August 2024 - Linux-stable-mirror

[PATCH] drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check

by Ma Ke

The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/sti/sti_gdp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c index 43c72c2604a0..f046f5f7ad25 100644 --- a/drivers/gpu/drm/sti/sti_gdp.c +++ b/drivers/gpu/drm/sti/sti_gdp.c @@ -638,6 +638,9 @@ static int sti_gdp_atomic_check(struct drm_plane *drm_plane, mixer = to_sti_mixer(crtc); crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y; -- 2.25.1

3 months, 3 weeks

1
0
0 0

[PATCH 5.10 000/317] 5.10.219-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.219 release. There are 317 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Jun 2024 11:31:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.219-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.219-rc1 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix CQ and QP cache affinity Yangyang Li <liyangyang20(a)huawei.com> RDMA/hns: Use mutex instead of spinlock for ida allocation Chao Yu <chao(a)kernel.org> f2fs: compress: fix compression chksum Neil Armstrong <neil.armstrong(a)linaro.org> scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Sergey Shtylyov <s.shtylyov(a)omp.ru> nfs: fix undefined behavior in nfs_block_bits() Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix crash in AP internal function modify_bitmap() Baokun Li <libaokun1(a)huawei.com> ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Mike Gilbert <floppym(a)gentoo.org> sparc: move struct termio to asm/termios.h Eric Dumazet <edumazet(a)google.com> net: fix __dst_negative_advice() race Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Merge identical case statements in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix console handling when editing and tab-completing commands Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix buffer overflow during tab-complete Judith Mendez <jm(a)ti.com> watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Sam Ravnborg <sam(a)ravnborg.org> sparc64: Fix number of online CPUs Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S CPU support Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/9p: fix uninit-value in p9_client_rpc() xu xin <xu.xin16(a)zte.com.cn> net/ipv6: Fix route deleting failure when metric equals 0 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Vitaly Chikunov <vt(a)altlinux.org> crypto: ecrdsa - Fix module auto-load on add_key Marc Zyngier <maz(a)kernel.org> KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Cai Xinchen <caixinchen1(a)huawei.com> fbdev: savage: Handle err return when savagefb_check_var failed Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Sort DMI quirks alphabetically Hans de Goede <hdegoede(a)redhat.com> mmc: core: Add mmc_gpiod_set_cd_config() function Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-core: hold videodev_lock until dev reg, finishes Nathan Chancellor <nathan(a)kernel.org> media: mxl5xx: Move xpt structures off stack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Yang Xiwen <forbidden405(a)outlook.com> arm64: dts: hi3798cv200: fix the size of GICR Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzk(a)kernel.org> arm64: tegra: Correct Tegra132 I2C alias Christoffer Sandberg <cs(a)tuxedo.de> ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: pata_legacy: make legacy_exit() work again Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add error handle to avoid out-of-bounds Zheyu Ma <zheyuma97(a)gmail.com> media: lgdt3306a: Add a check against null-pointer-def Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Linus Torvalds <torvalds(a)linux-foundation.org> x86/mm: Remove broken vsyscall emulation code from the page fault code Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Marc Dionne <marc.dionne(a)auristor.com> afs: Don't cross .backup mountpoint from backup volume Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: core: Do not force a retune before RPMB switch Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: add adap_nb_transmit_canceled() callback Dongli Zhang <dongli.zhang(a)oracle.com> genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Set lower bound of start tick time Guenter Roeck <linux(a)roeck-us.net> hwmon: (shtc1) Fix property misspelling Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/uaccess: Use asm goto for get_user when compiler supports it Yue Haibing <yuehaibing(a)huawei.com> ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: stm32: Don't warn about spurious interrupts Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix comparison to constant symbols, 'm', 'n' Florian Westphal <fw(a)strlen.de> netfilter: tproxy: bail out if IP has been disabled on the device Xiaolei Wang <xiaolei.wang(a)windriver.com> net:fec: Add fec_enet_deinit() Jakub Sitnicki <jakub(a)cloudflare.com> bpf: Allow delete from sockmap/sockhash only if update is allowed Parthiban Veerasooran <Parthiban.Veerasooran(a)microchip.com> net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Roded Zats <rzats(a)paloaltonetworks.com> enic: Validate length of nl attributes in enic_set_vf_port Friedrich Vock <friedrich.vock(a)gmx.de> bpf: Fix potential integer overflow in resolve_btfids Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix ns enable/disable possible hang Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: Don't mark message DMA mapped when no transfer in it is Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: restore vlan q-in-q match support Eric Dumazet <edumazet(a)google.com> netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Dae R. Jeong <threeearcat(a)gmail.com> tls: fix missing memory barrier in tls_init Wei Fang <wei.fang(a)nxp.com> net: fec: avoid lock evasion when reading pps_enable Matthew Bystrin <dev.mbstr(a)gmail.com> riscv: stacktrace: fixed walk_stackframe() Guo Ren <guoren(a)linux.alibaba.com> riscv: stacktrace: Make walk_stackframe cross pt_regs frame Kefeng Wang <wangkefeng.wang(a)huawei.com> riscv: Cleanup stacktrace Jiri Pirko <jiri(a)nvidia.com> virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Aaron Conole <aconole(a)redhat.com> openvswitch: Set the skbuff pkt_type for proper pmtud support. Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Sagi Grimberg <sagi(a)grimberg.me> params: lift param_set_uint_minmax to common code Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix memleak in seg6_hmac_init_algo Dan Aloni <dan.aloni(a)vastdata.com> rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL Dan Aloni <dan.aloni(a)vastdata.com> sunrpc: fix NFSACL RPC retry on soft mount Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2552: Add TX path for capturing AUDIO-OUT data Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_rx_work Masahiro Yamada <masahiroy(a)kernel.org> x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: bd71828: Don't overwrite runtime voltages Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: avoid confusing "transmit timed out" message Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: avoid recursive cec_claim_log_addrs Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec-adap.c: drop activate_cnt, use state info instead Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: use call_op and check for !unregistered Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: correctly pass on reply results Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: abort if the current transmit was canceled Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: call enable_adap on s_log_addrs Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: fix a deadlock situation Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: core headers: fix kernel-doc warnings Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-api: add locking in cec_release() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-adap: always cancel work in cec_transmit_msg_fh Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the -Wmissing-prototypes warning for __switch_mm Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Dongliang Mu <mudongliangabcd(a)gmail.com> media: flexcop-usb: fix sanity check of bNumEndpoints Johan Hovold <johan(a)kernel.org> media: flexcop-usb: clean up endpoint sanity checks Azeem Shaikh <azeemshaikh38(a)gmail.com> scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Dan Carpenter <dan.carpenter(a)linaro.org> media: stk1160: fix bounds checking in stk1160_copy_video() Michael Walle <mwalle(a)kernel.org> drm/bridge: tc358775: fix support for jeida-18 and jeida-24 Johannes Berg <johannes.berg(a)intel.com> um: vector: fix bpfflash parameter evaluation Roberto Sassu <roberto.sassu(a)huawei.com> um: Add winch to winch_handlers before registering winch IRQ Duoming Zhou <duoming(a)zju.edu.cn> um: Fix return value in ubd_init() Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Always flush the slave INTF on the CTL Fenglin Wu <quic_fenglinw(a)quicinc.com> Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Fix ITAPDLY for HS400 timing Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add OTAP/ITAP delay enable Vignesh Raghavendra <vigneshr(a)ti.com> mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Write ITAPDLY for DDR52 timing Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add tuning algorithm for delay chain Karel Balej <balejk(a)matfyz.cz> Input: ioc3kbd - add device table Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Input: ioc3kbd - convert to platform remove callback returning void Arnd Bergmann <arnd(a)arndb.de> Input: ims-pcu - fix printf string overflow Alexander Egorenkov <egorenar(a)linux.ibm.com> s390/ipl: Fix incorrect initialization of nvme dump block Alexander Egorenkov <egorenar(a)linux.ibm.com> s390/ipl: Fix incorrect initialization of len fields in nvme reipl block Ian Rogers <irogers(a)google.com> perf stat: Don't display metric header for non-leader uncore events Ian Rogers <irogers(a)google.com> libsubcmd: Fix parse-options memory leak Wolfram Sang <wsa+renesas(a)sang-engineering.com> serial: sh-sci: protect invalidating RXDMA on shutdown Chao Yu <chao(a)kernel.org> f2fs: compress: don't allow unaligned truncation on released compress inode Chao Yu <chao(a)kernel.org> f2fs: fix to release node block count in error path of f2fs_new_node_page() Chao Yu <chao(a)kernel.org> f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock Ian Rogers <irogers(a)google.com> perf report: Avoid SEGV in report__setup_sample_type() Ian Rogers <irogers(a)google.com> perf ui browser: Avoid SEGV on title Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 Randy Dunlap <rdunlap(a)infradead.org> extcon: max8997: select IRQ_DOMAIN instead of depending on it Ian Rogers <irogers(a)google.com> perf ui browser: Don't save pointer to stack memory Ian Rogers <irogers(a)google.com> perf ui: Update use of pthread mutex yaowenbin <yaowenbin1(a)huawei.com> perf top: Fix TUI exit screen refresh race condition He Zhe <zhe.he(a)windriver.com> perf bench internals inject-build-id: Fix trap divide when collecting just one DSO Huai-Yuan Liu <qq810974084(a)gmail.com> ppdev: Add an error check in register_device Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ppdev: Remove usage of the deprecated ida_simple_xx() API Dan Carpenter <dan.carpenter(a)linaro.org> stm class: Fix a double free in stm_register_device() Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: u_audio: Clear uac pointer when freed. Miklos Szeredi <mszeredi(a)redhat.com> ovl: remove upper umask handling from ovl_create_upper() Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) Michal Simek <michal.simek(a)amd.com> microblaze: Remove early printk call from cpuinfo-static.c Michal Simek <michal.simek(a)amd.com> microblaze: Remove gcc flag for non existing early_printk.c file Marco Pagani <marpagan(a)redhat.com> fpga: region: add owner module and take its refcount Russ Weight <russell.h.weight(a)intel.com> fpga: region: Use standard dev_release for class driver Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> docs: driver-api: fpga: avoid using UTF-8 chars Russ Weight <russell.h.weight(a)intel.com> fpga: region: Rename dev to parent for parent device Tom Rix <trix(a)redhat.com> fpga: region: change FPGA indirect article to an Thomas Haemmerle <thomas.haemmerle(a)leica-geosystems.com> iio: pressure: dps310: support negative temperature values Chao Yu <chao(a)kernel.org> f2fs: fix to check pinfile flag in f2fs_move_file_range() Chao Yu <chao(a)kernel.org> f2fs: fix to relocate check condition in f2fs_fallocate() Jinyoung CHOI <j-young.choi(a)samsung.com> f2fs: fix typos in comments Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do not allow partial truncation on pinned file Chao Yu <chao(a)kernel.org> f2fs: fix to force keeping write barrier for strict fsync mode Chao Yu <chao(a)kernel.org> f2fs: add cp_error check in f2fs_write_compressed_pages Chao Yu <chao(a)kernel.org> f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit Chao Yu <chao(a)kernel.org> f2fs: compress: remove unneeded preallocation Chao Yu <chao(a)kernel.org> f2fs: compress: clean up parameter of __f2fs_cluster_blocks() Daeho Jeong <daehojeong(a)google.com> f2fs: add compress_mode mount option Chao Yu <chao(a)kernel.org> f2fs: compress: support chksum Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add proper sched.h include for sched_set_fifo() Arnd Bergmann <arnd(a)arndb.de> greybus: arche-ctrl: move device table to its right location Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Fix bitwise types Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Update uart_driver_registered on driver removal Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Lock port->lock when calling uart_handle_cts_change() Arnd Bergmann <arnd(a)arndb.de> firmware: dmi-id: add a release callback function Chen Ni <nichen(a)iscas.ac.cn> dmaengine: idma64: Add check for dma_set_max_seg_size Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence: fix invalid PDI offset Namhyung Kim <namhyung(a)kernel.org> perf annotate: Get rid of duplicate --group option item Martin Liška <mliska(a)suse.cz> perf annotate: Add --demangle and --demangle-kernel Chao Yu <chao(a)kernel.org> f2fs: fix to wait on page writeback in __clone_blkaddrs() Rui Miguel Silva <rmfrfs(a)gmail.com> greybus: lights: check return of get_channel_from_mode Arnaldo Carvalho de Melo <acme(a)redhat.com> perf probe: Add missing libgen.h header needed for using basename() Ian Rogers <irogers(a)google.com> perf record: Delete session after stopping sideband thread Arnaldo Carvalho de Melo <acme(a)redhat.com> perf evlist: Use the right prefix for 'struct evlist' sideband thread methods Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Chris Lew <quic_clew(a)quicinc.com> net: qrtr: ns: Fix module refcnt Qinglang Miao <miaoqinglang(a)huawei.com> net: qrtr: fix null-ptr-deref in qrtr_ns_remove Leon Romanovsky <leon(a)kernel.org> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode Gautam Menghani <gautammenghani201(a)gmail.com> selftests/kcmp: Make the test output consistent and clear Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Dan Carpenter <dan.carpenter(a)linaro.org> ext4: fix potential unnitialized variable Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused parameter from ext4_mb_new_blocks_simple() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: try all groups in ext4_mb_new_blocks_simple Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix unit mismatch in ext4_mb_new_blocks_simple Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Marc Gonzalez <mgonzalez(a)freebox.fr> clk: qcom: mmcc-msm8998: fix venus clock issue Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Modify the print level of CQE error Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Zhengchao Shao <shaozhengchao(a)huawei.com> RDMA/hns: Fix return value in hns_roce_map_mr_sg Wenpeng Liang <liangwenpeng(a)huawei.com> RDMA/hns: Fix incorrect symbol types Yangyang Li <liyangyang20(a)huawei.com> RDMA/hns: Create QP with selected QPN for bank load balance Xi Wang <wangxi11(a)huawei.com> RDMA/hns: Refactor the hns_roce_buf allocation flow Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/mipi-dsi: use correct return type for the DSC functions Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: tc358775: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611: Don't log an error when DSI host can't be found Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Aleksandr Mishin <amishin(a)t-argos.ru> drm: vc4: Fix possible null pointer dereference Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Zhipeng Lu <alexious(a)zju.edu.cn> media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build Aleksandr Mishin <amishin(a)t-argos.ru> drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: vclk: fix calculation of 59.94 fractional rates Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Disable route checks for Skylake boards Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: soc-acpi: add helper to identify parent driver. Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Discard command completions in internal error Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Jakub Kicinski <kuba(a)kernel.org> eth: sungem: remove .ndo_poll_controller to avoid deadlocks gaoxingwang <gaoxingwang1(a)huawei.com> net: ipv6: fix wrong start position when receive hop-by-hop fragment Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors John Hubbard <jhubbard(a)nvidia.com> selftests/binderfs: use the Makefile's rules, not Make's implicit rules Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> net: give more chances to rcu in netdev_wait_allrefs_any() Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Gabriel Krisman Bertazi <krisman(a)suse.de> udp: Avoid call to compute_score on multiple sites Lorenz Bauer <lmb(a)isovalent.com> net: remove duplicate reuseport_lookup functions Lorenz Bauer <lmb(a)isovalent.com> net: export inet_lookup_reuseport and inet6_lookup_reuseport Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Rearrange locking in cpufreq_remove_dev() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Split cpufreq_offline() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reorganize checks in cpufreq_offline() Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix umount cgroup2 error in test_sockmap Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "ignore unlock failures after withdraw" Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing CGC enable Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing unipro mode Abel Vesa <abel.vesa(a)linaro.org> scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US Ziqi Chen <ziqichen(a)codeaurora.org> scsi: ufs-qcom: Fix ufs RST_n spec violation Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Chun-Kuang Hu <chunkuang.hu(a)kernel.org> soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/nh-avx2 - add missing vzeroupper Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Nilay Shroff <nilay(a)linux.ibm.com> nvme: find numa distance only if controller has valid numa id Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Flush the process wq before creating a kfd_process Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: da7219-aad: fix usage of device_get_named_child_node() Jack Yu <jack.yu(a)realtek.com> ASoC: rt715: add vendor clear control register Krzysztof Kozlowski <krzk(a)kernel.org> regulator: vqmmc-ipq4019: fix module autoloading Derek Fang <derek.fang(a)realtek.com> ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Fang <derek.fang(a)realtek.com> ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating Joshua Ashton <joshua(a)froggi.es> drm/amd/display: Set color_mgmt_changed to true on unsuspend Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN920C04 compositions Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Takashi Iwai <tiwai(a)suse.de> ALSA: core: Fix NULL module pointer assignment at card init Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs ------------- Diffstat: Documentation/devicetree/bindings/sound/rt5645.txt | 6 + Documentation/driver-api/fpga/fpga-bridge.rst | 10 +- Documentation/driver-api/fpga/fpga-mgr.rst | 12 +- Documentation/driver-api/fpga/fpga-programming.rst | 8 +- Documentation/driver-api/fpga/fpga-region.rst | 35 ++- Documentation/filesystems/f2fs.rst | 36 +++ Makefile | 4 +- arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 +- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/include/asm/asm-bug.h | 1 + arch/arm64/kvm/guest.c | 1 + arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 +-- arch/microblaze/kernel/Makefile | 1 - arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 +- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/include/asm/hvcall.h | 2 +- arch/powerpc/include/asm/uaccess.h | 55 ++++ arch/powerpc/platforms/pseries/lpar.c | 6 +- arch/powerpc/platforms/pseries/lparcfg.c | 6 +- arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/include/asm/stacktrace.h | 17 ++ arch/riscv/kernel/entry.S | 3 +- arch/riscv/kernel/perf_callchain.c | 10 +- arch/riscv/kernel/stacktrace.c | 36 ++- arch/s390/kernel/ipl.c | 10 +- arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 ++--- arch/sparc/include/asm/smp_64.h | 2 - arch/sparc/include/uapi/asm/termbits.h | 10 - arch/sparc/include/uapi/asm/termios.h | 9 + arch/sparc/kernel/prom_64.c | 4 +- arch/sparc/kernel/setup_64.c | 1 - arch/sparc/kernel/smp_64.c | 14 - arch/um/drivers/line.c | 14 +- arch/um/drivers/ubd_kern.c | 4 +- arch/um/drivers/vector_kern.c | 2 +- arch/um/include/asm/mmu.h | 2 - arch/um/include/shared/skas/mm_id.h | 2 + arch/x86/Kconfig.debug | 5 +- arch/x86/crypto/nh-avx2-x86_64.S | 1 + arch/x86/crypto/sha256-avx2-asm.S | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 28 +- arch/x86/include/asm/processor.h | 1 - arch/x86/kernel/apic/vector.c | 9 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/lib/x86-opcode-map.txt | 2 +- arch/x86/mm/fault.c | 27 +- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 + crypto/ecrdsa.c | 1 + drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/acpica/Makefile | 1 + drivers/acpi/resource.c | 12 + drivers/android/binder.c | 4 +- drivers/ata/pata_legacy.c | 8 +- drivers/block/null_blk/main.c | 3 + drivers/char/ppdev.c | 21 +- drivers/clk/qcom/mmcc-msm8998.c | 8 + drivers/cpufreq/cpufreq.c | 85 +++--- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- drivers/crypto/qat/qat_common/adf_aer.c | 19 +- drivers/dma-buf/sync_debug.c | 4 +- drivers/dma/idma64.c | 4 +- drivers/extcon/Kconfig | 3 +- drivers/firmware/dmi-id.c | 7 +- drivers/firmware/raspberrypi.c | 7 +- drivers/fpga/dfl-fme-region.c | 17 +- drivers/fpga/dfl.c | 12 +- drivers/fpga/fpga-region.c | 145 +++++----- drivers/fpga/of-fpga-region.c | 10 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + drivers/gpu/drm/arm/malidp_mw.c | 5 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 + drivers/gpu/drm/bridge/lontium-lt9611.c | 6 +- drivers/gpu/drm/bridge/tc358775.c | 27 +- drivers/gpu/drm/drm_mipi_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 - drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/gpu/drm/vc4/vc4_hdmi.c | 2 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/hwmon/shtc1.c | 2 +- drivers/hwtracing/intel_th/pci.c | 5 + drivers/hwtracing/stm/core.c | 11 +- drivers/iio/pressure/dps310.c | 11 +- drivers/infiniband/hw/hns/hns_roce_alloc.c | 128 +++++---- drivers/infiniband/hw/hns/hns_roce_cmd.c | 10 +- drivers/infiniband/hw/hns/hns_roce_cmd.h | 2 +- drivers/infiniband/hw/hns/hns_roce_common.h | 14 +- drivers/infiniband/hw/hns/hns_roce_db.c | 8 +- drivers/infiniband/hw/hns/hns_roce_device.h | 115 ++++---- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 8 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 35 +-- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 65 ++--- drivers/infiniband/hw/hns/hns_roce_qp.c | 129 +++++++-- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/misc/ims-pcu.c | 4 +- drivers/input/misc/pm8xxx-vibrator.c | 7 +- drivers/input/serio/ioc3kbd.c | 13 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/irqchip/irq-loongson-pch-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/md-bitmap.c | 6 +- drivers/md/raid5.c | 15 +- drivers/media/cec/core/cec-adap.c | 291 +++++++++++++-------- drivers/media/cec/core/cec-api.c | 31 +-- drivers/media/cec/core/cec-core.c | 7 +- drivers/media/cec/core/cec-pin-priv.h | 11 + drivers/media/cec/core/cec-pin.c | 23 +- drivers/media/cec/core/cec-priv.h | 10 + drivers/media/dvb-frontends/lgdt3306a.c | 5 + drivers/media/dvb-frontends/mxl5xx.c | 22 +- drivers/media/mc/mc-devnode.c | 5 +- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/b2c2/flexcop-usb.c | 12 +- drivers/media/usb/stk1160/stk1160-video.c | 20 +- drivers/media/v4l2-core/v4l2-dev.c | 3 + drivers/mmc/core/host.c | 3 +- drivers/mmc/core/slot-gpio.c | 20 ++ drivers/mmc/host/sdhci-acpi.c | 48 +++- drivers/mmc/host/sdhci_am654.c | 205 ++++++++++----- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 12 + drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/fec_main.c | 10 + drivers/net/ethernet/freescale/fec_ptp.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/realtek/r8169_main.c | 3 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ethernet/sun/sungem.c | 14 - drivers/net/ipvlan/ipvlan_core.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/net/usb/smsc95xx.c | 26 +- drivers/net/usb/sr9700.c | 10 +- drivers/net/vxlan/vxlan_core.c | 4 - drivers/net/wireless/ath/ar5523/ar5523.c | 14 + drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 +- drivers/net/wireless/ath/carl9170/usb.c | 32 +++ drivers/net/wireless/marvell/mwl8k.c | 2 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 ++---- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/target/configfs.c | 8 + drivers/pci/pcie/edr.c | 28 +- drivers/regulator/bd71828-regulator.c | 58 +--- drivers/regulator/vqmmc-ipq4019-regulator.c | 1 + drivers/s390/cio/trace.h | 2 +- drivers/s390/crypto/ap_bus.c | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 8 +- drivers/scsi/qla2xxx/qla_mr.c | 20 +- drivers/scsi/ufs/cdns-pltfrm.c | 2 +- drivers/scsi/ufs/ufs-qcom.c | 31 ++- drivers/scsi/ufs/ufs-qcom.h | 21 +- drivers/scsi/ufs/ufshcd.c | 4 +- drivers/soc/mediatek/mtk-cmdq-helper.c | 5 +- drivers/soundwire/cadence_master.c | 2 +- drivers/spi/spi-stm32.c | 2 +- drivers/spi/spi.c | 4 + drivers/staging/greybus/arche-apb-ctrl.c | 1 + drivers/staging/greybus/arche-platform.c | 9 +- drivers/staging/greybus/light.c | 8 +- drivers/staging/media/atomisp/pci/sh_css.c | 1 + drivers/tty/n_gsm.c | 8 +- drivers/tty/serial/max3100.c | 22 +- drivers/tty/serial/sc16is7xx.c | 2 +- drivers/tty/serial/sh-sci.c | 5 + drivers/usb/gadget/function/u_audio.c | 2 + drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/savage/savagefb_driver.c | 5 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virtio/virtio_pci_common.c | 4 +- drivers/watchdog/rti_wdt.c | 34 ++- fs/afs/mntpt.c | 5 + fs/ecryptfs/keystore.c | 4 +- fs/ext4/mballoc.c | 134 +++++----- fs/ext4/namei.c | 2 +- fs/ext4/xattr.c | 4 +- fs/f2fs/checkpoint.c | 4 +- fs/f2fs/compress.c | 91 +++---- fs/f2fs/data.c | 10 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 52 +++- fs/f2fs/file.c | 86 ++++-- fs/f2fs/inode.c | 9 + fs/f2fs/namei.c | 2 +- fs/f2fs/node.c | 2 +- fs/f2fs/segment.c | 4 +- fs/f2fs/super.c | 32 +++ fs/gfs2/glock.c | 4 +- fs/gfs2/util.c | 1 - fs/jffs2/xattr.c | 3 + fs/nfs/internal.h | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 ++++- fs/openpromfs/inode.c | 8 +- fs/overlayfs/dir.c | 3 - include/drm/drm_mipi_dsi.h | 6 +- include/linux/f2fs_fs.h | 3 +- include/linux/fpga/fpga-region.h | 43 ++- include/linux/mmc/slot-gpio.h | 1 + include/linux/moduleparam.h | 2 + include/media/cec.h | 26 +- include/media/v4l2-h264.h | 6 +- include/media/v4l2-jpeg.h | 2 + include/net/dst_ops.h | 2 +- include/net/inet6_hashtables.h | 16 ++ include/net/inet_hashtables.h | 18 +- include/net/netfilter/nf_tables.h | 2 + include/net/sock.h | 13 +- include/sound/soc-acpi.h | 6 + include/trace/events/asoc.h | 2 + include/uapi/linux/cec.h | 3 +- include/uapi/linux/v4l2-subdev.h | 12 +- include/uapi/linux/videodev2.h | 15 +- io_uring/io_uring.c | 2 + kernel/bpf/verifier.c | 10 +- kernel/cgroup/cpuset.c | 2 +- kernel/debug/kdb/kdb_io.c | 99 ++++--- kernel/irq/cpuhotplug.c | 16 +- kernel/params.c | 18 ++ kernel/sched/topology.c | 2 +- kernel/trace/ring_buffer.c | 9 + net/9p/client.c | 2 + net/core/dev.c | 3 +- net/ipv4/inet_hashtables.c | 29 +- net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 + net/ipv4/route.c | 22 +- net/ipv4/tcp_dctcp.c | 13 +- net/ipv4/tcp_ipv4.c | 13 +- net/ipv4/udp.c | 55 ++-- net/ipv6/inet6_hashtables.c | 27 +- net/ipv6/reassembly.c | 2 +- net/ipv6/route.c | 34 +-- net/ipv6/seg6.c | 5 +- net/ipv6/seg6_hmac.c | 42 ++- net/ipv6/udp.c | 61 +++-- net/netfilter/nf_tables_api.c | 22 +- net/netfilter/nfnetlink_queue.c | 2 + net/netfilter/nft_payload.c | 23 +- net/netfilter/nft_tunnel.c | 1 + net/netrom/nr_route.c | 19 +- net/nfc/nci/core.c | 17 +- net/openvswitch/actions.c | 6 + net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/qrtr/af_qrtr.c | 16 +- net/qrtr/ns.c | 34 ++- net/qrtr/qrtr.h | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 12 +- net/sunrpc/clnt.c | 1 + net/sunrpc/svc.c | 2 - net/sunrpc/xprtrdma/verbs.c | 6 +- net/sunrpc/xprtsock.c | 18 -- net/tls/tls_main.c | 10 +- net/unix/af_unix.c | 2 +- net/wireless/trace.h | 4 +- net/xfrm/xfrm_policy.c | 11 +- scripts/kconfig/symbol.c | 6 +- sound/core/init.c | 2 +- sound/core/timer.c | 10 + sound/soc/codecs/da7219-aad.c | 6 +- sound/soc/codecs/rt5645.c | 25 ++ sound/soc/codecs/rt715-sdw.c | 1 + sound/soc/codecs/tas2552.c | 15 +- sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 + sound/soc/intel/boards/bxt_rt298.c | 1 + sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 + sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 + sound/soc/intel/boards/kbl_da7219_max98927.c | 4 + sound/soc/intel/boards/kbl_rt5660.c | 1 + sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 + .../soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 + sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 + sound/soc/intel/boards/skl_rt286.c | 1 + tools/arch/x86/lib/x86-opcode-map.txt | 2 +- tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/subcmd/parse-options.c | 8 +- tools/perf/Documentation/perf-annotate.txt | 7 + tools/perf/bench/inject-buildid.c | 2 +- tools/perf/builtin-annotate.c | 6 +- tools/perf/builtin-record.c | 8 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 4 +- tools/perf/ui/browser.c | 26 +- tools/perf/ui/browser.h | 2 +- tools/perf/ui/browsers/annotate.c | 2 +- tools/perf/ui/setup.c | 5 +- tools/perf/ui/tui/helpline.c | 5 +- tools/perf/ui/tui/progress.c | 8 +- tools/perf/ui/tui/setup.c | 12 +- tools/perf/ui/tui/util.c | 18 +- tools/perf/ui/ui.h | 4 +- tools/perf/util/bpf-event.c | 2 +- tools/perf/util/evlist.h | 11 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 + tools/perf/util/intel-pt.c | 2 + tools/perf/util/probe-event.c | 1 + tools/perf/util/sideband_evlist.c | 8 +- tools/perf/util/stat-display.c | 3 + tools/testing/selftests/bpf/test_sockmap.c | 2 +- .../selftests/filesystems/binderfs/Makefile | 2 - tools/testing/selftests/kcmp/kcmp_test.c | 8 +- 328 files changed, 2834 insertions(+), 1844 deletions(-)

3 months, 3 weeks

11
335
0 0

FAILED: patch "[PATCH] tracing: Have format file honor EVENT_FILE_FL_FREED" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b1560408692cd0ab0370cfbe9deb03ce97ab3f6d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081258-amusement-designing-88e9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b1560408692c ("tracing: Have format file honor EVENT_FILE_FL_FREED") bb32500fb9b7 ("tracing: Have trace_event_file have ref counters") 5790b1fb3d67 ("eventfs: Remove eventfs_file and just use eventfs_inode") a1f157c7a3bb ("tracing: Expand all ring buffers individually") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1560408692cd0ab0370cfbe9deb03ce97ab3f6d Mon Sep 17 00:00:00 2001 From: Steven Rostedt <rostedt(a)goodmis.org> Date: Tue, 30 Jul 2024 11:06:57 -0400 Subject: [PATCH] tracing: Have format file honor EVENT_FILE_FL_FREED MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would have a ref count that is set when the file is created and would be decremented and freed after the last user that opened the file closed it. When the file meta data was to be freed, it would set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed, and any new references made (like new opens or reads) would fail as it is marked freed. This allowed other meta data to be freed after this flag was set (under the event_mutex). All the files that were dynamically created in the events directory had a pointer to the file meta data and would call event_release() when the last reference to the user space file was closed. This would be the time that it is safe to free the file meta data. A shortcut was made for the "format" file. It's i_private would point to the "call" entry directly and not point to the file's meta data. This is because all format files are the same for the same "call", so it was thought there was no reason to differentiate them. The other files maintain state (like the "enable", "trigger", etc). But this meant if the file were to disappear, the "format" file would be unaware of it. This caused a race that could be trigger via the user_events test (that would create dynamic events and free them), and running a loop that would read the user_events format files: In one console run: # cd tools/testing/selftests/user_events # while true; do ./ftrace_test; done And in another console run: # cd /sys/kernel/tracing/ # while true; do cat events/user_events/__test_event/format; done 2>/dev/null With KASAN memory checking, it would trigger a use-after-free bug report (which was a real bug). This was because the format file was not checking the file's meta data flag "EVENT_FILE_FL_FREED", so it would access the event that the file meta data pointed to after the event was freed. After inspection, there are other locations that were found to not check the EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a new helper function: event_file_file() that will make sure that the event_mutex is held, and will return NULL if the trace_event_file has the EVENT_FILE_FL_FREED flag set. Have the first reference of the struct file pointer use event_file_file() and check for NULL. Later uses can still use the event_file_data() helper function if the event_mutex is still held and was not released since the event_file_file() call. Link: https://lore.kernel.org/all/20240719204701.1605950-1-minipli@grsecurity.net/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Ajay Kaher <ajay.kaher(a)broadcom.com> Cc: Ilkka Naulapää <digirigawa(a)gmail.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: Beau Belgrave <beaub(a)linux.microsoft.com> Cc: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Alexey Makhalov <alexey.makhalov(a)broadcom.com> Cc: Vasavi Sirnapalli <vasavi.sirnapalli(a)broadcom.com> Link: https://lore.kernel.org/20240730110657.3b69d3c1@gandalf.local.home Fixes: b63db58e2fa5d ("eventfs/tracing: Add callback for release of an eventfs_inode") Reported-by: Mathias Krause <minipli(a)grsecurity.net> Tested-by: Mathias Krause <minipli(a)grsecurity.net> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 8783bebd0562..bd3e3069300e 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1634,6 +1634,29 @@ static inline void *event_file_data(struct file *filp) extern struct mutex event_mutex; extern struct list_head ftrace_events; +/* + * When the trace_event_file is the filp->i_private pointer, + * it must be taken under the event_mutex lock, and then checked + * if the EVENT_FILE_FL_FREED flag is set. If it is, then the + * data pointed to by the trace_event_file can not be trusted. + * + * Use the event_file_file() to access the trace_event_file from + * the filp the first time under the event_mutex and check for + * NULL. If it is needed to be retrieved again and the event_mutex + * is still held, then the event_file_data() can be used and it + * is guaranteed to be valid. + */ +static inline struct trace_event_file *event_file_file(struct file *filp) +{ + struct trace_event_file *file; + + lockdep_assert_held(&event_mutex); + file = READ_ONCE(file_inode(filp)->i_private); + if (!file || file->flags & EVENT_FILE_FL_FREED) + return NULL; + return file; +} + extern const struct file_operations event_trigger_fops; extern const struct file_operations event_hist_fops; extern const struct file_operations event_hist_debug_fops; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 6ef29eba90ce..f08fbaf8cad6 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1386,12 +1386,12 @@ event_enable_read(struct file *filp, char __user *ubuf, size_t cnt, char buf[4] = "0"; mutex_lock(&event_mutex); - file = event_file_data(filp); + file = event_file_file(filp); if (likely(file)) flags = file->flags; mutex_unlock(&event_mutex); - if (!file || flags & EVENT_FILE_FL_FREED) + if (!file) return -ENODEV; if (flags & EVENT_FILE_FL_ENABLED && @@ -1424,8 +1424,8 @@ event_enable_write(struct file *filp, const char __user *ubuf, size_t cnt, case 1: ret = -ENODEV; mutex_lock(&event_mutex); - file = event_file_data(filp); - if (likely(file && !(file->flags & EVENT_FILE_FL_FREED))) { + file = event_file_file(filp); + if (likely(file)) { ret = tracing_update_buffers(file->tr); if (ret < 0) { mutex_unlock(&event_mutex); @@ -1540,7 +1540,8 @@ enum { static void *f_next(struct seq_file *m, void *v, loff_t *pos) { - struct trace_event_call *call = event_file_data(m->private); + struct trace_event_file *file = event_file_data(m->private); + struct trace_event_call *call = file->event_call; struct list_head *common_head = &ftrace_common_fields; struct list_head *head = trace_get_fields(call); struct list_head *node = v; @@ -1572,7 +1573,8 @@ static void *f_next(struct seq_file *m, void *v, loff_t *pos) static int f_show(struct seq_file *m, void *v) { - struct trace_event_call *call = event_file_data(m->private); + struct trace_event_file *file = event_file_data(m->private); + struct trace_event_call *call = file->event_call; struct ftrace_event_field *field; const char *array_descriptor; @@ -1627,12 +1629,14 @@ static int f_show(struct seq_file *m, void *v) static void *f_start(struct seq_file *m, loff_t *pos) { + struct trace_event_file *file; void *p = (void *)FORMAT_HEADER; loff_t l = 0; /* ->stop() is called even if ->start() fails */ mutex_lock(&event_mutex); - if (!event_file_data(m->private)) + file = event_file_file(m->private); + if (!file) return ERR_PTR(-ENODEV); while (l < *pos && p) @@ -1706,8 +1710,8 @@ event_filter_read(struct file *filp, char __user *ubuf, size_t cnt, trace_seq_init(s); mutex_lock(&event_mutex); - file = event_file_data(filp); - if (file && !(file->flags & EVENT_FILE_FL_FREED)) + file = event_file_file(filp); + if (file) print_event_filter(file, s); mutex_unlock(&event_mutex); @@ -1736,9 +1740,13 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, return PTR_ERR(buf); mutex_lock(&event_mutex); - file = event_file_data(filp); - if (file) - err = apply_event_filter(file, buf); + file = event_file_file(filp); + if (file) { + if (file->flags & EVENT_FILE_FL_FREED) + err = -ENODEV; + else + err = apply_event_filter(file, buf); + } mutex_unlock(&event_mutex); kfree(buf); @@ -2485,7 +2493,6 @@ static int event_callback(const char *name, umode_t *mode, void **data, if (strcmp(name, "format") == 0) { *mode = TRACE_MODE_READ; *fops = &ftrace_event_format_fops; - *data = call; return 1; } diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ece1308d36a..5f9119eb7c67 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -5601,7 +5601,7 @@ static int hist_show(struct seq_file *m, void *v) mutex_lock(&event_mutex); - event_file = event_file_data(m->private); + event_file = event_file_file(m->private); if (unlikely(!event_file)) { ret = -ENODEV; goto out_unlock; @@ -5880,7 +5880,7 @@ static int hist_debug_show(struct seq_file *m, void *v) mutex_lock(&event_mutex); - event_file = event_file_data(m->private); + event_file = event_file_file(m->private); if (unlikely(!event_file)) { ret = -ENODEV; goto out_unlock; diff --git a/kernel/trace/trace_events_inject.c b/kernel/trace/trace_events_inject.c index 8650562bdaa9..a8f076809db4 100644 --- a/kernel/trace/trace_events_inject.c +++ b/kernel/trace/trace_events_inject.c @@ -299,7 +299,7 @@ event_inject_write(struct file *filp, const char __user *ubuf, size_t cnt, strim(buf); mutex_lock(&event_mutex); - file = event_file_data(filp); + file = event_file_file(filp); if (file) { call = file->event_call; size = parse_entry(buf, call, &entry); diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c index 4bec043c8690..a5e3d6acf1e1 100644 --- a/kernel/trace/trace_events_trigger.c +++ b/kernel/trace/trace_events_trigger.c @@ -159,7 +159,7 @@ static void *trigger_start(struct seq_file *m, loff_t *pos) /* ->stop() is called even if ->start() fails */ mutex_lock(&event_mutex); - event_file = event_file_data(m->private); + event_file = event_file_file(m->private); if (unlikely(!event_file)) return ERR_PTR(-ENODEV); @@ -213,7 +213,7 @@ static int event_trigger_regex_open(struct inode *inode, struct file *file) mutex_lock(&event_mutex); - if (unlikely(!event_file_data(file))) { + if (unlikely(!event_file_file(file))) { mutex_unlock(&event_mutex); return -ENODEV; } @@ -293,7 +293,7 @@ static ssize_t event_trigger_regex_write(struct file *file, strim(buf); mutex_lock(&event_mutex); - event_file = event_file_data(file); + event_file = event_file_file(file); if (unlikely(!event_file)) { mutex_unlock(&event_mutex); kfree(buf);

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Fix integer overflow calculating timestamp" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072959-overpass-sapling-797e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8676a5e796fa ("media: uvcvideo: Fix integer overflow calculating timestamp") 9e56380ae625 ("media: uvcvideo: Rename debug functions") ed4c5fa4d804 ("media: uvcvideo: use dev_printk() for uvc_trace()") 59e92bf62771 ("media: uvcvideo: New macro uvc_trace_cont") 69df09547e7a ("media: uvcvideo: Use dev_ printk aliases") 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT") 351509c604dc ("media: uvcvideo: Move guid to entity") dc9455ffae02 ("media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values") b400b6f28af0 ("media: uvcvideo: Force UVC version to 1.0a for 1bcf:0b40") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8676a5e796fa18f55897ca36a94b2adf7f73ebd1 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 10 Jun 2024 19:17:49 +0000 Subject: [PATCH] media: uvcvideo: Fix integer overflow calculating timestamp The function uvc_video_clock_update() supports a single SOF overflow. Or in other words, the maximum difference between the first ant the last timestamp can be 4096 ticks or 4.096 seconds. This results in a maximum value for y2 of: 0x12FBECA00, that overflows 32bits. y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; Extend the size of y2 to u64 to support all its values. Without this patch: # yavta -s 1920x1080 -f YUYV -t 1/5 -c /dev/video0 Device /dev/v4l/by-id/usb-Shine-Optics_Integrated_Camera_0001-video-index0 opened. Device `Integrated Camera: Integrated C' on `usb-0000:00:14.0-6' (driver 'uvcvideo') supports video, capture, without mplanes. Video format set: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Video format: YUYV (56595559) 1920x1080 (stride 3840) field none buffer size 4147200 Current frame rate: 1/5 Setting frame rate to: 1/5 Frame rate set: 1/5 8 buffers requested. length: 4147200 offset: 0 timestamp type/source: mono/SoE Buffer 0/0 mapped at address 0x7947ea94c000. length: 4147200 offset: 4149248 timestamp type/source: mono/SoE Buffer 1/0 mapped at address 0x7947ea557000. length: 4147200 offset: 8298496 timestamp type/source: mono/SoE Buffer 2/0 mapped at address 0x7947ea162000. length: 4147200 offset: 12447744 timestamp type/source: mono/SoE Buffer 3/0 mapped at address 0x7947e9d6d000. length: 4147200 offset: 16596992 timestamp type/source: mono/SoE Buffer 4/0 mapped at address 0x7947e9978000. length: 4147200 offset: 20746240 timestamp type/source: mono/SoE Buffer 5/0 mapped at address 0x7947e9583000. length: 4147200 offset: 24895488 timestamp type/source: mono/SoE Buffer 6/0 mapped at address 0x7947e918e000. length: 4147200 offset: 29044736 timestamp type/source: mono/SoE Buffer 7/0 mapped at address 0x7947e8d99000. 0 (0) [-] none 0 4147200 B 507.554210 508.874282 242.836 fps ts mono/SoE 1 (1) [-] none 2 4147200 B 508.886298 509.074289 0.751 fps ts mono/SoE 2 (2) [-] none 3 4147200 B 509.076362 509.274307 5.261 fps ts mono/SoE 3 (3) [-] none 4 4147200 B 509.276371 509.474336 5.000 fps ts mono/SoE 4 (4) [-] none 5 4147200 B 509.476394 509.674394 4.999 fps ts mono/SoE 5 (5) [-] none 6 4147200 B 509.676506 509.874345 4.997 fps ts mono/SoE 6 (6) [-] none 7 4147200 B 509.876430 510.074370 5.002 fps ts mono/SoE 7 (7) [-] none 8 4147200 B 510.076434 510.274365 5.000 fps ts mono/SoE 8 (0) [-] none 9 4147200 B 510.276421 510.474333 5.000 fps ts mono/SoE 9 (1) [-] none 10 4147200 B 510.476391 510.674429 5.001 fps ts mono/SoE 10 (2) [-] none 11 4147200 B 510.676434 510.874283 4.999 fps ts mono/SoE 11 (3) [-] none 12 4147200 B 510.886264 511.074349 4.766 fps ts mono/SoE 12 (4) [-] none 13 4147200 B 511.070577 511.274304 5.426 fps ts mono/SoE 13 (5) [-] none 14 4147200 B 511.286249 511.474301 4.637 fps ts mono/SoE 14 (6) [-] none 15 4147200 B 511.470542 511.674251 5.426 fps ts mono/SoE 15 (7) [-] none 16 4147200 B 511.672651 511.874337 4.948 fps ts mono/SoE 16 (0) [-] none 17 4147200 B 511.873988 512.074462 4.967 fps ts mono/SoE 17 (1) [-] none 18 4147200 B 512.075982 512.278296 4.951 fps ts mono/SoE 18 (2) [-] none 19 4147200 B 512.282631 512.482423 4.839 fps ts mono/SoE 19 (3) [-] none 20 4147200 B 518.986637 512.686333 0.149 fps ts mono/SoE 20 (4) [-] none 21 4147200 B 518.342709 512.886386 -1.553 fps ts mono/SoE 21 (5) [-] none 22 4147200 B 517.909812 513.090360 -2.310 fps ts mono/SoE 22 (6) [-] none 23 4147200 B 517.590775 513.294454 -3.134 fps ts mono/SoE 23 (7) [-] none 24 4147200 B 513.298465 513.494335 -0.233 fps ts mono/SoE 24 (0) [-] none 25 4147200 B 513.510273 513.698375 4.721 fps ts mono/SoE 25 (1) [-] none 26 4147200 B 513.698904 513.902327 5.301 fps ts mono/SoE 26 (2) [-] none 27 4147200 B 513.895971 514.102348 5.074 fps ts mono/SoE 27 (3) [-] none 28 4147200 B 514.099091 514.306337 4.923 fps ts mono/SoE 28 (4) [-] none 29 4147200 B 514.310348 514.510567 4.734 fps ts mono/SoE 29 (5) [-] none 30 4147200 B 514.509295 514.710367 5.026 fps ts mono/SoE 30 (6) [-] none 31 4147200 B 521.532513 514.914398 0.142 fps ts mono/SoE 31 (7) [-] none 32 4147200 B 520.885277 515.118385 -1.545 fps ts mono/SoE 32 (0) [-] none 33 4147200 B 520.411140 515.318336 -2.109 fps ts mono/SoE 33 (1) [-] none 34 4147200 B 515.325425 515.522278 -0.197 fps ts mono/SoE 34 (2) [-] none 35 4147200 B 515.538276 515.726423 4.698 fps ts mono/SoE 35 (3) [-] none 36 4147200 B 515.720767 515.930373 5.480 fps ts mono/SoE Cc: stable(a)vger.kernel.org Fixes: 66847ef013cc ("[media] uvcvideo: Add UVC timestamps support") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20240610-hwtimestamp-followup-v1-2-f9eaed7be7f0@c… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index aebcf9b25a16..4dfc1b86bdee 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -760,11 +760,11 @@ void uvc_video_clock_update(struct uvc_streaming *stream, unsigned long flags; u64 timestamp; u32 delta_stc; - u32 y1, y2; + u32 y1; u32 x1, x2; u32 mean; u32 sof; - u64 y; + u64 y, y2; if (!uvc_hw_timestamps_param) return; @@ -816,7 +816,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, sof = y; uvc_dbg(stream->dev, CLOCK, - "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %u SOF offset %u)\n", + "%s: PTS %u y %llu.%06llu SOF %u.%06llu (x1 %u x2 %u y1 %u y2 %llu SOF offset %u)\n", stream->dev->name, buf->pts, y >> 16, div_u64((y & 0xffff) * 1000000, 65536), sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), @@ -831,7 +831,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, goto done; y1 = NSEC_PER_SEC; - y2 = (u32)ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; + y2 = ktime_to_ns(ktime_sub(last->host_time, first->host_time)) + y1; /* * Interpolated and host SOF timestamps can wrap around at slightly @@ -852,7 +852,7 @@ void uvc_video_clock_update(struct uvc_streaming *stream, timestamp = ktime_to_ns(first->host_time) + y - y1; uvc_dbg(stream->dev, CLOCK, - "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %u)\n", + "%s: SOF %u.%06llu y %llu ts %llu buf ts %llu (x1 %u/%u/%u x2 %u/%u/%u y1 %u y2 %llu)\n", stream->dev->name, sof >> 16, div_u64(((u64)sof & 0xffff) * 1000000LLU, 65536), y, timestamp, vbuf->vb2_buf.timestamp,

3 months, 3 weeks

3
2
0 0

[PATCH] usb: typec: ucsi: Fix the partner PD revision

by Heikki Krogerus

The Partner PD Revision field in GET_CONNECTOR_CAPABILITY data structure was introduced in UCSI v2.1. In ucsi_check_connector_capability() the version was assumed to be 2.0, and in ucsi_register_partner() the field is accessed completely unconditionally. Fixing the version in ucsi_check_connector_capability(), and replacing the unconditional pd_revision assignment with a direct call to ucsi_check_connector_capability() in ucsi_register_port(). After this the revision is also checked only if there is a PD contract. Fixes: b9fccfdb4ebb ("usb: typec: ucsi: Get PD revision for partner") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/ucsi.c | 50 ++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index f0b5867048e2..fad43f292e7f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -959,6 +959,27 @@ static void ucsi_unregister_cable(struct ucsi_connector *con) con->cable = NULL; } +static int ucsi_check_connector_capability(struct ucsi_connector *con) +{ + u64 command; + int ret; + + if (!con->partner || con->ucsi->version < UCSI_VERSION_2_1) + return 0; + + command = UCSI_GET_CONNECTOR_CAPABILITY | UCSI_CONNECTOR_NUMBER(con->num); + ret = ucsi_send_command(con->ucsi, command, &con->cap, sizeof(con->cap)); + if (ret < 0) { + dev_err(con->ucsi->dev, "GET_CONNECTOR_CAPABILITY failed (%d)\n", ret); + return ret; + } + + typec_partner_set_pd_revision(con->partner, + UCSI_CONCAP_FLAG_PARTNER_PD_MAJOR_REV_AS_BCD(con->cap.flags)); + + return ret; +} + static void ucsi_pwr_opmode_change(struct ucsi_connector *con) { switch (UCSI_CONSTAT_PWR_OPMODE(con->status.flags)) { @@ -968,6 +989,7 @@ static void ucsi_pwr_opmode_change(struct ucsi_connector *con) ucsi_partner_task(con, ucsi_get_src_pdos, 30, 0); ucsi_partner_task(con, ucsi_check_altmodes, 30, HZ); ucsi_partner_task(con, ucsi_register_partner_pdos, 1, HZ); + ucsi_partner_task(con, ucsi_check_connector_capability, 1, HZ); break; case UCSI_CONSTAT_PWR_OPMODE_TYPEC1_5: con->rdo = 0; @@ -1012,7 +1034,6 @@ static int ucsi_register_partner(struct ucsi_connector *con) if (con->ucsi->cap.features & UCSI_CAP_GET_PD_MESSAGE) desc.identity = &con->partner_identity; desc.usb_pd = pwr_opmode == UCSI_CONSTAT_PWR_OPMODE_PD; - desc.pd_revision = UCSI_CONCAP_FLAG_PARTNER_PD_MAJOR_REV_AS_BCD(con->cap.flags); partner = typec_register_partner(con->port, &desc); if (IS_ERR(partner)) { @@ -1089,27 +1110,6 @@ static void ucsi_partner_change(struct ucsi_connector *con) con->num, u_role); } -static int ucsi_check_connector_capability(struct ucsi_connector *con) -{ - u64 command; - int ret; - - if (!con->partner || con->ucsi->version < UCSI_VERSION_2_0) - return 0; - - command = UCSI_GET_CONNECTOR_CAPABILITY | UCSI_CONNECTOR_NUMBER(con->num); - ret = ucsi_send_command(con->ucsi, command, &con->cap, sizeof(con->cap)); - if (ret < 0) { - dev_err(con->ucsi->dev, "GET_CONNECTOR_CAPABILITY failed (%d)\n", ret); - return ret; - } - - typec_partner_set_pd_revision(con->partner, - UCSI_CONCAP_FLAG_PARTNER_PD_MAJOR_REV_AS_BCD(con->cap.flags)); - - return ret; -} - static int ucsi_check_connection(struct ucsi_connector *con) { u8 prev_flags = con->status.flags; @@ -1231,15 +1231,16 @@ static void ucsi_handle_connector_change(struct work_struct *work) if (con->status.flags & UCSI_CONSTAT_CONNECTED) { ucsi_register_partner(con); ucsi_partner_task(con, ucsi_check_connection, 1, HZ); - ucsi_partner_task(con, ucsi_check_connector_capability, 1, HZ); if (con->ucsi->cap.features & UCSI_CAP_GET_PD_MESSAGE) ucsi_partner_task(con, ucsi_get_partner_identity, 1, HZ); if (con->ucsi->cap.features & UCSI_CAP_CABLE_DETAILS) ucsi_partner_task(con, ucsi_check_cable, 1, HZ); if (UCSI_CONSTAT_PWR_OPMODE(con->status.flags) == - UCSI_CONSTAT_PWR_OPMODE_PD) + UCSI_CONSTAT_PWR_OPMODE_PD) { ucsi_partner_task(con, ucsi_register_partner_pdos, 1, HZ); + ucsi_partner_task(con, ucsi_check_connector_capability, 1, HZ); + } } else { ucsi_unregister_partner(con); } @@ -1668,6 +1669,7 @@ static int ucsi_register_port(struct ucsi *ucsi, struct ucsi_connector *con) ucsi_register_device_pdos(con); ucsi_get_src_pdos(con); ucsi_check_altmodes(con); + ucsi_check_connector_capability(con); } trace_ucsi_register_port(con->num, &con->status); -- 2.45.2

3 months, 3 weeks

1
0
0 0

[PATCH 5.4] filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64

by Long Li

The locks_remove_posix() function in fcntl_setlk/fcntl_setlk64 is designed to reliably remove locks when an fcntl/close race is detected. However, it was passing in the wrong filelock owner, it looks like a mistake and resulting in a failure to remove locks. More critically, if the lock removal fails, it could lead to a uaf issue while traversing the locks. This problem occurs only in the 4.19/5.4 stable version. Fixes: 4c43ad4ab416 ("filelock: Fix fcntl/close race recovery compat path") Fixes: dc2ce1dfceaa ("filelock: Remove locks reliably when fcntl/close race is detected") Cc: stable(a)vger.kernel.org Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/locks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/locks.c b/fs/locks.c index 85c8af53d4eb..cf6ed857664b 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2542,7 +2542,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = fcheck(fd); spin_unlock(&current->files->file_lock); if (f != filp) { - locks_remove_posix(filp, &current->files); + locks_remove_posix(filp, current->files); error = -EBADF; } } @@ -2672,7 +2672,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd, f = fcheck(fd); spin_unlock(&current->files->file_lock); if (f != filp) { - locks_remove_posix(filp, &current->files); + locks_remove_posix(filp, current->files); error = -EBADF; } } -- 2.39.2

3 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 82dbb57ac8d06dfe8227ba9ab11a49de2b475ae5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081115-giving-hacked-fffb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 82dbb57ac8d0 ("scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES") 0c25422d34b4 ("scsi: mpt3sas: Remove scsi_dma_map() error messages") 1c2048bdc3f4 ("scsi: mpt3sas: switch to generic DMA API") 919d8a3f3fef ("scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level>") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 82dbb57ac8d06dfe8227ba9ab11a49de2b475ae5 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Fri, 19 Jul 2024 16:39:12 +0900 Subject: [PATCH] scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Some firmware versions of the 9600 series SAS HBA byte-swap the REPORT ZONES command reply buffer from ATA-ZAC devices by directly accessing the buffer in the host memory. This does not respect the default command DMA direction and causes IOMMU page faults on architectures with an IOMMU enforcing write-only mappings for DMA_FROM_DEVICE DMA driection (e.g. AMD hosts). scsi 18:0:0:0: Direct-Access-ZBC ATA WDC WSH722020AL W870 PQ: 0 ANSI: 6 scsi 18:0:0:0: SATA: handle(0x0027), sas_addr(0x300062b2083e7c40), phy(0), device_name(0x5000cca29dc35e11) scsi 18:0:0:0: enclosure logical id (0x300062b208097c40), slot(0) scsi 18:0:0:0: enclosure level(0x0000), connector name( C0.0) scsi 18:0:0:0: atapi(n), ncq(y), asyn_notify(n), smart(y), fua(y), sw_preserve(y) scsi 18:0:0:0: qdepth(32), tagged(1), scsi_level(7), cmd_que(1) sd 18:0:0:0: Attached scsi generic sg2 type 20 sd 18:0:0:0: [sdc] Host-managed zoned block device mpt3sas 0000:41:00.0: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0021 address=0xfff9b200 flags=0x0050] mpt3sas 0000:41:00.0: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0021 address=0xfff9b300 flags=0x0050] mpt3sas_cm0: mpt3sas_ctl_pre_reset_handler: Releasing the trace buffer due to adapter reset. mpt3sas_cm0 fault info from func: mpt3sas_base_make_ioc_ready mpt3sas_cm0: fault_state(0x2666)! mpt3sas_cm0: sending diag reset !! mpt3sas_cm0: diag reset: SUCCESS sd 18:0:0:0: [sdc] REPORT ZONES start lba 0 failed sd 18:0:0:0: [sdc] REPORT ZONES: Result: hostbyte=DID_RESET driverbyte=DRIVER_OK sd 18:0:0:0: [sdc] 0 4096-byte logical blocks: (0 B/0 B) Avoid such issue by always mapping the buffer of REPORT ZONES commands using DMA_BIDIRECTIONAL (read+write IOMMU mapping). This is done by introducing the helper function _base_scsi_dma_map() and using this helper in _base_build_sg_scmd() and _base_build_sg_scmd_ieee() instead of calling directly scsi_dma_map(). Fixes: 471ef9d4e498 ("mpt3sas: Build MPI SGL LIST on GEN2 HBAs and IEEE SGL LIST on GEN3 HBAs") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Link: https://lore.kernel.org/r/20240719073913.179559-3-dlemoal@kernel.org Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 1092497563b2..c8fb965a6bf0 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -2671,6 +2671,22 @@ _base_build_zero_len_sge_ieee(struct MPT3SAS_ADAPTER *ioc, void *paddr) _base_add_sg_single_ieee(paddr, sgl_flags, 0, 0, -1); } +static inline int _base_scsi_dma_map(struct scsi_cmnd *cmd) +{ + /* + * Some firmware versions byte-swap the REPORT ZONES command reply from + * ATA-ZAC devices by directly accessing in the host buffer. This does + * not respect the default command DMA direction and causes IOMMU page + * faults on some architectures with an IOMMU enforcing write mappings + * (e.g. AMD hosts). Avoid such issue by making the report zones buffer + * mapping bi-directional. + */ + if (cmd->cmnd[0] == ZBC_IN && cmd->cmnd[1] == ZI_REPORT_ZONES) + cmd->sc_data_direction = DMA_BIDIRECTIONAL; + + return scsi_dma_map(cmd); +} + /** * _base_build_sg_scmd - main sg creation routine * pcie_device is unused here! @@ -2717,7 +2733,7 @@ _base_build_sg_scmd(struct MPT3SAS_ADAPTER *ioc, sgl_flags = sgl_flags << MPI2_SGE_FLAGS_SHIFT; sg_scmd = scsi_sglist(scmd); - sges_left = scsi_dma_map(scmd); + sges_left = _base_scsi_dma_map(scmd); if (sges_left < 0) return -ENOMEM; @@ -2861,7 +2877,7 @@ _base_build_sg_scmd_ieee(struct MPT3SAS_ADAPTER *ioc, } sg_scmd = scsi_sglist(scmd); - sges_left = scsi_dma_map(scmd); + sges_left = _base_scsi_dma_map(scmd); if (sges_left < 0) return -ENOMEM;

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24e82654e98e96cece5d8b919c522054456eeec6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081202-hastily-panic-ee65@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24e82654e98e ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24e82654e98e96cece5d8b919c522054456eeec6 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 6b713fb0b818..fdf171ad4a3c 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1144,7 +1144,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2312,7 +2312,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3354,6 +3354,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

3 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081927-smoky-refrain-8af1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1e1fd567d32f ("dm suspend: return -ERESTARTSYS instead of -EINTR") 85067747cf98 ("dm: do not use waitqueue for request-based DM") 087615bf3acd ("dm mpath: pass IO start time to path selector") 5de719e3d01b ("dm mpath: fix missing call of path selector type->end_io") 645efa84f6c7 ("dm: add memory barrier before waitqueue_active") 3c94d83cb352 ("blk-mq: change blk_mq_queue_busy() to blk_mq_queue_inflight()") c4576aed8d85 ("dm: fix request-based dm's use of dm_wait_for_completion") b7934ba4147a ("dm: fix inflight IO check") 6f75723190d8 ("dm: remove the pending IO accounting") dbd3bbd291a0 ("dm rq: leverage blk_mq_queue_busy() to check for outstanding IO") 80a787ba3809 ("dm: dont rewrite dm_disk(md)->part0.in_flight") ae8799125d56 ("blk-mq: provide a helper to check if a queue is busy") 6a23e05c2fe3 ("dm: remove legacy request-based IO path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1e1fd567d32fcf7544c6e09e0e5bc6c650da6e23 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 13 Aug 2024 12:38:51 +0200 Subject: [PATCH] dm suspend: return -ERESTARTSYS instead of -EINTR This commit changes device mapper, so that it returns -ERESTARTSYS instead of -EINTR when it is interrupted by a signal (so that the ioctl can be restarted). The manpage signal(7) says that the ioctl function should be restarted if the signal was handled with SA_RESTART. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 97fab2087df8..87bb90303435 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2737,7 +2737,7 @@ static int dm_wait_for_bios_completion(struct mapped_device *md, unsigned int ta break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; } @@ -2762,7 +2762,7 @@ static int dm_wait_for_completion(struct mapped_device *md, unsigned int task_st break; if (signal_pending_state(task_state, current)) { - r = -EINTR; + r = -ERESTARTSYS; break; }

3 months, 3 weeks

3
2
0 0

[PATCH 5.10 0/1] Fix CVE-2021-3669

by hsimeliere.opensource＠witekio.com

https://nvd.nist.gov/vuln/detail/CVE-2021-3669

3 months, 3 weeks

2
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024