March 2024 - Linux-stable-mirror

[PATCH v2] bus: mhi: host: free buffer on error in mhi_alloc_bhie_table

by Fedor Pchelkin

img_info->mhi_buf should be freed on error path in mhi_alloc_bhie_table(). This error case is rare but still needs to be fixed. Found by Linux Verification Center (linuxtesting.org). Fixes: 3000f85b8f47 ("bus: mhi: core: Add support for basic PM operations") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: add missing Cc: stable, as Greg Kroah-Hartman's bot reported drivers/bus/mhi/host/boot.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c index edc0ec5a0933..738dcd11b66f 100644 --- a/drivers/bus/mhi/host/boot.c +++ b/drivers/bus/mhi/host/boot.c @@ -357,6 +357,7 @@ int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, for (--i, --mhi_buf; i >= 0; i--, mhi_buf--) dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, mhi_buf->buf, mhi_buf->dma_addr); + kfree(img_info->mhi_buf); error_alloc_mhi_buf: kfree(img_info); -- 2.39.2

6 months, 1 week

2
2
0 0

[PATCH] Revert "f2fs: stop allocating pinned sections if EAGAIN happens"

by Wu Bo

This reverts commit 2e42b7f817acd6e8d78226445eb6fe44fe79c12a. If the GC victim section has a pinned block when fallocate() trigger FG_GC, the section is not able to be recycled. And this will return -EAGAIN cause fallocate() failed, even though there are much spare space as user see. As the GC policy prone to chose the same victim, fallocate() may not successed at a long period. This scenario has been found during Android OTA. Link: https://lore.kernel.org/linux-f2fs-devel/20231030094024.263707-1-bo.wu@vivo… CC: stable(a)vger.kernel.org Signed-off-by: Wu Bo <bo.wu(a)vivo.com> --- fs/f2fs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index b58ab1157b7e..19915faccee9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1725,7 +1725,7 @@ static int f2fs_expand_inode_data(struct inode *inode, loff_t offset, f2fs_down_write(&sbi->gc_lock); stat_inc_gc_call_count(sbi, FOREGROUND); err = f2fs_gc(sbi, &gc_control); - if (err && err != -ENODATA) + if (err && err != -ENODATA && err != -EAGAIN) goto out_err; } -- 2.25.1

7 months

4
7
0 0

[PATCH 6.6 000/166] 6.6.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.8 release. There are 166 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Dec 2023 13:50:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.8-rc1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Change the key being sent for MPV device affiliation Fangrui Song <maskray(a)google.com> x86/speculation, objtool: Use absolute relocations for annotations Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have rb_time_cmpxchg() set the msb counter too Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not try to put back write_stamp Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix writing to the buffer with max_data_size Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have saved event hold the entire event Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not update before stamp when switching sub-buffers Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Update snapshot buffer on resize if it is allocated Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smb2_query_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix remapped stride with CCS on ADL+ Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix intel_atomic_setup_scalers() plane_state handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Disable PSR-SU on Parade 0803 TCON again Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore guard against default backlight value < 1 nit Jani Nikula <jani.nikula(a)intel.com> drm/edid: also call add modes in EDID connector update fallback Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix tear down order in amdgpu_vm_pt_free Boris Burkov <boris(a)bur.io> btrfs: don't clear qgroup reserved bit in release_folio Boris Burkov <boris(a)bur.io> btrfs: fix qgroup_free_reserved_data int overflow Boris Burkov <boris(a)bur.io> btrfs: free qgroup reserve when ORDERED_IOERR is set Ignat Korchagin <ignat(a)cloudflare.com> kexec: drop dependency on ARCH_SUPPORTS_KEXEC from CRASH_DUMP David Stevens <stevensd(a)chromium.org> mm/shmem: fix race in shmem_undo_range w/THP Yu Zhao <yuzhao(a)google.com> mm/mglru: reclaim offlined memcgs harder Yu Zhao <yuzhao(a)google.com> mm/mglru: respect min_ttl_ms with memcgs Yu Zhao <yuzhao(a)google.com> mm/mglru: try to stop at high watermarks Yu Zhao <yuzhao(a)google.com> mm/mglru: fix underprotected page cache Frank Li <Frank.Li(a)nxp.com> dmaengine: fsl-edma: fix DMA channel leak in eDMAv4 Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: avoid bitfield overflow assertion Stuart Lee <stuart.lee(a)mediatek.com> drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: add begin/end_use ring callbacks Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify John Hubbard <jhubbard(a)nvidia.com> Revert "selftests: error out if kernel header files are not yet built" Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Dan Williams <dan.j.williams(a)intel.com> cxl/hdm: Fix dpa translation locking Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Masahiro Yamada <masahiroy(a)kernel.org> arm64: add dependency between vmlinuz.efi and Image Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct file type from NFS reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: introduce ->parse_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: implement ->query_reparse_point() for SMB1 Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not allow NULL parent to eventfs_start_creating() Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Heiko Carstens <hca(a)linux.ibm.com> scripts/checkstack.pl: match all stack sizes for s390 Nguyen Dinh Phi <phind.uet(a)gmail.com> nfc: virtual_ncidev: Add variable to check if ndev is running Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Li Nan <linan122(a)huawei.com> nbd: pass nbd_sock to nbd_read_reply() instead of index Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Brett Raye <braye(a)fastmail.com> HID: glorious: fix Glorious Model I HID report Yihong Cao <caoyihong4(a)outlook.com> HID: apple: add Jamesdonkey and A3R to non-apple keyboards list Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Allow IO to start during probe Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Set driver data before I2C adapter add Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Bibo Mao <maobibo(a)loongson.cn> LoongArch: Implement constant timer shutdown interface Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mark {dmw,tlb}_virt_to_page() exports as non-GPL Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Silence the boot warning about 'nokaslr' WANG Rui <wangrui(a)loongson.cn> LoongArch: Record pc instead of offset in la_abs relocation Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Add dependency between vmlinuz.efi and vmlinux.efi Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: fix bpf_loop_bench for new callback verification scheme Hannes Reinecke <hare(a)suse.de> nvme: catch errors from nvme_configure_metadata() Mark O'Donovan <shiftee(a)posteo.net> nvme-auth: set explanation code for failure2 msgs Li Nan <linan122(a)huawei.com> nbd: fix null-ptr-dereference while accessing 'nbd->config' Li Nan <linan122(a)huawei.com> nbd: factor out a helper to get nbd_config without holding 'config_lock' Li Nan <linan122(a)huawei.com> nbd: fold nbd config initialization into nbd_alloc_config() Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Colin Ian King <colin.i.king(a)gmail.com> bcache: remove redundant assignment to variable cur_idx Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-cgroup: bypass blkcg_deactivate_policy after destroying Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" David Howells <dhowells(a)redhat.com> rxrpc: Fix some minor issues with bundle tracing Jean Delvare <jdelvare(a)suse.de> stmmac: dwmac-loongson: Add architecture dependency Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Saurabh Sengar <ssengar(a)linux.microsoft.com> x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM David Hildenbrand <david(a)redhat.com> selftests/mm: cow: print ksft header before printing anything else Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915: Use internal class when counting engine resets Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915/selftests: Fix engine reset count storage for multi-tile Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu/37xx: Fix interrupt_clear_with_0 WA initialization Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> accel/ivpu: Print information about used workarounds Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add spinlock for setting vblank event in atomic_begin Michael Walle <mwalle(a)kernel.org> drm/mediatek: fix kernel oops if no crtc is found Johan Hovold <johan+linaro(a)kernel.org> PCI: vmd: Fix potential deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Add pci_enable_link_state_locked() Jiaxun Yang <jiaxun.yang(a)flygoat.com> PCI: loongson: Limit MRRS to 256 Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: reset the amp before component_add Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: call cleanup functions only once Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: handle missing EFI calibration data Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: leave hda_component in usable state Hartmut Knaack <knaack.h(a)gmx.de> ALSA: hda/realtek: Apply mute LED quirk for HP15-db Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Al Viro <viro(a)zeniv.linux.org.uk> io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation Hangyu Hua <hbh25y(a)gmail.com> fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Amir Goldstein <amir73il(a)gmail.com> fuse: disable FOPEN_PARALLEL_DIRECT_WRITES with FUSE_DIRECT_IO_ALLOW_MMAP Krister Johansen <kjlx(a)templeofstupid.com> fuse: share lookup state between submount and its parent Tyler Fanelli <tfanelli(a)redhat.com> fuse: Rename DIRECT_IO_RELAX to DIRECT_IO_ALLOW_MMAP Sebastian Parschauer <s.parschauer(a)gmx.de> HID: Add quirk for Labtec/ODDOR/aikeec handbrake Mario Limonciello <mario.limonciello(a)amd.com> HID: i2c-hid: Add IDEA5002 to i2c_hid_acpi_blacklist[] Jens Axboe <axboe(a)kernel.dk> cred: get rid of CONFIG_DEBUG_CREDENTIALS Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: fix double free in ring reinit logic Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Sneh Shah <quic_snehshah(a)quicinc.com> net: stmmac: dwmac-qcom-ethqos: Fix drops in 10M SGMII RX Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-switch: do not ask for MDB, VLAN and FDB replay Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-switch: fix size of the dma_unmap Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check Yanteng Si <siyanteng(a)loongson.cn> stmmac: dwmac-loongson: Make sure MDIO is initialized before use David Arinzon <darinzon(a)amazon.com> net: ena: Fix XDP redirection error David Arinzon <darinzon(a)amazon.com> net: ena: Fix DMA syncing in XDP path when SWIOTLB is on David Arinzon <darinzon(a)amazon.com> net: ena: Fix xdp drops handling due to multibuf packets David Arinzon <darinzon(a)amazon.com> net: ena: Destroy correct number of xdp queues upon failure Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Slawomir Laba <slawomirx.laba(a)intel.com> iavf: Fix iavf_shutdown to call iavf_remove instead iavf_close Piotr Gardocki <piotrx.gardocki(a)intel.com> iavf: Handle ntuple on/off based on new state machines for flow director Piotr Gardocki <piotrx.gardocki(a)intel.com> iavf: Introduce new state machines for flow director Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix pause frame configuration Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Update RSS algorithm index Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix promisc mcam entry action Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: explicitly test for firmware ready value Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-af: fix a use-after-free in rvu_nix_register_reporters Radu Bulie <radu-andrei.bulie(a)nxp.com> net: fec: correct queue selection Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix wrong return value check in bnxt_close_nic() Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> bnxt_en: Fix skb recycling logic in bnxt_deliver_skb() Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Clear resource reservation during resume Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: Fix a NULL vs IS_ERR() check Gavin Li <gavinl(a)nvidia.com> net/mlx5e: Check netdev pointer before checking its net ns Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset request when HotPlug is enabled Chris Mi <cmi(a)nvidia.com> net/mlx5e: TC, Don't offload post action rule if not supported Moshe Shemesh <moshe(a)nvidia.com> net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work Chris Mi <cmi(a)nvidia.com> net/mlx5e: Disable IPsec offload support if not FW steering Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Send events from IB driver about device affiliation state Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Check the number of elements before walk TC rhashtable Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Reduce eswitch mode_lock protection context Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Tidy up IPsec NAT-T SA discovery Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5e: Unify esw and normal IPsec status table creation/destruction Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Ensure that IPsec sequence packet number starts from 1 Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Honor user choice of IPsec replay window size Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Restrict detection of patched firmware only to USB cptkbd David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Avoid physical KASLR on older Dell systems Zizhi Wo <wozizhi(a)huawei.com> ksmbd: fix memory leak in smb2_lock() Jan Kara <jack(a)suse.cz> ext4: fix warning in ext4_dio_write_end_io() Kelly Kane <kelly(a)hawknetworks.com> r8152: add vendor/device ID pair for ASUS USB-C2500 ------------- Diffstat: Makefile | 4 +- arch/arm64/Makefile | 2 +- arch/arm64/include/asm/pgtable.h | 6 + arch/loongarch/Makefile | 2 + arch/loongarch/include/asm/asmmacro.h | 3 +- arch/loongarch/include/asm/setup.h | 2 +- arch/loongarch/kernel/relocate.c | 10 +- arch/loongarch/kernel/time.c | 27 +-- arch/loongarch/mm/pgtable.c | 4 +- arch/powerpc/configs/skiroot_defconfig | 1 - arch/riscv/Kconfig | 4 +- arch/riscv/kernel/crash_core.c | 4 +- arch/s390/configs/debug_defconfig | 1 - arch/x86/hyperv/hv_init.c | 25 ++- arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/nospec-branch.h | 4 +- block/blk-cgroup.c | 13 ++ block/blk-throttle.c | 2 + drivers/accel/ivpu/ivpu_drv.h | 5 + drivers/accel/ivpu/ivpu_hw_37xx.c | 17 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 4 + drivers/atm/solos-pci.c | 8 +- drivers/block/nbd.c | 117 ++++++---- drivers/cxl/core/hdm.c | 3 +- drivers/cxl/core/port.c | 4 +- drivers/dma/fsl-edma-common.c | 1 + drivers/dma/stm32-dma.c | 8 +- drivers/firmware/efi/libstub/x86-stub.c | 31 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 28 +++ .../dc/link/protocols/link_edp_panel_control.c | 4 +- .../drm/amd/display/modules/power/power_helpers.c | 2 + drivers/gpu/drm/drm_edid.c | 3 +- drivers/gpu/drm/i915/display/intel_fb.c | 19 +- drivers/gpu/drm/i915/display/skl_scaler.c | 2 +- drivers/gpu/drm/i915/gt/intel_reset.c | 2 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 5 +- drivers/gpu/drm/i915/i915_gpu_error.h | 12 +- drivers/gpu/drm/i915/selftests/igt_live_test.c | 9 +- drivers/gpu/drm/i915/selftests/igt_live_test.h | 3 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 14 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 5 +- drivers/hid/hid-apple.c | 2 + drivers/hid/hid-asus.c | 27 ++- drivers/hid/hid-glorious.c | 16 +- drivers/hid/hid-ids.h | 12 +- drivers/hid/hid-lenovo.c | 3 +- drivers/hid/hid-mcp2221.c | 4 +- drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-quirks.c | 2 + drivers/hid/i2c-hid/i2c-hid-acpi.c | 5 + drivers/infiniband/hw/mlx5/main.c | 17 ++ drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 + drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 2 +- drivers/net/ethernet/amazon/ena/ena_eth_com.c | 3 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 53 +++-- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 38 +++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c | 11 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 5 +- .../ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 7 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 27 +-- drivers/net/ethernet/intel/iavf/iavf.h | 1 + drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 27 ++- drivers/net/ethernet/intel/iavf/iavf_fdir.h | 15 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 179 ++++++++++----- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 71 +++++- .../net/ethernet/marvell/octeon_ep/octep_main.c | 3 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 11 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 5 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 55 ++++- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 25 ++- drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 + .../ethernet/mellanox/mlx5/core/en/tc/post_act.c | 6 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 56 +++-- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 222 +++++++++++++----- .../mellanox/mlx5/core/en_accel/ipsec_offload.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 25 ++- .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c | 154 +------------ .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.h | 15 -- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 35 +-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 2 + .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 56 +++-- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 29 +++ drivers/net/ethernet/mellanox/mlx5/core/main.c | 6 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qualcomm/qca_debug.c | 17 +- drivers/net/ethernet/qualcomm/qca_spi.c | 20 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 +- .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 10 + drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 6 +- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/nfc/virtual_ncidev.c | 7 +- drivers/nvme/host/auth.c | 2 + drivers/nvme/host/core.c | 19 +- drivers/pci/controller/pci-loongson.c | 46 +++- drivers/pci/controller/vmd.c | 2 +- drivers/pci/hotplug/acpiphp_glue.c | 9 +- drivers/pci/pcie/aspm.c | 53 +++-- drivers/platform/x86/intel/telemetry/core.c | 4 +- drivers/soundwire/stream.c | 7 +- fs/afs/rxrpc.c | 2 +- fs/btrfs/delalloc-space.c | 2 +- fs/btrfs/extent_io.c | 3 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 16 +- fs/btrfs/ioctl.c | 9 + fs/btrfs/ordered-data.c | 11 +- fs/btrfs/qgroup.c | 25 ++- fs/btrfs/qgroup.h | 4 +- fs/ext4/file.c | 14 +- fs/ext4/mballoc.c | 4 + fs/fuse/dax.c | 1 + fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 19 +- fs/fuse/inode.c | 81 ++++++- fs/nfsd/auth.c | 4 - fs/nfsd/nfssvc.c | 1 - fs/nfsd/vfs.c | 9 +- fs/open.c | 3 - fs/smb/client/cached_dir.c | 17 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/cifspdu.h | 4 +- fs/smb/client/cifsproto.h | 11 +- fs/smb/client/cifssmb.c | 191 +++++++--------- fs/smb/client/inode.c | 74 ++++-- fs/smb/client/readdir.c | 6 +- fs/smb/client/smb1ops.c | 73 ++---- fs/smb/client/smb2inode.c | 2 +- fs/smb/client/smb2misc.c | 26 +-- fs/smb/client/smb2ops.c | 176 ++++++++------- fs/smb/client/smb2pdu.c | 95 ++++---- fs/smb/client/smb2proto.h | 12 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/smb2pdu.c | 1 + fs/tracefs/inode.c | 13 +- include/asm-generic/qspinlock.h | 2 +- include/linux/cred.h | 58 +---- include/linux/mlx5/device.h | 2 + include/linux/mlx5/driver.h | 2 + include/linux/mlx5/mlx5_ifc.h | 9 +- include/linux/mm_inline.h | 23 +- include/linux/mmzone.h | 34 +-- include/linux/objtool.h | 10 +- include/linux/pci.h | 3 + include/linux/usb/r8152.h | 1 + include/net/addrconf.h | 12 +- include/net/if_inet6.h | 4 - include/net/netfilter/nf_flow_table.h | 10 + include/uapi/linux/fuse.h | 10 +- io_uring/uring_cmd.c | 2 +- kernel/Kconfig.kexec | 1 - kernel/cred.c | 248 +++------------------ kernel/events/core.c | 10 + kernel/exit.c | 3 - kernel/trace/ring_buffer.c | 58 ++--- kernel/trace/trace.c | 4 +- lib/Kconfig.debug | 15 -- mm/shmem.c | 19 +- mm/vmscan.c | 92 +++++--- mm/workingset.c | 6 +- net/appletalk/ddp.c | 9 +- net/atm/ioctl.c | 7 +- net/ipv4/tcp_output.c | 6 + net/ipv6/addrconf.c | 6 +- net/rose/af_rose.c | 4 +- net/rxrpc/conn_client.c | 7 +- net/sched/act_ct.c | 34 ++- net/sunrpc/auth.c | 3 - net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/checkstack.pl | 3 +- scripts/sign-file.c | 12 +- security/selinux/hooks.c | 6 - sound/pci/hda/patch_hdmi.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/pci/hda/tas2781_hda_i2c.c | 21 +- tools/objtool/noreturns.h | 1 - tools/testing/selftests/Makefile | 21 +- tools/testing/selftests/bpf/config.x86_64 | 1 - tools/testing/selftests/bpf/progs/bpf_loop_bench.c | 13 +- tools/testing/selftests/hid/config.common | 1 - tools/testing/selftests/lib.mk | 40 +--- tools/testing/selftests/mm/cow.c | 3 +- 194 files changed, 2164 insertions(+), 1607 deletions(-)

7 months, 1 week

13
179
0 0

[PATCH 1/1] nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM173X

by Saeed Mirzamohammadi

This adds a quirk to fix the Samsung PM1733a and PM173X reporting bogus eui64 so they are not marked as "non globally unique" duplicates. Cc: <stable(a)vger.kernel.org> Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi(a)oracle.com> --- drivers/nvme/host/pci.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 5b95c94ee40f2..c0b1caba1c893 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -3359,6 +3359,10 @@ static const struct pci_device_id nvme_id_table[] = { .driver_data = NVME_QUIRK_DELAY_BEFORE_CHK_RDY | NVME_QUIRK_DISABLE_WRITE_ZEROES| NVME_QUIRK_IGNORE_DEV_SUBNQN, }, + { PCI_DEVICE(0x144d, 0xa824), /* Samsung PM173X */ + .driver_data = NVME_QUIRK_BOGUS_NID, }, + { PCI_DEVICE(0x144d, 0xa825), /* Samsung PM1733a */ + .driver_data = NVME_QUIRK_BOGUS_NID, }, { PCI_DEVICE(0x1987, 0x5012), /* Phison E12 */ .driver_data = NVME_QUIRK_BOGUS_NID, }, { PCI_DEVICE(0x1987, 0x5016), /* Phison E16 */ -- 2.39.2

7 months, 2 weeks

6
13
0 0

[PATCH 6.1 1/1] tls: fix race between tx work scheduling and socket close

by Lee Jones

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb ] Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. Reported-by: valis <sec(a)valis.email> Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit 6db22d6c7a6dc914b12c0469b94eb639b6a8a146) [Lee: Fixed merge-conflict in Stable branches linux-6.1.y and older] Signed-off-by: Lee Jones <lee(a)kernel.org> --- net/tls/tls_sw.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2bd27b77769cb..d53587ff9ddea 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -449,7 +449,6 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err) struct scatterlist *sge; struct sk_msg *msg_en; struct tls_rec *rec; - bool ready = false; struct sock *sk; rec = container_of(aead_req, struct tls_rec, aead_req); @@ -486,19 +485,16 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err) /* If received record is at head of tx_list, schedule tx */ first_rec = list_first_entry(&ctx->tx_list, struct tls_rec, list); - if (rec == first_rec) - ready = true; + if (rec == first_rec) { + /* Schedule the transmission */ + if (!test_and_set_bit(BIT_TX_SCHEDULED, + &ctx->tx_bitmask)) + schedule_delayed_work(&ctx->tx_work.work, 1); + } } if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - - if (!ready) - return; - - /* Schedule the transmission */ - if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) - schedule_delayed_work(&ctx->tx_work.work, 1); } static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) -- 2.44.0.278.ge034bb2e1d-goog

8 months

5
8
0 0

[PATCH 1/3] drm/amdgpu: Forward soft recovery errors to userspace

by Joshua Ashton

As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ Signed-off-by: Joshua Ashton <joshua(a)froggi.es> Cc: Friedrich Vock <friedrich.vock(a)gmx.de> Cc: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> Cc: Christian König <christian.koenig(a)amd.com> Cc: André Almeida <andrealmeid(a)igalia.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c index 4b3000c21ef2..aebf59855e9f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c @@ -262,9 +262,8 @@ amdgpu_job_prepare_job(struct drm_sched_job *sched_job, struct dma_fence *fence = NULL; int r; - /* Ignore soft recovered fences here */ r = drm_sched_entity_error(s_entity); - if (r && r != -ENODATA) + if (r) goto error; if (!fence && job->gang_submit) -- 2.44.0

8 months, 2 weeks

5
10
0 0

[PATCH] drm/edid: add a quirk for two 240Hz Samsung monitors

by Hamza Mahfooz

Without this fix the 5120x1440@240 timing of these monitors leads to screen flickering. Cc: stable(a)vger.kernel.org # 6.1+ Link: https://gitlab.freedesktop.org/drm/amd/-/issues/1442 Co-developed-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- drivers/gpu/drm/drm_edid.c | 47 +++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index bca2af4fe1fc..3fdb8907f66b 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -89,6 +89,8 @@ static int oui(u8 first, u8 second, u8 third) #define EDID_QUIRK_NON_DESKTOP (1 << 12) /* Cap the DSC target bitrate to 15bpp */ #define EDID_QUIRK_CAP_DSC_15BPP (1 << 13) +/* Fix up a particular 5120x1440@240Hz timing */ +#define EDID_QUIRK_FIXUP_5120_1440_240 (1 << 14) #define MICROSOFT_IEEE_OUI 0xca125c @@ -170,6 +172,12 @@ static const struct edid_quirk { EDID_QUIRK('S', 'A', 'M', 596, EDID_QUIRK_PREFER_LARGE_60), EDID_QUIRK('S', 'A', 'M', 638, EDID_QUIRK_PREFER_LARGE_60), + /* Samsung C49G95T */ + EDID_QUIRK('S', 'A', 'M', 0x7053, EDID_QUIRK_FIXUP_5120_1440_240), + + /* Samsung S49AG95 */ + EDID_QUIRK('S', 'A', 'M', 0x71ac, EDID_QUIRK_FIXUP_5120_1440_240), + /* Sony PVM-2541A does up to 12 bpc, but only reports max 8 bpc */ EDID_QUIRK('S', 'N', 'Y', 0x2541, EDID_QUIRK_FORCE_12BPC), @@ -6586,7 +6594,37 @@ static void update_display_info(struct drm_connector *connector, drm_edid_to_eld(connector, drm_edid); } -static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *dev, +static void drm_mode_displayid_detailed_edid_quirks(struct drm_connector *connector, + struct drm_display_mode *mode) +{ + unsigned int hsync_width; + unsigned int vsync_width; + + if (connector->display_info.quirks & EDID_QUIRK_FIXUP_5120_1440_240) { + if (mode->hdisplay == 5120 && mode->vdisplay == 1440 && + mode->clock == 1939490) { + hsync_width = mode->hsync_end - mode->hsync_start; + vsync_width = mode->vsync_end - mode->vsync_start; + + mode->clock = 2018490; + mode->hdisplay = 5120; + mode->hsync_start = 5120 + 8; + mode->hsync_end = 5120 + 8 + hsync_width; + mode->htotal = 5200; + + mode->vdisplay = 1440; + mode->vsync_start = 1440 + 165; + mode->vsync_end = 1440 + 165 + vsync_width; + mode->vtotal = 1619; + + drm_dbg_kms(connector->dev, + "[CONNECTOR:%d:%s] Samsung 240Hz mode quirk applied\n", + connector->base.id, connector->name); + } + } +} + +static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_connector *connector, struct displayid_detailed_timings_1 *timings, bool type_7) { @@ -6605,7 +6643,7 @@ static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *d bool hsync_positive = (timings->hsync[1] >> 7) & 0x1; bool vsync_positive = (timings->vsync[1] >> 7) & 0x1; - mode = drm_mode_create(dev); + mode = drm_mode_create(connector->dev); if (!mode) return NULL; @@ -6628,6 +6666,9 @@ static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *d if (timings->flags & 0x80) mode->type |= DRM_MODE_TYPE_PREFERRED; + + drm_mode_displayid_detailed_edid_quirks(connector, mode); + drm_mode_set_name(mode); return mode; @@ -6650,7 +6691,7 @@ static int add_displayid_detailed_1_modes(struct drm_connector *connector, for (i = 0; i < num_timings; i++) { struct displayid_detailed_timings_1 *timings = &det->timings[i]; - newmode = drm_mode_displayid_detailed(connector->dev, timings, type_7); + newmode = drm_mode_displayid_detailed(connector, timings, type_7); if (!newmode) continue; -- 2.42.0

9 months

4
5
0 0

[PATCH] usb: gadget: u_serial: Add null pointer checks after RX/TX submission

by Kuen-Han Tsai

Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't fully fix the potential null pointer dereference issue. While gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx() and gs_start_tx() release the lock during endpoint request submission. This creates a window where gs_close() could set port->port_tty to NULL, leading to a dereference when the lock is reacquired. This patch adds a null pointer check for port->port_tty after RX/TX submission, and removes the initial null pointer check in gs_start_io() since the caller must hold port_lock and guarantee non-null values for port_usb and port_tty. Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") Cc: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- Explanation: CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port_tty and unlock gs_start_rx() // lock tty_wakeup() // dereference Stack traces: [ 51.494375][ T278] ttyGS1: shutdown [ 51.494817][ T269] android_work: sent uevent USB_STATE=DISCONNECTED [ 52.115792][ T1508] usb: [dm_bind] generic ttyGS1: super speed IN/ep1in OUT/ep1out [ 52.516288][ T1026] android_work: sent uevent USB_STATE=CONNECTED [ 52.551667][ T1533] gserial_connect: start ttyGS1 [ 52.565634][ T1533] [khtsai] enter gs_start_io, ttyGS1, port->port.tty=0000000046bd4060 [ 52.565671][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.591552][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.619901][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.638659][ T1325] [khtsai] gs_close, lock port ttyGS1 [ 52.656842][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) ... [ 52.683005][ T1325] [khtsai] gs_close, clear ttyGS1 [ 52.683007][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) done! [ 52.708643][ T1325] [khtsai] gs_close, unlock port ttyGS1 [ 52.747592][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.747616][ T1533] [khtsai] gs_start_io, ttyGS1, going to call tty_wakeup(), port->port.tty=0000000000000000 [ 52.747629][ T1533] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001f8 --- drivers/usb/gadget/function/u_serial.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index a92eb6d90976..2f1890c8f473 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -539,20 +539,16 @@ static int gs_alloc_requests(struct usb_ep *ep, struct list_head *head, static int gs_start_io(struct gs_port *port) { struct list_head *head = &port->read_pool; - struct usb_ep *ep; + struct usb_ep *ep = port->port_usb->out; int status; unsigned started; - if (!port->port_usb || !port->port.tty) - return -EIO; - /* Allocate RX and TX I/O buffers. We can't easily do this much * earlier (with GFP_KERNEL) because the requests are coupled to * endpoints, as are the packet sizes we'll be using. Different * configurations may use different endpoints with a given port; * and high speed vs full speed changes packet sizes too. */ - ep = port->port_usb->out; status = gs_alloc_requests(ep, head, gs_read_complete, &port->read_allocated); if (status) @@ -569,12 +565,22 @@ static int gs_start_io(struct gs_port *port) port->n_read = 0; started = gs_start_rx(port); + /* + * The TTY may be set to NULL by gs_close() after gs_start_rx() or + * gs_start_tx() release locks for endpoint request submission. + */ + if (!port->port.tty) + goto out; + if (started) { gs_start_tx(port); /* Unblock any pending writes into our circular buffer, in case * we didn't in gs_start_tx() */ + if (!port->port.tty) + goto out; tty_wakeup(port->port.tty); } else { +out: gs_free_requests(ep, head, &port->read_allocated); gs_free_requests(port->port_usb->in, &port->write_pool, &port->write_allocated); -- 2.43.0.275.g3460e3d667-goog

9 months

3
7
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b321c31c9b7b309dcde5e8854b741c8e6a9a05f0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072323-trident-unturned-7999@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b321c31c9b7b ("KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption") 0c2f9acf6ae7 ("KVM: arm64: PMU: Don't overwrite PMUSERENR with vcpu loaded") 8681f7175901 ("KVM: arm64: PMU: Restore the host's PMUSERENR_EL0") 009d6dc87a56 ("ARM: perf: Allow the use of the PMUv3 driver on 32bit ARM") 711432770f78 ("perf: pmuv3: Abstract PMU version checks") df29ddf4f04b ("arm64: perf: Abstract system register accesses away") 7755cec63ade ("arm64: perf: Move PMUv3 driver to drivers/perf") cc91b9481605 ("arm64/perf: Replace PMU version number '0' with ID_AA64DFR0_EL1_PMUVer_NI") 4151bb636acf ("KVM: arm64: Fix SMPRI_EL1/TPIDR2_EL0 trapping on VHE") bb0cca240a16 ("Merge branch kvm-arm64/single-step-async-exception into kvmarm-master/next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b321c31c9b7b309dcde5e8854b741c8e6a9a05f0 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <maz(a)kernel.org> Date: Thu, 13 Jul 2023 08:06:57 +0100 Subject: [PATCH] KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Xiang reports that VMs occasionally fail to boot on GICv4.1 systems when running a preemptible kernel, as it is possible that a vCPU is blocked without requesting a doorbell interrupt. The issue is that any preemption that occurs between vgic_v4_put() and schedule() on the block path will mark the vPE as nonresident and *not* request a doorbell irq. This occurs because when the vcpu thread is resumed on its way to block, vcpu_load() will make the vPE resident again. Once the vcpu actually blocks, we don't request a doorbell anymore, and the vcpu won't be woken up on interrupt delivery. Fix it by tracking that we're entering WFI, and key the doorbell request on that flag. This allows us not to make the vPE resident when going through a preempt/schedule cycle, meaning we don't lose any state. Cc: stable(a)vger.kernel.org Fixes: 8e01d9a396e6 ("KVM: arm64: vgic-v4: Move the GICv4 residency flow to be driven by vcpu_load/put") Reported-by: Xiang Chen <chenxiang66(a)hisilicon.com> Suggested-by: Zenghui Yu <yuzenghui(a)huawei.com> Tested-by: Xiang Chen <chenxiang66(a)hisilicon.com> Co-developed-by: Oliver Upton <oliver.upton(a)linux.dev> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Acked-by: Zenghui Yu <yuzenghui(a)huawei.com> Link: https://lore.kernel.org/r/20230713070657.3873244-1-maz@kernel.org Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 8b6096753740..d3dd05bbfe23 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -727,6 +727,8 @@ struct kvm_vcpu_arch { #define DBG_SS_ACTIVE_PENDING __vcpu_single_flag(sflags, BIT(5)) /* PMUSERENR for the guest EL0 is on physical CPU */ #define PMUSERENR_ON_CPU __vcpu_single_flag(sflags, BIT(6)) +/* WFI instruction trapped */ +#define IN_WFI __vcpu_single_flag(sflags, BIT(7)) /* Pointer to the vcpu's SVE FFR for sve_{save,load}_state() */ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index a402ea5511f3..72dc53a75d1c 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -718,13 +718,15 @@ void kvm_vcpu_wfi(struct kvm_vcpu *vcpu) */ preempt_disable(); kvm_vgic_vmcr_sync(vcpu); - vgic_v4_put(vcpu, true); + vcpu_set_flag(vcpu, IN_WFI); + vgic_v4_put(vcpu); preempt_enable(); kvm_vcpu_halt(vcpu); vcpu_clear_flag(vcpu, IN_WFIT); preempt_disable(); + vcpu_clear_flag(vcpu, IN_WFI); vgic_v4_load(vcpu); preempt_enable(); } @@ -792,7 +794,7 @@ static int check_vcpu_requests(struct kvm_vcpu *vcpu) if (kvm_check_request(KVM_REQ_RELOAD_GICv4, vcpu)) { /* The distributor enable bits were changed */ preempt_disable(); - vgic_v4_put(vcpu, false); + vgic_v4_put(vcpu); vgic_v4_load(vcpu); preempt_enable(); } diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c index c3b8e132d599..3dfc8b84e03e 100644 --- a/arch/arm64/kvm/vgic/vgic-v3.c +++ b/arch/arm64/kvm/vgic/vgic-v3.c @@ -749,7 +749,7 @@ void vgic_v3_put(struct kvm_vcpu *vcpu) { struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.vgic_v3; - WARN_ON(vgic_v4_put(vcpu, false)); + WARN_ON(vgic_v4_put(vcpu)); vgic_v3_vmcr_sync(vcpu); diff --git a/arch/arm64/kvm/vgic/vgic-v4.c b/arch/arm64/kvm/vgic/vgic-v4.c index c1c28fe680ba..339a55194b2c 100644 --- a/arch/arm64/kvm/vgic/vgic-v4.c +++ b/arch/arm64/kvm/vgic/vgic-v4.c @@ -336,14 +336,14 @@ void vgic_v4_teardown(struct kvm *kvm) its_vm->vpes = NULL; } -int vgic_v4_put(struct kvm_vcpu *vcpu, bool need_db) +int vgic_v4_put(struct kvm_vcpu *vcpu) { struct its_vpe *vpe = &vcpu->arch.vgic_cpu.vgic_v3.its_vpe; if (!vgic_supports_direct_msis(vcpu->kvm) || !vpe->resident) return 0; - return its_make_vpe_non_resident(vpe, need_db); + return its_make_vpe_non_resident(vpe, !!vcpu_get_flag(vcpu, IN_WFI)); } int vgic_v4_load(struct kvm_vcpu *vcpu) @@ -354,6 +354,9 @@ int vgic_v4_load(struct kvm_vcpu *vcpu) if (!vgic_supports_direct_msis(vcpu->kvm) || vpe->resident) return 0; + if (vcpu_get_flag(vcpu, IN_WFI)) + return 0; + /* * Before making the VPE resident, make sure the redistributor * corresponding to our current CPU expects us here. See the diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h index 402b545959af..5b27f94d4fad 100644 --- a/include/kvm/arm_vgic.h +++ b/include/kvm/arm_vgic.h @@ -431,7 +431,7 @@ int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int irq, int vgic_v4_load(struct kvm_vcpu *vcpu); void vgic_v4_commit(struct kvm_vcpu *vcpu); -int vgic_v4_put(struct kvm_vcpu *vcpu, bool need_db); +int vgic_v4_put(struct kvm_vcpu *vcpu); /* CPU HP callbacks */ void kvm_vgic_cpu_up(void);

9 months, 2 weeks

4
3
0 0

[PATCH 6.1.y v2 0/6] BPF selftests fixes for 6.1 branch

by Eduard Zingerman

Recently Luiz Capitulino reported BPF test failure for kernel version 6.1.36 (see [7]). The following test_verifier test failed: "precise: ST insn causing spi > allocated_stack". After back-port of the following upstream commit: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction") Investigation in [8] shows that test failure is not a bug, but a difference in BPF verifier behavior between upstream, where commits [1,2,3] by Andrii Nakryiko are present, and 6.1.36, where these commits are absent. Both Luiz and Greg suggested back-porting [1,2,3] from upstream to avoid divergences. Commits [1,2,3] break test_progs selftest "align/packet variable offset", commit [4] fixes this selftest. I did some additional testing using the following compiler versions: - Kernel compilation - gcc version 11.3.0 - BPF tests compilation - clang version 16.0.6 - clang version 17.0.0 (fa46feb31481) And identified a few more failing BPF selftests: - Tests failing with LLVM 16: - test_verifier: - precise: ST insn causing spi > allocated_stack FAIL (fixed by [1,2,3]) - test_progs: - sk_assign (fixed by [6]) - Tests failing with LLVM 17: - test_verifier: - precise: ST insn causing spi > allocated_stack FAIL (fixed by [1,2,3]) - test_progs: - fexit_bpf2bpf/func_replace_verify (fixed by [5]) - fexit_bpf2bpf/func_replace_return_code (fixed by [5]) - sk_assign (fixed by [6]) Commits [4,5,6] only apply to BPF selftests and don't change verifier behavior. After applying all of the listed commits I have test_verifier, test_progs, test_progs-no_alu32 and test_maps passing on my x86 setup, both for LLVM 16 and LLVM 17. Upstream commits in chronological order: [1] be2ef8161572 ("bpf: allow precision tracking for programs with subprogs") [2] f63181b6ae79 ("bpf: stop setting precise in current state") [3] 7a830b53c17b ("bpf: aggressively forget precise markings during state checkpointing") [4] 4f999b767769 ("selftests/bpf: make test_align selftest more robust") [5] 63d78b7e8ca2 ("selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code") [6] 7ce878ca81bc ("selftests/bpf: Fix sk_assign on s390x") Links: [7] https://lore.kernel.org/stable/935c4751-d368-df29-33a6-9f4fcae720fa@amazon.… [8] https://lore.kernel.org/stable/c9b10a8a551edafdfec855fbd35757c6238ad258.cam… Changelog: V1 -> V2: added missing signed-off-by tags V1: https://lore.kernel.org/stable/20230722004514.767618-1-eddyz87@gmail.com/ Reported-by: Luiz Capitulino <luizcap(a)amazon.com> Andrii Nakryiko (4): bpf: allow precision tracking for programs with subprogs bpf: stop setting precise in current state bpf: aggressively forget precise markings during state checkpointing selftests/bpf: make test_align selftest more robust Ilya Leoshkevich (1): selftests/bpf: Fix sk_assign on s390x Yonghong Song (1): selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code kernel/bpf/verifier.c | 202 ++++++++++++++++-- .../testing/selftests/bpf/prog_tests/align.c | 38 ++-- .../selftests/bpf/prog_tests/sk_assign.c | 25 ++- .../selftests/bpf/progs/connect4_prog.c | 2 +- .../selftests/bpf/progs/test_sk_assign.c | 11 + .../bpf/progs/test_sk_assign_libbpf.c | 3 + 6 files changed, 247 insertions(+), 34 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_sk_assign_libbpf.c -- 2.41.0

9 months, 2 weeks

4
9
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2024