August 2024 - Linux-stable-mirror

[PATCH AUTOSEL 5.15 01/13] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 4d4267105cd2b..842e8fecf0a9a 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -4971,6 +4971,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

3 days, 18 hours

2
14
0 0

[PATCH v2 1/2] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe()

by Krzysztof Kozlowski

File-scope "__pmic_glink_lock" mutex protects the filke-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. None --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index 9606222993fd..452f30a9354d 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -217,10 +217,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock; -- 2.43.0

3 days, 20 hours

2
1
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040834-magazine-audience-8aa4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

6 days, 4 hours

6
12
0 0

FAILED: patch "[PATCH] ima: Fix use-after-free on a dentry's dname.name" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be84f32bb2c981ca6709 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061919-angelic-granny-6472@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be84f32bb2c981ca670922e047cdde1488b233de Mon Sep 17 00:00:00 2001 From: Stefan Berger <stefanb(a)linux.ibm.com> Date: Fri, 22 Mar 2024 10:03:12 -0400 Subject: [PATCH] ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead. Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/ Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index b37d043d5748..1856981e33df 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -245,8 +245,8 @@ int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file, const char *audit_cause = "failed"; struct inode *inode = file_inode(file); struct inode *real_inode = d_real_inode(file_dentry(file)); - const char *filename = file->f_path.dentry->d_name.name; struct ima_max_digest_data hash; + struct name_snapshot filename; struct kstat stat; int result = 0; int length; @@ -317,9 +317,13 @@ int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file, if (file->f_flags & O_DIRECT) audit_cause = "failed(directio)"; + take_dentry_name_snapshot(&filename, file->f_path.dentry); + integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, - filename, "collect_data", audit_cause, - result, 0); + filename.name.name, "collect_data", + audit_cause, result, 0); + + release_dentry_name_snapshot(&filename); } return result; } @@ -432,6 +436,7 @@ void ima_audit_measurement(struct ima_iint_cache *iint, */ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) { + struct name_snapshot filename; char *pathname = NULL; *pathbuf = __getname(); @@ -445,7 +450,10 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) } if (!pathname) { - strscpy(namebuf, path->dentry->d_name.name, NAME_MAX); + take_dentry_name_snapshot(&filename, path->dentry); + strscpy(namebuf, filename.name.name, NAME_MAX); + release_dentry_name_snapshot(&filename); + pathname = namebuf; } diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 6cd0add524cd..3b2cb8f1002e 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -483,7 +483,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, bool size_limit) { const char *cur_filename = NULL; + struct name_snapshot filename; u32 cur_filename_len = 0; + bool snapshot = false; + int ret; BUG_ON(event_data->filename == NULL && event_data->file == NULL); @@ -496,7 +499,10 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, } if (event_data->file) { - cur_filename = event_data->file->f_path.dentry->d_name.name; + take_dentry_name_snapshot(&filename, + event_data->file->f_path.dentry); + snapshot = true; + cur_filename = filename.name.name; cur_filename_len = strlen(cur_filename); } else /* @@ -505,8 +511,13 @@ static int ima_eventname_init_common(struct ima_event_data *event_data, */ cur_filename_len = IMA_EVENT_NAME_LEN_MAX; out: - return ima_write_template_field_data(cur_filename, cur_filename_len, - DATA_FMT_STRING, field_data); + ret = ima_write_template_field_data(cur_filename, cur_filename_len, + DATA_FMT_STRING, field_data); + + if (snapshot) + release_dentry_name_snapshot(&filename); + + return ret; } /*

1 week, 3 days

4
3
0 0

[PATCH v2 0/2] drm/msm/dpu: two fixes targeting 6.11

by Dmitry Baryshkov

Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. Also make sure that DPU debugging logs are always directed to the drm_debug / DRIVER so that usual drm.debug masks work in an expected way. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v2: - Reworked the writeback to just drop the connector->status check. - Expanded commit message for the debugging patch. - Link to v1: https://lore.kernel.org/r/20240709-dpu-fix-wb-v1-0-448348bfd4cb@linaro.org --- Dmitry Baryshkov (2): drm/msm/dpu1: don't choke on disabling the writeback connector drm/msm/dpu: don't play tricks with debug macros drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 ++------------ drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 --- 2 files changed, 2 insertions(+), 15 deletions(-) --- base-commit: 668d33c9ff922c4590c58754ab064aaf53c387dd change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

2 weeks, 1 day

5
19
0 0

drm/amd/display: Pass pwrseq inst for backlight and ABM

by Alex Deucher

Hi Greg, Sasha, Please cherry pick upstream commit b17ef04bf3a4 ("drm/amd/display: Pass pwrseq inst for backlight and ABM") to stable kernel 6.6.x and newer. This fixes broken backlight adjustment on some AMD platforms with eDP panels. Thanks, Alex

2 weeks, 1 day

3
7
0 0

[PATCH V2 1/3] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

by Huacai Chen

When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/mips/kernel/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c index 4184d641f05e..33a02f3814f5 100644 --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c @@ -172,7 +172,7 @@ static void *c_start(struct seq_file *m, loff_t *pos) { unsigned long i = *pos; - return i < NR_CPUS ? (void *) (i + 1) : NULL; + return i < nr_cpu_ids ? (void *) (i + 1) : NULL; } static void *c_next(struct seq_file *m, void *v, loff_t *pos) -- 2.31.1

3 weeks

5
15
0 0

[PATCH AUTOSEL 5.15 01/12] watch_queue: fix kcalloc() arguments order

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit 1bfc466b13cf6652ba227c282c27a30ffede69a5 ] When compiling with gcc version 14.0.0 20231220 (experimental) and W=1, I've noticed the following warning: kernel/watch_queue.c: In function 'watch_queue_set_size': kernel/watch_queue.c:273:32: warning: 'kcalloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args] 273 | pages = kcalloc(sizeof(struct page *), nr_pages, GFP_KERNEL); | ^~~~~~ Since 'n' and 'size' arguments of 'kcalloc()' are multiplied to calculate the final size, their actual order doesn't affect the result and so this is not a bug. But it's still worth to fix it. Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://lore.kernel.org/r/20231221090139.12579-1-dmantipov@yandex.ru Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/watch_queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c index ae31bf8d2feb..bf86e1d71cd3 100644 --- a/kernel/watch_queue.c +++ b/kernel/watch_queue.c @@ -275,7 +275,7 @@ long watch_queue_set_size(struct pipe_inode_info *pipe, unsigned int nr_notes) goto error; ret = -ENOMEM; - pages = kcalloc(sizeof(struct page *), nr_pages, GFP_KERNEL); + pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL); if (!pages) goto error; -- 2.43.0

3 weeks

4
26
0 0

[PATCH 6.1 000/321] 6.1.107-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.107 release. There are 321 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Aug 2024 14:37:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.107-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.107-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Paolo Abeni <pabeni(a)redhat.com> selftests: net: more strict check in net_helper Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Dave Kleikamp <dave.kleikamp(a)oracle.com> Revert "jfs: fix shift-out-of-bounds in dbJoin" Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix W=1 headers mismatch Felix Fietkau <nbd(a)nbd.name> udp: fix receiving fraglist GSO packets Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove freeze_go_demote_ok Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove LM_FLAG_PRIORITY flag Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: don't withdraw if init_threads() got interrupted Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix another freeze/thaw hang Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: fix receiving mesh packets without RFC1042 header Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix potential null pointer dereference Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: drop bogus static keywords in A-MSDU rx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix receiving mesh packets in forwarding=0 networks Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix flow dissection for forwarded packets Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix mesh forwarding Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix mesh path discovery based on unicast packets Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: add documentation for amsdu_mesh_control Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Willem de Bruijn <willemb(a)google.com> net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation Yan Zhai <yan(a)cloudflare.com> gso: fix dodgy bit handling for GSO_UDP_L4 Andrew Melnychenko <andrew(a)daynix.com> udp: allow header check for dodgy GSO_UDP_L4 packets. Jan Höppner <hoeppner(a)linux.ibm.com> Revert "s390/dasd: Establish DMA alignment" Li RongQing <lirongqing(a)baidu.com> KVM: x86: fire timer when it is migrated and expired, and in oneshot mode Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amdgpu/vcn: not pause dpg for unified queue Boyuan Zhang <boyuan.zhang(a)amd.com> drm/amdgpu/vcn: identify unified queue in sw init Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() NeilBrown <neilb(a)suse.de> NFSD: simplify error paths in nfsd_svc() NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PTE is changed Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PMD is changed Hailong Liu <hailong.liu(a)oppo.com> mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() Eric Dumazet <edumazet(a)google.com> tcp: do not export tcp_twsk_purge() Alex Hung <alex.hung(a)amd.com> Revert "drm/amd/display: Validate hw_points_num before using it" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: gadget: uvc: cleanup request when not in correct state" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only decrement add_addr_accepted for MPJ req Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused flushed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused removed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused removed ADD_ADDR Peng Fan <peng.fan(a)nxp.com> pmdomain: imx: wait SSAR when i.MX93 power domain on Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Set timer mode in cpu-probe Candice Li <candice.li(a)amd.com> drm/amdgpu: Validate TA binary size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: the buffer of smb2 query dir response has at least 1 byte Chaotian Jing <chaotian.jing(a)mediatek.com> scsi: core: Fix the return value of scsi_logical_block_count() Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: reset the link phy params before link training Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: fix the max supported bpp logic Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Bharat Bhushan <bbhushan2(a)marvell.com> octeontx2-af: Fix CPT AF register offset calculation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate vlan header Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible UAF in ip6_xmit() Eric Dumazet <edumazet(a)google.com> ipv6: fix possible UAF in ip6_finish_output2() Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Dan Carpenter <dan.carpenter(a)linaro.org> dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix ICE_LAST_OFFSET formula Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix page reuse when PAGE_SIZE is over 8k Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Pull out next_to_clean bump out of ice_put_rx_buf() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Store page count inside ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Add xdp_buff to ice_rx_ring struct Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Prepare legacy-rx for upcoming XDP multi-buffer support Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm state handling when clearing active slave Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm real_dev null pointer dereference Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix null pointer deref in bond_ipsec_offload_ok Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix bond_ipsec_offload_ok return type Thomas Bogendoerfer <tbogendoerfer(a)suse.de> ip6_tunnel: Fix broken GRO Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: test: Use correct skb for route input check Florian Westphal <fw(a)strlen.de> tcp: prevent concurrent execution of tcp_sk_exit_batch Eric Dumazet <edumazet(a)google.com> tcp/dccp: do not care about families in inet_twsk_purge() Eric Dumazet <edumazet(a)google.com> tcp/dccp: bypass empty buckets in inet_twsk_purge() Hangbin Liu <liuhangbin(a)gmail.com> selftests: udpgro: report error when receive failed Lucas Karpinski <lkarpins(a)redhat.com> selftests/net: synchronize udpgro tests' tx and rx connection Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: serialize access to the injection/extraction groups Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q" Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN xmit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix assumption of Central always being Initiator Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Lang Yu <Lang.Yu(a)amd.com> drm/amdkfd: reserve the BO before validating it Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator: Fix warning when controller is destroyed in probe Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Adjust cursor position Filipe Manana <fdmanana(a)suse.com> btrfs: send: allow cloning non-aligned extent if it ends at i_size David Sterba <dsterba(a)suse.com> btrfs: replace sb::s_blocksize by fs_info::sectorsize Long Li <longli(a)microsoft.com> net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Breno Leitao <leitao(a)debian.org> i2c: tegra: Do not mark ACPI devices as irq safe Michał Mirosław <mirq-linux(a)rere.qmqm.pl> i2c: tegra: allow VI support to be compiled out Michał Mirosław <mirq-linux(a)rere.qmqm.pl> i2c: tegra: allow DVC support to be compiled out Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Gergo Koteles <soyer(a)irl.hu> platform/x86: lg-laptop: fix %s null argument warning Adrian Hunter <adrian.hunter(a)intel.com> clocksource: Make watchdog and suspend-timing multiplication overflow safe Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Jian Shen <shenjian15(a)huawei.com> net: hns3: add checking for vf id of mailbox Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: nct3018y: fix possible NULL dereference Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Keith Busch <kbusch(a)kernel.org> nvme: clear caller pointer on identify failure Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion in tree_move_down() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root David Sterba <dsterba(a)suse.com> btrfs: delayed-inode: drop pointless BUG_ON in __btrfs_remove_delayed_item() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Christophe Kerello <christophe.kerello(a)foss.st.com> memory: stm32-fmc2-ebi: check regmap_read return value Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Eric Dumazet <edumazet(a)google.com> netlink: hold nlk->cb_mutex longer in __netlink_dump_start() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Guard against division by zero Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Costa Shulyupin <costa.shul(a)redhat.com> hrtimer: Select housekeeping CPU during migration Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Philipp Stanner <pstanner(a)redhat.com> media: drivers/media/dvb-core: copy user arrays safely Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Neel Natu <neelnatu(a)google.com> kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Al Viro <viro(a)zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks Al Viro <viro(a)zeniv.linux.org.uk> afs: fix __afs_break_callback() / afs_drop_open_mmap() race Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Refcounting fix in gfs2_thaw_super Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_conn: Check non NULL function before calling for HFP offload Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode Kees Cook <keescook(a)chromium.org> hwmon: (pc87360) Bounds check data->innr usage Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Ashish Mhetre <amhetre(a)nvidia.com> memory: tegra: Skip SID programming if SID registers aren't set Rob Clark <robdclark(a)chromium.org> drm/msm: Reduce fallout of fence signaling vs reclaim hangs Li Lingfeng <lilingfeng3(a)huawei.com> block: Fix lockdep warning in blk_mq_mark_tag_wait Samuel Holland <samuel.holland(a)sifive.com> arm64: Fix KASAN random tag seed initialization Masahiro Yamada <masahiroy(a)kernel.org> rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT Masahiro Yamada <masahiroy(a)kernel.org> rust: suppress error messages from CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT Miguel Ojeda <ojeda(a)kernel.org> rust: work around `bindgen` 0.69.0 issue Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN` Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust_is_available: normalize version matching Antoniu Miclaus <antoniu.miclaus(a)analog.com> hwmon: (ltc2992) Avoid division by zero Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: fw: Fix debugfs command sending Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: qcom: venus: fix incorrect return value Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Zero-initialize iosys_map Christian Brauner <brauner(a)kernel.org> binfmt_misc: cleanup on filesystem umount Yu Kuai <yukuai3(a)huawei.com> md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log' Chengfeng Ye <dg573847474(a)gmail.com> media: s5p-mfc: Fix potential deadlock on condlock Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Alex Hung <alex.hung(a)amd.com> drm/amd/display: Validate hw_points_num before using it Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: cleanup request when not in correct state David Lechner <dlechner(a)baylibre.com> staging: iio: resolver: ad2s1210: fix use before initialization Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Move dma unmapping after TLB flush Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358768: Attempt to fix DSI horizontal timings Heiko Carstens <hca(a)linux.ibm.com> s390/smp,mcck: fix early IPI handling Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rtrs: Fix the problem of variable not initialized fully Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Kamalesh Babulal <kamalesh.babulal(a)oracle.com> cgroup: Avoid extra dereference in css_populate_dir() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Paul E. McKenney <paulmck(a)kernel.org> rcu: Eliminate rcu_gp_slow_unregister() false positive Zhen Lei <thunder.leizhen(a)huawei.com> rcu: Dump memory object info if callback function is invalid Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix BA session teardown race Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check wiphy mutex is held for wdev mutex Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Lee Jones <lee(a)kernel.org> drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use the user's cfg after reset Jie Wang <wangjie125(a)huawei.com> net: hns3: fix wrong use of semaphore up Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Introduce nf_tables_getobj_single Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: nft_obj_filter fits into cb->ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: A better name for nft_obj_filter Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Unconditionally allocate nft_obj_filter Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Audit log dump reset after the fact Florian Westphal <fw(a)strlen.de> netfilter: nf_queue: drop packets with cloned unconfirmed conntracks Donald Hunter <donald.hunter(a)gmail.com> netfilter: flowtable: initialise extack before use Tom Hughes <tom(a)compton.nu> netfilter: allow ipv6 fragments to arrive on different devices Eugene Syromiatnikov <esyr(a)redhat.com> mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: disable RX filters until RX path initialized Yue Haibing <yuehaibing(a)huawei.com> mlxbf_gige: Remove two unused function declarations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: check busy flag in MDIO operations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: use read_poll_timeout instead delay loop Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: Take state lock during tx timeout reporter Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Correct the launchtime offset Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do copy_to_user out of run_lock Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol yunshui <jiangyunshui(a)kylinos.cn> bpf, net: Use DEV_STAT_INC() Jan Kara <jack(a)suse.cz> udf: Fix bogus checksum computation in udf_rename() Jan Kara <jack(a)suse.cz> ext4: do not create EA inode under buffer lock Jan Kara <jack(a)suse.cz> ext4: fold quota accounting into ext4_xattr_inode_lookup_create() Li Zhong <floridsleeves(a)gmail.com> ext4: check the return value of ext4_xattr_inode_dec_ref() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Alexei Starovoitov <ast(a)kernel.org> bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie. Kees Cook <keescook(a)chromium.org> bpf: Replace bpf_lpm_trie_key 0-length array with flexible array Donald Hunter <donald.hunter(a)gmail.com> docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: remove mesh forwarding congestion check Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: factor out bridge tunnel / RFC1042 header check Felix Fietkau <nbd(a)nbd.name> wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix and simplify unencrypted drop check for mesh Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> pppoe: Fix memory leak in pppoe_sendmsg() Dmitry Antipov <dmantipov(a)yandex.ru> net: sctp: fix skb leak in sctp_inq_free() Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Jan Kara <jack(a)suse.cz> quota: Detect loops in quota tree Gao Xiang <xiang(a)kernel.org> erofs: avoid debugging output for (de)compressed data Edward Adam Davis <eadavis(a)qq.com> reiserfs: fix uninit-value in comp_keys Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix variable overflow triggered by sysbot Lizhi Xu <lizhi.xu(a)windriver.com> squashfs: squashfs_read_data need to check if the length is 0 Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix shift-out-of-bounds in dbJoin Jakub Kicinski <kuba(a)kernel.org> net: don't dump stack on queue timeout Yajun Deng <yajun.deng(a)linux.dev> net: sched: Print msecs when transmit queue time out Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix change_address deadlock during unregister Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: take wiphy lock for MAC addr change Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Fix hci_link_tx_to RCU lock usage Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Stop using gfs2_make_fs_ro for withdraw Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rework freeze / thaw logic Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename gfs2_freeze_lock{ => _shared } Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename the {freeze,thaw}_super callbacks Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename remaining "transaction" glock references Kees Cook <keescook(a)chromium.org> pid: Replace struct pid 1-element array with flex-array Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure timer ID search-loop limit is valid Andrii Nakryiko <andrii(a)kernel.org> bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log Andrii Nakryiko <andrii(a)kernel.org> bpf: Split off basic BPF verifier log into separate file Ivan Orlov <ivan.orlov0322(a)gmail.com> mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field Ivan Orlov <ivan.orlov0322(a)gmail.com> 9P FS: Fix wild-memory-access write in v9fs_get_acl Theodore Ts'o <tytso(a)mit.edu> ext4, jbd2: add an optimized bmap for the journal inode Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent WARNING in nilfs_dat_commit_end() Leon Hwang <leon.hwang(a)linux.dev> bpf: Fix updating attached freplace prog in prog_array map Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/jpeg2: properly set atomics vmid field Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add dev extent item checks Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: properly take lock to read/update block group's zoned variables Waiman Long <longman(a)redhat.com> mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/fscache_cookie: add missing "n_accesses" check Dan Carpenter <dan.carpenter(a)linaro.org> rtla/osnoise: Prevent NULL dereference in error handling Andi Shyti <andi.shyti(a)kernel.org> i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Nam Cao <namcao(a)linutronix.de> riscv: change XIP's kernel_map.size to be size of the entire kernel Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Mark XDomain as unplugged when router is removed Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Check USB endpoints when probing device Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Refine workqueue handling Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Don't destroy workqueue from work item running on it Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate Mathieu Othacehe <othacehe(a)gnu.org> tty: atmel_serial: use the correct RTS flag. ------------- Diffstat: Documentation/bpf/map_lpm_trie.rst | 181 ++++++++++ Documentation/filesystems/gfs2-glocks.rst | 3 +- Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/arm64/kernel/setup.c | 3 - arch/arm64/kernel/smp.c | 2 + arch/arm64/kvm/sys_regs.c | 6 + arch/arm64/kvm/vgic/vgic.h | 7 + arch/mips/kernel/cpu-probe.c | 4 + arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/riscv/mm/init.c | 4 +- arch/s390/include/asm/uv.h | 5 +- arch/s390/kernel/early.c | 12 +- arch/s390/kernel/smp.c | 4 +- arch/x86/kernel/process.c | 5 +- arch/x86/kvm/lapic.c | 8 +- block/blk-mq-tag.c | 5 +- drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/char/xillybus/xillyusb.c | 42 ++- drivers/clk/visconti/pll.c | 6 +- drivers/clocksource/arm_global_timer.c | 11 +- drivers/firmware/cirrus/cs_dsp.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 40 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 53 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 6 +- drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 24 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 2 +- drivers/gpu/drm/bridge/tc358768.c | 215 ++++++++++-- drivers/gpu/drm/lima/lima_gp.c | 12 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 + drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 + drivers/gpu/drm/msm/dp/dp_panel.c | 19 +- drivers/gpu/drm/msm/msm_gem_shrinker.c | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 5 + drivers/gpu/drm/tegra/gem.c | 2 +- drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/ltc2992.c | 8 +- drivers/hwmon/pc87360.c | 6 +- drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/i2c/busses/i2c-tegra.c | 41 ++- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 2 +- drivers/input/input-mt.c | 3 + drivers/input/serio/i8042-acpipnpio.h | 20 +- drivers/input/serio/i8042.c | 10 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/irqchip/irq-renesas-rzg2l.c | 5 +- drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 +- drivers/md/dm.c | 4 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/md/raid5-cache.c | 47 +-- drivers/media/dvb-core/dvb_frontend.c | 12 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/platform/qcom/venus/pm_helpers.c | 2 +- .../media/platform/samsung/s5p-mfc/s5p_mfc_enc.c | 2 +- drivers/media/radio/radio-isa.c | 2 +- drivers/memory/stm32-fmc2-ebi.c | 122 +++++-- drivers/memory/tegra/tegra186.c | 3 + drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/bonding/bond_main.c | 21 +- drivers/net/bonding/bond_options.c | 2 +- drivers/net/dsa/mv88e6xxx/global1_atu.c | 3 +- drivers/net/dsa/ocelot/felix.c | 11 + drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 28 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 3 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- drivers/net/ethernet/intel/ice/ice_base.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 8 +- drivers/net/ethernet/intel/ice/ice_main.c | 10 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 117 +++---- drivers/net/ethernet/intel/ice/ice_txrx.h | 6 +- drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 15 + drivers/net/ethernet/intel/igc/igc_main.c | 7 + drivers/net/ethernet/intel/igc/igc_regs.h | 1 + drivers/net/ethernet/intel/igc/igc_tsn.c | 64 ++++ drivers/net/ethernet/intel/igc/igc_tsn.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 +- .../ethernet/mellanox/mlx5/core/en/reporter_tx.c | 2 + .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- .../net/ethernet/mellanox/mlxbf_gige/mlxbf_gige.h | 9 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 10 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_regs.h | 2 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 50 ++- drivers/net/ethernet/microsoft/mana/mana.h | 1 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/ethernet/mscc/ocelot.c | 91 ++++- drivers/net/ethernet/mscc/ocelot_fdma.c | 3 +- drivers/net/ethernet/mscc/ocelot_vsc7514.c | 4 + drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 +- drivers/net/gtp.c | 3 + drivers/net/ppp/pppoe.c | 23 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- .../net/wireless/marvell/mwifiex/11n_rxreorder.c | 2 +- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nvme/host/core.c | 5 +- drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +- drivers/platform/surface/aggregator/controller.c | 3 +- drivers/platform/x86/lg-laptop.c | 2 +- drivers/rtc/rtc-nct3018y.c | 6 +- drivers/s390/block/dasd.c | 36 +- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_diag.c | 1 - drivers/s390/block/dasd_eckd.c | 58 ++- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/imx/imx93-pd.c | 5 +- drivers/ssb/main.c | 2 +- drivers/staging/iio/resolver/ad2s1210.c | 7 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/thunderbolt/switch.c | 1 + drivers/tty/serial/atmel_serial.c | 2 +- drivers/usb/dwc3/core.c | 13 + drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/video/fbdev/offb.c | 3 +- fs/9p/xattr.c | 8 +- fs/afs/file.c | 8 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 +++++++++--- fs/btrfs/delayed-inode.c | 4 +- fs/btrfs/disk-io.c | 2 + fs/btrfs/extent_io.c | 4 +- fs/btrfs/free-space-cache.c | 22 +- fs/btrfs/inode.c | 11 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/reflink.c | 6 +- fs/btrfs/send.c | 63 +++- fs/btrfs/super.c | 2 +- fs/btrfs/tests/extent-io-tests.c | 28 +- fs/btrfs/tree-checker.c | 69 ++++ fs/erofs/decompressor.c | 8 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/ext4/super.c | 23 ++ fs/ext4/xattr.c | 158 ++++----- fs/f2fs/segment.c | 5 +- fs/file.c | 28 +- fs/fscache/cookie.c | 4 + fs/fuse/cuse.c | 3 +- fs/fuse/dev.c | 6 +- fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 15 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/glock.c | 27 +- fs/gfs2/glock.h | 9 - fs/gfs2/glops.c | 66 ++-- fs/gfs2/incore.h | 2 +- fs/gfs2/inode.c | 2 +- fs/gfs2/lock_dlm.c | 5 - fs/gfs2/log.c | 2 - fs/gfs2/ops_fstype.c | 13 +- fs/gfs2/recovery.c | 28 +- fs/gfs2/super.c | 197 ++++++++--- fs/gfs2/super.h | 1 + fs/gfs2/sys.c | 2 +- fs/gfs2/util.c | 53 +-- fs/gfs2/util.h | 5 +- fs/inode.c | 39 ++- fs/jbd2/journal.c | 9 +- fs/jfs/jfs_dmap.c | 2 + fs/jfs/jfs_dtree.c | 2 + fs/kernfs/file.c | 8 +- fs/nfs/pnfs.c | 8 + fs/nfsd/nfs4proc.c | 4 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsctl.c | 32 +- fs/nfsd/nfsd.h | 3 +- fs/nfsd/nfssvc.c | 85 ++--- fs/nfsd/vfs.c | 6 +- fs/nilfs2/btree.c | 1 + fs/nilfs2/dat.c | 11 + fs/nilfs2/direct.c | 1 + fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/frecord.c | 75 +++- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 11 +- fs/ntfs3/ntfs_fs.h | 4 +- fs/ntfs3/super.c | 2 +- fs/quota/dquot.c | 5 +- fs/quota/quota_tree.c | 128 +++++-- fs/quota/quota_v2.c | 15 +- fs/reiserfs/stree.c | 2 +- fs/smb/server/smb2pdu.c | 3 +- fs/squashfs/block.c | 2 +- fs/squashfs/file.c | 3 +- fs/squashfs/file_direct.c | 6 +- fs/udf/namei.c | 1 - include/linux/bitmap.h | 20 +- include/linux/bpf_verifier.h | 23 +- include/linux/cpumask.h | 2 +- include/linux/dsa/ocelot.h | 47 +++ include/linux/fs.h | 5 + include/linux/if_vlan.h | 21 ++ include/linux/jbd2.h | 8 + include/linux/pid.h | 2 +- include/linux/sched/signal.h | 2 +- include/linux/sunrpc/svc.h | 13 - include/linux/udp.h | 2 +- include/linux/virtio_net.h | 35 +- include/net/cfg80211.h | 40 ++- include/net/inet_timewait_sock.h | 2 +- include/net/kcm.h | 1 + include/net/tcp.h | 2 +- include/scsi/scsi_cmnd.h | 2 +- include/soc/mscc/ocelot.h | 12 +- include/trace/events/huge_memory.h | 3 +- include/uapi/linux/bpf.h | 19 +- init/Kconfig | 7 +- kernel/bpf/Makefile | 3 +- kernel/bpf/log.c | 82 +++++ kernel/bpf/lpm_trie.c | 33 +- kernel/bpf/verifier.c | 69 ---- kernel/cgroup/cgroup.c | 4 +- kernel/pid.c | 7 +- kernel/pid_namespace.c | 2 +- kernel/rcu/rcu.h | 7 + kernel/rcu/srcutiny.c | 1 + kernel/rcu/srcutree.c | 1 + kernel/rcu/tasks.h | 1 + kernel/rcu/tiny.c | 1 + kernel/rcu/tree.c | 3 +- kernel/time/clocksource.c | 42 ++- kernel/time/hrtimer.c | 5 +- kernel/time/posix-timers.c | 31 +- lib/math/prime_numbers.c | 2 - mm/huge_memory.c | 30 +- mm/khugepaged.c | 20 ++ mm/memcontrol.c | 7 +- mm/memory-failure.c | 20 +- mm/memory.c | 29 +- mm/vmalloc.c | 11 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_conn.c | 11 +- net/bluetooth/hci_core.c | 24 +- net/bluetooth/mgmt.c | 4 + net/bluetooth/rfcomm/sock.c | 14 +- net/bluetooth/smp.c | 146 ++++---- net/bridge/br_netfilter_hooks.c | 6 +- net/core/filter.c | 8 +- net/core/skbuff.c | 8 +- net/dccp/ipv4.c | 2 +- net/dccp/ipv6.c | 6 - net/dsa/tag_ocelot.c | 37 +- net/ipv4/fou.c | 2 +- net/ipv4/inet_timewait_sock.c | 16 +- net/ipv4/tcp_ipv4.c | 16 +- net/ipv4/tcp_minisocks.c | 7 +- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 18 +- net/ipv6/ip6_output.c | 10 + net/ipv6/ip6_tunnel.c | 12 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 4 + net/ipv6/tcp_ipv6.c | 6 - net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/mac80211/agg-tx.c | 6 +- net/mac80211/debugfs_netdev.c | 3 - net/mac80211/driver-ops.c | 3 - net/mac80211/ieee80211_i.h | 1 - net/mac80211/iface.c | 27 +- net/mac80211/rx.c | 387 +++++++++++---------- net/mac80211/sta_info.c | 17 + net/mac80211/sta_info.h | 3 + net/mctp/test/route-test.c | 2 +- net/mptcp/diag.c | 2 +- net/mptcp/pm_netlink.c | 31 +- net/netfilter/nf_flow_table_inet.c | 3 + net/netfilter/nf_flow_table_ip.c | 3 + net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nf_tables_api.c | 225 +++++++----- net/netfilter/nfnetlink_queue.c | 35 +- net/netfilter/nft_counter.c | 9 +- net/netlink/af_netlink.c | 13 +- net/rds/recv.c | 13 +- net/sched/sch_generic.c | 11 +- net/sched/sch_netem.c | 47 ++- net/sctp/inqueue.c | 14 +- net/wireless/core.h | 8 +- net/wireless/util.c | 195 +++++++---- samples/bpf/map_perf_test_user.c | 2 +- samples/bpf/xdp_router_ipv4_user.c | 2 +- scripts/rust_is_available.sh | 41 ++- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/soc/sof/ipc4.c | 9 +- sound/usb/mixer.c | 7 + sound/usb/quirks-table.h | 1 + sound/usb/quirks.c | 2 + tools/include/linux/bitmap.h | 7 +- tools/include/uapi/linux/bpf.h | 19 +- tools/testing/selftests/bpf/progs/map_ptr_kern.c | 2 +- tools/testing/selftests/bpf/test_lpm_map.c | 18 +- tools/testing/selftests/core/close_range_test.c | 35 ++ tools/testing/selftests/net/net_helper.sh | 25 ++ tools/testing/selftests/net/udpgro.sh | 57 +-- tools/testing/selftests/net/udpgro_bench.sh | 5 +- tools/testing/selftests/net/udpgro_frglist.sh | 5 +- tools/testing/selftests/net/udpgso.c | 2 +- tools/testing/selftests/tc-testing/tdc.py | 1 - tools/tracing/rtla/src/osnoise_top.c | 11 +- 335 files changed, 4050 insertions(+), 2027 deletions(-)

1 month

18
350
0 0

[PATCH v4] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING`

by Barnabás Pőcze

`MFD_NOEXEC_SEAL` should remove the executable bits and set `F_SEAL_EXEC` to prevent further modifications to the executable bits as per the comment in the uapi header file: not executable and sealed to prevent changing to executable However, commit 105ff5339f498a ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") that introduced this feature made it so that `MFD_NOEXEC_SEAL` unsets `F_SEAL_SEAL`, essentially acting as a superset of `MFD_ALLOW_SEALING`. Nothing implies that it should be so, and indeed up until the second version of the of the patchset[0] that introduced `MFD_EXEC` and `MFD_NOEXEC_SEAL`, `F_SEAL_SEAL` was not removed, however, it was changed in the third revision of the patchset[1] without a clear explanation. This behaviour is surprising for application developers, there is no documentation that would reveal that `MFD_NOEXEC_SEAL` has the additional effect of `MFD_ALLOW_SEALING`. Additionally, combined with `vm.memfd_noexec=2` it has the effect of making all memfds initially sealable. So do not remove `F_SEAL_SEAL` when `MFD_NOEXEC_SEAL` is requested, thereby returning to the pre-Linux 6.3 behaviour of only allowing sealing when `MFD_ALLOW_SEALING` is specified. Now, this is technically a uapi break. However, the damage is expected to be minimal. To trigger user visible change, a program has to do the following steps: - create memfd: - with `MFD_NOEXEC_SEAL`, - without `MFD_ALLOW_SEALING`; - try to add seals / check the seals. But that seems unlikely to happen intentionally since this change essentially reverts the kernel's behaviour to that of Linux <6.3, so if a program worked correctly on those older kernels, it will likely work correctly after this change. I have used Debian Code Search and GitHub to try to find potential breakages, and I could only find a single one. dbus-broker's memfd_create() wrapper is aware of this implicit `MFD_ALLOW_SEALING` behaviour, and tries to work around it[2]. This workaround will break. Luckily, this only affects the test suite, it does not affect the normal operations of dbus-broker. There is a PR with a fix[3]. I also carried out a smoke test by building a kernel with this change and booting an Arch Linux system into GNOME and Plasma sessions. There was also a previous attempt to address this peculiarity by introducing a new flag[4]. [0]: https://lore.kernel.org/lkml/20220805222126.142525-3-jeffxu@google.com/ [1]: https://lore.kernel.org/lkml/20221202013404.163143-3-jeffxu@google.com/ [2]: https://github.com/bus1/dbus-broker/blob/9eb0b7e5826fc76cad7b025bc46f267d4a… [3]: https://github.com/bus1/dbus-broker/pull/366 [4]: https://lore.kernel.org/lkml/20230714114753.170814-1-david@readahead.eu/ Cc: stable(a)vger.kernel.org Signed-off-by: Barnabás Pőcze <pobrn(a)protonmail.com> --- * v3: https://lore.kernel.org/linux-mm/20240611231409.3899809-1-jeffxu@chromium.o… * v2: https://lore.kernel.org/linux-mm/20240524033933.135049-1-jeffxu@google.com/ * v1: https://lore.kernel.org/linux-mm/20240513191544.94754-1-pobrn@protonmail.co… This fourth version returns to removing the inconsistency as opposed to documenting its existence, with the same code change as v1 but with a somewhat extended commit message. This is sent because I believe it is worth at least a try; it can be easily reverted if bigger application breakages are discovered than initially imagined. --- mm/memfd.c | 9 ++++----- tools/testing/selftests/memfd/memfd_test.c | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index 7d8d3ab3fa37..8b7f6afee21d 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -356,12 +356,11 @@ SYSCALL_DEFINE2(memfd_create, inode->i_mode &= ~0111; file_seals = memfd_file_seals_ptr(file); - if (file_seals) { - *file_seals &= ~F_SEAL_SEAL; + if (file_seals) *file_seals |= F_SEAL_EXEC; - } - } else if (flags & MFD_ALLOW_SEALING) { - /* MFD_EXEC and MFD_ALLOW_SEALING are set */ + } + + if (flags & MFD_ALLOW_SEALING) { file_seals = memfd_file_seals_ptr(file); if (file_seals) *file_seals &= ~F_SEAL_SEAL; diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 95af2d78fd31..7b78329f65b6 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -1151,7 +1151,7 @@ static void test_noexec_seal(void) mfd_def_size, MFD_CLOEXEC | MFD_NOEXEC_SEAL); mfd_assert_mode(fd, 0666); - mfd_assert_has_seals(fd, F_SEAL_EXEC); + mfd_assert_has_seals(fd, F_SEAL_SEAL | F_SEAL_EXEC); mfd_fail_chmod(fd, 0777); close(fd); } -- 2.45.2

1 month

3
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024