found by Linux Verification Center (linuxtesting.org) with SVACE.

2 years, 1 month

2
3
0 0

Stable backport request

by Mimi Zohar

Stable team, Please backport these upstream commits to stable kernels: - c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()" Dependency on: - d57378d3aa4d ("ima: Simplify ima_lsm_copy_rule") Known minor merge conflicts: - Commit: 65603435599f ("ima: Fix trivial typos in the comments") fixed "refrences" spelling, causes a merge conflict. - Commit 28073eb09c5a ("ima: Fix fall-through warnings for Clang") adds a "break;" before "default:", causes a merge conflict. Simplifies backporting to linux-5.4.y: - 465aee77aae8 ("ima: Free the entire rule when deleting a list of rules") except for the line "kfree(entry->keyrings);" - introduced in 5.6.y. - 39e5993d0d45 ("ima: Shallow copy the args_p member of ima_rule_entry.lsm elements") - b8867eedcf76 ("ima: Rename internal filter rule functions") - f60c826d0318 ("ima: Use kmemdup rather than kmalloc+memcpy") A patch for kernels prior to commit b16942455193 ("ima: use the lsm policy update notifier") will be posted separately. thanks, Mimi

2 years, 1 month

2
3
0 0

[tip: x86/urgent] x86/bugs: Flush IBP in ib_prctl_set()

by tip-bot2 for Rodrigo Branco

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: a664ec9158eeddd75121d39c9a0758016097fa96 Gitweb: https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 Author: Rodrigo Branco <bsdaemon(a)google.com> AuthorDate: Tue, 03 Jan 2023 14:17:51 -06:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 04 Jan 2023 11:25:32 +01:00 x86/bugs: Flush IBP in ib_prctl_set() We missed the window between the TIF flag update and the next reschedule. Signed-off-by: Rodrigo Branco <bsdaemon(a)google.com> Reviewed-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/kernel/cpu/bugs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d970ddb..bca0bd8 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1981,6 +1981,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) if (ctrl == PR_SPEC_FORCE_DISABLE) task_set_spec_ib_force_disable(task); task_update_spec_tif(task); + if (task == current) + indirect_branch_prediction_barrier(); break; default: return -ERANGE;

2 years, 1 month

1
0
0 0

Re: kernel BUG in ext4_free_blocks (2)

by syzbot

This bug is marked as fixed by commit: ext4: block range must be validated before use in ext4_mb_clear_bb() But I can't find it in the tested trees[1] for more than 90 days. Is it a correct commit? Please update it by replying: #syz fix: exact-commit-title Until then the bug is still considered open and new crashes with the same signature are ignored. Kernel: Android 5.10 Dashboard link: https://syzkaller.appspot.com/bug?extid=15cd994e273307bf5cfa --- [1] I expect the commit to be present in: 1. android12-5.10-lts branch of https://android.googlesource.com/kernel/common

2 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] rtmutex: Add acquire semantics for rtmutex lock acquisition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 1c0908d8e441 ("rtmutex: Add acquire semantics for rtmutex lock acquisition slow path") ee042be16cb4 ("locking: Apply contention tracepoints in the slow path") d257cc8cb8d5 ("locking/rwsem: Make handoff bit handling more consistent") 7cdacc5f52d6 ("locking/rwsem: Disable preemption for spinning region") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c0908d8e441631f5b8ba433523cf39339ee2ba0 Mon Sep 17 00:00:00 2001 From: Mel Gorman <mgorman(a)techsingularity.net> Date: Fri, 2 Dec 2022 10:02:23 +0000 Subject: [PATCH] rtmutex: Add acquire semantics for rtmutex lock acquisition slow path Jan Kara reported the following bug triggering on 6.0.5-rt14 running dbench on XFS on arm64. kernel BUG at fs/inode.c:625! Internal error: Oops - BUG: 0 [#1] PREEMPT_RT SMP CPU: 11 PID: 6611 Comm: dbench Tainted: G E 6.0.0-rt14-rt+ #1 pc : clear_inode+0xa0/0xc0 lr : clear_inode+0x38/0xc0 Call trace: clear_inode+0xa0/0xc0 evict+0x160/0x180 iput+0x154/0x240 do_unlinkat+0x184/0x300 __arm64_sys_unlinkat+0x48/0xc0 el0_svc_common.constprop.4+0xe4/0x2c0 do_el0_svc+0xac/0x100 el0_svc+0x78/0x200 el0t_64_sync_handler+0x9c/0xc0 el0t_64_sync+0x19c/0x1a0 It also affects 6.1-rc7-rt5 and affects a preempt-rt fork of 5.14 so this is likely a bug that existed forever and only became visible when ARM support was added to preempt-rt. The same problem does not occur on x86-64 and he also reported that converting sb->s_inode_wblist_lock to raw_spinlock_t makes the problem disappear indicating that the RT spinlock variant is the problem. Which in turn means that RT mutexes on ARM64 and any other weakly ordered architecture are affected by this independent of RT. Will Deacon observed: "I'd be more inclined to be suspicious of the slowpath tbh, as we need to make sure that we have acquire semantics on all paths where the lock can be taken. Looking at the rtmutex code, this really isn't obvious to me -- for example, try_to_take_rt_mutex() appears to be able to return via the 'takeit' label without acquire semantics and it looks like we might be relying on the caller's subsequent _unlock_ of the wait_lock for ordering, but that will give us release semantics which aren't correct." Sebastian Andrzej Siewior prototyped a fix that does work based on that comment but it was a little bit overkill and added some fences that should not be necessary. The lock owner is updated with an IRQ-safe raw spinlock held, but the spin_unlock does not provide acquire semantics which are needed when acquiring a mutex. Adds the necessary acquire semantics for lock owner updates in the slow path acquisition and the waiter bit logic. It successfully completed 10 iterations of the dbench workload while the vanilla kernel fails on the first iteration. [ bigeasy(a)linutronix.de: Initial prototype fix ] Fixes: 700318d1d7b38 ("locking/rtmutex: Use acquire/release semantics") Fixes: 23f78d4a03c5 ("[PATCH] pi-futex: rt mutex core") Reported-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Mel Gorman <mgorman(a)techsingularity.net> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20221202100223.6mevpbl7i6x5udfd@techsingularity.n… diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c index 7779ee8abc2a..010cf4e6d0b8 100644 --- a/kernel/locking/rtmutex.c +++ b/kernel/locking/rtmutex.c @@ -89,15 +89,31 @@ static inline int __ww_mutex_check_kill(struct rt_mutex *lock, * set this bit before looking at the lock. */ -static __always_inline void -rt_mutex_set_owner(struct rt_mutex_base *lock, struct task_struct *owner) +static __always_inline struct task_struct * +rt_mutex_owner_encode(struct rt_mutex_base *lock, struct task_struct *owner) { unsigned long val = (unsigned long)owner; if (rt_mutex_has_waiters(lock)) val |= RT_MUTEX_HAS_WAITERS; - WRITE_ONCE(lock->owner, (struct task_struct *)val); + return (struct task_struct *)val; +} + +static __always_inline void +rt_mutex_set_owner(struct rt_mutex_base *lock, struct task_struct *owner) +{ + /* + * lock->wait_lock is held but explicit acquire semantics are needed + * for a new lock owner so WRITE_ONCE is insufficient. + */ + xchg_acquire(&lock->owner, rt_mutex_owner_encode(lock, owner)); +} + +static __always_inline void rt_mutex_clear_owner(struct rt_mutex_base *lock) +{ + /* lock->wait_lock is held so the unlock provides release semantics. */ + WRITE_ONCE(lock->owner, rt_mutex_owner_encode(lock, NULL)); } static __always_inline void clear_rt_mutex_waiters(struct rt_mutex_base *lock) @@ -106,7 +122,8 @@ static __always_inline void clear_rt_mutex_waiters(struct rt_mutex_base *lock) ((unsigned long)lock->owner & ~RT_MUTEX_HAS_WAITERS); } -static __always_inline void fixup_rt_mutex_waiters(struct rt_mutex_base *lock) +static __always_inline void +fixup_rt_mutex_waiters(struct rt_mutex_base *lock, bool acquire_lock) { unsigned long owner, *p = (unsigned long *) &lock->owner; @@ -172,8 +189,21 @@ static __always_inline void fixup_rt_mutex_waiters(struct rt_mutex_base *lock) * still set. */ owner = READ_ONCE(*p); - if (owner & RT_MUTEX_HAS_WAITERS) - WRITE_ONCE(*p, owner & ~RT_MUTEX_HAS_WAITERS); + if (owner & RT_MUTEX_HAS_WAITERS) { + /* + * See rt_mutex_set_owner() and rt_mutex_clear_owner() on + * why xchg_acquire() is used for updating owner for + * locking and WRITE_ONCE() for unlocking. + * + * WRITE_ONCE() would work for the acquire case too, but + * in case that the lock acquisition failed it might + * force other lockers into the slow path unnecessarily. + */ + if (acquire_lock) + xchg_acquire(p, owner & ~RT_MUTEX_HAS_WAITERS); + else + WRITE_ONCE(*p, owner & ~RT_MUTEX_HAS_WAITERS); + } } /* @@ -208,6 +238,13 @@ static __always_inline void mark_rt_mutex_waiters(struct rt_mutex_base *lock) owner = *p; } while (cmpxchg_relaxed(p, owner, owner | RT_MUTEX_HAS_WAITERS) != owner); + + /* + * The cmpxchg loop above is relaxed to avoid back-to-back ACQUIRE + * operations in the event of contention. Ensure the successful + * cmpxchg is visible. + */ + smp_mb__after_atomic(); } /* @@ -1243,7 +1280,7 @@ static int __sched __rt_mutex_slowtrylock(struct rt_mutex_base *lock) * try_to_take_rt_mutex() sets the lock waiters bit * unconditionally. Clean this up. */ - fixup_rt_mutex_waiters(lock); + fixup_rt_mutex_waiters(lock, true); return ret; } @@ -1604,7 +1641,7 @@ static int __sched __rt_mutex_slowlock(struct rt_mutex_base *lock, * try_to_take_rt_mutex() sets the waiter bit * unconditionally. We might have to fix that up. */ - fixup_rt_mutex_waiters(lock); + fixup_rt_mutex_waiters(lock, true); trace_contention_end(lock, ret); @@ -1719,7 +1756,7 @@ static void __sched rtlock_slowlock_locked(struct rt_mutex_base *lock) * try_to_take_rt_mutex() sets the waiter bit unconditionally. * We might have to fix that up: */ - fixup_rt_mutex_waiters(lock); + fixup_rt_mutex_waiters(lock, true); debug_rt_mutex_free_waiter(&waiter); trace_contention_end(lock, 0); diff --git a/kernel/locking/rtmutex_api.c b/kernel/locking/rtmutex_api.c index 900220941caa..cb9fdff76a8a 100644 --- a/kernel/locking/rtmutex_api.c +++ b/kernel/locking/rtmutex_api.c @@ -267,7 +267,7 @@ void __sched rt_mutex_init_proxy_locked(struct rt_mutex_base *lock, void __sched rt_mutex_proxy_unlock(struct rt_mutex_base *lock) { debug_rt_mutex_proxy_unlock(lock); - rt_mutex_set_owner(lock, NULL); + rt_mutex_clear_owner(lock); } /** @@ -382,7 +382,7 @@ int __sched rt_mutex_wait_proxy_lock(struct rt_mutex_base *lock, * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might * have to fix that up. */ - fixup_rt_mutex_waiters(lock); + fixup_rt_mutex_waiters(lock, true); raw_spin_unlock_irq(&lock->wait_lock); return ret; @@ -438,7 +438,7 @@ bool __sched rt_mutex_cleanup_proxy_lock(struct rt_mutex_base *lock, * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might * have to fix that up. */ - fixup_rt_mutex_waiters(lock); + fixup_rt_mutex_waiters(lock, false); raw_spin_unlock_irq(&lock->wait_lock);

2 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amdgpu: skip mes self test after s0i3 resume for MES IP" failed to apply to 6.0-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.0-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 8660495a9c5b ("drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0") bbce8cdb8390 ("drm/amdgpu: skip mes self test for gc 11.0.3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8660495a9c5b9afeec4cc006b3b75178f0fb2f10 Mon Sep 17 00:00:00 2001 From: Tim Huang <tim.huang(a)amd.com> Date: Mon, 19 Dec 2022 18:32:32 +0800 Subject: [PATCH] drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 MES is part of gfxoff and MES suspend and resume are skipped for S0i3. But the mes_self_test call path is still in the amdgpu_device_ip_late_init. it's should also be skipped for s0ix as no hardware re-initialization happened. Besides, mes_self_test will free the BO that triggers a lot of warning messages while in the suspend state. [ 81.656085] WARNING: CPU: 2 PID: 1550 at drivers/gpu/drm/amd/amdgpu/amdgpu_object.c:425 amdgpu_bo_free_kernel+0xfc/0x110 [amdgpu] [ 81.679435] Call Trace: [ 81.679726] <TASK> [ 81.679981] amdgpu_mes_remove_hw_queue+0x17a/0x230 [amdgpu] [ 81.680857] amdgpu_mes_self_test+0x390/0x430 [amdgpu] [ 81.681665] mes_v11_0_late_init+0x37/0x50 [amdgpu] [ 81.682423] amdgpu_device_ip_late_init+0x53/0x280 [amdgpu] [ 81.683257] amdgpu_device_resume+0xae/0x2a0 [amdgpu] [ 81.684043] amdgpu_pmops_resume+0x37/0x70 [amdgpu] [ 81.684818] pci_pm_resume+0x5c/0xa0 [ 81.685247] ? pci_pm_thaw+0x90/0x90 [ 81.685658] dpm_run_callback+0x4e/0x160 [ 81.686110] device_resume+0xad/0x210 [ 81.686529] async_resume+0x1e/0x40 [ 81.686931] async_run_entry_fn+0x33/0x120 [ 81.687405] process_one_work+0x21d/0x3f0 [ 81.687869] worker_thread+0x4a/0x3c0 [ 81.688293] ? process_one_work+0x3f0/0x3f0 [ 81.688777] kthread+0xff/0x130 [ 81.689157] ? kthread_complete_and_exit+0x20/0x20 [ 81.689707] ret_from_fork+0x22/0x30 [ 81.690118] </TASK> [ 81.690380] ---[ end trace 0000000000000000 ]--- v2: make the comment clean and use adev->in_s0ix instead of adev->suspend Signed-off-by: Tim Huang <tim.huang(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.0, 6.1 diff --git a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c index 5459366f49ff..970b066b37bb 100644 --- a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c +++ b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c @@ -1342,7 +1342,8 @@ static int mes_v11_0_late_init(void *handle) { struct amdgpu_device *adev = (struct amdgpu_device *)handle; - if (!amdgpu_in_reset(adev) && + /* it's only intended for use in mes_self_test case, not for s0ix and reset */ + if (!amdgpu_in_reset(adev) && !adev->in_s0ix && (adev->ip_versions[GC_HWIP][0] != IP_VERSION(11, 0, 3))) amdgpu_mes_self_test(adev);

2 years, 1 month

1
0
0 0

Re: [regression, 5.10.y] Bug 216861 - sound disappearance on Acer Swift 3 SF314-59-78UR after update to 5.10.157

by Takashi Iwai

On Tue, 03 Jan 2023 15:48:41 +0100, Takashi Iwai wrote: > > On Tue, 03 Jan 2023 14:04:50 +0100, > PÁLFFY Dániel wrote: > > > > And confirming, 5.10.161 with e8444560b4d9302a511f0996f4cfdf85b628f4ca > > and 636110411ca726f19ef8e87b0be51bb9a4cdef06 cherry-picked works for > > me. > > That's a good news. Then we can ask stable people to pick up those > commits for 5.10.y and 5.15.y. I confirmed that the latest 5.15.y requires those fixes, too. Greg, could you cherry-pick the following two commits to both 5.10.y and 5.15.y stable trees? This fixes the recent regression caused by the backport of 39bd801d6908. e8444560b4d9302a511f0996f4cfdf85b628f4ca ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire 636110411ca726f19ef8e87b0be51bb9a4cdef06 ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio Thanks! Takashi > > > Takashi > > > > > On Tue, Jan 3, 2023 at 1:05 PM PÁLFFY Dániel <dpalffy(a)gmail.com> wrote: > > > > > > Another report: https://bugs.archlinux.org/task/76795 > > > Apparently, folks at alsa-devel traced down the dependencies of that patch, see the mail thread at https://lore.kernel.org/all/dc65501c-c2fd-5608-c3d9-7cea184c3989%40opensour… > > > > > > On Mon, Jan 2, 2023 at 1:42 PM Takashi Iwai <tiwai(a)suse.de> wrote: > > >> > > >> On Mon, 02 Jan 2023 11:43:36 +0100, > > >> Salvatore Bonaccorso wrote: > > >> > > > >> > Hi, > > >> > > > >> > [Adding as well Richard Fitzgerald and PÁLFFY Dániel to recipients] > > >> > > > >> > On Fri, Dec 30, 2022 at 09:08:57AM +0100, Thorsten Leemhuis wrote: > > >> > > Hi, this is your Linux kernel regression tracker speaking. > > >> > > > > >> > > I noticed a regression report in bugzilla.kernel.org. As many (most?) > > >> > > kernel developer don't keep an eye on it, I decided to forward it by > > >> > > mail. Quoting from https://bugzilla.kernel.org/show_bug.cgi?id=216861 : > > >> > > > > >> > > > Sergey 2022-12-29 10:07:51 UTC > > >> > > > > > >> > > > Created attachment 303497 [details] > > >> > > > pulseaudio.log > > >> > > > > > >> > > > Sudden sound disappearance was reported for some laptops, e.g. > > >> > > > > > >> > > > Acer Swift 3 SF314-59-78UR 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz > > >> > > > > > >> > > > # lspci > > >> > > > 0000:00:1f.3 Multimedia audio controller: Intel Corporation Tiger Lake-LP Smart Sound Technology Audio Controller (rev 20) > > >> > > > Subsystem: Acer Incorporated [ALI] Device 148c > > >> > > > Flags: bus master, fast devsel, latency 32, IRQ 197, IOMMU group 12 > > >> > > > Memory at 601f270000 (64-bit, non-prefetchable) [size=16K] > > >> > > > Memory at 601f000000 (64-bit, non-prefetchable) [size=1M] > > >> > > > Capabilities: [50] Power Management version 3 > > >> > > > Capabilities: [80] Vendor Specific Information: Len=14 <?> > > >> > > > Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+ > > >> > > > Kernel driver in use: sof-audio-pci > > >> > > > > > >> > > > I am attaching the pulseaudio and dmesg logs > > >> > > > > > >> > > > This bug started reproducing after updating the kernel from 5.10.156 to 5.10.157 > > >> > > > > > >> > > > Bisection revealed the commit being reverted: > > >> > > > > > >> > > > c34db0d6b88b1da95e7ab3353e674f4f574cccee is the first bad commit > > >> > > > commit c34db0d6b88b1da95e7ab3353e674f4f574cccee > > >> > > > Author: Richard Fitzgerald <rf(a)opensource.cirrus.com> > > >> > > > Date: Fri Nov 4 13:22:13 2022 +0000 > > >> > > > > > >> > > > ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open() > > >> > > > > > >> > > > [ Upstream commit 39bd801d6908900e9ab0cdc2655150f95ddd4f1a ] > > >> > > > > > >> > > > The DAI tx_mask and rx_mask are set by snd_soc_dai_set_tdm_slot() > > >> > > > and used by later code that depends on the TDM settings. So > > >> > > > __soc_pcm_open() should not be obliterating those mask values. > > >> > > > > > >> > > > [...] > > >> > > > Original bug report: https://bugzilla.altlinux.org/44690 > > >> > > > > >> > > See the ticket for more details. > > >> > > > > >> > > BTW, let me use this mail to also add the report to the list of tracked > > >> > > regressions to ensure it's doesn't fall through the cracks: > > >> > > > > >> > > #regzbot introduced: c34db0d6b88b1d > > >> > > https://bugzilla.kernel.org/show_bug.cgi?id=216861 > > >> > > #regzbot title: sound: asoc: sudden sound disappearance > > >> > > #regzbot ignore-activity > > >> > > > >> > FWIW, we had as well reports in Debian after having updated the kernel > > >> > from 5.10.149 based one to 5.10.158 based one in the last point > > >> > releases, they are at least: > > >> > > > >> > https://bugs.debian.org/1027483 > > >> > https://bugs.debian.org/1027430 > > >> > > >> I got another report while the commit was backported to 5.14-based > > >> openSUSE Leap kernel, and I ended up with dropping it. > > >> > > >> So, IMO, it's safer to drop this patch from the older stable trees. > > >> As far as I see, 5.15.y and 5.10.y got this. > > >> > > >> Unless anyone gives a better fix, I'm going to submit a revert patch > > >> for those trees. > > >> > > >> > > >> thanks, > > >> > > >> Takashi > > >

2 years, 1 month

3
3
0 0

[PATCH 6.0 00/74] 6.0.17-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.0.17 release. There are 74 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jan 2023 11:05:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.17-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.0.17-rc1 Marco Elver <elver(a)google.com> kcsan: Instrument memcpy/memset/memmove with newer Clang Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails Hanjun Guo <guohanjun(a)huawei.com> tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak Hanjun Guo <guohanjun(a)huawei.com> tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak Hanjun Guo <guohanjun(a)huawei.com> tpm: acpi: Call acpi_put_table() to fix memory leak Deren Wu <deren.wu(a)mediatek.com> mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING Jan Kara <jack(a)suse.cz> block: Do not reread partition table on exclusively open device Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: allow to read node block after shutdown Pavel Machek <pavel(a)denx.de> f2fs: should put a page when checking the summary info NARIBAYASHI Akira <a.naribayashi(a)fujitsu.com> mm, compaction: fix fast_isolate_around() to stay within boundaries Mikulas Patocka <mpatocka(a)redhat.com> md: fix a crash in mempool_free ChiYuan Huang <cy_huang(a)richtek.com> mfd: mt6360: Add bounds checking in Regmap read/write call-backs Christian Brauner <brauner(a)kernel.org> pnode: terminate at peers of source Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Static PCM mapping again with AMD HDMI codecs Artem Egorkine <arteme(a)gmail.com> ALSA: line6: fix stack overflow in line6_midi_transmit Artem Egorkine <arteme(a)gmail.com> ALSA: line6: correct midi status byte when receiving data from podxt Al Viro <viro(a)zeniv.linux.org.uk> ovl: update ->f_iocb_flags when ovl_change_flags() modifies ->f_flags Zhang Tianci <zhangtianci.1997(a)bytedance.com> ovl: Use ovl mounter's fsuid and fsgid in ovl_link() Wang Yufen <wangyufen(a)huawei.com> binfmt: Fix error return code in load_elf_fdpic_binary() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: dont remove file from msg_ring reqs Jens Axboe <axboe(a)kernel.dk> eventfd: provide a eventfd_signal_mask() helper Jens Axboe <axboe(a)kernel.dk> eventpoll: add EPOLL_URING_WAKE poll wakeup flag Aditya Garg <gargaditya08(a)live.com> hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount Qiujun Huang <hqjagain(a)gmail.com> pstore/zone: Use GFP_ATOMIC to allocate zone buffer Luca Stefani <luca(a)osomprivacy.com> pstore: Properly assign mem_type property Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm/mempolicy: fix memory leak in set_mempolicy_home_node system call Mel Gorman <mgorman(a)techsingularity.net> rtmutex: Add acquire semantics for rtmutex lock acquisition slow path Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: plantronics: Additional PIDs for double volume key presses quirk José Expósito <jose.exposito89(a)gmail.com> HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint wuqiang <wuqiang.matt(a)bytedance.com> kprobes: kretprobe events missing on 2-core KVM guest Kees Cook <keescook(a)chromium.org> rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: avoid scheduling in rtas_os_term() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: avoid device tree lookups in rtas_os_term() Ricardo Ribalda <ribalda(a)chromium.org> iommu/mediatek: Fix crash on isr after kexec() Christophe Leroy <christophe.leroy(a)csgroup.eu> objtool: Fix SEGFAULT Yin Xiujiang <yinxiujiang(a)kylinos.cn> fs/ntfs3: Fix slab-out-of-bounds in r_page Dan Carpenter <dan.carpenter(a)oracle.com> fs/ntfs3: Delete duplicate condition in ntfs_read_mft() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate index root when initialize NTFS security Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 Hawkins Jiawei <yin31149(a)gmail.com> fs/ntfs3: Fix slab-out-of-bounds read in run_unpack Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate resident attribute name Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate buffer length while parsing index Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate attribute name offset Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Add null pointer check for inode operations Shigeru Yoshida <syoshida(a)redhat.com> fs/ntfs3: Fix memory leak on ntfs_fill_super() error path Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Add null pointer check to attr_load_runs_vcn Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate data run offset edward lo <edward.lo(a)ambergroup.io> fs/ntfs3: Add overflow check for attribute size edward lo <edward.lo(a)ambergroup.io> fs/ntfs3: Validate BOOT record_size Christoph Hellwig <hch(a)lst.de> nvmet: don't defer passthrough commands with trivial effects to the workqueue Christoph Hellwig <hch(a)lst.de> nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition Adam Vodopjan <grozzly(a)protonmail.com> ata: ahci: Fix PCS quirk application for suspend Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq Adrian Freund <adrian(a)freund.io> ACPI: resource: do IRQ override on Lenovo 14ALC7 Erik Schumacher <ofenfisch(a)googlemail.com> ACPI: resource: do IRQ override on XMG Core 15 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> ACPI: resource: do IRQ override on LENOVO IdeaPad Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA Keith Busch <kbusch(a)kernel.org> nvme-pci: fix page size checks Keith Busch <kbusch(a)kernel.org> nvme-pci: fix mempool alloc size Klaus Jensen <k.jensen(a)samsung.com> nvme-pci: fix doorbell buffer value endianness Paulo Alcantara <pc(a)cjr.nz> cifs: don't leak -ENOMEM in smb2_open_file() Paulo Alcantara <pc(a)cjr.nz> cifs: fix static checker warning Tejun Heo <tj(a)kernel.org> blk-iolatency: Fix memory leak on add_disk() failures Christoph Hellwig <hch(a)lst.de> blk-cgroup: pass a gendisk to blkg_destroy_all Christoph Hellwig <hch(a)lst.de> blk-throttle: pass a gendisk to blk_throtl_init and blk_throtl_exit Christoph Hellwig <hch(a)lst.de> blk-cgroup: pass a gendisk to blkcg_init_queue and blkcg_exit_queue Christoph Hellwig <hch(a)lst.de> blk-cgroup: cleanup the blkg_lookup family of functions Christoph Hellwig <hch(a)lst.de> blk-cgroup: remove open coded blkg_lookup instances Christoph Hellwig <hch(a)lst.de> blk-cgroup: remove blk_queue_root_blkg Christoph Hellwig <hch(a)lst.de> blk-cgroup: fix error unwinding in blkcg_init_queue Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init ------------- Diffstat: Documentation/trace/kprobes.rst | 3 +- Makefile | 4 +- arch/powerpc/kernel/rtas.c | 20 ++++++-- block/bfq-iosched.c | 2 +- block/blk-cgroup.c | 100 ++++++++++++++------------------------ block/blk-cgroup.h | 68 ++++++++------------------ block/blk-throttle.c | 7 ++- block/blk-throttle.h | 8 +-- block/blk.h | 2 +- block/genhd.c | 12 +++-- block/ioctl.c | 12 +++-- drivers/acpi/resource.c | 78 ++++++++++++++++++++++++----- drivers/ata/ahci.c | 32 ++++++++---- drivers/char/tpm/eventlog/acpi.c | 12 +++-- drivers/char/tpm/tpm_crb.c | 29 +++++++---- drivers/char/tpm/tpm_tis.c | 9 ++-- drivers/hid/hid-ids.h | 3 ++ drivers/hid/hid-multitouch.c | 4 ++ drivers/hid/hid-plantronics.c | 9 ++++ drivers/iommu/mtk_iommu.c | 2 +- drivers/md/md.c | 9 ++-- drivers/mfd/mt6360-core.c | 14 +++++- drivers/mmc/host/vub300.c | 2 + drivers/nvme/host/pci.c | 37 +++++++------- drivers/nvme/target/passthru.c | 11 ++--- drivers/rtc/rtc-msc313.c | 12 +---- drivers/soundwire/dmi-quirks.c | 8 +++ drivers/usb/dwc3/dwc3-qcom.c | 13 +++-- fs/binfmt_elf_fdpic.c | 5 +- fs/cifs/smb2file.c | 4 +- fs/eventfd.c | 37 ++++++++------ fs/eventpoll.c | 18 ++++--- fs/f2fs/gc.c | 1 + fs/f2fs/node.c | 3 +- fs/hfsplus/hfsplus_fs.h | 2 + fs/hfsplus/inode.c | 4 +- fs/hfsplus/options.c | 4 ++ fs/ntfs3/attrib.c | 18 +++++++ fs/ntfs3/attrlist.c | 5 ++ fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/frecord.c | 14 ++++++ fs/ntfs3/fslog.c | 35 +++++-------- fs/ntfs3/fsntfs.c | 10 ++-- fs/ntfs3/index.c | 6 +++ fs/ntfs3/inode.c | 9 ++++ fs/ntfs3/record.c | 10 ++++ fs/ntfs3/super.c | 9 ++-- fs/overlayfs/dir.c | 46 ++++++++++++------ fs/overlayfs/file.c | 1 + fs/pnode.c | 2 +- fs/pstore/ram.c | 2 +- fs/pstore/zone.c | 2 +- include/linux/eventfd.h | 7 +++ include/linux/nvme.h | 3 +- include/uapi/linux/eventpoll.h | 6 +++ io_uring/io_uring.c | 2 +- io_uring/msg_ring.c | 4 -- io_uring/opdef.c | 7 +++ io_uring/opdef.h | 2 + kernel/futex/syscalls.c | 11 +++-- kernel/kcsan/core.c | 50 +++++++++++++++++++ kernel/kprobes.c | 8 +-- kernel/locking/rtmutex.c | 55 +++++++++++++++++---- kernel/locking/rtmutex_api.c | 6 +-- mm/compaction.c | 18 ++----- mm/mempolicy.c | 1 + net/sunrpc/auth_gss/svcauth_gss.c | 9 +++- sound/pci/hda/patch_hdmi.c | 27 +++++++--- sound/usb/line6/driver.c | 3 +- sound/usb/line6/midi.c | 6 ++- sound/usb/line6/midibuf.c | 25 +++++++--- sound/usb/line6/midibuf.h | 5 +- sound/usb/line6/pod.c | 3 +- tools/objtool/check.c | 2 +- 74 files changed, 664 insertions(+), 367 deletions(-)

2 years, 1 month

11
85
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2023