- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 604120fd9e9df50ee0e803d3c6e77a1f45d2c58e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021013-rearrange-cavalry-69c3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 604120fd9e9df50ee0e803d3c6e77a1f45d2c58e Mon Sep 17 00:00:00 2001 From: Sumit Gupta <sumitg(a)nvidia.com> Date: Wed, 18 Dec 2024 00:07:36 +0000 Subject: [PATCH] arm64: tegra: Fix typo in Tegra234 dce-fabric compatible The compatible string for the Tegra DCE fabric is currently defined as 'nvidia,tegra234-sce-fabric' but this is incorrect because this is the compatible string for SCE fabric. Update the compatible for the DCE fabric to correct the compatible string. This compatible needs to be correct in order for the interconnect to catch things such as improper data accesses. Cc: stable(a)vger.kernel.org Fixes: 302e154000ec ("arm64: tegra: Add node for CBB 2.0 on Tegra234") Signed-off-by: Sumit Gupta <sumitg(a)nvidia.com> Signed-off-by: Ivy Huang <yijuh(a)nvidia.com> Reviewed-by: Brad Griffis <bgriffis(a)nvidia.com> Reviewed-by: Jon Hunter <jonathanh(a)nvidia.com> Link: https://lore.kernel.org/r/20241218000737.1789569-2-yijuh@nvidia.com Signed-off-by: Thierry Reding <treding(a)nvidia.com> diff --git a/arch/arm64/boot/dts/nvidia/tegra234.dtsi b/arch/arm64/boot/dts/nvidia/tegra234.dtsi index 570331baa09e..62b9f1784030 100644 --- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi @@ -3995,7 +3995,7 @@ bpmp-fabric@d600000 { }; dce-fabric@de00000 { - compatible = "nvidia,tegra234-sce-fabric"; + compatible = "nvidia,tegra234-dce-fabric"; reg = <0x0 0xde00000 0x0 0x40000>; interrupts = <GIC_SPI 381 IRQ_TYPE_LEVEL_HIGH>; status = "okay";

2 minutes

2
1
0 0

[PATCH v2 0/8] KVM: arm64: FPSIMD/SVE/SME fixes

by Mark Rutland

These patches fix some issues with the way KVM manages FPSIMD/SVE/SME state. The series supersedes my earlier attempt at fixing the host SVE state corruption issue: https://lore.kernel.org/linux-arm-kernel/20250121100026.3974971-1-mark.rutl… Patch 1 addresses the host SVE state corruption issue by always saving and unbinding the host state when loading a vCPU, as discussed on the earlier patch: https://lore.kernel.org/linux-arm-kernel/Z4--YuG5SWrP_pW7@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/86plkful48.wl-maz@kernel.org/ Patches 2 to 4 remove code made redundant by patch 1. These probably warrant backporting along with patch 1 as there is some historical brokenness in the code they remove. Patches 5 to 7 are preparatory refactoring for patch 8, and are not intended to have any functional impact. Patch 8 addresses some mismanagement of ZCR_EL{1,2} which can result in the host VMM unexpectedly receiving a SIGKILL. To fix this, we eagerly switch ZCR_EL{1,2} at guest<->host transitions, as discussed on another series: https://lore.kernel.org/linux-arm-kernel/Z4pAMaEYvdLpmbg2@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/86o6zzukwr.wl-maz@kernel.org/ https://lore.kernel.org/linux-arm-kernel/Z5Dc-WMu2azhTuMn@J2N7QTR9R3/ The end result is that KVM loses ~100 lines of code, and becomes a bit simpler to reason about. I've pushed these patches to the arm64-kvm-fpsimd-fixes-20250206 tag on my kernel.org repo: https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/ git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git The (unstable) arm64/kvm/fpsimd-fixes branch in that repo contains the fixes plus additional debug patches I've used for testing. I've given this some basic testing on a virtual platform, booting a host and a guest with and without constraining the guest's max SVE VL, with: * kvm_arm.mode=vhe * kvm_arm.mode=nvhe * kvm_arm.mode=protected (IIUC this will default to hVHE) Since v1 [1]: * Address some additional compiler warnings in patch 7 * Use ZCR_EL1 alias in VHE code * Fold in Tested-by and Reviewed-by tags * Fix typos [1] https://lore.kernel.org/linux-arm-kernel/20250204152100.705610-1-mark.rutla… Mark. Mark Rutland (8): KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN KVM: arm64: Refactor CPTR trap deactivation KVM: arm64: Refactor exit handlers KVM: arm64: Mark some header functions as inline KVM: arm64: Eagerly switch ZCR_EL{1,2} arch/arm64/include/asm/kvm_emulate.h | 42 -------- arch/arm64/include/asm/kvm_host.h | 22 +---- arch/arm64/kernel/fpsimd.c | 25 ----- arch/arm64/kvm/arm.c | 8 -- arch/arm64/kvm/fpsimd.c | 100 ++----------------- arch/arm64/kvm/hyp/include/hyp/switch.h | 125 +++++++++++++++++------- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 15 ++- arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++++++++--------- arch/arm64/kvm/hyp/vhe/switch.c | 33 ++++--- 9 files changed, 174 insertions(+), 287 deletions(-) -- 2.30.2

2 minutes

4
28
0 0

[PATCH v3 0/8] KVM: arm64: FPSIMD/SVE/SME fixes

by Mark Rutland

These patches fix some issues with the way KVM manages FPSIMD/SVE/SME state. The series supersedes my earlier attempt at fixing the host SVE state corruption issue: https://lore.kernel.org/linux-arm-kernel/20250121100026.3974971-1-mark.rutl… Patch 1 addresses the host SVE state corruption issue by always saving and unbinding the host state when loading a vCPU, as discussed on the earlier patch: https://lore.kernel.org/linux-arm-kernel/Z4--YuG5SWrP_pW7@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/86plkful48.wl-maz@kernel.org/ Patches 2 to 4 remove code made redundant by patch 1. These probably warrant backporting along with patch 1 as there is some historical brokenness in the code they remove. Patches 5 to 7 are preparatory refactoring for patch 8, and are not intended to have any functional impact. Patch 8 addresses some mismanagement of ZCR_EL{1,2} which can result in the host VMM unexpectedly receiving a SIGKILL. To fix this, we eagerly switch ZCR_EL{1,2} at guest<->host transitions, as discussed on another series: https://lore.kernel.org/linux-arm-kernel/Z4pAMaEYvdLpmbg2@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/86o6zzukwr.wl-maz@kernel.org/ https://lore.kernel.org/linux-arm-kernel/Z5Dc-WMu2azhTuMn@J2N7QTR9R3/ The end result is that KVM loses ~100 lines of code, and becomes a bit simpler to reason about. I've pushed these patches to the arm64-kvm-fpsimd-fixes-20250210 tag on my kernel.org repo: https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/ git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git The (unstable) arm64/kvm/fpsimd-fixes branch in that repo contains the fixes plus additional debug patches I've used for testing. I've given this some basic testing on a virtual platform, booting a host and a guest with and without constraining the guest's max SVE VL, with: * kvm_arm.mode=vhe * kvm_arm.mode=nvhe * kvm_arm.mode=protected (IIUC this will default to hVHE) Since v1 [1]: * Address some additional compiler warnings in patch 7 * Use ZCR_EL1 alias in VHE code * Fold in Tested-by and Reviewed-by tags * Fix typos Since v2 [2]: * Ensure context synchronization in patch 8 * Fold in Tested-by and Reviewed-by tags * Fix typos [1] https://lore.kernel.org/linux-arm-kernel/20250204152100.705610-1-mark.rutla… [2] https://lore.kernel.org/linux-arm-kernel/20250206141102.954688-1-mark.rutla… Mark. Mark Rutland (8): KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN KVM: arm64: Refactor CPTR trap deactivation KVM: arm64: Refactor exit handlers KVM: arm64: Mark some header functions as inline KVM: arm64: Eagerly switch ZCR_EL{1,2} arch/arm64/include/asm/kvm_emulate.h | 42 -------- arch/arm64/include/asm/kvm_host.h | 22 +--- arch/arm64/kernel/fpsimd.c | 25 ----- arch/arm64/kvm/arm.c | 8 -- arch/arm64/kvm/fpsimd.c | 100 ++---------------- arch/arm64/kvm/hyp/entry.S | 5 + arch/arm64/kvm/hyp/include/hyp/switch.h | 133 +++++++++++++++++------- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 15 ++- arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++++++++-------- arch/arm64/kvm/hyp/vhe/switch.c | 33 +++--- 10 files changed, 187 insertions(+), 287 deletions(-) -- 2.30.2

13 minutes

1
8
0 0

[PATCH 1/5] ovl: don't allow datadir only

by Miklos Szeredi

In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feture, but without actually handling this case, resuting in an Oops. Fix by disallowing datadir without lowerdir. Reported-by: Giuseppe Scrivano <gscrivan(a)redhat.com> Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one") Cc: <stable(a)vger.kernel.org> # v6.7 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> --- fs/overlayfs/super.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 86ae6f6da36b..b11094acdd8f 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1137,6 +1137,11 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, return ERR_PTR(-EINVAL); } + if (ctx->nr == ctx->nr_data) { + pr_err("at least one non-data lowerdir is required\n"); + return ERR_PTR(-EINVAL); + } + err = -EINVAL; for (i = 0; i < ctx->nr; i++) { l = &ctx->lower[i]; -- 2.48.1

20 minutes

1
0
0 0

Linux 6.12.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.11 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/include/asm/special_insns.h | 2 arch/x86/kernel/fred.c | 8 drivers/acpi/resource.c | 6 drivers/block/zram/zram_drv.c | 1 drivers/cpufreq/Kconfig | 4 drivers/cpuidle/governors/teo.c | 91 +-- drivers/firmware/efi/Kconfig | 4 drivers/firmware/efi/libstub/Makefile.zboot | 18 drivers/gpio/gpio-sim.c | 48 + drivers/gpio/gpio-virtuser.c | 47 + drivers/gpio/gpio-xilinx.c | 32 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_fw_attestation.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 41 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 25 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 35 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 3 drivers/gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 11 drivers/gpu/drm/i915/display/intel_fb.c | 2 drivers/gpu/drm/nouveau/nouveau_fence.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/mcp77.c | 1 drivers/gpu/drm/tests/drm_kunit_helpers.c | 3 drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 20 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 5 drivers/gpu/drm/xe/xe_hw_engine.c | 2 drivers/gpu/drm/xe/xe_oa.c | 1 drivers/hwmon/ltc2991.c | 2 drivers/hwmon/tmp513.c | 7 drivers/i2c/busses/i2c-rcar.c | 20 drivers/i2c/i2c-atr.c | 2 drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 19 drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/irqchip/irqchip.c | 4 drivers/mtd/spi-nor/core.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 25 drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 7 drivers/net/ethernet/freescale/fec_main.c | 19 drivers/net/ethernet/intel/ice/ice.h | 5 drivers/net/ethernet/intel/ice/ice_adapter.c | 6 drivers/net/ethernet/intel/ice/ice_adapter.h | 22 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 drivers/net/ethernet/intel/ice/ice_common.c | 51 + drivers/net/ethernet/intel/ice/ice_common.h | 1 drivers/net/ethernet/intel/ice/ice_main.c | 6 drivers/net/ethernet/intel/ice/ice_ptp.c | 165 +++-- drivers/net/ethernet/intel/ice/ice_ptp.h | 9 drivers/net/ethernet/intel/ice/ice_ptp_consts.h | 2 drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 285 +++++----- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 5 drivers/net/ethernet/intel/ice/ice_type.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 22 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 12 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 11 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 drivers/net/ethernet/mellanox/mlx5/core/sf/devlink.c | 1 drivers/net/ethernet/mellanox/mlx5/core/wc.c | 24 drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/renesas/ravb_main.c | 1 drivers/net/ethernet/ti/cpsw_ale.c | 14 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/gtp.c | 26 drivers/net/pfcp.c | 15 drivers/nvme/target/io-cmd-bdev.c | 2 drivers/platform/x86/dell/dell-uart-backlight.c | 5 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/platform/x86/intel/tpmi_power_domains.c | 1 drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 5 drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 2 drivers/reset/reset-rzg2l-usbphy-ctrl.c | 1 drivers/ufs/core/ufshcd.c | 9 fs/afs/addr_prefs.c | 6 fs/btrfs/volumes.c | 4 fs/cachefiles/daemon.c | 14 fs/cachefiles/internal.h | 3 fs/cachefiles/security.c | 6 fs/file.c | 1 fs/hfs/super.c | 4 fs/iomap/buffered-io.c | 2 fs/netfs/read_collect.c | 9 fs/proc/vmcore.c | 2 fs/qnx6/inode.c | 11 fs/smb/client/connect.c | 3 include/linux/hrtimer.h | 1 include/linux/poll.h | 10 include/linux/pruss_driver.h | 12 include/linux/userfaultfd_k.h | 12 include/net/page_pool/helpers.h | 2 include/trace/events/mmflags.h | 63 ++ kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/sched/ext.c | 11 kernel/sched/fair.c | 6 kernel/time/hrtimer.c | 11 kernel/time/timer_migration.c | 43 + mm/filemap.c | 2 mm/huge_memory.c | 12 mm/hugetlb.c | 14 mm/kmemleak.c | 2 mm/mremap.c | 32 + mm/vmscan.c | 3 net/core/filter.c | 30 - net/core/netdev-genl-gen.c | 14 net/core/pktgen.c | 6 net/mac802154/iface.c | 4 net/mptcp/options.c | 6 net/mptcp/protocol.h | 9 net/ncsi/internal.h | 2 net/ncsi/ncsi-manage.c | 16 net/ncsi/ncsi-rsp.c | 19 net/openvswitch/actions.c | 4 net/vmw_vsock/af_vsock.c | 18 net/vmw_vsock/virtio_transport_common.c | 36 - net/vmw_vsock/vsock_bpf.c | 9 security/apparmor/policy.c | 1 sound/pci/hda/patch_realtek.c | 3 tools/net/ynl/ynl-gen-c.py | 16 tools/testing/selftests/mm/cow.c | 8 tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 + tools/testing/selftests/sched_ext/ddsp_bogus_dsq_fail.bpf.c | 2 tools/testing/selftests/sched_ext/ddsp_vtimelocal_fail.bpf.c | 4 tools/testing/selftests/sched_ext/dsp_local_on.bpf.c | 7 tools/testing/selftests/sched_ext/dsp_local_on.c | 5 tools/testing/selftests/sched_ext/enq_select_cpu_fails.bpf.c | 2 tools/testing/selftests/sched_ext/exit.bpf.c | 4 tools/testing/selftests/sched_ext/maximal.bpf.c | 8 tools/testing/selftests/sched_ext/select_cpu_dfl.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dfl_nodispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_bad_dsq.bpf.c | 2 tools/testing/selftests/sched_ext/select_cpu_dispatch_dbl_dsp.bpf.c | 4 tools/testing/selftests/sched_ext/select_cpu_vtime.bpf.c | 8 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 tools/testing/shared/linux/maple_tree.h | 2 tools/testing/vma/linux/atomic.h | 2 157 files changed, 1324 insertions(+), 636 deletions(-) Alex Deucher (1): drm/amdgpu/smu13: update powersave optimizations Ard Biesheuvel (1): efi/zboot: Limit compression options to GZIP and ZSTD Artem Chernyshev (1): pktgen: Avoid out-of-bounds access in get_imix_entries Ashutosh Dixit (1): drm/xe/oa: Add missing VISACTL mux registers Brahmajit Das (1): fs/qnx6: Fix building with GCC 15 Chenyuan Yang (2): platform/x86: dell-uart-backlight: fix serdev race platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race Chris Mi (1): net/mlx5: SF, Fix add port error handling Christian König (1): drm/amdgpu: always sync the GFX pipe on ctx switch Claudiu Beznea (1): reset: rzg2l-usbphy-ctrl: Assign proper of node to the allocated device Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Dave Airlie (1): nouveau/fence: handle cross device fences properly David Howells (2): kheaders: Ignore silly-rename files netfs: Fix non-contiguous donation between completed reads David Lechner (2): hwmon: (tmp513) Fix division of negative numbers hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST David Vernet (1): scx: Fix maximal BPF selftest prog Donet Tom (1): mm: vmscan : pgdemote vmstat is not getting updated when MGLRU is enabled. Frederic Weisbecker (2): timers/migration: Fix another race between hotplug and idle entry/exit timers/migration: Enforce group initialization visibility to tree walkers Greg Kroah-Hartman (1): Linux 6.12.11 Gui Chengming (1): drm/amdgpu: fix fw attestation for MP0_14_0_{2/3} Guo Weikang (1): mm/kmemleak: fix percpu memory leak detection failure Hans de Goede (1): ACPI: resource: acpi_dev_irq_override(): Check DMI match last Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Henry Huang (1): sched_ext: keep running prev when prev->scx.slice != 0 Hongguang Gao (1): RDMA/bnxt_re: Fix to export port num to ib_query_qp Ian Forbes (2): drm/vmwgfx: Unreserve BO on error drm/vmwgfx: Add new keep_resv BO param Ihor Solodrai (1): selftests/sched_ext: fix build after renames in sched_ext API Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (3): eth: bnxt: always recalculate features after XDP clearing, fix null-deref netdev: avoid CFI problems with sock priv helpers selftests: tc-testing: reduce rshift value Joe Hattori (2): i2c: core: fix reference leak in i2c_register_adapter() irqchip: Plug a OF node reference leak in platform_irqchip_probe() Juergen Gross (1): x86/asm: Make serialize() always_inline Kairui Song (1): zram: fix potential UAF of zram table Karol Kolacinski (4): ice: Fix E825 initialization ice: Fix quad registers read on E825 ice: Fix ETH56G FC-FEC Rx offset value ice: Add correct PHY lane assignment Kenneth Feng (1): drm/amdgpu: disable gfxoff with the compute workload on gfx12 Kevin Groeneveld (1): net: fec: handle page_pool_dev_alloc_pages error Koichiro Den (3): gpio: virtuser: lock up configfs that an instantiated device depends on gpio: sim: lock up configfs that an instantiated device depends on hrtimers: Handle CPU state correctly on hotplug Kuniyuki Iwashima (3): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. pfcp: Destroy device along with udp socket's netns dismantle. Leo Li (2): drm/amd/display: Do not elevate mem_type change to full update drm/amd/display: Do not wait for PSR disable on vbl enable Leo Stone (1): hfs: Sanity check the root record Leon Romanovsky (3): net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel net/mlx5e: Rely on reqid in IPsec tunnel mode net/mlx5e: Always start IPsec sequence number from 1 Lizhi Xu (2): mac802154: check local interfaces before deleting sdata list afs: Fix merge preference rule failure condition Luis Chamberlain (1): nvmet: propagate npwg topology Luke D. Jones (2): ALSA: hda/realtek: fixup ASUS GA605W ALSA: hda/realtek: fixup ASUS H7606W MD Danish Anwar (1): soc: ti: pruss: Fix pruss APIs Manivannan Sadhasivam (1): scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Marco Nelissen (2): iomap: avoid avoid truncating 64-bit offset to 32 bits filemap: avoid truncating 64-bit offset to 32 bits Mark Zhang (1): net/mlx5: Clear port select structure when fail to create Matthew Brost (1): drm/xe: Mark ComputeCS read mode as UC on iGPU Max Kellermann (1): cachefiles: Parse the "secctx" immediately Maíra Canal (1): drm/v3d: Ensure job pointer is set to NULL after job completion Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Nicholas Susanto (1): Revert "drm/amd/display: Enable urgent latency adjustments for DCN35" Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Paolo Abeni (3): mptcp: be sure to send ack when mptcp-level window re-opens mptcp: fix spurious wake-up on under memory pressure selftests: mptcp: avoid spurious errors on disconnect Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Paul Barker (1): net: ravb: Fix max TX frame size for RZ/V2M Paul Fertser (1): net/ncsi: fix locking in Get MAC Address handling Paulo Alcantara (1): smb: client: fix double free of TCP_Server_Info::hostname Pavel Begunkov (1): net: make page_pool_ref_netmem work with net iovs Peter Zijlstra (1): sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE Pratyush Yadav (1): Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Qu Wenruo (1): btrfs: add the missing error handling inside get_canonical_dev_path Rafael J. Wysocki (1): cpuidle: teo: Update documentation after previous changes Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Ryan Lee (1): apparmor: allocate xmatch for nullpdb inside aa_alloc_null Ryan Roberts (2): selftests/mm: set allocated memory to non-zero content in cow test mm: clear uffd-wp PTE/PMD state on mremap() Sean Anderson (2): net: xilinx: axienet: Fix IRQ coalescing packet count overflow gpio: xilinx: Convert gpio_lock to raw spinlock Sergey Temerkhanov (3): ice: Introduce ice_get_phy_model() wrapper ice: Add ice_get_ctrl_ptp() wrapper to simplify the code ice: Use ice_adapter for PTP shared data instead of auxdev Srinivas Pandruvada (2): platform/x86/intel: power-domains: Add Clearwater Forest support platform/x86: ISST: Add Clearwater Forest to support list Stefan Binding (1): ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Stefano Garzarella (5): vsock/bpf: return early if transport is not assigned vsock/virtio: discard packets if the transport changes vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Steven Rostedt (1): tracing: gfp: Fix the GFP enum values shown for user space tracing tools Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Suren Baghdasaryan (1): tools: fix atomic_set() definition to set the value correctly Takashi Iwai (1): drm/nouveau/disp: Fix missing backlight control on Macbook 5,1 Tejun Heo (1): sched_ext: Fix dsq_local_on selftest Tom Chung (2): drm/amd/display: Fix PSR-SU not support but still call the amdgpu_dm_psr_enable drm/amd/display: Disable replay and psr while VRR is enabled Tomas Krcka (1): irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() Tomi Valkeinen (1): i2c: atr: Fix client detach Ville Syrjälä (1): drm/i915/fb: Relax clear color alignment to 64 bytes Viresh Kumar (1): cpufreq: Move endif to the end of Kconfig file Wayne Lin (1): drm/amd/display: Validate mdoe under MST LCT=1 case as well Wolfram Sang (3): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target i2c: testunit: on errors, repeat NACK until STOP Xiaolei Wang (1): pmdomain: imx8mp-blk-ctrl: add missing loop break condition Xin Li (Intel) (1): x86/fred: Fix the FRED RSP0 MSR out of sync with its per-CPU cache Yishai Hadas (1): net/mlx5: Fix a lockdep warning as part of the write combining test Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Yu-Chun Lin (1): drm/tests: helpers: Fix compiler warning Zhang Kunbo (1): fs: fix missing declaration of init_files

22 minutes

2
2
0 0

[PATCH v2 02/17] mm/rmap: reject hugetlb folios in folio_make_device_exclusive()

by David Hildenbrand

Even though FOLL_SPLIT_PMD on hugetlb now always fails with -EOPNOTSUPP, let's add a safety net in case FOLL_SPLIT_PMD usage would ever be reworked. In particular, before commit 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code"), GUP(FOLL_SPLIT_PMD) would just have returned a page. In particular, hugetlb folios that are not PMD-sized would never have been prone to FOLL_SPLIT_PMD. hugetlb folios can be anonymous, and page_make_device_exclusive_one() is not really prepared for handling them at all. So let's spell that out. Fixes: b756a3b5e7ea ("mm: device exclusive memory access") Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/rmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/rmap.c b/mm/rmap.c index c6c4d4ea29a7e..17fbfa61f7efb 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -2499,7 +2499,7 @@ static bool folio_make_device_exclusive(struct folio *folio, * Restrict to anonymous folios for now to avoid potential writeback * issues. */ - if (!folio_test_anon(folio)) + if (!folio_test_anon(folio) || folio_test_hugetlb(folio)) return false; rmap_walk(folio, &rwc); -- 2.48.1

28 minutes

1
0
0 0

[PATCH v2 01/17] mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs

by David Hildenbrand

We only have two FOLL_SPLIT_PMD users. While uprobe refuses hugetlb early, make_device_exclusive_range() can end up getting called on hugetlb VMAs. Right now, this means that with a PMD-sized hugetlb page, we can end up calling split_huge_pmd(), because pmd_trans_huge() also succeeds with hugetlb PMDs. For example, using a modified hmm-test selftest one can trigger: [ 207.017134][T14945] ------------[ cut here ]------------ [ 207.018614][T14945] kernel BUG at mm/page_table_check.c:87! [ 207.019716][T14945] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 207.021072][T14945] CPU: 3 UID: 0 PID: ... [ 207.023036][T14945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 207.024834][T14945] RIP: 0010:page_table_check_clear.part.0+0x488/0x510 [ 207.026128][T14945] Code: ... [ 207.029965][T14945] RSP: 0018:ffffc9000cb8f348 EFLAGS: 00010293 [ 207.031139][T14945] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffffffff8249a0cd [ 207.032649][T14945] RDX: ffff88811e883c80 RSI: ffffffff8249a357 RDI: ffff88811e883c80 [ 207.034183][T14945] RBP: ffff888105c0a050 R08: 0000000000000005 R09: 0000000000000000 [ 207.035688][T14945] R10: 00000000ffffffff R11: 0000000000000003 R12: 0000000000000001 [ 207.037203][T14945] R13: 0000000000000200 R14: 0000000000000001 R15: dffffc0000000000 [ 207.038711][T14945] FS: 00007f2783275740(0000) GS:ffff8881f4980000(0000) knlGS:0000000000000000 [ 207.040407][T14945] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.041660][T14945] CR2: 00007f2782c00000 CR3: 0000000132356000 CR4: 0000000000750ef0 [ 207.043196][T14945] PKRU: 55555554 [ 207.043880][T14945] Call Trace: [ 207.044506][T14945] <TASK> [ 207.045086][T14945] ? __die+0x51/0x92 [ 207.045864][T14945] ? die+0x29/0x50 [ 207.046596][T14945] ? do_trap+0x250/0x320 [ 207.047430][T14945] ? do_error_trap+0xe7/0x220 [ 207.048346][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.049535][T14945] ? handle_invalid_op+0x34/0x40 [ 207.050494][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.051681][T14945] ? exc_invalid_op+0x2e/0x50 [ 207.052589][T14945] ? asm_exc_invalid_op+0x1a/0x20 [ 207.053596][T14945] ? page_table_check_clear.part.0+0x1fd/0x510 [ 207.054790][T14945] ? page_table_check_clear.part.0+0x487/0x510 [ 207.055993][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.057195][T14945] ? page_table_check_clear.part.0+0x487/0x510 [ 207.058384][T14945] __page_table_check_pmd_clear+0x34b/0x5a0 [ 207.059524][T14945] ? __pfx___page_table_check_pmd_clear+0x10/0x10 [ 207.060775][T14945] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 207.061940][T14945] ? __pfx___lock_acquire+0x10/0x10 [ 207.062967][T14945] pmdp_huge_clear_flush+0x279/0x360 [ 207.064024][T14945] split_huge_pmd_locked+0x82b/0x3750 ... Before commit 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code"), we would have ignored the flag; instead, let's simply refuse the combination completely in check_vma_flags(): the caller is likely not prepared to handle any hugetlb folios. We'll teach make_device_exclusive_range() separately to ignore any hugetlb folios as a future-proof safety net. Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/gup.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/gup.c b/mm/gup.c index 3883b307780ea..61e751baf862c 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -1283,6 +1283,9 @@ static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags) if ((gup_flags & FOLL_LONGTERM) && vma_is_fsdax(vma)) return -EOPNOTSUPP; + if ((gup_flags & FOLL_SPLIT_PMD) && is_vm_hugetlb_page(vma)) + return -EOPNOTSUPP; + if (vma_is_secretmem(vma)) return -EFAULT; -- 2.48.1

28 minutes

1
0
0 0

[PATCH 5.15] mm: call the security_mmap_file() LSM hook in remap_file_pages()

by Pratyush Yadav

From: Shu Han <ebpqwerty472123(a)gmail.com> commit ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 upstream. The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Pratyush Yadav <ptyadav(a)amazon.de> --- mm/mmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mmap.c b/mm/mmap.c index f8a2f15fc5a20..f774795c53bca 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3035,8 +3035,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm); -- 2.47.1

54 minutes

1
0
0 0

[PATCH 5.10] mm: call the security_mmap_file() LSM hook in remap_file_pages()

by Pratyush Yadav

From: Shu Han <ebpqwerty472123(a)gmail.com> commit ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 upstream. The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Pratyush Yadav <ptyadav(a)amazon.de> --- mm/mmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/mmap.c b/mm/mmap.c index 9f76625a1743..2c17eb840e44 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3078,8 +3078,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, } file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm); -- 2.47.1

54 minutes

1
0
0 0

[PATCH v2 Linux-6.12.y Linux-6.13.y 1/1] selftests/mm: build with -O2

by Yifei Liu

From: Kevin Brodsky <kevin.brodsky(a)arm.com> [ Upstream commit 46036188ea1f5266df23a6149dea0df1c77cd1c7 ] The mm kselftests are currently built with no optimisation (-O0). It's unclear why, and besides being obviously suboptimal, this also prevents the pkeys tests from working as intended. Let's build all the tests with -O2. [kevin.brodsky(a)arm.com: silence unused-result warnings] Link: https://lkml.kernel.org/r/20250107170110.2819685-1-kevin.brodsky@arm.com Link: https://lkml.kernel.org/r/20241209095019.1732120-6-kevin.brodsky@arm.com Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Joey Gouly <joey.gouly(a)arm.com> Cc: Keith Lucas <keith.lucas(a)oracle.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> (cherry picked from commit 46036188ea1f5266df23a6149dea0df1c77cd1c7) [Yifei: This commit also fix the failure of pkey_sighandler_tests_64, which is also in linux-6.12.y and linux-6.13.y, thus backport this commit] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/mm/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 02e1204971b0..c0138cb19705 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -33,9 +33,16 @@ endif # LDLIBS. MAKEFLAGS += --no-builtin-rules -CFLAGS = -Wall -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) +CFLAGS = -Wall -O2 -I $(top_srcdir) $(EXTRA_CFLAGS) $(KHDR_INCLUDES) $(TOOLS_INCLUDES) LDLIBS = -lrt -lpthread -lm +# Some distributions (such as Ubuntu) configure GCC so that _FORTIFY_SOURCE is +# automatically enabled at -O1 or above. This triggers various unused-result +# warnings where functions such as read() or write() are called and their +# return value is not checked. Disable _FORTIFY_SOURCE to silence those +# warnings. +CFLAGS += -U_FORTIFY_SOURCE + TEST_GEN_FILES = cow TEST_GEN_FILES += compaction_test TEST_GEN_FILES += gup_longterm -- 2.46.0

1 hour, 21 minutes

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror