March 2024 - Linux-stable-mirror

[merged mm-stable] mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been removed from the -mm tree. Its filename was mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Wed, 6 Mar 2024 14:03:56 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_l * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

1 year, 7 months

1
0
0 0

+ mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been added to the -mm mm-unstable branch. Its filename is mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Wed, 6 Mar 2024 14:03:56 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was not free. This isn't present in get_swap_device() because it doesn't make sense in general due to the race between getting the reference and swapoff. So I've added an equivalent check directly in free_swap_and_cache(). Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1232,6 +1232,11 @@ static unsigned char __swap_entry_free_l * with get_swap_device() and put_swap_device(), unless the swap * functions call get/put_swap_device() by themselves. * + * Note that when only holding the PTL, swapoff might succeed immediately + * after freeing a swap entry. Therefore, immediately after + * __swap_entry_free(), the swap info might become stale and should not + * be touched without a prior get_swap_device(). + * * Check whether swap entry is valid in the swap device. If so, * return pointer to swap_info_struct, and keep the swap entry valid * via preventing the swap device from being swapoff, until @@ -1609,13 +1614,19 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) { + put_swap_device(p); + return 0; + } + count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch

1 year, 7 months

1
0
0 0

[PATCH 6.1 000/215] 6.1.81-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.81 release. There are 215 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.81-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.81-rc1 Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Ard Biesheuvel <ardb+git(a)google.com> efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Ard Biesheuvel <ardb+git(a)google.com> x86/boot: efistub: Assign global boot_params variable Ard Biesheuvel <ardb+git(a)google.com> x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb+git(a)google.com> efi/x86: Avoid physical KASLR on older Dell systems Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Avoid legacy decompressor when doing EFI boot Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Perform SNP feature test while running in the firmware Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Prefer EFI memory attributes protocol over DXE services Ard Biesheuvel <ardb+git(a)google.com> x86/decompressor: Factor out kernel decompression and relocation Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Perform 4/5 level paging switch from the stub Ard Biesheuvel <ardb+git(a)google.com> efi/libstub: Add limit argument to efi_random_alloc() Ard Biesheuvel <ardb+git(a)google.com> efi/libstub: Add memory attribute protocol definitions Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Clear BSS in EFI handover protocol entrypoint Ard Biesheuvel <ardb+git(a)google.com> x86/decompressor: Avoid magic offsets for EFI handover entrypoint Ard Biesheuvel <ardb+git(a)google.com> x86/efistub: Simplify and clean up handover entry code Ard Biesheuvel <ardb+git(a)google.com> efi: efivars: prevent double registration Ard Biesheuvel <ardb+git(a)google.com> arm64: efi: Limit allocations to 48-bit addressable physical region Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Ard Biesheuvel <ardb(a)kernel.org> decompress: Use 8 byte alignment Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Move global symbol references to C code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Merge trampoline cleanup with switching code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Pass pgtable address to trampoline directly Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Only call the trampoline when changing paging levels Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Call trampoline directly from C code Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Avoid the need for a stack in the 32-bit trampoline Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Use standard calling convention for trampoline Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Call trampoline as a normal function Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Assign paging related global variables earlier Ard Biesheuvel <ardb(a)kernel.org> x86/decompressor: Store boot_params pointer in callee save register Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Branch straight to kernel entry point from C code Alexander Lobakin <alexandr.lobakin(a)intel.com> x86/boot: Robustify calling startup_{32,64}() from the decompressor code Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Make the deprecated EFI handover protocol optional Johan Hovold <johan+linaro(a)kernel.org> efi: verify that variable services are supported Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_check_sev_cbit() into .text Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_load_idt() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move startup32_load_idt() into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Pull global variable reference into startup32_load_idt() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed, efi: Merge multiple definitions of image_offset into one Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_pe_entry() out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_entry out of head_64.S Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move efi32_pe_entry into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move bootargs parsing out of 32-bit startup code Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Move 32-bit entrypoint code into .text section Ard Biesheuvel <ardb(a)kernel.org> x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S Ard Biesheuvel <ardb(a)kernel.org> efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/core: Update CMA destination address on rdma_resolve_addr Patrisious Haddad <phaddad(a)nvidia.com> RDMA/core: Refactor rdma_bind_addr Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: continue marking the first subflow as UNCONNECTED Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Neil Armstrong <neil.armstrong(a)linaro.org> Bluetooth: qca: add support for WCN7850 Neil Armstrong <neil.armstrong(a)linaro.org> Bluetooth: qca: use switch case for soc type behavior Luca Weiss <luca.weiss(a)fairphone.com> Bluetooth: btqca: Add WCN3988 support Min-Hua Chen <minhuadotchen(a)gmail.com> Bluetooth: btqca: use le32_to_cpu for ver.soc_id Steev Klimaszewski <steev(a)kali.org> Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Bluetooth: hci_qca: mark OF related data as maybe unused Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <linux(a)rempel-privat.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: don't force huge page alignment on 32 bit Gustavo A. R. Silva <gustavoars(a)kernel.org> RDMA/core: Fix multiple -Warray-bounds warnings Manivannan Sadhasivam <mani(a)kernel.org> iommu/arm-smmu-qcom: Limit the SMR groups to 128 Ye Bin <yebin10(a)huawei.com> fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode' Abdun Nihaal <abdun.nihaal(a)gmail.com> fs/ntfs3: Fix NULL dereference in ni_write_inode Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Add length check in indx_get_root Arnd Bergmann <arnd(a)arndb.de> clk: tegra20: fix gcc-7 constant overflow warning Jia-Ju Bai <baijiaju1990(a)gmail.com> fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() Tomas Krcka <krckatom(a)amazon.de> iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any Chunyan Zhang <chunyan.zhang(a)unisoc.com> iommu/sprd: Release dma buffer to avoid memory leak Vicki Pfau <vi(a)endrift.com> Input: xpad - add constants for GIP interface numbers Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: gadget: Properly configure the device for remote wakeup Marek Vasut <marex(a)denx.de> ARM: dts: imx7s: Drop dma-apb interrupt-names Stefan Wahren <stefan.wahren(a)i2se.com> ARM: dts: imx: Adjust dma-apbh node name Xiaowei Bao <xiaowei.bao(a)nxp.com> PCI: layerscape: Add workaround for lost link capabilities during reset Frank Li <Frank.Li(a)nxp.com> PCI: layerscape: Add the endpoint linkup notifier support Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Add missing mutex_destroy() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Make fini symmetric to init Bjorn Helgaas <bhelgaas(a)google.com> net: restore alpha order to Ethernet devices in config Geert Uytterhoeven <geert+renesas(a)glider.be> of: overlay: Reorder struct fragment fields kerneldoc Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Mike Christie <michael.christie(a)oracle.com> scsi: core: Add struct for args to execution functions Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Neil Armstrong <neil.armstrong(a)linaro.org> drm/meson: fix unbind path if HDMI fails to bind Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Documentation/x86/boot.rst | 2 +- Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 4 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx6qdl.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/imx6ul.dtsi | 2 +- arch/arm/boot/dts/imx7s.dtsi | 3 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 + arch/arm64/include/asm/efi.h | 1 + arch/powerpc/platforms/pseries/iommu.c | 156 +++-- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++ arch/x86/Kconfig | 17 + arch/x86/boot/compressed/Makefile | 13 +- arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/efi_mixed.S | 328 +++++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ------ arch/x86/boot/compressed/head_32.S | 38 +- arch/x86/boot/compressed/head_64.S | 593 +++------------- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/mem_encrypt.S | 152 +++- arch/x86/boot/compressed/misc.c | 85 ++- arch/x86/boot/compressed/misc.h | 3 - arch/x86/boot/compressed/pgtable.h | 10 +- arch/x86/boot/compressed/pgtable_64.c | 94 ++- arch/x86/boot/compressed/sev.c | 114 +-- arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 2 + arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 + arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/boot.h | 10 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/efi.h | 14 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 27 +- arch/x86/include/asm/sev.h | 7 + arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/intel.c | 178 ++--- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 +- drivers/bluetooth/btqca.c | 104 ++- drivers/bluetooth/btqca.h | 23 +- drivers/bluetooth/hci_qca.c | 310 +++++++-- drivers/clk/tegra/clk-tegra20.c | 26 +- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/firmware/efi/efi.c | 22 + drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/alignedmem.c | 7 +- drivers/firmware/efi/libstub/arm64-stub.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 2 + drivers/firmware/efi/libstub/efistub.h | 32 +- drivers/firmware/efi/libstub/mem.c | 5 +- drivers/firmware/efi/libstub/randomalloc.c | 17 +- drivers/firmware/efi/libstub/x86-5lvl.c | 95 +++ drivers/firmware/efi/libstub/x86-stub.c | 319 +++++---- drivers/firmware/efi/libstub/x86-stub.h | 17 + drivers/firmware/efi/vars.c | 13 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 + drivers/gpu/drm/drm_buddy.c | 10 + drivers/gpu/drm/meson/meson_drv.c | 23 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/tegra/drm.c | 23 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma.c | 255 +++---- drivers/infiniband/core/cma_trace.h | 2 +- drivers/infiniband/core/user_mad.c | 23 +- drivers/input/joystick/xpad.c | 5 +- drivers/interconnect/core.c | 18 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 19 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 16 +- drivers/iommu/sprd-iommu.c | 29 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/Kconfig | 2 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 +- drivers/of/overlay.c | 2 +- drivers/of/property.c | 2 +- drivers/pci/controller/dwc/pci-layerscape-ep.c | 119 +++- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/scsi/scsi_lib.c | 52 +- drivers/scsi/sd.c | 26 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/usb/gadget/composite.c | 18 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/gadget/udc/core.c | 27 + drivers/usb/gadget/udc/trace.h | 5 + drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/video/fbdev/core/fbcon.c | 8 +- drivers/xen/events/events_base.c | 5 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/btrfs/disk-io.c | 22 +- fs/btrfs/disk-io.h | 2 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/efivarfs/vars.c | 17 +- fs/exportfs/expfs.c | 8 +- fs/lockd/svc4proc.c | 1 + fs/lockd/svclock.c | 17 +- fs/lockd/svcproc.c | 1 + fs/lockd/svcsubs.c | 4 +- fs/locks.c | 24 +- fs/nfs/nfs4trace.h | 6 +- fs/nfs/nfstrace.h | 6 +- fs/nfs/write.c | 4 +- fs/nfsd/Kconfig | 19 +- fs/nfsd/Makefile | 5 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 39 +- fs/nfsd/flexfilelayout.c | 1 + fs/nfsd/netns.h | 2 +- fs/nfsd/nfs4callback.c | 72 ++ fs/nfsd/nfs4idmap.c | 1 + fs/nfsd/nfs4proc.c | 31 +- fs/nfsd/nfs4state.c | 316 ++++++--- fs/nfsd/nfs4xdr.c | 771 +++++++++++---------- fs/nfsd/nfsctl.c | 13 +- fs/nfsd/nfsd.h | 9 +- fs/nfsd/nfsfh.h | 10 +- fs/nfsd/nfsproc.c | 66 +- fs/nfsd/nfssvc.c | 8 +- fs/nfsd/state.h | 11 +- fs/nfsd/trace.h | 106 +++ fs/nfsd/vfs.c | 64 +- fs/nfsd/vfs.h | 1 + fs/nfsd/xdr4.h | 5 + fs/nfsd/xdr4cb.h | 6 + fs/ntfs3/frecord.c | 5 +- fs/ntfs3/fsntfs.c | 1 + fs/ntfs3/index.c | 11 +- include/linux/bvec.h | 2 +- include/linux/decompress/mm.h | 2 +- include/linux/efi.h | 1 + include/linux/fs.h | 14 + include/linux/netfilter.h | 4 + include/linux/nfs4.h | 13 + include/linux/usb/composite.h | 2 + include/linux/usb/gadget.h | 8 + include/net/ipv6_stubs.h | 5 + include/net/mctp.h | 1 + include/net/netfilter/nf_conntrack.h | 8 + include/scsi/scsi_device.h | 52 +- include/trace/events/rpcgss.h | 2 +- include/trace/events/rpcrdma.h | 4 +- include/trace/events/sunrpc.h | 2 +- include/trace/{events => misc}/fs.h | 0 include/trace/{events => misc}/nfs.h | 12 + include/trace/{events => misc}/rdma.h | 0 .../trace/{events/sunrpc_base.h => misc/sunrpc.h} | 0 include/uapi/linux/bpf.h | 31 +- include/uapi/linux/in6.h | 2 +- lib/nlattr.c | 4 + mm/huge_memory.c | 4 + net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 + net/core/filter.c | 30 +- net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mctp/route.c | 10 +- net/mptcp/diag.c | 5 +- net/mptcp/pm_netlink.c | 48 +- net/mptcp/pm_userspace.c | 12 +- net/mptcp/protocol.c | 56 +- net/mptcp/protocol.h | 13 +- net/mptcp/subflow.c | 15 +- net/netfilter/core.c | 16 + net/netfilter/nf_conntrack_core.c | 13 + net/netfilter/nf_conntrack_proto_tcp.c | 35 + net/netfilter/nf_tables_api.c | 7 + net/netfilter/nft_compat.c | 20 + net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 11 +- net/unix/garbage.c | 21 +- net/wireless/nl80211.c | 2 + security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + tools/include/uapi/linux/bpf.h | 31 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 + 223 files changed, 4349 insertions(+), 2418 deletions(-)

1 year, 7 months

13
229
0 0

[PATCH 6.6 000/143] 6.6.21-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.21 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.21-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.21-rc1 Danilo Krummrich <dakr(a)redhat.com> drm/nouveau: don't fini scheduler before entity flush Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: rm subflow with v4/v4mapped addr Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_is_v6 Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: update userspace pm test helpers Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add chk_subflows_total helper Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add evts_get_info helper Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Ming Lei <ming.lei(a)redhat.com> block: define bvec_iter as __packed __aligned(4) Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: use correct function name for resetting TCE tables Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Ensure safe user copy of completion record Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Remove shadow Event Log head stored in idxd Alexander Stein <alexander.stein(a)ew.tq-group.com> phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use dashes Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Add HDMA remote interrupt configuration Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: HDMA_V0_REMOTEL_STOP_INT_EN typo fix Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix wrong interrupt bit set for HDMA Kory Maincent <kory.maincent(a)bootlin.com> dmaengine: dw-edma: Fix the ch_count hdma callback Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: cs35l56: fix reversed if statement in cs35l56_dspwait_asp1tx_put() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. NeilBrown <neilb(a)suse.de> NFS: Fix data corruption caused by congestion. Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Paolo Abeni <pabeni(a)redhat.com> mptcp: fix potential wake-up event loss Paolo Abeni <pabeni(a)redhat.com> mptcp: fix snd_wnd initialization for passive socket Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: add ss mptcp support check Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid printing warning once on client side Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: map v4 address to v6 when destroying subflow Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Jiri Bohac <jbohac(a)suse.cz> x86/e820: Don't reserve SETUP_RNG_SEED in e820 Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix iopt_access_list_id overwrite bug Nathan Chancellor <nathan(a)kernel.org> kbuild: Add -Wa,--fatal-warnings to as-instr invocation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Nathan Chancellor <nathan(a)kernel.org> RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix DMA API overlapping mappings warning Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Joy Zou <joy.zou(a)nxp.com> dmaengine: fsl-edma: correct calculation of 'nbytes' in multi-fifo scenario Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Ard Biesheuvel <ardb(a)kernel.org> crypto: arm64/neonbs - fix out-of-bounds access on short input Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read Rob Clark <robdclark(a)chromium.org> soc: qcom: pmic_glink: Fix boot when QRTR=m Ryan Lin <tsung-hua.lin(a)amd.com> drm/amd/display: Add monitor patch for specific eDP Matthew Auld <matthew.auld(a)intel.com> drm/buddy: fix range bias Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/pm: resolve reboot exception for si oland" Filipe Manana <fdmanana(a)suse.com> btrfs: send: don't issue unnecessary zero writes for trailing hole David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free of anonymous device after snapshot creation failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Elad Nachman <enachman(a)marvell.com> mtd: rawnand: marvell: fix layouts Nhat Pham <nphamcs(a)gmail.com> mm: cachestat: fix folio read-after-free in cache walk Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Mickaël Salaün <mic(a)digikod.net> landlock: Fix asymmetric private inodes referring Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid Willian Wang <git(a)willian.wang> ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt440 Hans Peter <flurry123(a)gmx.ch> ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) Gergo Koteles <soyer(a)irl.hu> ALSA: hda/realtek: tas2781: enable subwoofer volume control Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix the discard error code from snd_ump_legacy_open() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Saravana Kannan <saravanak(a)google.com> of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between ordered extent completion and fiemap Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix pte_leaf_size() for NAPOT Alexandre Ghiti <alexghiti(a)rivosinc.com> Revert "riscv: mm: support Svnapot in huge vmap" Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: ctr_get_width function for legacy is not defined Vadim Shakirov <vadim.shakirov(a)syntacore.com> drivers: perf: added capabilities for legacy PMU David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Thierry Reding <treding(a)nvidia.com> drm/tegra: Remove existing framebuffer only if we support display Conor Dooley <conor(a)kernel.org> RISC-V: Ignore V from the riscv,isa DT property on older T-Head CPUs Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: soc-card: Fix missing locking in snd_soc_card_get_kcontrol() Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon revision Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Fix for initializing ASP1 mixer registers Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Don't add the same register patch multiple times Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: cs35l56_component_remove() must clear cs35l56->component Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix build error if !CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION Colin Ian King <colin.i.king(a)gmail.com> ASoC: qcom: Fix uninitialized pointer dmactl Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: qcom: convert not to use asoc_xxx() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc.h: convert asoc_xxx() to snd_soc_xxx() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Must clear HALO_STATE before issuing SYSTEM_RESET Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Sabrina Dubroca <sd(a)queasysnail.net> tls: fix peeking with sync+async decryption Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Lukasz Majewski <lukma(a)denx.de> net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames Oleksij Rempel <o.rempel(a)pengutronix.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix handling of multiple mcast groups Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix triggering coredump implementation Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix wrong event type for patch config command Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix accept_list when attempting to suspend Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_sync: Check the correct flag before starting a scan Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Oleksij Rempel <o.rempel(a)pengutronix.de> net: lan78xx: fix "softirq work is pending" error Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Oleksij Rempel <o.rempel(a)pengutronix.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: fman_memac: accept phy-interface-type = "10gbase-r" in the device tree Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: take ownership of skb in mctp_local_output Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Florian Westphal <fw(a)strlen.de> netlink: add nla be16/32 types to minlen array Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Ming Lei <ming.lei(a)redhat.com> ublk: move ublk_cancel_dev() out of ub->mutex Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong allocation size update in smb2_open() Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l34: Fix GPIO name and drop legacy include Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> ubifs: fix possible dereference after free Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking ------------- Diffstat: Documentation/arch/x86/mds.rst | 34 +++- Makefile | 4 +- arch/arm64/crypto/aes-neonbs-glue.c | 11 ++ arch/powerpc/include/asm/rtas.h | 4 +- arch/powerpc/kernel/rtas.c | 9 +- arch/powerpc/platforms/pseries/iommu.c | 156 +++++++++++------ arch/riscv/Kconfig | 1 - arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/hugetlb.h | 2 + arch/riscv/include/asm/pgtable.h | 6 +- arch/riscv/include/asm/vmalloc.h | 61 +------ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cpufeature.c | 15 ++ arch/riscv/kernel/return_address.c | 48 +++++ arch/riscv/mm/hugetlbpage.c | 2 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 -- arch/x86/kernel/cpu/bugs.c | 15 +- arch/x86/kernel/cpu/intel.c | 178 ++++++++++--------- arch/x86/kernel/e820.c | 8 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 20 ++- drivers/block/ublk_drv.c | 40 +++-- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/hci_bcm4377.c | 3 +- drivers/bluetooth/hci_qca.c | 22 ++- drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/dw-edma/dw-edma-v0-core.c | 17 ++ drivers/dma/dw-edma/dw-hdma-v0-core.c | 39 +++-- drivers/dma/dw-edma/dw-hdma-v0-regs.h | 2 +- drivers/dma/fsl-edma-common.c | 2 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/dma/idxd/cdev.c | 2 +- drivers/dma/idxd/debugfs.c | 2 +- drivers/dma/idxd/idxd.h | 1 - drivers/dma/idxd/init.c | 15 +- drivers/dma/idxd/irq.c | 3 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 29 +++ drivers/gpu/drm/drm_buddy.c | 10 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +- drivers/gpu/drm/tegra/drm.c | 23 ++- drivers/iommu/iommufd/io_pagetable.c | 9 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/mmci_stm32_sdmmc.c | 24 +++ drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++- drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 18 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 5 +- drivers/net/veth.c | 40 ++--- drivers/of/property.c | 2 +- drivers/perf/riscv_pmu.c | 18 +- drivers/perf/riscv_pmu_legacy.c | 10 +- drivers/phy/freescale/phy-fsl-imx8-mipi-dphy.c | 2 +- drivers/pmdomain/qcom/rpmhpd.c | 7 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/pmic_glink.c | 21 +-- drivers/spi/spi-cadence-quadspi.c | 6 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/btrfs/disk-io.c | 22 +-- fs/btrfs/disk-io.h | 2 +- fs/btrfs/extent_io.c | 165 ++++++++++++++--- fs/btrfs/ioctl.c | 2 +- fs/btrfs/send.c | 17 +- fs/btrfs/transaction.c | 2 +- fs/efivarfs/vars.c | 17 +- fs/nfs/write.c | 4 +- fs/smb/server/smb2pdu.c | 36 ++-- fs/ubifs/tnc.c | 1 + include/linux/bvec.h | 2 +- include/linux/netfilter.h | 1 + include/net/mctp.h | 1 + include/sound/soc-card.h | 6 +- include/sound/soc.h | 42 +++-- include/uapi/linux/in6.h | 2 +- lib/nlattr.c | 4 + mm/debug_vm_pgtable.c | 8 + mm/filemap.c | 51 +++--- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sync.c | 7 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 ++++++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++++ net/core/rtnetlink.c | 11 +- net/hsr/hsr_forward.c | 2 +- net/ipv4/ip_tunnel.c | 28 ++- net/ipv6/addrconf.c | 7 +- net/mctp/route.c | 10 +- net/mptcp/diag.c | 3 + net/mptcp/options.c | 2 +- net/mptcp/pm_userspace.c | 10 ++ net/mptcp/protocol.c | 52 +++++- net/mptcp/protocol.h | 21 +-- net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/tls/tls_sw.c | 40 +++-- net/unix/garbage.c | 21 +-- net/wireless/nl80211.c | 2 + scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- security/landlock/fs.c | 4 +- security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/core/ump.c | 4 +- sound/firewire/amdtp-stream.c | 2 +- sound/pci/hda/patch_realtek.c | 32 +++- sound/soc/codecs/cs35l34.c | 4 +- sound/soc/codecs/cs35l56-shared.c | 8 +- sound/soc/codecs/cs35l56.c | 195 ++++++++++++++++++--- sound/soc/codecs/cs35l56.h | 1 + sound/soc/fsl/fsl_xcvr.c | 12 +- sound/soc/qcom/apq8016_sbc.c | 8 +- sound/soc/qcom/apq8096.c | 8 +- sound/soc/qcom/common.c | 6 +- sound/soc/qcom/lpass-cdc-dma.c | 18 +- sound/soc/qcom/lpass-platform.c | 50 +++--- sound/soc/qcom/qdsp6/q6apm-dai.c | 4 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 10 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/qcom/sc7180.c | 18 +- sound/soc/qcom/sc7280.c | 26 +-- sound/soc/qcom/sc8280xp.c | 8 +- sound/soc/qcom/sdm845.c | 36 ++-- sound/soc/qcom/sdw.c | 6 +- sound/soc/qcom/sm8250.c | 10 +- sound/soc/qcom/storm.c | 4 +- sound/soc/soc-card.c | 24 ++- sound/soc/soc-utils.c | 4 +- tools/net/ynl/lib/ynl.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 16 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 192 ++++++++++++-------- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 ++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 8 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 86 +++++---- 153 files changed, 1900 insertions(+), 904 deletions(-)

1 year, 7 months

12
155
0 0

[PATCH v4] USB:UAS:return ENODEV when submit urbs fail with device not attached

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v3->v4 - remove unused variable declaration in function uas_submit_urbs. drivers/usb/storage/uas.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..5930cfc03111 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 7 months

1
0
0 0

[PATCH v3] USB:UAS:return ENODEV when submit urbs fail with device not attached

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v2->v3 - Modify the description of this patch. - An error is returned directly when submitting URB fails. drivers/usb/storage/uas.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..689396777b6f 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,16 +541,15 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, @@ -562,9 +561,9 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +571,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +581,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +591,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +601,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +610,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +620,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +697,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 7 months

4
3
0 0

[PATCH STABLE v5.15.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c7d5566623ad..c37af50f312d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -424,8 +424,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH STABLE v5.10.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index fcb7eb6a6eca..c0a8f3c9e256 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -447,8 +447,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 7 months

1
0
0 0

[PATCH STABLE v5.4.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. This fix is stable-only, since after commit 07e09c483cbe ("mm/huge_memory: work on folio->swap instead of page->private when splitting folio"), subpages of a swapcached THP no longer requires the maintenance. Adding THPs to the swapcache was introduced in commit 38d8b4e6bdc87 ("mm, THP, swap: delay splitting THP during swap out"), where each subpage of a THP added to the swapcache had its own swapcache entry and required the ->private field to point to the correct swapcache entry. Later, when THP migration functionality was implemented in commit 616b8371539a6 ("mm: thp: enable thp migration in generic path"), it initially did not handle the subpages of swapcached THPs, failing to update their ->private fields or replace the subpage pointers in the swapcache. Subsequently, commit e71769ae5260 ("mm: enable thp migration for shmem thp") addressed the swapcache update aspect. This patch fixes the update of subpage ->private fields. Closes: https://lore.kernel.org/linux-mm/1707814102-22682-1-git-send-email-quic_cha… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index 034b0662fd3b..9cfd53eaeb4e 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -441,8 +441,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 7 months

1
0
0 0

[REGRESSION] kexec does firmware reboot in kernel v6.7.6

by Pavin Joseph

Hello everyone, #regzbot introduced v6.7.5..v6.7.6 I'm experiencing an issue where kexec does a full firmware reboot instead of kexec reboot. Issue first submitted at OpenSuse bugzilla [0]. OS details as follows: Distributor ID: openSUSE Description: openSUSE Tumbleweed-Slowroll Release: 20240213 Issue has been reproduced by building kernel from source. kexec works as expected in kernel v6.7.5. kexec does full firmware reboot in kernel v6.7.6. I followed the docs here [1] to perform git bisect and find the culprit, hope it's alright as I'm quite out of my depth here. Git bisect logs: git bisect start # status: waiting for both good and bad commits # bad: [b631f5b445dc3379f67ff63a2e4c58f22d4975dc] Linux 6.7.6 git bisect bad b631f5b445dc3379f67ff63a2e4c58f22d4975dc # status: waiting for good commit(s), bad commit known # good: [004dcea13dc10acaf1486d9939be4c793834c13c] Linux 6.7.5 git bisect good 004dcea13dc10acaf1486d9939be4c793834c13c Let me know if there's anything else I can do to help troubleshoot the issue. [0]: https://bugzilla.suse.com/show_bug.cgi?id=1220541 [1]: https://docs.kernel.org/admin-guide/bug-bisect.html Kind regards, Pavin Joseph.

1 year, 7 months

3
12
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2024