February 2025 - Linux-stable-mirror

[PATCH v2 3/3] usb: renesas_usbhs: Flush the notify_hotplug_work

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. Fixes: bc57381e6347 ("usb: renesas_usbhs: use delayed_work instead of work_struct") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 6c7857b66a21..4b35ef216125 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -781,6 +781,8 @@ static void usbhs_remove(struct platform_device *pdev) dev_dbg(&pdev->dev, "usb remove\n"); + flush_delayed_work(&priv->notify_hotplug_work); + /* power off */ if (!usbhs_get_dparam(priv, runtime_pwctrl)) usbhsc_power_ctrl(priv, 0); -- 2.43.0

5 months

1
0
0 0

[PATCH v2 2/3] usb: renesas_usbhs: Use devm_usb_get_phy()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The gpriv->transceiver is retrieved in probe() through usb_get_phy() but never released. Use devm_usb_get_phy() to handle this scenario. This issue was identified through code investigation. No issue was found without this change. Fixes: b5a2875605ca ("usb: renesas_usbhs: Allow an OTG PHY driver to provide VBUS") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 105132ae87ac..e8e5723f5412 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -1094,7 +1094,7 @@ int usbhs_mod_gadget_probe(struct usbhs_priv *priv) goto usbhs_mod_gadget_probe_err_gpriv; } - gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED); + gpriv->transceiver = devm_usb_get_phy(dev, USB_PHY_TYPE_UNDEFINED); dev_info(dev, "%stransceiver found\n", !IS_ERR(gpriv->transceiver) ? "" : "no "); -- 2.43.0

5 months

1
0
0 0

[PATCH v2 1/3] usb: renesas_usbhs: Call clk_put()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Clocks acquired with of_clk_get() need to be freed with clk_put(). Call clk_put() on priv->clks[0] on error path. Fixes: 3df0e240caba ("usb: renesas_usbhs: Add multiple clocks management") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - collected tags drivers/usb/renesas_usbhs/common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c index 935fc496fe94..6c7857b66a21 100644 --- a/drivers/usb/renesas_usbhs/common.c +++ b/drivers/usb/renesas_usbhs/common.c @@ -312,8 +312,10 @@ static int usbhsc_clk_get(struct device *dev, struct usbhs_priv *priv) priv->clks[1] = of_clk_get(dev_of_node(dev), 1); if (PTR_ERR(priv->clks[1]) == -ENOENT) priv->clks[1] = NULL; - else if (IS_ERR(priv->clks[1])) + else if (IS_ERR(priv->clks[1])) { + clk_put(priv->clks[0]); return PTR_ERR(priv->clks[1]); + } return 0; } -- 2.43.0

5 months

1
0
0 0

[PATCH 1/1] usb: xhci: Enable the TRB overfetch quirk on VIA VL805

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mem.c | 3 ++- drivers/usb/host/xhci-pci.c | 10 +++++++--- drivers/usb/host/xhci.h | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) -- 2.43.0

5 months

1
0
0 0

Re: Please backport: netfilter: nft_counter: Use u64_stats_t for statistic.

by MOESSBAUER, Felix

On Fri, 2024-09-27 at 21:06 +0000, Clark Williams wrote: > On Fri, Sep 27, 2024 at 3:57 PM Sebastian Andrzej Siewior > <bigeasy(a)linutronix.de> wrote: > > > > Hi, > > > > please backport > > > > 4a1d3acd6ea86 ("netfilter: nft_counter: Use u64_stats_t for > > statistic.") > > > > https://git.kernel.org/torvalds/c/4a1d3acd6ea86 > > > > Sebastian > > > > Do you want backports to both v6.6-rt and v6.1-rt ? Hi, we need the fix in both v6.6-rt and v6.1-rt. In v5.15-rt we already have it, in v5.10.234-rt127 we will have it once released. Best regards, Felix > -- Siemens AG Linux Expert Center Friedrich-Ludwig-Bauer-Str. 3 85748 Garching, Germany

5 months

1
0
0 0

[PATCH 5.10/5.15 0/2] smb: client: fix UAF in async decryption

by Anastasia Belova

Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") fixes CVE-2024-50047 but brings NULL-pointer dereferebce. So commit 4bdec0d1f658 ("smb: client: fix NULL ptr deref in crypto_aead_setkey()") should be backported too.

5 months

1
2
0 0

[PATCH net-next v3 1/4] stmmac: loongson: Pass correct arg to PCI function

by Philipp Stanner

pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index bfe6e2d631bd..73a6715a93e6 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -555,7 +557,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -673,7 +675,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove, -- 2.48.1

5 months

3
2
0 0

[PATCH] x86/vmemmap: Synchronize with global pgds if populating init_mm's pgd

by Gwan-gyeong Mun

Address an Oops issues when performing test of loading XE GPU driver module after applying the GPU SVM and Xe SVM patch series[1] and the Dept patch series[2]. The issue occurs when loading the xe driver via modprobe [3], which adds a struct page for device memory via devm_memremap_pages(). When a process leads the addition of a struct page to vmemmap (e.g. hot-plug), the page table update for the newly added vmemmap-based virtual address is updated first in init_mm's page table and then synchronized later. If the vmemmap-based virtual address is accessed through the process's page table before this sync, a page fault will occur. This addresses the issue by synchronizing with the global pgds immediately after populating the init_mm's pgd. On platforms other than the x86 platform, there is currently no case of accessing the address before synchronizing the pgd, so applying the weak symbol to existing vmemmap_pgd_populate() and vmemmap_pgd_populate(), and adding a strong- symbol function to x86 so that only the x86 platform have this behavior. [1] https://lore.kernel.org/dri-devel/20250213021112.1228481-1-matthew.brost@in… [2] https://lore.kernel.org/lkml/20240508094726.35754-1-byungchul@sk.com/ [3] [ 49.103630] xe 0000:00:04.0: [drm] Available VRAM: 0x0000000800000000, 0x00000002fb800000 [ 49.116710] BUG: unable to handle page fault for address: ffffeb3ff1200000 [ 49.117175] #PF: supervisor write access in kernel mode [ 49.117511] #PF: error_code(0x0002) - not-present page [ 49.117835] PGD 0 P4D 0 [ 49.118015] Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI [ 49.118366] CPU: 3 UID: 0 PID: 302 Comm: modprobe Tainted: G W 6.13.0-drm-tip-test+ #62 [ 49.118976] Tainted: [W]=WARN [ 49.119179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 49.119710] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.120011] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.121158] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.121502] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.121966] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.122499] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.123032] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.123566] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.124096] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.124698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.125129] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.125662] PKRU: 55555554 [ 49.125880] Call Trace: [ 49.126078] <TASK> [ 49.126252] ? __die_body.cold+0x19/0x26 [ 49.126509] ? page_fault_oops+0xa2/0x240 [ 49.126736] ? preempt_count_add+0x47/0xa0 [ 49.126968] ? search_module_extables+0x4a/0x80 [ 49.127224] ? exc_page_fault+0x206/0x230 [ 49.127454] ? asm_exc_page_fault+0x22/0x30 [ 49.127691] ? vmemmap_set_pmd+0xff/0x230 [ 49.127919] vmemmap_populate_hugepages+0x176/0x180 [ 49.128194] vmemmap_populate+0x34/0x80 [ 49.128416] __populate_section_memmap+0x41/0x90 [ 49.128676] sparse_add_section+0x121/0x3e0 [ 49.128914] __add_pages+0xba/0x150 [ 49.129116] add_pages+0x1d/0x70 [ 49.129305] memremap_pages+0x3dc/0x810 [ 49.129529] devm_memremap_pages+0x1c/0x60 [ 49.129762] xe_devm_add+0x8b/0x100 [xe] [ 49.130072] xe_tile_init_noalloc+0x6a/0x70 [xe] [ 49.130408] xe_device_probe+0x48c/0x740 [xe] [ 49.130714] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.130982] ? __drmm_add_action+0x85/0xd0 [ 49.131208] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.131478] xe_pci_probe+0x7ef/0xd90 [xe] [ 49.131777] ? _raw_spin_unlock_irqrestore+0x66/0x90 [ 49.132049] ? lockdep_hardirqs_on+0xba/0x140 [ 49.132290] pci_device_probe+0x99/0x110 [ 49.132510] really_probe+0xdb/0x340 [ 49.132710] ? pm_runtime_barrier+0x50/0x90 [ 49.132941] ? __pfx___driver_attach+0x10/0x10 [ 49.133190] __driver_probe_device+0x78/0x110 [ 49.133433] driver_probe_device+0x1f/0xa0 [ 49.133661] __driver_attach+0xba/0x1c0 [ 49.133874] bus_for_each_dev+0x7a/0xd0 [ 49.134089] bus_add_driver+0x114/0x200 [ 49.134302] driver_register+0x6e/0xc0 [ 49.134515] xe_init+0x1e/0x50 [xe] [ 49.134827] ? __pfx_xe_init+0x10/0x10 [xe] [ 49.134926] xe 0000:00:04.0: [drm:process_one_work] GT1: GuC CT safe-mode canceled [ 49.135112] do_one_initcall+0x5b/0x2b0 [ 49.135734] ? rcu_is_watching+0xd/0x40 [ 49.135995] ? __kmalloc_cache_noprof+0x231/0x310 [ 49.136315] do_init_module+0x60/0x210 [ 49.136572] init_module_from_file+0x86/0xc0 [ 49.136863] idempotent_init_module+0x12b/0x340 [ 49.137156] __x64_sys_finit_module+0x61/0xc0 [ 49.137437] do_syscall_64+0x69/0x140 [ 49.137681] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 49.137953] RIP: 0033:0x7f53ae1261fd [ 49.138153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 fa 0c 00 f7 d8 64 89 01 48 [ 49.139117] RSP: 002b:00007ffd0e9021e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 49.139525] RAX: ffffffffffffffda RBX: 000055c02951ee50 RCX: 00007f53ae1261fd [ 49.139905] RDX: 0000000000000000 RSI: 000055bfff125478 RDI: 0000000000000010 [ 49.140282] RBP: 000055bfff125478 R08: 00007f53ae1f6b20 R09: 00007ffd0e902230 [ 49.140663] R10: 000055c029522000 R11: 0000000000000246 R12: 0000000000040000 [ 49.141040] R13: 000055c02951ef80 R14: 0000000000000000 R15: 000055c029521fc0 [ 49.141424] </TASK> [ 49.141552] Modules linked in: xe(+) drm_ttm_helper gpu_sched drm_suballoc_helper drm_gpuvm drm_exec drm_gpusvm i2c_algo_bit drm_buddy video wmi ttm drm_display_helper drm_kms_helper crct10dif_pclmul crc32_pclmul i2c_piix4 e1000 ghash_clmulni_intel i2c_smbus fuse [ 49.142824] CR2: ffffeb3ff1200000 [ 49.143010] ---[ end trace 0000000000000000 ]--- [ 49.143268] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.143523] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.144489] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.144775] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.145154] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.145536] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.145914] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.146292] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.146671] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.147097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.147407] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.147786] PKRU: 55555554 [ 49.147941] note: modprobe[302] exited with irqs disabled Fixes: faf1c0008a33 ("x86/vmemmap: optimize for consecutive sections in partial populated PMDs") Signed-off-by: Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> Cc: <linux-mm(a)kvack.org> --- arch/x86/mm/init_64.c | 48 +++++++++++++++++++++++++++++++++++++++++++ mm/sparse-vmemmap.c | 4 ++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 01ea7c6df303..7935859bcc21 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1498,6 +1498,54 @@ static long __meminitdata addr_start, addr_end; static void __meminitdata *p_start, *p_end; static int __meminitdata node_start; +static void * __meminit vmemmap_alloc_block_zero(unsigned long size, int node) +{ + void *p = vmemmap_alloc_block(size, node); + + if (!p) + return NULL; + memset(p, 0, size); + + return p; +} + +p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) +{ + p4d_t *p4d = p4d_offset(pgd, addr); + + if (p4d_none(*p4d)) { + void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); + + if (!p) + return NULL; + + pud_init(p); + p4d_populate(&init_mm, p4d, p); + + if (!pgtable_l5_enabled()) + sync_global_pgds(addr, addr); + } + + return p4d; +} + +pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) +{ + pgd_t *pgd = pgd_offset_k(addr); + + if (pgd_none(*pgd)) { + void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); + + if (!p) + return NULL; + + pgd_populate(&init_mm, pgd, p); + sync_global_pgds(addr, addr); + } + + return pgd; +} + void __meminit vmemmap_set_pmd(pmd_t *pmd, void *p, int node, unsigned long addr, unsigned long next) { diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 3287ebadd167..c0a803046db0 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -211,7 +211,7 @@ pud_t * __meminit vmemmap_pud_populate(p4d_t *p4d, unsigned long addr, int node) return pud; } -p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) +p4d_t * __weak __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) { p4d_t *p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { @@ -224,7 +224,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) return p4d; } -pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) +pgd_t * __weak __meminit vmemmap_pgd_populate(unsigned long addr, int node) { pgd_t *pgd = pgd_offset_k(addr); if (pgd_none(*pgd)) { -- 2.48.1

5 months

3
2
0 0

[PATCH 6.13 000/138] 6.13.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.5 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Feb 2025 14:25:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.5-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Arnd Bergmann <arnd(a)arndb.de> drm: select DRM_KMS_HELPER from DRM_GEM_SHMEM_HELPER Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Hyeonggon Yoo <42.hyeyoo(a)gmail.com> mm/zswap: fix inconsistency when zswap_store_page() fails Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Johan Korsnes <johan.korsnes(a)remarkable.no> gpio: vf610: add locking to gpio direction functions Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: check the return value of gpio_chip::get_direction() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: account for widebus and yuv420 during mode validation Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Compact RSEQ concurrency IDs with reduced threads and affinity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Hannes Reinecke <hare(a)kernel.org> nvmet: Fix crash when a namespace is disabled Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix error handling in xe_irq_install() Ilia Levi <ilia.levi(a)intel.com> drm/xe/irq: Separate MSI and MSI-X flows Ilia Levi <ilia.levi(a)intel.com> drm/xe: Make irq enabled flag atomic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: fix fixed-regulator renames on rk3399-gru devices Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Gary Guo <gary(a)garyguo.net> rust: cleanup unnecessary casts Gary Guo <gary(a)garyguo.net> rust: map `long` to `isize` and `char` to `u8` Miguel Ojeda <ojeda(a)kernel.org> rust: finish using custom FFI integer types Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Increment the runtime usage counter for the earlycon device Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() John Starks <jostarks(a)microsoft.com> Drivers: hv: vmbus: Log on missing offers if any ------------- Diffstat: Makefile | 4 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 3 +- .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dts | 1 + .../boot/dts/rockchip/rk3328-orangepi-r1-plus.dtsi | 1 - .../boot/dts/rockchip/rk3399-gru-chromebook.dtsi | 8 +- .../boot/dts/rockchip/rk3399-gru-scarlet.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 22 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpio-vf610.c | 4 + drivers/gpio/gpiolib.c | 92 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/Kconfig | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 130 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + drivers/gpu/drm/drm_panic_qr.rs | 2 +- drivers/gpu/drm/i915/display/icl_dsi.c | 4 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 11 +- drivers/gpu/drm/msm/dp/dp_drm.c | 5 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/display/ext/i915_irq.c | 13 +- drivers/gpu/drm/xe/xe_device.c | 4 +- drivers/gpu/drm/xe/xe_device.h | 3 +- drivers/gpu/drm/xe/xe_device_types.h | 8 +- drivers/gpu/drm/xe/xe_irq.c | 298 ++++-- drivers/gpu/drm/xe/xe_irq.h | 3 + drivers/hv/vmbus_drv.c | 17 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/nvme/target/core.c | 40 +- drivers/pci/devres.c | 58 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/tty/serial/sh-sci.c | 68 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/extent_io.c | 102 +- fs/btrfs/inode.c | 3 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/mm_types.h | 7 +- include/linux/netdevice.h | 2 + include/linux/pci.h | 1 + include/linux/pse-pd/pse.h | 16 +- include/net/gro.h | 3 + include/net/tcp.h | 14 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/sched.h | 25 +- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- mm/zswap.c | 35 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- rust/ffi.rs | 37 +- rust/kernel/device.rs | 4 +- rust/kernel/error.rs | 5 +- rust/kernel/firmware.rs | 2 +- rust/kernel/miscdevice.rs | 12 +- rust/kernel/print.rs | 4 +- rust/kernel/security.rs | 2 +- rust/kernel/seq_file.rs | 2 +- rust/kernel/str.rs | 6 +- rust/kernel/uaccess.rs | 27 +- samples/rust/rust_print_main.rs | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- 161 files changed, 3061 insertions(+), 1304 deletions(-)

5 months

9
148
0 0

[PATCH 1/5] drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size)

by Mingcong Bai

Commit b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") introduced an internal set of engine registers, however, as part of this change, it has also introduced two duplicate `define' lines for `RING_CTL_SIZE(size)'. This commit was introduced to the tree in v6.8-rc1. While this is harmless as the definitions did not change, so no compiler warning was observed. Drop this line anyway for the sake of correctness. Cc: <stable(a)vger.kernel.org> # v6.8-rc1+ Fixes: b79e8fd954c4 ("drm/xe: Remove dependency on intel_engine_regs.h") Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/xe/regs/xe_engine_regs.h b/drivers/gpu/drm/xe/regs/xe_engine_regs.h index d86219dedde2a..b732c89816dff 100644 --- a/drivers/gpu/drm/xe/regs/xe_engine_regs.h +++ b/drivers/gpu/drm/xe/regs/xe_engine_regs.h @@ -53,7 +53,6 @@ #define RING_CTL(base) XE_REG((base) + 0x3c) #define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ -#define RING_CTL_SIZE(size) ((size) - PAGE_SIZE) /* in bytes -> pages */ #define RING_START_UDW(base) XE_REG((base) + 0x48) -- 2.48.1

5 months

1
1
0 0

[PATCH 6.12 000/154] 6.12.17-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.17 release. There are 154 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 26 Feb 2025 14:25:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.17-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.17-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump version for RV/PCO compute fix Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: manually control gfxoff for CS on RV Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts Kevin Brodsky <kevin.brodsky(a)arm.com> selftests/mm: build with -O2 Tejun Heo <tj(a)kernel.org> sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq() Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix deadlock in current limit functions Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix using ret variable in tracing_set_tracer() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Steven Rostedt <rostedt(a)goodmis.org> ftrace: Fix accounting of adding subops to a manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix event constraints for LNC Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> mtd: spi-nor: sst: Fix SST write failure Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Pavel Begunkov <asml.silence(a)gmail.com> lib/iov_iter: fix import_iovec_ubuf iovec management Darrick J. Wong <djwong(a)kernel.org> xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Fix ESSA detection Haoxiang Li <haoxiang_li2024(a)163.com> soc: loongson: loongson2_guts: Add check for devm_kstrdup() Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM Alexander Shiyan <eagle.alexander923(a)gmail.com> arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588 David Hildenbrand <david(a)redhat.com> mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: check the return value of gpio_chip::get_direction() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent opcode speculation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rw: forbid multishot async reads Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/gt: Use spin_lock_irqsave() in interruptible context Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix error handling during 128b/132b link training Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: fix reset signal polarity Artur Rojek <contact(a)artur-rojek.eu> irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request Aaron Kling <webgeek1234(a)gmail.com> drm/nouveau/pmu: Fix gp10b firmware guard Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Caleb Sander Mateos <csander(a)purestorage.com> nvme-tcp: fix connect failure on receiving partial ICResp PDU Damien Le Moal <dlemoal(a)kernel.org> nvme: tcp: Fix compilation warning with W=1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450 Rob Clark <robdclark(a)chromium.org> drm/msm: Avoid rounding up to one jiffy David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Geert Uytterhoeven <geert+renesas(a)glider.be> platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU Geert Uytterhoeven <geert+renesas(a)glider.be> firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC Bart Van Assche <bvanassche(a)acm.org> md/raid*: Fix the set_queue_limits implementations Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set Patrick Wildt <patrick(a)blueri.se> arm64: dts: rockchip: adjust SMMU interrupt type on rk3588 Alan Maguire <alan.maguire(a)oracle.com> bpf: Fix softlockup in arena_map_free on 64k page kernel Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Add tests for raw_tp null handling Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Fix fault handling for AXP717 Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook Abel Wu <wuyun.abel(a)bytedance.com> bpf: Fix deadlock when freeing cgroup storage Jiayuan Chen <mrpre(a)163.com> bpf: Disable non stream socket for strparser Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Andrii Nakryiko <andrii(a)kernel.org> bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: pd692x0: Fix power limit retrieval Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Use power limit at driver side instead of current limit Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Avoid setting max_uA in regulator constraints Jakub Kicinski <kuba(a)kernel.org> tcp: adjust rcvq_space after updating scaling ratio Michal Luczaj <mhal(a)rbox.co> vsock/bpf: Warn on socket without transport Michal Luczaj <mhal(a)rbox.co> sockmap, vsock: For connectible sockets allow only connected Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Julian Ruess <julianr(a)linux.ibm.com> s390/ism: add release function for struct device Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Drop UMP events when no UMP-conversion is set Pierre Riteau <pierre(a)stackhpc.com> net/sched: cls_api: fix error handling causing NULL dereference Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Junnan Wu <junnan01.wu(a)samsung.com> vsock/virtio: fix variables initialization during resuming Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Disable KASAN report during patching via temporary mm Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Tejun Heo <tj(a)kernel.org> sched_ext: Fix migration disabled handling in targeted dispatches Tejun Heo <tj(a)kernel.org> sched_ext: Factor out move_task_between_dsqs() from scx_dispatch_from_dsq() Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Steven Rostedt <rostedt(a)goodmis.org> tracing: Have the error of __tracing_resize_ring_buffer() passed to user Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace.c code over to use guard() Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Move gfx12 trap handler to separate file Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Add FW state dump on TDR Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Add coredump support Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Limit FW version string length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Fabien Parent <fparent(a)baylibre.com> arm64: dts: mediatek: mt8183-pumpkin: add HDMI support Takashi Iwai <tiwai(a)suse.de> PCI: Restore original INTX_DISABLE bit by pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Remove devres from pci_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Export pci_intx_unmanaged() and pcim_intx() Philipp Stanner <pstanner(a)redhat.com> PCI: Make pcim_request_all_regions() a public function Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: serio - define serio_pause_rx guard to pause and resume serio ports Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm loanchen <lo-an.chen(a)amd.com> drm/amd/display: Correct register address in dcn35 Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: update dcn351 used clock offset Lohita Mudimela <lohita.mudimela(a)amd.com> drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Sean Christopherson <seanjc(a)google.com> KVM: x86: Inline kvm_get_apic_mode() in lapic.h Sean Christopherson <seanjc(a)google.com> KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base() Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when extent_writepage_io() failed Qu Wenruo <wqu(a)suse.com> btrfs: fix double accounting race when btrfs_run_delalloc_range() failed David Sterba <dsterba(a)suse.com> btrfs: use btrfs_inode in extent_writepage() Qu Wenruo <wqu(a)suse.com> btrfs: rename btrfs_folio_(set|start|end)_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: unify to use writer locks for subpage locking Qu Wenruo <wqu(a)suse.com> btrfs: remove unused btrfs_folio_start_writer_lock() Qu Wenruo <wqu(a)suse.com> btrfs: mark all dirty sectors as locked inside writepage_delalloc() Qu Wenruo <wqu(a)suse.com> btrfs: move the delalloc range bitmap search into extent_io.c Qu Wenruo <wqu(a)suse.com> btrfs: do not assume the full page range is not dirty in extent_writepage_io() Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> xe/oa: Fix query mode of operation for OAR/OAC Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add input fence dependencies Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Define and parse OA sync properties Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Separate batch submission from waiting for completion Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 123 ++- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 - arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 6 + .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 22 +- .../dts/rockchip/rk3588-coolpi-cm5-genbook.dts | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 12 +- arch/powerpc/lib/code-patching.c | 4 +- arch/s390/boot/startup.c | 2 +- arch/x86/events/intel/core.c | 20 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 8 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 17 +- drivers/accel/ivpu/Kconfig | 1 + drivers/accel/ivpu/Makefile | 1 + drivers/accel/ivpu/ivpu_coredump.c | 39 + drivers/accel/ivpu/ivpu_coredump.h | 25 + drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_drv.h | 1 + drivers/accel/ivpu/ivpu_fw.c | 7 +- drivers/accel/ivpu/ivpu_fw.h | 6 +- drivers/accel/ivpu/ivpu_fw_log.h | 8 - drivers/accel/ivpu/ivpu_hw.c | 3 + drivers/accel/ivpu/ivpu_ipc.c | 26 + drivers/accel/ivpu/ivpu_ipc.h | 2 + drivers/accel/ivpu/ivpu_jsm_msg.c | 8 + drivers/accel/ivpu/ivpu_jsm_msg.h | 2 + drivers/accel/ivpu/ivpu_pm.c | 85 +- drivers/bluetooth/btqca.c | 118 +- drivers/clocksource/jcore-pit.c | 15 +- drivers/edac/qcom_edac.c | 4 +- .../firmware/arm_scmi/vendors/imx/imx-sm-misc.c | 4 +- drivers/firmware/imx/Kconfig | 1 + drivers/gpio/gpiolib.c | 92 +- drivers/gpio/gpiolib.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 32 +- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 3 +- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx10.asm | 202 +--- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 1130 ++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/clk_mgr/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 5 +- .../amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 6 +- .../amd/display/dc/clk_mgr/dcn35/dcn351_clk_mgr.c | 140 +++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 131 ++- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.h | 4 + .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 59 + .../display/dc/link/protocols/link_dp_capability.c | 3 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + .../gpu/drm/i915/display/intel_dp_link_training.c | 15 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_4_sm6125.h | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_top.c | 2 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 53 +- drivers/gpu/drm/msm/msm_drv.h | 11 +- .../gpu/drm/msm/registers/display/dsi_phy_7nm.xml | 11 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gp10b.c | 2 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 8 +- drivers/gpu/drm/xe/xe_oa.c | 265 +++-- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 5 +- drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/input/mouse/synaptics.c | 56 +- drivers/input/mouse/synaptics.h | 1 + drivers/irqchip/irq-gic-v3.c | 49 +- drivers/irqchip/irq-jcore-aic.c | 2 +- drivers/md/raid0.c | 4 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 4 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/mtd/spi-nor/sst.c | 2 +- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 27 +- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/pse-pd/pd692x0.c | 45 +- drivers/net/pse-pd/pse_core.c | 98 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/tcp.c | 7 +- drivers/pci/devres.c | 61 +- drivers/pci/pci.c | 16 +- drivers/platform/cznic/Kconfig | 1 + drivers/power/supply/axp20x_battery.c | 31 +- drivers/power/supply/da9150-fg.c | 4 +- drivers/s390/net/ism_drv.c | 14 +- drivers/soc/loongson/loongson2_guts.c | 5 +- drivers/tee/optee/supp.c | 35 +- drivers/usb/gadget/function/f_midi.c | 2 +- fs/btrfs/compression.c | 3 +- fs/btrfs/extent_io.c | 174 ++- fs/btrfs/inode.c | 3 +- fs/btrfs/subpage.c | 202 +--- fs/btrfs/subpage.h | 39 +- fs/smb/client/inode.c | 4 +- fs/smb/client/smb2ops.c | 4 + fs/xfs/scrub/common.h | 5 - fs/xfs/scrub/repair.h | 11 +- fs/xfs/scrub/scrub.c | 12 + include/linux/netdevice.h | 2 + include/linux/pci.h | 2 + include/linux/pse-pd/pse.h | 16 +- include/linux/serio.h | 3 + include/linux/skmsg.h | 2 + include/net/gro.h | 3 + include/net/strparser.h | 2 + include/net/tcp.h | 22 + include/uapi/drm/xe_drm.h | 17 + io_uring/io_uring.c | 2 + io_uring/rw.c | 13 +- kernel/acct.c | 134 ++- kernel/bpf/arena.c | 2 +- kernel/bpf/bpf_cgrp_storage.c | 2 +- kernel/bpf/btf.c | 2 + kernel/bpf/ringbuf.c | 4 - kernel/bpf/syscall.c | 43 +- kernel/sched/ext.c | 150 ++- kernel/trace/ftrace.c | 36 +- kernel/trace/trace.c | 277 ++--- kernel/trace/trace_functions.c | 6 +- lib/iov_iter.c | 3 +- mm/madvise.c | 11 +- mm/migrate_device.c | 13 +- net/bpf/test_run.c | 5 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 3 - net/core/skbuff.c | 10 +- net/core/skmsg.c | 7 + net/core/sock_map.c | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 20 +- net/ipv4/tcp_ipv4.c | 2 +- net/sched/cls_api.c | 2 +- net/strparser/strparser.c | 11 +- net/vmw_vsock/af_vsock.c | 3 + net/vmw_vsock/virtio_transport.c | 10 +- net/vmw_vsock/vsock_bpf.c | 2 +- sound/core/seq/seq_clientmgr.c | 12 +- sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/fsl/imx-audmix.c | 31 - sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 10 +- sound/soc/sof/ipc4-topology.c | 12 +- sound/soc/sof/pcm.c | 2 + sound/soc/sof/stream-ipc.c | 6 +- .../selftests/bpf/bpf_testmod/bpf_testmod-events.h | 8 + .../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 + .../testing/selftests/bpf/prog_tests/raw_tp_null.c | 25 + tools/testing/selftests/bpf/progs/raw_tp_null.c | 32 + tools/testing/selftests/mm/Makefile | 9 +- 181 files changed, 3590 insertions(+), 1560 deletions(-)

5 months

6
161
0 0

[PATCH v6 1/3] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

by Vishal Annapurve

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Cc: stable(a)vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/paravirt.c | 14 ++++++---- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index cf7fc2b8e3ce..1c2db11a2c3c 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 041aff51eb50..29e7331a0c98 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index fea56b04f436..abccfccc2e3f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 1ccaa3397a67..c5bb980b8a67 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -110,6 +110,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -125,11 +130,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -186,9 +186,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local, -- 2.48.1.658.g4767266eb4-goog

5 months

2
1
0 0

[PATCH 12/27] drm/amd/display: wait for outstanding hw updates

by Wayne Lin

From: Ausef Yousof <Ausef.Yousof(a)amd.com> [why&how] seeing display corruption as a result of not waiting for certain values to latch and attempting otg locking/programming before waiting for them, there is code in place for this but dcn35 does not initialize these functions. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Ausef Yousof <Ausef.Yousof(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c | 1 + drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 6a82a865209c..7be72fd88477 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -128,6 +128,7 @@ static const struct hw_sequencer_funcs dcn35_funcs = { .enable_plane = dcn20_enable_plane, .update_dchubp_dpp = dcn20_update_dchubp_dpp, .post_unlock_reset_opp = dcn20_post_unlock_reset_opp, + .wait_for_all_pending_updates = dcn30_wait_for_all_pending_updates }; static const struct hwseq_private_funcs dcn35_private_funcs = { diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c index b86fe2b094f8..eb29e852dedb 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c @@ -493,6 +493,9 @@ static struct timing_generator_funcs dcn35_tg_funcs = { .set_long_vtotal = optc35_set_long_vtotal, .is_two_pixels_per_container = optc1_is_two_pixels_per_container, .read_otg_state = optc31_read_otg_state, + .get_optc_double_buffer_pending = optc3_get_optc_double_buffer_pending, + .get_pipe_update_pending = optc3_get_pipe_update_pending, + .get_otg_double_buffer_pending = optc3_get_otg_update_pending, }; void dcn35_timing_generator_init(struct optc *optc1) -- 2.37.3

5 months

1
0
0 0

[PATCH 0/2] Some fixes for Goodix Berlin touchscreen driver

by Luca Weiss

One is a simple comment fix, and the second one fixes a discrepancy between dt-bindings and driver, aligning the driver to match dt-bindings. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Luca Weiss (2): Input: goodix-berlin - fix comment referencing wrong regulator Input: goodix-berlin - fix vddio regulator references drivers/input/touchscreen/goodix_berlin_core.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) --- base-commit: 8155b4ef3466f0e289e8fcc9e6e62f3f4dceeac2 change-id: 20250103-goodix-berlin-fixes-0f776d90caa7 Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

5 months

3
4
0 0

+ nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback has been added to the -mm mm-hotfixes-unstable branch. Its filename is nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Snitzer <snitzer(a)kernel.org> Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Date: Mon, 24 Feb 2025 21:20:02 -0500 Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} Link: https://lkml.kernel.org/r/20250225022002.26141-1-snitzer@kernel.org Fixes: 96780ca55e3cb ("NFS: fix up nfs_release_folio() to try to release the page") Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Cc: Anna Schumaker <anna.schumaker(a)oracle.com> Cc: Trond Myklebust <trond.myklebust(a)hammerspace.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nfs/file.c | 3 ++- include/linux/compaction.h | 5 +++++ include/linux/sched.h | 2 +- mm/compaction.c | 3 +++ 4 files changed, 11 insertions(+), 2 deletions(-) --- a/fs/nfs/file.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/fs/nfs/file.c @@ -29,6 +29,7 @@ #include <linux/pagemap.h> #include <linux/gfp.h> #include <linux/swap.h> +#include <linux/compaction.h> #include <linux/uaccess.h> #include <linux/filelock.h> @@ -457,7 +458,7 @@ static bool nfs_release_folio(struct fol /* If the private flag is set, then the folio is not freeable */ if (folio_test_private(folio)) { if ((current_gfp_context(gfp) & GFP_KERNEL) != GFP_KERNEL || - current_is_kswapd()) + current_is_kswapd() || current_is_kcompactd()) return false; if (nfs_wb_folio(folio->mapping->host, folio) < 0) return false; --- a/include/linux/compaction.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/compaction.h @@ -80,6 +80,11 @@ static inline unsigned long compact_gap( return 2UL << order; } +static inline int current_is_kcompactd(void) +{ + return current->flags & PF_KCOMPACTD; +} + #ifdef CONFIG_COMPACTION extern unsigned int extfrag_for_order(struct zone *zone, unsigned int order); --- a/include/linux/sched.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/sched.h @@ -1701,7 +1701,7 @@ extern struct pid *cad_pid; #define PF_USED_MATH 0x00002000 /* If unset the fpu must be initialized before use */ #define PF_USER_WORKER 0x00004000 /* Kernel thread cloned from userspace thread */ #define PF_NOFREEZE 0x00008000 /* This thread should not be frozen */ -#define PF__HOLE__00010000 0x00010000 +#define PF_KCOMPACTD 0x00010000 /* I am kcompactd */ #define PF_KSWAPD 0x00020000 /* I am kswapd */ #define PF_MEMALLOC_NOFS 0x00040000 /* All allocations inherit GFP_NOFS. See memalloc_nfs_save() */ #define PF_MEMALLOC_NOIO 0x00080000 /* All allocations inherit GFP_NOIO. See memalloc_noio_save() */ --- a/mm/compaction.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/mm/compaction.c @@ -3181,6 +3181,7 @@ static int kcompactd(void *p) long default_timeout = msecs_to_jiffies(HPAGE_FRAG_CHECK_INTERVAL_MSEC); long timeout = default_timeout; + tsk->flags |= PF_KCOMPACTD; set_freezable(); pgdat->kcompactd_max_order = 0; @@ -3237,6 +3238,8 @@ static int kcompactd(void *p) pgdat->proactive_compact_trigger = false; } + tsk->flags &= ~PF_KCOMPACTD; + return 0; } _ Patches currently in -mm which might be from snitzer(a)kernel.org are nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch

5 months

1
0
0 0

+ nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: NFS: fix nfs_release_folio() to not call nfs_wb_folio() from kcompactd has been added to the -mm mm-hotfixes-unstable branch. Its filename is nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Snitzer <snitzer(a)kernel.org> Subject: NFS: fix nfs_release_folio() to not call nfs_wb_folio() from kcompactd Date: Mon, 24 Feb 2025 19:33:01 -0500 Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd induced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} Link: https://lkml.kernel.org/r/20250225003301.25693-1-snitzer@kernel.org Fixes: 96780ca55e3cb ("NFS: fix up nfs_release_folio() to try to release the page") Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Cc: Anna Schumaker <anna.schumaker(a)oracle.com> Cc: Trond Myklebust <trond.myklebust(a)hammerspace.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nfs/file.c | 3 ++- include/linux/compaction.h | 5 +++++ include/linux/sched.h | 2 +- mm/compaction.c | 3 +++ 4 files changed, 11 insertions(+), 2 deletions(-) --- a/fs/nfs/file.c~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/fs/nfs/file.c @@ -29,6 +29,7 @@ #include <linux/pagemap.h> #include <linux/gfp.h> #include <linux/swap.h> +#include <linux/compaction.h> #include <linux/uaccess.h> #include <linux/filelock.h> @@ -457,7 +458,7 @@ static bool nfs_release_folio(struct fol /* If the private flag is set, then the folio is not freeable */ if (folio_test_private(folio)) { if ((current_gfp_context(gfp) & GFP_KERNEL) != GFP_KERNEL || - current_is_kswapd()) + current_is_kswapd() || current_is_kcompactd()) return false; if (nfs_wb_folio(folio->mapping->host, folio) < 0) return false; --- a/include/linux/compaction.h~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/include/linux/compaction.h @@ -80,6 +80,11 @@ static inline unsigned long compact_gap( return 2UL << order; } +static inline int current_is_kcompactd(void) +{ + return current->flags & PF_KCOMPACTD; +} + #ifdef CONFIG_COMPACTION extern unsigned int extfrag_for_order(struct zone *zone, unsigned int order); --- a/include/linux/sched.h~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/include/linux/sched.h @@ -1701,7 +1701,7 @@ extern struct pid *cad_pid; #define PF_USED_MATH 0x00002000 /* If unset the fpu must be initialized before use */ #define PF_USER_WORKER 0x00004000 /* Kernel thread cloned from userspace thread */ #define PF_NOFREEZE 0x00008000 /* This thread should not be frozen */ -#define PF__HOLE__00010000 0x00010000 +#define PF_KCOMPACTD 0x00010000 /* I am kcompactd */ #define PF_KSWAPD 0x00020000 /* I am kswapd */ #define PF_MEMALLOC_NOFS 0x00040000 /* All allocations inherit GFP_NOFS. See memalloc_nfs_save() */ #define PF_MEMALLOC_NOIO 0x00080000 /* All allocations inherit GFP_NOIO. See memalloc_noio_save() */ --- a/mm/compaction.c~nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd +++ a/mm/compaction.c @@ -3181,6 +3181,7 @@ static int kcompactd(void *p) long default_timeout = msecs_to_jiffies(HPAGE_FRAG_CHECK_INTERVAL_MSEC); long timeout = default_timeout; + tsk->flags | PF_KCOMPACTD; set_freezable(); pgdat->kcompactd_max_order = 0; @@ -3237,6 +3238,8 @@ static int kcompactd(void *p) pgdat->proactive_compact_trigger = false; } + tsk->flags &= ~PF_KCOMPACTD; + return 0; } _ Patches currently in -mm which might be from snitzer(a)kernel.org are nfs-fix-nfs_release_folio-to-not-call-nfs_wb_folio-from-kcompactd.patch

5 months

2
1
0 0

[PATCH v2 RESEND] phy: Fix error handling in tegra_xusb_port_init

by Ma Ke

If device_add() fails, do not use device_unregister() for error handling. device_unregister() consists two functions: device_del() and put_device(). device_unregister() should only be called after device_add() succeeded because device_del() undoes what device_add() does if successful. Change device_unregister() to put_device() call before returning from the function. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 53d2a715c240 ("phy: Add Tegra XUSB pad controller support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the bug description as suggestions. --- drivers/phy/tegra/xusb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 79d4814d758d..c89df95aa6ca 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -548,16 +548,16 @@ static int tegra_xusb_port_init(struct tegra_xusb_port *port, err = dev_set_name(&port->dev, "%s-%u", name, index); if (err < 0) - goto unregister; + goto put_device; err = device_add(&port->dev); if (err < 0) - goto unregister; + goto put_device; return 0; -unregister: - device_unregister(&port->dev); +put_device: + put_device(&port->dev); return err; } -- 2.25.1

5 months

1
0
0 0

[PATCH v5 RESEND] [ARM] fix reference leak in locomo_init_one_child()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - modified the bug description as suggestions; Changes in v4: - deleted the redundant initialization; Changes in v3: - modified the patch as suggestions; Changes in v2: - modified the patch as suggestions. --- arch/arm/common/locomo.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c index cb6ef449b987..45106066a17f 100644 --- a/arch/arm/common/locomo.c +++ b/arch/arm/common/locomo.c @@ -223,10 +223,8 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) int ret; dev = kzalloc(sizeof(struct locomo_dev), GFP_KERNEL); - if (!dev) { - ret = -ENOMEM; - goto out; - } + if (!dev) + return -ENOMEM; /* * If the parent device has a DMA mask associated with it, @@ -254,10 +252,9 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) NO_IRQ : lchip->irq_base + info->irq[0]; ret = device_register(&dev->dev); - if (ret) { - out: - kfree(dev); - } + if (ret) + put_device(&dev->dev); + return ret; } -- 2.25.1

5 months

1
0
0 0

[PATCH v2] Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()

by Haoxiang Li

Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. Fixes: ba17bb62ce41 ("Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected()") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - modify the title description. --- net/bluetooth/mgmt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index f53304cb09db..3e0f88cd975c 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -10413,6 +10413,8 @@ void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0)); + if (!skb) + return; ev = skb_put(skb, sizeof(*ev)); bacpy(&ev->addr.bdaddr, bdaddr); -- 2.25.1

5 months

2
1
0 0

[PATCH] dlm: fix lkb timeout scanning lookup

by Alexander Aring

If a lkb is timed out when dlm_scan_timeout() kicks in and removes a timed out lkb from ls->ls_timeout list the next iteration can end in timeout the same lkb again that shouldn't happen. Since commit dc1acd5c9469 ("dlm: replace usage of found with dedicated list iterator variable") we don't set the lkb variable before the inner lookup loop to NULL. The outer loop will not stop and checks if there was a successful lookup with the lkb pointer of the last iteration that wasn't set to NULL. To stop this behavior we use the old condition "!do_cancel && !do_warn" which signals if there was a successful lookup and the lkb variable should be set with the lkb that was looked up to be timed out. If the condition is false there is no timed out lkb in ls->ls_timeout and the outer loop stops. Cc: stable(a)vger.kernel.org Reported-by: Marc Smith <msmith626(a)gmail.com> Fixes: dc1acd5c9469 ("dlm: replace usage of found with dedicated list iterator variable") Signed-off-by: Alexander Aring <aahringo(a)redhat.com> --- fs/dlm/lock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index 226822f49d30..1ff842be5891 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -1919,7 +1919,7 @@ void dlm_scan_timeout(struct dlm_ls *ls) } mutex_unlock(&ls->ls_timeout_mutex); - if (!lkb) + if (!do_cancel && !do_warn) break; r = lkb->lkb_resource; -- 2.43.0

5 months, 1 week

1
0
0 0

[PATCH] perf: Add RCU read lock protection to perf_iterate_ctx()

by Breno Leitao

The perf_iterate_ctx() function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y: WARNING: suspicious RCU usage kernel/events/core.c:8168 RCU-list traversed in non-reader section!! Call Trace: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_iterate_ctx perf_event_exec begin_new_exec ? load_elf_phdrs load_elf_binary ? lock_acquire ? find_held_lock ? bprm_execve bprm_execve do_execveat_common.isra.0 __x64_sys_execve do_syscall_64 entry_SYSCALL_64_after_hwframe This protection was previously present but was removed in commit bd2756811766 ("perf: Rewrite core context handling"). Add back the necessary rcu_read_lock()/rcu_read_unlock() pair around perf_iterate_ctx() call in perf_event_exec(). CC: stable(a)vger.kernel.org Fixes: bd2756811766 ("perf: Rewrite core context handling") Signed-off-by: Breno Leitao <leitao(a)debian.org> --- kernel/events/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/events/core.c b/kernel/events/core.c index 065f9188b44a0d8ee66cc76314ae247dbe45cb57..e2adb06f8d81307b2762375474bee1c9e8a74598 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -8277,7 +8277,9 @@ void perf_event_exec(void) perf_event_enable_on_exec(ctx); perf_event_remove_on_exec(ctx); + rcu_read_lock(); perf_iterate_ctx(ctx, perf_event_addr_filters_exec, NULL, true); + rcu_read_unlock(); perf_unpin_context(ctx); put_ctx(ctx); --- base-commit: dbb0aea70ce4b85915a52d7adf9af57bd80f330a change-id: 20250117-fix_perf_rcu-2ff93190950a Best regards, -- Breno Leitao <leitao(a)debian.org>

5 months, 1 week

3
2
0 0

[PATCH] iommu/vt-d: Remove device comparison in context_setup_pass_through_cb

by Jerry Snitselaar

Remove the device comparison check in context_setup_pass_through_cb. pci_for_each_dma_alias already makes a decision on whether the callback function should be called for a device. With the check in place it will fail to create context entries for aliases as it walks up to the root bus. Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") Closes: https://lore.kernel.org/linux-iommu/82499eb6-00b7-4f83-879a-e97b4144f576@li… Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Jerry Snitselaar <jsnitsel(a)redhat.com> --- drivers/iommu/intel/iommu.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index cc46098f875b..4d8d4593c9c8 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -4378,9 +4378,6 @@ static int context_setup_pass_through_cb(struct pci_dev *pdev, u16 alias, void * { struct device *dev = data; - if (dev != &pdev->dev) - return 0; - return context_setup_pass_through(dev, PCI_BUS_NUM(alias), alias & 0xff); } -- 2.44.0

5 months, 1 week

1
0
0 0

[PATCH AUTOSEL 6.12 01/28] bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic

by Sasha Levin

From: Andrii Nakryiko <andrii(a)kernel.org> [ Upstream commit 98671a0fd1f14e4a518ee06b19037c20014900eb ] For all BPF maps we ensure that VM_MAYWRITE is cleared when memory-mapping BPF map contents as initially read-only VMA. This is because in some cases BPF verifier relies on the underlying data to not be modified afterwards by user space, so once something is mapped read-only, it shouldn't be re-mmap'ed as read-write. As such, it's not necessary to check VM_MAYWRITE in bpf_map_mmap() and map->ops->map_mmap() callbacks: VM_WRITE should be consistently set for read-write mappings, and if VM_WRITE is not set, there is no way for user space to upgrade read-only mapping to read-write one. This patch cleans up this VM_WRITE vs VM_MAYWRITE handling within bpf_map_mmap(), which is an entry point for any BPF map mmap()-ing logic. We also drop unnecessary sanitization of VM_MAYWRITE in BPF ringbuf's map_mmap() callback implementation, as it is already performed by common code in bpf_map_mmap(). Note, though, that in bpf_map_mmap_{open,close}() callbacks we can't drop VM_MAYWRITE use, because it's possible (and is outside of subsystem's control) to have initially read-write memory mapping, which is subsequently dropped to read-only by user space through mprotect(). In such case, from BPF verifier POV it's read-write data throughout the lifetime of BPF map, and is counted as "active writer". But its VMAs will start out as VM_WRITE|VM_MAYWRITE, then mprotect() can change it to just VM_MAYWRITE (and no VM_WRITE), so when its finally munmap()'ed and bpf_map_mmap_close() is called, vm_flags will be just VM_MAYWRITE, but we still need to decrement active writer count with bpf_map_write_active_dec() as it's still considered to be a read-write mapping by the rest of BPF subsystem. Similar reasoning applies to bpf_map_mmap_open(), which is called whenever mmap(), munmap(), and/or mprotect() forces mm subsystem to split original VMA into multiple discontiguous VMAs. Memory-mapping handling is a bit tricky, yes. Cc: Jann Horn <jannh(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20250129012246.1515826-1-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/ringbuf.c | 4 ---- kernel/bpf/syscall.c | 10 ++++++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index e1cfe890e0be6..1499d8caa9a35 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -268,8 +268,6 @@ static int ringbuf_map_mmap_kern(struct bpf_map *map, struct vm_area_struct *vma /* allow writable mapping for the consumer_pos only */ if (vma->vm_pgoff != 0 || vma->vm_end - vma->vm_start != PAGE_SIZE) return -EPERM; - } else { - vm_flags_clear(vma, VM_MAYWRITE); } /* remap_vmalloc_range() checks size and offset constraints */ return remap_vmalloc_range(vma, rb_map->rb, @@ -289,8 +287,6 @@ static int ringbuf_map_mmap_user(struct bpf_map *map, struct vm_area_struct *vma * position, and the ring buffer data itself. */ return -EPERM; - } else { - vm_flags_clear(vma, VM_MAYWRITE); } /* remap_vmalloc_range() checks size and offset constraints */ return remap_vmalloc_range(vma, rb_map->rb, vma->vm_pgoff + RINGBUF_PGOFF); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 368ae8d231d41..fa43f26ce0dac 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -966,15 +966,21 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) vma->vm_ops = &bpf_map_default_vmops; vma->vm_private_data = map; vm_flags_clear(vma, VM_MAYEXEC); + /* If mapping is read-only, then disallow potentially re-mapping with + * PROT_WRITE by dropping VM_MAYWRITE flag. This VM_MAYWRITE clearing + * means that as far as BPF map's memory-mapped VMAs are concerned, + * VM_WRITE and VM_MAYWRITE and equivalent, if one of them is set, + * both should be set, so we can forget about VM_MAYWRITE and always + * check just VM_WRITE + */ if (!(vma->vm_flags & VM_WRITE)) - /* disallow re-mapping with PROT_WRITE */ vm_flags_clear(vma, VM_MAYWRITE); err = map->ops->map_mmap(map, vma); if (err) goto out; - if (vma->vm_flags & VM_MAYWRITE) + if (vma->vm_flags & VM_WRITE) bpf_map_write_active_inc(map); out: mutex_unlock(&map->freeze_mutex); -- 2.39.5

5 months, 1 week

2
28
0 0

[PATCH] mtd: Fix potential UAF for mtdswap_dev pointers

by Ma Ke

In the mtdswap_init(), if the allocations fail, the error handling path frees d->page_buf, d->eb_data, d->revmap and d->page_data without setting these pointers to NULL. This could lead to UAF if subsequent error handling or device reset operations attempt to release these pointers again. Set d->page_buf, d->eb_data, d->revmap and d->page_data to NULL immediately after freeing them to prevent misuse. Release immediately and set to NULL, adhering to the 'release implies invalid' defensive programming principle. Found by code review. Cc: stable(a)vger.kernel.org Fixes: a32159024620 ("mtd: Add mtdswap block driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/mtd/mtdswap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/mtd/mtdswap.c b/drivers/mtd/mtdswap.c index 680366616da2..b315dab2a914 100644 --- a/drivers/mtd/mtdswap.c +++ b/drivers/mtd/mtdswap.c @@ -1318,12 +1318,16 @@ static int mtdswap_init(struct mtdswap_dev *d, unsigned int eblocks, oob_buf_fail: kfree(d->page_buf); + d->page_buf = NULL; page_buf_fail: vfree(d->eb_data); + d->eb_data = NULL; eb_data_fail: vfree(d->revmap); + d->revmap = NULL; revmap_fail: vfree(d->page_data); + d->page_data = NULL; page_data_fail: printk(KERN_ERR "%s: init failed (%d)\n", MTDSWAP_PREFIX, ret); return ret; -- 2.25.1

5 months, 1 week

2
1
0 0

Re: [PATCH 6.13 000/138] 6.13.5-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

5 months, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2025