January 2024 - Linux-stable-mirror

[PATCH 5.4.y 1/2] binder: fix race between mmput() and do_exit()

by Carlos Llamas

commit 9a9ab0d963621d9d12199df9817e66982582d5a5 upstream. Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mmap() | remove_vma() | fput() | In this case, the work of ____fput() from Task B is queued up in Task A as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup work gets executed. However, Task A instead sleep, waiting for a reply from Task B that never comes (it's dead). This means the binder_deferred_release() is blocked until an unrelated binder event forces Task A to go back to userspace. All the associated death notifications will also be delayed until then. In order to fix this use mmput_async() that will schedule the work in the corresponding mm->async_put_work WQ instead of Task A. Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20231201172212.1813387-4-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [cmllamas: fix trivial conflict with missing d8ed45c5dcd4.] Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index d0d422b5e243..d2c887d96d33 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -272,7 +272,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, } if (mm) { up_write(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return 0; @@ -305,7 +305,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, err_no_vma: if (mm) { up_write(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return vma ? -ENOMEM : -ESRCH; } base-commit: 9153fc9664959aa6bb35915b2bbd8fbc4c762962 prerequisite-patch-id: 040c7991c3b5fb63a9d12350a1400c91a057f7d5 -- 2.43.0.429.g432eaa2c6b-goog

1 year, 10 months

1
1
0 0

[PATCH 5.10/5.15] jfs: add check if log->bdev is NULL in lbmStartIO()

by Mikhail Ukhin

Fuzzing of 5.10 stable branch shows NULL pointer dereference happens in lbmStartIO() on log->bdev pointer. The reason for bdev being NULL is the JFS_NOINTEGRITY flag is set on mount of this fs. When this flag is enabled, it results in the open_dummy_log function being called, which initializes a new dummy_log, but does not assign a value to bdev. The error is fixed in 5.18 by commit 07888c665b405b1cd3577ddebfeb74f4717a84c4. Backport of this commit is too intrusive, so it is more reasonable to apply a small patch to fix this issue. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Signed-off-by: Pavel Koshutin <koshutin.pavel(a)yandex.ru> Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> --- fs/jfs/jfs_logmgr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c index 78fd136ac13b..d6f0fea96ba1 100644 --- a/fs/jfs/jfs_logmgr.c +++ b/fs/jfs/jfs_logmgr.c @@ -1983,7 +1983,8 @@ static int lbmRead(struct jfs_log * log, int pn, struct lbuf ** bpp) bio = bio_alloc(GFP_NOFS, 1); bio->bi_iter.bi_sector = bp->l_blkno << (log->l2bsize - 9); - bio_set_dev(bio, log->bdev); + if (log->bdev != NULL) + bio_set_dev(bio, log->bdev); bio_add_page(bio, bp->l_page, LOGPSIZE, bp->l_offset); BUG_ON(bio->bi_iter.bi_size != LOGPSIZE); @@ -2127,7 +2128,8 @@ static void lbmStartIO(struct lbuf * bp) bio = bio_alloc(GFP_NOFS, 1); bio->bi_iter.bi_sector = bp->l_blkno << (log->l2bsize - 9); - bio_set_dev(bio, log->bdev); + if (log->bdev != NULL) + bio_set_dev(bio, log->bdev); bio_add_page(bio, bp->l_page, LOGPSIZE, bp->l_offset); BUG_ON(bio->bi_iter.bi_size != LOGPSIZE); -- 2.25.1

1 year, 10 months

3
3
0 0

[PATCH 5.10.y 1/1] net: ethernet: mtk_eth_soc: remove duplicate if statements

by Chukun Pan

It seems that there was something wrong with backport, causing `if (err)` to appear twice in the same place. Fixes: da86a63479e ("net: ethernet: mtk_eth_soc: fix error handling in mtk_open()") Signed-off-by: Chukun Pan <amadeus(a)jmu.edu.cn> --- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c index aa9e616cc1d5..011210e6842d 100644 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -2302,7 +2302,6 @@ static int mtk_open(struct net_device *dev) if (!refcount_read(&eth->dma_refcnt)) { int err = mtk_start_dma(eth); - if (err) if (err) { phylink_disconnect_phy(mac->phylink); return err; -- 2.25.1

1 year, 10 months

2
1
0 0

[PATCH 5.10/5.15 0/1] kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list

by Fedor Pchelkin

The `WARNING in kprobe_optimizer` is reproduced on 5.10/5.15 stable branches. The problem ([1], link included in original commit description) has been fixed by the following patch which can be cleanly applied to 5.10/5.15. The fix is already present in all stable branches starting from 6.1. Link to the "failed to apply to 5.15" report [2]. Link to the "failed to apply to 5.10" report [3]. [1]: https://lore.kernel.org/all/Y8URdIfVr3pq2X8w@xpf.sh.intel.com/ [2]: https://lore.kernel.org/stable/16781827629218@kroah.com/ [3]: https://lore.kernel.org/stable/16781827635613@kroah.com/

1 year, 10 months

2
2
0 0

[PATCH stable 5.15] bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25

by Jiri Olsa

From: Alan Maguire <alan.maguire(a)oracle.com> commit 7b99f75942da332e3f4f865e55a10fec95a30d4f upstream. [ small context conflict because of not backported --lang_exclude=rust option, which is not needed in 5.15 ] v1.25 of pahole supports filtering out functions with multiple inconsistent function prototypes or optimized-out parameters from the BTF representation. These present problems because there is no additional info in BTF saying which inconsistent prototype matches which function instance to help guide attachment, and functions with optimized-out parameters can lead to incorrect assumptions about register contents. So for now, filter out such functions while adding BTF representations for functions that have "."-suffixes (foo.isra.0) but not optimized-out parameters. This patch assumes that below linked changes land in pahole for v1.25. Issues with pahole filtering being too aggressive in removing functions appear to be resolved now, but CI and further testing will confirm. Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20230510130241.1696561-1-alan.maguire@oracle.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> --- scripts/pahole-flags.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh index d38fa6d84d62..5c724f697100 100755 --- a/scripts/pahole-flags.sh +++ b/scripts/pahole-flags.sh @@ -20,5 +20,8 @@ fi if [ "${pahole_ver}" -ge "124" ]; then extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64" fi +if [ "${pahole_ver}" -ge "125" ]; then + extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_inconsistent_proto --btf_gen_optimized" +fi echo ${extra_paholeopt} -- 2.43.0

1 year, 10 months

2
1
0 0

Re: kernelci/kernelci.org bisection: baseline-nfs.bootrr.deferred-probe-empty on at91sam9g20ek

by Mark Brown

On Tue, Jan 16, 2024 at 10:25:28AM -0800, KernelCI bot wrote: The KernelCI bisection bot has identified bc7d0133181e5f33aca ("ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek") from the v5.15 stable tree as causing something to fail to probe on at91sam9g20ek, most likely the audio driver though I didn't pull the logs to verify. The commit isn't a particularly obvious one for backporting. Full bisection report below. > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * This automated bisection report was sent to you on the basis * > * that you may be involved with the breaking commit it has * > * found. No manual investigation has been done to verify it, * > * and the root cause of the problem may be somewhere else. * > * * > * If you do send a fix, please include this trailer: * > * Reported-by: "kernelci.org bot" <bot(a)kernelci.org> * > * * > * Hope this helps! * > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > > kernelci/kernelci.org bisection: baseline-nfs.bootrr.deferred-probe-empty on at91sam9g20ek > > Summary: > Start: bd7e92d593935 kernelci-20240116.0 > Plain log: https://storage.kernelci.org/kernelci/kernelci.org/kernelci-20240116.0/arm/… > HTML log: https://storage.kernelci.org/kernelci/kernelci.org/kernelci-20240116.0/arm/… > Result: bc7d0133181e5 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > > Checks: > revert: PASS > verify: PASS > > Parameters: > Tree: kernelci > URL: https://github.com/kernelci/linux.git > Branch: kernelci.org > Target: at91sam9g20ek > CPU arch: arm > Lab: lab-broonie > Compiler: gcc-10 > Config: multi_v5_defconfig > Test case: baseline-nfs.bootrr.deferred-probe-empty > > Breaking commit found: > > ------------------------------------------------------------------------------- > commit bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88 > Author: Mark Brown <broonie(a)kernel.org> > Date: Fri Mar 25 15:42:39 2022 +0000 > > ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > > [ Upstream commit c775cbf62ed4911e4f0f23880f01815753123690 ] > > The MCLK of the WM8731 on the AT91SAM9G20-EK board is connected to the > PCK0 output of the SoC, intended in the reference software to be supplied > using PLLB and programmed to 12MHz. As originally written for use with a > board file the audio driver was responsible for configuring the entire tree > but in the conversion to the common clock framework the registration of > the named pck0 and pllb clocks was removed so the driver has failed to > instantiate ever since. > > Since the WM8731 driver has had support for managing a MCLK provided via > the common clock framework for some time we can simply drop all the clock > management code from the machine driver other than configuration of the > sysclk rate, the CODEC driver still respects that configuration from the > machine driver. > > Fixes: ff78a189b0ae55f ("ARM: at91: remove old at91-specific clock driver") > Signed-off-by: Mark Brown <broonie(a)kernel.org> > Reviewed-by: Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> > Link: https://lore.kernel.org/r/20220325154241.1600757-2-broonie@kernel.org > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/sound/soc/atmel/sam9g20_wm8731.c b/sound/soc/atmel/sam9g20_wm8731.c > index 8a55d59a6c2aa..d243de5f23dc1 100644 > --- a/sound/soc/atmel/sam9g20_wm8731.c > +++ b/sound/soc/atmel/sam9g20_wm8731.c > @@ -46,35 +46,6 @@ > */ > #undef ENABLE_MIC_INPUT > > -static struct clk *mclk; > - > -static int at91sam9g20ek_set_bias_level(struct snd_soc_card *card, > - struct snd_soc_dapm_context *dapm, > - enum snd_soc_bias_level level) > -{ > - static int mclk_on; > - int ret = 0; > - > - switch (level) { > - case SND_SOC_BIAS_ON: > - case SND_SOC_BIAS_PREPARE: > - if (!mclk_on) > - ret = clk_enable(mclk); > - if (ret == 0) > - mclk_on = 1; > - break; > - > - case SND_SOC_BIAS_OFF: > - case SND_SOC_BIAS_STANDBY: > - if (mclk_on) > - clk_disable(mclk); > - mclk_on = 0; > - break; > - } > - > - return ret; > -} > - > static const struct snd_soc_dapm_widget at91sam9g20ek_dapm_widgets[] = { > SND_SOC_DAPM_MIC("Int Mic", NULL), > SND_SOC_DAPM_SPK("Ext Spk", NULL), > @@ -135,7 +106,6 @@ static struct snd_soc_card snd_soc_at91sam9g20ek = { > .owner = THIS_MODULE, > .dai_link = &at91sam9g20ek_dai, > .num_links = 1, > - .set_bias_level = at91sam9g20ek_set_bias_level, > > .dapm_widgets = at91sam9g20ek_dapm_widgets, > .num_dapm_widgets = ARRAY_SIZE(at91sam9g20ek_dapm_widgets), > @@ -148,7 +118,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > { > struct device_node *np = pdev->dev.of_node; > struct device_node *codec_np, *cpu_np; > - struct clk *pllb; > struct snd_soc_card *card = &snd_soc_at91sam9g20ek; > int ret; > > @@ -162,31 +131,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > return -EINVAL; > } > > - /* > - * Codec MCLK is supplied by PCK0 - set it up. > - */ > - mclk = clk_get(NULL, "pck0"); > - if (IS_ERR(mclk)) { > - dev_err(&pdev->dev, "Failed to get MCLK\n"); > - ret = PTR_ERR(mclk); > - goto err; > - } > - > - pllb = clk_get(NULL, "pllb"); > - if (IS_ERR(pllb)) { > - dev_err(&pdev->dev, "Failed to get PLLB\n"); > - ret = PTR_ERR(pllb); > - goto err_mclk; > - } > - ret = clk_set_parent(mclk, pllb); > - clk_put(pllb); > - if (ret != 0) { > - dev_err(&pdev->dev, "Failed to set MCLK parent\n"); > - goto err_mclk; > - } > - > - clk_set_rate(mclk, MCLK_RATE); > - > card->dev = &pdev->dev; > > /* Parse device node info */ > @@ -230,9 +174,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > > return ret; > > -err_mclk: > - clk_put(mclk); > - mclk = NULL; > err: > atmel_ssc_put_audio(0); > return ret; > @@ -242,8 +183,6 @@ static int at91sam9g20ek_audio_remove(struct platform_device *pdev) > { > struct snd_soc_card *card = platform_get_drvdata(pdev); > > - clk_disable(mclk); > - mclk = NULL; > snd_soc_unregister_card(card); > atmel_ssc_put_audio(0); > ------------------------------------------------------------------------------- > > > Git bisection log: > > ------------------------------------------------------------------------------- > git bisect start > # good: [8bb7eca972ad531c9b149c0a51ab43a417385813] Linux 5.15 > git bisect good 8bb7eca972ad531c9b149c0a51ab43a417385813 > # bad: [bd7e92d593935dd5324b1a129a4753ab866fa8fc] kernelci-20240116.0 > git bisect bad bd7e92d593935dd5324b1a129a4753ab866fa8fc > # bad: [5a7a5b2edac4b05abd744eeaebda46d9dacd952d] drm/radeon: add a force flush to delay work when radeon > git bisect bad 5a7a5b2edac4b05abd744eeaebda46d9dacd952d > # good: [157a22ca80c50f64c495767331045d501c9ff013] staging:iio:adc:ad7280a: Fix handing of device address bit reversing. > git bisect good 157a22ca80c50f64c495767331045d501c9ff013 > # bad: [e0199ce728fb98a96a20136a5edb11c160d3151f] drm/amd/pm: Fix missing thermal throttler status > git bisect bad e0199ce728fb98a96a20136a5edb11c160d3151f > # bad: [fa189827f00c67b8ac2c396ee79d767c6a9ad6b9] netlink: do not reset transport header in netlink_recvmsg() > git bisect bad fa189827f00c67b8ac2c396ee79d767c6a9ad6b9 > # good: [56e44ff13d841cbb8638e7ec7759240a556752cd] ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error > git bisect good 56e44ff13d841cbb8638e7ec7759240a556752cd > # bad: [858d93280e83561997cc06f5318ac22464d2bae0] serial: imx: fix overrun interrupts in DMA mode > git bisect bad 858d93280e83561997cc06f5318ac22464d2bae0 > # bad: [84e77e72367f6f2d293b80b18da84d587e86382f] dmaengine: dw-edma: Fix unaligned 64bit access > git bisect bad 84e77e72367f6f2d293b80b18da84d587e86382f > # good: [eab8e585840f84c6a352eaab70e5495eda7ebb6f] drm/amd/display: Enable power gating before init_pipes > git bisect good eab8e585840f84c6a352eaab70e5495eda7ebb6f > # good: [cbdd7a33c533e03404d51071af1e056ce3716caf] dt-bindings: net: snps: remove duplicate name > git bisect good cbdd7a33c533e03404d51071af1e056ce3716caf > # good: [935745abcf4c695a18b9af3fbe295e322547a114] vfs: make sync_filesystem return errors from ->sync_fs > git bisect good 935745abcf4c695a18b9af3fbe295e322547a114 > # good: [ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728] net/sched: cls_u32: fix netns refcount changes in u32_change() > git bisect good ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728 > # bad: [9a4c63e7332c8303265e559a0b52acf9e3ab2148] ASoC: rk817: Use devm_clk_get() in rk817_platform_probe > git bisect bad 9a4c63e7332c8303265e559a0b52acf9e3ab2148 > # good: [236785649ad2e027ccdaa6ee888c4a5571473eb9] ALSA: hda/realtek: Add quirk for Clevo NP70PNP > git bisect good 236785649ad2e027ccdaa6ee888c4a5571473eb9 > # bad: [bc15442cc99f054f7b2703db147099b7fe6bba69] ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() > git bisect bad bc15442cc99f054f7b2703db147099b7fe6bba69 > # bad: [bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88] ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > git bisect bad bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88 > # first bad commit: [bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88] ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > ------------------------------------------------------------------------------- > > > -=-=-=-=-=-=-=-=-=-=-=- > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#50028): https://groups.io/g/kernelci-results/message/50028 > Mute This Topic: https://groups.io/mt/103768621/1131744 > Group Owner: kernelci-results+owner(a)groups.io > Unsubscribe: https://groups.io/g/kernelci-results/unsub [broonie(a)kernel.org] > -=-=-=-=-=-=-=-=-=-=-=- > >

1 year, 10 months

2
5
0 0

[PATCH 4.19.y 1/2] binder: fix race between mmput() and do_exit()

by Carlos Llamas

commit 9a9ab0d963621d9d12199df9817e66982582d5a5 upstream. Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mmap() | remove_vma() | fput() | In this case, the work of ____fput() from Task B is queued up in Task A as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup work gets executed. However, Task A instead sleep, waiting for a reply from Task B that never comes (it's dead). This means the binder_deferred_release() is blocked until an unrelated binder event forces Task A to go back to userspace. All the associated death notifications will also be delayed until then. In order to fix this use mmput_async() that will schedule the work in the corresponding mm->async_put_work WQ instead of Task A. Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20231201172212.1813387-4-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [cmllamas: fix trivial conflict with missing d8ed45c5dcd4.] Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 27950f901595..79cac74f0f1a 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -290,7 +290,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, } if (mm) { up_read(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return 0; @@ -325,7 +325,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, err_no_vma: if (mm) { up_read(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return vma ? -ENOMEM : -ESRCH; } base-commit: abc2dd6a248d443c27888aee13cfefd94c3f7407 prerequisite-patch-id: 040c7991c3b5fb63a9d12350a1400c91a057f7d5 -- 2.43.0.429.g432eaa2c6b-goog

1 year, 10 months

1
1
0 0

Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"

by Alex Deucher

Hi Greg, Sasha, Please cherry pick upstream commit 0f35b0a7b8fa ("Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"") to stable kernel 6.6.x and newer. This fixes a segfault in mixed graphics and compute workloads. Thanks, Alex

1 year, 10 months

2
1
0 0

Apply bad098d76835 to 6.6.y and 6.7.y

by Miguel Ojeda

Hi Greg and Sasha, Please consider applying commit bad098d76835 ("rust: Ignore preserve-most functions") to 6.6.y and 6.7.y (6.1.y does not need it since `__preserve_most` was introduced in 6.6). It fixes a build error with Rust + `CONFIG_LIST_HARDENED`. It should apply cleanly. Thanks! Cheers, Miguel

1 year, 10 months

2
1
0 0

[PATCH 6.1 000/100] 6.1.74-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.74 release. There are 100 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 20 Jan 2024 10:42:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.74-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.74-rc1 Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities James Clark <james.clark(a)arm.com> coresight: etm4x: Fix width of CCITMIN field LeoLiuoc <LeoLiu-oc(a)zhaoxin.com> PCI: Add ACS quirk for more Zhaoxin Root Ports Florian Eckert <fe(a)dev.tdt.de> leds: ledtrig-tty: Free allocated ttyname buffer on deactivate Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes device IDs and geometry Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes BAR details Guanghui Feng <guanghuifeng(a)linux.alibaba.com> uio: Fix use-after-free in uio_open Carlos Llamas <cmllamas(a)google.com> binder: fix comment on binder_alloc_new_buf() return value Carlos Llamas <cmllamas(a)google.com> binder: fix trivial typo of binder_free_buf_locked() Carlos Llamas <cmllamas(a)google.com> binder: fix use-after-free in shinker's callback Carlos Llamas <cmllamas(a)google.com> binder: use EPOLLERR from eventpoll.h Junxiao Bi <junxiao.bi(a)oracle.com> Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free ppace array on error in parse_dacl Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't allow O_TRUNC open on read-only share Alan Maguire <alan.maguire(a)oracle.com> bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 Martin Rodriguez Reboredo <yakoyoku(a)gmail.com> btf, scripts: Exclude Rust CUs with pahole Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-codec: Delay the codec device registration Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Tom Jason Schwanke <tom(a)catboys.cloud> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx Jani Nikula <jani.nikula(a)intel.com> drm/crtc: fix uninitialized variable use Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: fix return code check of of_property_match_string Sarannya S <quic_sarannya(a)quicinc.com> net: qrtr: ns: Return 0 if server port is not present Stefan Hajnoczi <stefanha(a)redhat.com> virtio_blk: fix snprintf truncation compiler warning Matthew Wilcox (Oracle) <willy(a)infradead.org> ida: Fix crash in ida_free when the bitmap is empty Patrick Rudolph <patrick.rudolph(a)9elements.com> pinctrl: cy8c95x0: Fix get_pincfg Patrick Rudolph <patrick.rudolph(a)9elements.com> pinctrl: cy8c95x0: Fix typo Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: get dprefclk ss info from integration info table Jensen Huang <jensenhuang(a)friendlyarm.com> i2c: rk3x: fix potential spinlock recursion on poll Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOB in smb2_dump_detail() Guilherme G. Piccoli <gpiccoli(a)igalia.com> HID: nintendo: Prevent divide-by-zero on code Mike Snitzer <snitzer(a)kernel.org> dm audit: fix Kconfig so DM_AUDIT depends on BLK_DEV_DM Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add new swapped-speakers quirk Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 Vishnu Sankar <vishnuocv(a)gmail.com> platform/x86: thinkpad_acpi: fix for incorrect fan reporting on some ThinkPad systems Ryan McClelland <rymcclel(a)gmail.com> HID: nintendo: fix initializer element is not constant error Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> kselftest: alsa: fixed a print formatting warning Luca Weiss <luca(a)z3ntu.xyz> Input: xpad - add Razer Wolverine V2 support Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: pcie: avoid a NULL pointer dereference Vineet Gupta <vgupta(a)kernel.org> ARC: fix spare error Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/scm: fix virtual vs physical address confusion Esther Shimanovich <eshimanovich(a)chromium.org> Input: i8042 - add nomux quirk for Acer P459-G2-M Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_GETID in translated mode Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning José Pekkarinen <jose.pekkarinen(a)foxhound.fi> Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1 Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix uaf issue when open the hist or hist_debug file Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> MIPS: dts: loongson: drop incorrect dwmac fallback compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> stmmac: dwmac-loongson: drop useless check for compatible fallback Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add size check when printing trace_marker output Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing Ye Bin <yebin10(a)huawei.com> jbd2: fix soft lockup in journal_finish_inode_data_buffers() Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Fix missing tablet-mode-switch events Judy Hsiao <judyhsiao(a)chromium.org> neighbour: Don't let neigh_forced_gc() disable preemption for long Ziqi Zhao <astrajoan(a)yahoo.com> drm/crtc: Fix uninit-value bug in drm_mode_setcrtc Zhang Yi <yi.zhang(a)huawei.com> jbd2: increase the journal IO's priority Zhang Yi <yi.zhang(a)huawei.com> jbd2: correct the printing of write_flags in jbd2_write_superblock() Weihao Li <cn.liweihao(a)gmail.com> clk: rockchip: rk3128: Fix HCLK_OTG gate register Chris Morgan <macromorgan(a)hotmail.com> clk: rockchip: rk3568: Add PLL rate for 292.5MHz Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: Preserve syscall nr across execve() Armin Wolf <W_Armin(a)gmx.de> hwmon: (corsair-psu) Fix probe when built-in Inki Dae <inki.dae(a)samsung.com> drm/exynos: fix a wrong error checking Xiang Yang <xiangyang3(a)huawei.com> drm/exynos: fix a potential error pointer dereference Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add NULL checks for function pointers Stefan Wiehler <stefan.wiehler(a)nokia.com> mips/smp: Call rcutree_report_cpu_starting() earlier Rob Herring <robh(a)kernel.org> arm64: dts: rockchip: Fix PCI node addresses on rk3399-gru Nitesh Shetty <nj.shetty(a)samsung.com> nvme: prevent potential spectre v1 gadget Keith Busch <kbusch(a)kernel.org> nvme: introduce helper function to get ctrl state Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: ops: add correct range check for limiting volume David Rau <David.Rau.opensource(a)dm.renesas.com> ASoC: da7219: Support low DC impedance headset Thinh Tran <thinhtr(a)linux.vnet.ibm.com> net/tg3: fix race condition in tg3_reset_task() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: hdac_hda: Conditionally register dais for HDMI and Analog Jeremy Soller <jeremy(a)system76.com> ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 Dave Airlie <airlied(a)redhat.com> nouveau/tu102: flush all pdbs on vmm flush Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: skl_hda_dsp_generic: Drop HDMI routes when HDMI is not available Shuming Fan <shumingf(a)realtek.com> ASoC: rt5650: add mutex to avoid the jack detection failure Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix incorrect frame delay configuration Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix the position of const qualifier Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: mem leak in skl register function David Lin <CTLIN0(a)nuvoton.com> ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: Fix mem leak in few functions Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix rk356x pcie msg interrupt name Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: wm8974: Correct boost mixer inputs Yicong Yang <yangyicong(a)hisilicon.com> hwtracing: hisi_ptt: Don't try to attach a task Yicong Yang <yangyicong(a)hisilicon.com> hwtracing: hisi_ptt: Handle the interrupt in hardirq context Keith Busch <kbusch(a)kernel.org> nvme-core: check for too small lba shift Ming Lei <ming.lei(a)redhat.com> blk-mq: don't count completed flush data request as inflight in case of quiesce Dmitry Antipov <dmantipov(a)yandex.ru> smb: client, common: fix fortify warnings Lu Yao <yaolu(a)kylinos.cn> drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: update dcn315 lpddr pstate latency Maurizio Lombardi <mlombard(a)redhat.com> nvme-core: fix a memory leak in nvme_ns_info_from_identify() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format Johannes Berg <johannes.berg(a)intel.com> debugfs: fix automount d_fsdata usage Ben Greear <greearb(a)candelatech.com> wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap Michael-CY Lee <michael-cy.lee(a)mediatek.com> wifi: avoid offset calculation on NULL pointer Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: lock wiphy mutex for rfkill poll Edward Adam Davis <eadavis(a)qq.com> mptcp: fix uninit-value in mptcp_incoming_options Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro Charles Keepax <ckeepax(a)opensource.cirrus.com> pinctrl: lochnagar: Don't build on MIPS Eric Biggers <ebiggers(a)google.com> f2fs: explicitly null-terminate the xattr list ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/signal.c | 6 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- .../boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 3 +- .../boot/dts/rockchip/rk3399-gru-scarlet-dumo.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 +- arch/loongarch/include/asm/elf.h | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 3 +- arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 3 +- arch/mips/kernel/smp.c | 4 +- block/blk-mq.c | 14 +++- drivers/acpi/resource.c | 7 ++ drivers/android/binder.c | 2 +- drivers/android/binder_alloc.c | 10 ++- drivers/block/virtio_blk.c | 8 +- drivers/clk/rockchip/clk-rk3128.c | 2 +- drivers/clk/rockchip/clk-rk3568.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 6 ++ drivers/gpu/drm/amd/amdgpu/soc15.c | 12 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 19 +++-- .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 8 +- .../amd/display/include/grph_object_ctrl_defs.h | 2 + drivers/gpu/drm/drm_crtc.c | 8 +- drivers/gpu/drm/exynos/exynos_drm_dma.c | 8 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmmtu102.c | 2 +- drivers/hid/hid-nintendo.c | 71 +++++++++------- drivers/hwmon/corsair-psu.c | 18 +++- drivers/hwtracing/coresight/coresight-etm4x.h | 2 +- drivers/hwtracing/ptt/hisi_ptt.c | 9 +- drivers/i2c/busses/i2c-rk3x.c | 13 ++- drivers/input/joystick/xpad.c | 1 + drivers/input/keyboard/atkbd.c | 46 +++++++++- drivers/input/mouse/synaptics.c | 1 + drivers/input/serio/i8042-acpipnpio.h | 8 ++ drivers/leds/trigger/ledtrig-tty.c | 4 + drivers/md/Kconfig | 1 + drivers/md/raid5.c | 12 --- drivers/net/ethernet/broadcom/tg3.c | 11 ++- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 5 -- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +- drivers/nvme/host/core.c | 12 ++- drivers/nvme/host/nvme.h | 5 ++ drivers/nvme/target/configfs.c | 3 + drivers/parport/parport_serial.c | 64 ++++++++++++++ drivers/pci/quirks.c | 8 +- drivers/pinctrl/cirrus/Kconfig | 3 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 4 +- drivers/platform/x86/intel/vbtn.c | 19 ++++- drivers/platform/x86/thinkpad_acpi.c | 98 +++++++++++++++++++--- drivers/reset/hisilicon/hi6220_reset.c | 2 +- drivers/s390/block/scm_blk.c | 7 +- drivers/uio/uio.c | 7 +- fs/debugfs/file.c | 8 ++ fs/debugfs/inode.c | 27 ++++-- fs/debugfs/internal.h | 10 ++- fs/f2fs/xattr.c | 6 ++ fs/jbd2/commit.c | 10 ++- fs/jbd2/journal.c | 24 +++--- fs/smb/client/cifspdu.h | 24 +++--- fs/smb/client/cifssmb.c | 6 +- fs/smb/client/smb2misc.c | 30 +++---- fs/smb/client/smb2ops.c | 6 +- fs/smb/client/smb2pdu.c | 8 +- fs/smb/client/smb2pdu.h | 16 ++-- fs/smb/common/smb2pdu.h | 17 ++-- fs/smb/server/smb2pdu.c | 23 ++--- fs/smb/server/smbacl.c | 11 ++- include/linux/ieee80211.h | 4 +- include/linux/jbd2.h | 3 + init/Kconfig | 2 +- kernel/trace/ring_buffer.c | 6 ++ kernel/trace/trace.c | 12 ++- kernel/trace/trace.h | 1 + kernel/trace/trace_events_hist.c | 12 ++- kernel/trace/trace_output.c | 6 +- lib/Kconfig.debug | 9 ++ lib/idr.c | 2 +- lib/test_ida.c | 40 +++++++++ net/core/neighbour.c | 9 +- net/mac80211/ht.c | 1 + net/mptcp/options.c | 1 + net/qrtr/ns.c | 4 +- net/wireless/core.c | 2 + scripts/decode_stacktrace.sh | 19 ++++- scripts/pahole-flags.sh | 7 ++ sound/hda/intel-nhlt.c | 33 +++++++- sound/pci/hda/patch_realtek.c | 16 +++- sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/codecs/cs43130.c | 6 +- sound/soc/codecs/da7219-aad.c | 2 +- sound/soc/codecs/hdac_hda.c | 23 ++++- sound/soc/codecs/nau8822.c | 9 +- sound/soc/codecs/rt5645.c | 10 ++- sound/soc/codecs/wm8974.c | 6 +- sound/soc/intel/boards/bytcr_rt5640.c | 31 +++++-- sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/skylake/skl-pcm.c | 9 +- sound/soc/intel/skylake/skl-sst-ipc.c | 4 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/intel/hda-codec.c | 18 ++-- tools/testing/selftests/alsa/mixer-test.c | 2 +- 103 files changed, 843 insertions(+), 286 deletions(-)

1 year, 10 months

14
119
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2024