January 2024 - Linux-stable-mirror

[PATCH 5.10/5.15 0/1] kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list

by Fedor Pchelkin

The `WARNING in kprobe_optimizer` is reproduced on 5.10/5.15 stable branches. The problem ([1], link included in original commit description) has been fixed by the following patch which can be cleanly applied to 5.10/5.15. The fix is already present in all stable branches starting from 6.1. Link to the "failed to apply to 5.15" report [2]. Link to the "failed to apply to 5.10" report [3]. [1]: https://lore.kernel.org/all/Y8URdIfVr3pq2X8w@xpf.sh.intel.com/ [2]: https://lore.kernel.org/stable/16781827629218@kroah.com/ [3]: https://lore.kernel.org/stable/16781827635613@kroah.com/

1 year, 1 month

2
2
0 0

[PATCH stable 5.15] bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25

by Jiri Olsa

From: Alan Maguire <alan.maguire(a)oracle.com> commit 7b99f75942da332e3f4f865e55a10fec95a30d4f upstream. [ small context conflict because of not backported --lang_exclude=rust option, which is not needed in 5.15 ] v1.25 of pahole supports filtering out functions with multiple inconsistent function prototypes or optimized-out parameters from the BTF representation. These present problems because there is no additional info in BTF saying which inconsistent prototype matches which function instance to help guide attachment, and functions with optimized-out parameters can lead to incorrect assumptions about register contents. So for now, filter out such functions while adding BTF representations for functions that have "."-suffixes (foo.isra.0) but not optimized-out parameters. This patch assumes that below linked changes land in pahole for v1.25. Issues with pahole filtering being too aggressive in removing functions appear to be resolved now, but CI and further testing will confirm. Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20230510130241.1696561-1-alan.maguire@oracle.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> --- scripts/pahole-flags.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh index d38fa6d84d62..5c724f697100 100755 --- a/scripts/pahole-flags.sh +++ b/scripts/pahole-flags.sh @@ -20,5 +20,8 @@ fi if [ "${pahole_ver}" -ge "124" ]; then extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64" fi +if [ "${pahole_ver}" -ge "125" ]; then + extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_inconsistent_proto --btf_gen_optimized" +fi echo ${extra_paholeopt} -- 2.43.0

1 year, 1 month

2
1
0 0

Re: kernelci/kernelci.org bisection: baseline-nfs.bootrr.deferred-probe-empty on at91sam9g20ek

by Mark Brown

On Tue, Jan 16, 2024 at 10:25:28AM -0800, KernelCI bot wrote: The KernelCI bisection bot has identified bc7d0133181e5f33aca ("ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek") from the v5.15 stable tree as causing something to fail to probe on at91sam9g20ek, most likely the audio driver though I didn't pull the logs to verify. The commit isn't a particularly obvious one for backporting. Full bisection report below. > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * This automated bisection report was sent to you on the basis * > * that you may be involved with the breaking commit it has * > * found. No manual investigation has been done to verify it, * > * and the root cause of the problem may be somewhere else. * > * * > * If you do send a fix, please include this trailer: * > * Reported-by: "kernelci.org bot" <bot(a)kernelci.org> * > * * > * Hope this helps! * > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > > kernelci/kernelci.org bisection: baseline-nfs.bootrr.deferred-probe-empty on at91sam9g20ek > > Summary: > Start: bd7e92d593935 kernelci-20240116.0 > Plain log: https://storage.kernelci.org/kernelci/kernelci.org/kernelci-20240116.0/arm/… > HTML log: https://storage.kernelci.org/kernelci/kernelci.org/kernelci-20240116.0/arm/… > Result: bc7d0133181e5 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > > Checks: > revert: PASS > verify: PASS > > Parameters: > Tree: kernelci > URL: https://github.com/kernelci/linux.git > Branch: kernelci.org > Target: at91sam9g20ek > CPU arch: arm > Lab: lab-broonie > Compiler: gcc-10 > Config: multi_v5_defconfig > Test case: baseline-nfs.bootrr.deferred-probe-empty > > Breaking commit found: > > ------------------------------------------------------------------------------- > commit bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88 > Author: Mark Brown <broonie(a)kernel.org> > Date: Fri Mar 25 15:42:39 2022 +0000 > > ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > > [ Upstream commit c775cbf62ed4911e4f0f23880f01815753123690 ] > > The MCLK of the WM8731 on the AT91SAM9G20-EK board is connected to the > PCK0 output of the SoC, intended in the reference software to be supplied > using PLLB and programmed to 12MHz. As originally written for use with a > board file the audio driver was responsible for configuring the entire tree > but in the conversion to the common clock framework the registration of > the named pck0 and pllb clocks was removed so the driver has failed to > instantiate ever since. > > Since the WM8731 driver has had support for managing a MCLK provided via > the common clock framework for some time we can simply drop all the clock > management code from the machine driver other than configuration of the > sysclk rate, the CODEC driver still respects that configuration from the > machine driver. > > Fixes: ff78a189b0ae55f ("ARM: at91: remove old at91-specific clock driver") > Signed-off-by: Mark Brown <broonie(a)kernel.org> > Reviewed-by: Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> > Link: https://lore.kernel.org/r/20220325154241.1600757-2-broonie@kernel.org > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/sound/soc/atmel/sam9g20_wm8731.c b/sound/soc/atmel/sam9g20_wm8731.c > index 8a55d59a6c2aa..d243de5f23dc1 100644 > --- a/sound/soc/atmel/sam9g20_wm8731.c > +++ b/sound/soc/atmel/sam9g20_wm8731.c > @@ -46,35 +46,6 @@ > */ > #undef ENABLE_MIC_INPUT > > -static struct clk *mclk; > - > -static int at91sam9g20ek_set_bias_level(struct snd_soc_card *card, > - struct snd_soc_dapm_context *dapm, > - enum snd_soc_bias_level level) > -{ > - static int mclk_on; > - int ret = 0; > - > - switch (level) { > - case SND_SOC_BIAS_ON: > - case SND_SOC_BIAS_PREPARE: > - if (!mclk_on) > - ret = clk_enable(mclk); > - if (ret == 0) > - mclk_on = 1; > - break; > - > - case SND_SOC_BIAS_OFF: > - case SND_SOC_BIAS_STANDBY: > - if (mclk_on) > - clk_disable(mclk); > - mclk_on = 0; > - break; > - } > - > - return ret; > -} > - > static const struct snd_soc_dapm_widget at91sam9g20ek_dapm_widgets[] = { > SND_SOC_DAPM_MIC("Int Mic", NULL), > SND_SOC_DAPM_SPK("Ext Spk", NULL), > @@ -135,7 +106,6 @@ static struct snd_soc_card snd_soc_at91sam9g20ek = { > .owner = THIS_MODULE, > .dai_link = &at91sam9g20ek_dai, > .num_links = 1, > - .set_bias_level = at91sam9g20ek_set_bias_level, > > .dapm_widgets = at91sam9g20ek_dapm_widgets, > .num_dapm_widgets = ARRAY_SIZE(at91sam9g20ek_dapm_widgets), > @@ -148,7 +118,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > { > struct device_node *np = pdev->dev.of_node; > struct device_node *codec_np, *cpu_np; > - struct clk *pllb; > struct snd_soc_card *card = &snd_soc_at91sam9g20ek; > int ret; > > @@ -162,31 +131,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > return -EINVAL; > } > > - /* > - * Codec MCLK is supplied by PCK0 - set it up. > - */ > - mclk = clk_get(NULL, "pck0"); > - if (IS_ERR(mclk)) { > - dev_err(&pdev->dev, "Failed to get MCLK\n"); > - ret = PTR_ERR(mclk); > - goto err; > - } > - > - pllb = clk_get(NULL, "pllb"); > - if (IS_ERR(pllb)) { > - dev_err(&pdev->dev, "Failed to get PLLB\n"); > - ret = PTR_ERR(pllb); > - goto err_mclk; > - } > - ret = clk_set_parent(mclk, pllb); > - clk_put(pllb); > - if (ret != 0) { > - dev_err(&pdev->dev, "Failed to set MCLK parent\n"); > - goto err_mclk; > - } > - > - clk_set_rate(mclk, MCLK_RATE); > - > card->dev = &pdev->dev; > > /* Parse device node info */ > @@ -230,9 +174,6 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev) > > return ret; > > -err_mclk: > - clk_put(mclk); > - mclk = NULL; > err: > atmel_ssc_put_audio(0); > return ret; > @@ -242,8 +183,6 @@ static int at91sam9g20ek_audio_remove(struct platform_device *pdev) > { > struct snd_soc_card *card = platform_get_drvdata(pdev); > > - clk_disable(mclk); > - mclk = NULL; > snd_soc_unregister_card(card); > atmel_ssc_put_audio(0); > ------------------------------------------------------------------------------- > > > Git bisection log: > > ------------------------------------------------------------------------------- > git bisect start > # good: [8bb7eca972ad531c9b149c0a51ab43a417385813] Linux 5.15 > git bisect good 8bb7eca972ad531c9b149c0a51ab43a417385813 > # bad: [bd7e92d593935dd5324b1a129a4753ab866fa8fc] kernelci-20240116.0 > git bisect bad bd7e92d593935dd5324b1a129a4753ab866fa8fc > # bad: [5a7a5b2edac4b05abd744eeaebda46d9dacd952d] drm/radeon: add a force flush to delay work when radeon > git bisect bad 5a7a5b2edac4b05abd744eeaebda46d9dacd952d > # good: [157a22ca80c50f64c495767331045d501c9ff013] staging:iio:adc:ad7280a: Fix handing of device address bit reversing. > git bisect good 157a22ca80c50f64c495767331045d501c9ff013 > # bad: [e0199ce728fb98a96a20136a5edb11c160d3151f] drm/amd/pm: Fix missing thermal throttler status > git bisect bad e0199ce728fb98a96a20136a5edb11c160d3151f > # bad: [fa189827f00c67b8ac2c396ee79d767c6a9ad6b9] netlink: do not reset transport header in netlink_recvmsg() > git bisect bad fa189827f00c67b8ac2c396ee79d767c6a9ad6b9 > # good: [56e44ff13d841cbb8638e7ec7759240a556752cd] ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error > git bisect good 56e44ff13d841cbb8638e7ec7759240a556752cd > # bad: [858d93280e83561997cc06f5318ac22464d2bae0] serial: imx: fix overrun interrupts in DMA mode > git bisect bad 858d93280e83561997cc06f5318ac22464d2bae0 > # bad: [84e77e72367f6f2d293b80b18da84d587e86382f] dmaengine: dw-edma: Fix unaligned 64bit access > git bisect bad 84e77e72367f6f2d293b80b18da84d587e86382f > # good: [eab8e585840f84c6a352eaab70e5495eda7ebb6f] drm/amd/display: Enable power gating before init_pipes > git bisect good eab8e585840f84c6a352eaab70e5495eda7ebb6f > # good: [cbdd7a33c533e03404d51071af1e056ce3716caf] dt-bindings: net: snps: remove duplicate name > git bisect good cbdd7a33c533e03404d51071af1e056ce3716caf > # good: [935745abcf4c695a18b9af3fbe295e322547a114] vfs: make sync_filesystem return errors from ->sync_fs > git bisect good 935745abcf4c695a18b9af3fbe295e322547a114 > # good: [ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728] net/sched: cls_u32: fix netns refcount changes in u32_change() > git bisect good ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728 > # bad: [9a4c63e7332c8303265e559a0b52acf9e3ab2148] ASoC: rk817: Use devm_clk_get() in rk817_platform_probe > git bisect bad 9a4c63e7332c8303265e559a0b52acf9e3ab2148 > # good: [236785649ad2e027ccdaa6ee888c4a5571473eb9] ALSA: hda/realtek: Add quirk for Clevo NP70PNP > git bisect good 236785649ad2e027ccdaa6ee888c4a5571473eb9 > # bad: [bc15442cc99f054f7b2703db147099b7fe6bba69] ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() > git bisect bad bc15442cc99f054f7b2703db147099b7fe6bba69 > # bad: [bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88] ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > git bisect bad bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88 > # first bad commit: [bc7d0133181e5f33ac33ca4f6bb2bce876c8ad88] ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek > ------------------------------------------------------------------------------- > > > -=-=-=-=-=-=-=-=-=-=-=- > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#50028): https://groups.io/g/kernelci-results/message/50028 > Mute This Topic: https://groups.io/mt/103768621/1131744 > Group Owner: kernelci-results+owner(a)groups.io > Unsubscribe: https://groups.io/g/kernelci-results/unsub [broonie(a)kernel.org] > -=-=-=-=-=-=-=-=-=-=-=- > >

1 year, 1 month

2
5
0 0

[PATCH 4.19.y 1/2] binder: fix race between mmput() and do_exit()

by Carlos Llamas

commit 9a9ab0d963621d9d12199df9817e66982582d5a5 upstream. Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mmap() | remove_vma() | fput() | In this case, the work of ____fput() from Task B is queued up in Task A as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup work gets executed. However, Task A instead sleep, waiting for a reply from Task B that never comes (it's dead). This means the binder_deferred_release() is blocked until an unrelated binder event forces Task A to go back to userspace. All the associated death notifications will also be delayed until then. In order to fix this use mmput_async() that will schedule the work in the corresponding mm->async_put_work WQ instead of Task A. Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20231201172212.1813387-4-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [cmllamas: fix trivial conflict with missing d8ed45c5dcd4.] Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 27950f901595..79cac74f0f1a 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -290,7 +290,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, } if (mm) { up_read(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return 0; @@ -325,7 +325,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, err_no_vma: if (mm) { up_read(&mm->mmap_sem); - mmput(mm); + mmput_async(mm); } return vma ? -ENOMEM : -ESRCH; } base-commit: abc2dd6a248d443c27888aee13cfefd94c3f7407 prerequisite-patch-id: 040c7991c3b5fb63a9d12350a1400c91a057f7d5 -- 2.43.0.429.g432eaa2c6b-goog

1 year, 1 month

1
1
0 0

Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"

by Alex Deucher

Hi Greg, Sasha, Please cherry pick upstream commit 0f35b0a7b8fa ("Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"") to stable kernel 6.6.x and newer. This fixes a segfault in mixed graphics and compute workloads. Thanks, Alex

1 year, 1 month

2
1
0 0

Apply bad098d76835 to 6.6.y and 6.7.y

by Miguel Ojeda

Hi Greg and Sasha, Please consider applying commit bad098d76835 ("rust: Ignore preserve-most functions") to 6.6.y and 6.7.y (6.1.y does not need it since `__preserve_most` was introduced in 6.6). It fixes a build error with Rust + `CONFIG_LIST_HARDENED`. It should apply cleanly. Thanks! Cheers, Miguel

1 year, 1 month

2
1
0 0

[PATCH 6.1 000/100] 6.1.74-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.74 release. There are 100 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 20 Jan 2024 10:42:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.74-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.74-rc1 Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities James Clark <james.clark(a)arm.com> coresight: etm4x: Fix width of CCITMIN field LeoLiuoc <LeoLiu-oc(a)zhaoxin.com> PCI: Add ACS quirk for more Zhaoxin Root Ports Florian Eckert <fe(a)dev.tdt.de> leds: ledtrig-tty: Free allocated ttyname buffer on deactivate Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes device IDs and geometry Cameron Williams <cang1(a)live.co.uk> parport: parport_serial: Add Brainboxes BAR details Guanghui Feng <guanghuifeng(a)linux.alibaba.com> uio: Fix use-after-free in uio_open Carlos Llamas <cmllamas(a)google.com> binder: fix comment on binder_alloc_new_buf() return value Carlos Llamas <cmllamas(a)google.com> binder: fix trivial typo of binder_free_buf_locked() Carlos Llamas <cmllamas(a)google.com> binder: fix use-after-free in shinker's callback Carlos Llamas <cmllamas(a)google.com> binder: use EPOLLERR from eventpoll.h Junxiao Bi <junxiao.bi(a)oracle.com> Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free ppace array on error in parse_dacl Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't allow O_TRUNC open on read-only share Alan Maguire <alan.maguire(a)oracle.com> bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 Martin Rodriguez Reboredo <yakoyoku(a)gmail.com> btf, scripts: Exclude Rust CUs with pahole Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-codec: Delay the codec device registration Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Tom Jason Schwanke <tom(a)catboys.cloud> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx Jani Nikula <jani.nikula(a)intel.com> drm/crtc: fix uninitialized variable use Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: fix return code check of of_property_match_string Sarannya S <quic_sarannya(a)quicinc.com> net: qrtr: ns: Return 0 if server port is not present Stefan Hajnoczi <stefanha(a)redhat.com> virtio_blk: fix snprintf truncation compiler warning Matthew Wilcox (Oracle) <willy(a)infradead.org> ida: Fix crash in ida_free when the bitmap is empty Patrick Rudolph <patrick.rudolph(a)9elements.com> pinctrl: cy8c95x0: Fix get_pincfg Patrick Rudolph <patrick.rudolph(a)9elements.com> pinctrl: cy8c95x0: Fix typo Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: get dprefclk ss info from integration info table Jensen Huang <jensenhuang(a)friendlyarm.com> i2c: rk3x: fix potential spinlock recursion on poll Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOB in smb2_dump_detail() Guilherme G. Piccoli <gpiccoli(a)igalia.com> HID: nintendo: Prevent divide-by-zero on code Mike Snitzer <snitzer(a)kernel.org> dm audit: fix Kconfig so DM_AUDIT depends on BLK_DEV_DM Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add new swapped-speakers quirk Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 Vishnu Sankar <vishnuocv(a)gmail.com> platform/x86: thinkpad_acpi: fix for incorrect fan reporting on some ThinkPad systems Ryan McClelland <rymcclel(a)gmail.com> HID: nintendo: fix initializer element is not constant error Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> kselftest: alsa: fixed a print formatting warning Luca Weiss <luca(a)z3ntu.xyz> Input: xpad - add Razer Wolverine V2 support Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: pcie: avoid a NULL pointer dereference Vineet Gupta <vgupta(a)kernel.org> ARC: fix spare error Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/scm: fix virtual vs physical address confusion Esther Shimanovich <eshimanovich(a)chromium.org> Input: i8042 - add nomux quirk for Acer P459-G2-M Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_GETID in translated mode Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning José Pekkarinen <jose.pekkarinen(a)foxhound.fi> Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1 Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix uaf issue when open the hist or hist_debug file Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> MIPS: dts: loongson: drop incorrect dwmac fallback compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> stmmac: dwmac-loongson: drop useless check for compatible fallback Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add size check when printing trace_marker output Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing Ye Bin <yebin10(a)huawei.com> jbd2: fix soft lockup in journal_finish_inode_data_buffers() Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Fix missing tablet-mode-switch events Judy Hsiao <judyhsiao(a)chromium.org> neighbour: Don't let neigh_forced_gc() disable preemption for long Ziqi Zhao <astrajoan(a)yahoo.com> drm/crtc: Fix uninit-value bug in drm_mode_setcrtc Zhang Yi <yi.zhang(a)huawei.com> jbd2: increase the journal IO's priority Zhang Yi <yi.zhang(a)huawei.com> jbd2: correct the printing of write_flags in jbd2_write_superblock() Weihao Li <cn.liweihao(a)gmail.com> clk: rockchip: rk3128: Fix HCLK_OTG gate register Chris Morgan <macromorgan(a)hotmail.com> clk: rockchip: rk3568: Add PLL rate for 292.5MHz Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: Preserve syscall nr across execve() Armin Wolf <W_Armin(a)gmx.de> hwmon: (corsair-psu) Fix probe when built-in Inki Dae <inki.dae(a)samsung.com> drm/exynos: fix a wrong error checking Xiang Yang <xiangyang3(a)huawei.com> drm/exynos: fix a potential error pointer dereference Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add NULL checks for function pointers Stefan Wiehler <stefan.wiehler(a)nokia.com> mips/smp: Call rcutree_report_cpu_starting() earlier Rob Herring <robh(a)kernel.org> arm64: dts: rockchip: Fix PCI node addresses on rk3399-gru Nitesh Shetty <nj.shetty(a)samsung.com> nvme: prevent potential spectre v1 gadget Keith Busch <kbusch(a)kernel.org> nvme: introduce helper function to get ctrl state Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: ops: add correct range check for limiting volume David Rau <David.Rau.opensource(a)dm.renesas.com> ASoC: da7219: Support low DC impedance headset Thinh Tran <thinhtr(a)linux.vnet.ibm.com> net/tg3: fix race condition in tg3_reset_task() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: hdac_hda: Conditionally register dais for HDMI and Analog Jeremy Soller <jeremy(a)system76.com> ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 Dave Airlie <airlied(a)redhat.com> nouveau/tu102: flush all pdbs on vmm flush Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: skl_hda_dsp_generic: Drop HDMI routes when HDMI is not available Shuming Fan <shumingf(a)realtek.com> ASoC: rt5650: add mutex to avoid the jack detection failure Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix incorrect frame delay configuration Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs43130: Fix the position of const qualifier Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: mem leak in skl register function David Lin <CTLIN0(a)nuvoton.com> ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 Kamil Duljas <kamil.duljas(a)gmail.com> ASoC: Intel: Skylake: Fix mem leak in few functions Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix rk356x pcie msg interrupt name Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: wm8974: Correct boost mixer inputs Yicong Yang <yangyicong(a)hisilicon.com> hwtracing: hisi_ptt: Don't try to attach a task Yicong Yang <yangyicong(a)hisilicon.com> hwtracing: hisi_ptt: Handle the interrupt in hardirq context Keith Busch <kbusch(a)kernel.org> nvme-core: check for too small lba shift Ming Lei <ming.lei(a)redhat.com> blk-mq: don't count completed flush data request as inflight in case of quiesce Dmitry Antipov <dmantipov(a)yandex.ru> smb: client, common: fix fortify warnings Lu Yao <yaolu(a)kylinos.cn> drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: update dcn315 lpddr pstate latency Maurizio Lombardi <mlombard(a)redhat.com> nvme-core: fix a memory leak in nvme_ns_info_from_identify() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format Johannes Berg <johannes.berg(a)intel.com> debugfs: fix automount d_fsdata usage Ben Greear <greearb(a)candelatech.com> wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap Michael-CY Lee <michael-cy.lee(a)mediatek.com> wifi: avoid offset calculation on NULL pointer Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: lock wiphy mutex for rfkill poll Edward Adam Davis <eadavis(a)qq.com> mptcp: fix uninit-value in mptcp_incoming_options Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro Charles Keepax <ckeepax(a)opensource.cirrus.com> pinctrl: lochnagar: Don't build on MIPS Eric Biggers <ebiggers(a)google.com> f2fs: explicitly null-terminate the xattr list ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/signal.c | 6 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- .../boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 3 +- .../boot/dts/rockchip/rk3399-gru-scarlet-dumo.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 2 +- arch/loongarch/include/asm/elf.h | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 3 +- arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 3 +- arch/mips/kernel/smp.c | 4 +- block/blk-mq.c | 14 +++- drivers/acpi/resource.c | 7 ++ drivers/android/binder.c | 2 +- drivers/android/binder_alloc.c | 10 ++- drivers/block/virtio_blk.c | 8 +- drivers/clk/rockchip/clk-rk3128.c | 2 +- drivers/clk/rockchip/clk-rk3568.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 6 ++ drivers/gpu/drm/amd/amdgpu/soc15.c | 12 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 19 +++-- .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 8 +- .../amd/display/include/grph_object_ctrl_defs.h | 2 + drivers/gpu/drm/drm_crtc.c | 8 +- drivers/gpu/drm/exynos/exynos_drm_dma.c | 8 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmmtu102.c | 2 +- drivers/hid/hid-nintendo.c | 71 +++++++++------- drivers/hwmon/corsair-psu.c | 18 +++- drivers/hwtracing/coresight/coresight-etm4x.h | 2 +- drivers/hwtracing/ptt/hisi_ptt.c | 9 +- drivers/i2c/busses/i2c-rk3x.c | 13 ++- drivers/input/joystick/xpad.c | 1 + drivers/input/keyboard/atkbd.c | 46 +++++++++- drivers/input/mouse/synaptics.c | 1 + drivers/input/serio/i8042-acpipnpio.h | 8 ++ drivers/leds/trigger/ledtrig-tty.c | 4 + drivers/md/Kconfig | 1 + drivers/md/raid5.c | 12 --- drivers/net/ethernet/broadcom/tg3.c | 11 ++- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 5 -- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +- drivers/nvme/host/core.c | 12 ++- drivers/nvme/host/nvme.h | 5 ++ drivers/nvme/target/configfs.c | 3 + drivers/parport/parport_serial.c | 64 ++++++++++++++ drivers/pci/quirks.c | 8 +- drivers/pinctrl/cirrus/Kconfig | 3 +- drivers/pinctrl/pinctrl-cy8c95x0.c | 4 +- drivers/platform/x86/intel/vbtn.c | 19 ++++- drivers/platform/x86/thinkpad_acpi.c | 98 +++++++++++++++++++--- drivers/reset/hisilicon/hi6220_reset.c | 2 +- drivers/s390/block/scm_blk.c | 7 +- drivers/uio/uio.c | 7 +- fs/debugfs/file.c | 8 ++ fs/debugfs/inode.c | 27 ++++-- fs/debugfs/internal.h | 10 ++- fs/f2fs/xattr.c | 6 ++ fs/jbd2/commit.c | 10 ++- fs/jbd2/journal.c | 24 +++--- fs/smb/client/cifspdu.h | 24 +++--- fs/smb/client/cifssmb.c | 6 +- fs/smb/client/smb2misc.c | 30 +++---- fs/smb/client/smb2ops.c | 6 +- fs/smb/client/smb2pdu.c | 8 +- fs/smb/client/smb2pdu.h | 16 ++-- fs/smb/common/smb2pdu.h | 17 ++-- fs/smb/server/smb2pdu.c | 23 ++--- fs/smb/server/smbacl.c | 11 ++- include/linux/ieee80211.h | 4 +- include/linux/jbd2.h | 3 + init/Kconfig | 2 +- kernel/trace/ring_buffer.c | 6 ++ kernel/trace/trace.c | 12 ++- kernel/trace/trace.h | 1 + kernel/trace/trace_events_hist.c | 12 ++- kernel/trace/trace_output.c | 6 +- lib/Kconfig.debug | 9 ++ lib/idr.c | 2 +- lib/test_ida.c | 40 +++++++++ net/core/neighbour.c | 9 +- net/mac80211/ht.c | 1 + net/mptcp/options.c | 1 + net/qrtr/ns.c | 4 +- net/wireless/core.c | 2 + scripts/decode_stacktrace.sh | 19 ++++- scripts/pahole-flags.sh | 7 ++ sound/hda/intel-nhlt.c | 33 +++++++- sound/pci/hda/patch_realtek.c | 16 +++- sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/codecs/cs43130.c | 6 +- sound/soc/codecs/da7219-aad.c | 2 +- sound/soc/codecs/hdac_hda.c | 23 ++++- sound/soc/codecs/nau8822.c | 9 +- sound/soc/codecs/rt5645.c | 10 ++- sound/soc/codecs/wm8974.c | 6 +- sound/soc/intel/boards/bytcr_rt5640.c | 31 +++++-- sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/skylake/skl-pcm.c | 9 +- sound/soc/intel/skylake/skl-sst-ipc.c | 4 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/intel/hda-codec.c | 18 ++-- tools/testing/selftests/alsa/mixer-test.c | 2 +- 103 files changed, 843 insertions(+), 286 deletions(-)

1 year, 1 month

14
119
0 0

[PATCH 5.10.y] binder: fix use-after-free in shinker's callback

by Carlos Llamas

commit 3f489c2067c5824528212b0fc18b28d51332d906 upstream. The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") the mmap lock is downgraded after the vma has been isolated. I was able to reproduce this issue by manually adding some delays and triggering page reclaiming through the shrinker's debug sysfs. The following KASAN report confirms the UAF: ================================================================== BUG: KASAN: slab-use-after-free in zap_page_range_single+0x470/0x4b8 Read of size 8 at addr ffff356ed50e50f0 by task bash/478 CPU: 1 PID: 478 Comm: bash Not tainted 6.6.0-rc5-00055-g1c8b86a3799f-dirty #70 Hardware name: linux,dummy-virt (DT) Call trace: zap_page_range_single+0x470/0x4b8 binder_alloc_free_page+0x608/0xadc __list_lru_walk_one+0x130/0x3b0 list_lru_walk_node+0xc4/0x22c binder_shrink_scan+0x108/0x1dc shrinker_debugfs_scan_write+0x2b4/0x500 full_proxy_write+0xd4/0x140 vfs_write+0x1ac/0x758 ksys_write+0xf0/0x1dc __arm64_sys_write+0x6c/0x9c Allocated by task 492: kmem_cache_alloc+0x130/0x368 vm_area_alloc+0x2c/0x190 mmap_region+0x258/0x18bc do_mmap+0x694/0xa60 vm_mmap_pgoff+0x170/0x29c ksys_mmap_pgoff+0x290/0x3a0 __arm64_sys_mmap+0xcc/0x144 Freed by task 491: kmem_cache_free+0x17c/0x3c8 vm_area_free_rcu_cb+0x74/0x98 rcu_core+0xa38/0x26d4 rcu_core_si+0x10/0x1c __do_softirq+0x2fc/0xd24 Last potentially related work creation: __call_rcu_common.constprop.0+0x6c/0xba0 call_rcu+0x10/0x1c vm_area_free+0x18/0x24 remove_vma+0xe4/0x118 do_vmi_align_munmap.isra.0+0x718/0xb5c do_vmi_munmap+0xdc/0x1fc __vm_munmap+0x10c/0x278 __arm64_sys_munmap+0x58/0x7c Fix this issue by performing instead a vma_lookup() which will fail to find the vma that was isolated before the mmap lock downgrade. Note that this option has better performance than upgrading to a mmap write lock which would increase contention. Plus, mmap_write_trylock() has been recently removed anyway. Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") Cc: stable(a)vger.kernel.org Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20231201172212.1813387-3-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [cmllamas: use find_vma() instead of vma_lookup() as commit ce6d42f2e4a2 is missing in v5.10. This only works because we check the vma against our cached alloc->vma pointer.] Signed-off-by: Carlos Llamas <cmllamas(a)google.com> (cherry picked from commit aaa8cde67eba56b3ebe8c2c155e896f9ccaa8bb7) --- drivers/android/binder_alloc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index b6bf9caaf1d1..61406bfa454b 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -1002,7 +1002,9 @@ enum lru_status binder_alloc_free_page(struct list_head *item, goto err_mmget; if (!mmap_read_trylock(mm)) goto err_mmap_read_lock_failed; - vma = binder_alloc_get_vma(alloc); + vma = find_vma(mm, page_addr); + if (vma && vma != binder_alloc_get_vma(alloc)) + goto err_invalid_vma; list_lru_isolate(lru, item); spin_unlock(lock); @@ -1028,6 +1030,8 @@ enum lru_status binder_alloc_free_page(struct list_head *item, mutex_unlock(&alloc->mutex); return LRU_REMOVED_RETRY; +err_invalid_vma: + mmap_read_unlock(mm); err_mmap_read_lock_failed: mmput_async(mm); err_mmget: -- 2.43.0.429.g432eaa2c6b-goog

1 year, 1 month

2
2
0 0

[git:media_stage/master] media: staging: ipu3-imgu: Set fields before media_entity_pads_init()

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Author: Hidenori Kobayashi <hidenorik(a)chromium.org> Date: Tue Jan 9 17:09:09 2024 +0900 The imgu driver fails to probe with the following message because it does not set the pad's flags before calling media_entity_pads_init(). [ 14.596315] ipu3-imgu 0000:00:05.0: failed initialize subdev media entity (-22) [ 14.596322] ipu3-imgu 0000:00:05.0: failed to register subdev0 ret (-22) [ 14.596327] ipu3-imgu 0000:00:05.0: failed to register pipes (-22) [ 14.596331] ipu3-imgu 0000:00:05.0: failed to create V4L2 devices (-22) Fix the initialization order so that the driver probe succeeds. The ops initialization is also moved together for readability. Fixes: a0ca1627b450 ("media: staging/intel-ipu3: Add v4l2 driver based on media framework") Cc: <stable(a)vger.kernel.org> # 6.7 Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Hidenori Kobayashi <hidenorik(a)chromium.org> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/staging/media/ipu3/ipu3-v4l2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- diff --git a/drivers/staging/media/ipu3/ipu3-v4l2.c b/drivers/staging/media/ipu3/ipu3-v4l2.c index a66f034380c0..3df58eb3e882 100644 --- a/drivers/staging/media/ipu3/ipu3-v4l2.c +++ b/drivers/staging/media/ipu3/ipu3-v4l2.c @@ -1069,6 +1069,11 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, struct imgu_media_pipe *imgu_pipe = &imgu->imgu_pipe[pipe]; /* Initialize subdev media entity */ + imgu_sd->subdev.entity.ops = &imgu_media_ops; + for (i = 0; i < IMGU_NODE_NUM; i++) { + imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? + MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; + } r = media_entity_pads_init(&imgu_sd->subdev.entity, IMGU_NODE_NUM, imgu_sd->subdev_pads); if (r) { @@ -1076,11 +1081,6 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, "failed initialize subdev media entity (%d)\n", r); return r; } - imgu_sd->subdev.entity.ops = &imgu_media_ops; - for (i = 0; i < IMGU_NODE_NUM; i++) { - imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? - MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; - } /* Initialize subdev */ v4l2_subdev_init(&imgu_sd->subdev, &imgu_subdev_ops); @@ -1177,15 +1177,15 @@ static int imgu_v4l2_node_setup(struct imgu_device *imgu, unsigned int pipe, } /* Initialize media entities */ + node->vdev_pad.flags = node->output ? + MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; + vdev->entity.ops = NULL; r = media_entity_pads_init(&vdev->entity, 1, &node->vdev_pad); if (r) { dev_err(dev, "failed initialize media entity (%d)\n", r); mutex_destroy(&node->lock); return r; } - node->vdev_pad.flags = node->output ? - MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; - vdev->entity.ops = NULL; /* Initialize vbq */ vbq->type = node->vdev_fmt.type;

1 year, 1 month

1
0
0 0

[PATCH AUTOSEL 4.19 01/23] f2fs: fix to check return value of f2fs_reserve_new_block()

by Sasha Levin

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 956fa1ddc132e028f3b7d4cf17e6bfc8cb36c7fd ] Let's check return value of f2fs_reserve_new_block() in do_recover_data() rather than letting it fails silently. Also refactoring check condition on return value of f2fs_reserve_new_block() as below: - trigger f2fs_bug_on() only for ENOSPC case; - use do-while statement to avoid redundant codes; Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/f2fs/recovery.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c index ad0486beee2c..fffc7a9de04b 100644 --- a/fs/f2fs/recovery.c +++ b/fs/f2fs/recovery.c @@ -548,7 +548,16 @@ static int do_recover_data(struct f2fs_sb_info *sbi, struct inode *inode, */ if (dest == NEW_ADDR) { f2fs_truncate_data_blocks_range(&dn, 1); - f2fs_reserve_new_block(&dn); + do { + err = f2fs_reserve_new_block(&dn); + if (err == -ENOSPC) { + f2fs_bug_on(sbi, 1); + break; + } + } while (err && + IS_ENABLED(CONFIG_F2FS_FAULT_INJECTION)); + if (err) + goto err; continue; } @@ -556,12 +565,14 @@ static int do_recover_data(struct f2fs_sb_info *sbi, struct inode *inode, if (f2fs_is_valid_blkaddr(sbi, dest, META_POR)) { if (src == NULL_ADDR) { - err = f2fs_reserve_new_block(&dn); - while (err && - IS_ENABLED(CONFIG_F2FS_FAULT_INJECTION)) + do { err = f2fs_reserve_new_block(&dn); - /* We should not get -ENOSPC */ - f2fs_bug_on(sbi, err); + if (err == -ENOSPC) { + f2fs_bug_on(sbi, 1); + break; + } + } while (err && + IS_ENABLED(CONFIG_F2FS_FAULT_INJECTION)); if (err) goto err; } -- 2.43.0

1 year, 1 month

1
22
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2024