June 2024 - Linux-stable-mirror

[PATCH v2] kcov: don't lose track of remote references during softirqs

by Aleksandr Nogikh

In kcov_remote_start()/kcov_remote_stop(), we swap the previous KCOV metadata of the current task into a per-CPU variable. However, the kcov_mode_enabled(mode) check is not sufficient in the case of remote KCOV coverage: current->kcov_mode always remains KCOV_MODE_DISABLED for remote KCOV objects. If the original task that has invoked the KCOV_REMOTE_ENABLE ioctl happens to get interrupted and kcov_remote_start() is called, it ultimately leads to kcov_remote_stop() NOT restoring the original KCOV reference. So when the task exits, all registered remote KCOV handles remain active forever. Fix it by introducing a special kcov_mode that is assigned to the task that owns a KCOV remote object. It makes kcov_mode_enabled() return true and yet does not trigger coverage collection in __sanitizer_cov_trace_pc() and write_comp_data(). Cc: stable(a)vger.kernel.org Signed-off-by: Aleksandr Nogikh <nogikh(a)google.com> Reviewed-by: Dmitry Vyukov <dvyukov(a)google.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)gmail.com> Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") --- Changes v1 -> v2: * Replaced WRITE_ONCE() with an ordinary assignment. * Added stable(a)vger.kernel.org to the Cc list. --- include/linux/kcov.h | 2 ++ kernel/kcov.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/linux/kcov.h b/include/linux/kcov.h index b851ba415e03..3b479a3d235a 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h @@ -21,6 +21,8 @@ enum kcov_mode { KCOV_MODE_TRACE_PC = 2, /* Collecting comparison operands mode. */ KCOV_MODE_TRACE_CMP = 3, + /* The process owns a KCOV remote reference. */ + KCOV_MODE_REMOTE = 4, }; #define KCOV_IN_CTXSW (1 << 30) diff --git a/kernel/kcov.c b/kernel/kcov.c index c3124f6d5536..f0a69d402066 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -632,6 +632,7 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd, return -EINVAL; kcov->mode = mode; t->kcov = kcov; + t->kcov_mode = KCOV_MODE_REMOTE; kcov->t = t; kcov->remote = true; kcov->remote_size = remote_arg->area_size; -- 2.45.2.627.g7a2c4fd464-goog

10 months, 3 weeks

1
0
0 0

[GIT PULL] memblock:fix validation of NUMA coverage

by Mike Rapoport

Hi Linus, The following changes since commit 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0: Linux 6.10-rc1 (2024-05-26 15:20:12 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock for you to fetch changes up to 3ac36aa7307363b7247ccb6f6a804e11496b2b36: x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() (2024-06-06 22:20:39 +0300) ---------------------------------------------------------------- Jan Beulich (2): memblock: make memblock_set_node() also warn about use of MAX_NUMNODES x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() arch/x86/mm/numa.c | 6 +++--- mm/memblock.c | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) -- Sincerely yours, Mike.

10 months, 3 weeks

4
7
0 0

[PATCH] net: do not leave dangling sk pointer in inet_create()/inet6_create()

by Ignat Korchagin

It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_cookie() helper * running traceroute -I 1.1.1.1 on a freshly booted VM A KASAN enabled kernel will log something like below (decoded): [ 78.328507][ T299] ================================================================== [ 78.329018][ T299] BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] Read of size 8 at addr ffff888007110dd8 by task traceroute/299 [ 78.329366][ T299] [ 78.329366][ T299] CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 [ 78.329366][ T299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 78.329366][ T299] Call Trace: [ 78.329366][ T299] <TASK> [ 78.329366][ T299] dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) [ 78.329366][ T299] print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_report (mm/kasan/report.c:603) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) [ 78.329366][ T299] __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) [ 78.329366][ T299] bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e [ 78.329366][ T299] bpf_trampoline_6442506592+0x47/0xaf [ 78.329366][ T299] __sock_release (net/socket.c:652) [ 78.329366][ T299] __sock_create (net/socket.c:1601) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] ? __pfx___sys_socket (net/socket.c:1702) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] ? up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1347 kernel/locking/rwsem.c:1622) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] ? do_user_addr_fault (arch/x86/mm/fault.c:1419) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] RIP: 0033:0x7f4022818ca7 [ 78.329366][ T299] Code: 73 01 c3 48 8b 0d 59 71 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 29 71 0c 00 f7 d8 64 89 01 48 All code ======== 0: 73 01 jae 0x3 2: c3 ret 3: 48 8b 0d 59 71 0c 00 mov 0xc7159(%rip),%rcx # 0xc7163 a: f7 d8 neg %eax c: 64 89 01 mov %eax,%fs:(%rcx) f: 48 83 c8 ff or $0xffffffffffffffff,%rax 13: c3 ret 14: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1b: 00 00 00 1e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 23: b8 29 00 00 00 mov $0x29,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 29 71 0c 00 mov 0xc7129(%rip),%rcx # 0xc7163 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 29 71 0c 00 mov 0xc7129(%rip),%rcx # 0xc7139 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W [ 78.329366][ T299] RSP: 002b:00007ffd57e63db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 78.329366][ T299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4022818ca7 [ 78.329366][ T299] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 0000000000000002 [ 78.329366][ T299] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000564be3dc8ec0 [ 78.329366][ T299] R10: 0c41e8ba3f6107df R11: 0000000000000246 R12: 0000564bbab801e0 [ 78.329366][ T299] R13: 0000000000000000 R14: 0000564bbab7db18 R15: 00007f4022934020 [ 78.329366][ T299] </TASK> [ 78.329366][ T299] [ 78.329366][ T299] Allocated by task 299 on cpu 2 at 78.328492s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) [ 78.329366][ T299] kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) [ 78.329366][ T299] sk_prot_alloc (net/core/sock.c:2075) [ 78.329366][ T299] sk_alloc (net/core/sock.c:2134) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] [ 78.329366][ T299] Freed by task 299 on cpu 2 at 78.328502s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] kasan_save_free_info (mm/kasan/generic.c:582) [ 78.329366][ T299] poison_slab_object (mm/kasan/common.c:242) [ 78.329366][ T299] __kasan_slab_free (mm/kasan/common.c:256) [ 78.329366][ T299] kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) [ 78.329366][ T299] __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] [ 78.329366][ T299] The buggy address belongs to the object at ffff888007110d80 [ 78.329366][ T299] which belongs to the cache PING of size 976 [ 78.329366][ T299] The buggy address is located 88 bytes inside of [ 78.329366][ T299] freed 976-byte region [ffff888007110d80, ffff888007111150) [ 78.329366][ T299] [ 78.329366][ T299] The buggy address belongs to the physical page: [ 78.329366][ T299] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7110 [ 78.329366][ T299] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 78.329366][ T299] flags: 0x1ffff800000040(head|node=0|zone=1|lastcpupid=0x1ffff) [ 78.329366][ T299] page_type: 0xffffefff(slab) [ 78.329366][ T299] raw: 001ffff800000040 ffff888002f328c0 dead000000000122 0000000000000000 [ 78.329366][ T299] raw: 0000000000000000 00000000801c001c 00000001ffffefff 0000000000000000 [ 78.329366][ T299] head: 001ffff800000040 ffff888002f328c0 dead000000000122 0000000000000000 [ 78.329366][ T299] head: 0000000000000000 00000000801c001c 00000001ffffefff 0000000000000000 [ 78.329366][ T299] head: 001ffff800000003 ffffea00001c4401 ffffffffffffffff 0000000000000000 [ 78.329366][ T299] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 78.329366][ T299] page dumped because: kasan: bad access detected [ 78.329366][ T299] [ 78.329366][ T299] Memory state around the buggy address: [ 78.329366][ T299] ffff888007110c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.329366][ T299] ffff888007110d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.329366][ T299] >ffff888007110d80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ^ [ 78.329366][ T299] ffff888007110e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ffff888007110e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ================================================================== [ 78.366431][ T299] Disabling lock debugging due to kernel taint Fix this by ensuring the error path of inet_create()/inet6_create do not leave a dangling sk pointer after sk was released. Fixes: 086c653f5862 ("sock: struct proto hash function may error") Fixes: 610236587600 ("bpf: Add new cgroup attach type to enable sock modifications") Cc: stable(a)vger.kernel.org Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> --- net/ipv4/af_inet.c | 3 +++ net/ipv6/af_inet6.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index b24d74616637..db53701db29e 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -378,6 +378,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->hash(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -386,6 +387,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->init(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -394,6 +396,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 8041dc181bd4..6d5ebb2af928 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -254,6 +254,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->hash(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -261,6 +262,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->init(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -269,6 +271,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } -- 2.39.2

10 months, 3 weeks

2
4
0 0

[PATCH v2] kasan: fix bad call to unpoison_slab_object

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Commit 29d7355a9d05 ("kasan: save alloc stack traces for mempool") messed up one of the calls to unpoison_slab_object: the last two arguments are supposed to be GFP flags and whether to init the object memory. Fix the call. Without this fix, __kasan_mempool_unpoison_object provides the object's size as GFP flags to unpoison_slab_object, which can cause LOCKDEP reports (and probably other issues). Fixes: 29d7355a9d05 ("kasan: save alloc stack traces for mempool") Reported-by: Brad Spengler <spender(a)grsecurity.net> Cc: stable(a)vger.kernel.org Acked-by: Marco Elver <elver(a)google.com> Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changes v1->v2: - Fix typo in commit message. - CC stable. --- mm/kasan/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index e7c9a4dc89f8..85e7c6b4575c 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -532,7 +532,7 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) return; /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ - unpoison_slab_object(slab->slab_cache, ptr, size, flags); + unpoison_slab_object(slab->slab_cache, ptr, flags, false); /* Poison the redzone and save alloc info for kmalloc() allocations. */ if (is_kmalloc_cache(slab->slab_cache)) -- 2.25.1

10 months, 3 weeks

1
0
0 0

[PATCH v2 1/2] drm/i915/mso: using joiner is not possible with eDP MSO

by Jani Nikula

It's not possible to use the joiner at the same time with eDP MSO. When a panel needs MSO, it's not optional, so MSO trumps joiner. While just reporting false for intel_dp_has_joiner() should be sufficient, also skip creation of the joiner force enable debugfs to better handle this in testing. Cc: stable(a)vger.kernel.org Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1668 Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_display_debugfs.c | 8 ++++++-- drivers/gpu/drm/i915/display/intel_dp.c | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_debugfs.c b/drivers/gpu/drm/i915/display/intel_display_debugfs.c index 91757fed9c6d..5eb31404436c 100644 --- a/drivers/gpu/drm/i915/display/intel_display_debugfs.c +++ b/drivers/gpu/drm/i915/display/intel_display_debugfs.c @@ -1546,8 +1546,12 @@ void intel_connector_debugfs_add(struct intel_connector *connector) if (DISPLAY_VER(i915) >= 11 && (connector_type == DRM_MODE_CONNECTOR_DisplayPort || connector_type == DRM_MODE_CONNECTOR_eDP)) { - debugfs_create_bool("i915_bigjoiner_force_enable", 0644, root, - &connector->force_bigjoiner_enable); + struct intel_dp *intel_dp = intel_attached_dp(connector); + + /* eDP MSO is not compatible with joiner */ + if (!intel_dp->mso_link_count) + debugfs_create_bool("i915_bigjoiner_force_enable", 0644, root, + &connector->force_bigjoiner_enable); } if (connector_type == DRM_MODE_CONNECTOR_DSI || diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 9a9bb0f5b7fe..ab33c9de393a 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -465,6 +465,10 @@ bool intel_dp_has_joiner(struct intel_dp *intel_dp) struct intel_encoder *encoder = &intel_dig_port->base; struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); + /* eDP MSO is not compatible with joiner */ + if (intel_dp->mso_link_count) + return false; + return DISPLAY_VER(dev_priv) >= 12 || (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A); -- 2.39.2

10 months, 3 weeks

2
2
0 0

Please backport 2d43cc701b96 to v6.9 and v6.6

by Michael Ellerman

Hi stable team, Can you please backport: 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") To v6.9 and v6.6. It was marked for backporting, but hasn't been picked up AFAICS. I'm not sure if it clashed with the asm_goto_output changes or something. But it backports cleanly to the current stable branches. It needs a custom backport for earlier kernels, I'll send those. cheers

10 months, 3 weeks

2
2
0 0

[PATCH v6.1] powerpc/uaccess: Fix build errors seen with GCC 13/14

by Michael Ellerman

commit 2d43cc701b96f910f50915ac4c2a0cae5deb734c upstream. Building ppc64le_defconfig with GCC 14 fails with assembler errors: CC fs/readdir.o /tmp/ccdQn0mD.s: Assembler messages: /tmp/ccdQn0mD.s:212: Error: operand out of domain (18 is not a multiple of 4) /tmp/ccdQn0mD.s:226: Error: operand out of domain (18 is not a multiple of 4) ... [6 lines] /tmp/ccdQn0mD.s:1699: Error: operand out of domain (18 is not a multiple of 4) A snippet of the asm shows: # ../fs/readdir.c:210: unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); ld 9,0(29) # MEM[(u64 *)name_38(D) + _88 * 1], MEM[(u64 *)name_38(D) + _88 * 1] # 210 "../fs/readdir.c" 1 1: std 9,18(8) # put_user # *__pus_addr_52, MEM[(u64 *)name_38(D) + _88 * 1] The 'std' instruction requires a 4-byte aligned displacement because it is a DS-form instruction, and as the assembler says, 18 is not a multiple of 4. A similar error is seen with GCC 13 and CONFIG_UBSAN_SIGNED_WRAP=y. The fix is to change the constraint on the memory operand to put_user(), from "m" which is a general memory reference to "YZ". The "Z" constraint is documented in the GCC manual PowerPC machine constraints, and specifies a "memory operand accessed with indexed or indirect addressing". "Y" is not documented in the manual but specifies a "memory operand for a DS-form instruction". Using both allows the compiler to generate a DS-form "std" or X-form "stdx" as appropriate. Unfortunately clang doesn't support the "Y" constraint so that has to be behind an ifdef. Although the build error is only seen with GCC 13/14, that appears to just be luck. The constraint has been incorrect since it was first added. Fixes: c20beffeec3c ("powerpc/uaccess: Use flexible addressing with __put_user()/__get_user()") Suggested-by: Kewen Lin <linkw(a)gcc.gnu.org> [mpe: Drop CONFIG_PPC_KERNEL_PREFIXED ifdef for backport] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240529123029.146953-1-mpe@ellerman.id.au --- arch/powerpc/include/asm/uaccess.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 45d4c9cf3f3a..661046150e49 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -80,9 +80,20 @@ __pu_failed: \ : \ : label) +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #ifdef __powerpc64__ -#define __put_user_asm2_goto(x, ptr, label) \ - __put_user_asm_goto(x, ptr, label, "std") +#define __put_user_asm2_goto(x, addr, label) \ + asm goto ("1: std%U1%X1 %0,%1 # put_user\n" \ + EX_TABLE(1b, %l2) \ + : \ + : "r" (x), DS_FORM_CONSTRAINT (*addr) \ + : \ + : label) #else /* __powerpc64__ */ #define __put_user_asm2_goto(x, addr, label) \ asm goto( \ -- 2.45.1

10 months, 3 weeks

1
0
0 0

[PATCH v5.15] powerpc/uaccess: Fix build errors seen with GCC 13/14

by Michael Ellerman

commit 2d43cc701b96f910f50915ac4c2a0cae5deb734c upstream. Building ppc64le_defconfig with GCC 14 fails with assembler errors: CC fs/readdir.o /tmp/ccdQn0mD.s: Assembler messages: /tmp/ccdQn0mD.s:212: Error: operand out of domain (18 is not a multiple of 4) /tmp/ccdQn0mD.s:226: Error: operand out of domain (18 is not a multiple of 4) ... [6 lines] /tmp/ccdQn0mD.s:1699: Error: operand out of domain (18 is not a multiple of 4) A snippet of the asm shows: # ../fs/readdir.c:210: unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); ld 9,0(29) # MEM[(u64 *)name_38(D) + _88 * 1], MEM[(u64 *)name_38(D) + _88 * 1] # 210 "../fs/readdir.c" 1 1: std 9,18(8) # put_user # *__pus_addr_52, MEM[(u64 *)name_38(D) + _88 * 1] The 'std' instruction requires a 4-byte aligned displacement because it is a DS-form instruction, and as the assembler says, 18 is not a multiple of 4. A similar error is seen with GCC 13 and CONFIG_UBSAN_SIGNED_WRAP=y. The fix is to change the constraint on the memory operand to put_user(), from "m" which is a general memory reference to "YZ". The "Z" constraint is documented in the GCC manual PowerPC machine constraints, and specifies a "memory operand accessed with indexed or indirect addressing". "Y" is not documented in the manual but specifies a "memory operand for a DS-form instruction". Using both allows the compiler to generate a DS-form "std" or X-form "stdx" as appropriate. Unfortunately clang doesn't support the "Y" constraint so that has to be behind an ifdef. Although the build error is only seen with GCC 13/14, that appears to just be luck. The constraint has been incorrect since it was first added. Fixes: c20beffeec3c ("powerpc/uaccess: Use flexible addressing with __put_user()/__get_user()") Suggested-by: Kewen Lin <linkw(a)gcc.gnu.org> [mpe: Drop CONFIG_PPC_KERNEL_PREFIXED ifdef for backport] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240529123029.146953-1-mpe@ellerman.id.au --- arch/powerpc/include/asm/uaccess.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index b2680070d65d..6013a7fc74ba 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -90,9 +90,20 @@ __pu_failed: \ : \ : label) +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #ifdef __powerpc64__ -#define __put_user_asm2_goto(x, ptr, label) \ - __put_user_asm_goto(x, ptr, label, "std") +#define __put_user_asm2_goto(x, addr, label) \ + asm goto ("1: std%U1%X1 %0,%1 # put_user\n" \ + EX_TABLE(1b, %l2) \ + : \ + : "r" (x), DS_FORM_CONSTRAINT (*addr) \ + : \ + : label) #else /* __powerpc64__ */ #define __put_user_asm2_goto(x, addr, label) \ asm_volatile_goto( \ -- 2.45.1

10 months, 3 weeks

1
0
0 0

[PATCH 6.6 000/301] 6.6.31-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 301 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 ++--- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 338 files changed, 3043 insertions(+), 1798 deletions(-)

10 months, 3 weeks

9
311
0 0

[PATCH v6] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 57 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..8cffbe1f912d 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,43 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb) +{ + struct vlan_hdr vhdr, *vh; + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, ETH_HLEN, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1044,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2471,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2504,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3530,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3588,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + aux.tp_vlan_tci = vlan_get_tci(skb); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

10 months, 3 weeks

2
11
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2024