August 2023 - Linux-stable-mirror

FAILED: patch "[PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6c41468c7c12d74843bb414fc00307ea8a6318c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023041134-curvature-campsite-e51b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6c41468c7c12 ("KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection") d4963e319f1f ("KVM: x86: Make kvm_queued_exception a properly named, visible struct") 6ad75c5c99f7 ("KVM: x86: Rename kvm_x86_ops.queue_exception to inject_exception") 5623f751bd9c ("KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)") 8d178f460772 ("KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like") eba9799b5a6e ("KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS") a61d7c5432ac ("KVM: x86: Trace re-injected exceptions") 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") 3741aec4c38f ("KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported") cd9e6da8048c ("KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"") 00f08d99dd7d ("KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02") 9bd1f0efa859 ("KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault") c3634d25fbee ("KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry") 1d5a1b5860ed ("KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running") db663af4a001 ("kvm: x86: SVM: use vmcb* instead of svm->vmcb where it makes sense") b9f3973ab3a8 ("KVM: x86: nSVM: implement nested VMLOAD/VMSAVE") 23e5092b6e2a ("KVM: SVM: Rename hook implementations to conform to kvm_x86_ops' names") e27bc0440ebd ("KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names") 068f7ea61895 ("KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch") e1779c2714c3 ("KVM: x86: nSVM: fix potential NULL derefernce on nested migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c41468c7c12d74843bb414fc00307ea8a6318c3 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 22 Mar 2023 07:32:59 -0700 Subject: [PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection When injecting an exception into a vCPU in Real Mode, suppress the error code by clearing the flag that tracks whether the error code is valid, not by clearing the error code itself. The "typo" was introduced by recent fix for SVM's funky Paged Real Mode. Opportunistically hoist the logic above the tracepoint so that the trace is coherent with respect to what is actually injected (this was also the behavior prior to the buggy commit). Fixes: b97f07458373 ("KVM: x86: determine if an exception has an error code only when injecting it.") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-Id: <20230322143300.2209476-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 45017576ad5e..7d6f98b7635f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9908,13 +9908,20 @@ int kvm_check_nested_events(struct kvm_vcpu *vcpu) static void kvm_inject_exception(struct kvm_vcpu *vcpu) { + /* + * Suppress the error code if the vCPU is in Real Mode, as Real Mode + * exceptions don't report error codes. The presence of an error code + * is carried with the exception and only stripped when the exception + * is injected as intercepted #PF VM-Exits for AMD's Paged Real Mode do + * report an error code despite the CPU being in Real Mode. + */ + vcpu->arch.exception.has_error_code &= is_protmode(vcpu); + trace_kvm_inj_exception(vcpu->arch.exception.vector, vcpu->arch.exception.has_error_code, vcpu->arch.exception.error_code, vcpu->arch.exception.injected); - if (vcpu->arch.exception.error_code && !is_protmode(vcpu)) - vcpu->arch.exception.error_code = false; static_call(kvm_x86_inject_exception)(vcpu); }

11 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] bpf: Fix out of bounds access for ringbuf helpers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64620e0a1e712a778095bd35cbb277dc2259281f Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <daniel(a)iogearbox.net> Date: Tue, 11 Jan 2022 14:43:41 +0000 Subject: [PATCH] bpf: Fix out of bounds access for ringbuf helpers Both bpf_ringbuf_submit() and bpf_ringbuf_discard() have ARG_PTR_TO_ALLOC_MEM in their bpf_func_proto definition as their first argument. They both expect the result from a prior bpf_ringbuf_reserve() call which has a return type of RET_PTR_TO_ALLOC_MEM_OR_NULL. Meaning, after a NULL check in the code, the verifier will promote the register type in the non-NULL branch to a PTR_TO_MEM and in the NULL branch to a known zero scalar. Generally, pointer arithmetic on PTR_TO_MEM is allowed, so the latter could have an offset. The ARG_PTR_TO_ALLOC_MEM expects a PTR_TO_MEM register type. However, the non- zero result from bpf_ringbuf_reserve() must be fed into either bpf_ringbuf_submit() or bpf_ringbuf_discard() but with the original offset given it will then read out the struct bpf_ringbuf_hdr mapping. The verifier missed to enforce a zero offset, so that out of bounds access can be triggered which could be used to escalate privileges if unprivileged BPF was enabled (disabled by default in kernel). Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: <tr3e.wang(a)gmail.com> (SecCoder Security Lab) Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e0b3f4d683eb..c72c57a6684f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5318,9 +5318,15 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, case PTR_TO_BUF: case PTR_TO_BUF | MEM_RDONLY: case PTR_TO_STACK: + /* Some of the argument types nevertheless require a + * zero register offset. + */ + if (arg_type == ARG_PTR_TO_ALLOC_MEM) + goto force_off_check; break; /* All the rest must be rejected: */ default: +force_off_check: err = __check_ptr_off_reg(env, reg, regno, type == PTR_TO_BTF_ID); if (err < 0)

12 months

3
19
0 0

[PATCH v3 2/6] usb: dwc3: gadget: cancel requests instead of release after missed isoc

by Dan Vacura

From: Jeff Vanhoof <qjv001(a)motorola.com> arm-smmu related crashes seen after a Missed ISOC interrupt when no_interrupt=1 is used. This can happen if the hardware is still using the data associated with a TRB after the usb_request's ->complete call has been made. Instead of immediately releasing a request when a Missed ISOC interrupt has occurred, this change will add logic to cancel the request instead where it will eventually be released when the END_TRANSFER command has completed. This logic is similar to some of the cleanup done in dwc3_gadget_ep_dequeue. Fixes: 6d8a019614f3 ("usb: dwc3: gadget: check for Missed Isoc from event status") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jeff Vanhoof <qjv001(a)motorola.com> Co-developed-by: Dan Vacura <w36195(a)motorola.com> Signed-off-by: Dan Vacura <w36195(a)motorola.com> --- V1 -> V3: - no change, new patch in series drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 8f9959ba9fd4..9b005d912241 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -943,6 +943,7 @@ struct dwc3_request { #define DWC3_REQUEST_STATUS_DEQUEUED 3 #define DWC3_REQUEST_STATUS_STALLED 4 #define DWC3_REQUEST_STATUS_COMPLETED 5 +#define DWC3_REQUEST_STATUS_MISSED_ISOC 6 #define DWC3_REQUEST_STATUS_UNKNOWN -1 u8 epnum; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 079cd333632e..411532c5c378 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2021,6 +2021,9 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep) case DWC3_REQUEST_STATUS_STALLED: dwc3_gadget_giveback(dep, req, -EPIPE); break; + case DWC3_REQUEST_STATUS_MISSED_ISOC: + dwc3_gadget_giveback(dep, req, -EXDEV); + break; default: dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); dwc3_gadget_giveback(dep, req, -ECONNRESET); @@ -3402,21 +3405,32 @@ static bool dwc3_gadget_endpoint_trbs_complete(struct dwc3_ep *dep, struct dwc3 *dwc = dep->dwc; bool no_started_trb = true; - dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); + if (status == -EXDEV) { + struct dwc3_request *tmp; + struct dwc3_request *req; - if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) - goto out; + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_stop_active_transfer(dep, true, true); - if (!dep->endpoint.desc) - return no_started_trb; + list_for_each_entry_safe(req, tmp, &dep->started_list, list) + dwc3_gadget_move_cancelled_request(req, + DWC3_REQUEST_STATUS_MISSED_ISOC); + } else { + dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); - if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && - list_empty(&dep->started_list) && - (list_empty(&dep->pending_list) || status == -EXDEV)) - dwc3_stop_active_transfer(dep, true, true); - else if (dwc3_gadget_ep_should_continue(dep)) - if (__dwc3_gadget_kick_transfer(dep) == 0) - no_started_trb = false; + if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) + goto out; + + if (!dep->endpoint.desc) + return no_started_trb; + + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && + list_empty(&dep->started_list) && list_empty(&dep->pending_list)) + dwc3_stop_active_transfer(dep, true, true); + else if (dwc3_gadget_ep_should_continue(dep)) + if (__dwc3_gadget_kick_transfer(dep) == 0) + no_started_trb = false; + } out: /* -- 2.34.1

1 year, 1 month

3
12
0 0

[PATCH] block: Remove special-casing of compound pages

by Matthew Wilcox (Oracle)

The special casing was originally added in pre-git history; reproducing the commit log here: > commit a318a92567d77 > Author: Andrew Morton <akpm(a)osdl.org> > Date: Sun Sep 21 01:42:22 2003 -0700 > > [PATCH] Speed up direct-io hugetlbpage handling > > This patch short-circuits all the direct-io page dirtying logic for > higher-order pages. Without this, we pointlessly bounce BIOs up to > keventd all the time. In the last twenty years, compound pages have become used for more than just hugetlb. Rewrite these functions to operate on folios instead of pages and remove the special case for hugetlbfs; I don't think it's needed any more (and if it is, we can put it back in as a call to folio_test_hugetlb()). This was found by inspection; as far as I can tell, this bug can lead to pages used as the destination of a direct I/O read not being marked as dirty. If those pages are then reclaimed by the MM without being dirtied for some other reason, they won't be written out. Then when they're faulted back in, they will not contain the data they should. It'll take a pretty unusual setup to produce this problem with several races all going the wrong way. This problem predates the folio work; it could for example have been triggered by mmaping a THP in tmpfs and using that as the target of an O_DIRECT read. Fixes: 800d8c63b2e98 ("shmem: add huge pages support") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- block/bio.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/block/bio.c b/block/bio.c index 8672179213b9..f46d8ec71fbd 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1171,13 +1171,22 @@ EXPORT_SYMBOL(bio_add_folio); void __bio_release_pages(struct bio *bio, bool mark_dirty) { - struct bvec_iter_all iter_all; - struct bio_vec *bvec; + struct folio_iter fi; + + bio_for_each_folio_all(fi, bio) { + struct page *page; + size_t done = 0; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (mark_dirty && !PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); - bio_release_page(bio, bvec->bv_page); + if (mark_dirty) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); + } + page = folio_page(fi.folio, fi.offset / PAGE_SIZE); + do { + bio_release_page(bio, page++); + done += PAGE_SIZE; + } while (done < fi.length); } } EXPORT_SYMBOL_GPL(__bio_release_pages); @@ -1455,18 +1464,12 @@ EXPORT_SYMBOL(bio_free_pages); * bio_set_pages_dirty() and bio_check_pages_dirty() are support functions * for performing direct-IO in BIOs. * - * The problem is that we cannot run set_page_dirty() from interrupt context + * The problem is that we cannot run folio_mark_dirty() from interrupt context * because the required locks are not interrupt-safe. So what we can do is to * mark the pages dirty _before_ performing IO. And in interrupt context, * check that the pages are still dirty. If so, fine. If not, redirty them * in process context. * - * We special-case compound pages here: normally this means reads into hugetlb - * pages. The logic in here doesn't really work right for compound pages - * because the VM does not uniformly chase down the head page in all cases. - * But dirtiness of compound pages is pretty meaningless anyway: the VM doesn't - * handle them at all. So we skip compound pages here at an early stage. - * * Note that this code is very hard to test under normal circumstances because * direct-io pins the pages with get_user_pages(). This makes * is_page_cache_freeable return false, and the VM will not clean the pages. @@ -1482,12 +1485,12 @@ EXPORT_SYMBOL(bio_free_pages); */ void bio_set_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; - struct bvec_iter_all iter_all; + struct folio_iter fi; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); + bio_for_each_folio_all(fi, bio) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); } } @@ -1530,12 +1533,11 @@ static void bio_dirty_fn(struct work_struct *work) void bio_check_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; + struct folio_iter fi; unsigned long flags; - struct bvec_iter_all iter_all; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageDirty(bvec->bv_page) && !PageCompound(bvec->bv_page)) + bio_for_each_folio_all(fi, bio) { + if (!folio_test_dirty(fi.folio)) goto defer; } -- 2.40.1

1 year, 1 month

7
10
0 0

[PATCH 6.4 000/165] 6.4.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.4.10 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.4.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.4.10-rc1 Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable the CCS_FLUSH bit in the pipe control and in the CS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Support aux invalidation on all engines Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/i915/gt: Poll aux invalidation register bit on invalidation Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Rename flags with bit_group_X according to the datasheet Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/gt: Add workaround 14016712196 Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/i915/gt: Ensure memory quiesced before invalidation Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915: Add the gen12_needs_ccs_aux_inv helper Xu Yang <xu.yang_2(a)nxp.com> ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Sean Christopherson <seanjc(a)google.com> selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use apt name for FW reserved region Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/altmap: Fix altmap boundary check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() Arnd Bergmann <arnd(a)arndb.de> mtd: spi-nor: avoid holes in struct spi_mem_op Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: mt8183: Add back SSPM related clocks Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: fix oobfree offset and description Roger Quadros <rogerq(a)kernel.org> mtd: rawnand: omap_elm: Fix incorrect type in assignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring: annotate offset timeout races Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on direct node in truncate_dnode() Filipe Manana <fdmanana(a)suse.com> btrfs: remove BUG_ON()'s in add_new_free_space() Jan Kara <jack(a)suse.cz> ext2: Drop fragment support Jason Gunthorpe <jgg(a)ziepe.ca> mm/gup: do not return 0 from pin_user_pages_fast() for bad args Jan Kara <jack(a)suse.cz> fs: Protect reconfiguration of sb read-write from racing writes Alan Stern <stern(a)rowland.harvard.edu> net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Prince Kumar Maurya <princekumarmaurya06(a)gmail.com> fs/sysv: Null check to prevent null-ptr-deref bug Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> kasan,kmsan: remove __GFP_KSWAPD_RECLAIM usage from kasan/kmsan Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() Roman Gushchin <roman.gushchin(a)linux.dev> mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() Linus Torvalds <torvalds(a)linux-foundation.org> file: reinstate f_pos locking optimization for regular files Geert Uytterhoeven <geert+renesas(a)glider.be> clk: imx93: Propagate correct error in imx93_clocks_probe() Stephen Rothwell <sfr(a)canb.auug.org.au> sunvnet: fix sparc64 build error after gso code split Mike Kravetz <mike.kravetz(a)oracle.com> Revert "page cache: fix page_cache_next/prev_miss off by one" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Cleanup aux invalidation registers Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Fix premature release of request's reusable memory Guchun Chen <guchun.chen(a)amd.com> drm/ttm: check null pointer before accessing when swapping Aleksa Sarai <cyphar(a)cyphar.com> open: make RESOLVE_CACHED correctly test for O_TMPFILE Mark Brown <broonie(a)kernel.org> arm64/ptrace: Don't enable SVE when setting streaming SVE Mark Brown <broonie(a)kernel.org> arm64/ptrace: Flush FP state when setting ZT0 Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Clear SME state in the target task when setting the VL Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE Mike Rapoport (IBM) <rppt(a)kernel.org> parisc/mm: preallocate fixmap page tables at init Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Paulo Alcantara <pc(a)manguebit.com> smb: client: fix dfs link mount against w2k8 Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_event_output Ilya Dryomov <idryomov(a)gmail.com> rbd: prevent busy loop when requesting exclusive lock Michael Kelley <mikelley(a)microsoft.com> x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction Paul Fertser <fercerpav(a)gmail.com> wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) Laszlo Ersek <lersek(a)redhat.com> net: tap_open(): set sk_uid from current_fsuid() Laszlo Ersek <lersek(a)redhat.com> net: tun_chr_open(): set sk_uid from current_fsuid() Dinh Nguyen <dinguyen(a)kernel.org> arm64: dts: stratix10: fix incorrect I2C property for SCL signal Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_perf_event_output Song Shuai <suagrfillet(a)gmail.com> riscv: Export va_kernel_pa_offset in vmcoreinfo Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> mtd: rawnand: meson: fix OOB available bytes for ECC Olivier Maignial <olivier.maignial(a)hotmail.fr> mtd: spinand: winbond: Fix ecc_get_status Olivier Maignial <olivier.maignial(a)hotmail.fr> mtd: spinand: toshiba: Fix ecc_get_status Sungjong Seo <sj1557.seo(a)samsung.com> exfat: release s_lock before calling dir_emit() Namjae Jeon <linkinjeon(a)kernel.org> exfat: check if filename entries exceeds max filename length gaoming <gaoming20(a)hihonor.com> exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: arm_scmi: Drop OF node reference in the transport channel setup Xiubo Li <xiubli(a)redhat.com> ceph: defer stopping mdsc delayed_work Ross Maynard <bids.7405(a)bigpond.com> USB: zaurus: Add ID for A-300/B-500/C-700 Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential hang in ceph_osdc_notify() Song Shuai <suagrfillet(a)gmail.com> Documentation: kdump: Add va_kernel_pa_offset for RISCV64 Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: Defer fc_rport blocking until after ADISC response Boqun Feng <boqun.feng(a)gmail.com> rust: allocator: Prevent mis-aligned allocation Stefano Garzarella <sgarzare(a)redhat.com> test/vsock: remove vsock_perf executable on `make clean` Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_net Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_vals[] Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_lock Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_stamp Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix addr_same() helper Jonas Gorski <jonas.gorski(a)bisdn.de> prestera: fix fallback to previous version on same major version Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Set proper IPsec source port in L4 selector Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Make find_closest_ft more generic Benjamin Poirier <bpoirier(a)nvidia.com> vxlan: Fix nexthop hash size Yue Haibing <yuehaibing(a)huawei.com> ip6mr: Fix skb_under_panic in ip6mr_cache_report() Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Don't call dev_close/dev_open (DOWN/UP) Lin Ma <linma(a)zju.edu.cn> net: dcb: choose correct policy to parse DCB_ATTR_BCN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix max_mtu setting for multi-buf XDP Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix page pool logic for page size >= 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> selftest: net: Assert on a proper value in so_incoming_cpu.c. Mark Brown <broonie(a)kernel.org> net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: korina: handle clk prepare error in korina_probe() Dan Carpenter <dan.carpenter(a)linaro.org> net: ll_temac: fix error checking of irq_of_parse_and_map() Tomas Glozar <tglozar(a)redhat.com> bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire valis <sec(a)valis.email> net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Handle skb as well when clean up ptr_ring Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Make sure kthread is running before map update returns Andrii Nakryiko <andrii(a)kernel.org> bpf: Centralize permissions checks for all BPF map types Andrii Nakryiko <andrii(a)kernel.org> bpf: Inline map creation logic in map_create() function Andrii Nakryiko <andrii(a)kernel.org> bpf: Move unprivileged checks into map_create() and bpf_prog_load() Michal Schmidt <mschmidt(a)redhat.com> octeon_ep: initialize mbox mutexes Jakub Kicinski <kuba(a)kernel.org> bnxt: don't handle XDP in netpoll Rafal Rogalski <rafalx.rogalski(a)intel.com> ice: Fix RDMA VSI removal during queue rebuild Duoming Zhou <duoming(a)zju.edu.cn> net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs Kuniyuki Iwashima <kuniyu(a)amazon.com> net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_priority Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotation for sk_ll_usec Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotations around sk->sk_peek_off Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_mark Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_sndbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvlowat) annotation Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_max_pacing_rate Eric Dumazet <edumazet(a)google.com> net: annotate data-race around sk->sk_txrehash Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_reserved_mem Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix misuse of CB in udp socket lookup Eric Dumazet <edumazet(a)google.com> net: move gso declarations and functions to their own files Konstantin Khorenko <khorenko(a)virtuozzo.com> qed: Fix scheduling in a tasklet while getting stats Thierry Reding <treding(a)nvidia.com> net: stmmac: tegra: Properly allocate clock bulk data Chengfeng Ye <dg573847474(a)gmail.com> mISDN: hfcpci: Fix potential deadlock on &hc->lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: cls_u32: Fix match key mis-addressing Georg Müller <georgmueller(a)gmx.net> perf test uprobe_from_different_cu: Skip if there is no gcc Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: dsa: fix value check in bcm_sf2_sw_probe() Lin Ma <linma(a)zju.edu.cn> rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length Lin Ma <linma(a)zju.edu.cn> bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing Shay Drory <shayd(a)nvidia.com> net/mlx5: Unregister devlink params in case interface is down Chris Mi <cmi(a)nvidia.com> net/mlx5: fs_chains: Fix ft prio if ignore_flow_level is not supported Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: kTLS, Fix protection domain in use syndrome when devlink reload Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: xsk: Fix crash on regular rq reactivation Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: xsk: Fix invalid buffer access for legacy rq Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Move representor neigh cleanup to profile cleanup_tx Amir Tzin <amirtz(a)nvidia.com> net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set Chris Mi <cmi(a)nvidia.com> net/mlx5e: Don't hold encap tbl lock if there is no encap action Shay Drory <shayd(a)nvidia.com> net/mlx5: Honor user input for migratable port fn attr Yuanjun Gong <ruc_gongyuanjun(a)163.com> net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: fix potential memory leak in mlx5e_init_rep_rx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix return value in scan logic Haixin Yu <yuhaixin.yhx(a)linux.alibaba.com> perf pmu arm64: Fix reading the PMU cpu slots in sysfs Gao Xiang <xiang(a)kernel.org> erofs: fix wrong primary bvec selection on deduplicated extents Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix sthyi error handling Sven Schnelle <svens(a)linux.ibm.com> s390/vmem: split pages when debug pagealloc is enabled ndesaulniers(a)google.com <ndesaulniers(a)google.com> word-at-a-time: use the same return type for has_zero regardless of endianness Durai Manickam KR <durai.manickamkr(a)microchip.com> ARM: dts: at91: sam9x60: fix the SOC detection Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use generic name for shutdown controller Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use clock-controller name for sckc nodes Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use clock-controller name for PMC nodes Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix chan_free cleanup on SMC Lucas Stach <l.stach(a)pengutronix.de> soc: imx: imx8mp-blk-ctrl: register HSIO PLL clock as bus_power_dev child Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> ARM: dts: nxp/imx: limit sk-imx53 supported frequencies Yury Norov <yury.norov(a)gmail.com> lib/bitmap: workaround const_eval test build failure Sukrut Bellary <sukrut.bellary(a)linux.com> firmware: arm_scmi: Fix signed error return values handling Punit Agrawal <punit.agrawal(a)bytedance.com> firmware: smccc: Fix use of uninitialised results structure Benjamin Gaignard <benjamin.gaignard(a)collabora.com> arm64: dts: freescale: Fix VPU G2 clock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Correction in gpio-line-names Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Label typo-fix of VPU Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document nesting-related errata Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Add explicit feature for nesting Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 Jann Horn <jannh(a)google.com> mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock ------------- Diffstat: Documentation/admin-guide/kdump/vmcoreinfo.rst | 6 + Documentation/arm64/silicon-errata.rst | 4 + Makefile | 4 +- arch/arm/boot/dts/at91-qil_a9260.dts | 2 +- arch/arm/boot/dts/at91-sama5d27_som1_ek.dts | 2 +- arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 +- arch/arm/boot/dts/at91-sama5d2_xplained.dts | 2 +- arch/arm/boot/dts/at91rm9200.dtsi | 2 +- arch/arm/boot/dts/at91sam9260.dtsi | 4 +- arch/arm/boot/dts/at91sam9260ek.dts | 2 +- arch/arm/boot/dts/at91sam9261.dtsi | 4 +- arch/arm/boot/dts/at91sam9263.dtsi | 4 +- arch/arm/boot/dts/at91sam9g20.dtsi | 2 +- arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 2 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/at91sam9g35.dtsi | 2 +- arch/arm/boot/dts/at91sam9g45.dtsi | 6 +- arch/arm/boot/dts/at91sam9n12.dtsi | 4 +- arch/arm/boot/dts/at91sam9rl.dtsi | 6 +- arch/arm/boot/dts/at91sam9x25.dtsi | 2 +- arch/arm/boot/dts/at91sam9x35.dtsi | 2 +- arch/arm/boot/dts/at91sam9x5.dtsi | 6 +- arch/arm/boot/dts/imx53-sk-imx53.dts | 10 + arch/arm/boot/dts/imx6sll.dtsi | 2 +- arch/arm/boot/dts/sam9x60.dtsi | 32 +-- arch/arm/boot/dts/sama5d2.dtsi | 6 +- arch/arm/boot/dts/sama5d3.dtsi | 6 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm/boot/dts/sama5d4.dtsi | 6 +- arch/arm/boot/dts/sama7g5.dtsi | 4 +- arch/arm/boot/dts/usb_a9260.dts | 2 +- arch/arm/boot/dts/usb_a9263.dts | 2 +- .../boot/dts/altera/socfpga_stratix10_socdk.dts | 2 +- .../dts/altera/socfpga_stratix10_socdk_nand.dts | 2 +- .../dts/freescale/imx8mm-phyboard-polis-rdk.dts | 2 +- .../boot/dts/freescale/imx8mm-phycore-som.dtsi | 4 +- .../boot/dts/freescale/imx8mm-venice-gw7903.dts | 4 + .../boot/dts/freescale/imx8mm-venice-gw7904.dts | 4 + arch/arm64/boot/dts/freescale/imx8mn-var-som.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mq.dtsi | 2 +- arch/arm64/kernel/fpsimd.c | 9 +- arch/arm64/kernel/ptrace.c | 10 +- arch/parisc/mm/fixmap.c | 3 - arch/parisc/mm/init.c | 34 +++ arch/powerpc/include/asm/word-at-a-time.h | 2 +- arch/powerpc/kernel/trace/ftrace_mprofile.S | 9 +- arch/powerpc/mm/init_64.c | 3 +- arch/riscv/kernel/crash_core.c | 2 + arch/s390/kernel/sthyi.c | 6 +- arch/s390/kvm/intercept.c | 9 +- arch/s390/mm/vmem.c | 2 + arch/x86/hyperv/hv_init.c | 21 ++ drivers/block/rbd.c | 28 ++- drivers/clk/imx/clk-imx93.c | 2 +- drivers/clk/mediatek/clk-mt8183.c | 27 ++ drivers/firmware/arm_scmi/mailbox.c | 4 +- drivers/firmware/arm_scmi/raw_mode.c | 5 +- drivers/firmware/arm_scmi/smc.c | 21 +- drivers/firmware/smccc/soc_id.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 35 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 178 ++++++++++---- drivers/gpu/drm/i915/gt/gen8_engine_cs.h | 21 +- drivers/gpu/drm/i915/gt/intel_gpu_commands.h | 2 + drivers/gpu/drm/i915/gt/intel_gt_regs.h | 16 +- drivers/gpu/drm/i915/gt/intel_lrc.c | 17 +- drivers/gpu/drm/i915/i915_active.c | 99 +++++--- drivers/gpu/drm/i915/i915_request.c | 11 + drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 2 +- drivers/gpu/drm/ttm/ttm_bo.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 50 ++++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 8 + drivers/isdn/hardware/mISDN/hfcpci.c | 10 +- drivers/mtd/nand/raw/fsl_upm.c | 2 +- drivers/mtd/nand/raw/meson_nand.c | 3 +- drivers/mtd/nand/raw/omap_elm.c | 24 +- drivers/mtd/nand/raw/rockchip-nand-controller.c | 45 ++-- drivers/mtd/nand/spi/toshiba.c | 4 +- drivers/mtd/nand/spi/winbond.c | 4 +- drivers/mtd/spi-nor/spansion.c | 4 +- drivers/net/dsa/bcm_sf2.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 85 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.h | 2 +- drivers/net/ethernet/broadcom/tg3.c | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 18 ++ drivers/net/ethernet/korina.c | 3 +- .../ethernet/marvell/octeon_ep/octep_ctrl_mbox.c | 3 + .../net/ethernet/marvell/prestera/prestera_pci.c | 3 +- .../ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 3 - .../net/ethernet/mellanox/mlx5/core/en/xsk/rx.c | 5 +- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 4 +- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 4 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls.c | 8 - .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 29 ++- .../mellanox/mlx5/core/en_accel/macsec_fs.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 20 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 21 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 105 ++++++-- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + .../ethernet/mellanox/mlx5/core/steering/dr_cmd.c | 5 +- drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 1 + drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 16 ++ drivers/net/ethernet/qlogic/qed/qed_fcoe.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_fcoe.h | 17 +- drivers/net/ethernet/qlogic/qed/qed_hw.c | 26 +- drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_iscsi.h | 8 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_l2.h | 24 ++ drivers/net/ethernet/qlogic/qed/qed_main.c | 6 +- drivers/net/ethernet/sfc/siena/tx_common.c | 1 + drivers/net/ethernet/sfc/tx_common.c | 1 + drivers/net/ethernet/socionext/netsec.c | 11 + drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c | 3 +- drivers/net/ethernet/sun/sunvnet_common.c | 1 + drivers/net/ethernet/xilinx/ll_temac_main.c | 12 +- drivers/net/tap.c | 3 +- drivers/net/tun.c | 2 +- drivers/net/usb/cdc_ether.c | 21 ++ drivers/net/usb/lan78xx.c | 7 +- drivers/net/usb/r8152.c | 1 + drivers/net/usb/usbnet.c | 6 + drivers/net/usb/zaurus.c | 21 ++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 1 + drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 6 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 2 - drivers/s390/net/qeth_l2_main.c | 9 +- drivers/s390/net/qeth_l3_main.c | 8 +- drivers/s390/scsi/zfcp_fc.c | 6 +- drivers/scsi/storvsc_drv.c | 4 + drivers/soc/imx/imx8mp-blk-ctrl.c | 2 +- fs/btrfs/block-group.c | 51 ++-- fs/btrfs/block-group.h | 4 +- fs/btrfs/free-space-tree.c | 24 +- fs/ceph/mds_client.c | 4 +- fs/ceph/mds_client.h | 5 + fs/ceph/super.c | 10 + fs/erofs/zdata.c | 7 +- fs/exfat/balloc.c | 6 +- fs/exfat/dir.c | 36 +-- fs/ext2/ext2.h | 12 - fs/ext2/super.c | 23 +- fs/f2fs/f2fs.h | 1 - fs/f2fs/file.c | 5 - fs/f2fs/node.c | 14 +- fs/file.c | 18 +- fs/ntfs3/attrlist.c | 4 +- fs/open.c | 2 +- fs/smb/client/dfs.c | 6 +- fs/super.c | 11 +- fs/sysv/itree.c | 4 + include/asm-generic/word-at-a-time.h | 2 +- include/linux/f2fs_fs.h | 1 + include/linux/netdevice.h | 26 +- include/linux/skbuff.h | 71 ------ include/linux/spi/spi-mem.h | 4 + include/net/gro.h | 44 ++++ include/net/gso.h | 109 ++++++++ include/net/inet_sock.h | 7 +- include/net/ip.h | 2 +- include/net/route.h | 4 +- include/net/udp.h | 1 + include/net/vxlan.h | 4 +- io_uring/timeout.c | 2 +- kernel/bpf/bloom_filter.c | 3 - kernel/bpf/bpf_local_storage.c | 3 - kernel/bpf/bpf_struct_ops.c | 3 - kernel/bpf/cpumap.c | 39 +-- kernel/bpf/devmap.c | 3 - kernel/bpf/hashtab.c | 6 - kernel/bpf/lpm_trie.c | 3 - kernel/bpf/queue_stack_maps.c | 4 - kernel/bpf/reuseport_array.c | 3 - kernel/bpf/stackmap.c | 3 - kernel/bpf/syscall.c | 136 ++++++---- kernel/trace/bpf_trace.c | 17 +- lib/Makefile | 6 + lib/debugobjects.c | 9 + lib/test_bitmap.c | 8 +- mm/filemap.c | 26 +- mm/gup.c | 2 +- mm/kasan/generic.c | 4 +- mm/kasan/tags.c | 2 +- mm/kmsan/core.c | 6 +- mm/kmsan/instrumentation.c | 2 +- mm/memcontrol.c | 19 +- mm/memory.c | 28 ++- net/bluetooth/l2cap_sock.c | 2 + net/can/raw.c | 2 +- net/ceph/osd_client.c | 20 +- net/core/Makefile | 2 +- net/core/bpf_sk_storage.c | 5 +- net/core/dev.c | 70 +----- net/core/gro.c | 59 +---- net/core/gso.c | 273 +++++++++++++++++++++ net/core/rtnetlink.c | 8 +- net/core/skbuff.c | 142 +---------- net/core/sock.c | 45 ++-- net/core/sock_map.c | 6 - net/dcb/dcbnl.c | 2 +- net/dccp/ipv6.c | 4 +- net/ipv4/af_inet.c | 1 + net/ipv4/esp4_offload.c | 1 + net/ipv4/gre_offload.c | 1 + net/ipv4/inet_diag.c | 4 +- net/ipv4/ip_output.c | 9 +- net/ipv4/ip_sockglue.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/route.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/tcp_metrics.c | 70 ++++-- net/ipv4/tcp_offload.c | 1 + net/ipv4/udp.c | 9 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/esp6_offload.c | 1 + net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 1 + net/ipv6/ip6mr.c | 2 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 6 +- net/ipv6/route.c | 7 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/udp.c | 12 +- net/ipv6/udp_offload.c | 8 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/tx.c | 1 + net/mpls/af_mpls.c | 1 + net/mpls/mpls_gso.c | 1 + net/mptcp/sockopt.c | 2 +- net/netfilter/nf_flow_table_ip.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/nft_socket.c | 2 +- net/netfilter/xt_socket.c | 4 +- net/nsh/nsh.c | 1 + net/openvswitch/actions.c | 1 + net/openvswitch/datapath.c | 1 + net/packet/af_packet.c | 12 +- net/sched/act_police.c | 1 + net/sched/cls_fw.c | 1 - net/sched/cls_route.c | 1 - net/sched/cls_u32.c | 57 ++++- net/sched/sch_cake.c | 1 + net/sched/sch_netem.c | 1 + net/sched/sch_taprio.c | 16 +- net/sched/sch_tbf.c | 1 + net/sctp/offload.c | 1 + net/smc/af_smc.c | 2 +- net/unix/af_unix.c | 2 +- net/wireless/scan.c | 2 +- net/xdp/xsk.c | 2 +- net/xdp/xskmap.c | 4 - net/xfrm/xfrm_device.c | 1 + net/xfrm/xfrm_interface_core.c | 1 + net/xfrm/xfrm_output.c | 1 + net/xfrm/xfrm_policy.c | 2 +- rust/bindings/bindings_helper.h | 1 + rust/kernel/allocator.rs | 74 ++++-- tools/perf/arch/arm64/util/pmu.c | 7 +- .../tests/shell/test_uprobe_from_different_cu.sh | 8 +- .../selftests/bpf/prog_tests/unpriv_bpf_disabled.c | 6 +- tools/testing/selftests/net/so_incoming_cpu.c | 2 +- tools/testing/selftests/rseq/rseq.c | 28 ++- .../tc-testing/tc-tests/qdiscs/taprio.json | 25 ++ tools/testing/vsock/Makefile | 2 +- 272 files changed, 2293 insertions(+), 1234 deletions(-)

1 year, 3 months

13
182
0 0

[PATCH v7 0/5] mfd: tps6586x: register restart handler

by Benjamin Bara

Hi! The Tegra20 requires an enabled VDE power domain during startup. As the VDE is currently not used, it is disabled during runtime. Since 8f0c714ad9be, there is a workaround for the "normal restart path" which enables the VDE before doing PMC's warm reboot. This workaround is not executed in the "emergency restart path", leading to a hang-up during start. This series implements and registers a new pmic-based restart handler for boards with tps6586x. This cold reboot ensures that the VDE power domain is enabled during startup on tegra20-based boards. Since bae1d3a05a8b, i2c transfers are non-atomic while preemption is disabled (which is e.g. done during panic()). This could lead to warnings ("Voluntary context switch within RCU") in i2c-based restart handlers during emergency restart. The state of preemption should be detected by i2c_in_atomic_xfer_mode() to use atomic i2c xfer when required. Beside the new system_state check, the check is the same as the one pre v5.2. --- v7: - 5/5: drop mode check (suggested by Dmitry) - Link to v6: https://lore.kernel.org/r/20230327-tegra-pmic-reboot-v6-0-af44a4cd82e9@skid… v6: - drop 4/6 to abort restart on unexpected failure (suggested by Dmitry) - 4,5: fix comments in handlers (suggested by Lee) - 4,5: same delay for both handlers (suggested by Lee) v5: - introduce new 3 & 4, therefore 3 -> 5, 4 -> 6 - 3: provide dev to sys_off handler, if it is known - 4: return NOTIFY_DONE from sys_off_notify, to avoid skipping - 5: drop Reviewed-by from Dmitry, add poweroff timeout - 5,6: return notifier value instead of direct errno from handler - 5,6: use new dev field instead of passing dev as cb_data - 5,6: increase timeout values based on error observations - 6: skip unsupported reboot modes in restart handler --- Benjamin Bara (5): kernel/reboot: emergency_restart: set correct system_state i2c: core: run atomic i2c xfer when !preemptible kernel/reboot: add device to sys_off_handler mfd: tps6586x: use devm-based power off handler mfd: tps6586x: register restart handler drivers/i2c/i2c-core.h | 2 +- drivers/mfd/tps6586x.c | 50 ++++++++++++++++++++++++++++++++++++++++++-------- include/linux/reboot.h | 3 +++ kernel/reboot.c | 4 ++++ 4 files changed, 50 insertions(+), 9 deletions(-) --- base-commit: 197b6b60ae7bc51dd0814953c562833143b292aa change-id: 20230327-tegra-pmic-reboot-4175ff814a4b Best regards, -- Benjamin Bara <benjamin.bara(a)skidata.com>

1 year, 3 months

6
19
0 0

[PATCH] ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on action required events

by Shuai Xue

There are two major types of uncorrected error (UC) : - Action Required: The error is detected and the processor already consumes the memory. OS requires to take action (for example, offline failure page/kill failure thread) to recover this uncorrectable error. - Action Optional: The error is detected out of processor execution context. Some data in the memory are corrupted. But the data have not been consumed. OS is optional to take action to recover this uncorrectable error. For X86 platforms, we can easily distinguish between these two types based on the MCA Bank. While for arm64 platform, the memory failure flags for all UCs which severity are GHES_SEV_RECOVERABLE are set as 0, a.k.a, Action Optional now. If UC is detected by a background scrubber, it is obviously an Action Optional error. For other errors, we should conservatively regard them as Action Required. cper_sec_mem_err::error_type identifies the type of error that occurred if CPER_MEM_VALID_ERROR_TYPE is set. So, set memory failure flags as 0 for Scrub Uncorrected Error (type 14). Otherwise, set memory failure flags as MF_ACTION_REQUIRED. Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> --- drivers/acpi/apei/ghes.c | 10 ++++++++-- include/linux/cper.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c index 80ad530583c9..6c03059cbfc6 100644 --- a/drivers/acpi/apei/ghes.c +++ b/drivers/acpi/apei/ghes.c @@ -474,8 +474,14 @@ static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata, if (sec_sev == GHES_SEV_CORRECTED && (gdata->flags & CPER_SEC_ERROR_THRESHOLD_EXCEEDED)) flags = MF_SOFT_OFFLINE; - if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) - flags = 0; + if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) { + if (mem_err->validation_bits & CPER_MEM_VALID_ERROR_TYPE) + flags = mem_err->error_type == CPER_MEM_SCRUB_UC ? + 0 : + MF_ACTION_REQUIRED; + else + flags = MF_ACTION_REQUIRED; + } if (flags != -1) return ghes_do_memory_failure(mem_err->physical_addr, flags); diff --git a/include/linux/cper.h b/include/linux/cper.h index eacb7dd7b3af..b77ab7636614 100644 --- a/include/linux/cper.h +++ b/include/linux/cper.h @@ -235,6 +235,9 @@ enum { #define CPER_MEM_VALID_BANK_ADDRESS 0x100000 #define CPER_MEM_VALID_CHIP_ID 0x200000 +#define CPER_MEM_SCRUB_CE 13 +#define CPER_MEM_SCRUB_UC 14 + #define CPER_MEM_EXT_ROW_MASK 0x3 #define CPER_MEM_EXT_ROW_SHIFT 16 -- 2.20.1.9.gb50a0d7

1 year, 3 months

9
45
0 0

[RFT 1/2] RISC-V: handle missing "no-map" properties for OpenSBI's PMP protected regions

by Conor Dooley

Add an erratum for versions [v0.8 to v1.3) of OpenSBI which fail to add the "no-map" property to the reserved memory nodes for the regions it has protected using PMPs. Our existing fix sweeping hibernation under the carpet by marking it NONPORTABLE is insufficient as there are other ways to generate accesses to these reserved memory regions, as Petr discovered [1] while testing crash kernels & kdump. Intercede during the boot process when the afflicted versions of OpenSBI are present & set the "no-map" property in all "mmode_resv" nodes before the kernel does its reserved memory region initialisation. Reported-by: Song Shuai <suagrfillet(a)gmail.com> Link: https://lore.kernel.org/all/CAAYs2=gQvkhTeioMmqRDVGjdtNF_vhB+vm_1dHJxPNi75Y… Reported-by: JeeHeng Sia <jeeheng.sia(a)starfivetech.com> Link: https://groups.google.com/a/groups.riscv.org/g/sw-dev/c/ITXwaKfA6z8 Reported-by: Petr Tesarik <petrtesarik(a)huaweicloud.com> Closes: https://lore.kernel.org/linux-riscv/76ff0f51-d6c1-580d-f943-061e93073306@hu… [1] CC: stable(a)vger.kernel.org Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- arch/riscv/include/asm/sbi.h | 5 +++++ arch/riscv/kernel/sbi.c | 42 +++++++++++++++++++++++++++++++++++- arch/riscv/mm/init.c | 3 +++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/sbi.h b/arch/riscv/include/asm/sbi.h index 5b4a1bf5f439..5360f3476278 100644 --- a/arch/riscv/include/asm/sbi.h +++ b/arch/riscv/include/asm/sbi.h @@ -252,6 +252,9 @@ enum sbi_pmu_ctr_type { #define SBI_ERR_ALREADY_STARTED -7 #define SBI_ERR_ALREADY_STOPPED -8 +/* SBI implementation IDs */ +#define SBI_IMP_OPENSBI 1 + extern unsigned long sbi_spec_version; struct sbiret { long error; @@ -259,6 +262,8 @@ struct sbiret { }; void sbi_init(void); +void sbi_apply_reserved_mem_erratum(void *dtb_va); + struct sbiret sbi_ecall(int ext, int fid, unsigned long arg0, unsigned long arg1, unsigned long arg2, unsigned long arg3, unsigned long arg4, diff --git a/arch/riscv/kernel/sbi.c b/arch/riscv/kernel/sbi.c index c672c8ba9a2a..aeb27263fa53 100644 --- a/arch/riscv/kernel/sbi.c +++ b/arch/riscv/kernel/sbi.c @@ -5,8 +5,10 @@ * Copyright (c) 2020 Western Digital Corporation or its affiliates. */ +#include <linux/acpi.h> #include <linux/bits.h> #include <linux/init.h> +#include <linux/libfdt.h> #include <linux/pm.h> #include <linux/reboot.h> #include <asm/sbi.h> @@ -583,6 +585,40 @@ long sbi_get_mimpid(void) } EXPORT_SYMBOL_GPL(sbi_get_mimpid); +static long sbi_firmware_id; +static long sbi_firmware_version; + +/* + * For devicetrees patched by OpenSBI a "mmode_resv" node is added to cover + * the region OpenSBI has protected by means of a PMP. Some versions of OpenSBI, + * [v0.8 to v1.3), omitted the "no-map" property, but this trips up hibernation + * among other things. + */ +void __init sbi_apply_reserved_mem_erratum(void *dtb_pa) +{ + int child, reserved_mem; + + if (sbi_firmware_id != SBI_IMP_OPENSBI) + return; + + if (!acpi_disabled) + return; + + if (sbi_firmware_version >= 0x10003 || sbi_firmware_version < 0x8) + return; + + reserved_mem = fdt_path_offset((void *)dtb_pa, "/reserved-memory"); + if (reserved_mem < 0) + return; + + fdt_for_each_subnode(child, (void *)dtb_pa, reserved_mem) { + const char *name = fdt_get_name((void *)dtb_pa, child, NULL); + + if (!strncmp(name, "mmode_resv", 10)) + fdt_setprop((void *)dtb_pa, child, "no-map", NULL, 0); + } +}; + void __init sbi_init(void) { int ret; @@ -596,8 +632,12 @@ void __init sbi_init(void) sbi_major_version(), sbi_minor_version()); if (!sbi_spec_is_0_1()) { + sbi_firmware_id = sbi_get_firmware_id(); + sbi_firmware_version = sbi_get_firmware_version(); + pr_info("SBI implementation ID=0x%lx Version=0x%lx\n", - sbi_get_firmware_id(), sbi_get_firmware_version()); + sbi_firmware_id, sbi_firmware_version); + if (sbi_probe_extension(SBI_EXT_TIME)) { __sbi_set_timer = __sbi_set_timer_v02; pr_info("SBI TIME extension detected\n"); diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 70fb31960b63..cb16bfdeacdb 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -29,6 +29,7 @@ #include <asm/tlbflush.h> #include <asm/sections.h> #include <asm/soc.h> +#include <asm/sbi.h> #include <asm/io.h> #include <asm/ptdump.h> #include <asm/numa.h> @@ -253,6 +254,8 @@ static void __init setup_bootmem(void) * in the device tree, otherwise the allocation could end up in a * reserved region. */ + + sbi_apply_reserved_mem_erratum(dtb_early_va); early_init_fdt_scan_reserved_mem(); /* -- 2.40.1

1 year, 3 months

8
19
0 0

FAILED: patch "[PATCH] powerpc/ftrace: Create a dummy stackframe to fix stack unwind" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 41a506ef71eb38d94fe133f565c87c3e06ccc072 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023080733-wife-elope-de1b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 41a506ef71eb ("powerpc/ftrace: Create a dummy stackframe to fix stack unwind") a5f04d1f2724 ("powerpc/ftrace: Regroup PPC64 specific operations in ftrace_mprofile.S") 228216716cb5 ("powerpc/ftrace: Refactor ftrace_{regs_}caller") 9bdb2eec3dde ("powerpc/ftrace: Don't use lmw/stmw in ftrace_regs_caller()") 76b372814b08 ("powerpc/ftrace: Style cleanup in ftrace_mprofile.S") fc75f8733798 ("powerpc/ftrace: Have arch_ftrace_get_regs() return NULL unless FL_SAVE_REGS is set") 34d8dac807f0 ("powerpc/ftrace: Also save r1 in ftrace_caller()") 4ee83a2cfbc4 ("powerpc/ftrace: Remove ftrace_32.S") 41315494beed ("powerpc/ftrace: Prepare ftrace_64_mprofile.S for reuse by PPC32") 830213786c49 ("powerpc/ftrace: directly call of function graph tracer by ftrace caller") 0c81ed5ed438 ("powerpc/ftrace: Refactor ftrace_{en/dis}able_ftrace_graph_caller") 40b035efe288 ("powerpc/ftrace: Implement CONFIG_DYNAMIC_FTRACE_WITH_ARGS") c75388a8ceff ("powerpc/ftrace: Prepare PPC64's ftrace_caller() for CONFIG_DYNAMIC_FTRACE_WITH_ARGS") d95bf254be5f ("powerpc/ftrace: Prepare PPC32's ftrace_caller() for CONFIG_DYNAMIC_FTRACE_WITH_ARGS") 7bdb478c1d15 ("powerpc/ftrace: Simplify PPC32's return_to_handler()") 7875bc9b07cd ("powerpc/ftrace: Don't save again LR in ftrace_regs_caller() on PPC32") c545b9f040f3 ("powerpc/inst: Define ppc_inst_t") aebd1fb45c62 ("powerpc: flexible GPR range save/restore macros") 7dfbfb87c243 ("powerpc/ftrace: Activate HAVE_DYNAMIC_FTRACE_WITH_REGS on PPC32") c93d4f6ecf4b ("powerpc/ftrace: Add module_trampoline_target() for PPC32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41a506ef71eb38d94fe133f565c87c3e06ccc072 Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Wed, 21 Jun 2023 10:43:49 +0530 Subject: [PATCH] powerpc/ftrace: Create a dummy stackframe to fix stack unwind With ppc64 -mprofile-kernel and ppc32 -pg, profiling instructions to call into ftrace are emitted right at function entry. The instruction sequence used is minimal to reduce overhead. Crucially, a stackframe is not created for the function being traced. This breaks stack unwinding since the function being traced does not have a stackframe for itself. As such, it never shows up in the backtrace: /sys/kernel/debug/tracing # echo 1 > /proc/sys/kernel/stack_tracer_enabled /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 4144 32 ftrace_call+0x4/0x44 1) 4112 432 get_page_from_freelist+0x26c/0x1ad0 2) 3680 496 __alloc_pages+0x290/0x1280 3) 3184 336 __folio_alloc+0x34/0x90 4) 2848 176 vma_alloc_folio+0xd8/0x540 5) 2672 272 __handle_mm_fault+0x700/0x1cc0 6) 2400 208 handle_mm_fault+0xf0/0x3f0 7) 2192 80 ___do_page_fault+0x3e4/0xbe0 8) 2112 160 do_page_fault+0x30/0xc0 9) 1952 256 data_access_common_virt+0x210/0x220 10) 1696 400 0xc00000000f16b100 11) 1296 384 load_elf_binary+0x804/0x1b80 12) 912 208 bprm_execve+0x2d8/0x7e0 13) 704 64 do_execveat_common+0x1d0/0x2f0 14) 640 160 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 Fix this by having ftrace create a dummy stackframe for the function being traced. With this, backtraces now capture the function being traced: /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 3888 32 _raw_spin_trylock+0x8/0x70 1) 3856 576 get_page_from_freelist+0x26c/0x1ad0 2) 3280 64 __alloc_pages+0x290/0x1280 3) 3216 336 __folio_alloc+0x34/0x90 4) 2880 176 vma_alloc_folio+0xd8/0x540 5) 2704 416 __handle_mm_fault+0x700/0x1cc0 6) 2288 96 handle_mm_fault+0xf0/0x3f0 7) 2192 48 ___do_page_fault+0x3e4/0xbe0 8) 2144 192 do_page_fault+0x30/0xc0 9) 1952 608 data_access_common_virt+0x210/0x220 10) 1344 16 0xc0000000334bbb50 11) 1328 416 load_elf_binary+0x804/0x1b80 12) 912 64 bprm_execve+0x2d8/0x7e0 13) 848 176 do_execveat_common+0x1d0/0x2f0 14) 672 192 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 This results in two additional stores in the ftrace entry code, but produces reliable backtraces. Fixes: 153086644fd1 ("powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI") Cc: stable(a)vger.kernel.org Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20230621051349.759567-1-naveen@kernel.org diff --git a/arch/powerpc/kernel/trace/ftrace_mprofile.S b/arch/powerpc/kernel/trace/ftrace_mprofile.S index ffb1db386849..1f7d86de1538 100644 --- a/arch/powerpc/kernel/trace/ftrace_mprofile.S +++ b/arch/powerpc/kernel/trace/ftrace_mprofile.S @@ -33,6 +33,9 @@ * and then arrange for the ftrace function to be called. */ .macro ftrace_regs_entry allregs + /* Create a minimal stack frame for representing B */ + PPC_STLU r1, -STACK_FRAME_MIN_SIZE(r1) + /* Create our stack frame + pt_regs */ PPC_STLU r1,-SWITCH_FRAME_SIZE(r1) @@ -42,7 +45,7 @@ #ifdef CONFIG_PPC64 /* Save the original return address in A's stack frame */ - std r0, LRSAVE+SWITCH_FRAME_SIZE(r1) + std r0, LRSAVE+SWITCH_FRAME_SIZE+STACK_FRAME_MIN_SIZE(r1) /* Ok to continue? */ lbz r3, PACA_FTRACE_ENABLED(r13) cmpdi r3, 0 @@ -77,6 +80,8 @@ mflr r7 /* Save it as pt_regs->nip */ PPC_STL r7, _NIP(r1) + /* Also save it in B's stackframe header for proper unwind */ + PPC_STL r7, LRSAVE+SWITCH_FRAME_SIZE(r1) /* Save the read LR in pt_regs->link */ PPC_STL r0, _LINK(r1) @@ -142,7 +147,7 @@ #endif /* Pop our stack frame */ - addi r1, r1, SWITCH_FRAME_SIZE + addi r1, r1, SWITCH_FRAME_SIZE+STACK_FRAME_MIN_SIZE #ifdef CONFIG_LIVEPATCH_64 /* Based on the cmpd above, if the NIP was altered handle livepatch */

1 year, 3 months

3
3
0 0

FAILED: patch "[PATCH] powerpc/ftrace: Create a dummy stackframe to fix stack unwind" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 41a506ef71eb38d94fe133f565c87c3e06ccc072 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023080735-masculine-twister-ba16@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 41a506ef71eb ("powerpc/ftrace: Create a dummy stackframe to fix stack unwind") a5f04d1f2724 ("powerpc/ftrace: Regroup PPC64 specific operations in ftrace_mprofile.S") 228216716cb5 ("powerpc/ftrace: Refactor ftrace_{regs_}caller") 9bdb2eec3dde ("powerpc/ftrace: Don't use lmw/stmw in ftrace_regs_caller()") 76b372814b08 ("powerpc/ftrace: Style cleanup in ftrace_mprofile.S") fc75f8733798 ("powerpc/ftrace: Have arch_ftrace_get_regs() return NULL unless FL_SAVE_REGS is set") 34d8dac807f0 ("powerpc/ftrace: Also save r1 in ftrace_caller()") 4ee83a2cfbc4 ("powerpc/ftrace: Remove ftrace_32.S") 41315494beed ("powerpc/ftrace: Prepare ftrace_64_mprofile.S for reuse by PPC32") 830213786c49 ("powerpc/ftrace: directly call of function graph tracer by ftrace caller") 0c81ed5ed438 ("powerpc/ftrace: Refactor ftrace_{en/dis}able_ftrace_graph_caller") 40b035efe288 ("powerpc/ftrace: Implement CONFIG_DYNAMIC_FTRACE_WITH_ARGS") c75388a8ceff ("powerpc/ftrace: Prepare PPC64's ftrace_caller() for CONFIG_DYNAMIC_FTRACE_WITH_ARGS") d95bf254be5f ("powerpc/ftrace: Prepare PPC32's ftrace_caller() for CONFIG_DYNAMIC_FTRACE_WITH_ARGS") 7bdb478c1d15 ("powerpc/ftrace: Simplify PPC32's return_to_handler()") 7875bc9b07cd ("powerpc/ftrace: Don't save again LR in ftrace_regs_caller() on PPC32") c545b9f040f3 ("powerpc/inst: Define ppc_inst_t") aebd1fb45c62 ("powerpc: flexible GPR range save/restore macros") 7dfbfb87c243 ("powerpc/ftrace: Activate HAVE_DYNAMIC_FTRACE_WITH_REGS on PPC32") c93d4f6ecf4b ("powerpc/ftrace: Add module_trampoline_target() for PPC32") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 41a506ef71eb38d94fe133f565c87c3e06ccc072 Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Wed, 21 Jun 2023 10:43:49 +0530 Subject: [PATCH] powerpc/ftrace: Create a dummy stackframe to fix stack unwind With ppc64 -mprofile-kernel and ppc32 -pg, profiling instructions to call into ftrace are emitted right at function entry. The instruction sequence used is minimal to reduce overhead. Crucially, a stackframe is not created for the function being traced. This breaks stack unwinding since the function being traced does not have a stackframe for itself. As such, it never shows up in the backtrace: /sys/kernel/debug/tracing # echo 1 > /proc/sys/kernel/stack_tracer_enabled /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 4144 32 ftrace_call+0x4/0x44 1) 4112 432 get_page_from_freelist+0x26c/0x1ad0 2) 3680 496 __alloc_pages+0x290/0x1280 3) 3184 336 __folio_alloc+0x34/0x90 4) 2848 176 vma_alloc_folio+0xd8/0x540 5) 2672 272 __handle_mm_fault+0x700/0x1cc0 6) 2400 208 handle_mm_fault+0xf0/0x3f0 7) 2192 80 ___do_page_fault+0x3e4/0xbe0 8) 2112 160 do_page_fault+0x30/0xc0 9) 1952 256 data_access_common_virt+0x210/0x220 10) 1696 400 0xc00000000f16b100 11) 1296 384 load_elf_binary+0x804/0x1b80 12) 912 208 bprm_execve+0x2d8/0x7e0 13) 704 64 do_execveat_common+0x1d0/0x2f0 14) 640 160 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 Fix this by having ftrace create a dummy stackframe for the function being traced. With this, backtraces now capture the function being traced: /sys/kernel/debug/tracing # cat stack_trace Depth Size Location (17 entries) ----- ---- -------- 0) 3888 32 _raw_spin_trylock+0x8/0x70 1) 3856 576 get_page_from_freelist+0x26c/0x1ad0 2) 3280 64 __alloc_pages+0x290/0x1280 3) 3216 336 __folio_alloc+0x34/0x90 4) 2880 176 vma_alloc_folio+0xd8/0x540 5) 2704 416 __handle_mm_fault+0x700/0x1cc0 6) 2288 96 handle_mm_fault+0xf0/0x3f0 7) 2192 48 ___do_page_fault+0x3e4/0xbe0 8) 2144 192 do_page_fault+0x30/0xc0 9) 1952 608 data_access_common_virt+0x210/0x220 10) 1344 16 0xc0000000334bbb50 11) 1328 416 load_elf_binary+0x804/0x1b80 12) 912 64 bprm_execve+0x2d8/0x7e0 13) 848 176 do_execveat_common+0x1d0/0x2f0 14) 672 192 sys_execve+0x54/0x70 15) 480 64 system_call_exception+0x138/0x350 16) 416 416 system_call_common+0x160/0x2c4 This results in two additional stores in the ftrace entry code, but produces reliable backtraces. Fixes: 153086644fd1 ("powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI") Cc: stable(a)vger.kernel.org Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20230621051349.759567-1-naveen@kernel.org diff --git a/arch/powerpc/kernel/trace/ftrace_mprofile.S b/arch/powerpc/kernel/trace/ftrace_mprofile.S index ffb1db386849..1f7d86de1538 100644 --- a/arch/powerpc/kernel/trace/ftrace_mprofile.S +++ b/arch/powerpc/kernel/trace/ftrace_mprofile.S @@ -33,6 +33,9 @@ * and then arrange for the ftrace function to be called. */ .macro ftrace_regs_entry allregs + /* Create a minimal stack frame for representing B */ + PPC_STLU r1, -STACK_FRAME_MIN_SIZE(r1) + /* Create our stack frame + pt_regs */ PPC_STLU r1,-SWITCH_FRAME_SIZE(r1) @@ -42,7 +45,7 @@ #ifdef CONFIG_PPC64 /* Save the original return address in A's stack frame */ - std r0, LRSAVE+SWITCH_FRAME_SIZE(r1) + std r0, LRSAVE+SWITCH_FRAME_SIZE+STACK_FRAME_MIN_SIZE(r1) /* Ok to continue? */ lbz r3, PACA_FTRACE_ENABLED(r13) cmpdi r3, 0 @@ -77,6 +80,8 @@ mflr r7 /* Save it as pt_regs->nip */ PPC_STL r7, _NIP(r1) + /* Also save it in B's stackframe header for proper unwind */ + PPC_STL r7, LRSAVE+SWITCH_FRAME_SIZE(r1) /* Save the read LR in pt_regs->link */ PPC_STL r0, _LINK(r1) @@ -142,7 +147,7 @@ #endif /* Pop our stack frame */ - addi r1, r1, SWITCH_FRAME_SIZE + addi r1, r1, SWITCH_FRAME_SIZE+STACK_FRAME_MIN_SIZE #ifdef CONFIG_LIVEPATCH_64 /* Based on the cmpd above, if the NIP was altered handle livepatch */

1 year, 4 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2023