- Linux-stable-mirror - lists.linaro.org

[REGRESSION] stable-rc/linux-6.13.y: (build) format specifies type 'unsigned long' but the argument has type 's...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.13.y: --- format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat] in drivers/gpu/drm/xe/xe_guc_ct.o (drivers/gpu/drm/xe/xe_guc_ct.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:654a7499ce48b09c6748b92c5ad90055057a67a1 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c025445840beab62deab3af5afa8429f63e8f186 Log excerpt: ===================================================== drivers/gpu/drm/xe/xe_guc_ct.c:1703:43: error: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat] 1703 | drm_printf(p, "[CTB].length: 0x%lx\n", snapshot->ctb_size); | ~~~ ^~~~~~~~~~~~~~~~~~ | %zx 1 error generated. ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67d98d1028b1441c081c5d19 #kernelci issue maestro:654a7499ce48b09c6748b92c5ad90055057a67a1 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) clang: error: linker command failed with exit code 1 (use -v to se...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- clang: error: linker command failed with exit code 1 (use -v to see invocation) in samples/seccomp/bpf-fancy (scripts/Makefile.host:116) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/i/maestro:9b282409ffe9399386349927812ed439dcc91837 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: bbf51067f14852464d75398076a963edbe1e5cc0 Log excerpt: ===================================================== .o Generating X.509 key generation config /usr/bin/ld: cannot find crtbeginS.o: No such file or directory /usr/bin/ld: cannot find -lgcc: No such file or directory /usr/bin/ld: cannot find -lgcc_s: No such file or directory clang: error: linker command failed with exit code 1 (use -v to see invocation) ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67d9892328b1441c081c5044 #kernelci issue maestro:9b282409ffe9399386349927812ed439dcc91837 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.13.y: (build) format specifies type 'unsigned long' but the argument has type 's...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.13.y: --- format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat] in drivers/gpu/drm/xe/xe_guc_ct.o (drivers/gpu/drm/xe/xe_guc_ct.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:654a7499ce48b09c6748b92c5ad90055057a67a1 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: c025445840beab62deab3af5afa8429f63e8f186 Log excerpt: ===================================================== drivers/gpu/drm/xe/xe_guc_ct.c:1703:43: error: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat] 1703 | drm_printf(p, "[CTB].length: 0x%lx\n", snapshot->ctb_size); | ~~~ ^~~~~~~~~~~~~~~~~~ | %zx 1 error generated. ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67d98d1028b1441c081c5d19 #kernelci issue maestro:654a7499ce48b09c6748b92c5ad90055057a67a1 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: use the recalculated transaction reservation in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a18a69bbec083093c3bfebaec13ce0b4c6b2af7e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031846-septic-french-4efb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a18a69bbec083093c3bfebaec13ce0b4c6b2af7e Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Fri, 30 Aug 2024 15:37:00 -0700 Subject: [PATCH] xfs: use the recalculated transaction reservation in xfs_growfs_rt_bmblock After going great length to calculate the transaction reservation for the new geometry, we should also use it to allocate the transaction it was calculated for. Fixes: 578bd4ce7100 ("xfs: recompute growfsrtfree transaction reservation while growing rt volume") Signed-off-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c index d290749b0304..a9f08d96f1fe 100644 --- a/fs/xfs/xfs_rtalloc.c +++ b/fs/xfs/xfs_rtalloc.c @@ -730,10 +730,12 @@ xfs_growfs_rt_bmblock( xfs_rtsummary_blockcount(mp, nmp->m_rsumlevels, nmp->m_sb.sb_rbmblocks)); - /* recompute growfsrt reservation from new rsumsize */ + /* + * Recompute the growfsrt reservation from the new rsumsize, so that the + * transaction below use the new, potentially larger value. + * */ xfs_trans_resv_calc(nmp, &nmp->m_resv); - - error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growrtfree, 0, 0, 0, + error = xfs_trans_alloc(mp, &M_RES(nmp)->tr_growrtfree, 0, 0, 0, &args.tp); if (error) goto out_free;

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] in io_uring/io_uring.o (io_uring/io_uring.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:cbcc52388974e489070975f640bce79475aeb50a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 463226a52e45030747cdf2c689bf719e1ab21055 Log excerpt: ===================================================== io_uring/io_uring.c:2540:17: error: implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] 2540 | vunmap(ptr); | ^~~~~~ | kunmap io_uring/io_uring.c: In function ‘io_mem_alloc_single’: io_uring/io_uring.c:2588:15: error: implicit declaration of function ‘vmap’; did you mean ‘kmap’? [-Werror=implicit-function-declaration] 2588 | ret = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~ | kmap io_uring/io_uring.c:2588:37: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2588 | ret = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE io_uring/io_uring.c:2588:37: note: each undeclared identifier is reported only once for each function it appears in CC fs/read_write.o CC kernel/bpf/core.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b2228b1441c081c54ba #kernelci issue maestro:cbcc52388974e489070975f640bce79475aeb50a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) ‘fb_center_logo’ undeclared (first use in this function); did you ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- ‘fb_center_logo’ undeclared (first use in this function); did you mean ‘fb_prepare_logo’? in drivers/video/fbdev/core/fbcon.o (drivers/video/fbdev/core/fbcon.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:e495b4ec34845e228a5f1639d0ec805fdbb6e7c0 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 52baa369b052eae3278dda3062d63a3058eb9cfe Log excerpt: ===================================================== drivers/video/fbdev/core/fbcon.c:478:33: error: ‘fb_center_logo’ undeclared (first use in this function); did you mean ‘fb_prepare_logo’? 478 | fb_center_logo = true; | ^~~~~~~~~~~~~~ | fb_prepare_logo drivers/video/fbdev/core/fbcon.c:478:33: note: each undeclared identifier is reported only once for each function it appears in CC fs/ubifs/budget.o drivers/video/fbdev/core/fbcon.c:485:33: error: ‘fb_logo_count’ undeclared (first use in this function); did you mean ‘file_count’? 485 | fb_logo_count = simple_strtol(options, &options, 0); | ^~~~~~~~~~~~~ | file_count ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-mediatek.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b4f28b1441c081c5566 ## cros://chromeos-6.6/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b5428b1441c081c558c ## cros://chromeos-6.6/x86_64/chromeos-intel-pineview.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b5928b1441c081c558f ## multi_v5_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b8f28b1441c081c5622 ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b8028b1441c081c55fe ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98b8a28b1441c081c561f #kernelci issue maestro:e495b4ec34845e228a5f1639d0ec805fdbb6e7c0 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] in io_uring/io_uring.o (io_uring/io_uring.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:160797c1391e9c7479eace7259b46a47c35c7db7 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 52baa369b052eae3278dda3062d63a3058eb9cfe Log excerpt: ===================================================== io_uring/io_uring.c:2708:17: error: implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] 2708 | vunmap(ptr); | ^~~~~~ | kunmap io_uring/io_uring.c: In function ‘__io_uaddr_map’: io_uring/io_uring.c:2784:21: error: implicit declaration of function ‘vmap’; did you mean ‘kmap’? [-Werror=implicit-function-declaration] 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~ | kmap io_uring/io_uring.c:2784:48: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE io_uring/io_uring.c:2784:48: note: each undeclared identifier is reported only once for each function it appears in io_uring/io_uring.c: In function ‘io_mem_alloc_single’: io_uring/io_uring.c:2863:37: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2863 | ret = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE CC crypto/sha256_generic.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98bca28b1441c081c56f5 #kernelci issue maestro:160797c1391e9c7479eace7259b46a47c35c7db7 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

[PATCH] mtd: nand: Fix a kdoc comment

by Miquel Raynal

The max_bad_eraseblocks_per_lun member of nand_device obviously describes a number of *maximum* number of bad eraseblocks per LUN. Fix this obvious typo. Fixes: 377e517b5fa5 ("mtd: nand: Add max_bad_eraseblocks_per_lun info to memorg") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- include/linux/mtd/nand.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mtd/nand.h b/include/linux/mtd/nand.h index 0e2f228e8b4a..07486168d104 100644 --- a/include/linux/mtd/nand.h +++ b/include/linux/mtd/nand.h @@ -21,7 +21,7 @@ struct nand_device; * @oobsize: OOB area size * @pages_per_eraseblock: number of pages per eraseblock * @eraseblocks_per_lun: number of eraseblocks per LUN (Logical Unit Number) - * @max_bad_eraseblocks_per_lun: maximum number of eraseblocks per LUN + * @max_bad_eraseblocks_per_lun: maximum number of bad eraseblocks per LUN * @planes_per_lun: number of planes per LUN * @luns_per_target: number of LUN per target (target is a synonym for die) * @ntargets: total number of targets exposed by the NAND device -- 2.48.1

1 month, 1 week

2
3
0 0

[PATCH v2 7/8] selftests/landlock: Add a new test for setuid()

by Mickaël Salaün

The new signal_scoping_thread_setuid tests check that the libc's setuid() function works as expected even when a thread is sandboxed with scoped signal restrictions. Before the signal scoping fix, this test would have failed with the setuid() call: [pid 65] getpid() = 65 [pid 65] tgkill(65, 66, SIGRT_1) = -1 EPERM (Operation not permitted) [pid 65] futex(0x40a66cdc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 65] setuid(1001) = 0 After the fix, tgkill(2) is successfully leveraged to synchronize credentials update across threads: [pid 65] getpid() = 65 [pid 65] tgkill(65, 66, SIGRT_1) = 0 [pid 66] <... read resumed>0x40a65eb7, 1) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 66] --- SIGRT_1 {si_signo=SIGRT_1, si_code=SI_TKILL, si_pid=65, si_uid=1000} --- [pid 66] getpid() = 65 [pid 66] setuid(1001) = 0 [pid 66] futex(0x40a66cdc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 66] rt_sigreturn({mask=[]}) = 0 [pid 66] read(3, <unfinished ...> [pid 65] setuid(1001) = 0 Test coverage for security/landlock is 92.9% of 1053 lines according to gcc/gcov-14. Fixes: c8994965013e ("selftests/landlock: Test signal scoping for threads") Cc: Günther Noack <gnoack(a)google.com> Cc: Tahera Fahimi <fahimitahera(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-8-mic@digikod.net --- Changes since v1: - New patch. --- tools/testing/selftests/landlock/common.h | 1 + .../selftests/landlock/scoped_signal_test.c | 59 +++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/tools/testing/selftests/landlock/common.h b/tools/testing/selftests/landlock/common.h index 6064c9ac0532..076a9a625c98 100644 --- a/tools/testing/selftests/landlock/common.h +++ b/tools/testing/selftests/landlock/common.h @@ -41,6 +41,7 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all) CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, + CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_CHROOT, /* clang-format on */ diff --git a/tools/testing/selftests/landlock/scoped_signal_test.c b/tools/testing/selftests/landlock/scoped_signal_test.c index d313cb626225..d8bf33417619 100644 --- a/tools/testing/selftests/landlock/scoped_signal_test.c +++ b/tools/testing/selftests/landlock/scoped_signal_test.c @@ -253,6 +253,7 @@ enum thread_return { THREAD_INVALID = 0, THREAD_SUCCESS = 1, THREAD_ERROR = 2, + THREAD_TEST_FAILED = 3, }; static void *thread_sync(void *arg) @@ -316,6 +317,64 @@ TEST(signal_scoping_thread_after) EXPECT_EQ(0, close(thread_pipe[1])); } +struct thread_setuid_args { + int pipe_read, new_uid; +}; + +void *thread_setuid(void *ptr) +{ + const struct thread_setuid_args *arg = ptr; + char buf; + + if (read(arg->pipe_read, &buf, 1) != 1) + return (void *)THREAD_ERROR; + + /* libc's setuid() should update all thread's credentials. */ + if (getuid() != arg->new_uid) + return (void *)THREAD_TEST_FAILED; + + return (void *)THREAD_SUCCESS; +} + +TEST(signal_scoping_thread_setuid) +{ + struct thread_setuid_args arg; + pthread_t no_sandbox_thread; + enum thread_return ret = THREAD_INVALID; + int pipe_parent[2]; + int prev_uid; + + disable_caps(_metadata); + + /* This test does not need to be run as root. */ + prev_uid = getuid(); + arg.new_uid = prev_uid + 1; + EXPECT_LT(0, arg.new_uid); + + ASSERT_EQ(0, pipe2(pipe_parent, O_CLOEXEC)); + arg.pipe_read = pipe_parent[0]; + + /* Capabilities must be set before creating a new thread. */ + set_cap(_metadata, CAP_SETUID); + ASSERT_EQ(0, pthread_create(&no_sandbox_thread, NULL, thread_setuid, + &arg)); + + /* Enforces restriction after creating the thread. */ + create_scoped_domain(_metadata, LANDLOCK_SCOPE_SIGNAL); + + EXPECT_NE(arg.new_uid, getuid()); + EXPECT_EQ(0, setuid(arg.new_uid)); + EXPECT_EQ(arg.new_uid, getuid()); + EXPECT_EQ(1, write(pipe_parent[1], ".", 1)); + + EXPECT_EQ(0, pthread_join(no_sandbox_thread, (void **)&ret)); + EXPECT_EQ(THREAD_SUCCESS, ret); + + clear_cap(_metadata, CAP_SETUID); + EXPECT_EQ(0, close(pipe_parent[0])); + EXPECT_EQ(0, close(pipe_parent[1])); +} + const short backlog = 10; static volatile sig_atomic_t signal_received; -- 2.48.1

1 month, 1 week

1
0
0 0

[PATCH v2 6/8] selftests/landlock: Split signal_scoping_threads tests

by Mickaël Salaün

Split signal_scoping_threads tests into signal_scoping_thread_before and signal_scoping_thread_after. Use local variables for thread synchronization. Fix exported function. Replace some asserts with expects. Fixes: c8994965013e ("selftests/landlock: Test signal scoping for threads") Cc: Günther Noack <gnoack(a)google.com> Cc: Tahera Fahimi <fahimitahera(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-7-mic@digikod.net --- Changes since v1: - New patch. --- .../selftests/landlock/scoped_signal_test.c | 49 +++++++++++++------ 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/tools/testing/selftests/landlock/scoped_signal_test.c b/tools/testing/selftests/landlock/scoped_signal_test.c index 767f117703b7..d313cb626225 100644 --- a/tools/testing/selftests/landlock/scoped_signal_test.c +++ b/tools/testing/selftests/landlock/scoped_signal_test.c @@ -249,47 +249,66 @@ TEST_F(scoped_domains, check_access_signal) _metadata->exit_code = KSFT_FAIL; } -static int thread_pipe[2]; - enum thread_return { THREAD_INVALID = 0, THREAD_SUCCESS = 1, THREAD_ERROR = 2, }; -void *thread_func(void *arg) +static void *thread_sync(void *arg) { + const int pipe_read = *(int *)arg; char buf; - if (read(thread_pipe[0], &buf, 1) != 1) + if (read(pipe_read, &buf, 1) != 1) return (void *)THREAD_ERROR; return (void *)THREAD_SUCCESS; } -TEST(signal_scoping_threads) +TEST(signal_scoping_thread_before) { - pthread_t no_sandbox_thread, scoped_thread; + pthread_t no_sandbox_thread; enum thread_return ret = THREAD_INVALID; + int thread_pipe[2]; drop_caps(_metadata); ASSERT_EQ(0, pipe2(thread_pipe, O_CLOEXEC)); - ASSERT_EQ(0, - pthread_create(&no_sandbox_thread, NULL, thread_func, NULL)); + ASSERT_EQ(0, pthread_create(&no_sandbox_thread, NULL, thread_sync, + &thread_pipe[0])); - /* Restricts the domain after creating the first thread. */ + /* Enforces restriction after creating the thread. */ create_scoped_domain(_metadata, LANDLOCK_SCOPE_SIGNAL); - ASSERT_EQ(0, pthread_kill(no_sandbox_thread, 0)); - ASSERT_EQ(1, write(thread_pipe[1], ".", 1)); - - ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_func, NULL)); - ASSERT_EQ(0, pthread_kill(scoped_thread, 0)); - ASSERT_EQ(1, write(thread_pipe[1], ".", 1)); + EXPECT_EQ(0, pthread_kill(no_sandbox_thread, 0)); + EXPECT_EQ(1, write(thread_pipe[1], ".", 1)); EXPECT_EQ(0, pthread_join(no_sandbox_thread, (void **)&ret)); EXPECT_EQ(THREAD_SUCCESS, ret); + + EXPECT_EQ(0, close(thread_pipe[0])); + EXPECT_EQ(0, close(thread_pipe[1])); +} + +TEST(signal_scoping_thread_after) +{ + pthread_t scoped_thread; + enum thread_return ret = THREAD_INVALID; + int thread_pipe[2]; + + drop_caps(_metadata); + ASSERT_EQ(0, pipe2(thread_pipe, O_CLOEXEC)); + + /* Enforces restriction before creating the thread. */ + create_scoped_domain(_metadata, LANDLOCK_SCOPE_SIGNAL); + + ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_sync, + &thread_pipe[0])); + + EXPECT_EQ(0, pthread_kill(scoped_thread, 0)); + EXPECT_EQ(1, write(thread_pipe[1], ".", 1)); + EXPECT_EQ(0, pthread_join(scoped_thread, (void **)&ret)); EXPECT_EQ(THREAD_SUCCESS, ret); -- 2.48.1

1 month, 1 week

1
0
0 0

[PATCH v2 4/8] landlock: Prepare to add second errata

by Mickaël Salaün

Potentially include errata for Landlock ABI v5 (Linux 6.10) and v6 (Linux 6.12). That will be useful for the following signal scoping erratum. As explained in errata.h, this commit should be backportable without conflict down to ABI v5. It must then not include the errata/abi-6.h file. Fixes: 54a6e6bbf3be ("landlock: Add signal scoping") Cc: Günther Noack <gnoack(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-5-mic@digikod.net --- Changes since v1: - New patch. --- security/landlock/errata.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/security/landlock/errata.h b/security/landlock/errata.h index f26b28b9873d..8e626accac10 100644 --- a/security/landlock/errata.h +++ b/security/landlock/errata.h @@ -63,6 +63,18 @@ static const struct landlock_erratum landlock_errata_init[] __initconst = { #endif #undef LANDLOCK_ERRATA_ABI +#define LANDLOCK_ERRATA_ABI 5 +#if __has_include("errata/abi-5.h") +#include "errata/abi-5.h" +#endif +#undef LANDLOCK_ERRATA_ABI + +#define LANDLOCK_ERRATA_ABI 6 +#if __has_include("errata/abi-6.h") +#include "errata/abi-6.h" +#endif +#undef LANDLOCK_ERRATA_ABI + /* * For each new erratum, we need to include all the ABI files up to the impacted * ABI to make all potential future intermediate errata easy to backport. -- 2.48.1

1 month, 1 week

1
0
0 0

[PATCH v2 3/8] landlock: Add erratum for TCP fix

by Mickaël Salaün

Add erratum for the TCP socket identification fixed with commit 854277e2cc8c ("landlock: Fix non-TCP sockets restriction"). Fixes: 854277e2cc8c ("landlock: Fix non-TCP sockets restriction") Cc: Günther Noack <gnoack(a)google.com> Cc: Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-4-mic@digikod.net --- Changes since v1: - New patch. --- security/landlock/errata/abi-4.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 security/landlock/errata/abi-4.h diff --git a/security/landlock/errata/abi-4.h b/security/landlock/errata/abi-4.h new file mode 100644 index 000000000000..c052ee54f89f --- /dev/null +++ b/security/landlock/errata/abi-4.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +/** + * DOC: erratum_1 + * + * Erratum 1: TCP socket identification + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * This fix addresses an issue where IPv4 and IPv6 stream sockets (e.g., SMC, + * MPTCP, or SCTP) were incorrectly restricted by TCP access rights during + * :manpage:`bind(2)` and :manpage:`connect(2)` operations. This change ensures + * that only TCP sockets are subject to TCP access rights, allowing other + * protocols to operate without unnecessary restrictions. + */ +LANDLOCK_ERRATUM(1) -- 2.48.1

1 month, 1 week

1
0
0 0

[PATCH v2 1/8] landlock: Move code to ease future backports

by Mickaël Salaün

To ease backports in setup.c, let's group changes from __lsm_ro_after_init to __ro_after_init with commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality"), and the landlock_lsmid addition with commit f3b8788cde61 ("LSM: Identify modules by more than name"). That will help to backport the following errata. Cc: Günther Noack <gnoack(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20250318161443.279194-2-mic@digikod.net --- Changes since v1: - New patch. --- security/landlock/setup.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 28519a45b11f..c71832a8e369 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -19,6 +19,11 @@ bool landlock_initialized __ro_after_init = false; +const struct lsm_id landlock_lsmid = { + .name = LANDLOCK_NAME, + .id = LSM_ID_LANDLOCK, +}; + struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { .lbs_cred = sizeof(struct landlock_cred_security), .lbs_file = sizeof(struct landlock_file_security), @@ -26,11 +31,6 @@ struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; -const struct lsm_id landlock_lsmid = { - .name = LANDLOCK_NAME, - .id = LSM_ID_LANDLOCK, -}; - static int __init landlock_init(void) { landlock_add_cred_hooks(); -- 2.48.1

1 month, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] in io_uring/io_uring.o (io_uring/io_uring.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:160797c1391e9c7479eace7259b46a47c35c7db7 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 52baa369b052eae3278dda3062d63a3058eb9cfe Log excerpt: ===================================================== io_uring/io_uring.c:2708:17: error: implicit declaration of function ‘vunmap’; did you mean ‘kunmap’? [-Werror=implicit-function-declaration] 2708 | vunmap(ptr); | ^~~~~~ | kunmap io_uring/io_uring.c: In function ‘__io_uaddr_map’: io_uring/io_uring.c:2784:21: error: implicit declaration of function ‘vmap’; did you mean ‘kmap’? [-Werror=implicit-function-declaration] 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~ | kmap io_uring/io_uring.c:2784:48: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2784 | page_addr = vmap(page_array, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE io_uring/io_uring.c:2784:48: note: each undeclared identifier is reported only once for each function it appears in io_uring/io_uring.c: In function ‘io_mem_alloc_single’: io_uring/io_uring.c:2863:37: error: ‘VM_MAP’ undeclared (first use in this function); did you mean ‘VM_MTE’? 2863 | ret = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL); | ^~~~~~ | VM_MTE CC crypto/sha256_generic.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## 32r2el_defconfig on (mips): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67d98bca28b1441c081c56f5 #kernelci issue maestro:160797c1391e9c7479eace7259b46a47c35c7db7 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 month, 1 week

1
0
0 0

Re: Patch "mm: shmem: skip swapcache for swapin of synchronous swap device" has been added to the 6.12-stable tree

by Hugh Dickins

On Tue, 18 Mar 2025, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > mm: shmem: skip swapcache for swapin of synchronous swap device > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > mm-shmem-skip-swapcache-for-swapin-of-synchronous-sw.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit df6cb03ef8e3bf53ebe143c79cf2c073bfa0584b > Author: Baolin Wang <baolin.wang(a)linux.alibaba.com> > Date: Wed Jan 8 10:16:49 2025 +0800 > > mm: shmem: skip swapcache for swapin of synchronous swap device > > [ Upstream commit 1dd44c0af4fa1e80a4e82faa10cbf5d22da40362 ] > > With fast swap devices (such as zram), swapin latency is crucial to > applications. For shmem swapin, similar to anonymous memory swapin, we > can skip the swapcache operation to improve swapin latency. Testing 1G > shmem sequential swapin without THP enabled, I observed approximately a 6% > performance improvement: (Note: I repeated 5 times and took the mean data > for each test) > > w/o patch w/ patch changes > 534.8ms 501ms +6.3% > > In addition, currently, we always split the large swap entry stored in the > shmem mapping during shmem large folio swapin, which is not perfect, > especially with a fast swap device. We should swap in the whole large > folio instead of splitting the precious large folios to take advantage of > the large folios and improve the swapin latency if the swap device is > synchronous device, which is similar to anonymous memory mTHP swapin. > Testing 1G shmem sequential swapin with 64K mTHP and 2M mTHP, I observed > obvious performance improvement: > > mTHP=64K > w/o patch w/ patch changes > 550.4ms 169.6ms +69% > > mTHP=2M > w/o patch w/ patch changes > 542.8ms 126.8ms +77% > > Note that skipping swapcache requires attention to concurrent swapin > scenarios. Fortunately the swapcache_prepare() and > shmem_add_to_page_cache() can help identify concurrent swapin and large > swap entry split scenarios, and return -EEXIST for retry. > > [akpm(a)linux-foundation.org: use IS_ENABLED(), tweak comment grammar] > Link: https://lkml.kernel.org/r/3d9f3bd3bc6ec953054baff5134f66feeaae7c1e.17363017… > Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> > Cc: David Hildenbrand <david(a)redhat.com> > Cc: "Huang, Ying" <ying.huang(a)linux.alibaba.com> > Cc: Hugh Dickins <hughd(a)google.com> > Cc: Kairui Song <kasong(a)tencent.com> > Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> > Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> > Cc: Ryan Roberts <ryan.roberts(a)arm.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Stable-dep-of: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> No, NAK to this one going to stable. Hugh > > diff --git a/mm/shmem.c b/mm/shmem.c > index 5960e5035f983..738893d7fe083 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1878,6 +1878,65 @@ static struct folio *shmem_alloc_and_add_folio(struct vm_fault *vmf, > return ERR_PTR(error); > } > > +static struct folio *shmem_swap_alloc_folio(struct inode *inode, > + struct vm_area_struct *vma, pgoff_t index, > + swp_entry_t entry, int order, gfp_t gfp) > +{ > + struct shmem_inode_info *info = SHMEM_I(inode); > + struct folio *new; > + void *shadow; > + int nr_pages; > + > + /* > + * We have arrived here because our zones are constrained, so don't > + * limit chance of success with further cpuset and node constraints. > + */ > + gfp &= ~GFP_CONSTRAINT_MASK; > + if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && order > 0) { > + gfp_t huge_gfp = vma_thp_gfp_mask(vma); > + > + gfp = limit_gfp_mask(huge_gfp, gfp); > + } > + > + new = shmem_alloc_folio(gfp, order, info, index); > + if (!new) > + return ERR_PTR(-ENOMEM); > + > + nr_pages = folio_nr_pages(new); > + if (mem_cgroup_swapin_charge_folio(new, vma ? vma->vm_mm : NULL, > + gfp, entry)) { > + folio_put(new); > + return ERR_PTR(-ENOMEM); > + } > + > + /* > + * Prevent parallel swapin from proceeding with the swap cache flag. > + * > + * Of course there is another possible concurrent scenario as well, > + * that is to say, the swap cache flag of a large folio has already > + * been set by swapcache_prepare(), while another thread may have > + * already split the large swap entry stored in the shmem mapping. > + * In this case, shmem_add_to_page_cache() will help identify the > + * concurrent swapin and return -EEXIST. > + */ > + if (swapcache_prepare(entry, nr_pages)) { > + folio_put(new); > + return ERR_PTR(-EEXIST); > + } > + > + __folio_set_locked(new); > + __folio_set_swapbacked(new); > + new->swap = entry; > + > + mem_cgroup_swapin_uncharge_swap(entry, nr_pages); > + shadow = get_shadow_from_swap_cache(entry); > + if (shadow) > + workingset_refault(new, shadow); > + folio_add_lru(new); > + swap_read_folio(new, NULL); > + return new; > +} > + > /* > * When a page is moved from swapcache to shmem filecache (either by the > * usual swapin of shmem_get_folio_gfp(), or by the less common swapoff of > @@ -1981,7 +2040,8 @@ static int shmem_replace_folio(struct folio **foliop, gfp_t gfp, > } > > static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index, > - struct folio *folio, swp_entry_t swap) > + struct folio *folio, swp_entry_t swap, > + bool skip_swapcache) > { > struct address_space *mapping = inode->i_mapping; > swp_entry_t swapin_error; > @@ -1997,7 +2057,8 @@ static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index, > > nr_pages = folio_nr_pages(folio); > folio_wait_writeback(folio); > - delete_from_swap_cache(folio); > + if (!skip_swapcache) > + delete_from_swap_cache(folio); > /* > * Don't treat swapin error folio as alloced. Otherwise inode->i_blocks > * won't be 0 when inode is released and thus trigger WARN_ON(i_blocks) > @@ -2101,6 +2162,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > struct shmem_inode_info *info = SHMEM_I(inode); > struct swap_info_struct *si; > struct folio *folio = NULL; > + bool skip_swapcache = false; > swp_entry_t swap; > int error, nr_pages; > > @@ -2122,6 +2184,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > /* Look it up and read it in.. */ > folio = swap_cache_get_folio(swap, NULL, 0); > if (!folio) { > + int order = xa_get_order(&mapping->i_pages, index); > + bool fallback_order0 = false; > int split_order; > > /* Or update major stats only when swapin succeeds?? */ > @@ -2131,6 +2195,33 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > count_memcg_event_mm(fault_mm, PGMAJFAULT); > } > > + /* > + * If uffd is active for the vma, we need per-page fault > + * fidelity to maintain the uffd semantics, then fallback > + * to swapin order-0 folio, as well as for zswap case. > + */ > + if (order > 0 && ((vma && unlikely(userfaultfd_armed(vma))) || > + !zswap_never_enabled())) > + fallback_order0 = true; > + > + /* Skip swapcache for synchronous device. */ > + if (!fallback_order0 && data_race(si->flags & SWP_SYNCHRONOUS_IO)) { > + folio = shmem_swap_alloc_folio(inode, vma, index, swap, order, gfp); > + if (!IS_ERR(folio)) { > + skip_swapcache = true; > + goto alloced; > + } > + > + /* > + * Fallback to swapin order-0 folio unless the swap entry > + * already exists. > + */ > + error = PTR_ERR(folio); > + folio = NULL; > + if (error == -EEXIST) > + goto failed; > + } > + > /* > * Now swap device can only swap in order 0 folio, then we > * should split the large swap entry stored in the pagecache > @@ -2161,9 +2252,10 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > } > } > > +alloced: > /* We have to do this with folio locked to prevent races */ > folio_lock(folio); > - if (!folio_test_swapcache(folio) || > + if ((!skip_swapcache && !folio_test_swapcache(folio)) || > folio->swap.val != swap.val || > !shmem_confirm_swap(mapping, index, swap)) { > error = -EEXIST; > @@ -2199,7 +2291,12 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > if (sgp == SGP_WRITE) > folio_mark_accessed(folio); > > - delete_from_swap_cache(folio); > + if (skip_swapcache) { > + folio->swap.val = 0; > + swapcache_clear(si, swap, nr_pages); > + } else { > + delete_from_swap_cache(folio); > + } > folio_mark_dirty(folio); > swap_free_nr(swap, nr_pages); > put_swap_device(si); > @@ -2210,8 +2307,11 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > if (!shmem_confirm_swap(mapping, index, swap)) > error = -EEXIST; > if (error == -EIO) > - shmem_set_folio_swapin_error(inode, index, folio, swap); > + shmem_set_folio_swapin_error(inode, index, folio, swap, > + skip_swapcache); > unlock: > + if (skip_swapcache) > + swapcache_clear(si, swap, folio_nr_pages(folio)); > if (folio) { > folio_unlock(folio); > folio_put(folio); >

1 month, 1 week

1
0
0 0

[PATCH 6.1&6.6 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0

by Huacai Chen

Backport this series to 6.1&6.6 because we get build errors with GCC14 and OpenSSL3 (or later): certs/extract-cert.c: In function 'main': certs/extract-cert.c:124:17: error: implicit declaration of function 'ENGINE_load_builtin_engines' [-Wimplicit-function-declaration] 124 | ENGINE_load_builtin_engines(); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ certs/extract-cert.c:126:21: error: implicit declaration of function 'ENGINE_by_id' [-Wimplicit-function-declaration] 126 | e = ENGINE_by_id("pkcs11"); | ^~~~~~~~~~~~ certs/extract-cert.c:126:19: error: assignment to 'ENGINE *' {aka 'struct engine_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion] 126 | e = ENGINE_by_id("pkcs11"); | ^ certs/extract-cert.c:128:21: error: implicit declaration of function 'ENGINE_init' [-Wimplicit-function-declaration] 128 | if (ENGINE_init(e)) | ^~~~~~~~~~~ certs/extract-cert.c:133:30: error: implicit declaration of function 'ENGINE_ctrl_cmd_string' [-Wimplicit-function-declaration] 133 | ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); | ^~~~~~~~~~~~~~~~~~~~~~ certs/extract-cert.c:64:32: note: in definition of macro 'ERR' 64 | bool __cond = (cond); \ | ^~~~ certs/extract-cert.c:134:17: error: implicit declaration of function 'ENGINE_ctrl_cmd' [-Wimplicit-function-declaration] 134 | ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); | ^~~~~~~~~~~~~~~ In theory 5.4&5.10&5.15 also need this, but they need more efforts because file paths are different. The ENGINE interface has its limitations and it has been superseded by the PROVIDER API, it is deprecated in OpenSSL version 3.0. Some distros have started removing it from header files. Update sign-file and extract-cert to use PROVIDER API for OpenSSL Major >= 3. Tested on F39 with openssl-3.1.1, pkcs11-provider-0.5-2, openssl-pkcs11-0.4.12-4 and softhsm-2.6.1-5 by using same key/cert as PEM and PKCS11 and comparing that the result is identical. Jan Stancek (3): sign-file,extract-cert: move common SSL helper functions to a header sign-file,extract-cert: avoid using deprecated ERR_get_error_line() sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Signed-off-by: Jan Stancek <jstancek(a)redhat.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- MAINTAINERS | 1 + certs/Makefile | 2 +- certs/extract-cert.c | 138 +++++++++++++++++++++++-------------------- scripts/sign-file.c | 134 +++++++++++++++++++++-------------------- scripts/ssl-common.h | 32 ++++++++++ 5 files changed, 178 insertions(+), 129 deletions(-) create mode 100644 scripts/ssl-common.h --- 2.27.0

1 month, 1 week

3
7
0 0

[PATCH 6.1.y] drm/mediatek: Fix coverity issue with unintentional integer overflow

by bin.lan.cn＠windriver.com

From: "Jason-JH.Lin" <jason-jh.lin(a)mediatek.com> [ Upstream commit b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 ] 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. Add a int variable for multiplier calculation instead of calculating different types multiplier with dma_addr_t variable directly. Fixes: 1a64a7aff8da ("drm/mediatek: Fix cursor plane no update") Signed-off-by: Jason-JH.Lin <jason-jh.lin(a)mediatek.com> Reviewed-by: Alexandre Mergnat <amergnat(a)baylibre.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20230907091425.9526-1-… Signed-off-by: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> [ For certain code segments with coverity issue do not exist in function mtk_plane_update_new_state(), those not present in v6.1 are not back ported. ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 9 ++++++++- drivers/gpu/drm/mediatek/mtk_drm_plane.c | 13 +++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_gem.c b/drivers/gpu/drm/mediatek/mtk_drm_gem.c index 21e584038581..336a6ee792c6 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_gem.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_gem.c @@ -119,7 +119,14 @@ int mtk_drm_gem_dumb_create(struct drm_file *file_priv, struct drm_device *dev, int ret; args->pitch = DIV_ROUND_UP(args->width * args->bpp, 8); - args->size = args->pitch * args->height; + + /* + * Multiply 2 variables of different types, + * for example: args->size = args->spacing * args->height; + * may cause coverity issue with unintentional overflow. + */ + args->size = args->pitch; + args->size *= args->height; mtk_gem = mtk_drm_gem_create(dev, args->size, false); if (IS_ERR(mtk_gem)) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c index 30d361671aa9..fb062e52eb12 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c @@ -120,6 +120,7 @@ static void mtk_plane_update_new_state(struct drm_plane_state *new_state, struct mtk_drm_gem_obj *mtk_gem; unsigned int pitch, format; dma_addr_t addr; + int offset; gem = fb->obj[0]; mtk_gem = to_mtk_gem_obj(gem); @@ -127,8 +128,16 @@ static void mtk_plane_update_new_state(struct drm_plane_state *new_state, pitch = fb->pitches[0]; format = fb->format->format; - addr += (new_state->src.x1 >> 16) * fb->format->cpp[0]; - addr += (new_state->src.y1 >> 16) * pitch; + /* + * Using dma_addr_t variable to calculate with multiplier of different types, + * for example: addr += (new_state->src.x1 >> 16) * fb->format->cpp[0]; + * may cause coverity issue with unintentional overflow. + */ + offset = (new_state->src.x1 >> 16) * fb->format->cpp[0]; + addr += offset; + offset = (new_state->src.y1 >> 16) * pitch; + addr += offset; + mtk_plane_state->pending.enable = true; mtk_plane_state->pending.pitch = pitch; -- 2.34.1

1 month, 1 week

2
1
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031653-guide-earthen-3c35@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 1 week

3
2
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031653-reboot-darwinism-60dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 1 week

3
2
0 0

[PATCH stable 5.4] mmc: cqhci: Fix checking of CQHCI_HALT state

by Kamal Dasu

From: Seunghwan Baek <sh8267.baek(a)samsung.com> commit aea62c744a9ae2a8247c54ec42138405216414da upstream To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Fixes: a4080225f51d ("mmc: cqhci: support for command queue enabled host") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> Reviewed-by: Ritesh Harjani <ritesh.list(a)gmail.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240829061823.3718-2-sh8267.baek@samsung.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Kamal Dasu <kamal.dasu(a)broadcom.com> --- drivers/mmc/host/cqhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/host/cqhci.c b/drivers/mmc/host/cqhci.c index 10b36b156562..ae9c184ed898 100644 --- a/drivers/mmc/host/cqhci.c +++ b/drivers/mmc/host/cqhci.c @@ -580,7 +580,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); } -- 2.43.0

1 month, 1 week

2
1
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031654-gulp-armful-f55b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 1 week

3
2
0 0

[PATCH 5.10] drm/amdgpu: Fix even more out of bound writes from debugfs

by Xiangyu Chen

From: Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> [ Upstream commit 3f4e54bd312d3dafb59daf2b97ffa08abebe60f5 ] CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67 Author: Thelford Williams <tdwilliamsiv(a)gmail.com> Date: Wed Oct 13 16:04:13 2021 -0400 drm/amdgpu: fix out of bounds write but amdgpu_dm_debugfs.c contains more of the same issue so fix the remaining ones. v2: * Add missing fix in dp_max_bpc_write (Harry Wentland) Fixes: 918698d5c2b5 ("drm/amd/display: Return the number of bytes parsed than allocated") Signed-off-by: Patrik Jakobsson <pjakobsson(a)suse.de> Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org [ Cherry-pick the fix and drop the following functions which were introduced since 5.13 or later: dp_max_bpc_write() was introduced in commit cca912e0a6b4 ("drm/amd/display: Add max bpc debugfs") dp_dsc_passthrough_set() was introduced in commit fcd1e484c8ae ("drm/amd/display: Add debugfs entry for dsc passthrough").] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index 32dbd2a27088..6914738f0275 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -424,7 +424,7 @@ static ssize_t dp_phy_settings_write(struct file *f, const char __user *buf, if (!wr_buf) return -ENOSPC; - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -576,7 +576,7 @@ static ssize_t dp_phy_test_pattern_debugfs_write(struct file *f, const char __us if (!wr_buf) return -ENOSPC; - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -1091,7 +1091,7 @@ static ssize_t dp_trigger_hotplug(struct file *f, const char __user *buf, return -ENOSPC; } - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -1272,7 +1272,7 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, return -ENOSPC; } - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -1426,7 +1426,7 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, return -ENOSPC; } - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -1580,7 +1580,7 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, return -ENOSPC; } - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { @@ -1727,7 +1727,7 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu return -ENOSPC; } - if (parse_write_buffer_into_params(wr_buf, size, + if (parse_write_buffer_into_params(wr_buf, wr_buf_size, (long *)param, buf, max_param_num, &param_nums)) { -- 2.25.1

1 month, 1 week

2
1
0 0

[PATCH 5.15.y] wifi: ath10k: avoid NULL pointer error during sdio remove

by alvalan9＠foxmail.com

From: Kang Yang <quic_kangyang(a)quicinc.com> [ Upstream commit 95c38953cb1ecf40399a676a1f85dfe2b5780a9a ] When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod ath10k', ath10k_sdio_remove() will call ath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release() will finally be called in ath10k_core_destroy(). This function will free struct cfg80211_registered_device *rdev and all its members, including wiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio workqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON. After device release, destroy_workqueue() will use NULL pointer then the kernel panic happen. Call trace: ath10k_sdio_remove ->ath10k_core_unregister …… ->ath10k_core_stop ->ath10k_hif_stop ->ath10k_sdio_irq_disable ->ath10k_hif_power_down ->del_timer_sync(&ar_sdio->sleep_timer) ->ath10k_core_destroy ->ath10k_mac_destroy ->ieee80211_free_hw ->wiphy_free …… ->wiphy_dev_release ->destroy_workqueue Need to call destroy_workqueue() before ath10k_core_destroy(), free the work queue buffer first and then free pointer of work queue by ath10k_core_destroy(). This order matches the error path order in ath10k_sdio_probe(). No work will be queued on sdio workqueue between it is destroyed and ath10k_core_destroy() is called. Based on the call_stack above, the reason is: Only ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and ath10k_sdio_irq_disable() will queue work on sdio workqueue. Sleep timer will be deleted before ath10k_core_destroy() in ath10k_hif_power_down(). ath10k_sdio_irq_disable() only be called in ath10k_hif_stop(). ath10k_core_unregister() will call ath10k_hif_power_down() to stop hif bus, so ath10k_sdio_hif_tx_sg() won't be called anymore. Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189 Signed-off-by: Kang Yang <quic_kangyang(a)quicinc.com> Tested-by: David Ruth <druth(a)chromium.org> Reviewed-by: David Ruth <druth(a)chromium.org> Link: https://patch.msgid.link/20241008022246.1010-1-quic_kangyang@quicinc.com Signed-off-by: Jeff Johnson <quic_jjohnson(a)quicinc.com> Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- drivers/net/wireless/ath/ath10k/sdio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c index 63e1c2d783c5..b2e0abb5b2b5 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.c +++ b/drivers/net/wireless/ath/ath10k/sdio.c @@ -3,6 +3,7 @@ * Copyright (c) 2004-2011 Atheros Communications Inc. * Copyright (c) 2011-2012,2017 Qualcomm Atheros, Inc. * Copyright (c) 2016-2017 Erik Stromdahl <erik.stromdahl(a)gmail.com> + * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved. */ #include <linux/module.h> @@ -2648,9 +2649,9 @@ static void ath10k_sdio_remove(struct sdio_func *func) netif_napi_del(&ar->napi); - ath10k_core_destroy(ar); - destroy_workqueue(ar_sdio->workqueue); + + ath10k_core_destroy(ar); } static const struct sdio_device_id ath10k_sdio_devices[] = { -- 2.34.1

1 month, 1 week

2
1
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031652-undiluted-junction-7d5e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 1 week

3
2
0 0

[PATCH] ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx The mute LED on this HP laptop uses ALC236 and requires a quirk to function. This patch enables the existing quirk for the device.

by Dhruv Deshpande

Signed-off-by: Dhruv Deshpande <dhrv.d(a)proton.me> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index a84857a3c2bf..c0b97c29bf89 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10519,6 +10519,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8811, "HP Spectre x360 15-eb1xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), SND_PCI_QUIRK(0x103c, 0x8812, "HP Spectre x360 15-eb1xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), SND_PCI_QUIRK(0x103c, 0x881d, "HP 250 G8 Notebook PC", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2), + SND_PCI_QUIRK(0x103c, 0x881e, "HP Laptop 15s-du3xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2), SND_PCI_QUIRK(0x103c, 0x8846, "HP EliteBook 850 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8847, "HP EliteBook x360 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x884b, "HP EliteBook 840 Aero G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), -- 2.48.1

1 month, 1 week

3
4
0 0

[PATCH] keys: Fix UAF in key_put()

by David Howells

From: Hillf Danton <hdanton(a)sina.com> Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that's a static global variable. However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key's usage is reduced to 0 - but now the code is looking at the key after the deadline, which is forbidden. Fix this on an expedited basis[*] by taking a ref on the key->user struct and caching the key length before dropping the refcount so that we can reduce the quota afterwards if we dropped the last ref. [*] This is going to hurt key_put() performance, so a better way is probably necessary, such as sticking the dead key onto a queue for the garbage collector to pick up rather than having it scan the serial number registry. Fixes: 9578e327b2b4 ("keys: update key quotas in key_put()") Reported-by: syzbot+6105ffc1ded71d194d6d(a)syzkaller.appspotmail.com Tested-by: syzbot+6105ffc1ded71d194d6d(a)syzkaller.appspotmail.com Suggested-by: Hillf Danton <hdanton(a)sina.com> Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Jarkko Sakkinen <jarkko(a)kernel.org> cc: Kees Cook <kees(a)kernel.org> cc: keyrings(a)vger.kernel.org cc: stable(a)vger.kernel.org # v6.10+ --- security/keys/key.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/security/keys/key.c b/security/keys/key.c index 3d7d185019d3..1e6028492355 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -645,21 +645,30 @@ EXPORT_SYMBOL(key_reject_and_link); */ void key_put(struct key *key) { + int quota_flag; + unsigned short len; + struct key_user *user; + if (key) { key_check(key); + quota_flag = test_bit(KEY_FLAG_IN_QUOTA, &key->flags); + len = key->quotalen; + user = key->user; + refcount_inc(&user->usage); if (refcount_dec_and_test(&key->usage)) { unsigned long flags; /* deal with the user's key tracking and quota */ - if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { - spin_lock_irqsave(&key->user->lock, flags); - key->user->qnkeys--; - key->user->qnbytes -= key->quotalen; - spin_unlock_irqrestore(&key->user->lock, flags); + if (quota_flag) { + spin_lock_irqsave(&user->lock, flags); + user->qnkeys--; + user->qnbytes -= len; + spin_unlock_irqrestore(&user->lock, flags); } schedule_work(&key_gc_work); } + key_user_put(user); } } EXPORT_SYMBOL(key_put);

1 month, 1 week

2
3
0 0

FAILED: patch "[PATCH] rust: init: fix `Zeroable` implementation for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x df27cef153603b18a7d094b53cc3d5264ff32797 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031635-resent-sniff-676f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df27cef153603b18a7d094b53cc3d5264ff32797 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Wed, 5 Mar 2025 13:29:01 +0000 Subject: [PATCH] rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and `Option<KBox<T>>` According to [1], `NonNull<T>` and `#[repr(transparent)]` wrapper types such as our custom `KBox<T>` have the null pointer optimization only if `T: Sized`. Thus remove the `Zeroable` implementation for the unsized case. Link: https://doc.rust-lang.org/stable/std/option/index.html#representation [1] Reported-by: Alice Ryhl <aliceryhl(a)google.com> Closes: https://lore.kernel.org/rust-for-linux/CAH5fLghL+qzrD8KiCF1V3vf2YcC6aWySzkm… Cc: stable(a)vger.kernel.org # v6.12+ (a custom patch will be needed for 6.6.y) Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Andreas Hindborg <a.hindborg(a)kernel.org> Link: https://lore.kernel.org/r/20250305132836.2145476-1-benno.lossin@proton.me [ Added Closes tag and moved up the Reported-by one. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 7fd1ea8265a5..8bbd5e3398fc 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1418,17 +1418,14 @@ macro_rules! impl_zeroable { // SAFETY: `T: Zeroable` and `UnsafeCell` is `repr(transparent)`. {<T: ?Sized + Zeroable>} UnsafeCell<T>, - // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee: + // https://doc.rust-lang.org/stable/std/option/index.html#representation). Option<NonZeroU8>, Option<NonZeroU16>, Option<NonZeroU32>, Option<NonZeroU64>, Option<NonZeroU128>, Option<NonZeroUsize>, Option<NonZeroI8>, Option<NonZeroI16>, Option<NonZeroI32>, Option<NonZeroI64>, Option<NonZeroI128>, Option<NonZeroIsize>, - - // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). - // - // In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant. - {<T: ?Sized>} Option<NonNull<T>>, - {<T: ?Sized>} Option<KBox<T>>, + {<T>} Option<NonNull<T>>, + {<T>} Option<KBox<T>>, // SAFETY: `null` pointer is valid. //

1 month, 1 week

5
9
0 0

[PATCH v2] media: v4l2-dev: fix error handling in __video_register_device()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. And move callback function before put_device(). As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: baa057e29b58 ("media: v4l2-dev: use pr_foo() for printing messages") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch as no callback function before put_device(). --- drivers/media/v4l2-core/v4l2-dev.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c index 5bcaeeba4d09..4a8fdf8115c0 100644 --- a/drivers/media/v4l2-core/v4l2-dev.c +++ b/drivers/media/v4l2-core/v4l2-dev.c @@ -1054,17 +1054,16 @@ int __video_register_device(struct video_device *vdev, vdev->dev.class = &video_class; vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor); vdev->dev.parent = vdev->dev_parent; + vdev->dev.release = v4l2_device_release; dev_set_name(&vdev->dev, "%s%d", name_base, vdev->num); mutex_lock(&videodev_lock); ret = device_register(&vdev->dev); if (ret < 0) { mutex_unlock(&videodev_lock); pr_err("%s: device_register failed\n", __func__); - goto cleanup; + put_device(&vdev->dev); + return ret; } - /* Register the release callback that will be called when the last - reference to the device goes away. */ - vdev->dev.release = v4l2_device_release; if (nr != -1 && nr != vdev->num && warn_if_nr_in_use) pr_warn("%s: requested %s%d, got %s\n", __func__, -- 2.25.1

1 month, 1 week

3
2
0 0

[PATCH net 1/6] can: ucan: fix out of bound read in strscpy() source

by Marc Kleine-Budde

From: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Commit 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()") unintentionally introduced a one byte out of bound read on strscpy()'s source argument (which is kind of ironic knowing that strscpy() is meant to be a more secure alternative :)). Let's consider below buffers: dest[len + 1]; /* will be NUL terminated */ src[len]; /* may not be NUL terminated */ When doing: strncpy(dest, src, len); dest[len] = '\0'; strncpy() will read up to len bytes from src. On the other hand: strscpy(dest, src, len + 1); will read up to len + 1 bytes from src, that is to say, an out of bound read of one byte will occur on src if it is not NUL terminated. Note that the src[len] byte is never copied, but strscpy() still needs to read it to check whether a truncation occurred or not. This exact pattern happened in ucan. The root cause is that the source is not NUL terminated. Instead of doing a copy in a local buffer, directly NUL terminate it as soon as usb_control_msg() returns. With this, the local firmware_str[] variable can be removed. On top of this do a couple refactors: - ucan_ctl_payload->raw is only used for the firmware string, so rename it to ucan_ctl_payload->fw_str and change its type from u8 to char. - ucan_device_request_in() is only used to retrieve the firmware string, so rename it to ucan_get_fw_str() and refactor it to make it directly handle all the string termination logic. Reported-by: syzbot+d7d8c418e8317899e88c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-can/67b323a4.050a0220.173698.002b.GAE@google.… Fixes: 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()") Signed-off-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250218143515.627682-2-mailhol.vincent@wanadoo.fr Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/ucan.c | 43 ++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 25 deletions(-) diff --git a/drivers/net/can/usb/ucan.c b/drivers/net/can/usb/ucan.c index 39a63b7313a4..07406daf7c88 100644 --- a/drivers/net/can/usb/ucan.c +++ b/drivers/net/can/usb/ucan.c @@ -186,7 +186,7 @@ union ucan_ctl_payload { */ struct ucan_ctl_cmd_get_protocol_version cmd_get_protocol_version; - u8 raw[128]; + u8 fw_str[128]; } __packed; enum { @@ -424,18 +424,20 @@ static int ucan_ctrl_command_out(struct ucan_priv *up, UCAN_USB_CTL_PIPE_TIMEOUT); } -static int ucan_device_request_in(struct ucan_priv *up, - u8 cmd, u16 subcmd, u16 datalen) +static void ucan_get_fw_str(struct ucan_priv *up, char *fw_str, size_t size) { - return usb_control_msg(up->udev, - usb_rcvctrlpipe(up->udev, 0), - cmd, - USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, - subcmd, - 0, - up->ctl_msg_buffer, - datalen, - UCAN_USB_CTL_PIPE_TIMEOUT); + int ret; + + ret = usb_control_msg(up->udev, usb_rcvctrlpipe(up->udev, 0), + UCAN_DEVICE_GET_FW_STRING, + USB_DIR_IN | USB_TYPE_VENDOR | + USB_RECIP_DEVICE, + 0, 0, fw_str, size - 1, + UCAN_USB_CTL_PIPE_TIMEOUT); + if (ret > 0) + fw_str[ret] = '\0'; + else + strscpy(fw_str, "unknown", size); } /* Parse the device information structure reported by the device and @@ -1314,7 +1316,6 @@ static int ucan_probe(struct usb_interface *intf, u8 in_ep_addr; u8 out_ep_addr; union ucan_ctl_payload *ctl_msg_buffer; - char firmware_str[sizeof(union ucan_ctl_payload) + 1]; udev = interface_to_usbdev(intf); @@ -1527,17 +1528,6 @@ static int ucan_probe(struct usb_interface *intf, */ ucan_parse_device_info(up, &ctl_msg_buffer->cmd_get_device_info); - /* just print some device information - if available */ - ret = ucan_device_request_in(up, UCAN_DEVICE_GET_FW_STRING, 0, - sizeof(union ucan_ctl_payload)); - if (ret > 0) { - /* copy string while ensuring zero termination */ - strscpy(firmware_str, up->ctl_msg_buffer->raw, - sizeof(union ucan_ctl_payload) + 1); - } else { - strcpy(firmware_str, "unknown"); - } - /* device is compatible, reset it */ ret = ucan_ctrl_command_out(up, UCAN_COMMAND_RESET, 0, 0); if (ret < 0) @@ -1555,7 +1545,10 @@ static int ucan_probe(struct usb_interface *intf, /* initialisation complete, log device info */ netdev_info(up->netdev, "registered device\n"); - netdev_info(up->netdev, "firmware string: %s\n", firmware_str); + ucan_get_fw_str(up, up->ctl_msg_buffer->fw_str, + sizeof(up->ctl_msg_buffer->fw_str)); + netdev_info(up->netdev, "firmware string: %s\n", + up->ctl_msg_buffer->fw_str); /* success */ return 0; base-commit: 4003c9e78778e93188a09d6043a74f7154449d43 -- 2.47.2

1 month, 1 week

2
1
0 0

[PATCH 37/40] drm/amd/display: Protect dml2_create()/dml2_copy()/dml2_create_copy()

by Huacai Chen

Commit 7da55c27e76749b9 ("drm/amd/display: Remove incorrect FP context start") removes the FP context protection of dml2_create(), and it said "All the DC_FP_START/END should be used before call anything from DML2". However, dml2_create()/dml2_copy()/dml2_create_copy() are not protected from their callers, causing such errors: do_fpu invoked from kernel context![#1]: CPU: 0 UID: 0 PID: 239 Comm: kworker/0:5 Not tainted 6.14.0-rc6+ #1 Workqueue: events work_for_cpu_fn pc ffff80000319de80 ra ffff80000319de5c tp 900000010575c000 sp 900000010575f840 a0 0000000000000000 a1 900000012f210130 a2 900000012f000000 a3 ffff80000357e268 a4 ffff80000357e260 a5 900000012ea52cf0 a6 0000000400000004 a7 0000012c00001388 t0 00001900000015e0 t1 ffff80000379d000 t2 0000000010624dd3 t3 0000006400000014 t4 00000000000003e8 t5 0000005000000018 t6 0000000000000020 t7 0000000f00000064 t8 000000000000002f u0 5f5e9200f8901912 s9 900000012d380010 s0 900000012ea51fd8 s1 900000012f000000 s2 9000000109296000 s3 0000000000000001 s4 0000000000001fd8 s5 0000000000000001 s6 ffff800003415000 s7 900000012d390000 s8 ffff800003211f80 ra: ffff80000319de5c dml21_apply_soc_bb_overrides+0x3c/0x960 [amdgpu] ERA: ffff80000319de80 dml21_apply_soc_bb_overrides+0x60/0x960 [amdgpu] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000004 (PPLV0 +PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) ESTAT: 000f0000 [FPD] (IS= ECode=15 EsubCode=0) PRID: 0014d010 (Loongson-64bit, Loongson-3C6000/S) Process kworker/0:5 (pid: 239, threadinfo=00000000927eadc6, task=000000008fd31682) Stack : 00040dc000003164 0000000000000001 900000012f210130 900000012eabeeb8 900000012f000000 ffff80000319fe48 900000012f210000 900000012f210130 900000012f000000 900000012eabeeb8 0000000000000001 ffff8000031a0064 900000010575f9f0 900000012f210130 900000012eac0000 900000012ea80000 900000012f000000 ffff8000031cefc4 900000010575f9f0 ffff8000035859c0 ffff800003414000 900000010575fa78 900000012f000000 ffff8000031b4c50 0000000000000000 9000000101c9d700 9000000109c40000 5f5e9200f8901912 900000012d3c4bd0 900000012d3c5000 ffff8000034aed18 900000012d380010 900000012d3c4bd0 ffff800003414000 900000012d380000 ffff800002ea49dc 0000000000000001 900000012d3c6000 00000000ffffe423 0000000000010000 ... Call Trace: [<ffff80000319de80>] dml21_apply_soc_bb_overrides+0x60/0x960 [amdgpu] [<ffff80000319fe44>] dml21_init+0xa4/0x280 [amdgpu] [<ffff8000031a0060>] dml21_create+0x40/0x80 [amdgpu] [<ffff8000031cefc0>] dc_state_create+0x100/0x160 [amdgpu] [<ffff8000031b4c4c>] dc_create+0x44c/0x640 [amdgpu] [<ffff800002ea49d8>] amdgpu_dm_init+0x3f8/0x2060 [amdgpu] [<ffff800002ea6658>] dm_hw_init+0x18/0x60 [amdgpu] [<ffff800002b16738>] amdgpu_device_init+0x1938/0x27e0 [amdgpu] [<ffff800002b18e80>] amdgpu_driver_load_kms+0x20/0xa0 [amdgpu] [<ffff800002b0c8f0>] amdgpu_pci_probe+0x1b0/0x580 [amdgpu] [<900000000448eae4>] local_pci_probe+0x44/0xc0 [<9000000003b02b18>] work_for_cpu_fn+0x18/0x40 [<9000000003b05da0>] process_one_work+0x160/0x300 [<9000000003b06718>] worker_thread+0x318/0x440 [<9000000003b11b8c>] kthread+0x12c/0x220 [<9000000003ac1484>] ret_from_kernel_thread+0x8/0xa4 So protect dml2_create()/dml2_copy()/dml2_create_copy() with DC_FP_START and DC_FP_END. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index 1b2cce127981..6e2cac08002d 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -210,17 +210,23 @@ struct dc_state *dc_state_create(struct dc *dc, struct dc_state_create_params *p #ifdef CONFIG_DRM_AMD_DC_FP if (dc->debug.using_dml2) { + DC_FP_START(); + dml2_opt->use_clock_dc_limits = false; if (!dml2_create(dc, dml2_opt, &state->bw_ctx.dml2)) { + DC_FP_END(); dc_state_release(state); return NULL; } dml2_opt->use_clock_dc_limits = true; if (!dml2_create(dc, dml2_opt, &state->bw_ctx.dml2_dc_power_source)) { + DC_FP_END(); dc_state_release(state); return NULL; } + + DC_FP_END(); } #endif @@ -240,6 +246,8 @@ void dc_state_copy(struct dc_state *dst_state, struct dc_state *src_state) dc_state_copy_internal(dst_state, src_state); #ifdef CONFIG_DRM_AMD_DC_FP + DC_FP_START(); + dst_state->bw_ctx.dml2 = dst_dml2; if (src_state->bw_ctx.dml2) dml2_copy(dst_state->bw_ctx.dml2, src_state->bw_ctx.dml2); @@ -247,6 +255,8 @@ void dc_state_copy(struct dc_state *dst_state, struct dc_state *src_state) dst_state->bw_ctx.dml2_dc_power_source = dst_dml2_dc_power_source; if (src_state->bw_ctx.dml2_dc_power_source) dml2_copy(dst_state->bw_ctx.dml2_dc_power_source, src_state->bw_ctx.dml2_dc_power_source); + + DC_FP_END(); #endif /* context refcount should not be overridden */ @@ -268,17 +278,23 @@ struct dc_state *dc_state_create_copy(struct dc_state *src_state) new_state->bw_ctx.dml2 = NULL; new_state->bw_ctx.dml2_dc_power_source = NULL; + DC_FP_START(); + if (src_state->bw_ctx.dml2 && !dml2_create_copy(&new_state->bw_ctx.dml2, src_state->bw_ctx.dml2)) { + DC_FP_END(); dc_state_release(new_state); return NULL; } if (src_state->bw_ctx.dml2_dc_power_source && !dml2_create_copy(&new_state->bw_ctx.dml2_dc_power_source, src_state->bw_ctx.dml2_dc_power_source)) { + DC_FP_END(); dc_state_release(new_state); return NULL; } + + DC_FP_END(); #endif kref_init(&new_state->refcount); -- 2.47.1

1 month, 1 week

2
1
0 0

[PATCH net, v2] net: mana: Support holes in device list reply msg

by Haiyang Zhang

According to GDMA protocol, holes (zeros) are allowed at the beginning or middle of the gdma_list_devices_resp message. The existing code cannot properly handle this, and may miss some devices in the list. To fix, scan the entire list until the num_of_devs are found, or until the end of the list. Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Long Li <longli(a)microsoft.com> Reviewed-by: Shradha Gupta <shradhagupta(a)microsoft.com> --- v2: Fix alignment, extra dmesg. --- drivers/net/ethernet/microsoft/mana/gdma_main.c | 14 ++++++++++---- include/net/mana/gdma.h | 11 +++++++---- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index c15a5ef4674e..af63d844b3bc 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -134,9 +134,10 @@ static int mana_gd_detect_devices(struct pci_dev *pdev) struct gdma_list_devices_resp resp = {}; struct gdma_general_req req = {}; struct gdma_dev_id dev; - u32 i, max_num_devs; + int found_dev = 0; u16 dev_type; int err; + u32 i; mana_gd_init_req_hdr(&req.hdr, GDMA_LIST_DEVICES, sizeof(req), sizeof(resp)); @@ -148,12 +149,17 @@ static int mana_gd_detect_devices(struct pci_dev *pdev) return err ? err : -EPROTO; } - max_num_devs = min_t(u32, MAX_NUM_GDMA_DEVICES, resp.num_of_devs); - - for (i = 0; i < max_num_devs; i++) { + for (i = 0; i < GDMA_DEV_LIST_SIZE && + found_dev < resp.num_of_devs; i++) { dev = resp.devs[i]; dev_type = dev.type; + /* Skip empty devices */ + if (dev.as_uint32 == 0) + continue; + + found_dev++; + /* HWC is already detected in mana_hwc_create_channel(). */ if (dev_type == GDMA_DEVICE_HWC) continue; diff --git a/include/net/mana/gdma.h b/include/net/mana/gdma.h index 90f56656b572..62e9d7673862 100644 --- a/include/net/mana/gdma.h +++ b/include/net/mana/gdma.h @@ -408,8 +408,6 @@ struct gdma_context { struct gdma_dev mana_ib; }; -#define MAX_NUM_GDMA_DEVICES 4 - static inline bool mana_gd_is_mana(struct gdma_dev *gd) { return gd->dev_id.type == GDMA_DEVICE_MANA; @@ -556,11 +554,15 @@ enum { #define GDMA_DRV_CAP_FLAG_1_HWC_TIMEOUT_RECONFIG BIT(3) #define GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT BIT(5) +/* Driver can handle holes (zeros) in the device list */ +#define GDMA_DRV_CAP_FLAG_1_DEV_LIST_HOLES_SUP BIT(11) + #define GDMA_DRV_CAP_FLAGS1 \ (GDMA_DRV_CAP_FLAG_1_EQ_SHARING_MULTI_VPORT | \ GDMA_DRV_CAP_FLAG_1_NAPI_WKDONE_FIX | \ GDMA_DRV_CAP_FLAG_1_HWC_TIMEOUT_RECONFIG | \ - GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT) + GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT | \ + GDMA_DRV_CAP_FLAG_1_DEV_LIST_HOLES_SUP) #define GDMA_DRV_CAP_FLAGS2 0 @@ -621,11 +623,12 @@ struct gdma_query_max_resources_resp { }; /* HW DATA */ /* GDMA_LIST_DEVICES */ +#define GDMA_DEV_LIST_SIZE 64 struct gdma_list_devices_resp { struct gdma_resp_hdr hdr; u32 num_of_devs; u32 reserved; - struct gdma_dev_id devs[64]; + struct gdma_dev_id devs[GDMA_DEV_LIST_SIZE]; }; /* HW DATA */ /* GDMA_REGISTER_DEVICE */ -- 2.34.1

1 month, 1 week

3
2
0 0

[Patch v2 1/3] mm/memblock: pass size instead of end to memblock_set_node()

by Wei Yang

The second parameter of memblock_set_node() is size instead of end. Since it iterates from lower address to higher address, finally the node id is correct. But during the process, some of them are wrong. Pass size instead of end. Fixes: 61167ad5fecd ("mm: pass nid to reserve_bootmem_region()") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Mike Rapoport <rppt(a)kernel.org> CC: Yajun Deng <yajun.deng(a)linux.dev> CC: <stable(a)vger.kernel.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memblock.c b/mm/memblock.c index 64ae678cd1d1..85442f1b7f14 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -2192,7 +2192,7 @@ static void __init memmap_init_reserved_pages(void) if (memblock_is_nomap(region)) reserve_bootmem_region(start, end, nid); - memblock_set_node(start, end, &memblock.reserved, nid); + memblock_set_node(start, region->size, &memblock.reserved, nid); } /* -- 2.34.1

1 month, 1 week

2
1
0 0

[PATCH] net: fix uninitialised access in mii_nway_restart() and cleanup error handling

by Qasim Ijaz

In mii_nway_restart() during the line: bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); The code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer, which is initialised with control_read(): unsigned char buff[2]; However buff is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then buff remains uninitialised. Once this happens the uninitialised buff is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of buff. To fix this we should check the return value of control_read() and return early on error. Furthermore the get_mac_address() function has a similar problem where it does not directly check the return value of each control_read(), instead it sums up the return values and checks them all at the end which means if any call to control_read() fails the function just continues on. Handle this by validating the return value of each call and fail fast and early instead of continuing. Lastly ch9200_bind() ignores the return values of multiple control_write() calls. Validate each control_write() call to ensure it succeeds before continuing with the next call. Reported-by: syzbot <syzbot+3361c2d6f78a3e0892f9(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=3361c2d6f78a3e0892f9 Tested-by: syzbot <syzbot+3361c2d6f78a3e0892f9(a)syzkaller.appspotmail.com> Fixes: 4a476bd6d1d9 ("usbnet: New driver for QinHeng CH9200 devices") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/net/mii.c | 2 ++ drivers/net/usb/ch9200.c | 55 +++++++++++++++++++++++++++------------- 2 files changed, 40 insertions(+), 17 deletions(-) diff --git a/drivers/net/mii.c b/drivers/net/mii.c index 37bc3131d31a..e305bf0f1d04 100644 --- a/drivers/net/mii.c +++ b/drivers/net/mii.c @@ -464,6 +464,8 @@ int mii_nway_restart (struct mii_if_info *mii) /* if autoneg is off, it's an error */ bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); + if (bmcr < 0) + return bmcr; if (bmcr & BMCR_ANENABLE) { bmcr |= BMCR_ANRESTART; diff --git a/drivers/net/usb/ch9200.c b/drivers/net/usb/ch9200.c index f69d9b902da0..e938501a1fc8 100644 --- a/drivers/net/usb/ch9200.c +++ b/drivers/net/usb/ch9200.c @@ -178,6 +178,7 @@ static int ch9200_mdio_read(struct net_device *netdev, int phy_id, int loc) { struct usbnet *dev = netdev_priv(netdev); unsigned char buff[2]; + int ret; netdev_dbg(netdev, "%s phy_id:%02x loc:%02x\n", __func__, phy_id, loc); @@ -185,8 +186,10 @@ static int ch9200_mdio_read(struct net_device *netdev, int phy_id, int loc) if (phy_id != 0) return -ENODEV; - control_read(dev, REQUEST_READ, 0, loc * 2, buff, 0x02, - CONTROL_TIMEOUT_MS); + ret = control_read(dev, REQUEST_READ, 0, loc * 2, buff, 0x02, + CONTROL_TIMEOUT_MS); + if (ret != 2) + return ret; return (buff[0] | buff[1] << 8); } @@ -303,24 +306,27 @@ static int ch9200_rx_fixup(struct usbnet *dev, struct sk_buff *skb) static int get_mac_address(struct usbnet *dev, unsigned char *data) { - int err = 0; unsigned char mac_addr[0x06]; - int rd_mac_len = 0; + int rd_mac_len; netdev_dbg(dev->net, "%s:\n\tusbnet VID:%0x PID:%0x\n", __func__, le16_to_cpu(dev->udev->descriptor.idVendor), le16_to_cpu(dev->udev->descriptor.idProduct)); - memset(mac_addr, 0, sizeof(mac_addr)); - rd_mac_len = control_read(dev, REQUEST_READ, 0, - MAC_REG_STATION_L, mac_addr, 0x02, - CONTROL_TIMEOUT_MS); - rd_mac_len += control_read(dev, REQUEST_READ, 0, MAC_REG_STATION_M, - mac_addr + 2, 0x02, CONTROL_TIMEOUT_MS); - rd_mac_len += control_read(dev, REQUEST_READ, 0, MAC_REG_STATION_H, - mac_addr + 4, 0x02, CONTROL_TIMEOUT_MS); - if (rd_mac_len != ETH_ALEN) - err = -EINVAL; + rd_mac_len = control_read(dev, REQUEST_READ, 0, MAC_REG_STATION_L, + mac_addr, 0x02, CONTROL_TIMEOUT_MS); + if (rd_mac_len != 2) + return rd_mac_len; + + rd_mac_len = control_read(dev, REQUEST_READ, 0, MAC_REG_STATION_M, + mac_addr + 2, 0x02, CONTROL_TIMEOUT_MS); + if (rd_mac_len != 2) + return rd_mac_len; + + rd_mac_len = control_read(dev, REQUEST_READ, 0, MAC_REG_STATION_H, + mac_addr + 4, 0x02, CONTROL_TIMEOUT_MS); + if (rd_mac_len != 2) + return rd_mac_len; data[0] = mac_addr[5]; data[1] = mac_addr[4]; @@ -329,12 +335,12 @@ static int get_mac_address(struct usbnet *dev, unsigned char *data) data[4] = mac_addr[1]; data[5] = mac_addr[0]; - return err; + return 0; } static int ch9200_bind(struct usbnet *dev, struct usb_interface *intf) { - int retval = 0; + int retval; unsigned char data[2]; u8 addr[ETH_ALEN]; @@ -357,37 +363,52 @@ static int ch9200_bind(struct usbnet *dev, struct usb_interface *intf) data[1] = 0x0F; retval = control_write(dev, REQUEST_WRITE, 0, MAC_REG_THRESHOLD, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; data[0] = 0xA0; data[1] = 0x90; retval = control_write(dev, REQUEST_WRITE, 0, MAC_REG_FIFO_DEPTH, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; data[0] = 0x30; data[1] = 0x00; retval = control_write(dev, REQUEST_WRITE, 0, MAC_REG_PAUSE, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; data[0] = 0x17; data[1] = 0xD8; retval = control_write(dev, REQUEST_WRITE, 0, MAC_REG_FLOW_CONTROL, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; /* Undocumented register */ data[0] = 0x01; data[1] = 0x00; retval = control_write(dev, REQUEST_WRITE, 0, 254, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; data[0] = 0x5F; data[1] = 0x0D; retval = control_write(dev, REQUEST_WRITE, 0, MAC_REG_CTRL, data, 0x02, CONTROL_TIMEOUT_MS); + if (retval) + return retval; retval = get_mac_address(dev, addr); + if (retval) + return retval; + eth_hw_addr_set(dev->net, addr); - return retval; + return 0; } static const struct driver_info ch9200_info = { -- 2.39.5

1 month, 1 week

3
2
0 0

[PATCH] remoteproc: Add device awake calls in rproc boot and shutdown path

by Souradeep Chowdhury

Add device awake calls in case of rproc boot and rproc shutdown path. Currently, device awake call is only present in the recovery path of remoteproc. If a user stops and starts rproc by using the sysfs interface, then on pm suspension the firmware loading fails. Keep the device awake in such a case just like it is done for the recovery path. Fixes: a781e5aa59110 ("remoteproc: core: Prevent system suspend during remoteproc recovery") Signed-off-by: Souradeep Chowdhury <quic_schowdhu(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/remoteproc/remoteproc_core.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index c2cf0d277729..5d6c4e694b4c 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1917,6 +1917,7 @@ int rproc_boot(struct rproc *rproc) return -EINVAL; } + pm_stay_awake(rproc->dev.parent); dev = &rproc->dev; ret = mutex_lock_interruptible(&rproc->lock); @@ -1961,6 +1962,7 @@ int rproc_boot(struct rproc *rproc) atomic_dec(&rproc->power); unlock_mutex: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_boot); @@ -1991,6 +1993,7 @@ int rproc_shutdown(struct rproc *rproc) struct device *dev = &rproc->dev; int ret = 0; + pm_stay_awake(rproc->dev.parent); ret = mutex_lock_interruptible(&rproc->lock); if (ret) { dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); @@ -2027,6 +2030,7 @@ int rproc_shutdown(struct rproc *rproc) rproc->table_ptr = NULL; out: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_shutdown); -- 2.34.1

1 month, 1 week

1
0
0 0

[PATCH] fsi/core: fix error handling in fsi_slave_init()

by Ma Ke

Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index e2e1e9df6115..1373e05e3659 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.25.1

1 month, 1 week

1
0
0 0

[PATCH] KVM: arm64: Tear down vGIC on failed vCPU creation

by Will Deacon

If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error. Cc: <stable(a)vger.kernel.org> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Oliver Upton <oliver.upton(a)linux.dev> Cc: Quentin Perret <qperret(a)google.com> Signed-off-by: Will Deacon <will(a)kernel.org> --- It's hard to come up with a "Fixes:" tag for this. Prior to 3f868e142c0b ("KVM: arm64: Introduce kvm_share_hyp()"), create_hyp_mappings() could still have failed, although if you go back before 66c57edd3bc7 ("KVM: arm64: Restrict EL2 stage-1 changes in protected mode") then it's vanishingly unlikely. arch/arm64/kvm/arm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b8e55a441282..fa71cee02faa 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -466,7 +466,11 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) if (err) return err; - return kvm_share_hyp(vcpu, vcpu + 1); + err = kvm_share_hyp(vcpu, vcpu + 1); + if (err) + kvm_vgic_vcpu_destroy(vcpu); + + return err; } void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu) -- 2.49.0.rc1.451.g8f38331e32-goog

1 month, 1 week

3
2
0 0

[PATCH v2 1/2] PCI: Forcefully set the PCI_REASSIGN_ALL_BUS flag for Marvell CN96XX/CN10XXX boards

by Bo Sun

On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 CPU: 22 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc6 #20 Hardware name: Marvell OcteonTX CN96XX board (DT) pc : of_pci_add_properties+0x278/0x4c8 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x228 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x130/0x1b0 platform_probe+0x70/0xf0 The dmesg logs indicated that the PCI bridge was scanning with an invalid bus range: pci-host-generic 878020000000.pci: PCI host bridge to bus 0002:00 pci_bus 0002:00: root bus resource [bus 00-ff] pci 0002:00:00.0: scanning [bus f9-f9] behind bridge, pass 0 pci 0002:00:01.0: scanning [bus fa-fa] behind bridge, pass 0 pci 0002:00:02.0: scanning [bus fb-fb] behind bridge, pass 0 pci 0002:00:03.0: scanning [bus fc-fc] behind bridge, pass 0 pci 0002:00:04.0: scanning [bus fd-fd] behind bridge, pass 0 pci 0002:00:05.0: scanning [bus fe-fe] behind bridge, pass 0 pci 0002:00:06.0: scanning [bus ff-ff] behind bridge, pass 0 pci 0002:00:07.0: scanning [bus 00-00] behind bridge, pass 0 pci 0002:00:07.0: bridge configuration invalid ([bus 00-00]), reconfiguring pci 0002:00:08.0: scanning [bus 01-01] behind bridge, pass 0 pci 0002:00:09.0: scanning [bus 02-02] behind bridge, pass 0 pci 0002:00:0a.0: scanning [bus 03-03] behind bridge, pass 0 pci 0002:00:0b.0: scanning [bus 04-04] behind bridge, pass 0 pci 0002:00:0c.0: scanning [bus 05-05] behind bridge, pass 0 pci 0002:00:0d.0: scanning [bus 06-06] behind bridge, pass 0 pci 0002:00:0e.0: scanning [bus 07-07] behind bridge, pass 0 pci 0002:00:0f.0: scanning [bus 08-08] behind bridge, pass 0 This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 0002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was not enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 0002:00:07.0 bridge. The kernel attempt to reconfigure 0002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 0002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to set the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is not enabled in order to work around issue like the one described above. Cc: stable(a)vger.kernel.org Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- Changes in v2: - Added explicit comment about the quirk, as requested by Mani. - Made commit message more clear, as requested by Bjorn. drivers/pci/quirks.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 82b21e34c545..cec58c7479e1 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -6181,6 +6181,23 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1536, rom_bar_overlap_defect); DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1537, rom_bar_overlap_defect); DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1538, rom_bar_overlap_defect); +/* + * Quirk for Marvell CN96XX/CN10XXX boards: + * + * Adds PCI_REASSIGN_ALL_BUS unless PCI_PROBE_ONLY is set, forcing bus number + * reassignment to avoid conflicts caused by bootloader misconfigured PCI bridges. + * + * This resolves a regression introduced by commit 7246a4520b4b ("PCI: Use + * preserve_config in place of pci_flags"), which removed this behavior. + */ +static void quirk_marvell_cn96xx_cn10xxx_reassign_all_busnr(struct pci_dev *dev) +{ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); +} +DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_CAVIUM, 0xa002, + quirk_marvell_cn96xx_cn10xxx_reassign_all_busnr); + #ifdef CONFIG_PCIEASPM /* * Several Intel DG2 graphics devices advertise that they can only tolerate -- 2.48.1

1 month, 1 week

2
1
0 0

[merged mm-stable] mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hwpoison: do not send SIGBUS to processes with recovered clean pages has been removed from the -mm tree. Its filename was mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Date: Wed, 12 Mar 2025 19:28:51 +0800 When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. - Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. - Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). - Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. If the CMCI wins that race, the page is marked poisoned when uc_decode_notifier() calls memory_failure(). For dirty pages, memory_failure() invokes try_to_unmap() with the TTU_HWPOISON flag, converting the PTE to a hwpoison entry. As a result, kill_accessing_process(): - call walk_page_range() and return 1 regardless of whether try_to_unmap() succeeds or fails, - call kill_proc() to make sure a SIGBUS is sent - return -EHWPOISON to indicate that SIGBUS is already sent to the process and kill_me_maybe() doesn't have to send it again. However, for clean pages, the TTU_HWPOISON flag is cleared, leaving the PTE unchanged and not converted to a hwpoison entry. Conversely, for clean pages where PTE entries are not marked as hwpoison, kill_accessing_process() returns -EFAULT, causing kill_me_maybe() to send a SIGBUS. Console log looks like this: Memory failure: 0x827ca68: corrupted page was clean: dropped without side effects Memory failure: 0x827ca68: recovery action for clean LRU page: Recovered Memory failure: 0x827ca68: already hardware poisoned mce: Memory error not recovered To fix it, return 0 for "corrupted page was clean", preventing an unnecessary SIGBUS to user process. [1] https://lore.kernel.org/lkml/20250217063335.22257-1-xueshuai@linux.alibaba.… Link: https://lkml.kernel.org/r/20250312112852.82415-3-xueshuai@linux.alibaba.com Fixes: 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Tested-by: Tony Luck <tony.luck(a)intel.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages +++ a/mm/memory-failure.c @@ -881,12 +881,17 @@ static int kill_accessing_process(struct mmap_read_lock(p->mm); ret = walk_page_range(p->mm, 0, TASK_SIZE, &hwpoison_walk_ops, (void *)&priv); + /* + * ret = 1 when CMCI wins, regardless of whether try_to_unmap() + * succeeds or fails, then kill the process with SIGBUS. + * ret = 0 when poison page is a clean page and it's dropped, no + * SIGBUS is needed. + */ if (ret == 1 && priv.tk.addr) kill_proc(&priv.tk, pfn, flags); - else - ret = 0; mmap_read_unlock(p->mm); - return ret > 0 ? -EHWPOISON : -EFAULT; + + return ret > 0 ? -EHWPOISON : 0; } /* _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are

1 month, 1 week

1
0
0 0

[merged mm-stable] x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: x86/mce: use is_copy_from_user() to determine copy-from-user context has been removed from the -mm tree. Its filename was x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: x86/mce: use is_copy_from_user() to determine copy-from-user context Date: Wed, 12 Mar 2025 19:28:50 +0800 Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison found while instruction fetching in user space ## 2. What is the expected outcome and why - For copyin case: Kernel can recover from poison found where kernel is doing get_user() or copy_from_user() if those places get an error return and the kernel return -EFAULT to the process instead of crashing. More specifily, MCE handler checks the fixup handler type to decide whether an in kernel #MC can be recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space. - For instr case: If a poison found while instruction fetching in user space, full recovery is possible. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. What actually happens and why - For copyin case: kernel panic since v5.17 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS handling when posion found in get_user() or copy_from_user(). - For instr case: user process is killed by a SIGBUS signal due to #CMCI and #MCE race When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. ### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. ### Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). ## Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. # 4. The fix, in my opinion, should be: - For copyin case: The key point is whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check() will try fixup_exception() first. - For instr case: let kill_accessing_process() return 0 to prevent a SIGBUS. - For patch 3: The return value of memory_failure() is quite important while discussed instr case regression with Tony and Miaohe for patch 2, so add comment about the return value. This patch (of 3): Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a ("x86/futex: Remove .fixup usage") updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no longer functions as an in-kernel recovery context. Consequently, the error context for copy-from-user operations no longer functions as an in-kernel recovery context, resulting in kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To address this, it is crucial to identify if an error context involves a read operation from user memory. The function is_copy_from_user() can be utilized to determine: - the current operation is copy - when reading user memory When these conditions are met, is_copy_from_user() will return true, confirming that it is indeed a direct copy from user memory. This check is essential for correctly handling the context of errors in these operations without relying on the extable fixup types that previously allowed for in-kernel recovery. So, use is_copy_from_user() to determine if a context is copy user directly. Link: https://lkml.kernel.org/r/20250312112852.82415-1-xueshuai@linux.alibaba.com Link: https://lkml.kernel.org/r/20250312112852.82415-2-xueshuai@linux.alibaba.com Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/kernel/cpu/mce/severity.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) --- a/arch/x86/kernel/cpu/mce/severity.c~x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context +++ a/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV; _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are

1 month, 1 week

1
0
0 0

[merged mm-stable] mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock has been removed from the -mm tree. Its filename was mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Subject: mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Date: Wed, 12 Mar 2025 10:10:13 -0400 The PGDAT_RECLAIM_LOCKED bit is used to provide mutual exclusion of node reclaim for struct pglist_data using a single bit. It is "locked" with a test_and_set_bit (similarly to a try lock) which provides full ordering with respect to loads and stores done within __node_reclaim(). It is "unlocked" with clear_bit(), which does not provide any ordering with respect to loads and stores done before clearing the bit. The lack of clear_bit() memory ordering with respect to stores within __node_reclaim() can cause a subsequent CPU to fail to observe stores from a prior node reclaim. This is not an issue in practice on TSO (e.g. x86), but it is an issue on weakly-ordered architectures (e.g. arm64). Fix this by using clear_bit_unlock rather than clear_bit to clear PGDAT_RECLAIM_LOCKED with a release memory ordering semantic. This provides stronger memory ordering (release rather than relaxed). Link: https://lkml.kernel.org/r/20250312141014.129725-1-mathieu.desnoyers@efficio… Fixes: d773ed6b856a ("mm: test and set zone reclaim lock before starting reclaim") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Andrea Parri <parri.andrea(a)gmail.com> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Jade Alglave <j.alglave(a)ucl.ac.uk> Cc: Luc Maranget <luc.maranget(a)inria.fr> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmscan.c~mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock +++ a/mm/vmscan.c @@ -7581,7 +7581,7 @@ int node_reclaim(struct pglist_data *pgd return NODE_RECLAIM_NOSCAN; ret = __node_reclaim(pgdat, gfp_mask, order); - clear_bit(PGDAT_RECLAIM_LOCKED, &pgdat->flags); + clear_bit_unlock(PGDAT_RECLAIM_LOCKED, &pgdat->flags); if (ret) count_vm_event(PGSCAN_ZONE_RECLAIM_SUCCESS); _ Patches currently in -mm which might be from mathieu.desnoyers(a)efficios.com are

1 month, 1 week

1
0
0 0

[merged mm-stable] mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 has been removed from the -mm tree. Its filename was mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 Date: Mon, 10 Mar 2025 20:50:34 +0000 Patch series "refactor mremap and fix bug", v3. The existing mremap() logic has grown organically over a very long period of time, resulting in code that is in many parts, very difficult to follow and full of subtleties and sources of confusion. In addition, it is difficult to thread state through the operation correctly, as function arguments have expanded, some parameters are expected to be temporarily altered during the operation, others are intended to remain static and some can be overridden. This series completely refactors the mremap implementation, sensibly separating functions, adding comments to explain the more subtle aspects of the implementation and making use of small structs to thread state through everything. The reason for doing so is to lay the groundwork for planned future changes to the mremap logic, changes which require the ability to easily pass around state. Additionally, it would be unhelpful to add yet more logic to code that is already difficult to follow without first refactoring it like this. The first patch in this series additionally fixes a bug when a VMA with start address zero is partially remapped. Tested on real hardware under heavy workload and all self tests are passing. This patch (of 3): Consider the case of a partial mremap() (that results in a VMA split) of an accountable VMA (i.e. which has the VM_ACCOUNT flag set) whose start address is zero, with the MREMAP_MAYMOVE flag specified and a scenario where a move does in fact occur: addr end | | v v |-------------| | vma | |-------------| 0 This move is affected by unmapping the range [addr, end). In order to prevent an incorrect decrement of accounted memory which has already been determined, the mremap() code in move_vma() clears VM_ACCOUNT from the VMA prior to doing so, before reestablishing it in each of the VMAs post-split: addr end | | v v |---| |---| | A | | B | |---| |---| Commit 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") changed this logic such as to determine whether there is a need to do so by establishing account_start and account_end and, in the instance where such an operation is required, assigning them to vma->vm_start and vma->vm_end. Later the code checks if the operation is required for 'A' referenced above thusly: if (account_start) { ... } However, if the VMA described above has vma->vm_start == 0, which is now assigned to account_start, this branch will not be executed. As a result, the VMA 'A' above will remain stripped of its VM_ACCOUNT flag, incorrectly. The fix is to simply convert these variables to booleans and set them as required. Link: https://lkml.kernel.org/r/cover.1741639347.git.lorenzo.stoakes@oracle.com Link: https://lkml.kernel.org/r/dc55cb6db25d97c3d9e460de4986a323fa959676.17416393… Fixes: 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/mm/mremap.c~mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0 +++ a/mm/mremap.c @@ -705,8 +705,8 @@ static unsigned long move_vma(struct vm_ unsigned long vm_flags = vma->vm_flags; unsigned long new_pgoff; unsigned long moved_len; - unsigned long account_start = 0; - unsigned long account_end = 0; + bool account_start = false; + bool account_end = false; unsigned long hiwater_vm; int err = 0; bool need_rmap_locks; @@ -790,9 +790,9 @@ static unsigned long move_vma(struct vm_ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) { vm_flags_clear(vma, VM_ACCOUNT); if (vma->vm_start < old_addr) - account_start = vma->vm_start; + account_start = true; if (vma->vm_end > old_addr + old_len) - account_end = vma->vm_end; + account_end = true; } /* @@ -832,7 +832,7 @@ static unsigned long move_vma(struct vm_ /* OOM: unable to split vma, just get accounts right */ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) vm_acct_memory(old_len >> PAGE_SHIFT); - account_start = account_end = 0; + account_start = account_end = false; } if (vm_flags & VM_LOCKED) { _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are

1 month, 1 week

1
0
0 0

[PATCH RESEND] agp: Fix a potential memory leak bug in agp_amdk7_probe()

by Haoxiang Li

Variable "bridge" is allocated by agp_alloc_bridge() and have to be released by agp_put_bridge() if something goes wrong. In this patch, add the missing call of agp_put_bridge() in agp_amdk7_probe() to prevent potential memory leak bug. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/char/agp/amd-k7-agp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/agp/amd-k7-agp.c b/drivers/char/agp/amd-k7-agp.c index 795c8c9ff680..40e1fc462dca 100644 --- a/drivers/char/agp/amd-k7-agp.c +++ b/drivers/char/agp/amd-k7-agp.c @@ -441,6 +441,7 @@ static int agp_amdk7_probe(struct pci_dev *pdev, gfxcard = pci_get_class(PCI_CLASS_DISPLAY_VGA<<8, gfxcard); if (!gfxcard) { dev_info(&pdev->dev, "no AGP VGA controller\n"); + agp_put_bridge(bridge); return -ENODEV; } cap_ptr = pci_find_capability(gfxcard, PCI_CAP_ID_AGP); -- 2.25.1

1 month, 1 week

1
0
0 0

[PATCH RESEND] pcmcia: fix a potential null pointer dereference in __iodyn_find_io_region()

by Haoxiang Li

Add check for the return value of pcmcia_make_resource() to prevent null pointer dereference. Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/pcmcia/rsrc_iodyn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pcmcia/rsrc_iodyn.c b/drivers/pcmcia/rsrc_iodyn.c index b04b16496b0c..2677b577c1f8 100644 --- a/drivers/pcmcia/rsrc_iodyn.c +++ b/drivers/pcmcia/rsrc_iodyn.c @@ -62,6 +62,9 @@ static struct resource *__iodyn_find_io_region(struct pcmcia_socket *s, unsigned long min = base; int ret; + if (!res) + return NULL; + data.mask = align - 1; data.offset = base & data.mask; -- 2.25.1

1 month, 1 week

1
0
0 0

[PATCH 2/3] mm/memblock: repeat setting reserved region nid if array is doubled

by Wei Yang

Commit 61167ad5fecd ("mm: pass nid to reserve_bootmem_region()") introduce a way to set nid to all reserved region. But there is a corner case it will leave some region with invalid nid. When memblock_set_node() doubles the array of memblock.reserved, it may lead to a new reserved region before current position. The new region will be left with an invalid node id. Repeat the process when detecting it. Fixes: 61167ad5fecd ("mm: pass nid to reserve_bootmem_region()") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Mike Rapoport <rppt(a)kernel.org> CC: Yajun Deng <yajun.deng(a)linux.dev> CC: <stable(a)vger.kernel.org> --- mm/memblock.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/mm/memblock.c b/mm/memblock.c index 85442f1b7f14..302dd7bc622d 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -2184,7 +2184,10 @@ static void __init memmap_init_reserved_pages(void) * set nid on all reserved pages and also treat struct * pages for the NOMAP regions as PageReserved */ +repeat: for_each_mem_region(region) { + unsigned long max = memblock.reserved.max; + nid = memblock_get_region_node(region); start = region->base; end = start + region->size; @@ -2193,6 +2196,15 @@ static void __init memmap_init_reserved_pages(void) reserve_bootmem_region(start, end, nid); memblock_set_node(start, region->size, &memblock.reserved, nid); + + /* + * 'max' is changed means memblock.reserved has been doubled + * its array, which may result a new reserved region before + * current 'start'. Now we should repeat the procedure to set + * its node id. + */ + if (max != memblock.reserved.max) + goto repeat; } /* -- 2.34.1

1 month, 1 week

2
4
0 0

[PATCH] MAINTAINERS: update Alexey Makhalov's email address

by Alexey Makhalov

Fix a typo in an email address. Cc: stable(a)vger.kernel.org Reported-by: Konstantin Ryabitsev <konstantin(a)linuxfoundation.org> Closes: https://lore.kernel.org/all/20240925-rational-succinct-vulture-cca9fb@lemur… Signed-off-by: Alexey Makhalov <alexey.makhalov(a)broadcom.com> --- MAINTAINERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index c9763412a508..c2eb78c1ab75 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17945,7 +17945,7 @@ F: include/uapi/linux/ppdev.h PARAVIRT_OPS INTERFACE M: Juergen Gross <jgross(a)suse.com> R: Ajay Kaher <ajay.kaher(a)broadcom.com> -R: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +R: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: virtualization(a)lists.linux.dev L: x86(a)kernel.org @@ -25341,7 +25341,7 @@ F: drivers/misc/vmw_balloon.c VMWARE HYPERVISOR INTERFACE M: Ajay Kaher <ajay.kaher(a)broadcom.com> -M: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +M: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: virtualization(a)lists.linux.dev L: x86(a)kernel.org @@ -25369,7 +25369,7 @@ F: drivers/scsi/vmw_pvscsi.h VMWARE VIRTUAL PTP CLOCK DRIVER M: Nick Shi <nick.shi(a)broadcom.com> R: Ajay Kaher <ajay.kaher(a)broadcom.com> -R: Alexey Makhalov <alexey.amakhalov(a)broadcom.com> +R: Alexey Makhalov <alexey.makhalov(a)broadcom.com> R: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> L: netdev(a)vger.kernel.org S: Supported -- 2.39.4

1 month, 1 week

1
0
0 0

[PATCH] m68k: Fix lost column on framebuffer debug console

by Finn Thain

When long lines are sent to the debug console on the framebuffer, the right-most column is lost. Fix this by subtracting 1 from the column count before comparing it with console_struct_cur_column, as the latter counts from zero. Linewrap is handled with a recursive call to console_putc, but this alters the console_struct_cur_row global. Store the old value before calling console_putc, so the right-most character gets rendered on the correct line. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Finn Thain <fthain(a)linux-m68k.org> --- arch/m68k/kernel/head.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/m68k/kernel/head.S b/arch/m68k/kernel/head.S index 852255cf60de..9c60047764d0 100644 --- a/arch/m68k/kernel/head.S +++ b/arch/m68k/kernel/head.S @@ -3583,11 +3583,16 @@ L(console_not_home): movel %a0@(Lconsole_struct_cur_column),%d0 addql #1,%a0@(Lconsole_struct_cur_column) movel %a0@(Lconsole_struct_num_columns),%d1 + subil #1,%d1 cmpl %d1,%d0 jcs 1f - console_putc #'\n' /* recursion is OK! */ + /* recursion will alter console_struct so load d1 register first */ + movel %a0@(Lconsole_struct_cur_row),%d1 + console_putc #'\n' + jmp 2f 1: movel %a0@(Lconsole_struct_cur_row),%d1 +2: /* * At this point we make a shift in register usage -- 2.45.3

1 month, 1 week

1
1
0 0

[PATCH net v2 7/7] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family

by Marek Behún

Implement the workaround for erratum 3.3 RGMII timing may be out of spec when transmit delay is enabled for the 6320 family, which says: When transmit delay is enabled via Port register 1 bit 14 = 1, duty cycle may be out of spec. Under very rare conditions this may cause the attached device receive CRC errors. Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 5.4.x --- drivers/net/dsa/mv88e6xxx/chip.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 88f479dc328c..901929f96b38 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -3674,6 +3674,21 @@ static int mv88e6xxx_stats_setup(struct mv88e6xxx_chip *chip) return mv88e6xxx_g1_stats_clear(chip); } +static int mv88e6320_setup_errata(struct mv88e6xxx_chip *chip) +{ + u16 dummy; + int err; + + /* Workaround for erratum + * 3.3 RGMII timing may be out of spec when transmit delay is enabled + */ + err = mv88e6xxx_port_hidden_write(chip, 0, 0xf, 0x7, 0xe000); + if (err) + return err; + + return mv88e6xxx_port_hidden_read(chip, 0, 0xf, 0x7, &dummy); +} + /* Check if the errata has already been applied. */ static bool mv88e6390_setup_errata_applied(struct mv88e6xxx_chip *chip) { @@ -5130,6 +5145,7 @@ static const struct mv88e6xxx_ops mv88e6290_ops = { static const struct mv88e6xxx_ops mv88e6320_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, @@ -5182,6 +5198,7 @@ static const struct mv88e6xxx_ops mv88e6320_ops = { static const struct mv88e6xxx_ops mv88e6321_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, -- 2.48.1

1 month, 1 week

2
1
0 0

[PATCH net v2 6/7] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family

by Marek Behún

Fix internal PHYs definition for the 6320 family, which has only 2 internal PHYs (on ports 3 and 4). Fixes: bc3931557d1d ("net: dsa: mv88e6xxx: Add number of internal PHYs") Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.6.x --- drivers/net/dsa/mv88e6xxx/chip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 74b8bae226e4..88f479dc328c 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -6242,7 +6242,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, @@ -6269,7 +6270,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, -- 2.48.1

1 month, 1 week

2
1
0 0

[PATCH net v2 1/7] net: dsa: mv88e6xxx: fix VTU methods for 6320 family

by Marek Behún

The VTU registers of the 6320 family use the 6352 semantics, not 6185. Fix it. Fixes: b8fee9571063 ("net: dsa: mv88e6xxx: add VLAN Get Next support") Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 5.15.x --- drivers/net/dsa/mv88e6xxx/chip.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 5db96ca52505..06b17c3b2205 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5169,8 +5169,8 @@ static const struct mv88e6xxx_ops mv88e6320_ops = { .hardware_reset_pre = mv88e6xxx_g2_eeprom_wait, .hardware_reset_post = mv88e6xxx_g2_eeprom_wait, .reset = mv88e6352_g1_reset, - .vtu_getnext = mv88e6185_g1_vtu_getnext, - .vtu_loadpurge = mv88e6185_g1_vtu_loadpurge, + .vtu_getnext = mv88e6352_g1_vtu_getnext, + .vtu_loadpurge = mv88e6352_g1_vtu_loadpurge, .gpio_ops = &mv88e6352_gpio_ops, .avb_ops = &mv88e6352_avb_ops, .ptp_ops = &mv88e6352_ptp_ops, @@ -5217,8 +5217,8 @@ static const struct mv88e6xxx_ops mv88e6321_ops = { .hardware_reset_pre = mv88e6xxx_g2_eeprom_wait, .hardware_reset_post = mv88e6xxx_g2_eeprom_wait, .reset = mv88e6352_g1_reset, - .vtu_getnext = mv88e6185_g1_vtu_getnext, - .vtu_loadpurge = mv88e6185_g1_vtu_loadpurge, + .vtu_getnext = mv88e6352_g1_vtu_getnext, + .vtu_loadpurge = mv88e6352_g1_vtu_loadpurge, .gpio_ops = &mv88e6352_gpio_ops, .avb_ops = &mv88e6352_avb_ops, .ptp_ops = &mv88e6352_ptp_ops, -- 2.48.1

1 month, 1 week

2
1
0 0

[PATCH v5 0/5] KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs

by Akihiko Odaki

Prepare vPMC registers for user-initiated changes after first run. This is important specifically for debugging Windows on QEMU with GDB; QEMU tries to write back all visible registers when resuming the VM execution with GDB, corrupting the PMU state. Windows always uses the PMU so this can cause adverse effects on that particular OS. This series also contains patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}", which reverts semantic changes made for the mentioned registers in the past. It is necessary to migrate the PMU state properly on Firecracker, QEMU, and crosvm. Signed-off-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> --- Changes in v5: - Rebased. - Link to v4: https://lore.kernel.org/r/20250313-pmc-v4-0-2c976827118c@daynix.com Changes in v4: - Reverted changes for functions implementing ioctls in patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Removed kvm_pmu_vcpu_reset(). - Reordered function calls in kvm_vcpu_reload_pmu() for better style. - Link to v3: https://lore.kernel.org/r/20250312-pmc-v3-0-0411cab5dc3d@daynix.com Changes in v3: - Added patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Added an explanation of this path series' motivation to each patch. - Explained why userspace register writes and register reset should be covered in patch "KVM: arm64: PMU: Reload when user modifies registers". - Marked patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" for stable. - Reoreded so that patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" would come first. - Added patch "KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0". - Added patch "KVM: arm64: Reload PMCNTENSET_EL0". - Link to v2: https://lore.kernel.org/r/20250307-pmc-v2-0-6c3375a5f1e4@daynix.com Changes in v2: - Changed to utilize KVM_REQ_RELOAD_PMU as suggested by Oliver Upton. - Added patch "KVM: arm64: PMU: Reload when user modifies registers" to cover more registers. - Added patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}". - Link to v1: https://lore.kernel.org/r/20250302-pmc-v1-1-caff989093dc@daynix.com --- Akihiko Odaki (5): KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} KVM: arm64: PMU: Assume PMU presence in pmu-emul.c KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs KVM: arm64: PMU: Reload when user modifies registers KVM: arm64: PMU: Reload when resetting arch/arm64/kvm/arm.c | 17 ++++++++----- arch/arm64/kvm/emulate-nested.c | 6 +++-- arch/arm64/kvm/pmu-emul.c | 56 +++++++++++------------------------------ arch/arm64/kvm/reset.c | 3 --- arch/arm64/kvm/sys_regs.c | 52 ++++++++++++++++++++++---------------- include/kvm/arm_pmu.h | 4 +-- 6 files changed, 62 insertions(+), 76 deletions(-) --- base-commit: 80e54e84911a923c40d7bee33a34c1b4be148d7a change-id: 20250302-pmc-b90a86af945c Best regards, -- Akihiko Odaki <akihiko.odaki(a)daynix.com>

1 month, 1 week

3
3
0 0

[PATCH 1/4] PCI/hotplug: Disable HPIE over reset

by Ilpo Järvinen

pciehp_reset_slot() disables PDCE (Presence Detect Changed Enable) and DLLSCE (Data Link Layer State Changed Enable) for the duration of reset and clears the related status bits PDC and DLLSC from the Slot Status register after the reset to avoid hotplug incorrectly assuming the card was removed. However, hotplug shares interrupt with PME and BW notifications both of which can make pciehp_isr() to run despite PDCE and DLLSCE bits being off. pciehp_isr() then picks PDC or DLLSC bits from the Slot Status register due to the events that occur during reset and caches them into ->pending_events. Later, the IRQ thread in pciehp_ist() will process the ->pending_events and will assume the Link went Down due to a card change (in pciehp_handle_presence_or_link_change()). Change pciehp_reset_slot() to also clear HPIE (Hot-Plug Interrupt Enable) as pciehp_isr() will first check HPIE to see if the interrupt is not for it. Then synchronize with the IRQ handling to ensure no events are pending, before invoking the reset. Similarly, if the poll mode is in use, park the poll thread over the duration of the reset to stop handling events. In order to not race irq_syncronize()/kthread_{,un}park() with the irq / poll_thread freeing from pciehp_remove(), take reset_lock in pciehp_free_irq() and check the irq / poll_thread variable validity in pciehp_reset_slot(). Fixes: 06a8d89af551 ("PCI: pciehp: Disable link notification across slot reset") Fixes: 720d6a671a6e ("PCI: pciehp: Do not handle events if interrupts are masked") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219765 Suggested-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/pci/hotplug/pciehp_hpc.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c index bb5a8d9f03ad..c487e274b282 100644 --- a/drivers/pci/hotplug/pciehp_hpc.c +++ b/drivers/pci/hotplug/pciehp_hpc.c @@ -77,10 +77,15 @@ static inline int pciehp_request_irq(struct controller *ctrl) static inline void pciehp_free_irq(struct controller *ctrl) { - if (pciehp_poll_mode) + down_read_nested(&ctrl->reset_lock, ctrl->depth); + if (pciehp_poll_mode) { kthread_stop(ctrl->poll_thread); - else + ctrl->poll_thread = NULL; + } else { free_irq(ctrl->pcie->irq, ctrl); + ctrl->pcie->irq = IRQ_NOTCONNECTED; + } + up_read(&ctrl->reset_lock); } static int pcie_poll_cmd(struct controller *ctrl, int timeout) @@ -766,8 +771,9 @@ static int pciehp_poll(void *data) while (!kthread_should_stop()) { /* poll for interrupt events or user requests */ - while (pciehp_isr(IRQ_NOTCONNECTED, ctrl) == IRQ_WAKE_THREAD || - atomic_read(&ctrl->pending_events)) + while (!kthread_should_park() && + (pciehp_isr(IRQ_NOTCONNECTED, ctrl) == IRQ_WAKE_THREAD || + atomic_read(&ctrl->pending_events))) pciehp_ist(IRQ_NOTCONNECTED, ctrl); if (pciehp_poll_time <= 0 || pciehp_poll_time > 60) @@ -907,6 +913,8 @@ int pciehp_reset_slot(struct hotplug_slot *hotplug_slot, bool probe) down_write_nested(&ctrl->reset_lock, ctrl->depth); + if (!pciehp_poll_mode) + ctrl_mask |= PCI_EXP_SLTCTL_HPIE; if (!ATTN_BUTTN(ctrl)) { ctrl_mask |= PCI_EXP_SLTCTL_PDCE; stat_mask |= PCI_EXP_SLTSTA_PDC; @@ -918,9 +926,21 @@ int pciehp_reset_slot(struct hotplug_slot *hotplug_slot, bool probe) ctrl_dbg(ctrl, "%s: SLOTCTRL %x write cmd %x\n", __func__, pci_pcie_cap(ctrl->pcie->port) + PCI_EXP_SLTCTL, 0); + /* Make sure HPIE is no longer seen by the interrupt handler. */ + if (pciehp_poll_mode) { + if (ctrl->poll_thread) + kthread_park(ctrl->poll_thread); + } else { + if (ctrl->pcie->irq != IRQ_NOTCONNECTED) + synchronize_irq(ctrl->pcie->irq); + } + rc = pci_bridge_secondary_bus_reset(ctrl->pcie->port); pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, stat_mask); + if (pciehp_poll_mode && ctrl->poll_thread) + kthread_unpark(ctrl->poll_thread); + pcie_write_cmd_nowait(ctrl, ctrl_mask, ctrl_mask); ctrl_dbg(ctrl, "%s: SLOTCTRL %x write cmd %x\n", __func__, pci_pcie_cap(ctrl->pcie->port) + PCI_EXP_SLTCTL, ctrl_mask); -- 2.39.5

1 month, 1 week

2
2
0 0

Transform your business

by kristina williams

Hi there, Would you like an updated contact list of Real Estate CRM Software users and customers? We can also provide contact lists for users and customers of the following companies: * AppFolio * RealPage * Buildium * CoreLogic * Yardi Voyager * Kissflow CRM * Pipedrive * HubSpot CRM Service and more... Please specify the target technology users and geographical areas of interest, so we can provide relevant information accordingly. Kind regards, Kristina Williams Lead Specialist To unsubscribe from future emails, simply reply with Stop.

1 month, 1 week

1
0
0 0

[PATCH stable 5.15 0/2] openvswitch port output fixes

by Florian Fainelli

This patch series contains some missing openvswitch port output fixes for the stable 5.15 kernel. Felix Huettner (1): net: openvswitch: fix race on port output Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier net/core/dev.c | 1 + net/openvswitch/actions.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) -- 2.34.1

1 month, 1 week

2
3
0 0

[PATCH stable 5.4 0/2] openvswitch port output fixes

by Florian Fainelli

This patch series contains some missing openvswitch port output fixes for the stable 5.4 kernel. Felix Huettner (1): net: openvswitch: fix race on port output Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier net/core/dev.c | 1 + net/openvswitch/actions.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) -- 2.34.1

1 month, 1 week

2
4
0 0

[PATCH stable 5.10 0/2] openvswitch port output fixes

by Florian Fainelli

This patch series contains some missing openvswitch port output fixes for the stable 5.10 kernel. Felix Huettner (1): net: openvswitch: fix race on port output Ilya Maximets (1): openvswitch: fix lockup on tx to unregistering netdev with carrier net/core/dev.c | 1 + net/openvswitch/actions.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) -- 2.34.1

1 month, 1 week

2
3
0 0

[PATCH stable 6.6 v3] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops v2 -> v3: keep original comment --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..8d839ff5548e 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem folios created with memfd_secret() */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

3
2
0 0

[PATCH v2 stable 5.15 1/2] tcp: fix races in tcp_abort()

by Youngmin Nam

From: Eric Dumazet <edumazet(a)google.com> tcp_abort() has the same issue than the one fixed in the prior patch in tcp_write_err(). commit 5ce4645c23cf5f048eb8e9ce49e514bababdee85 upstream. To apply commit bac76cf89816bff06c4ec2f3df97dc34e150a1c4, this patch must be applied first. In order to get consistent results from tcp_poll(), we must call sk_error_report() after tcp_done(). We can use tcp_done_with_error() to centralize this logic. Fixes: c1e64e298b8c ("net: diag: Support destroying TCP sockets.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Acked-by: Neal Cardwell <ncardwell(a)google.com> Link: https://lore.kernel.org/r/20240528125253.1966136-4-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Cc: <stable(a)vger.kernel.org> [youngmin: Resolved minor conflict in net/ipv4/tcp.c] Signed-off-by: Youngmin Nam <youngmin.nam(a)samsung.com> --- net/ipv4/tcp.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 3c85ecab1445..c1e624ca6a25 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4514,13 +4514,9 @@ int tcp_abort(struct sock *sk, int err) bh_lock_sock(sk); if (!sock_flag(sk, SOCK_DEAD)) { - WRITE_ONCE(sk->sk_err, err); - /* This barrier is coupled with smp_rmb() in tcp_poll() */ - smp_wmb(); - sk_error_report(sk); if (tcp_need_reset(sk->sk_state)) tcp_send_active_reset(sk, GFP_ATOMIC); - tcp_done(sk); + tcp_done_with_error(sk, err); } bh_unlock_sock(sk); -- 2.39.2

1 month, 1 week

2
3
0 0

[PATCH stable 5.15 v2] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..34315d09b544 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

2
1
0 0

[PATCH 6.6.y] mm: split critical region in remap_file_pages() and invoke LSMs in between

by jianqi.ren.cn＠windriver.com

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> [ Upstream commit 58a039e679fe72bd0efa8b2abe669a7914bb4429 ] Commit ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") fixed a security issue, it added an LSM check when trying to remap file pages, so that LSMs have the opportunity to evaluate such action like for other memory operations such as mmap() and mprotect(). However, that commit called security_mmap_file() inside the mmap_lock lock, while the other calls do it before taking the lock, after commit 8b3ec6814c83 ("take security_mmap_file() outside of ->mmap_sem"). This caused lock inversion issue with IMA which was taking the mmap_lock and i_mutex lock in the opposite way when the remap_file_pages() system call was called. Solve the issue by splitting the critical region in remap_file_pages() in two regions: the first takes a read lock of mmap_lock, retrieves the VMA and the file descriptor associated, and calculates the 'prot' and 'flags' variables; the second takes a write lock on mmap_lock, checks that the VMA flags and the VMA file descriptor are the same as the ones obtained in the first critical region (otherwise the system call fails), and calls do_mmap(). In between, after releasing the read lock and before taking the write lock, call security_mmap_file(), and solve the lock inversion issue. Link: https://lkml.kernel.org/r/20241018161415.3845146-1-roberto.sassu@huaweiclou… Fixes: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Reported-by: syzbot+1cd571a672400ef3a930(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-security-module/66f7b10e.050a0220.46d20.0036.… Tested-by: Roberto Sassu <roberto.sassu(a)huawei.com> Reviewed-by: Roberto Sassu <roberto.sassu(a)huawei.com> Reviewed-by: Jann Horn <jannh(a)google.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Paul Moore <paul(a)paul-moore.com> Tested-by: syzbot+1cd571a672400ef3a930(a)syzkaller.appspotmail.com Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Dmitry Kasatkin <dmitry.kasatkin(a)gmail.com> Cc: Eric Snowberg <eric.snowberg(a)oracle.com> Cc: James Morris <jmorris(a)namei.org> Cc: Mimi Zohar <zohar(a)linux.ibm.com> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: Shu Han <ebpqwerty472123(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- mm/mmap.c | 69 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index e4dfeaef668a..03a24cb3951d 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2981,6 +2981,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, unsigned long populate = 0; unsigned long ret = -EINVAL; struct file *file; + vm_flags_t vm_flags; pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.\n", current->comm, current->pid); @@ -2997,12 +2998,60 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, if (pgoff + (size >> PAGE_SHIFT) < pgoff) return ret; - if (mmap_write_lock_killable(mm)) + if (mmap_read_lock_killable(mm)) + return -EINTR; + + /* + * Look up VMA under read lock first so we can perform the security + * without holding locks (which can be problematic). We reacquire a + * write lock later and check nothing changed underneath us. + */ + vma = vma_lookup(mm, start); + + if (!vma || !(vma->vm_flags & VM_SHARED)) { + mmap_read_unlock(mm); + return -EINVAL; + } + + prot |= vma->vm_flags & VM_READ ? PROT_READ : 0; + prot |= vma->vm_flags & VM_WRITE ? PROT_WRITE : 0; + prot |= vma->vm_flags & VM_EXEC ? PROT_EXEC : 0; + + flags &= MAP_NONBLOCK; + flags |= MAP_SHARED | MAP_FIXED | MAP_POPULATE; + if (vma->vm_flags & VM_LOCKED) + flags |= MAP_LOCKED; + + /* Save vm_flags used to calculate prot and flags, and recheck later. */ + vm_flags = vma->vm_flags; + file = get_file(vma->vm_file); + + mmap_read_unlock(mm); + + /* Call outside mmap_lock to be consistent with other callers. */ + ret = security_mmap_file(file, prot, flags); + if (ret) { + fput(file); + return ret; + } + + ret = -EINVAL; + + /* OK security check passed, take write lock + let it rip. */ + if (mmap_write_lock_killable(mm)) { + fput(file); return -EINTR; + } vma = vma_lookup(mm, start); - if (!vma || !(vma->vm_flags & VM_SHARED)) + if (!vma) + goto out; + + /* Make sure things didn't change under us. */ + if (vma->vm_flags != vm_flags) + goto out; + if (vma->vm_file != file) goto out; if (start + size > vma->vm_end) { @@ -3030,25 +3079,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, goto out; } - prot |= vma->vm_flags & VM_READ ? PROT_READ : 0; - prot |= vma->vm_flags & VM_WRITE ? PROT_WRITE : 0; - prot |= vma->vm_flags & VM_EXEC ? PROT_EXEC : 0; - - flags &= MAP_NONBLOCK; - flags |= MAP_SHARED | MAP_FIXED | MAP_POPULATE; - if (vma->vm_flags & VM_LOCKED) - flags |= MAP_LOCKED; - - file = get_file(vma->vm_file); - ret = security_mmap_file(vma->vm_file, prot, flags); - if (ret) - goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); -out_fput: - fput(file); out: mmap_write_unlock(mm); + fput(file); if (populate) mm_populate(ret, populate); if (!IS_ERR_VALUE(ret)) -- 2.25.1

1 month, 1 week

2
1
0 0

[PATCH 6.1.y] leds: mlxreg: Use devm_mutex_init() for mutex initialization

by bin.lan.cn＠windriver.com

From: George Stark <gnstark(a)salutedevices.com> [ Upstream commit efc347b9efee1c2b081f5281d33be4559fa50a16 ] In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead. Signed-off-by: George Stark <gnstark(a)salutedevices.com> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240411161032.609544-8-gnstark@salutedevices.com Signed-off-by: Lee Jones <lee(a)kernel.org> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- drivers/leds/leds-mlxreg.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/drivers/leds/leds-mlxreg.c b/drivers/leds/leds-mlxreg.c index b7855c93bd72..31eca8394a26 100644 --- a/drivers/leds/leds-mlxreg.c +++ b/drivers/leds/leds-mlxreg.c @@ -258,6 +258,7 @@ static int mlxreg_led_probe(struct platform_device *pdev) { struct mlxreg_core_platform_data *led_pdata; struct mlxreg_led_priv_data *priv; + int err; led_pdata = dev_get_platdata(&pdev->dev); if (!led_pdata) { @@ -269,28 +270,21 @@ static int mlxreg_led_probe(struct platform_device *pdev) if (!priv) return -ENOMEM; - mutex_init(&priv->access_lock); + err = devm_mutex_init(&pdev->dev, &priv->access_lock); + if (err) + return err; + priv->pdev = pdev; priv->pdata = led_pdata; return mlxreg_led_config(priv); } -static int mlxreg_led_remove(struct platform_device *pdev) -{ - struct mlxreg_led_priv_data *priv = dev_get_drvdata(&pdev->dev); - - mutex_destroy(&priv->access_lock); - - return 0; -} - static struct platform_driver mlxreg_led_driver = { .driver = { .name = "leds-mlxreg", }, .probe = mlxreg_led_probe, - .remove = mlxreg_led_remove, }; module_platform_driver(mlxreg_led_driver); -- 2.34.1

1 month, 1 week

2
1
0 0

[PATCH AUTOSEL 5.4] locking/semaphore: Use wake_q to wake up processes outside lock critical section

by Sasha Levin

From: Waiman Long <longman(a)redhat.com> [ Upstream commit 85b2b9c16d053364e2004883140538e73b333cdb ] A circular lock dependency splat has been seen involving down_trylock(): ====================================================== WARNING: possible circular locking dependency detected 6.12.0-41.el10.s390x+debug ------------------------------------------------------ dd/32479 is trying to acquire lock: 0015a20accd0d4f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x26/0x90 but task is already holding lock: 000000017e461698 (&zone->lock){-.-.}-{2:2}, at: rmqueue_bulk+0xac/0x8f0 the existing dependency chain (in reverse order) is: -> #4 (&zone->lock){-.-.}-{2:2}: -> #3 (hrtimer_bases.lock){-.-.}-{2:2}: -> #2 (&rq->__lock){-.-.}-{2:2}: -> #1 (&p->pi_lock){-.-.}-{2:2}: -> #0 ((console_sem).lock){-.-.}-{2:2}: The console_sem -> pi_lock dependency is due to calling try_to_wake_up() while holding the console_sem raw_spinlock. This dependency can be broken by using wake_q to do the wakeup instead of calling try_to_wake_up() under the console_sem lock. This will also make the semaphore's raw_spinlock become a terminal lock without taking any further locks underneath it. The hrtimer_bases.lock is a raw_spinlock while zone->lock is a spinlock. The hrtimer_bases.lock -> zone->lock dependency happens via the debug_objects_fill_pool() helper function in the debugobjects code. -> #4 (&zone->lock){-.-.}-{2:2}: __lock_acquire+0xe86/0x1cc0 lock_acquire.part.0+0x258/0x630 lock_acquire+0xb8/0xe0 _raw_spin_lock_irqsave+0xb4/0x120 rmqueue_bulk+0xac/0x8f0 __rmqueue_pcplist+0x580/0x830 rmqueue_pcplist+0xfc/0x470 rmqueue.isra.0+0xdec/0x11b0 get_page_from_freelist+0x2ee/0xeb0 __alloc_pages_noprof+0x2c2/0x520 alloc_pages_mpol_noprof+0x1fc/0x4d0 alloc_pages_noprof+0x8c/0xe0 allocate_slab+0x320/0x460 ___slab_alloc+0xa58/0x12b0 __slab_alloc.isra.0+0x42/0x60 kmem_cache_alloc_noprof+0x304/0x350 fill_pool+0xf6/0x450 debug_object_activate+0xfe/0x360 enqueue_hrtimer+0x34/0x190 __run_hrtimer+0x3c8/0x4c0 __hrtimer_run_queues+0x1b2/0x260 hrtimer_interrupt+0x316/0x760 do_IRQ+0x9a/0xe0 do_irq_async+0xf6/0x160 Normally a raw_spinlock to spinlock dependency is not legitimate and will be warned if CONFIG_PROVE_RAW_LOCK_NESTING is enabled, but debug_objects_fill_pool() is an exception as it explicitly allows this dependency for non-PREEMPT_RT kernel without causing PROVE_RAW_LOCK_NESTING lockdep splat. As a result, this dependency is legitimate and not a bug. Anyway, semaphore is the only locking primitive left that is still using try_to_wake_up() to do wakeup inside critical section, all the other locking primitives had been migrated to use wake_q to do wakeup outside of the critical section. It is also possible that there are other circular locking dependencies involving printk/console_sem or other existing/new semaphores lurking somewhere which may show up in the future. Let just do the migration now to wake_q to avoid headache like this. Reported-by: yzbot+ed801a886dfdbfe7136d(a)syzkaller.appspotmail.com Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20250307232717.1759087-3-boqun.feng@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/semaphore.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/locking/semaphore.c b/kernel/locking/semaphore.c index d9dd94defc0a9..19389fdbfdfb1 100644 --- a/kernel/locking/semaphore.c +++ b/kernel/locking/semaphore.c @@ -29,6 +29,7 @@ #include <linux/export.h> #include <linux/sched.h> #include <linux/sched/debug.h> +#include <linux/sched/wake_q.h> #include <linux/semaphore.h> #include <linux/spinlock.h> #include <linux/ftrace.h> @@ -37,7 +38,7 @@ static noinline void __down(struct semaphore *sem); static noinline int __down_interruptible(struct semaphore *sem); static noinline int __down_killable(struct semaphore *sem); static noinline int __down_timeout(struct semaphore *sem, long timeout); -static noinline void __up(struct semaphore *sem); +static noinline void __up(struct semaphore *sem, struct wake_q_head *wake_q); /** * down - acquire the semaphore @@ -178,13 +179,16 @@ EXPORT_SYMBOL(down_timeout); void up(struct semaphore *sem) { unsigned long flags; + DEFINE_WAKE_Q(wake_q); raw_spin_lock_irqsave(&sem->lock, flags); if (likely(list_empty(&sem->wait_list))) sem->count++; else - __up(sem); + __up(sem, &wake_q); raw_spin_unlock_irqrestore(&sem->lock, flags); + if (!wake_q_empty(&wake_q)) + wake_up_q(&wake_q); } EXPORT_SYMBOL(up); @@ -252,11 +256,12 @@ static noinline int __sched __down_timeout(struct semaphore *sem, long timeout) return __down_common(sem, TASK_UNINTERRUPTIBLE, timeout); } -static noinline void __sched __up(struct semaphore *sem) +static noinline void __sched __up(struct semaphore *sem, + struct wake_q_head *wake_q) { struct semaphore_waiter *waiter = list_first_entry(&sem->wait_list, struct semaphore_waiter, list); list_del(&waiter->list); waiter->up = true; - wake_up_process(waiter->task); + wake_q_add(wake_q, waiter->task); } -- 2.39.5

1 month, 1 week

1
0
0 0

[PATCH stable 6.6 v2] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..34315d09b544 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

4
5
0 0

[PATCH AUTOSEL 5.10 1/2] locking/semaphore: Use wake_q to wake up processes outside lock critical section

by Sasha Levin

From: Waiman Long <longman(a)redhat.com> [ Upstream commit 85b2b9c16d053364e2004883140538e73b333cdb ] A circular lock dependency splat has been seen involving down_trylock(): ====================================================== WARNING: possible circular locking dependency detected 6.12.0-41.el10.s390x+debug ------------------------------------------------------ dd/32479 is trying to acquire lock: 0015a20accd0d4f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x26/0x90 but task is already holding lock: 000000017e461698 (&zone->lock){-.-.}-{2:2}, at: rmqueue_bulk+0xac/0x8f0 the existing dependency chain (in reverse order) is: -> #4 (&zone->lock){-.-.}-{2:2}: -> #3 (hrtimer_bases.lock){-.-.}-{2:2}: -> #2 (&rq->__lock){-.-.}-{2:2}: -> #1 (&p->pi_lock){-.-.}-{2:2}: -> #0 ((console_sem).lock){-.-.}-{2:2}: The console_sem -> pi_lock dependency is due to calling try_to_wake_up() while holding the console_sem raw_spinlock. This dependency can be broken by using wake_q to do the wakeup instead of calling try_to_wake_up() under the console_sem lock. This will also make the semaphore's raw_spinlock become a terminal lock without taking any further locks underneath it. The hrtimer_bases.lock is a raw_spinlock while zone->lock is a spinlock. The hrtimer_bases.lock -> zone->lock dependency happens via the debug_objects_fill_pool() helper function in the debugobjects code. -> #4 (&zone->lock){-.-.}-{2:2}: __lock_acquire+0xe86/0x1cc0 lock_acquire.part.0+0x258/0x630 lock_acquire+0xb8/0xe0 _raw_spin_lock_irqsave+0xb4/0x120 rmqueue_bulk+0xac/0x8f0 __rmqueue_pcplist+0x580/0x830 rmqueue_pcplist+0xfc/0x470 rmqueue.isra.0+0xdec/0x11b0 get_page_from_freelist+0x2ee/0xeb0 __alloc_pages_noprof+0x2c2/0x520 alloc_pages_mpol_noprof+0x1fc/0x4d0 alloc_pages_noprof+0x8c/0xe0 allocate_slab+0x320/0x460 ___slab_alloc+0xa58/0x12b0 __slab_alloc.isra.0+0x42/0x60 kmem_cache_alloc_noprof+0x304/0x350 fill_pool+0xf6/0x450 debug_object_activate+0xfe/0x360 enqueue_hrtimer+0x34/0x190 __run_hrtimer+0x3c8/0x4c0 __hrtimer_run_queues+0x1b2/0x260 hrtimer_interrupt+0x316/0x760 do_IRQ+0x9a/0xe0 do_irq_async+0xf6/0x160 Normally a raw_spinlock to spinlock dependency is not legitimate and will be warned if CONFIG_PROVE_RAW_LOCK_NESTING is enabled, but debug_objects_fill_pool() is an exception as it explicitly allows this dependency for non-PREEMPT_RT kernel without causing PROVE_RAW_LOCK_NESTING lockdep splat. As a result, this dependency is legitimate and not a bug. Anyway, semaphore is the only locking primitive left that is still using try_to_wake_up() to do wakeup inside critical section, all the other locking primitives had been migrated to use wake_q to do wakeup outside of the critical section. It is also possible that there are other circular locking dependencies involving printk/console_sem or other existing/new semaphores lurking somewhere which may show up in the future. Let just do the migration now to wake_q to avoid headache like this. Reported-by: yzbot+ed801a886dfdbfe7136d(a)syzkaller.appspotmail.com Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20250307232717.1759087-3-boqun.feng@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/semaphore.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/locking/semaphore.c b/kernel/locking/semaphore.c index 9aa855a96c4ae..aadde65402913 100644 --- a/kernel/locking/semaphore.c +++ b/kernel/locking/semaphore.c @@ -29,6 +29,7 @@ #include <linux/export.h> #include <linux/sched.h> #include <linux/sched/debug.h> +#include <linux/sched/wake_q.h> #include <linux/semaphore.h> #include <linux/spinlock.h> #include <linux/ftrace.h> @@ -37,7 +38,7 @@ static noinline void __down(struct semaphore *sem); static noinline int __down_interruptible(struct semaphore *sem); static noinline int __down_killable(struct semaphore *sem); static noinline int __down_timeout(struct semaphore *sem, long timeout); -static noinline void __up(struct semaphore *sem); +static noinline void __up(struct semaphore *sem, struct wake_q_head *wake_q); /** * down - acquire the semaphore @@ -178,13 +179,16 @@ EXPORT_SYMBOL(down_timeout); void up(struct semaphore *sem) { unsigned long flags; + DEFINE_WAKE_Q(wake_q); raw_spin_lock_irqsave(&sem->lock, flags); if (likely(list_empty(&sem->wait_list))) sem->count++; else - __up(sem); + __up(sem, &wake_q); raw_spin_unlock_irqrestore(&sem->lock, flags); + if (!wake_q_empty(&wake_q)) + wake_up_q(&wake_q); } EXPORT_SYMBOL(up); @@ -252,11 +256,12 @@ static noinline int __sched __down_timeout(struct semaphore *sem, long timeout) return __down_common(sem, TASK_UNINTERRUPTIBLE, timeout); } -static noinline void __sched __up(struct semaphore *sem) +static noinline void __sched __up(struct semaphore *sem, + struct wake_q_head *wake_q) { struct semaphore_waiter *waiter = list_first_entry(&sem->wait_list, struct semaphore_waiter, list); list_del(&waiter->list); waiter->up = true; - wake_up_process(waiter->task); + wake_q_add(wake_q, waiter->task); } -- 2.39.5

1 month, 1 week

1
1
0 0

[PATCH v2 stable 6.1 1/2] tcp: fix races in tcp_abort()

by Youngmin Nam

From: Eric Dumazet <edumazet(a)google.com> tcp_abort() has the same issue than the one fixed in the prior patch in tcp_write_err(). commit 5ce4645c23cf5f048eb8e9ce49e514bababdee85 upstream. To apply commit bac76cf89816bff06c4ec2f3df97dc34e150a1c4, this patch must be applied first. In order to get consistent results from tcp_poll(), we must call sk_error_report() after tcp_done(). We can use tcp_done_with_error() to centralize this logic. Fixes: c1e64e298b8c ("net: diag: Support destroying TCP sockets.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Acked-by: Neal Cardwell <ncardwell(a)google.com> Link: https://lore.kernel.org/r/20240528125253.1966136-4-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Cc: <stable(a)vger.kernel.org> [youngmin: Resolved minor conflict in net/ipv4/tcp.c] Signed-off-by: Youngmin Nam <youngmin.nam(a)samsung.com> --- net/ipv4/tcp.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 7d591a0cf0c7..1ad3a20eb9b7 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4755,13 +4755,9 @@ int tcp_abort(struct sock *sk, int err) bh_lock_sock(sk); if (!sock_flag(sk, SOCK_DEAD)) { - WRITE_ONCE(sk->sk_err, err); - /* This barrier is coupled with smp_rmb() in tcp_poll() */ - smp_wmb(); - sk_error_report(sk); if (tcp_need_reset(sk->sk_state)) tcp_send_active_reset(sk, GFP_ATOMIC); - tcp_done(sk); + tcp_done_with_error(sk, err); } bh_unlock_sock(sk); -- 2.39.2

1 month, 1 week

2
3
0 0

[PATCH stable 5.15 v3] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops v2 -> v3: keep original comment --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..8d839ff5548e 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem folios created with memfd_secret() */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

3
2
0 0

[PATCH stable 6.1 v2] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..34315d09b544 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

2
1
0 0

[PATCH AUTOSEL 5.15 1/4] locking/semaphore: Use wake_q to wake up processes outside lock critical section

by Sasha Levin

From: Waiman Long <longman(a)redhat.com> [ Upstream commit 85b2b9c16d053364e2004883140538e73b333cdb ] A circular lock dependency splat has been seen involving down_trylock(): ====================================================== WARNING: possible circular locking dependency detected 6.12.0-41.el10.s390x+debug ------------------------------------------------------ dd/32479 is trying to acquire lock: 0015a20accd0d4f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x26/0x90 but task is already holding lock: 000000017e461698 (&zone->lock){-.-.}-{2:2}, at: rmqueue_bulk+0xac/0x8f0 the existing dependency chain (in reverse order) is: -> #4 (&zone->lock){-.-.}-{2:2}: -> #3 (hrtimer_bases.lock){-.-.}-{2:2}: -> #2 (&rq->__lock){-.-.}-{2:2}: -> #1 (&p->pi_lock){-.-.}-{2:2}: -> #0 ((console_sem).lock){-.-.}-{2:2}: The console_sem -> pi_lock dependency is due to calling try_to_wake_up() while holding the console_sem raw_spinlock. This dependency can be broken by using wake_q to do the wakeup instead of calling try_to_wake_up() under the console_sem lock. This will also make the semaphore's raw_spinlock become a terminal lock without taking any further locks underneath it. The hrtimer_bases.lock is a raw_spinlock while zone->lock is a spinlock. The hrtimer_bases.lock -> zone->lock dependency happens via the debug_objects_fill_pool() helper function in the debugobjects code. -> #4 (&zone->lock){-.-.}-{2:2}: __lock_acquire+0xe86/0x1cc0 lock_acquire.part.0+0x258/0x630 lock_acquire+0xb8/0xe0 _raw_spin_lock_irqsave+0xb4/0x120 rmqueue_bulk+0xac/0x8f0 __rmqueue_pcplist+0x580/0x830 rmqueue_pcplist+0xfc/0x470 rmqueue.isra.0+0xdec/0x11b0 get_page_from_freelist+0x2ee/0xeb0 __alloc_pages_noprof+0x2c2/0x520 alloc_pages_mpol_noprof+0x1fc/0x4d0 alloc_pages_noprof+0x8c/0xe0 allocate_slab+0x320/0x460 ___slab_alloc+0xa58/0x12b0 __slab_alloc.isra.0+0x42/0x60 kmem_cache_alloc_noprof+0x304/0x350 fill_pool+0xf6/0x450 debug_object_activate+0xfe/0x360 enqueue_hrtimer+0x34/0x190 __run_hrtimer+0x3c8/0x4c0 __hrtimer_run_queues+0x1b2/0x260 hrtimer_interrupt+0x316/0x760 do_IRQ+0x9a/0xe0 do_irq_async+0xf6/0x160 Normally a raw_spinlock to spinlock dependency is not legitimate and will be warned if CONFIG_PROVE_RAW_LOCK_NESTING is enabled, but debug_objects_fill_pool() is an exception as it explicitly allows this dependency for non-PREEMPT_RT kernel without causing PROVE_RAW_LOCK_NESTING lockdep splat. As a result, this dependency is legitimate and not a bug. Anyway, semaphore is the only locking primitive left that is still using try_to_wake_up() to do wakeup inside critical section, all the other locking primitives had been migrated to use wake_q to do wakeup outside of the critical section. It is also possible that there are other circular locking dependencies involving printk/console_sem or other existing/new semaphores lurking somewhere which may show up in the future. Let just do the migration now to wake_q to avoid headache like this. Reported-by: yzbot+ed801a886dfdbfe7136d(a)syzkaller.appspotmail.com Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20250307232717.1759087-3-boqun.feng@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/semaphore.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/locking/semaphore.c b/kernel/locking/semaphore.c index 9ee381e4d2a4d..a26c915430ba0 100644 --- a/kernel/locking/semaphore.c +++ b/kernel/locking/semaphore.c @@ -29,6 +29,7 @@ #include <linux/export.h> #include <linux/sched.h> #include <linux/sched/debug.h> +#include <linux/sched/wake_q.h> #include <linux/semaphore.h> #include <linux/spinlock.h> #include <linux/ftrace.h> @@ -37,7 +38,7 @@ static noinline void __down(struct semaphore *sem); static noinline int __down_interruptible(struct semaphore *sem); static noinline int __down_killable(struct semaphore *sem); static noinline int __down_timeout(struct semaphore *sem, long timeout); -static noinline void __up(struct semaphore *sem); +static noinline void __up(struct semaphore *sem, struct wake_q_head *wake_q); /** * down - acquire the semaphore @@ -182,13 +183,16 @@ EXPORT_SYMBOL(down_timeout); void up(struct semaphore *sem) { unsigned long flags; + DEFINE_WAKE_Q(wake_q); raw_spin_lock_irqsave(&sem->lock, flags); if (likely(list_empty(&sem->wait_list))) sem->count++; else - __up(sem); + __up(sem, &wake_q); raw_spin_unlock_irqrestore(&sem->lock, flags); + if (!wake_q_empty(&wake_q)) + wake_up_q(&wake_q); } EXPORT_SYMBOL(up); @@ -256,11 +260,12 @@ static noinline int __sched __down_timeout(struct semaphore *sem, long timeout) return __down_common(sem, TASK_UNINTERRUPTIBLE, timeout); } -static noinline void __sched __up(struct semaphore *sem) +static noinline void __sched __up(struct semaphore *sem, + struct wake_q_head *wake_q) { struct semaphore_waiter *waiter = list_first_entry(&sem->wait_list, struct semaphore_waiter, list); list_del(&waiter->list); waiter->up = true; - wake_up_process(waiter->task); + wake_q_add(wake_q, waiter->task); } -- 2.39.5

1 month, 1 week

1
3
0 0

[PATCH stable 6.1 v3] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Chen Linxuan: backport same logic without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- v1 -> v2: use vma_is_secretmem() instead of directly checking vma->vm_file->f_op == &secretmem_fops v2 -> v3: keep original comment --- lib/buildid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..8d839ff5548e 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; + /* reject secretmem folios created with memfd_secret() */ + if (vma_is_secretmem(vma)) + return -EFAULT; + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 1 week

3
2
0 0

[PATCH AUTOSEL 6.1 1/4] locking/semaphore: Use wake_q to wake up processes outside lock critical section

by Sasha Levin

From: Waiman Long <longman(a)redhat.com> [ Upstream commit 85b2b9c16d053364e2004883140538e73b333cdb ] A circular lock dependency splat has been seen involving down_trylock(): ====================================================== WARNING: possible circular locking dependency detected 6.12.0-41.el10.s390x+debug ------------------------------------------------------ dd/32479 is trying to acquire lock: 0015a20accd0d4f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x26/0x90 but task is already holding lock: 000000017e461698 (&zone->lock){-.-.}-{2:2}, at: rmqueue_bulk+0xac/0x8f0 the existing dependency chain (in reverse order) is: -> #4 (&zone->lock){-.-.}-{2:2}: -> #3 (hrtimer_bases.lock){-.-.}-{2:2}: -> #2 (&rq->__lock){-.-.}-{2:2}: -> #1 (&p->pi_lock){-.-.}-{2:2}: -> #0 ((console_sem).lock){-.-.}-{2:2}: The console_sem -> pi_lock dependency is due to calling try_to_wake_up() while holding the console_sem raw_spinlock. This dependency can be broken by using wake_q to do the wakeup instead of calling try_to_wake_up() under the console_sem lock. This will also make the semaphore's raw_spinlock become a terminal lock without taking any further locks underneath it. The hrtimer_bases.lock is a raw_spinlock while zone->lock is a spinlock. The hrtimer_bases.lock -> zone->lock dependency happens via the debug_objects_fill_pool() helper function in the debugobjects code. -> #4 (&zone->lock){-.-.}-{2:2}: __lock_acquire+0xe86/0x1cc0 lock_acquire.part.0+0x258/0x630 lock_acquire+0xb8/0xe0 _raw_spin_lock_irqsave+0xb4/0x120 rmqueue_bulk+0xac/0x8f0 __rmqueue_pcplist+0x580/0x830 rmqueue_pcplist+0xfc/0x470 rmqueue.isra.0+0xdec/0x11b0 get_page_from_freelist+0x2ee/0xeb0 __alloc_pages_noprof+0x2c2/0x520 alloc_pages_mpol_noprof+0x1fc/0x4d0 alloc_pages_noprof+0x8c/0xe0 allocate_slab+0x320/0x460 ___slab_alloc+0xa58/0x12b0 __slab_alloc.isra.0+0x42/0x60 kmem_cache_alloc_noprof+0x304/0x350 fill_pool+0xf6/0x450 debug_object_activate+0xfe/0x360 enqueue_hrtimer+0x34/0x190 __run_hrtimer+0x3c8/0x4c0 __hrtimer_run_queues+0x1b2/0x260 hrtimer_interrupt+0x316/0x760 do_IRQ+0x9a/0xe0 do_irq_async+0xf6/0x160 Normally a raw_spinlock to spinlock dependency is not legitimate and will be warned if CONFIG_PROVE_RAW_LOCK_NESTING is enabled, but debug_objects_fill_pool() is an exception as it explicitly allows this dependency for non-PREEMPT_RT kernel without causing PROVE_RAW_LOCK_NESTING lockdep splat. As a result, this dependency is legitimate and not a bug. Anyway, semaphore is the only locking primitive left that is still using try_to_wake_up() to do wakeup inside critical section, all the other locking primitives had been migrated to use wake_q to do wakeup outside of the critical section. It is also possible that there are other circular locking dependencies involving printk/console_sem or other existing/new semaphores lurking somewhere which may show up in the future. Let just do the migration now to wake_q to avoid headache like this. Reported-by: yzbot+ed801a886dfdbfe7136d(a)syzkaller.appspotmail.com Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20250307232717.1759087-3-boqun.feng@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/semaphore.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/kernel/locking/semaphore.c b/kernel/locking/semaphore.c index 34bfae72f2952..de9117c0e671e 100644 --- a/kernel/locking/semaphore.c +++ b/kernel/locking/semaphore.c @@ -29,6 +29,7 @@ #include <linux/export.h> #include <linux/sched.h> #include <linux/sched/debug.h> +#include <linux/sched/wake_q.h> #include <linux/semaphore.h> #include <linux/spinlock.h> #include <linux/ftrace.h> @@ -38,7 +39,7 @@ static noinline void __down(struct semaphore *sem); static noinline int __down_interruptible(struct semaphore *sem); static noinline int __down_killable(struct semaphore *sem); static noinline int __down_timeout(struct semaphore *sem, long timeout); -static noinline void __up(struct semaphore *sem); +static noinline void __up(struct semaphore *sem, struct wake_q_head *wake_q); /** * down - acquire the semaphore @@ -183,13 +184,16 @@ EXPORT_SYMBOL(down_timeout); void __sched up(struct semaphore *sem) { unsigned long flags; + DEFINE_WAKE_Q(wake_q); raw_spin_lock_irqsave(&sem->lock, flags); if (likely(list_empty(&sem->wait_list))) sem->count++; else - __up(sem); + __up(sem, &wake_q); raw_spin_unlock_irqrestore(&sem->lock, flags); + if (!wake_q_empty(&wake_q)) + wake_up_q(&wake_q); } EXPORT_SYMBOL(up); @@ -269,11 +273,12 @@ static noinline int __sched __down_timeout(struct semaphore *sem, long timeout) return __down_common(sem, TASK_UNINTERRUPTIBLE, timeout); } -static noinline void __sched __up(struct semaphore *sem) +static noinline void __sched __up(struct semaphore *sem, + struct wake_q_head *wake_q) { struct semaphore_waiter *waiter = list_first_entry(&sem->wait_list, struct semaphore_waiter, list); list_del(&waiter->list); waiter->up = true; - wake_up_process(waiter->task); + wake_q_add(wake_q, waiter->task); } -- 2.39.5

1 month, 1 week

1
3
0 0

[PATCH AUTOSEL 6.6 1/8] x86/hyperv/vtl: Stop kernel from probing VTL0 low memory

by Sasha Levin

From: Naman Jain <namjain(a)linux.microsoft.com> [ Upstream commit 59115e2e25f42924181055ed7cc1d123af7598b7 ] For Linux, running in Hyper-V VTL (Virtual Trust Level), kernel in VTL2 tries to access VTL0 low memory in probe_roms. This memory is not described in the e820 map. Initialize probe_roms call to no-ops during boot for VTL2 kernel to avoid this. The issue got identified in OpenVMM which detects invalid accesses initiated from kernel running in VTL2. Co-developed-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Tested-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Roman Kisel <romank(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250116061224.1701-1-namjain@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250116061224.1701-1-namjain(a)linux.microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/hyperv/hv_vtl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index c2f78fabc865b..b12bef0ff7bb6 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -30,6 +30,7 @@ void __init hv_vtl_init_platform(void) x86_platform.realmode_init = x86_init_noop; x86_init.irqs.pre_vector_init = x86_init_noop; x86_init.timers.timer_init = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; /* Avoid searching for BIOS MP tables */ x86_init.mpparse.find_smp_config = x86_init_noop; -- 2.39.5

1 month, 1 week

1
7
0 0

[PATCH AUTOSEL 6.12 01/13] x86/hyperv/vtl: Stop kernel from probing VTL0 low memory

by Sasha Levin

From: Naman Jain <namjain(a)linux.microsoft.com> [ Upstream commit 59115e2e25f42924181055ed7cc1d123af7598b7 ] For Linux, running in Hyper-V VTL (Virtual Trust Level), kernel in VTL2 tries to access VTL0 low memory in probe_roms. This memory is not described in the e820 map. Initialize probe_roms call to no-ops during boot for VTL2 kernel to avoid this. The issue got identified in OpenVMM which detects invalid accesses initiated from kernel running in VTL2. Co-developed-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Tested-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Roman Kisel <romank(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250116061224.1701-1-namjain@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250116061224.1701-1-namjain(a)linux.microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/hyperv/hv_vtl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index 04775346369c5..d04ccd4b3b4af 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -30,6 +30,7 @@ void __init hv_vtl_init_platform(void) x86_platform.realmode_init = x86_init_noop; x86_init.irqs.pre_vector_init = x86_init_noop; x86_init.timers.timer_init = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; /* Avoid searching for BIOS MP tables */ x86_init.mpparse.find_mptable = x86_init_noop; -- 2.39.5

1 month, 1 week

1
12
0 0

[PATCH AUTOSEL 6.13 01/16] x86/hyperv/vtl: Stop kernel from probing VTL0 low memory

by Sasha Levin

From: Naman Jain <namjain(a)linux.microsoft.com> [ Upstream commit 59115e2e25f42924181055ed7cc1d123af7598b7 ] For Linux, running in Hyper-V VTL (Virtual Trust Level), kernel in VTL2 tries to access VTL0 low memory in probe_roms. This memory is not described in the e820 map. Initialize probe_roms call to no-ops during boot for VTL2 kernel to avoid this. The issue got identified in OpenVMM which detects invalid accesses initiated from kernel running in VTL2. Co-developed-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Tested-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Roman Kisel <romank(a)linux.microsoft.com> Link: https://lore.kernel.org/r/20250116061224.1701-1-namjain@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250116061224.1701-1-namjain(a)linux.microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/hyperv/hv_vtl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index 04775346369c5..d04ccd4b3b4af 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -30,6 +30,7 @@ void __init hv_vtl_init_platform(void) x86_platform.realmode_init = x86_init_noop; x86_init.irqs.pre_vector_init = x86_init_noop; x86_init.timers.timer_init = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; /* Avoid searching for BIOS MP tables */ x86_init.mpparse.find_mptable = x86_init_noop; -- 2.39.5

1 month, 1 week

1
15
0 0

[PATCH 0/2] Add dma-coherent for gs101 UFS dt node

by Peter Griffin

ufs-exynos driver enables the shareability option for gs101 which means the descriptors need to be allocated as cacheable. Fix the DT node and update bindings to add the dma-coherent property. This fixes the UFS stability issues we have seen with the upstream UFS driver. Note this DT fix can go in independently of the other UFS fixes series I sent recently [1], as the bootloader already leaves the sharability bits enabled. regards, Peter [1] https://lore.kernel.org/linux-scsi/20250226220414.343659-1-peter.griffin@li… To: André Draszik <andre.draszik(a)linaro.org> To: Tudor Ambarus <tudor.ambarus(a)linaro.org> To: Rob Herring <robh(a)kernel.org> To: Krzysztof Kozlowski <krzk+dt(a)kernel.org> To: Conor Dooley <conor+dt(a)kernel.org> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Avri Altman <avri.altman(a)wdc.com> To: Bart Van Assche <bvanassche(a)acm.org> To: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: devicetree(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: linux-scsi(a)vger.kernel.org Cc: kernel-team(a)android.com Cc: willmcvicker(a)google.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Peter Griffin (2): arm64: dts: exynos: gs101: ufs: add dma-coherent property scsi: ufs: dt-bindings: exynos: add dma-coherent property for gs101 Documentation/devicetree/bindings/ufs/samsung,exynos-ufs.yaml | 2 ++ arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + 2 files changed, 3 insertions(+) --- base-commit: b323d8e7bc03d27dec646bfdccb7d1a92411f189 change-id: 20250314-ufs-dma-coherent-980f2467690d Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

1 month, 1 week

5
10
0 0

[PATCH] [arm64/tlb] Fix mmu notifiers for range-based invalidates

by Piotr Jaroszynski

Update the __flush_tlb_range_op macro not to modify its parameters as these are unexepcted semantics. In practice, this fixes the call to mmu_notifier_arch_invalidate_secondary_tlbs() in __flush_tlb_range_nosync() to use the correct range instead of an empty range with start=end. The empty range was (un)lucky as it results in taking the invalidate-all path that doesn't cause correctness issues, but can certainly result in suboptimal perf. This has been broken since commit 6bbd42e2df8f ("mmu_notifiers: call invalidate_range() when invalidating TLBs") when the call to the notifiers was added to __flush_tlb_range(). It predates the addition of the __flush_tlb_range_op() macro from commit 360839027a6e ("arm64: tlb: Refactor the core flush algorithm of __flush_tlb_range") that made the bug hard to spot. Fixes: 6bbd42e2df8f ("mmu_notifiers: call invalidate_range() when invalidating TLBs") Signed-off-by: Piotr Jaroszynski <pjaroszynski(a)nvidia.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Raghavendra Rao Ananta <rananta(a)google.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Nicolin Chen <nicolinc(a)nvidia.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: iommu(a)lists.linux.dev Cc: linux-mm(a)kvack.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- arch/arm64/include/asm/tlbflush.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h index bc94e036a26b..8104aee4f9a0 100644 --- a/arch/arm64/include/asm/tlbflush.h +++ b/arch/arm64/include/asm/tlbflush.h @@ -396,33 +396,35 @@ static inline void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch) #define __flush_tlb_range_op(op, start, pages, stride, \ asid, tlb_level, tlbi_user, lpa2) \ do { \ + typeof(start) __flush_start = start; \ + typeof(pages) __flush_pages = pages; \ int num = 0; \ int scale = 3; \ int shift = lpa2 ? 16 : PAGE_SHIFT; \ unsigned long addr; \ \ - while (pages > 0) { \ + while (__flush_pages > 0) { \ if (!system_supports_tlb_range() || \ - pages == 1 || \ - (lpa2 && start != ALIGN(start, SZ_64K))) { \ - addr = __TLBI_VADDR(start, asid); \ + __flush_pages == 1 || \ + (lpa2 && __flush_start != ALIGN(__flush_start, SZ_64K))) { \ + addr = __TLBI_VADDR(__flush_start, asid); \ __tlbi_level(op, addr, tlb_level); \ if (tlbi_user) \ __tlbi_user_level(op, addr, tlb_level); \ - start += stride; \ - pages -= stride >> PAGE_SHIFT; \ + __flush_start += stride; \ + __flush_pages -= stride >> PAGE_SHIFT; \ continue; \ } \ \ - num = __TLBI_RANGE_NUM(pages, scale); \ + num = __TLBI_RANGE_NUM(__flush_pages, scale); \ if (num >= 0) { \ - addr = __TLBI_VADDR_RANGE(start >> shift, asid, \ + addr = __TLBI_VADDR_RANGE(__flush_start >> shift, asid, \ scale, num, tlb_level); \ __tlbi(r##op, addr); \ if (tlbi_user) \ __tlbi_user(r##op, addr); \ - start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \ - pages -= __TLBI_RANGE_PAGES(num, scale); \ + __flush_start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \ + __flush_pages -= __TLBI_RANGE_PAGES(num, scale);\ } \ scale--; \ } \ base-commit: 99fa936e8e4f117d62f229003c9799686f74cebc -- 2.22.1.7.gac84d6e93c.dirty

1 month, 1 week

5
5
0 0

FAILED: patch "[PATCH] rust: Disallow BTF generation with Rust + LTO" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5daa0c35a1f0e7a6c3b8ba9cb721e7d1ace6e619 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031621-july-parkway-796f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5daa0c35a1f0e7a6c3b8ba9cb721e7d1ace6e619 Mon Sep 17 00:00:00 2001 From: Matthew Maurer <mmaurer(a)google.com> Date: Wed, 8 Jan 2025 23:35:08 +0000 Subject: [PATCH] rust: Disallow BTF generation with Rust + LTO The kernel cannot currently self-parse BTF containing Rust debug information. pahole uses the language of the CU to determine whether to filter out debug information when generating the BTF. When LTO is enabled, Rust code can cross CU boundaries, resulting in Rust debug information in CUs labeled as C. This results in a system which cannot parse its own BTF. Signed-off-by: Matthew Maurer <mmaurer(a)google.com> Cc: stable(a)vger.kernel.org Fixes: c1177979af9c ("btf, scripts: Exclude Rust CUs with pahole") Link: https://lore.kernel.org/r/20250108-rust-btf-lto-incompat-v1-1-60243ff6d820@… Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..324c2886b2ea 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1973,7 +1973,7 @@ config RUST depends on !MODVERSIONS || GENDWARFKSYMS depends on !GCC_PLUGIN_RANDSTRUCT depends on !RANDSTRUCT - depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE + depends on !DEBUG_INFO_BTF || (PAHOLE_HAS_LANG_EXCLUDE && !LTO) depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG depends on !CALL_PADDING || RUSTC_VERSION >= 108100

1 month, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] rust: Disallow BTF generation with Rust + LTO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5daa0c35a1f0e7a6c3b8ba9cb721e7d1ace6e619 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031622-rocker-narrow-b1e3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5daa0c35a1f0e7a6c3b8ba9cb721e7d1ace6e619 Mon Sep 17 00:00:00 2001 From: Matthew Maurer <mmaurer(a)google.com> Date: Wed, 8 Jan 2025 23:35:08 +0000 Subject: [PATCH] rust: Disallow BTF generation with Rust + LTO The kernel cannot currently self-parse BTF containing Rust debug information. pahole uses the language of the CU to determine whether to filter out debug information when generating the BTF. When LTO is enabled, Rust code can cross CU boundaries, resulting in Rust debug information in CUs labeled as C. This results in a system which cannot parse its own BTF. Signed-off-by: Matthew Maurer <mmaurer(a)google.com> Cc: stable(a)vger.kernel.org Fixes: c1177979af9c ("btf, scripts: Exclude Rust CUs with pahole") Link: https://lore.kernel.org/r/20250108-rust-btf-lto-incompat-v1-1-60243ff6d820@… Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..324c2886b2ea 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1973,7 +1973,7 @@ config RUST depends on !MODVERSIONS || GENDWARFKSYMS depends on !GCC_PLUGIN_RANDSTRUCT depends on !RANDSTRUCT - depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE + depends on !DEBUG_INFO_BTF || (PAHOLE_HAS_LANG_EXCLUDE && !LTO) depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG depends on !CALL_PADDING || RUSTC_VERSION >= 108100

1 month, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 9360dfe4cbd62ff1eb8217b815964931523b75b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031611-flatly-revolving-8c7b@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9360dfe4cbd62ff1eb8217b815964931523b75b3 Mon Sep 17 00:00:00 2001 From: Andrea Righi <arighi(a)nvidia.com> Date: Mon, 3 Mar 2025 18:51:59 +0100 Subject: [PATCH] sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash. To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified. Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class") Cc: stable(a)vger.kernel.org # v6.12+ Signed-off-by: Andrea Righi <arighi(a)nvidia.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 0f1da199cfc7..7b9dfee858e7 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -6422,6 +6422,9 @@ static bool check_builtin_idle_enabled(void) __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu, u64 wake_flags, bool *is_idle) { + if (!ops_cpu_valid(prev_cpu, NULL)) + goto prev_cpu; + if (!check_builtin_idle_enabled()) goto prev_cpu;

1 month, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 9360dfe4cbd62ff1eb8217b815964931523b75b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031614-broiler-overgrown-4bd4@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9360dfe4cbd62ff1eb8217b815964931523b75b3 Mon Sep 17 00:00:00 2001 From: Andrea Righi <arighi(a)nvidia.com> Date: Mon, 3 Mar 2025 18:51:59 +0100 Subject: [PATCH] sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() If a BPF scheduler provides an invalid CPU (outside the nr_cpu_ids range) as prev_cpu to scx_bpf_select_cpu_dfl() it can cause a kernel crash. To prevent this, validate prev_cpu in scx_bpf_select_cpu_dfl() and trigger an scx error if an invalid CPU is specified. Fixes: f0e1a0643a59b ("sched_ext: Implement BPF extensible scheduler class") Cc: stable(a)vger.kernel.org # v6.12+ Signed-off-by: Andrea Righi <arighi(a)nvidia.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c index 0f1da199cfc7..7b9dfee858e7 100644 --- a/kernel/sched/ext.c +++ b/kernel/sched/ext.c @@ -6422,6 +6422,9 @@ static bool check_builtin_idle_enabled(void) __bpf_kfunc s32 scx_bpf_select_cpu_dfl(struct task_struct *p, s32 prev_cpu, u64 wake_flags, bool *is_idle) { + if (!ops_cpu_valid(prev_cpu, NULL)) + goto prev_cpu; + if (!check_builtin_idle_enabled()) goto prev_cpu;

1 month, 2 weeks

3
2
0 0

[PATCH v2] mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops

by Kamal Dasu

cqhci timeouts observed on brcmstb platforms during suspend: ... [ 164.832853] mmc0: cqhci: timeout for tag 18 ... Adding cqhci_suspend()/resume() calls to disable cqe in sdhci_brcmstb_suspend()/resume() respectively to fix CQE timeouts seen on PM suspend. Fixes: d46ba2d17f90 ("mmc: sdhci-brcmstb: Add support for Command Queuing (CQE)") Cc: stable(a)vger.kernel.org Signed-off-by: Kamal Dasu <kamal.dasu(a)broadcom.com> --- drivers/mmc/host/sdhci-brcmstb.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c index 0ef4d578ade8..48cdcba0f39c 100644 --- a/drivers/mmc/host/sdhci-brcmstb.c +++ b/drivers/mmc/host/sdhci-brcmstb.c @@ -503,8 +503,15 @@ static int sdhci_brcmstb_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_brcmstb_priv *priv = sdhci_pltfm_priv(pltfm_host); + int ret; clk_disable_unprepare(priv->base_clk); + if (host->mmc->caps2 & MMC_CAP2_CQE) { + ret = cqhci_suspend(host->mmc); + if (ret) + return ret; + } + return sdhci_pltfm_suspend(dev); } @@ -529,6 +536,9 @@ static int sdhci_brcmstb_resume(struct device *dev) ret = clk_set_rate(priv->base_clk, priv->base_freq_hz); } + if (host->mmc->caps2 & MMC_CAP2_CQE) + ret = cqhci_resume(host->mmc); + return ret; } #endif -- 2.17.1

1 month, 2 weeks

3
2
0 0

[RFC PATCH] mmc: sdhci-pxav3: set NEED_RSP_BUSY capability

by Karel Balej

Set the MMC_CAP_NEED_RSP_BUSY capability for the sdhci-pxav3 host to prevent conversion of R1B responses to R1. Without this, the eMMC card in the samsung,coreprimevelte smartphone using the Marvell PXA1908 SoC with this mmc host doesn't probe with the ETIMEDOUT error originating in __mmc_poll_for_busy. Note that the other issues reported for this phone and host, namely floods of "Tuning failed, falling back to fixed sampling clock" dmesg messages for the eMMC and unstable SDIO are not mitigated by this change. Link: https://lore.kernel.org/r/20200310153340.5593-1-ulf.hansson@linaro.org/ Link: https://lore.kernel.org/r/D7204PWIGQGI.1FRFQPPIEE2P9@matfyz.cz/ Link: https://lore.kernel.org/r/20250115-pxa1908-lkml-v14-0-847d24f3665a@skole.hr/ Cc: Duje Mihanović <duje.mihanovic(a)skole.hr> Cc: stable(a)vger.kernel.org Signed-off-by: Karel Balej <balejk(a)matfyz.cz> --- drivers/mmc/host/sdhci-pxav3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c index 990723a008ae..3fb56face3d8 100644 --- a/drivers/mmc/host/sdhci-pxav3.c +++ b/drivers/mmc/host/sdhci-pxav3.c @@ -399,6 +399,7 @@ static int sdhci_pxav3_probe(struct platform_device *pdev) if (!IS_ERR(pxa->clk_core)) clk_prepare_enable(pxa->clk_core); + host->mmc->caps |= MMC_CAP_NEED_RSP_BUSY; /* enable 1/8V DDR capable */ host->mmc->caps |= MMC_CAP_1_8V_DDR; -- 2.48.1

1 month, 2 weeks

4
5
0 0

[PATCH] ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()

by Haoxiang Li

When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails, wcd937x_soc_codec_probe() returns without releasing 'wcd937x->clsh_info', which is allocated by wcd_clsh_ctrl_alloc. Add wcd_clsh_ctrl_free() to prevent potential memory leak. Fixes: 313e978df7fc ("ASoC: codecs: wcd937x: add audio routing and Kconfig") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- sound/soc/codecs/wcd937x.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/codecs/wcd937x.c b/sound/soc/codecs/wcd937x.c index c9d5e67bf66e..951fd1caf847 100644 --- a/sound/soc/codecs/wcd937x.c +++ b/sound/soc/codecs/wcd937x.c @@ -2563,6 +2563,7 @@ static int wcd937x_soc_codec_probe(struct snd_soc_component *component) ARRAY_SIZE(wcd9375_dapm_widgets)); if (ret < 0) { dev_err(component->dev, "Failed to add snd_ctls\n"); + wcd_clsh_ctrl_free(wcd937x->clsh_info); return ret; } @@ -2570,6 +2571,7 @@ static int wcd937x_soc_codec_probe(struct snd_soc_component *component) ARRAY_SIZE(wcd9375_audio_map)); if (ret < 0) { dev_err(component->dev, "Failed to add routes\n"); + wcd_clsh_ctrl_free(wcd937x->clsh_info); return ret; } } -- 2.25.1

1 month, 2 weeks

2
1
0 0

[RFC PATCH 5.15/5.10] uprobe: avoid out-of-bounds memory access of fetching args

by Xiangyu Chen

From: Qiao Ma <mqaio(a)linux.alibaba.com> [ Upstream commit 373b9338c9722a368925d83bc622c596896b328e ] Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won't check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by following steps: 1. build kernel with CONFIG_KASAN enabled 2. save follow program as test.c ``` \#include <stdio.h> \#include <stdlib.h> \#include <string.h> // If string length large than MAX_STRING_SIZE, the fetch_store_strlen() // will return 0, cause __get_data_size() return shorter size, and // store_trace_args() will not trigger out-of-bounds access. // So make string length less than 4096. \#define STRLEN 4093 void generate_string(char *str, int n) { int i; for (i = 0; i < n; ++i) { char c = i % 26 + 'a'; str[i] = c; } str[n-1] = '\0'; } void print_string(char *str) { printf("%s\n", str); } int main() { char tmp[STRLEN]; generate_string(tmp, STRLEN); print_string(tmp); return 0; } ``` 3. compile program `gcc -o test test.c` 4. get the offset of `print_string()` ``` objdump -t test | grep -w print_string 0000000000401199 g F .text 000000000000001b print_string ``` 5. configure uprobe with offset 0x1199 ``` off=0x1199 cd /sys/kernel/debug/tracing/ echo "p /root/test:${off} arg1=+0(%di):ustring arg2=\$comm arg3=+0(%di):ustring" > uprobe_events echo 1 > events/uprobes/enable echo 1 > tracing_on ``` 6. run `test`, and kasan will report error. ================================================================== BUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0 Write of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18 Hardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x55/0x70 print_address_description.constprop.0+0x27/0x310 kasan_report+0x10f/0x120 ? strncpy_from_user+0x1d6/0x1f0 strncpy_from_user+0x1d6/0x1f0 ? rmqueue.constprop.0+0x70d/0x2ad0 process_fetch_insn+0xb26/0x1470 ? __pfx_process_fetch_insn+0x10/0x10 ? _raw_spin_lock+0x85/0xe0 ? __pfx__raw_spin_lock+0x10/0x10 ? __pte_offset_map+0x1f/0x2d0 ? unwind_next_frame+0xc5f/0x1f80 ? arch_stack_walk+0x68/0xf0 ? is_bpf_text_address+0x23/0x30 ? kernel_text_address.part.0+0xbb/0xd0 ? __kernel_text_address+0x66/0xb0 ? unwind_get_return_address+0x5e/0xa0 ? __pfx_stack_trace_consume_entry+0x10/0x10 ? arch_stack_walk+0xa2/0xf0 ? _raw_spin_lock_irqsave+0x8b/0xf0 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? depot_alloc_stack+0x4c/0x1f0 ? _raw_spin_unlock_irqrestore+0xe/0x30 ? stack_depot_save_flags+0x35d/0x4f0 ? kasan_save_stack+0x34/0x50 ? kasan_save_stack+0x24/0x50 ? mutex_lock+0x91/0xe0 ? __pfx_mutex_lock+0x10/0x10 prepare_uprobe_buffer.part.0+0x2cd/0x500 uprobe_dispatcher+0x2c3/0x6a0 ? __pfx_uprobe_dispatcher+0x10/0x10 ? __kasan_slab_alloc+0x4d/0x90 handler_chain+0xdd/0x3e0 handle_swbp+0x26e/0x3d0 ? __pfx_handle_swbp+0x10/0x10 ? uprobe_pre_sstep_notifier+0x151/0x1b0 irqentry_exit_to_user_mode+0xe2/0x1b0 asm_exc_int3+0x39/0x40 RIP: 0033:0x401199 Code: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206 RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2 RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0 RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20 R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040 R13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000 </TASK> This commit enforces the buffer's maxlen less than a page-size to avoid store_trace_args() out-of-memory access. Link: https://lore.kernel.org/all/20241015060148.1108331-1-mqaio@linux.alibaba.co… Fixes: dcad1a204f72 ("tracing/uprobes: Fetch args before reserving a ring buffer") Signed-off-by: Qiao Ma <mqaio(a)linux.alibaba.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> [ the prepare_uprobe_buffer() function was introduced by commit 3eaea21b4d27 ("uprobes: encapsulate preparation of uprobe args buffer"). So the fix on 5.10/15 need to modify the code in uprobe_dispatcher() and uretprobe_dispatcher() before calling the store_trace_args. ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Try to backport the fix to 5.10/5.15. Verified the build test. Verified the changes with test code in comment, with the fix, the KASAN crash won't happen anymore. --- kernel/trace/trace_uprobe.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 720b46b34ab9..9f8c95b9b30d 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -858,6 +858,7 @@ struct uprobe_cpu_buffer { }; static struct uprobe_cpu_buffer __percpu *uprobe_cpu_buffer; static int uprobe_buffer_refcnt; +#define MAX_UCB_BUFFER_SIZE PAGE_SIZE static int uprobe_buffer_init(void) { @@ -958,9 +959,6 @@ static void __uprobe_trace_func(struct trace_uprobe *tu, WARN_ON(call != trace_file->event_call); - if (WARN_ON_ONCE(tu->tp.size + dsize > PAGE_SIZE)) - return; - if (trace_trigger_soft_disabled(trace_file)) return; @@ -1503,6 +1501,10 @@ static int uprobe_dispatcher(struct uprobe_consumer *con, struct pt_regs *regs) esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu)); ucb = uprobe_buffer_get(); + + if (WARN_ON_ONCE(tu->tp.size + dsize > MAX_UCB_BUFFER_SIZE)) + dsize = MAX_UCB_BUFFER_SIZE - tu->tp.size; + store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize); if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE)) @@ -1538,6 +1540,10 @@ static int uretprobe_dispatcher(struct uprobe_consumer *con, esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu)); ucb = uprobe_buffer_get(); + + if (WARN_ON_ONCE(tu->tp.size + dsize > MAX_UCB_BUFFER_SIZE)) + dsize = MAX_UCB_BUFFER_SIZE - tu->tp.size; + store_trace_args(ucb->buf, &tu->tp, regs, esize, dsize); if (trace_probe_test_flag(&tu->tp, TP_FLAG_TRACE)) -- 2.25.1

1 month, 2 weeks

2
4
0 0

Wireless speed regression issue with >6.12.12/6.13.x + firmware update for mediatek MT7925

by Jean-François INGELAERE

Hello guys, I'm reporting an issue with Linux kernel >6.12.12 and 6.13.x with mediatek 7925 serie Wi-Fi card. Reproducible ALWAYS. I got a regression with newer firmware and kernel >6.12.12. The regression seems to be between 6.12.12 and 6.12.13 (and ported to 6.13.x). I'm having low speed connection and especially really bad Upload speed (<4Mbit/s) while running in 802.11ax (better speed in 802.11ac), the MIMO/channel width function seems to be linked with this issue. Here are some speed reports & infos : With 6.12.1 + firmware-202412x speed is correct (1Gbps/800Mbps) With 6.12.12 + firmware-202412x speed is correct (1Gbps/800Mbps) With 6.12.12 + firmware-202503x speed is NOT correct but between acceptable and unacceptable (350Mbps/25Mbps) With 6.12.13 + firmware-202412x speed is NOT correct but between acceptable and unacceptable (280Mbps/80Mbps) With 6.12.13 + firmware-202503x speed is unacceptable (280Mbps/3mbps) With 6.12.13 + firmware-202503x BUT with only one Wi-Fi channel (here ch 36) (See at the end of this message) ie 20Mhz channel width, I got better upload speed than in wider channel width (80Mbps/30Mbps). Kernel 6.13 + Linux Firmware 202412 version. [24305.691750] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin [24305.695281] mt7925e 0000:73:00.0: ASIC revision: 79250000 [24305.772614] Loading firmware: mediatek/mt7925/WIFI_MT7925_PATCH_MCU_1_1_hdr.bin [24305.772732] mt7925e 0000:73:00.0: HW/SW Version: 0x8a108a10, Build Time: 20241104132949a [24306.121223] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin [24306.121674] mt7925e 0000:73:00.0: WM Firmware Version: ____000000, Build Time: 20241104133053 [24306.207593] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin [24306.804659] mt7925e 0000:73:00.0 wlp115s0: renamed from wlan0 Linux-firmware >=202501, upload speed unacceptable (download quite the same) : [23925.753738] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin [23925.757066] mt7925e 0000:73:00.0: ASIC revision: 79250000 [23925.834400] Loading firmware: mediatek/mt7925/WIFI_MT7925_PATCH_MCU_1_1_hdr.bin [23925.834518] mt7925e 0000:73:00.0: HW/SW Version: 0x8a108a10, Build Time: 20250113153001a [23926.197786] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin [23926.198160] mt7925e 0000:73:00.0: WM Firmware Version: ____000000, Build Time: 20250113153106 [23926.281524] Loading firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin lspci -vvvv 73:00.0 Network controller: MEDIATEK Corp. Device 7925 Subsystem: AzureWave Device 6002 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 195 IOMMU group: 25 Region 0: Memory at 82200000 (64-bit, non-prefetchable) [size=2M] Region 2: Memory at 82400000 (64-bit, non-prefetchable) [size=32K] Capabilities: [80] Express (v2) Endpoint, IntMsgNum 0 DevCap: MaxPayload 256 bytes, PhantFunc 0, Latency L0s unlimited, L1 unlimited ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 10W TEE-IO- DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq- RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop+ FLReset- MaxPayload 256 bytes, MaxReadReq 512 bytes DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr- TransPend- LnkCap: Port #1, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <2us, L1 <8us ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+ LnkCtl: ASPM Disabled; RCB 64 bytes, LnkDisable- CommClk+ ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt- LnkSta: Speed 5GT/s, Width x1 TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt- DevCap2: Completion Timeout: Range ABCD, TimeoutDis+ NROPrPrP- LTR+ 10BitTagComp- 10BitTagReq- OBFF Not Supported, ExtFmt+ EETLPPrefix- EmergencyPowerReduction Not Supported, EmergencyPowerReductionInit- FRS- TPHComp- ExtTPHComp- AtomicOpsCap: 32bit- 64bit- 128bitCAS- DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis- AtomicOpsCtl: ReqEn- IDOReq- IDOCompl- LTR+ EmergencyPowerReductionReq- 10BitTagReq- OBFF Disabled, EETLPPrefixBlk- LnkCap2: Supported Link Speeds: 2.5-5GT/s, Crosslink- Retimer- 2Retimers- DRS- LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis- Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS- Compliance Preset/De-emphasis: -6dB de-emphasis, 0dB preshoot LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete- EqualizationPhase1- EqualizationPhase2- EqualizationPhase3- LinkEqualizationRequest- Retimer- 2Retimers- CrosslinkRes: unsupported Capabilities: [e0] MSI: Enable+ Count=1/32 Maskable+ 64bit+ Address: 00000000fee54000 Data: 0022 Masking: fffffffe Pending: 00000000 Capabilities: [f8] Power Management version 3 Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+) Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- Capabilities: [100 v1] Vendor Specific Information: ID=1556 Rev=1 Len=008 <?> Capabilities: [108 v1] Latency Tolerance Reporting Max snoop latency: 3145728ns Max no snoop latency: 3145728ns Capabilities: [110 v1] L1 PM Substates L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+ PortCommonModeRestoreTime=3us PortTPowerOnTime=52us L1SubCtl1: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2- ASPM_L1.1- T_CommonMode=0us LTR1.2_Threshold=118784ns L1SubCtl2: T_PwrOn=52us Capabilities: [200 v2] Advanced Error Reporting UESta: DLP- SDES- TLP- FCP- CmpltTO+ CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UncorrIntErr- BlockedTLP- AtomicOpBlocked- TLPBlockedErr- PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked- UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UncorrIntErr+ BlockedTLP- AtomicOpBlocked- TLPBlockedErr- PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked- UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol- UncorrIntErr+ BlockedTLP- AtomicOpBlocked- TLPBlockedErr- PoisonTLPBlocked- DMWrReqBlocked- IDECheck- MisIDETLP- PCRC_CHECK- TLPXlatBlocked- CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr- CorrIntErr- HeaderOF- CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+ CorrIntErr+ HeaderOF- AERCap: First Error Pointer: 0e, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn- MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap- HeaderLog: 00000000 00000000 00000000 00000000 Kernel driver in use: mt7925e Kernel modules: mt7925e The AP is a Cisco 9120AXI running in 160Mhz channel width @ (52, 56, 60, 64, 36, 40, 44, 48) channels (yes reported in this order, I think it can mind) 52 is the primary one. Also tested this setup with another cheap AP with channel in "correct" order ? It can maybe be a little better but doesn't change a lot of things. The setup is the same as previously where I was able to get 1Gbit/s Upload speed, just kernel & firmware update. Any way to fix it ? Best regards,

1 month, 2 weeks

1
0
0 0

[PATCH] mm: Update mask post pxd_clear_bad()

by Dev Jain

Since pxd_clear_bad() is an operation changing the state of the page tables, we should call arch_sync_kernel_mappings() post this. Fixes: e80d3909be42 ("mm: track page table modifications in __apply_to_page_range()") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- mm/memory.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mm/memory.c b/mm/memory.c index 78c7ee62795e..9a4a8c710be0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2987,6 +2987,7 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, if (!create) continue; pmd_clear_bad(pmd); + *mask = PGTBL_PMD_MODIFIED; } err = apply_to_pte_range(mm, pmd, addr, next, fn, data, create, mask); @@ -3023,6 +3024,7 @@ static int apply_to_pud_range(struct mm_struct *mm, p4d_t *p4d, if (!create) continue; pud_clear_bad(pud); + *mask = PGTBL_PUD_MODIFIED; } err = apply_to_pmd_range(mm, pud, addr, next, fn, data, create, mask); @@ -3059,6 +3061,7 @@ static int apply_to_p4d_range(struct mm_struct *mm, pgd_t *pgd, if (!create) continue; p4d_clear_bad(p4d); + *mask = PGTBL_P4D_MODIFIED; } err = apply_to_pud_range(mm, p4d, addr, next, fn, data, create, mask); @@ -3095,6 +3098,7 @@ static int __apply_to_page_range(struct mm_struct *mm, unsigned long addr, if (!create) continue; pgd_clear_bad(pgd); + mask = PGTBL_PGD_MODIFIED; } err = apply_to_p4d_range(mm, pgd, addr, next, fn, data, create, &mask); -- 2.30.2

1 month, 2 weeks

3
5
0 0

[PATCH v2] remoteproc: Add device awake calls in rproc boot and shutdown path

by Souradeep Chowdhury

Add device awake calls in case of rproc boot and rproc shutdown path. Currently, device awake call is only present in the recovery path of remoteproc. If a user stops and starts rproc by using the sysfs interface, then on pm suspension the firmware loading fails. Keep the device awake in such a case just like it is done for the recovery path. Fixes: a781e5aa59110 ("remoteproc: core: Prevent system suspend during remoteproc recovery") Signed-off-by: Souradeep Chowdhury <quic_schowdhu(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/remoteproc/remoteproc_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index c2cf0d277729..908a7b8f6c7e 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1916,7 +1916,8 @@ int rproc_boot(struct rproc *rproc) pr_err("invalid rproc handle\n"); return -EINVAL; } - + + pm_stay_awake(rproc->dev.parent); dev = &rproc->dev; ret = mutex_lock_interruptible(&rproc->lock); @@ -1961,6 +1962,7 @@ int rproc_boot(struct rproc *rproc) atomic_dec(&rproc->power); unlock_mutex: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_boot); @@ -1991,6 +1993,7 @@ int rproc_shutdown(struct rproc *rproc) struct device *dev = &rproc->dev; int ret = 0; + pm_stay_awake(rproc->dev.parent); ret = mutex_lock_interruptible(&rproc->lock); if (ret) { dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); @@ -2027,6 +2030,7 @@ int rproc_shutdown(struct rproc *rproc) rproc->table_ptr = NULL; out: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_shutdown); -- 2.34.1

1 month, 2 weeks

2
1
0 0

[PATCH v1] remoteproc: Add device awake calls in rproc boot and shutdown path

by Souradeep Chowdhury

Add device awake calls in case of rproc boot and rproc shutdown path. Currently, device awake call is only present in the recovery path of remoteproc. If a user stops and starts rproc by using the sysfs interface, then on pm suspension the firmware loading fails. Keep the device awake in such a case just like it is done for the recovery path. Signed-off-by: Souradeep Chowdhury <quic_schowdhu(a)quicinc.com> --- drivers/remoteproc/remoteproc_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index c2cf0d277729..908a7b8f6c7e 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1916,7 +1916,8 @@ int rproc_boot(struct rproc *rproc) pr_err("invalid rproc handle\n"); return -EINVAL; } - + + pm_stay_awake(rproc->dev.parent); dev = &rproc->dev; ret = mutex_lock_interruptible(&rproc->lock); @@ -1961,6 +1962,7 @@ int rproc_boot(struct rproc *rproc) atomic_dec(&rproc->power); unlock_mutex: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_boot); @@ -1991,6 +1993,7 @@ int rproc_shutdown(struct rproc *rproc) struct device *dev = &rproc->dev; int ret = 0; + pm_stay_awake(rproc->dev.parent); ret = mutex_lock_interruptible(&rproc->lock); if (ret) { dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); @@ -2027,6 +2030,7 @@ int rproc_shutdown(struct rproc *rproc) rproc->table_ptr = NULL; out: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_shutdown); -- 2.34.1

1 month, 2 weeks

3
4
0 0

[v2] remoteproc: Add device awake calls in rproc boot and shutdown path

by Souradeep Chowdhury

Add device awake calls in case of rproc boot and rproc shutdown path. Currently, device awake call is only present in the recovery path of remoteproc. If a user stops and starts rproc by using the sysfs interface, then on pm suspension the firmware loading fails. Keep the device awake in such a case just like it is done for the recovery path. Signed-off-by: Souradeep Chowdhury <quic_schowdhu(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/remoteproc/remoteproc_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index c2cf0d277729..908a7b8f6c7e 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1916,7 +1916,8 @@ int rproc_boot(struct rproc *rproc) pr_err("invalid rproc handle\n"); return -EINVAL; } - + + pm_stay_awake(rproc->dev.parent); dev = &rproc->dev; ret = mutex_lock_interruptible(&rproc->lock); @@ -1961,6 +1962,7 @@ int rproc_boot(struct rproc *rproc) atomic_dec(&rproc->power); unlock_mutex: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_boot); @@ -1991,6 +1993,7 @@ int rproc_shutdown(struct rproc *rproc) struct device *dev = &rproc->dev; int ret = 0; + pm_stay_awake(rproc->dev.parent); ret = mutex_lock_interruptible(&rproc->lock); if (ret) { dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); @@ -2027,6 +2030,7 @@ int rproc_shutdown(struct rproc *rproc) rproc->table_ptr = NULL; out: mutex_unlock(&rproc->lock); + pm_relax(rproc->dev.parent); return ret; } EXPORT_SYMBOL(rproc_shutdown); -- 2.34.1

1 month, 2 weeks

2
1
0 0

[merged mm-stable] sparc-mm-avoid-calling-arch_enter-leave_lazy_mmu-in-set_ptes.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes has been removed from the -mm tree. Its filename was sparc-mm-avoid-calling-arch_enter-leave_lazy_mmu-in-set_ptes.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Date: Mon, 3 Mar 2025 14:15:38 +0000 With commit 1a10a44dfc1d ("sparc64: implement the new page table range API") set_ptes was added to the sparc architecture. The implementation included calling arch_enter/leave_lazy_mmu() calls. The patch removes the usage of arch_enter/leave_lazy_mmu() since this implies nesting of lazy mmu regions which is not supported. Without this fix, lazy mmu mode is effectively disabled because we exit the mode after the first set_ptes: remap_pte_range() -> arch_enter_lazy_mmu() -> set_ptes() -> arch_enter_lazy_mmu() -> arch_leave_lazy_mmu() -> arch_leave_lazy_mmu() Powerpc suffered the same problem and fixed it in a corresponding way with commit 47b8def9358c ("powerpc/mm: Avoid calling arch_enter/leave_lazy_mmu() in set_ptes"). Link: https://lkml.kernel.org/r/20250303141542.3371656-5-ryan.roberts@arm.com Fixes: 1a10a44dfc1d ("sparc64: implement the new page table range API") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andreas Larsson <andreas(a)gaisler.com> Acked-by: Juergen Gross <jgross(a)suse.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Juegren Gross <jgross(a)suse.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/sparc/include/asm/pgtable_64.h | 2 -- 1 file changed, 2 deletions(-) --- a/arch/sparc/include/asm/pgtable_64.h~sparc-mm-avoid-calling-arch_enter-leave_lazy_mmu-in-set_ptes +++ a/arch/sparc/include/asm/pgtable_64.h @@ -936,7 +936,6 @@ static inline void __set_pte_at(struct m static inline void set_ptes(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte, unsigned int nr) { - arch_enter_lazy_mmu_mode(); for (;;) { __set_pte_at(mm, addr, ptep, pte, 0); if (--nr == 0) @@ -945,7 +944,6 @@ static inline void set_ptes(struct mm_st pte_val(pte) += PAGE_SIZE; addr += PAGE_SIZE; } - arch_leave_lazy_mmu_mode(); } #define set_ptes set_ptes _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-use-ptep_get-instead-of-directly-dereferencing-pte_t.patch

1 month, 2 weeks

1
0
0 0

[merged mm-stable] sparc-mm-disable-preemption-in-lazy-mmu-mode.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: sparc/mm: disable preemption in lazy mmu mode has been removed from the -mm tree. Its filename was sparc-mm-disable-preemption-in-lazy-mmu-mode.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: sparc/mm: disable preemption in lazy mmu mode Date: Mon, 3 Mar 2025 14:15:37 +0000 Since commit 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") it's been possible for arch_[enter|leave]_lazy_mmu_mode() to be called without holding a page table lock (for the kernel mappings case), and therefore it is possible that preemption may occur while in the lazy mmu mode. The Sparc lazy mmu implementation is not robust to preemption since it stores the lazy mode state in a per-cpu structure and does not attempt to manage that state on task switch. Powerpc had the same issue and fixed it by explicitly disabling preemption in arch_enter_lazy_mmu_mode() and re-enabling in arch_leave_lazy_mmu_mode(). See commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu mode"). Given Sparc's lazy mmu mode is based on powerpc's, let's fix it in the same way here. Link: https://lkml.kernel.org/r/20250303141542.3371656-4-ryan.roberts@arm.com Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andreas Larsson <andreas(a)gaisler.com> Acked-by: Juergen Gross <jgross(a)suse.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Juegren Gross <jgross(a)suse.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/sparc/mm/tlb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/arch/sparc/mm/tlb.c~sparc-mm-disable-preemption-in-lazy-mmu-mode +++ a/arch/sparc/mm/tlb.c @@ -52,8 +52,10 @@ out: void arch_enter_lazy_mmu_mode(void) { - struct tlb_batch *tb = this_cpu_ptr(&tlb_batch); + struct tlb_batch *tb; + preempt_disable(); + tb = this_cpu_ptr(&tlb_batch); tb->active = 1; } @@ -64,6 +66,7 @@ void arch_leave_lazy_mmu_mode(void) if (tb->tlb_nr) flush_tlb_pending(); tb->active = 0; + preempt_enable(); } static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-use-ptep_get-instead-of-directly-dereferencing-pte_t.patch

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-fix-lazy-mmu-docs-and-usage.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix lazy mmu docs and usage has been removed from the -mm tree. Its filename was mm-fix-lazy-mmu-docs-and-usage.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix lazy mmu docs and usage Date: Mon, 3 Mar 2025 14:15:35 +0000 Patch series "Fix lazy mmu mode", v2. I'm planning to implement lazy mmu mode for arm64 to optimize vmalloc. As part of that, I will extend lazy mmu mode to cover kernel mappings in vmalloc table walkers. While lazy mmu mode is already used for kernel mappings in a few places, this will extend it's use significantly. Having reviewed the existing lazy mmu implementations in powerpc, sparc and x86, it looks like there are a bunch of bugs, some of which may be more likely to trigger once I extend the use of lazy mmu. So this series attempts to clarify the requirements and fix all the bugs in advance of that series. See patch #1 commit log for all the details. This patch (of 5): The docs, implementations and use of arch_[enter|leave]_lazy_mmu_mode() is a bit of a mess (to put it politely). There are a number of issues related to nesting of lazy mmu regions and confusion over whether the task, when in a lazy mmu region, is preemptible or not. Fix all the issues relating to the core-mm. Follow up commits will fix the arch-specific implementations. 3 arches implement lazy mmu; powerpc, sparc and x86. When arch_[enter|leave]_lazy_mmu_mode() was first introduced by commit 6606c3e0da53 ("[PATCH] paravirt: lazy mmu mode hooks.patch"), it was expected that lazy mmu regions would never nest and that the appropriate page table lock(s) would be held while in the region, thus ensuring the region is non-preemptible. Additionally lazy mmu regions were only used during manipulation of user mappings. Commit 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") started invoking the lazy mmu mode in apply_to_pte_range(), which is used for both user and kernel mappings. For kernel mappings the region is no longer protected by any lock so there is no longer any guarantee about non-preemptibility. Additionally, for RT configs, the holding the PTL only implies no CPU migration, it doesn't prevent preemption. Commit bcc6cc832573 ("mm: add default definition of set_ptes()") added arch_[enter|leave]_lazy_mmu_mode() to the default implementation of set_ptes(), used by x86. So after this commit, lazy mmu regions can be nested. Additionally commit 1a10a44dfc1d ("sparc64: implement the new page table range API") and commit 9fee28baa601 ("powerpc: implement the new page table range API") did the same for the sparc and powerpc set_ptes() overrides. powerpc couldn't deal with preemption so avoids it in commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu mode"), which explicitly disables preemption for the whole region in its implementation. x86 can support preemption (or at least it could until it tried to add support nesting; more on this below). Sparc looks to be totally broken in the face of preemption, as far as I can tell. powerpc can't deal with nesting, so avoids it in commit 47b8def9358c ("powerpc/mm: Avoid calling arch_enter/leave_lazy_mmu() in set_ptes"), which removes the lazy mmu calls from its implementation of set_ptes(). x86 attempted to support nesting in commit 49147beb0ccb ("x86/xen: allow nesting of same lazy mode") but as far as I can tell, this breaks its support for preemption. In short, it's all a mess; the semantics for arch_[enter|leave]_lazy_mmu_mode() are not clearly defined and as a result the implementations all have different expectations, sticking plasters and bugs. arm64 is aiming to start using these hooks, so let's clean everything up before adding an arm64 implementation. Update the documentation to state that lazy mmu regions can never be nested, must not be called in interrupt context and preemption may or may not be enabled for the duration of the region. And fix the generic implementation of set_ptes() to avoid nesting. arch-specific fixes to conform to the new spec will proceed this one. These issues were spotted by code review and I have no evidence of issues being reported in the wild. Link: https://lkml.kernel.org/r/20250303141542.3371656-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20250303141542.3371656-2-ryan.roberts@arm.com Fixes: bcc6cc832573 ("mm: add default definition of set_ptes()") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Juergen Gross <jgross(a)suse.com> Cc: Andreas Larsson <andreas(a)gaisler.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Juegren Gross <jgross(a)suse.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pgtable.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) --- a/include/linux/pgtable.h~mm-fix-lazy-mmu-docs-and-usage +++ a/include/linux/pgtable.h @@ -222,10 +222,14 @@ static inline int pmd_dirty(pmd_t pmd) * hazard could result in the direct mode hypervisor case, since the actual * write to the page tables may not yet have taken place, so reads though * a raw PTE pointer after it has been modified are not guaranteed to be - * up to date. This mode can only be entered and left under the protection of - * the page table locks for all page tables which may be modified. In the UP - * case, this is required so that preemption is disabled, and in the SMP case, - * it must synchronize the delayed page table writes properly on other CPUs. + * up to date. + * + * In the general case, no lock is guaranteed to be held between entry and exit + * of the lazy mode. So the implementation must assume preemption may be enabled + * and cpu migration is possible; it must take steps to be robust against this. + * (In practice, for user PTE updates, the appropriate page table lock(s) are + * held, but for kernel PTE updates, no lock is held). Nesting is not permitted + * and the mode cannot be used in interrupt context. */ #ifndef __HAVE_ARCH_ENTER_LAZY_MMU_MODE #define arch_enter_lazy_mmu_mode() do {} while (0) @@ -287,7 +291,6 @@ static inline void set_ptes(struct mm_st { page_table_check_ptes_set(mm, ptep, pte, nr); - arch_enter_lazy_mmu_mode(); for (;;) { set_pte(ptep, pte); if (--nr == 0) @@ -295,7 +298,6 @@ static inline void set_ptes(struct mm_st ptep++; pte = pte_next_pfn(pte); } - arch_leave_lazy_mmu_mode(); } #endif #define set_pte_at(mm, addr, ptep, pte) set_ptes(mm, addr, ptep, pte, 1) _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-use-ptep_get-instead-of-directly-dereferencing-pte_t.patch

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-make-page_mapped_in_vma-hugetlb-walk-aware.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: make page_mapped_in_vma() hugetlb walk aware has been removed from the -mm tree. Its filename was mm-make-page_mapped_in_vma-hugetlb-walk-aware.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jane Chu <jane.chu(a)oracle.com> Subject: mm: make page_mapped_in_vma() hugetlb walk aware Date: Mon, 24 Feb 2025 14:14:45 -0700 When a process consumes a UE in a page, the memory failure handler attempts to collect information for a potential SIGBUS. If the page is an anonymous page, page_mapped_in_vma(page, vma) is invoked in order to 1. retrieve the vaddr from the process' address space, 2. verify that the vaddr is indeed mapped to the poisoned page, where 'page' is the precise small page with UE. It's been observed that when injecting poison to a non-head subpage of an anonymous hugetlb page, no SIGBUS shows up, while injecting to the head page produces a SIGBUS. The cause is that, though hugetlb_walk() returns a valid pmd entry (on x86), but check_pte() detects mismatch between the head page per the pmd and the input subpage. Thus the vaddr is considered not mapped to the subpage and the process is not collected for SIGBUS purpose. This is the calling stack: collect_procs_anon page_mapped_in_vma page_vma_mapped_walk hugetlb_walk huge_pte_lock check_pte check_pte() header says that it "check if [pvmw->pfn, @pvmw->pfn + @pvmw->nr_pages) is mapped at the @pvmw->pte" but practically works only if pvmw->pfn is the head page pfn at pvmw->pte. Hindsight acknowledging that some pvmw->pte could point to a hugepage of some sort such that it makes sense to make check_pte() work for hugepage. Link: https://lkml.kernel.org/r/20250224211445.2663312-1-jane.chu@oracle.com Signed-off-by: Jane Chu <jane.chu(a)oracle.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kirill A. Shuemov <kirill.shutemov(a)linux.intel.com> Cc: linmiaohe <linmiaohe(a)huawei.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_vma_mapped.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/mm/page_vma_mapped.c~mm-make-page_mapped_in_vma-hugetlb-walk-aware +++ a/mm/page_vma_mapped.c @@ -84,6 +84,7 @@ again: * mapped at the @pvmw->pte * @pvmw: page_vma_mapped_walk struct, includes a pair pte and pfn range * for checking + * @pte_nr: the number of small pages described by @pvmw->pte. * * page_vma_mapped_walk() found a place where pfn range is *potentially* * mapped. check_pte() has to validate this. @@ -100,7 +101,7 @@ again: * Otherwise, return false. * */ -static bool check_pte(struct page_vma_mapped_walk *pvmw) +static bool check_pte(struct page_vma_mapped_walk *pvmw, unsigned long pte_nr) { unsigned long pfn; pte_t ptent = ptep_get(pvmw->pte); @@ -132,7 +133,11 @@ static bool check_pte(struct page_vma_ma pfn = pte_pfn(ptent); } - return (pfn - pvmw->pfn) < pvmw->nr_pages; + if ((pfn + pte_nr - 1) < pvmw->pfn) + return false; + if (pfn > (pvmw->pfn + pvmw->nr_pages - 1)) + return false; + return true; } /* Returns true if the two ranges overlap. Careful to not overflow. */ @@ -207,7 +212,7 @@ bool page_vma_mapped_walk(struct page_vm return false; pvmw->ptl = huge_pte_lock(hstate, mm, pvmw->pte); - if (!check_pte(pvmw)) + if (!check_pte(pvmw, pages_per_huge_page(hstate))) return not_found(pvmw); return true; } @@ -290,7 +295,7 @@ restart: goto next_pte; } this_pte: - if (check_pte(pvmw)) + if (check_pte(pvmw, 1)) return true; next_pte: do { _ Patches currently in -mm which might be from jane.chu(a)oracle.com are

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon: avoid applying DAMOS action to same entity multiple times has been removed from the -mm tree. Its filename was mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon: avoid applying DAMOS action to same entity multiple times Date: Fri, 7 Feb 2025 13:20:33 -0800 'paddr' DAMON operations set can apply a DAMOS scheme's action to a large folio multiple times in single DAMOS-regions-walk if the folio is laid on multiple DAMON regions. Add a field for DAMOS scheme object that can be used by the underlying ops to know what was the last entity that the scheme's action has applied. The core layer unsets the field when each DAMOS-regions-walk is done for the given scheme. And update 'paddr' ops to use the infrastructure to avoid the problem. Link: https://lkml.kernel.org/r/20250207212033.45269-3-sj@kernel.org Fixes: 57223ac29584 ("mm/damon/paddr: support the pageout scheme") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Closes: https://lore.kernel.org/20250203225604.44742-3-usamaarif642@gmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/damon.h | 11 +++++++++++ mm/damon/core.c | 1 + mm/damon/paddr.c | 39 +++++++++++++++++++++++++++------------ 3 files changed, 39 insertions(+), 12 deletions(-) --- a/include/linux/damon.h~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/include/linux/damon.h @@ -432,6 +432,7 @@ struct damos_access_pattern { * @wmarks: Watermarks for automated (in)activation of this scheme. * @target_nid: Destination node if @action is "migrate_{hot,cold}". * @filters: Additional set of &struct damos_filter for &action. + * @last_applied: Last @action applied ops-managing entity. * @stat: Statistics of this scheme. * @list: List head for siblings. * @@ -454,6 +455,15 @@ struct damos_access_pattern { * implementation could check pages of the region and skip &action to respect * &filters * + * The minimum entity that @action can be applied depends on the underlying + * &struct damon_operations. Since it may not be aligned with the core layer + * abstract, namely &struct damon_region, &struct damon_operations could apply + * @action to same entity multiple times. Large folios that underlying on + * multiple &struct damon region objects could be such examples. The &struct + * damon_operations can use @last_applied to avoid that. DAMOS core logic + * unsets @last_applied when each regions walking for applying the scheme is + * finished. + * * After applying the &action to each region, &stat_count and &stat_sz is * updated to reflect the number of regions and total size of regions that the * &action is applied. @@ -482,6 +492,7 @@ struct damos { int target_nid; }; struct list_head filters; + void *last_applied; struct damos_stat stat; struct list_head list; }; --- a/mm/damon/core.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/mm/damon/core.c @@ -1856,6 +1856,7 @@ static void kdamond_apply_schemes(struct s->next_apply_sis = c->passed_sample_intervals + (s->apply_interval_us ? s->apply_interval_us : c->attrs.aggr_interval) / sample_interval; + s->last_applied = NULL; } } --- a/mm/damon/paddr.c~mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times +++ a/mm/damon/paddr.c @@ -254,6 +254,17 @@ static bool damos_pa_filter_out(struct d return false; } +static bool damon_pa_invalid_damos_folio(struct folio *folio, struct damos *s) +{ + if (!folio) + return true; + if (folio == s->last_applied) { + folio_put(folio); + return true; + } + return false; +} + static unsigned long damon_pa_pageout(struct damon_region *r, struct damos *s, unsigned long *sz_filter_passed) { @@ -261,6 +272,7 @@ static unsigned long damon_pa_pageout(st LIST_HEAD(folio_list); bool install_young_filter = true; struct damos_filter *filter; + struct folio *folio; /* check access in page level again by default */ damos_for_each_filter(filter, s) { @@ -279,9 +291,8 @@ static unsigned long damon_pa_pageout(st addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -307,6 +318,7 @@ put_folio: damos_destroy_filter(filter); applied = reclaim_pages(&folio_list); cond_resched(); + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -315,12 +327,12 @@ static inline unsigned long damon_pa_mar unsigned long *sz_filter_passed) { unsigned long addr, applied = 0; + struct folio *folio; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -339,6 +351,7 @@ put_folio: addr += folio_size(folio); folio_put(folio); } + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -482,12 +495,12 @@ static unsigned long damon_pa_migrate(st { unsigned long addr, applied; LIST_HEAD(folio_list); + struct folio *folio; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -506,6 +519,7 @@ put_folio: } applied = damon_pa_migrate_pages(&folio_list, s->target_nid); cond_resched(); + s->last_applied = folio; return applied * PAGE_SIZE; } @@ -523,15 +537,15 @@ static unsigned long damon_pa_stat(struc { unsigned long addr; LIST_HEAD(folio_list); + struct folio *folio; if (!damon_pa_scheme_has_filter(s)) return 0; addr = r->ar.start; while (addr < r->ar.end) { - struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - - if (!folio) { + folio = damon_get_folio(PHYS_PFN(addr)); + if (damon_pa_invalid_damos_folio(folio, s)) { addr += PAGE_SIZE; continue; } @@ -541,6 +555,7 @@ static unsigned long damon_pa_stat(struc addr += folio_size(folio); folio_put(folio); } + s->last_applied = folio; return 0; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-schemes-let-damon_sysfs_scheme_set_filters-be-used-for-different-named-directories.patch mm-damon-sysfs-schemes-implement-core_filters-and-ops_filters-directories.patch mm-damon-sysfs-schemes-commit-filters-in-coreops_filters-directories.patch mm-damon-core-expose-damos_filter_for_ops-to-damon-kernel-api-callers.patch mm-damon-sysfs-schemes-record-filters-of-which-layer-should-be-added-to-the-given-filters-directory.patch mm-damon-sysfs-schemes-return-error-when-for-attempts-to-install-filters-on-wrong-sysfs-directory.patch docs-abi-damon-document-coreops_filters-directories.patch docs-admin-guide-mm-damon-usage-update-for-coreops_filters-directories.patch mm-damon-sysfs-validate-user-inputs-from-damon_sysfs_commit_input.patch mm-damon-core-invoke-kdamond_call-after-merging-is-done-if-possible.patch mm-damon-core-make-damon_set_attrs-be-safe-to-be-called-from-damon_call.patch mm-damon-sysfs-handle-commit-command-using-damon_call.patch mm-damon-sysfs-remove-damon_sysfs_cmd_request-code-from-damon_sysfs_handle_cmd.patch mm-damon-sysfs-remove-damon_sysfs_cmd_request_callback-and-its-callers.patch mm-damon-sysfs-remove-damon_sysfs_cmd_request-and-its-readers.patch mm-damon-sysfs-schemes-remove-obsolete-comment-for-damon_sysfs_schemes_clear_regions.patch mm-damon-remove-damon_callback-private.patch mm-damon-remove-before_start-of-damon_callback.patch mm-damon-remove-damon_callback-after_sampling.patch mm-damon-remove-damon_callback-before_damos_apply.patch mm-damon-remove-damon_operations-reset_aggregated.patch mm-damon-sysfs-schemes-avoid-wformat-security-warning-on-damon_sysfs_access_pattern_add_range_dir.patch mm-madvise-use-is_memory_failure-from-madvise_do_behavior.patch mm-madvise-split-out-populate-behavior-check-logic.patch mm-madvise-deduplicate-madvise_do_behavior-skip-case-handlings.patch mm-madvise-remove-len-parameter-of-madvise_do_behavior.patch

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages has been removed from the -mm tree. Its filename was mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: mm/damon/ops: have damon_get_folio return folio even for tail pages Date: Fri, 7 Feb 2025 13:20:32 -0800 Patch series "mm/damon/paddr: fix large folios access and schemes handling". DAMON operations set for physical address space, namely 'paddr', treats tail pages as unaccessed always. It can also apply DAMOS action to a large folio multiple times within single DAMOS' regions walking. As a result, the monitoring output has poor quality and DAMOS works in unexpected ways when large folios are being used. Fix those. The patches were parts of Usama's hugepage_size DAMOS filter patch series[1]. The first fix has collected from there with a slight commit message change for the subject prefix. The second fix is re-written by SJ and posted as an RFC before this series. The second one also got a slight commit message change for the subject prefix. [1] https://lore.kernel.org/20250203225604.44742-1-usamaarif642@gmail.com [2] https://lore.kernel.org/20250206231103.38298-1-sj@kernel.org This patch (of 2): This effectively adds support for large folios in damon for paddr, as damon_pa_mkold/young won't get a null folio from this function and won't ignore it, hence access will be checked and reported. This also means that larger folios will be considered for different DAMOS actions like pageout, prioritization and migration. As these DAMOS actions will consider larger folios, iterate through the region at folio_size and not PAGE_SIZE intervals. This should not have an affect on vaddr, as damon_young_pmd_entry considers pmd entries. Link: https://lkml.kernel.org/r/20250207212033.45269-1-sj@kernel.org Link: https://lkml.kernel.org/r/20250207212033.45269-2-sj@kernel.org Fixes: a28397beb55b ("mm/damon: implement primitives for physical address space monitoring") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/ops-common.c | 2 +- mm/damon/paddr.c | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) --- a/mm/damon/ops-common.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages +++ a/mm/damon/ops-common.c @@ -26,7 +26,7 @@ struct folio *damon_get_folio(unsigned l struct page *page = pfn_to_online_page(pfn); struct folio *folio; - if (!page || PageTail(page)) + if (!page) return NULL; folio = page_folio(page); --- a/mm/damon/paddr.c~mm-damon-ops-have-damon_get_folio-return-folio-even-for-tail-pages +++ a/mm/damon/paddr.c @@ -277,11 +277,14 @@ static unsigned long damon_pa_pageout(st damos_add_filter(s, filter); } - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -297,6 +300,7 @@ static unsigned long damon_pa_pageout(st else list_add(&folio->lru, &folio_list); put_folio: + addr += folio_size(folio); folio_put(folio); } if (install_young_filter) @@ -312,11 +316,14 @@ static inline unsigned long damon_pa_mar { unsigned long addr, applied = 0; - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -329,6 +336,7 @@ static inline unsigned long damon_pa_mar folio_deactivate(folio); applied += folio_nr_pages(folio); put_folio: + addr += folio_size(folio); folio_put(folio); } return applied * PAGE_SIZE; @@ -475,11 +483,14 @@ static unsigned long damon_pa_migrate(st unsigned long addr, applied; LIST_HEAD(folio_list); - for (addr = r->ar.start; addr < r->ar.end; addr += PAGE_SIZE) { + addr = r->ar.start; + while (addr < r->ar.end) { struct folio *folio = damon_get_folio(PHYS_PFN(addr)); - if (!folio) + if (!folio) { + addr += PAGE_SIZE; continue; + } if (damos_pa_filter_out(s, folio)) goto put_folio; @@ -490,6 +501,7 @@ static unsigned long damon_pa_migrate(st goto put_folio; list_add(&folio->lru, &folio_list); put_folio: + addr += folio_size(folio); folio_put(folio); } applied = damon_pa_migrate_pages(&folio_list, s->target_nid); _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-rmap-reject-hugetlb-folios-in-folio_make_device_exclusive.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/rmap: reject hugetlb folios in folio_make_device_exclusive() has been removed from the -mm tree. Its filename was mm-rmap-reject-hugetlb-folios-in-folio_make_device_exclusive.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/rmap: reject hugetlb folios in folio_make_device_exclusive() Date: Mon, 10 Feb 2025 20:37:44 +0100 Even though FOLL_SPLIT_PMD on hugetlb now always fails with -EOPNOTSUPP, let's add a safety net in case FOLL_SPLIT_PMD usage would ever be reworked. In particular, before commit 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code"), GUP(FOLL_SPLIT_PMD) would just have returned a page. In particular, hugetlb folios that are not PMD-sized would never have been prone to FOLL_SPLIT_PMD. hugetlb folios can be anonymous, and page_make_device_exclusive_one() is not really prepared for handling them at all. So let's spell that out. Link: https://lkml.kernel.org/r/20250210193801.781278-3-david@redhat.com Fixes: b756a3b5e7ea ("mm: device exclusive memory access") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Cc: Alex Shi <alexs(a)kernel.org> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Jann Horn <jannh(a)google.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Lyude <lyude(a)redhat.com> Cc: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: SeongJae Park <sj(a)kernel.org> Cc: Simona Vetter <simona.vetter(a)ffwll.ch> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yanteng Si <si.yanteng(a)linux.dev> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/rmap.c~mm-rmap-reject-hugetlb-folios-in-folio_make_device_exclusive +++ a/mm/rmap.c @@ -2499,7 +2499,7 @@ static bool folio_make_device_exclusive( * Restrict to anonymous folios for now to avoid potential writeback * issues. */ - if (!folio_test_anon(folio)) + if (!folio_test_anon(folio) || folio_test_hugetlb(folio)) return false; rmap_walk(folio, &rwc); _ Patches currently in -mm which might be from david(a)redhat.com are mm-factor-out-large-folio-handling-from-folio_order-into-folio_large_order.patch mm-factor-out-large-folio-handling-from-folio_nr_pages-into-folio_large_nr_pages.patch mm-let-_folio_nr_pages-overlay-memcg_data-in-first-tail-page.patch mm-let-_folio_nr_pages-overlay-memcg_data-in-first-tail-page-fix.patch mm-move-hugetlb-specific-things-in-folio-to-page.patch mm-move-_pincount-in-folio-to-page-on-32bit.patch mm-move-_entire_mapcount-in-folio-to-page-on-32bit.patch mm-rmap-pass-dst_vma-to-folio_dup_file_rmap_pte-and-friends.patch mm-rmap-pass-vma-to-__folio_add_rmap.patch mm-rmap-abstract-large-mapcount-operations-for-large-folios-hugetlb.patch bit_spinlock-__always_inline-unlock-functions.patch mm-rmap-use-folio_large_nr_pages-in-add-remove-functions.patch mm-rmap-basic-mm-owner-tracking-for-large-folios-hugetlb.patch mm-copy-on-write-cow-reuse-support-for-pte-mapped-thp.patch mm-convert-folio_likely_mapped_shared-to-folio_maybe_mapped_shared.patch mm-config_no_page_mapcount-to-prepare-for-not-maintain-per-page-mapcounts-in-large-folios.patch fs-proc-page-remove-per-page-mapcount-dependency-for-proc-kpagecount-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-pm_mmap_exclusive-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-mapmax-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-smaps-smaps_rollup-config_no_page_mapcount.patch mm-stop-maintaining-the-per-page-mapcount-of-large-folios-config_no_page_mapcount.patch

1 month, 2 weeks

1
0
0 0

[merged mm-stable] mm-gup-reject-foll_split_pmd-with-hugetlb-vmas.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs has been removed from the -mm tree. Its filename was mm-gup-reject-foll_split_pmd-with-hugetlb-vmas.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Date: Mon, 10 Feb 2025 20:37:43 +0100 Patch series "mm: fixes for device-exclusive entries (hmm)", v2. Discussing the PageTail() call in make_device_exclusive_range() with Willy, I recently discovered [1] that device-exclusive handling does not properly work with THP, making the hmm-tests selftests fail if THPs are enabled on the system. Looking into more details, I found that hugetlb is not properly fenced, and I realized that something that was bugging me for longer -- how device-exclusive entries interact with mapcounts -- completely breaks migration/swapout/split/hwpoison handling of these folios while they have device-exclusive PTEs. The program below can be used to allocate 1 GiB worth of pages and making them device-exclusive on a kernel with CONFIG_TEST_HMM. Once they are device-exclusive, these folios cannot get swapped out (proc$pid/smaps_rollup will always indicate 1 GiB RSS no matter how much one forces memory reclaim), and when having a memory block onlined to ZONE_MOVABLE, trying to offline it will loop forever and complain about failed migration of a page that should be movable. # echo offline > /sys/devices/system/memory/memory136/state # echo online_movable > /sys/devices/system/memory/memory136/state # ./hmm-swap & ... wait until everything is device-exclusive # echo offline > /sys/devices/system/memory/memory136/state [ 285.193431][T14882] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x7f20671f7 pfn:0x442b6a [ 285.196618][T14882] memcg:ffff888179298000 [ 285.198085][T14882] anon flags: 0x5fff0000002091c(referenced|uptodate| dirty|active|owner_2|swapbacked|node=1|zone=3|lastcpupid=0x7ff) [ 285.201734][T14882] raw: ... [ 285.204464][T14882] raw: ... [ 285.207196][T14882] page dumped because: migration failure [ 285.209072][T14882] page_owner tracks the page as allocated [ 285.210915][T14882] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), id 14926, tgid 14926 (hmm-swap), ts 254506295376, free_ts 227402023774 [ 285.216765][T14882] post_alloc_hook+0x197/0x1b0 [ 285.218874][T14882] get_page_from_freelist+0x76e/0x3280 [ 285.220864][T14882] __alloc_frozen_pages_noprof+0x38e/0x2740 [ 285.223302][T14882] alloc_pages_mpol+0x1fc/0x540 [ 285.225130][T14882] folio_alloc_mpol_noprof+0x36/0x340 [ 285.227222][T14882] vma_alloc_folio_noprof+0xee/0x1a0 [ 285.229074][T14882] __handle_mm_fault+0x2b38/0x56a0 [ 285.230822][T14882] handle_mm_fault+0x368/0x9f0 ... This series fixes all issues I found so far. There is no easy way to fix without a bigger rework/cleanup. I have a bunch of cleanups on top (some previous sent, some the result of the discussion in v1) that I will send out separately once this landed and I get to it. I wish we could just use some special present PROT_NONE PTEs instead of these (non-present, non-none) fake-swap entries; but that just results in the same problem we keep having (lack of spare PTE bits), and staring at other similar fake-swap entries, that ship has sailed. With this series, make_device_exclusive() doesn't actually belong into mm/rmap.c anymore, but I'll leave moving that for another day. I only tested this series with the hmm-tests selftests due to lack of HW, so I'd appreciate some testing, especially if the interaction between two GPUs wanting a device-exclusive entry works as expected. <program> #include <stdio.h> #include <fcntl.h> #include <stdint.h> #include <unistd.h> #include <stdlib.h> #include <string.h> #include <sys/mman.h> #include <sys/ioctl.h> #include <linux/types.h> #include <linux/ioctl.h> #define HMM_DMIRROR_EXCLUSIVE _IOWR('H', 0x05, struct hmm_dmirror_cmd) struct hmm_dmirror_cmd { __u64 addr; __u64 ptr; __u64 npages; __u64 cpages; __u64 faults; }; const size_t size = 1 * 1024 * 1024 * 1024ul; const size_t chunk_size = 2 * 1024 * 1024ul; int main(void) { struct hmm_dmirror_cmd cmd; size_t cur_size; int fd, ret; char *addr, *mirror; fd = open("/dev/hmm_dmirror1", O_RDWR, 0); if (fd < 0) { perror("open failed\n"); exit(1); } addr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (addr == MAP_FAILED) { perror("mmap failed\n"); exit(1); } madvise(addr, size, MADV_NOHUGEPAGE); memset(addr, 1, size); mirror = malloc(chunk_size); for (cur_size = 0; cur_size < size; cur_size += chunk_size) { cmd.addr = (uintptr_t)addr + cur_size; cmd.ptr = (uintptr_t)mirror; cmd.npages = chunk_size / getpagesize(); ret = ioctl(fd, HMM_DMIRROR_EXCLUSIVE, &cmd); if (ret) { perror("ioctl failed\n"); exit(1); } } pause(); return 0; } </program> [1] https://lkml.kernel.org/r/25e02685-4f1d-47fa-be5b-01ff85bb0ce2@redhat.com This patch (of 17): We only have two FOLL_SPLIT_PMD users. While uprobe refuses hugetlb early, make_device_exclusive_range() can end up getting called on hugetlb VMAs. Right now, this means that with a PMD-sized hugetlb page, we can end up calling split_huge_pmd(), because pmd_trans_huge() also succeeds with hugetlb PMDs. For example, using a modified hmm-test selftest one can trigger: [ 207.017134][T14945] ------------[ cut here ]------------ [ 207.018614][T14945] kernel BUG at mm/page_table_check.c:87! [ 207.019716][T14945] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 207.021072][T14945] CPU: 3 UID: 0 PID: ... [ 207.023036][T14945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 207.024834][T14945] RIP: 0010:page_table_check_clear.part.0+0x488/0x510 [ 207.026128][T14945] Code: ... [ 207.029965][T14945] RSP: 0018:ffffc9000cb8f348 EFLAGS: 00010293 [ 207.031139][T14945] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffffffff8249a0cd [ 207.032649][T14945] RDX: ffff88811e883c80 RSI: ffffffff8249a357 RDI: ffff88811e883c80 [ 207.034183][T14945] RBP: ffff888105c0a050 R08: 0000000000000005 R09: 0000000000000000 [ 207.035688][T14945] R10: 00000000ffffffff R11: 0000000000000003 R12: 0000000000000001 [ 207.037203][T14945] R13: 0000000000000200 R14: 0000000000000001 R15: dffffc0000000000 [ 207.038711][T14945] FS: 00007f2783275740(0000) GS:ffff8881f4980000(0000) knlGS:0000000000000000 [ 207.040407][T14945] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.041660][T14945] CR2: 00007f2782c00000 CR3: 0000000132356000 CR4: 0000000000750ef0 [ 207.043196][T14945] PKRU: 55555554 [ 207.043880][T14945] Call Trace: [ 207.044506][T14945] <TASK> [ 207.045086][T14945] ? __die+0x51/0x92 [ 207.045864][T14945] ? die+0x29/0x50 [ 207.046596][T14945] ? do_trap+0x250/0x320 [ 207.047430][T14945] ? do_error_trap+0xe7/0x220 [ 207.048346][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.049535][T14945] ? handle_invalid_op+0x34/0x40 [ 207.050494][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.051681][T14945] ? exc_invalid_op+0x2e/0x50 [ 207.052589][T14945] ? asm_exc_invalid_op+0x1a/0x20 [ 207.053596][T14945] ? page_table_check_clear.part.0+0x1fd/0x510 [ 207.054790][T14945] ? page_table_check_clear.part.0+0x487/0x510 [ 207.055993][T14945] ? page_table_check_clear.part.0+0x488/0x510 [ 207.057195][T14945] ? page_table_check_clear.part.0+0x487/0x510 [ 207.058384][T14945] __page_table_check_pmd_clear+0x34b/0x5a0 [ 207.059524][T14945] ? __pfx___page_table_check_pmd_clear+0x10/0x10 [ 207.060775][T14945] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 207.061940][T14945] ? __pfx___lock_acquire+0x10/0x10 [ 207.062967][T14945] pmdp_huge_clear_flush+0x279/0x360 [ 207.064024][T14945] split_huge_pmd_locked+0x82b/0x3750 ... Before commit 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code"), we would have ignored the flag; instead, let's simply refuse the combination completely in check_vma_flags(): the caller is likely not prepared to handle any hugetlb folios. We'll teach make_device_exclusive_range() separately to ignore any hugetlb folios as a future-proof safety net. Link: https://lkml.kernel.org/r/20250210193801.781278-1-david@redhat.com Link: https://lkml.kernel.org/r/20250210193801.781278-2-david@redhat.com Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Cc: Alex Shi <alexs(a)kernel.org> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Jann Horn <jannh(a)google.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Lyude <lyude(a)redhat.com> Cc: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: SeongJae Park <sj(a)kernel.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yanteng Si <si.yanteng(a)linux.dev> Cc: Simona Vetter <simona.vetter(a)ffwll.ch> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/gup.c~mm-gup-reject-foll_split_pmd-with-hugetlb-vmas +++ a/mm/gup.c @@ -1283,6 +1283,9 @@ static int check_vma_flags(struct vm_are if ((gup_flags & FOLL_LONGTERM) && vma_is_fsdax(vma)) return -EOPNOTSUPP; + if ((gup_flags & FOLL_SPLIT_PMD) && is_vm_hugetlb_page(vma)) + return -EOPNOTSUPP; + if (vma_is_secretmem(vma)) return -EFAULT; _ Patches currently in -mm which might be from david(a)redhat.com are mm-factor-out-large-folio-handling-from-folio_order-into-folio_large_order.patch mm-factor-out-large-folio-handling-from-folio_nr_pages-into-folio_large_nr_pages.patch mm-let-_folio_nr_pages-overlay-memcg_data-in-first-tail-page.patch mm-let-_folio_nr_pages-overlay-memcg_data-in-first-tail-page-fix.patch mm-move-hugetlb-specific-things-in-folio-to-page.patch mm-move-_pincount-in-folio-to-page-on-32bit.patch mm-move-_entire_mapcount-in-folio-to-page-on-32bit.patch mm-rmap-pass-dst_vma-to-folio_dup_file_rmap_pte-and-friends.patch mm-rmap-pass-vma-to-__folio_add_rmap.patch mm-rmap-abstract-large-mapcount-operations-for-large-folios-hugetlb.patch bit_spinlock-__always_inline-unlock-functions.patch mm-rmap-use-folio_large_nr_pages-in-add-remove-functions.patch mm-rmap-basic-mm-owner-tracking-for-large-folios-hugetlb.patch mm-copy-on-write-cow-reuse-support-for-pte-mapped-thp.patch mm-convert-folio_likely_mapped_shared-to-folio_maybe_mapped_shared.patch mm-config_no_page_mapcount-to-prepare-for-not-maintain-per-page-mapcounts-in-large-folios.patch fs-proc-page-remove-per-page-mapcount-dependency-for-proc-kpagecount-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-pm_mmap_exclusive-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-mapmax-config_no_page_mapcount.patch fs-proc-task_mmu-remove-per-page-mapcount-dependency-for-smaps-smaps_rollup-config_no_page_mapcount.patch mm-stop-maintaining-the-per-page-mapcount-of-large-folios-config_no_page_mapcount.patch

1 month, 2 weeks

1
0
0 0

[PATCH 1/2] tcp: fix races in tcp_abort()

by Youngmin Nam

From: Eric Dumazet <edumazet(a)google.com> tcp_abort() has the same issue than the one fixed in the prior patch in tcp_write_err(). commit 5ce4645c23cf5f048eb8e9ce49e514bababdee85 upstream. To apply commit bac76cf89816bff06c4ec2f3df97dc34e150a1c4, this patch must be applied first. In order to get consistent results from tcp_poll(), we must call sk_error_report() after tcp_done(). We can use tcp_done_with_error() to centralize this logic. Fixes: c1e64e298b8c ("net: diag: Support destroying TCP sockets.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Acked-by: Neal Cardwell <ncardwell(a)google.com> Link: https://lore.kernel.org/r/20240528125253.1966136-4-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v5.10+ [youngmin: Resolved minor conflict in net/ipv4/tcp.c] Signed-off-by: Youngmin Nam <youngmin.nam(a)samsung.com> --- net/ipv4/tcp.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 7ad82be40f34..9fe164aa185c 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4630,13 +4630,9 @@ int tcp_abort(struct sock *sk, int err) bh_lock_sock(sk); if (!sock_flag(sk, SOCK_DEAD)) { - WRITE_ONCE(sk->sk_err, err); - /* This barrier is coupled with smp_rmb() in tcp_poll() */ - smp_wmb(); - sk_error_report(sk); if (tcp_need_reset(sk->sk_state)) tcp_send_active_reset(sk, GFP_ATOMIC); - tcp_done(sk); + tcp_done_with_error(sk, err); } bh_unlock_sock(sk); -- 2.39.2

1 month, 2 weeks

3
6
0 0

[PATCH] sched/deadline: Fix race in push_dl_task

by Harshit Agarwal

This fix is the deadline version of the change made to the rt scheduler here: https://lore.kernel.org/lkml/20250225180553.167995-1-harshit@nutanix.com/ Please go through the original change for more details on the issue. In this fix we bail out or retry in the push_dl_task, if the task is no longer at the head of pushable tasks list because this list changed while trying to lock the runqueue of the other CPU. Signed-off-by: Harshit Agarwal <harshit(a)nutanix.com> Cc: stable(a)vger.kernel.org --- kernel/sched/deadline.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 38e4537790af..c5048969c640 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -2704,6 +2704,7 @@ static int push_dl_task(struct rq *rq) { struct task_struct *next_task; struct rq *later_rq; + struct task_struct *task; int ret = 0; next_task = pick_next_pushable_dl_task(rq); @@ -2734,15 +2735,30 @@ static int push_dl_task(struct rq *rq) /* Will lock the rq it'll find */ later_rq = find_lock_later_rq(next_task, rq); - if (!later_rq) { - struct task_struct *task; + task = pick_next_pushable_dl_task(rq); + if (later_rq && (!task || task != next_task)) { + /* + * We must check all this again, since + * find_lock_later_rq releases rq->lock and it is + * then possible that next_task has migrated and + * is no longer at the head of the pushable list. + */ + double_unlock_balance(rq, later_rq); + if (!task) { + /* No more tasks */ + goto out; + } + put_task_struct(next_task); + next_task = task; + goto retry; + } + if (!later_rq) { /* * We must check all this again, since * find_lock_later_rq releases rq->lock and it is * then possible that next_task has migrated. */ - task = pick_next_pushable_dl_task(rq); if (task == next_task) { /* * The task is still there. We don't try @@ -2751,9 +2767,10 @@ static int push_dl_task(struct rq *rq) goto out; } - if (!task) + if (!task) { /* No more tasks */ goto out; + } put_task_struct(next_task); next_task = task; -- 2.22.3

1 month, 2 weeks

2
6
0 0

[PATCH v2 3/3] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling

by Fedor Pchelkin

usb_phy_init() may return an error code if e.g. its implementation fails to prepare/enable some clocks. And properly rollback on probe error path by calling the counterpart usb_phy_shutdown(). Found by Linux Verification Center (linuxtesting.org). Fixes: be9cae2479f4 ("usb: chipidea: imx: Fix ULPI on imx53") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/usb/chipidea/ci_hdrc_imx.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index d942b3c72640..4f8bfd242b59 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -484,7 +484,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) of_usb_get_phy_mode(np) == USBPHY_INTERFACE_MODE_ULPI) { pdata.flags |= CI_HDRC_OVERRIDE_PHY_CONTROL; data->override_phy_control = true; - usb_phy_init(pdata.usb_phy); + ret = usb_phy_init(pdata.usb_phy); + if (ret) { + dev_err(dev, "Failed to init phy\n"); + goto err_clk; + } } if (pdata.flags & CI_HDRC_SUPPORTS_RUNTIME_PM) @@ -493,7 +497,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_usbmisc_init(data->usbmisc_data); if (ret) { dev_err(dev, "usbmisc init failed, ret=%d\n", ret); - goto err_clk; + goto phy_shutdown; } data->ci_pdev = ci_hdrc_add_device(dev, @@ -502,7 +506,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (IS_ERR(data->ci_pdev)) { ret = PTR_ERR(data->ci_pdev); dev_err_probe(dev, ret, "ci_hdrc_add_device failed\n"); - goto err_clk; + goto phy_shutdown; } if (data->usbmisc_data) { @@ -536,6 +540,9 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) disable_device: ci_hdrc_remove_device(data->ci_pdev); +phy_shutdown: + if (data->override_phy_control) + usb_phy_shutdown(data->phy); err_clk: clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk: -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH v2 2/3] usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines

by Fedor Pchelkin

Upon encountering errors during the HSIC pinctrl handling section the regulator should be disabled. Use devm_add_action_or_reset() to let the regulator-disabling routine be handled by device resource management stack. Found by Linux Verification Center (linuxtesting.org). Fixes: 4d6141288c33 ("usb: chipidea: imx: pinctrl for HSIC is optional") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: simplify the patch taking advantage of devm-helper (Frank Li) It looks like devm_regulator_get_enable_optional() exists for this very use case utilized in the driver but it's not present in old supported stable kernels and I may say those dependency-patches wouldn't apply there cleanly. So fix the problem first, further code simplification is a subject to cleanup patch. drivers/usb/chipidea/ci_hdrc_imx.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 619779eef333..d942b3c72640 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -336,6 +336,13 @@ static int ci_hdrc_imx_notify_event(struct ci_hdrc *ci, unsigned int event) return ret; } +static void ci_hdrc_imx_disable_regulator(void *arg) +{ + struct ci_hdrc_imx_data *data = arg; + + regulator_disable(data->hsic_pad_regulator); +} + static int ci_hdrc_imx_probe(struct platform_device *pdev) { struct ci_hdrc_imx_data *data; @@ -394,6 +401,13 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) "Failed to enable HSIC pad regulator\n"); goto err_put; } + ret = devm_add_action_or_reset(dev, + ci_hdrc_imx_disable_regulator, data); + if (ret) { + dev_err(dev, + "Failed to add regulator devm action\n"); + goto err_put; + } } } @@ -432,11 +446,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_get_clks(dev); if (ret) - goto disable_hsic_regulator; + goto qos_remove_request; ret = imx_prepare_enable_clks(dev); if (ret) - goto disable_hsic_regulator; + goto qos_remove_request; ret = clk_prepare_enable(data->clk_wakeup); if (ret) @@ -526,10 +540,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk: imx_disable_unprepare_clks(dev); -disable_hsic_regulator: - if (data->hsic_pad_regulator) - /* don't overwrite original ret (cf. EPROBE_DEFER) */ - regulator_disable(data->hsic_pad_regulator); +qos_remove_request: if (pdata.flags & CI_HDRC_PMQOS) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; @@ -557,8 +568,6 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) clk_disable_unprepare(data->clk_wakeup); if (data->plat_data->flags & CI_HDRC_PMQOS) cpu_latency_qos_remove_request(&data->pm_qos_req); - if (data->hsic_pad_regulator) - regulator_disable(data->hsic_pad_regulator); } if (data->usbmisc_data) put_device(data->usbmisc_data->dev); -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH v2 1/3] usb: chipidea: ci_hdrc_imx: fix usbmisc handling

by Fedor Pchelkin

usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. Fixes: 74adad500346 ("usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/usb/chipidea/ci_hdrc_imx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 1a7fc638213e..619779eef333 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -534,7 +534,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; err_put: - put_device(data->usbmisc_data->dev); + if (data->usbmisc_data) + put_device(data->usbmisc_data->dev); return ret; } @@ -559,7 +560,8 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) if (data->hsic_pad_regulator) regulator_disable(data->hsic_pad_regulator); } - put_device(data->usbmisc_data->dev); + if (data->usbmisc_data) + put_device(data->usbmisc_data->dev); } static void ci_hdrc_imx_shutdown(struct platform_device *pdev) -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH v3] wifi: mt76: mt7925: fix the incomplete revert of [tx,rx]_ba for MLO

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Since the `Revert wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO` was not completely clean, submit this patch to fully clean it up. Cc: stable(a)vger.kernel.org Fixes: 73915469c55a ("Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- v2: rewrite the subject v3: remove the change-Id --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 1ecba46d770d..1bdc313844c4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -572,10 +572,10 @@ void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb) static int mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, - struct mt76_wcid *wcid, struct ieee80211_ampdu_params *params, bool enable, bool tx) { + struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv; struct sta_rec_ba_uni *ba; struct sk_buff *skb; struct tlv *tlv; @@ -608,13 +608,12 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; if (enable && !params->amsdu) msta->deflink.wcid.amsdu = false; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, true); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, @@ -623,10 +622,9 @@ int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, false); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, false); } static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val) -- 2.45.2

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: fix memory accept before watermarks gets initialized has been removed from the -mm tree. Its filename was mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm/page_alloc: fix memory accept before watermarks gets initialized Date: Mon, 10 Mar 2025 10:28:55 +0200 Watermarks are initialized during the postcore initcall. Until then, all watermarks are set to zero. This causes cond_accept_memory() to incorrectly skip memory acceptance because a watermark of 0 is always met. This can lead to a premature OOM on boot. To ensure progress, accept one MAX_ORDER page if the watermark is zero. Link: https://lkml.kernel.org/r/20250310082855.2587122-1-kirill.shutemov@linux.in… Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Tested-by: Farrah Chen <farrah.chen(a)intel.com> Reported-by: Farrah Chen <farrah.chen(a)intel.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Pankaj Gupta <pankaj.gupta(a)amd.com> Cc: Ashish Kalra <ashish.kalra(a)amd.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Edgecombe, Rick P" <rick.p.edgecombe(a)intel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: Thomas Lendacky <thomas.lendacky(a)amd.com> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized +++ a/mm/page_alloc.c @@ -7004,7 +7004,7 @@ static inline bool has_unaccepted_memory static bool cond_accept_memory(struct zone *zone, unsigned int order) { - long to_accept; + long to_accept, wmark; bool ret = false; if (!has_unaccepted_memory()) @@ -7013,8 +7013,18 @@ static bool cond_accept_memory(struct zo if (list_empty(&zone->unaccepted_pages)) return false; + wmark = promo_wmark_pages(zone); + + /* + * Watermarks have not been initialized yet. + * + * Accepting one MAX_ORDER page to ensure progress. + */ + if (!wmark) + return try_to_accept_memory_one(zone); + /* How much to accept to get to promo watermark? */ - to_accept = promo_wmark_pages(zone) - + to_accept = wmark - (zone_page_state(zone, NR_FREE_PAGES) - __zone_watermark_unusable_free(zone, order, 0) - zone_page_state(zone, NR_UNACCEPTED)); _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] memcg-drain-obj-stock-on-cpu-hotplug-teardown.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: memcg: drain obj stock on cpu hotplug teardown has been removed from the -mm tree. Its filename was memcg-drain-obj-stock-on-cpu-hotplug-teardown.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shakeel Butt <shakeel.butt(a)linux.dev> Subject: memcg: drain obj stock on cpu hotplug teardown Date: Mon, 10 Mar 2025 16:09:34 -0700 Currently on cpu hotplug teardown, only memcg stock is drained but we need to drain the obj stock as well otherwise we will miss the stats accumulated on the target cpu as well as the nr_bytes cached. The stats include MEMCG_KMEM, NR_SLAB_RECLAIMABLE_B & NR_SLAB_UNRECLAIMABLE_B. In addition we are leaking reference to struct obj_cgroup object. Link: https://lkml.kernel.org/r/20250310230934.2913113-1-shakeel.butt@linux.dev Fixes: bf4f059954dc ("mm: memcg/slab: obj_cgroup API") Signed-off-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Roman Gushchin <roman.gushchin(a)linux.dev> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memcontrol.c~memcg-drain-obj-stock-on-cpu-hotplug-teardown +++ a/mm/memcontrol.c @@ -1921,9 +1921,18 @@ void drain_all_stock(struct mem_cgroup * static int memcg_hotplug_cpu_dead(unsigned int cpu) { struct memcg_stock_pcp *stock; + struct obj_cgroup *old; + unsigned long flags; stock = &per_cpu(memcg_stock, cpu); + + /* drain_obj_stock requires stock_lock */ + local_lock_irqsave(&memcg_stock.stock_lock, flags); + old = drain_obj_stock(stock); + local_unlock_irqrestore(&memcg_stock.stock_lock, flags); + drain_stock(stock); + obj_cgroup_put(old); return 0; } _ Patches currently in -mm which might be from shakeel.butt(a)linux.dev are memcg-add-hierarchical-effective-limits-for-v2.patch memcg-dont-call-propagate_protected_usage-for-v1.patch page_counter-track-failcnt-only-for-legacy-cgroups.patch page_counter-reduce-struct-page_counter-size.patch memcg-bypass-root-memcg-check-for-skmem-charging.patch memcg-avoid-refill_stock-for-root-memcg.patch memcg-move-do_memsw_account-to-config_memcg_v1.patch

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: drop beyond-EOF folios with the right number of refs has been removed from the -mm tree. Its filename was mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: mm/huge_memory: drop beyond-EOF folios with the right number of refs Date: Mon, 10 Mar 2025 11:57:27 -0400 When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed. Link: https://lkml.kernel.org/r/20250310155727.472846-1-ziy@nvidia.com Fixes: c010d47f107f ("mm: thp: split huge page to any lower order pages") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: Hugh Dickins <hughd(a)google.com> Closes: https://lore.kernel.org/all/fcbadb7f-dd3e-21df-f9a7-2853b53183c4@google.com/ Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Kirill A. Shuemov <kirill.shutemov(a)linux.intel.com> Cc: Luis Chamberalin <mcgrof(a)kernel.org> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Pankaj Raghav <p.raghav(a)samsung.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs +++ a/mm/huge_memory.c @@ -3304,7 +3304,7 @@ static void __split_huge_page(struct pag folio_account_cleaned(tail, inode_to_wb(folio->mapping->host)); __filemap_remove_folio(tail, NULL); - folio_put(tail); + folio_put_refs(tail, folio_nr_pages(tail)); } else if (!folio_test_anon(folio)) { __xa_store(&folio->mapping->i_pages, tail->index, tail, 0); _ Patches currently in -mm which might be from ziy(a)nvidia.com are selftests-mm-make-file-backed-thp-split-work-by-writing-pmd-size-data.patch mm-huge_memory-allow-split-shmem-large-folio-to-any-lower-order.patch selftests-mm-test-splitting-file-backed-thp-to-any-lower-order.patch xarray-add-xas_try_split-to-split-a-multi-index-entry.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split-fix.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split-fix-2.patch mm-huge_memory-move-folio-split-common-code-to-__folio_split.patch mm-huge_memory-add-buddy-allocator-like-non-uniform-folio_split.patch mm-huge_memory-remove-the-old-unused-__split_huge_page.patch mm-huge_memory-add-folio_split-to-debugfs-testing-interface.patch mm-truncate-use-folio_split-in-truncate-operation.patch selftests-mm-add-tests-for-folio_split-buddy-allocator-like-split.patch mm-filemap-use-xas_try_split-in-__filemap_add_folio.patch mm-shmem-use-xas_try_split-in-shmem_split_large_entry.patch

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation has been removed from the -mm tree. Its filename was selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Rafael Aquini <raquini(a)redhat.com> Subject: selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation Date: Tue, 18 Feb 2025 14:22:51 -0500 We noticed that uffd-stress test was always failing to run when invoked for the hugetlb profiles on x86_64 systems with a processor count of 64 or bigger: ... # ------------------------------------ # running ./uffd-stress hugetlb 128 32 # ------------------------------------ # ERROR: invalid MiB (errno=9, @uffd-stress.c:459) ... # [FAIL] not ok 3 uffd-stress hugetlb 128 32 # exit=1 ... The problem boils down to how run_vmtests.sh (mis)calculates the size of the region it feeds to uffd-stress. The latter expects to see an amount of MiB while the former is just giving out the number of free hugepages halved down. This measurement discrepancy ends up violating uffd-stress' assertion on number of hugetlb pages allocated per CPU, causing it to bail out with the error above. This commit fixes that issue by adjusting run_vmtests.sh's half_ufd_size_MB calculation so it properly renders the region size in MiB, as expected, while maintaining all of its original constraints in place. Link: https://lkml.kernel.org/r/20250218192251.53243-1-aquini@redhat.com Fixes: 2e47a445d7b3 ("selftests/mm: run_vmtests.sh: fix hugetlb mem size calculation") Signed-off-by: Rafael Aquini <raquini(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/run_vmtests.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/run_vmtests.sh~selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation +++ a/tools/testing/selftests/mm/run_vmtests.sh @@ -304,7 +304,9 @@ uffd_stress_bin=./uffd-stress CATEGORY="userfaultfd" run_test ${uffd_stress_bin} anon 20 16 # Hugetlb tests require source and destination huge pages. Pass in half # the size of the free pages we have, which is used for *each*. -half_ufd_size_MB=$((freepgs / 2)) +# uffd-stress expects a region expressed in MiB, so we adjust +# half_ufd_size_MB accordingly. +half_ufd_size_MB=$(((freepgs * hpgsize_KB) / 1024 / 2)) CATEGORY="userfaultfd" run_test ${uffd_stress_bin} hugetlb "$half_ufd_size_MB" 32 CATEGORY="userfaultfd" run_test ${uffd_stress_bin} hugetlb-private "$half_ufd_size_MB" 32 CATEGORY="userfaultfd" run_test ${uffd_stress_bin} shmem 20 16 _ Patches currently in -mm which might be from raquini(a)redhat.com are

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT has been removed from the -mm tree. Its filename was mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Raphael S. Carvalho" <raphaelsc(a)scylladb.com> Subject: mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT Date: Mon, 24 Feb 2025 11:37:00 -0300 original report: https://lore.kernel.org/all/CAKhLTr1UL3ePTpYjXOx2AJfNk8Ku2EdcEfu+CH1sf3Asr=… When doing buffered writes with FGP_NOWAIT, under memory pressure, the system returned ENOMEM despite there being plenty of available memory, to be reclaimed from page cache. The user space used io_uring interface, which in turn submits I/O with FGP_NOWAIT (the fast path). retsnoop pointed to iomap_get_folio: 00:34:16.180612 -> 00:34:16.180651 TID/PID 253786/253721 (reactor-1/combined_tests): entry_SYSCALL_64_after_hwframe+0x76 do_syscall_64+0x82 __do_sys_io_uring_enter+0x265 io_submit_sqes+0x209 io_issue_sqe+0x5b io_write+0xdd xfs_file_buffered_write+0x84 iomap_file_buffered_write+0x1a6 32us [-ENOMEM] iomap_write_begin+0x408 iter=&{.inode=0xffff8c67aa031138,.len=4096,.flags=33,.iomap={.addr=0xffffffffffffffff,.length=4096,.type=1,.flags=3,.bdev=0x�� pos=0 len=4096 foliop=0xffffb32c296b7b80 ! 4us [-ENOMEM] iomap_get_folio iter=&{.inode=0xffff8c67aa031138,.len=4096,.flags=33,.iomap={.addr=0xffffffffffffffff,.length=4096,.type=1,.flags=3,.bdev=0x�� pos=0 len=4096 This is likely a regression caused by 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio"), which moved error handling from io_map_get_folio() to __filemap_get_folio(), but broke FGP_NOWAIT handling, so ENOMEM is being escaped to user space. Had it correctly returned -EAGAIN with NOWAIT, either io_uring or user space itself would be able to retry the request. It's not enough to patch io_uring since the iomap interface is the one responsible for it, and pwritev2(RWF_NOWAIT) and AIO interfaces must return the proper error too. The patch was tested with scylladb test suite (its original reproducer), and the tests all pass now when memory is pressured. Link: https://lkml.kernel.org/r/20250224143700.23035-1-raphaelsc@scylladb.com Fixes: 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio") Signed-off-by: Raphael S. Carvalho <raphaelsc(a)scylladb.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/filemap.c~mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait +++ a/mm/filemap.c @@ -1986,8 +1986,19 @@ no_page: if (err == -EEXIST) goto repeat; - if (err) + if (err) { + /* + * When NOWAIT I/O fails to allocate folios this could + * be due to a nonblocking memory allocation and not + * because the system actually is out of memory. + * Return -EAGAIN so that there caller retries in a + * blocking fashion instead of propagating -ENOMEM + * to the application. + */ + if ((fgp_flags & FGP_NOWAIT) && err == -ENOMEM) + err = -EAGAIN; return ERR_PTR(err); + } /* * filemap_add_folio locks the page, and for mmap * we expect an unlocked page. _ Patches currently in -mm which might be from raphaelsc(a)scylladb.com are

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-migrate-fix-shmem-xarray-update-during-migration.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/migrate: fix shmem xarray update during migration has been removed from the -mm tree. Its filename was mm-migrate-fix-shmem-xarray-update-during-migration.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: mm/migrate: fix shmem xarray update during migration Date: Wed, 5 Mar 2025 15:04:03 -0500 A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. Link: https://lkml.kernel.org/r/20250305200403.2822855-1-ziy@nvidia.com Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: Liu Shixin <liushixin2(a)huawei.com> Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ Suggested-by: Hugh Dickins <hughd(a)google.com> Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Charan Teja Kalla <quic_charante(a)quicinc.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/mm/migrate.c~mm-migrate-fix-shmem-xarray-update-during-migration +++ a/mm/migrate.c @@ -518,15 +518,13 @@ static int __folio_migrate_mapping(struc if (folio_test_anon(folio) && folio_test_large(folio)) mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON, 1); folio_ref_add(newfolio, nr); /* add cache reference */ - if (folio_test_swapbacked(folio)) { + if (folio_test_swapbacked(folio)) __folio_set_swapbacked(newfolio); - if (folio_test_swapcache(folio)) { - folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); - } + if (folio_test_swapcache(folio)) { + folio_set_swapcache(newfolio); + newfolio->private = folio_get_private(folio); entries = nr; } else { - VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); entries = 1; } _ Patches currently in -mm which might be from ziy(a)nvidia.com are selftests-mm-make-file-backed-thp-split-work-by-writing-pmd-size-data.patch mm-huge_memory-allow-split-shmem-large-folio-to-any-lower-order.patch selftests-mm-test-splitting-file-backed-thp-to-any-lower-order.patch xarray-add-xas_try_split-to-split-a-multi-index-entry.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split-fix.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split-fix-2.patch mm-huge_memory-move-folio-split-common-code-to-__folio_split.patch mm-huge_memory-add-buddy-allocator-like-non-uniform-folio_split.patch mm-huge_memory-remove-the-old-unused-__split_huge_page.patch mm-huge_memory-add-folio_split-to-debugfs-testing-interface.patch mm-truncate-use-folio_split-in-truncate-operation.patch selftests-mm-add-tests-for-folio_split-buddy-allocator-like-split.patch mm-filemap-use-xas_try_split-in-__filemap_add_folio.patch mm-shmem-use-xas_try_split-in-shmem_split_large_entry.patch

1 month, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] proc-fix-uaf-in-proc_get_inode.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: proc: fix UAF in proc_get_inode() has been removed from the -mm tree. Its filename was proc-fix-uaf-in-proc_get_inode.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ye Bin <yebin10(a)huawei.com> Subject: proc: fix UAF in proc_get_inode() Date: Sat, 1 Mar 2025 15:06:24 +0300 Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->... dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) --> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [adobriyan(a)gmail.com: don't do 2 atomic ops on the common path] Link: https://lkml.kernel.org/r/3d25ded0-1739-447e-812b-e34da7990dcf@p183 Fixes: 778f3dd5a13c ("Fix procfs compat_ioctl regression") Signed-off-by: Ye Bin <yebin10(a)huawei.com> Signed-off-by: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: David S. Miller <davem(a)davemloft.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/generic.c | 10 +++++++++- fs/proc/inode.c | 6 +++--- fs/proc/internal.h | 14 ++++++++++++++ include/linux/proc_fs.h | 7 +++++-- 4 files changed, 31 insertions(+), 6 deletions(-) --- a/fs/proc/generic.c~proc-fix-uaf-in-proc_get_inode +++ a/fs/proc/generic.c @@ -559,10 +559,16 @@ struct proc_dir_entry *proc_create_reg(c return p; } -static inline void pde_set_flags(struct proc_dir_entry *pde) +static void pde_set_flags(struct proc_dir_entry *pde) { if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT) pde->flags |= PROC_ENTRY_PERMANENT; + if (pde->proc_ops->proc_read_iter) + pde->flags |= PROC_ENTRY_proc_read_iter; +#ifdef CONFIG_COMPAT + if (pde->proc_ops->proc_compat_ioctl) + pde->flags |= PROC_ENTRY_proc_compat_ioctl; +#endif } struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, @@ -626,6 +632,7 @@ struct proc_dir_entry *proc_create_seq_p p->proc_ops = &proc_seq_ops; p->seq_ops = ops; p->state_size = state_size; + pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_seq_private); @@ -656,6 +663,7 @@ struct proc_dir_entry *proc_create_singl return NULL; p->proc_ops = &proc_single_ops; p->single_show = show; + pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_single_data); --- a/fs/proc/inode.c~proc-fix-uaf-in-proc_get_inode +++ a/fs/proc/inode.c @@ -656,13 +656,13 @@ struct inode *proc_get_inode(struct supe if (S_ISREG(inode->i_mode)) { inode->i_op = de->proc_iops; - if (de->proc_ops->proc_read_iter) + if (pde_has_proc_read_iter(de)) inode->i_fop = &proc_iter_file_ops; else inode->i_fop = &proc_reg_file_ops; #ifdef CONFIG_COMPAT - if (de->proc_ops->proc_compat_ioctl) { - if (de->proc_ops->proc_read_iter) + if (pde_has_proc_compat_ioctl(de)) { + if (pde_has_proc_read_iter(de)) inode->i_fop = &proc_iter_file_ops_compat; else inode->i_fop = &proc_reg_file_ops_compat; --- a/fs/proc/internal.h~proc-fix-uaf-in-proc_get_inode +++ a/fs/proc/internal.h @@ -85,6 +85,20 @@ static inline void pde_make_permanent(st pde->flags |= PROC_ENTRY_PERMANENT; } +static inline bool pde_has_proc_read_iter(const struct proc_dir_entry *pde) +{ + return pde->flags & PROC_ENTRY_proc_read_iter; +} + +static inline bool pde_has_proc_compat_ioctl(const struct proc_dir_entry *pde) +{ +#ifdef CONFIG_COMPAT + return pde->flags & PROC_ENTRY_proc_compat_ioctl; +#else + return false; +#endif +} + extern struct kmem_cache *proc_dir_entry_cache; void pde_free(struct proc_dir_entry *pde); --- a/include/linux/proc_fs.h~proc-fix-uaf-in-proc_get_inode +++ a/include/linux/proc_fs.h @@ -20,10 +20,13 @@ enum { * If in doubt, ignore this flag. */ #ifdef MODULE - PROC_ENTRY_PERMANENT = 0U, + PROC_ENTRY_PERMANENT = 0U, #else - PROC_ENTRY_PERMANENT = 1U << 0, + PROC_ENTRY_PERMANENT = 1U << 0, #endif + + PROC_ENTRY_proc_read_iter = 1U << 1, + PROC_ENTRY_proc_compat_ioctl = 1U << 2, }; struct proc_ops { _ Patches currently in -mm which might be from yebin10(a)huawei.com are

1 month, 2 weeks

1
0
0 0

[PATCH] fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()

by Qasim Ijaz

fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference. Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL(). Fixes: ccbc1c302115 ("fpga: add an initial KUnit suite for the FPGA Manager") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/fpga/tests/fpga-mgr-test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/fpga/tests/fpga-mgr-test.c b/drivers/fpga/tests/fpga-mgr-test.c index 9cb37aefbac4..1902ebf5a298 100644 --- a/drivers/fpga/tests/fpga-mgr-test.c +++ b/drivers/fpga/tests/fpga-mgr-test.c @@ -263,6 +263,7 @@ static void fpga_mgr_test_img_load_sgt(struct kunit *test) img_buf = init_test_buffer(test, IMAGE_SIZE); sgt = kunit_kzalloc(test, sizeof(*sgt), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, sgt); ret = sg_alloc_table(sgt, 1, GFP_KERNEL); KUNIT_ASSERT_EQ(test, ret, 0); sg_init_one(sgt->sgl, img_buf, IMAGE_SIZE); -- 2.39.5

1 month, 2 weeks

4
3
0 0

[REGRESSION][BISECTED] Commit 60e3318e3e900 in stable/linux-6.1.y breaks cifs client failover to another server in DFS namespace

by Andrew Paniakin

Commit 60e3318e3e900 ("cifs: use fs_context for automounts") was released in v6.1.54 and broke the failover when one of the servers inside DFS becomes unavailable. We reproduced the problem on the EC2 instances of different types. Reverting aforementioned commint on top of the latest stable verison v6.1.94 helps to resolve the problem. Earliest working version is v6.2-rc1. There were two big merges of CIFS fixes: [1] and [2]. We would like to ask for the help to investigate this problem and if some of those patches need to be backported. Also, is it safe to just revert problematic commit until proper fixes/backports will be available? We will help to do testing and confirm if fix works, but let me also list the steps we used to reproduce the problem if it will help to identify the problem: 1. Create Active Directory domain eg. 'corp.fsxtest.local' in AWS Directory Service with: - three AWS FSX file systems filesystem1..filesystem3 - three Windows servers; They have DFS installed as per https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs…: - dfs-srv1: EC2AMAZ-2EGTM59 - dfs-srv2: EC2AMAZ-1N36PRD - dfs-srv3: EC2AMAZ-0PAUH2U 2. Create DFS namespace eg. 'dfs-namespace' in Windows server 2008 mode and three folders targets in it: - referral-a mapped to filesystem1.corp.local - referral-b mapped to filesystem2.corp.local - referral-c mapped to filesystem3.corp.local - local folders dfs-srv1..dfs-srv3 in C:\DFSRoots\dfs-namespace of every Windows server. This helps to quickly define underlying server when DFS is mounted. 3. Enabled cifs debug logs: ``` echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control echo 7 > /proc/fs/cifs/cifsFYI ``` 4. Mount DFS namespace on Amazon Linux 2023 instance running any vanilla kernel v6.1.54+: ``` dmesg -c &>/dev/null cd /mnt mount -t cifs -o cred=/mnt/creds,echo_interval=5 \ //corp.fsxtest.local/dfs-namespace \ ./dfs-namespace ``` 5. List DFS root, it's also required to avoid recursive mounts that happen during regular 'ls' run: ``` sh -c 'ls dfs-namespace' dfs-srv2 referral-a referral-b ``` The DFS server is EC2AMAZ-1N36PRD, it's also listed in mount: ``` [root@ip-172-31-2-82 mnt]# mount | grep dfs //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` List files in first folder: ``` sh -c 'ls dfs-namespace/referral-a' filea.txt.txt ``` 6. Shutdown DFS server-2. List DFS root again, server changed from dfs-srv2 to dfs-srv1 EC2AMAZ-2EGTM59: ``` sh -c 'ls dfs-namespace' dfs-srv1 referral-a referral-b ``` 7. Try to list files in another folder, this causes ls to fail with error: ``` sh -c 'ls dfs-namespace/referral-b' ls: cannot access 'dfs-namespace/referral-b': No route to host``` Sometimes it's also 'Operation now in progress' error. mount shows the same output: ``` //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` I also attached kernel debug logs from this test. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Reported-by: Andrei Paniakin <apanyaki(a)amazon.com> Bisected-by: Simba Bonga <simbarb(a)amazon.com> --- #regzbot introduced: v6.1.54..v6.2-rc1

1 month, 2 weeks

3
11
0 0

[PATCH v2] sched/fair: Disable DL server on rcu_torture_disable_rt_throttle()

by Joel Fernandes

Currently, RCU boost testing in rcutorture is broken because it relies on having RT throttling disabled. This means the test will always pass (or rarely fail). This occurs because recently, RT throttling was replaced by DL server which boosts CFS tasks even when rcutorture tried to disable throttling (see rcu_torture_disable_rt_throttle()). However, the systctl_sched_rt_runtime variable is not considered thus still allowing RT tasks to be preempted by CFS tasks. Therefore this patch prevents DL server from starting when RCU torture sets the sysctl_sched_rt_runtime to -1. With this patch, boosting in TREE09 fails reliably if RCU_BOOST=n. Steven also mentioned that this could fix RT usecases where users do not want DL server to be interfering. Cc: stable(a)vger.kernel.org Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Fixes: cea5a3472ac4 ("sched/fair: Cleanup fair_server") Signed-off-by: Joel Fernandes <joelagnelf(a)nvidia.com> --- v1->v2: Updated Fixes tag (Steven) Moved the stoppage of DL server to fair (Juri) kernel/sched/fair.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 1c0ef435a7aa..d7ba333393f2 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1242,7 +1242,7 @@ static void update_curr(struct cfs_rq *cfs_rq) * against fair_server such that it can account for this time * and possibly avoid running this period. */ - if (dl_server_active(&rq->fair_server)) + if (dl_server_active(&rq->fair_server) && rt_bandwidth_enabled()) dl_server_update(&rq->fair_server, delta_exec); } @@ -5957,7 +5957,7 @@ static bool throttle_cfs_rq(struct cfs_rq *cfs_rq) sub_nr_running(rq, queued_delta); /* Stop the fair server if throttling resulted in no runnable tasks */ - if (rq_h_nr_queued && !rq->cfs.h_nr_queued) + if (rq_h_nr_queued && !rq->cfs.h_nr_queued && dl_server_active(&rq->fair_server)) dl_server_stop(&rq->fair_server); done: /* @@ -6056,7 +6056,7 @@ void unthrottle_cfs_rq(struct cfs_rq *cfs_rq) } /* Start the fair server if un-throttling resulted in new runnable tasks */ - if (!rq_h_nr_queued && rq->cfs.h_nr_queued) + if (!rq_h_nr_queued && rq->cfs.h_nr_queued && rt_bandwidth_enabled()) dl_server_start(&rq->fair_server); /* At this point se is NULL and we are at root level*/ @@ -7005,9 +7005,11 @@ enqueue_task_fair(struct rq *rq, struct task_struct *p, int flags) if (!rq_h_nr_queued && rq->cfs.h_nr_queued) { /* Account for idle runtime */ - if (!rq->nr_running) + if (!rq->nr_running && rt_bandwidth_enabled()) dl_server_update_idle_time(rq, rq->curr); - dl_server_start(&rq->fair_server); + + if (rt_bandwidth_enabled()) + dl_server_start(&rq->fair_server); } /* At this point se is NULL and we are at root level*/ @@ -7134,7 +7136,7 @@ static int dequeue_entities(struct rq *rq, struct sched_entity *se, int flags) sub_nr_running(rq, h_nr_queued); - if (rq_h_nr_queued && !rq->cfs.h_nr_queued) + if (rq_h_nr_queued && !rq->cfs.h_nr_queued && dl_server_active(&rq->fair_server)) dl_server_stop(&rq->fair_server); /* balance early to pull high priority tasks */ -- 2.43.0

1 month, 2 weeks

2
3
0 0

INTEC 2025 Attendee's List (Updated)

by Jennifer Martin

Hi, As an exhibiting company at The Intec International Trade Fair for Machine Tools, Manufacturing and Automation (INTEC 2025) we have access to the fully updated attendee list, including last-minute registrants who attended the show. This exclusive list can help you: ✅ Connect with high-intent leads ✅ Follow up with attendees who visited (or missed) your booth ✅ Maximize your ROI from the event If you're Interested, I’d love to share more details—and I can also provide pricing information. Looking forward to your thoughts. Regards, Jennifer Martin Sr. Marketing Manager

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 48939523843e4813e78920f54937944a8787134b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031619-crazed-stock-31a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48939523843e4813e78920f54937944a8787134b Mon Sep 17 00:00:00 2001 From: Andrei Botila <andrei.botila(a)oss.nxp.com> Date: Tue, 4 Mar 2025 18:06:14 +0200 Subject: [PATCH] net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart errata TJA1120B/TJA1121B can achieve a stable operation of SGMII after a startup event by putting the SGMII PCS into power down mode and restart afterwards. It is necessary to put the SGMII PCS into power down mode and back up. Cc: stable(a)vger.kernel.org Fixes: f1fe5dff2b8a ("net: phy: nxp-c45-tja11xx: add TJA1120 support") Signed-off-by: Andrei Botila <andrei.botila(a)oss.nxp.com> Link: https://patch.msgid.link/20250304160619.181046-3-andrei.botila@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/nxp-c45-tja11xx.c b/drivers/net/phy/nxp-c45-tja11xx.c index 709d6c9f7cba..e9fc54517449 100644 --- a/drivers/net/phy/nxp-c45-tja11xx.c +++ b/drivers/net/phy/nxp-c45-tja11xx.c @@ -114,6 +114,9 @@ #define MII_BASIC_CONFIG_RMII 0x5 #define MII_BASIC_CONFIG_MII 0x4 +#define VEND1_SGMII_BASIC_CONTROL 0xB000 +#define SGMII_LPM BIT(11) + #define VEND1_SYMBOL_ERROR_CNT_XTD 0x8351 #define EXTENDED_CNT_EN BIT(15) #define VEND1_MONITOR_STATUS 0xAC80 @@ -1598,11 +1601,11 @@ static int nxp_c45_set_phy_mode(struct phy_device *phydev) return 0; } -/* Errata: ES_TJA1120 and ES_TJA1121 Rev. 1.0 — 28 November 2024 Section 3.1 */ +/* Errata: ES_TJA1120 and ES_TJA1121 Rev. 1.0 — 28 November 2024 Section 3.1 & 3.2 */ static void nxp_c45_tja1120_errata(struct phy_device *phydev) { + bool macsec_ability, sgmii_ability; int silicon_version, sample_type; - bool macsec_ability; int phy_abilities; int ret = 0; @@ -1619,6 +1622,7 @@ static void nxp_c45_tja1120_errata(struct phy_device *phydev) phy_abilities = phy_read_mmd(phydev, MDIO_MMD_VEND1, VEND1_PORT_ABILITIES); macsec_ability = !!(phy_abilities & MACSEC_ABILITY); + sgmii_ability = !!(phy_abilities & SGMII_ABILITY); if ((!macsec_ability && silicon_version == 2) || (macsec_ability && silicon_version == 1)) { /* TJA1120/TJA1121 PHY configuration errata workaround. @@ -1639,6 +1643,18 @@ static void nxp_c45_tja1120_errata(struct phy_device *phydev) phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x0); phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0x0); + + if (sgmii_ability) { + /* TJA1120B/TJA1121B SGMII PCS restart errata workaround. + * Put SGMII PCS into power down mode and back up. + */ + phy_set_bits_mmd(phydev, MDIO_MMD_VEND1, + VEND1_SGMII_BASIC_CONTROL, + SGMII_LPM); + phy_clear_bits_mmd(phydev, MDIO_MMD_VEND1, + VEND1_SGMII_BASIC_CONTROL, + SGMII_LPM); + } } }

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a07364b394697d2e0baffeb517f41385259aa484 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031659-impeach-flatworm-db02@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a07364b394697d2e0baffeb517f41385259aa484 Mon Sep 17 00:00:00 2001 From: Andrei Botila <andrei.botila(a)oss.nxp.com> Date: Tue, 4 Mar 2025 18:06:13 +0200 Subject: [PATCH] net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration errata The most recent sillicon versions of TJA1120 and TJA1121 can achieve full silicon performance by putting the PHY in managed mode. It is necessary to apply these PHY writes before link gets established. Application of this fix is required after restart of device and wakeup from sleep. Cc: stable(a)vger.kernel.org Fixes: f1fe5dff2b8a ("net: phy: nxp-c45-tja11xx: add TJA1120 support") Signed-off-by: Andrei Botila <andrei.botila(a)oss.nxp.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250304160619.181046-2-andrei.botila@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/nxp-c45-tja11xx.c b/drivers/net/phy/nxp-c45-tja11xx.c index 34231b5b9175..709d6c9f7cba 100644 --- a/drivers/net/phy/nxp-c45-tja11xx.c +++ b/drivers/net/phy/nxp-c45-tja11xx.c @@ -22,6 +22,11 @@ #define PHY_ID_TJA_1103 0x001BB010 #define PHY_ID_TJA_1120 0x001BB031 +#define VEND1_DEVICE_ID3 0x0004 +#define TJA1120_DEV_ID3_SILICON_VERSION GENMASK(15, 12) +#define TJA1120_DEV_ID3_SAMPLE_TYPE GENMASK(11, 8) +#define DEVICE_ID3_SAMPLE_TYPE_R 0x9 + #define VEND1_DEVICE_CONTROL 0x0040 #define DEVICE_CONTROL_RESET BIT(15) #define DEVICE_CONTROL_CONFIG_GLOBAL_EN BIT(14) @@ -1593,6 +1598,50 @@ static int nxp_c45_set_phy_mode(struct phy_device *phydev) return 0; } +/* Errata: ES_TJA1120 and ES_TJA1121 Rev. 1.0 — 28 November 2024 Section 3.1 */ +static void nxp_c45_tja1120_errata(struct phy_device *phydev) +{ + int silicon_version, sample_type; + bool macsec_ability; + int phy_abilities; + int ret = 0; + + ret = phy_read_mmd(phydev, MDIO_MMD_VEND1, VEND1_DEVICE_ID3); + if (ret < 0) + return; + + sample_type = FIELD_GET(TJA1120_DEV_ID3_SAMPLE_TYPE, ret); + if (sample_type != DEVICE_ID3_SAMPLE_TYPE_R) + return; + + silicon_version = FIELD_GET(TJA1120_DEV_ID3_SILICON_VERSION, ret); + + phy_abilities = phy_read_mmd(phydev, MDIO_MMD_VEND1, + VEND1_PORT_ABILITIES); + macsec_ability = !!(phy_abilities & MACSEC_ABILITY); + if ((!macsec_ability && silicon_version == 2) || + (macsec_ability && silicon_version == 1)) { + /* TJA1120/TJA1121 PHY configuration errata workaround. + * Apply PHY writes sequence before link up. + */ + if (!macsec_ability) { + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x4b95); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0xf3cd); + } else { + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x89c7); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0x0893); + } + + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x0476, 0x58a0); + + phy_write_mmd(phydev, MDIO_MMD_PMAPMD, 0x8921, 0xa3a); + phy_write_mmd(phydev, MDIO_MMD_PMAPMD, 0x89F1, 0x16c1); + + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x0); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0x0); + } +} + static int nxp_c45_config_init(struct phy_device *phydev) { int ret; @@ -1609,6 +1658,9 @@ static int nxp_c45_config_init(struct phy_device *phydev) phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 1); phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 2); + if (phy_id_compare(phydev->phy_id, PHY_ID_TJA_1120, GENMASK(31, 4))) + nxp_c45_tja1120_errata(phydev); + phy_set_bits_mmd(phydev, MDIO_MMD_VEND1, VEND1_PHY_CONFIG, PHY_CONFIG_AUTO);

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031655-santa-shoptalk-2d45@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] smb: client: Fix match_session bug preventing session reuse" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 605b249ea96770ac4fac4b8510a99e0f8442be5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031654-posh-culture-2f79@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 605b249ea96770ac4fac4b8510a99e0f8442be5e Mon Sep 17 00:00:00 2001 From: Henrique Carvalho <henrique.carvalho(a)suse.com> Date: Tue, 11 Mar 2025 15:23:59 -0300 Subject: [PATCH] smb: client: Fix match_session bug preventing session reuse Fix a bug in match_session() that can causes the session to not be reused in some cases. Reproduction steps: mount.cifs //server/share /mnt/a -o credentials=creds mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp cat /proc/fs/cifs/DebugData | grep SessionId | wc -l mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp mount.cifs //server/share /mnt/a -o credentials=creds cat /proc/fs/cifs/DebugData | grep SessionId | wc -l Cc: stable(a)vger.kernel.org Reviewed-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Henrique Carvalho <henrique.carvalho(a)suse.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: Populate vmemmap at the page level if not section" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d4234d131b0a3f9e65973f1cdc71bb3560f5d14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031635-spider-hurricane-4475@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4234d131b0a3f9e65973f1cdc71bb3560f5d14b Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Tue, 4 Mar 2025 15:27:00 +0800 Subject: [PATCH] arm64: mm: Populate vmemmap at the page level if not section aligned On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. The first problem is that if start or end is not aligned to a section boundary, such as when a subsection is hot added, populating the entire section is wasteful. The next problem is if we hotplug something that spans part of 128 MiB section (subsections, let's call it memblock1), and then hotplug something that spans another part of a 128 MiB section(subsections, let's call it memblock2), and subsequently unplug memblock1, vmemmap_free() will clear the entire PMD entry which also supports memblock2 even though memblock2 is still active. Assuming hotplug/unplug sizes are guaranteed to be symmetric. Do the fix similar to x86-64: populate to pages levels if start/end is not aligned with section boundary. Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Link: https://lore.kernel.org/r/20250304072700.3405036-1-quic_zhenhuah@quicinc.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..1dfe1a8efdbe 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1177,8 +1177,11 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); + /* [start, end] should be within one section */ + WARN_ON_ONCE(end - start > PAGES_PER_SECTION * sizeof(struct page)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || + (end - start < PAGES_PER_SECTION * sizeof(struct page))) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap);

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: Populate vmemmap at the page level if not section" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d4234d131b0a3f9e65973f1cdc71bb3560f5d14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031628-percolate-sulphate-3806@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4234d131b0a3f9e65973f1cdc71bb3560f5d14b Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Tue, 4 Mar 2025 15:27:00 +0800 Subject: [PATCH] arm64: mm: Populate vmemmap at the page level if not section aligned On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. The first problem is that if start or end is not aligned to a section boundary, such as when a subsection is hot added, populating the entire section is wasteful. The next problem is if we hotplug something that spans part of 128 MiB section (subsections, let's call it memblock1), and then hotplug something that spans another part of a 128 MiB section(subsections, let's call it memblock2), and subsequently unplug memblock1, vmemmap_free() will clear the entire PMD entry which also supports memblock2 even though memblock2 is still active. Assuming hotplug/unplug sizes are guaranteed to be symmetric. Do the fix similar to x86-64: populate to pages levels if start/end is not aligned with section boundary. Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Link: https://lore.kernel.org/r/20250304072700.3405036-1-quic_zhenhuah@quicinc.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..1dfe1a8efdbe 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1177,8 +1177,11 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); + /* [start, end] should be within one section */ + WARN_ON_ONCE(end - start > PAGES_PER_SECTION * sizeof(struct page)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || + (end - start < PAGES_PER_SECTION * sizeof(struct page))) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap);

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: Populate vmemmap at the page level if not section" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d4234d131b0a3f9e65973f1cdc71bb3560f5d14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031627-capture-pouring-5da4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4234d131b0a3f9e65973f1cdc71bb3560f5d14b Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Tue, 4 Mar 2025 15:27:00 +0800 Subject: [PATCH] arm64: mm: Populate vmemmap at the page level if not section aligned On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. The first problem is that if start or end is not aligned to a section boundary, such as when a subsection is hot added, populating the entire section is wasteful. The next problem is if we hotplug something that spans part of 128 MiB section (subsections, let's call it memblock1), and then hotplug something that spans another part of a 128 MiB section(subsections, let's call it memblock2), and subsequently unplug memblock1, vmemmap_free() will clear the entire PMD entry which also supports memblock2 even though memblock2 is still active. Assuming hotplug/unplug sizes are guaranteed to be symmetric. Do the fix similar to x86-64: populate to pages levels if start/end is not aligned with section boundary. Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Link: https://lore.kernel.org/r/20250304072700.3405036-1-quic_zhenhuah@quicinc.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..1dfe1a8efdbe 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1177,8 +1177,11 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); + /* [start, end] should be within one section */ + WARN_ON_ONCE(end - start > PAGES_PER_SECTION * sizeof(struct page)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || + (end - start < PAGES_PER_SECTION * sizeof(struct page))) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap);

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: Populate vmemmap at the page level if not section" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d4234d131b0a3f9e65973f1cdc71bb3560f5d14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031627-theorize-manned-7263@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4234d131b0a3f9e65973f1cdc71bb3560f5d14b Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Tue, 4 Mar 2025 15:27:00 +0800 Subject: [PATCH] arm64: mm: Populate vmemmap at the page level if not section aligned On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. The first problem is that if start or end is not aligned to a section boundary, such as when a subsection is hot added, populating the entire section is wasteful. The next problem is if we hotplug something that spans part of 128 MiB section (subsections, let's call it memblock1), and then hotplug something that spans another part of a 128 MiB section(subsections, let's call it memblock2), and subsequently unplug memblock1, vmemmap_free() will clear the entire PMD entry which also supports memblock2 even though memblock2 is still active. Assuming hotplug/unplug sizes are guaranteed to be symmetric. Do the fix similar to x86-64: populate to pages levels if start/end is not aligned with section boundary. Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Link: https://lore.kernel.org/r/20250304072700.3405036-1-quic_zhenhuah@quicinc.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..1dfe1a8efdbe 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1177,8 +1177,11 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); + /* [start, end] should be within one section */ + WARN_ON_ONCE(end - start > PAGES_PER_SECTION * sizeof(struct page)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || + (end - start < PAGES_PER_SECTION * sizeof(struct page))) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap);

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: microchip-core: prevent RX overflows when transmit size" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 91cf42c63f2d8a9c1bcdfe923218e079b32e1a69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031631-sensuous-cataract-f3f3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91cf42c63f2d8a9c1bcdfe923218e079b32e1a69 Mon Sep 17 00:00:00 2001 From: Conor Dooley <conor.dooley(a)microchip.com> Date: Mon, 3 Mar 2025 10:47:40 +0000 Subject: [PATCH] spi: microchip-core: prevent RX overflows when transmit size > FIFO size When the size of a transfer exceeds the size of the FIFO (32 bytes), RX overflows will be generated and receive data will be corrupted and warnings will be produced. For example, here's an error generated by a transfer of 36 bytes: spi_master spi0: mchp_corespi_interrupt: RX OVERFLOW: rxlen: 4, txlen: 0 The driver is currently split between handling receiving in the interrupt handler, and sending outside of it. Move all handling out of the interrupt handling, and explicitly link the number of bytes read of of the RX FIFO to the number written into the TX one. This both resolves the overflow problems as well as simplifying the flow of the driver. CC: stable(a)vger.kernel.org Fixes: 9ac8d17694b6 ("spi: add support for microchip fpga spi controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Link: https://patch.msgid.link/20250303-veal-snooper-712c1dfad336@wendy Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-microchip-core.c b/drivers/spi/spi-microchip-core.c index 5b6af55855ef..62ba0bd9cbb7 100644 --- a/drivers/spi/spi-microchip-core.c +++ b/drivers/spi/spi-microchip-core.c @@ -70,8 +70,7 @@ #define INT_RX_CHANNEL_OVERFLOW BIT(2) #define INT_TX_CHANNEL_UNDERRUN BIT(3) -#define INT_ENABLE_MASK (CONTROL_RX_DATA_INT | CONTROL_TX_DATA_INT | \ - CONTROL_RX_OVER_INT | CONTROL_TX_UNDER_INT) +#define INT_ENABLE_MASK (CONTROL_RX_OVER_INT | CONTROL_TX_UNDER_INT) #define REG_CONTROL (0x00) #define REG_FRAME_SIZE (0x04) @@ -133,10 +132,15 @@ static inline void mchp_corespi_disable(struct mchp_corespi *spi) mchp_corespi_write(spi, REG_CONTROL, control); } -static inline void mchp_corespi_read_fifo(struct mchp_corespi *spi) +static inline void mchp_corespi_read_fifo(struct mchp_corespi *spi, int fifo_max) { - while (spi->rx_len >= spi->n_bytes && !(mchp_corespi_read(spi, REG_STATUS) & STATUS_RXFIFO_EMPTY)) { - u32 data = mchp_corespi_read(spi, REG_RX_DATA); + for (int i = 0; i < fifo_max; i++) { + u32 data; + + while (mchp_corespi_read(spi, REG_STATUS) & STATUS_RXFIFO_EMPTY) + ; + + data = mchp_corespi_read(spi, REG_RX_DATA); spi->rx_len -= spi->n_bytes; @@ -211,11 +215,10 @@ static inline void mchp_corespi_set_xfer_size(struct mchp_corespi *spi, int len) mchp_corespi_write(spi, REG_FRAMESUP, len); } -static inline void mchp_corespi_write_fifo(struct mchp_corespi *spi) +static inline void mchp_corespi_write_fifo(struct mchp_corespi *spi, int fifo_max) { - int fifo_max, i = 0; + int i = 0; - fifo_max = DIV_ROUND_UP(min(spi->tx_len, FIFO_DEPTH), spi->n_bytes); mchp_corespi_set_xfer_size(spi, fifo_max); while ((i < fifo_max) && !(mchp_corespi_read(spi, REG_STATUS) & STATUS_TXFIFO_FULL)) { @@ -413,19 +416,6 @@ static irqreturn_t mchp_corespi_interrupt(int irq, void *dev_id) if (intfield == 0) return IRQ_NONE; - if (intfield & INT_TXDONE) - mchp_corespi_write(spi, REG_INT_CLEAR, INT_TXDONE); - - if (intfield & INT_RXRDY) { - mchp_corespi_write(spi, REG_INT_CLEAR, INT_RXRDY); - - if (spi->rx_len) - mchp_corespi_read_fifo(spi); - } - - if (!spi->rx_len && !spi->tx_len) - finalise = true; - if (intfield & INT_RX_CHANNEL_OVERFLOW) { mchp_corespi_write(spi, REG_INT_CLEAR, INT_RX_CHANNEL_OVERFLOW); finalise = true; @@ -512,9 +502,14 @@ static int mchp_corespi_transfer_one(struct spi_controller *host, mchp_corespi_write(spi, REG_SLAVE_SELECT, spi->pending_slave_select); - while (spi->tx_len) - mchp_corespi_write_fifo(spi); + while (spi->tx_len) { + int fifo_max = DIV_ROUND_UP(min(spi->tx_len, FIFO_DEPTH), spi->n_bytes); + mchp_corespi_write_fifo(spi, fifo_max); + mchp_corespi_read_fifo(spi, fifo_max); + } + + spi_finalize_current_transfer(host); return 1; }

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] spi: microchip-core: prevent RX overflows when transmit size" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 91cf42c63f2d8a9c1bcdfe923218e079b32e1a69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031631-outskirts-catfight-a453@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91cf42c63f2d8a9c1bcdfe923218e079b32e1a69 Mon Sep 17 00:00:00 2001 From: Conor Dooley <conor.dooley(a)microchip.com> Date: Mon, 3 Mar 2025 10:47:40 +0000 Subject: [PATCH] spi: microchip-core: prevent RX overflows when transmit size > FIFO size When the size of a transfer exceeds the size of the FIFO (32 bytes), RX overflows will be generated and receive data will be corrupted and warnings will be produced. For example, here's an error generated by a transfer of 36 bytes: spi_master spi0: mchp_corespi_interrupt: RX OVERFLOW: rxlen: 4, txlen: 0 The driver is currently split between handling receiving in the interrupt handler, and sending outside of it. Move all handling out of the interrupt handling, and explicitly link the number of bytes read of of the RX FIFO to the number written into the TX one. This both resolves the overflow problems as well as simplifying the flow of the driver. CC: stable(a)vger.kernel.org Fixes: 9ac8d17694b6 ("spi: add support for microchip fpga spi controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Link: https://patch.msgid.link/20250303-veal-snooper-712c1dfad336@wendy Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/drivers/spi/spi-microchip-core.c b/drivers/spi/spi-microchip-core.c index 5b6af55855ef..62ba0bd9cbb7 100644 --- a/drivers/spi/spi-microchip-core.c +++ b/drivers/spi/spi-microchip-core.c @@ -70,8 +70,7 @@ #define INT_RX_CHANNEL_OVERFLOW BIT(2) #define INT_TX_CHANNEL_UNDERRUN BIT(3) -#define INT_ENABLE_MASK (CONTROL_RX_DATA_INT | CONTROL_TX_DATA_INT | \ - CONTROL_RX_OVER_INT | CONTROL_TX_UNDER_INT) +#define INT_ENABLE_MASK (CONTROL_RX_OVER_INT | CONTROL_TX_UNDER_INT) #define REG_CONTROL (0x00) #define REG_FRAME_SIZE (0x04) @@ -133,10 +132,15 @@ static inline void mchp_corespi_disable(struct mchp_corespi *spi) mchp_corespi_write(spi, REG_CONTROL, control); } -static inline void mchp_corespi_read_fifo(struct mchp_corespi *spi) +static inline void mchp_corespi_read_fifo(struct mchp_corespi *spi, int fifo_max) { - while (spi->rx_len >= spi->n_bytes && !(mchp_corespi_read(spi, REG_STATUS) & STATUS_RXFIFO_EMPTY)) { - u32 data = mchp_corespi_read(spi, REG_RX_DATA); + for (int i = 0; i < fifo_max; i++) { + u32 data; + + while (mchp_corespi_read(spi, REG_STATUS) & STATUS_RXFIFO_EMPTY) + ; + + data = mchp_corespi_read(spi, REG_RX_DATA); spi->rx_len -= spi->n_bytes; @@ -211,11 +215,10 @@ static inline void mchp_corespi_set_xfer_size(struct mchp_corespi *spi, int len) mchp_corespi_write(spi, REG_FRAMESUP, len); } -static inline void mchp_corespi_write_fifo(struct mchp_corespi *spi) +static inline void mchp_corespi_write_fifo(struct mchp_corespi *spi, int fifo_max) { - int fifo_max, i = 0; + int i = 0; - fifo_max = DIV_ROUND_UP(min(spi->tx_len, FIFO_DEPTH), spi->n_bytes); mchp_corespi_set_xfer_size(spi, fifo_max); while ((i < fifo_max) && !(mchp_corespi_read(spi, REG_STATUS) & STATUS_TXFIFO_FULL)) { @@ -413,19 +416,6 @@ static irqreturn_t mchp_corespi_interrupt(int irq, void *dev_id) if (intfield == 0) return IRQ_NONE; - if (intfield & INT_TXDONE) - mchp_corespi_write(spi, REG_INT_CLEAR, INT_TXDONE); - - if (intfield & INT_RXRDY) { - mchp_corespi_write(spi, REG_INT_CLEAR, INT_RXRDY); - - if (spi->rx_len) - mchp_corespi_read_fifo(spi); - } - - if (!spi->rx_len && !spi->tx_len) - finalise = true; - if (intfield & INT_RX_CHANNEL_OVERFLOW) { mchp_corespi_write(spi, REG_INT_CLEAR, INT_RX_CHANNEL_OVERFLOW); finalise = true; @@ -512,9 +502,14 @@ static int mchp_corespi_transfer_one(struct spi_controller *host, mchp_corespi_write(spi, REG_SLAVE_SELECT, spi->pending_slave_select); - while (spi->tx_len) - mchp_corespi_write_fifo(spi); + while (spi->tx_len) { + int fifo_max = DIV_ROUND_UP(min(spi->tx_len, FIFO_DEPTH), spi->n_bytes); + mchp_corespi_write_fifo(spi, fifo_max); + mchp_corespi_read_fifo(spi, fifo_max); + } + + spi_finalize_current_transfer(host); return 1; }

1 month, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: iqs7222 - preserve system status register" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a2add513311b48cc924a699a8174db2c61ed5e8a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031607-striking-creasing-c69c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2add513311b48cc924a699a8174db2c61ed5e8a Mon Sep 17 00:00:00 2001 From: Jeff LaBundy <jeff(a)labundy.com> Date: Sun, 9 Mar 2025 20:29:59 -0500 Subject: [PATCH] Input: iqs7222 - preserve system status register Some register groups reserve a byte at the end of their continuous address space. Depending on the variant of silicon, this field may share the same memory space as the lower byte of the system status register (0x10). In these cases, caching the reserved byte and writing it later may effectively reset the device depending on what happened in between the read and write operations. Solve this problem by avoiding any access to this last byte within offending register groups. This method replaces a workaround which attempted to write the reserved byte with up-to-date contents, but left a small window in which updates by the device could have been clobbered. Now that the driver does not touch these reserved bytes, the order in which the device's registers are written no longer matters, and they can be written in their natural order. The new method is also much more generic, and can be more easily extended to new variants of silicon with different register maps. As part of this change, the register read and write functions must be gently updated to support byte access instead of word access. Fixes: 2e70ef525b73 ("Input: iqs7222 - acknowledge reset before writing registers") Signed-off-by: Jeff LaBundy <jeff(a)labundy.com> Link: https://lore.kernel.org/r/Z85Alw+d9EHKXx2e@nixie71 Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/misc/iqs7222.c b/drivers/input/misc/iqs7222.c index 22022d11470d..80b917944b51 100644 --- a/drivers/input/misc/iqs7222.c +++ b/drivers/input/misc/iqs7222.c @@ -100,11 +100,11 @@ enum iqs7222_reg_key_id { enum iqs7222_reg_grp_id { IQS7222_REG_GRP_STAT, - IQS7222_REG_GRP_FILT, IQS7222_REG_GRP_CYCLE, IQS7222_REG_GRP_GLBL, IQS7222_REG_GRP_BTN, IQS7222_REG_GRP_CHAN, + IQS7222_REG_GRP_FILT, IQS7222_REG_GRP_SLDR, IQS7222_REG_GRP_TPAD, IQS7222_REG_GRP_GPIO, @@ -286,6 +286,7 @@ static const struct iqs7222_event_desc iqs7222_tp_events[] = { struct iqs7222_reg_grp_desc { u16 base; + u16 val_len; int num_row; int num_col; }; @@ -342,6 +343,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAC00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -400,6 +402,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAC00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -454,6 +457,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xC400, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -496,6 +500,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xC400, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -543,6 +548,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAA00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -600,6 +606,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAA00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -656,6 +663,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAE00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -712,6 +720,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAE00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -768,6 +777,7 @@ static const struct iqs7222_dev_desc iqs7222_devs[] = { }, [IQS7222_REG_GRP_FILT] = { .base = 0xAE00, + .val_len = 3, .num_row = 1, .num_col = 2, }, @@ -1604,7 +1614,7 @@ static int iqs7222_force_comms(struct iqs7222_private *iqs7222) } static int iqs7222_read_burst(struct iqs7222_private *iqs7222, - u16 reg, void *val, u16 num_val) + u16 reg, void *val, u16 val_len) { u8 reg_buf[sizeof(__be16)]; int ret, i; @@ -1619,7 +1629,7 @@ static int iqs7222_read_burst(struct iqs7222_private *iqs7222, { .addr = client->addr, .flags = I2C_M_RD, - .len = num_val * sizeof(__le16), + .len = val_len, .buf = (u8 *)val, }, }; @@ -1675,7 +1685,7 @@ static int iqs7222_read_word(struct iqs7222_private *iqs7222, u16 reg, u16 *val) __le16 val_buf; int error; - error = iqs7222_read_burst(iqs7222, reg, &val_buf, 1); + error = iqs7222_read_burst(iqs7222, reg, &val_buf, sizeof(val_buf)); if (error) return error; @@ -1685,10 +1695,9 @@ static int iqs7222_read_word(struct iqs7222_private *iqs7222, u16 reg, u16 *val) } static int iqs7222_write_burst(struct iqs7222_private *iqs7222, - u16 reg, const void *val, u16 num_val) + u16 reg, const void *val, u16 val_len) { int reg_len = reg > U8_MAX ? sizeof(reg) : sizeof(u8); - int val_len = num_val * sizeof(__le16); int msg_len = reg_len + val_len; int ret, i; struct i2c_client *client = iqs7222->client; @@ -1747,7 +1756,7 @@ static int iqs7222_write_word(struct iqs7222_private *iqs7222, u16 reg, u16 val) { __le16 val_buf = cpu_to_le16(val); - return iqs7222_write_burst(iqs7222, reg, &val_buf, 1); + return iqs7222_write_burst(iqs7222, reg, &val_buf, sizeof(val_buf)); } static int iqs7222_ati_trigger(struct iqs7222_private *iqs7222) @@ -1831,30 +1840,14 @@ static int iqs7222_dev_init(struct iqs7222_private *iqs7222, int dir) /* * Acknowledge reset before writing any registers in case the device - * suffers a spurious reset during initialization. Because this step - * may change the reserved fields of the second filter beta register, - * its cache must be updated. - * - * Writing the second filter beta register, in turn, may clobber the - * system status register. As such, the filter beta register pair is - * written first to protect against this hazard. + * suffers a spurious reset during initialization. */ if (dir == WRITE) { - u16 reg = dev_desc->reg_grps[IQS7222_REG_GRP_FILT].base + 1; - u16 filt_setup; - error = iqs7222_write_word(iqs7222, IQS7222_SYS_SETUP, iqs7222->sys_setup[0] | IQS7222_SYS_SETUP_ACK_RESET); if (error) return error; - - error = iqs7222_read_word(iqs7222, reg, &filt_setup); - if (error) - return error; - - iqs7222->filt_setup[1] &= GENMASK(7, 0); - iqs7222->filt_setup[1] |= (filt_setup & ~GENMASK(7, 0)); } /* @@ -1883,6 +1876,7 @@ static int iqs7222_dev_init(struct iqs7222_private *iqs7222, int dir) int num_col = dev_desc->reg_grps[i].num_col; u16 reg = dev_desc->reg_grps[i].base; __le16 *val_buf; + u16 val_len = dev_desc->reg_grps[i].val_len ? : num_col * sizeof(*val_buf); u16 *val; if (!num_col) @@ -1900,7 +1894,7 @@ static int iqs7222_dev_init(struct iqs7222_private *iqs7222, int dir) switch (dir) { case READ: error = iqs7222_read_burst(iqs7222, reg, - val_buf, num_col); + val_buf, val_len); for (k = 0; k < num_col; k++) val[k] = le16_to_cpu(val_buf[k]); break; @@ -1909,7 +1903,7 @@ static int iqs7222_dev_init(struct iqs7222_private *iqs7222, int dir) for (k = 0; k < num_col; k++) val_buf[k] = cpu_to_le16(val[k]); error = iqs7222_write_burst(iqs7222, reg, - val_buf, num_col); + val_buf, val_len); break; default: @@ -1962,7 +1956,7 @@ static int iqs7222_dev_info(struct iqs7222_private *iqs7222) int error, i; error = iqs7222_read_burst(iqs7222, IQS7222_PROD_NUM, dev_id, - ARRAY_SIZE(dev_id)); + sizeof(dev_id)); if (error) return error; @@ -2915,7 +2909,7 @@ static int iqs7222_report(struct iqs7222_private *iqs7222) __le16 status[IQS7222_MAX_COLS_STAT]; error = iqs7222_read_burst(iqs7222, IQS7222_SYS_STATUS, status, - num_stat); + num_stat * sizeof(*status)); if (error) return error;

1 month, 2 weeks

1
0
0 0

[PATCH 5.10.y] memcg: fix soft lockup in the OOM process

by Abdelkareem Abdelsaamad

From: Chen Ridong <chenridong(a)huawei.com> [ Upstream commit ade81479c7dda1ce3eedb215c78bc615bbd04f06 ] A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered. watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066] CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G Hardware name: Huawei Cloud OpenStack Nova, BIOS RIP: 0010:console_unlock+0x343/0x540 RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247 RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040 R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0 R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vprintk_emit+0x193/0x280 printk+0x52/0x6e dump_task+0x114/0x130 mem_cgroup_scan_tasks+0x76/0x100 dump_header+0x1fe/0x210 oom_kill_process+0xd1/0x100 out_of_memory+0x125/0x570 mem_cgroup_out_of_memory+0xb5/0xd0 try_charge+0x720/0x770 mem_cgroup_try_charge+0x86/0x180 mem_cgroup_try_charge_delay+0x1c/0x40 do_anonymous_page+0xb5/0x390 handle_mm_fault+0xc4/0x1f0 This is because thousands of processes are in the OOM cgroup, it takes a long time to traverse all of them. As a result, this lead to soft lockup in the OOM process. To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks' function per 1000 iterations. For global OOM, call 'touch_softlockup_watchdog' per 1000 iterations to avoid this issue. Link: https://lkml.kernel.org/r/20241224025238.3768787-1-chenridong@huaweicloud.c… Fixes: 9cbb78bb3143 ("mm, memcg: introduce own oom handler to iterate only over its own threads") Signed-off-by: Chen Ridong <chenridong(a)huawei.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Muchun Song <songmuchun(a)bytedance.com> Cc: Michal Koutný <mkoutny(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Conflict due to 2ea465878344 ("mm: update mark_victim tracepoints field") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- mm/memcontrol.c | 7 ++++++- mm/oom_kill.c | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 8de7c72ae025..14f26b3b0204 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1312,6 +1312,7 @@ int mem_cgroup_scan_tasks(struct mem_cgroup *memcg, { struct mem_cgroup *iter; int ret = 0; + int i = 0; BUG_ON(memcg == root_mem_cgroup); @@ -1320,8 +1321,12 @@ int mem_cgroup_scan_tasks(struct mem_cgroup *memcg, struct task_struct *task; css_task_iter_start(&iter->css, CSS_TASK_ITER_PROCS, &it); - while (!ret && (task = css_task_iter_next(&it))) + while (!ret && (task = css_task_iter_next(&it))) { + /* Avoid potential softlockup warning */ + if ((++i & 1023) == 0) + cond_resched(); ret = fn(task, arg); + } css_task_iter_end(&it); if (ret) { mem_cgroup_iter_break(memcg, iter); diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 3d7c557fb70c..ba333cc560d8 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -43,6 +43,7 @@ #include <linux/kthread.h> #include <linux/init.h> #include <linux/mmu_notifier.h> +#include <linux/nmi.h> #include <asm/tlb.h> #include "internal.h" @@ -430,10 +431,15 @@ static void dump_tasks(struct oom_control *oc) mem_cgroup_scan_tasks(oc->memcg, dump_task, oc); else { struct task_struct *p; + int i = 0; rcu_read_lock(); - for_each_process(p) + for_each_process(p) { + /* Avoid potential softlockup warning */ + if ((++i & 1023) == 0) + touch_softlockup_watchdog(); dump_task(p, oc); + } rcu_read_unlock(); } } -- 2.47.1

1 month, 2 weeks

3
2
0 0

Re: [PATCH 1/4] PCI/hotplug: Disable HPIE over reset

by Lukas Wunner

On Sat, Mar 15, 2025 at 07:57:55PM +0100, proxy0(a)tutamail.com wrote: > Mar 15, 2025, 9:28 PM by lukas(a)wunner.de: > > After dwelling on this for a while, I'm thinking that it may re-introduce > > the issue fixed by commit f5eff5591b8f ("PCI: pciehp: Fix AB-BA deadlock > > between reset_lock and device_lock"): > > > > Looking at the second and third stack trace in its commit message, > > down_write(reset_lock) in pciehp_reset_slot() is basically equivalent > > to synchronize_irq() and we're holding device_lock() at that point, > > hindering progress of pciehp_ist(). > > > > So I think I have guided you in the wrong direction and I apologize > > for that. > > > > However it seems to me that this should be solvable with the small > > patch below. Am I missing something? > > > > @Joel Mathew Thomas, could you give the below patch a spin and see > > if it helps? > > I've tested the patch series along with the additional patch provided. > > Kernel: 6.14.0-rc6-00043-g3571e8b091f4-dirty-pci-hotplug-reset-fixes-eventmask-fix > > Patches applied: > - [PATCH 1/4] PCI/hotplug: Disable HPIE over reset > - [PATCH 2/4] PCI/hotplug: Clearing HPIE for the duration of reset is enough > - [PATCH 3/4] PCI/hotplug: reset_lock is not required synchronizing with irq thread > - [PATCH 4/4] PCI/hotplug: Don't enable HPIE in poll mode > - The latest patch from you: > + /* Ignore events masked by pciehp_reset_slot(). */ > + events &= ctrl->slot_ctrl; > + if (!events) > + return IRQ_HANDLED; Could you test *only* the quoted diff, i.e. without patches [1/4] - [4/4], on top of a recent kernel? Sorry for not having been clear about this. I believe that patch [1/4] will re-introduce a deadlock we've already fixed two years ago, so the small diff above seeks to replace it with a simpler approach that will hopefully avoid the issue as well. Thanks, Lukas

1 month, 2 weeks

1
0
0 0

6.6 io_uring mmap backport

by Jens Axboe

Hi, I prepared this series about 6 months ago, but never got around to sending it in. In mainline, we got rid of remap_pfn_range() on the io_uring side, and this just backports it to 6.6-stable as well. This eliminates issues with fragmented memory, and hence it'd be nice to have it in 6.6 stable as well. 6.6-stable also has mmap support for provided ring buffers, and since we've had an issue related to remap_pfn_range() there, let's bring it to 6.6 stable as well as a precaution. -- Jens Axboe

1 month, 2 weeks

1
0
0 0

[PATCH] crypto: ccp: Fix uAPI definitions of PSP errors

by Alexey Kardashevskiy

Additions to the error enum after explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: stable(a)vger.kernel.org Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> --- Reposting as requested in https://lore.kernel.org/r/Z7f2S3MigLEY80P2@gondor.apana.org.au I wrote it in the first place but since then it travelled a lot, feel free to correct the chain of SOBs and RB :) --- include/uapi/linux/psp-sev.h | 21 +++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155b..eeb20dfb1fda 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.1

1 month, 2 weeks

4
4
0 0

[PATCH AUTOSEL 6.13 01/17] phy: ti: gmii-sel: Do not use syscon helper to build regmap

by Sasha Levin

From: Andrew Davis <afd(a)ti.com> [ Upstream commit 5ab90f40121a9f6a9b368274cd92d0f435dc7cfa ] The syscon helper device_node_to_regmap() is used to fetch a regmap registered to a device node. It also currently creates this regmap if the node did not already have a regmap associated with it. This should only be used on "syscon" nodes. This driver is not such a device and instead uses device_node_to_regmap() on its own node as a hacky way to create a regmap for itself. This will not work going forward and so we should create our regmap the normal way by defining our regmap_config, fetching our memory resource, then using the normal regmap_init_mmio() function. Signed-off-by: Andrew Davis <afd(a)ti.com> Tested-by: Nishanth Menon <nm(a)ti.com> Link: https://lore.kernel.org/r/20250123182234.597665-1-afd@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/phy/ti/phy-gmii-sel.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/phy/ti/phy-gmii-sel.c b/drivers/phy/ti/phy-gmii-sel.c index e0ca59ae31531..ff5d5e29629fa 100644 --- a/drivers/phy/ti/phy-gmii-sel.c +++ b/drivers/phy/ti/phy-gmii-sel.c @@ -424,6 +424,12 @@ static int phy_gmii_sel_init_ports(struct phy_gmii_sel_priv *priv) return 0; } +static const struct regmap_config phy_gmii_sel_regmap_cfg = { + .reg_bits = 32, + .val_bits = 32, + .reg_stride = 4, +}; + static int phy_gmii_sel_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; @@ -468,7 +474,14 @@ static int phy_gmii_sel_probe(struct platform_device *pdev) priv->regmap = syscon_node_to_regmap(node->parent); if (IS_ERR(priv->regmap)) { - priv->regmap = device_node_to_regmap(node); + void __iomem *base; + + base = devm_platform_ioremap_resource(pdev, 0); + if (IS_ERR(base)) + return dev_err_probe(dev, PTR_ERR(base), + "failed to get base memory resource\n"); + + priv->regmap = regmap_init_mmio(dev, base, &phy_gmii_sel_regmap_cfg); if (IS_ERR(priv->regmap)) return dev_err_probe(dev, PTR_ERR(priv->regmap), "Failed to get syscon\n"); -- 2.39.5

1 month, 2 weeks

2
18
0 0

[PATCH AUTOSEL 6.13 01/32] selftests/bpf: Adjust data size to have ETH_HLEN

by Sasha Levin

From: Shigeru Yoshida <syoshida(a)redhat.com> [ Upstream commit c7f2188d68c114095660a950b7e880a1e5a71c8f ] The function bpf_test_init() now returns an error if user_size (.data_size_in) is less than ETH_HLEN, causing the tests to fail. Adjust the data size to ensure it meets the requirement of ETH_HLEN. Signed-off-by: Shigeru Yoshida <syoshida(a)redhat.com> Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> Link: https://patch.msgid.link/20250121150643.671650-2-syoshida@redhat.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c | 4 ++-- .../testing/selftests/bpf/prog_tests/xdp_devmap_attach.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c b/tools/testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c index c7f74f068e788..df27535995af8 100644 --- a/tools/testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c +++ b/tools/testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c @@ -52,10 +52,10 @@ static void test_xdp_with_cpumap_helpers(void) ASSERT_EQ(info.id, val.bpf_prog.id, "Match program id to cpumap entry prog_id"); /* send a packet to trigger any potential bugs in there */ - char data[10] = {}; + char data[ETH_HLEN] = {}; DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts, .data_in = &data, - .data_size_in = 10, + .data_size_in = sizeof(data), .flags = BPF_F_TEST_XDP_LIVE_FRAMES, .repeat = 1, ); diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_devmap_attach.c b/tools/testing/selftests/bpf/prog_tests/xdp_devmap_attach.c index 27ffed17d4be3..461ab18705d5c 100644 --- a/tools/testing/selftests/bpf/prog_tests/xdp_devmap_attach.c +++ b/tools/testing/selftests/bpf/prog_tests/xdp_devmap_attach.c @@ -23,7 +23,7 @@ static void test_xdp_with_devmap_helpers(void) __u32 len = sizeof(info); int err, dm_fd, dm_fd_redir, map_fd; struct nstoken *nstoken = NULL; - char data[10] = {}; + char data[ETH_HLEN] = {}; __u32 idx = 0; SYS(out_close, "ip netns add %s", TEST_NS); @@ -58,7 +58,7 @@ static void test_xdp_with_devmap_helpers(void) /* send a packet to trigger any potential bugs in there */ DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts, .data_in = &data, - .data_size_in = 10, + .data_size_in = sizeof(data), .flags = BPF_F_TEST_XDP_LIVE_FRAMES, .repeat = 1, ); @@ -158,7 +158,7 @@ static void test_xdp_with_devmap_helpers_veth(void) struct nstoken *nstoken = NULL; __u32 len = sizeof(info); int err, dm_fd, dm_fd_redir, map_fd, ifindex_dst; - char data[10] = {}; + char data[ETH_HLEN] = {}; __u32 idx = 0; SYS(out_close, "ip netns add %s", TEST_NS); @@ -208,7 +208,7 @@ static void test_xdp_with_devmap_helpers_veth(void) /* send a packet to trigger any potential bugs in there */ DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts, .data_in = &data, - .data_size_in = 10, + .data_size_in = sizeof(data), .flags = BPF_F_TEST_XDP_LIVE_FRAMES, .repeat = 1, ); -- 2.39.5

1 month, 2 weeks

2
33
0 0

[PATCH AUTOSEL 6.6 01/17] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell

by Sasha Levin

From: Zhang Lixu <lixu.zhang(a)intel.com> [ Upstream commit 4b54ae69197b9f416baa0fceadff7e89075f8454 ] The timestamps in the Firmware log and HID sensor samples are incorrect. They show 1970-01-01 because the current IPC driver only uses the first 8 bytes of bootup time when synchronizing time with the firmware. The firmware converts the bootup time to UTC time, which results in the display of 1970-01-01. In write_ipc_from_queue(), when sending the MNG_SYNC_FW_CLOCK message, the clock is updated according to the definition of ipc_time_update_msg. However, in _ish_sync_fw_clock(), the message length is specified as the size of uint64_t when building the doorbell. As a result, the firmware only receives the first 8 bytes of struct ipc_time_update_msg. This patch corrects the length in the doorbell to ensure the entire ipc_time_update_msg is sent, fixing the timestamp issue. Signed-off-by: Zhang Lixu <lixu.zhang(a)intel.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hid/intel-ish-hid/ipc/ipc.c b/drivers/hid/intel-ish-hid/ipc/ipc.c index dd5fc60874ba1..b1a41c90c5741 100644 --- a/drivers/hid/intel-ish-hid/ipc/ipc.c +++ b/drivers/hid/intel-ish-hid/ipc/ipc.c @@ -577,14 +577,14 @@ static void fw_reset_work_fn(struct work_struct *unused) static void _ish_sync_fw_clock(struct ishtp_device *dev) { static unsigned long prev_sync; - uint64_t usec; + struct ipc_time_update_msg time = {}; if (prev_sync && time_before(jiffies, prev_sync + 20 * HZ)) return; prev_sync = jiffies; - usec = ktime_to_us(ktime_get_boottime()); - ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &usec, sizeof(uint64_t)); + /* The fields of time would be updated while sending message */ + ipc_send_mng_msg(dev, MNG_SYNC_FW_CLOCK, &time, sizeof(time)); } /** -- 2.39.5

1 month, 2 weeks

2
18
0 0

[PATCH stable 6.1] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Linxuan: perform an equivalent direct check without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- Some previous discussions can be found in the following links: https://lore.kernel.org/stable/05D0A9F7DE394601+20250311100555.310788-2-che… --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..6249bd47fb0b 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH stable 6.6] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Linxuan: perform an equivalent direct check without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- Some previous discussions can be found in the following links: https://lore.kernel.org/stable/05D0A9F7DE394601+20250311100555.310788-2-che… --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..6249bd47fb0b 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH stable 5.15] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

[ Upstream commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f ] >From memfd_secret(2) manpage: The memory areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor. The memory region is removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the corresponding physical memory. (Thus, the pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.) We need to handle this special case gracefully in build ID fetching code. Return -EFAULT whenever secretmem file is passed to build_id_parse() family of APIs. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction") Reported-by: Yi Lai <yi1.lai(a)intel.com> Suggested-by: Shakeel Butt <shakeel.butt(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org [ Linxuan: perform an equivalent direct check without folio-based changes ] Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- Some previous discussions can be found in the following links: https://lore.kernel.org/stable/05D0A9F7DE394601+20250311100555.310788-2-che… --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..6249bd47fb0b 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH 0/3] Fixes/improvements for SM6350 UFS

by Luca Weiss

Fix the order of the freq-table-hz property, then convert to OPP tables and add interconnect support for UFS for the SM6350 SoC. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Luca Weiss (3): arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS arm64: dts: qcom: sm6350: Add OPP table support to UFSHC arm64: dts: qcom: sm6350: Add interconnect support to UFS arch/arm64/boot/dts/qcom/sm6350.dtsi | 49 ++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) --- base-commit: eea255893718268e1ab852fb52f70c613d109b99 change-id: 20250314-sm6350-ufs-things-53c5de9fec5e Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

1 month, 2 weeks

2
2
0 0

[PATCH 0/2] clk: qcom: gdsc: Update retain_ff sequence and timeout for GDSC

by Taniya Das

The retain_ff bit should be updated for a GDSC when it is under SW control and ON. The current sequence needs to be fixed as the GDSC needs to update retention and is moved to HW control which does not guarantee the GDSC to be in enabled state. During the GDSC FSM state, the GDSC hardware waits for an ACK and the timeout for the ACK is 2000us as per design requirements. Signed-off-by: Taniya Das <quic_tdas(a)quicinc.com> --- Taniya Das (2): clk: qcom: gdsc: Set retain_ff before moving to HW CTRL clk: qcom: gdsc: Update the status poll timeout for GDSC drivers/clk/qcom/gdsc.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- base-commit: c674aa7c289e51659e40dda0f954886ef7f80042 change-id: 20250212-gdsc_fixes-77e8b8e27e2f Best regards, -- Taniya Das <quic_tdas(a)quicinc.com>

1 month, 2 weeks

3
3
0 0

[PATCH v5 5/5] ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.

by srinivas.kandagatla＠linaro.org

From: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Period sizes less than 6k for capture path triggers overruns in the dsp capture pipeline. Change the period size and number of periods to value which DSP is happy with. Fixes: 9b4fe0f1cd79 ("ASoC: qdsp6: audioreach: add q6apm-dai support") Cc: stable(a)vger.kernel.org Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Tested-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> --- sound/soc/qcom/qdsp6/q6apm-dai.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6apm-dai.c b/sound/soc/qcom/qdsp6/q6apm-dai.c index 180ff24041bf..2cd522108221 100644 --- a/sound/soc/qcom/qdsp6/q6apm-dai.c +++ b/sound/soc/qcom/qdsp6/q6apm-dai.c @@ -24,8 +24,8 @@ #define PLAYBACK_MIN_PERIOD_SIZE 128 #define CAPTURE_MIN_NUM_PERIODS 2 #define CAPTURE_MAX_NUM_PERIODS 8 -#define CAPTURE_MAX_PERIOD_SIZE 4096 -#define CAPTURE_MIN_PERIOD_SIZE 320 +#define CAPTURE_MAX_PERIOD_SIZE 65536 +#define CAPTURE_MIN_PERIOD_SIZE 6144 #define BUFFER_BYTES_MAX (PLAYBACK_MAX_NUM_PERIODS * PLAYBACK_MAX_PERIOD_SIZE) #define BUFFER_BYTES_MIN (PLAYBACK_MIN_NUM_PERIODS * PLAYBACK_MIN_PERIOD_SIZE) #define COMPR_PLAYBACK_MAX_FRAGMENT_SIZE (128 * 1024) -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH v5 4/5] ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.

by srinivas.kandagatla＠linaro.org

From: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> DSP expects the periods to be aligned to fragment sizes, currently setting up to hw constriants on periods bytes is not going to work correctly as we can endup with periods sizes aligned to 32 bytes however not aligned to fragment size. Update the constriants to use fragment size, and also set at step of 10ms for period size to accommodate DSP requirements of 10ms latency. Fixes: 9b4fe0f1cd79 ("ASoC: qdsp6: audioreach: add q6apm-dai support") Cc: stable(a)vger.kernel.org Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> --- sound/soc/qcom/qdsp6/q6apm-dai.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6apm-dai.c b/sound/soc/qcom/qdsp6/q6apm-dai.c index 90cb24947f31..180ff24041bf 100644 --- a/sound/soc/qcom/qdsp6/q6apm-dai.c +++ b/sound/soc/qcom/qdsp6/q6apm-dai.c @@ -385,13 +385,14 @@ static int q6apm_dai_open(struct snd_soc_component *component, } } - ret = snd_pcm_hw_constraint_step(runtime, 0, SNDRV_PCM_HW_PARAM_PERIOD_BYTES, 32); + /* setup 10ms latency to accommodate DSP restrictions */ + ret = snd_pcm_hw_constraint_step(runtime, 0, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, 480); if (ret < 0) { dev_err(dev, "constraint for period bytes step ret = %d\n", ret); goto err; } - ret = snd_pcm_hw_constraint_step(runtime, 0, SNDRV_PCM_HW_PARAM_BUFFER_BYTES, 32); + ret = snd_pcm_hw_constraint_step(runtime, 0, SNDRV_PCM_HW_PARAM_BUFFER_SIZE, 480); if (ret < 0) { dev_err(dev, "constraint for buffer bytes step ret = %d\n", ret); goto err; -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH v5 1/5] ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs

by srinivas.kandagatla＠linaro.org

From: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> With the existing code, we are only setting up one period at a time, in a ping-pong buffer style. This triggers lot of underruns in the dsp leading to jitter noise during audio playback. Fix this by scheduling all available periods, this will ensure that the dsp has enough buffer feed and ultimatley fixing the underruns and audio distortion. Fixes: 9b4fe0f1cd79 ("ASoC: qdsp6: audioreach: add q6apm-dai support") Cc: stable(a)vger.kernel.org Reported-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Tested-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> --- sound/soc/qcom/qdsp6/q6apm-dai.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6apm-dai.c b/sound/soc/qcom/qdsp6/q6apm-dai.c index c9404b5934c7..9d8e8e37c6de 100644 --- a/sound/soc/qcom/qdsp6/q6apm-dai.c +++ b/sound/soc/qcom/qdsp6/q6apm-dai.c @@ -70,6 +70,7 @@ struct q6apm_dai_rtd { unsigned int bytes_received; unsigned int copied_total; uint16_t bits_per_sample; + snd_pcm_uframes_t queue_ptr; bool next_track; enum stream_state state; struct q6apm_graph *graph; @@ -134,8 +135,6 @@ static void event_handler(uint32_t opcode, uint32_t token, void *payload, void * prtd->pos += prtd->pcm_count; spin_unlock_irqrestore(&prtd->lock, flags); snd_pcm_period_elapsed(substream); - if (prtd->state == Q6APM_STREAM_RUNNING) - q6apm_write_async(prtd->graph, prtd->pcm_count, 0, 0, 0); break; case APM_CLIENT_EVENT_DATA_READ_DONE: @@ -294,6 +293,27 @@ static int q6apm_dai_prepare(struct snd_soc_component *component, return 0; } +static int q6apm_dai_ack(struct snd_soc_component *component, struct snd_pcm_substream *substream) +{ + struct snd_pcm_runtime *runtime = substream->runtime; + struct q6apm_dai_rtd *prtd = runtime->private_data; + int i, ret = 0, avail_periods; + + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { + avail_periods = (runtime->control->appl_ptr - prtd->queue_ptr)/runtime->period_size; + for (i = 0; i < avail_periods; i++) { + ret = q6apm_write_async(prtd->graph, prtd->pcm_count, 0, 0, NO_TIMESTAMP); + if (ret < 0) { + dev_err(component->dev, "Error queuing playback buffer %d\n", ret); + return ret; + } + prtd->queue_ptr += runtime->period_size; + } + } + + return ret; +} + static int q6apm_dai_trigger(struct snd_soc_component *component, struct snd_pcm_substream *substream, int cmd) { @@ -305,9 +325,6 @@ static int q6apm_dai_trigger(struct snd_soc_component *component, case SNDRV_PCM_TRIGGER_START: case SNDRV_PCM_TRIGGER_RESUME: case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: - /* start writing buffers for playback only as we already queued capture buffers */ - if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) - ret = q6apm_write_async(prtd->graph, prtd->pcm_count, 0, 0, 0); break; case SNDRV_PCM_TRIGGER_STOP: /* TODO support be handled via SoftPause Module */ @@ -836,6 +853,7 @@ static const struct snd_soc_component_driver q6apm_fe_dai_component = { .hw_params = q6apm_dai_hw_params, .pointer = q6apm_dai_pointer, .trigger = q6apm_dai_trigger, + .ack = q6apm_dai_ack, .compress_ops = &q6apm_dai_compress_ops, .use_dai_pcm_id = true, }; -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH] x86/Hyperv: Fix check of return value from snp_set_vmsa()

by Tianyu Lan

From: Tianyu Lan <tiala(a)microsoft.com> snp_set_vmsa() returns 0 as success result and so fix it. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Tianyu Lan <tiala(a)microsoft.com> --- arch/x86/hyperv/ivm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index ec7880271cf9..77bf05f06b9e 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -338,7 +338,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) vmsa->sev_features = sev_status >> 2; ret = snp_set_vmsa(vmsa, true); - if (!ret) { + if (ret) { pr_err("RMPADJUST(%llx) failed: %llx\n", (u64)vmsa, ret); free_page((u64)vmsa); return ret; -- 2.25.1

1 month, 2 weeks

3
3
0 0

RE: Get premium contact lists

by Kevin Martin

Hi there, I wanted to check in to see if you've had a chance to review my previous message. Your feedback would be greatly appreciated. Best regards, Kevin ________________________________ From: Kevin Martin Sent: 12 March 2025 08:08 To: linux-stable-mirror(a)lists.linaro.org<mailto:linux-stable-mirror@lists.linaro.org> Subject: Get premium contact lists Hi there, Hope you're having a great day! Would you be interested in a recently verified list of NetApp clients to support your outreach? Let me know, and I'll be happy to share the details. Best regards, Kevin Martin Demand Consultant If you wish to stop receiving emails, reply with Abolish.

1 month, 2 weeks

1
0
0 0

[PATCH v2 1/8] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Cc: stable(a)vger.kernel.org # 6.8 Cc: Abel Vesa <abel.vesa(a)linaro.org> Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1-crd.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index 9e587dc57532..22ebcbe54e24 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -610,6 +610,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -631,6 +632,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.48.1

1 month, 2 weeks

3
2
0 0

[PATCH 2/4] netfs: Call `invalidate_cache` only if implemented

by David Howells

From: Max Kellermann <max.kellermann(a)ionos.com> Many filesystems such as NFS and Ceph do not implement the `invalidate_cache` method. On those filesystems, if writing to the cache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel crashes like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP PTI CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_write_collection_worker RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900 RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002 R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020 R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0 FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x460 ? try_to_wake_up+0x2d2/0x530 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 netfs_write_collection_worker+0xe9f/0x12b0 ? xs_poll_check_readable+0x3f/0x80 ? xs_stream_data_receive_workfn+0x8d/0x110 process_one_work+0x134/0x2d0 worker_thread+0x299/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xba/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: CR2: 0000000000000000 This patch adds the missing `NULL` check. Fixes: 0e0f2dfe880f ("netfs: Dispatch write requests to process a writeback slice") Fixes: 288ace2f57c9 ("netfs: New writeback implementation") Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> Signed-off-by: David Howells <dhowells(a)redhat.com> cc: netfs(a)lists.linux.dev cc: linux-cifs(a)vger.kernel.org cc: linux-fsdevel(a)vger.kernel.org cc: stable(a)vger.kernel.org --- fs/netfs/write_collect.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/netfs/write_collect.c b/fs/netfs/write_collect.c index 294f67795f79..3fca59e6475d 100644 --- a/fs/netfs/write_collect.c +++ b/fs/netfs/write_collect.c @@ -400,7 +400,8 @@ void netfs_write_collection_worker(struct work_struct *work) trace_netfs_rreq(wreq, netfs_rreq_trace_write_done); if (wreq->io_streams[1].active && - wreq->io_streams[1].failed) { + wreq->io_streams[1].failed && + ictx->ops->invalidate_cache) { /* Cache write failure doesn't prevent writeback completion * unless we're in disconnected mode. */

1 month, 2 weeks

1
0
0 0

[PATCH v2 8/8] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies

by Johan Hovold

Add the missing HID supplies to avoid relying on other consumers to keep them on. This also avoids the following warnings on boot: i2c_hid_of 0-0010: supply vdd not found, using dummy regulator i2c_hid_of 0-0010: supply vddl not found, using dummy regulator i2c_hid_of 1-0015: supply vdd not found, using dummy regulator i2c_hid_of 1-002c: supply vdd not found, using dummy regulator i2c_hid_of 1-0015: supply vddl not found, using dummy regulator i2c_hid_of 1-002c: supply vddl not found, using dummy regulator i2c_hid_of 1-003a: supply vdd not found, using dummy regulator i2c_hid_of 1-003a: supply vddl not found, using dummy regulator Note that VCC3B is also used for things like the modem which are not yet described so mark the regulator as always-on for now. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- .../qcom/x1e78100-lenovo-thinkpad-t14s.dtsi | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index 160c052db1ec..962fb050c55c 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -9,6 +9,7 @@ #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/input/gpio-keys.h> #include <dt-bindings/input/input.h> +#include <dt-bindings/pinctrl/qcom,pmic-gpio.h> #include <dt-bindings/regulator/qcom,rpmh-regulator.h> #include "x1e80100.dtsi" @@ -169,6 +170,23 @@ vreg_edp_3p3: regulator-edp-3p3 { regulator-boot-on; }; + vreg_misc_3p3: regulator-misc-3p3 { + compatible = "regulator-fixed"; + + regulator-name = "VCC3B"; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + + gpio = <&pm8550ve_8_gpios 6 GPIO_ACTIVE_HIGH>; + enable-active-high; + + pinctrl-0 = <&misc_3p3_reg_en>; + pinctrl-names = "default"; + + regulator-boot-on; + regulator-always-on; + }; + vreg_nvme: regulator-nvme { compatible = "regulator-fixed"; @@ -692,6 +710,9 @@ touchpad@15 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -703,6 +724,9 @@ touchpad@2c { hid-descr-addr = <0x20>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -714,6 +738,9 @@ keyboard@3a { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 67 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&kybd_default>; pinctrl-names = "default"; @@ -896,6 +923,9 @@ touchscreen@10 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 51 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&ts0_default>; pinctrl-names = "default"; }; @@ -1037,6 +1067,19 @@ usb0_3p3_reg_en: usb0-3p3-reg-en-state { }; }; +&pm8550ve_8_gpios { + misc_3p3_reg_en: misc-3p3-reg-en-state { + pins = "gpio6"; + function = "normal"; + bias-disable; + drive-push-pull; + input-disable; + output-enable; + power-source = <1>; /* 1.8 V */ + qcom,drive-strength = <PMIC_GPIO_STRENGTH_LOW>; + }; +}; + &pm8550ve_9_gpios { usb0_1p8_reg_en: usb0-1p8-reg-en-state { pins = "gpio8"; -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 7/8] arm64: dts: qcom: x1e80100-qcp: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: af16b00578a7 ("arm64: dts: qcom: Add base X1E80100 dtsi and the QCP dts") Cc: stable(a)vger.kernel.org # 6.8 Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts index ec594628304a..8f366bf61bbd 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts @@ -437,6 +437,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -458,6 +459,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 6/8] arm64: dts: qcom: x1e80100-yoga-slim7x: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 45247fe17db2 ("arm64: dts: qcom: x1e80100: add Lenovo Thinkpad Yoga slim 7x devicetree") Cc: stable(a)vger.kernel.org # 6.11 Cc: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts index a3d53f2ba2c3..9d4ba9728355 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts @@ -290,6 +290,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l14b_3p0: ldo14 { @@ -304,8 +305,8 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; - }; regulators-1 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 5/8] arm64: dts: qcom: x1e80100-hp-x14: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 6f18b8d4142c ("arm64: dts: qcom: x1e80100-hp-x14: dt for HP Omnibook X Laptop 14") Cc: stable(a)vger.kernel.org # 6.14 Cc: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts b/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts index cd860a246c45..ab5addb33b7a 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-hp-omnibook-x14.dts @@ -633,6 +633,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -654,6 +655,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 4/8] arm64: dts: qcom: x1e80100-dell-xps13-9345: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Note that these supplies currently have no consumers described in mainline. Fixes: f5b788d0e8cd ("arm64: dts: qcom: Add support for X1-based Dell XPS 13 9345") Cc: stable(a)vger.kernel.org # 6.13 Reviewed-by: Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> Tested-by: Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts b/arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts index 86e87f03b0ec..90f588ed7d63 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-dell-xps13-9345.dts @@ -359,6 +359,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -380,6 +381,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 3/8] arm64: dts: qcom: x1e001de-devkit: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7b8a31e82b87 ("arm64: dts: qcom: Add X1E001DE Snapdragon Devkit for Windows") Cc: stable(a)vger.kernel.org # 6.14 Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts b/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts index 5e3970b26e2f..f92bda2d34f2 100644 --- a/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts +++ b/arch/arm64/boot/dts/qcom/x1e001de-devkit.dts @@ -507,6 +507,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -528,6 +529,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v2 2/8] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on

by Johan Hovold

The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index eff0e73640bc..160c052db1ec 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -456,6 +456,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -477,6 +478,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 { -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH net 6/6] can: flexcan: disable transceiver during system PM

by Marc Kleine-Budde

From: Haibo Chen <haibo.chen(a)nxp.com> During system PM, if no wakeup requirement, disable transceiver to save power. Fixes: 4de349e786a3 ("can: flexcan: fix resume function") Cc: stable(a)vger.kernel.org Reviewed-by: Frank Li <frank.li(a)nxp.com> Signed-off-by: Haibo Chen <haibo.chen(a)nxp.com> Link: https://patch.msgid.link/20250314110145.899179-2-haibo.chen@nxp.com [mkl: add newlines] Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/flexcan/flexcan-core.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/net/can/flexcan/flexcan-core.c b/drivers/net/can/flexcan/flexcan-core.c index 3a71fd235722..b080740bcb10 100644 --- a/drivers/net/can/flexcan/flexcan-core.c +++ b/drivers/net/can/flexcan/flexcan-core.c @@ -2260,6 +2260,10 @@ static int __maybe_unused flexcan_suspend(struct device *device) flexcan_chip_interrupts_disable(dev); + err = flexcan_transceiver_disable(priv); + if (err) + return err; + err = pinctrl_pm_select_sleep_state(device); if (err) return err; @@ -2292,10 +2296,16 @@ static int __maybe_unused flexcan_resume(struct device *device) if (err) return err; - err = flexcan_chip_start(dev); + err = flexcan_transceiver_enable(priv); if (err) return err; + err = flexcan_chip_start(dev); + if (err) { + flexcan_transceiver_disable(priv); + return err; + } + flexcan_chip_interrupts_enable(dev); } -- 2.47.2

1 month, 2 weeks

1
0
0 0

[PATCH net 5/6] can: flexcan: only change CAN state when link up in system PM

by Marc Kleine-Budde

From: Haibo Chen <haibo.chen(a)nxp.com> After a suspend/resume cycle on a down interface, it will come up as ERROR-ACTIVE. $ ip -details -s -s a s dev flexcan0 3: flexcan0: <NOARP,ECHO> mtu 16 qdisc pfifo_fast state DOWN group default qlen 10 link/can promiscuity 0 allmulti 0 minmtu 0 maxmtu 0 can state STOPPED (berr-counter tx 0 rx 0) restart-ms 1000 $ sudo systemctl suspend $ ip -details -s -s a s dev flexcan0 3: flexcan0: <NOARP,ECHO> mtu 16 qdisc pfifo_fast state DOWN group default qlen 10 link/can promiscuity 0 allmulti 0 minmtu 0 maxmtu 0 can state ERROR-ACTIVE (berr-counter tx 0 rx 0) restart-ms 1000 And only set CAN state to CAN_STATE_ERROR_ACTIVE when resume process has no issue, otherwise keep in CAN_STATE_SLEEPING as suspend did. Fixes: 4de349e786a3 ("can: flexcan: fix resume function") Cc: stable(a)vger.kernel.org Signed-off-by: Haibo Chen <haibo.chen(a)nxp.com> Link: https://patch.msgid.link/20250314110145.899179-1-haibo.chen@nxp.com Reported-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Closes: https://lore.kernel.org/all/20250314-married-polar-elephant-b15594-mkl@peng… [mkl: add newlines] Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/flexcan/flexcan-core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/flexcan/flexcan-core.c b/drivers/net/can/flexcan/flexcan-core.c index ac1a860986df..3a71fd235722 100644 --- a/drivers/net/can/flexcan/flexcan-core.c +++ b/drivers/net/can/flexcan/flexcan-core.c @@ -2266,8 +2266,9 @@ static int __maybe_unused flexcan_suspend(struct device *device) } netif_stop_queue(dev); netif_device_detach(dev); + + priv->can.state = CAN_STATE_SLEEPING; } - priv->can.state = CAN_STATE_SLEEPING; return 0; } @@ -2278,7 +2279,6 @@ static int __maybe_unused flexcan_resume(struct device *device) struct flexcan_priv *priv = netdev_priv(dev); int err; - priv->can.state = CAN_STATE_ERROR_ACTIVE; if (netif_running(dev)) { netif_device_attach(dev); netif_start_queue(dev); @@ -2298,6 +2298,8 @@ static int __maybe_unused flexcan_resume(struct device *device) flexcan_chip_interrupts_enable(dev); } + + priv->can.state = CAN_STATE_ERROR_ACTIVE; } return 0; -- 2.47.2

1 month, 2 weeks

1
0
0 0

[PATCH net 4/6] can: rcar_canfd: Fix page entries in the AFL list

by Marc Kleine-Budde

From: Biju Das <biju.das.jz(a)bp.renesas.com> There are a total of 96 AFL pages and each page has 16 entries with registers CFDGAFLIDr, CFDGAFLMr, CFDGAFLP0r, CFDGAFLP1r holding the rule entries (r = 0..15). Currently, RCANFD_GAFL* macros use a start variable to find AFL entries, which is incorrect as the testing on RZ/G3E shows ch1 and ch4 gets a start value of 0 and the register contents are overwritten. Fix this issue by using rule_entry corresponding to the channel to find the page entries in the AFL list. Fixes: dd3bd23eb438 ("can: rcar_canfd: Add Renesas R-Car CAN FD driver") Cc: stable(a)vger.kernel.org Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> Tested-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/20250307170330.173425-3-biju.das.jz@bp.renesas.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/rcar/rcar_canfd.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/drivers/net/can/rcar/rcar_canfd.c b/drivers/net/can/rcar/rcar_canfd.c index df1a5d0b37b2..aa3df0d05b85 100644 --- a/drivers/net/can/rcar/rcar_canfd.c +++ b/drivers/net/can/rcar/rcar_canfd.c @@ -787,22 +787,14 @@ static void rcar_canfd_configure_controller(struct rcar_canfd_global *gpriv) } static void rcar_canfd_configure_afl_rules(struct rcar_canfd_global *gpriv, - u32 ch) + u32 ch, u32 rule_entry) { - u32 cfg; - int offset, start, page, num_rules = RCANFD_CHANNEL_NUMRULES; + int offset, page, num_rules = RCANFD_CHANNEL_NUMRULES; + u32 rule_entry_index = rule_entry % 16; u32 ridx = ch + RCANFD_RFFIFO_IDX; - if (ch == 0) { - start = 0; /* Channel 0 always starts from 0th rule */ - } else { - /* Get number of Channel 0 rules and adjust */ - cfg = rcar_canfd_read(gpriv->base, RCANFD_GAFLCFG(ch)); - start = RCANFD_GAFLCFG_GETRNC(gpriv, 0, cfg); - } - /* Enable write access to entry */ - page = RCANFD_GAFL_PAGENUM(start); + page = RCANFD_GAFL_PAGENUM(rule_entry); rcar_canfd_set_bit(gpriv->base, RCANFD_GAFLECTR, (RCANFD_GAFLECTR_AFLPN(gpriv, page) | RCANFD_GAFLECTR_AFLDAE)); @@ -818,13 +810,13 @@ static void rcar_canfd_configure_afl_rules(struct rcar_canfd_global *gpriv, offset = RCANFD_C_GAFL_OFFSET; /* Accept all IDs */ - rcar_canfd_write(gpriv->base, RCANFD_GAFLID(offset, start), 0); + rcar_canfd_write(gpriv->base, RCANFD_GAFLID(offset, rule_entry_index), 0); /* IDE or RTR is not considered for matching */ - rcar_canfd_write(gpriv->base, RCANFD_GAFLM(offset, start), 0); + rcar_canfd_write(gpriv->base, RCANFD_GAFLM(offset, rule_entry_index), 0); /* Any data length accepted */ - rcar_canfd_write(gpriv->base, RCANFD_GAFLP0(offset, start), 0); + rcar_canfd_write(gpriv->base, RCANFD_GAFLP0(offset, rule_entry_index), 0); /* Place the msg in corresponding Rx FIFO entry */ - rcar_canfd_set_bit(gpriv->base, RCANFD_GAFLP1(offset, start), + rcar_canfd_set_bit(gpriv->base, RCANFD_GAFLP1(offset, rule_entry_index), RCANFD_GAFLP1_GAFLFDP(ridx)); /* Disable write access to page */ @@ -1851,6 +1843,7 @@ static int rcar_canfd_probe(struct platform_device *pdev) unsigned long channels_mask = 0; int err, ch_irq, g_irq; int g_err_irq, g_recc_irq; + u32 rule_entry = 0; bool fdmode = true; /* CAN FD only mode - default */ char name[9] = "channelX"; int i; @@ -2023,7 +2016,8 @@ static int rcar_canfd_probe(struct platform_device *pdev) rcar_canfd_configure_tx(gpriv, ch); /* Configure receive rules */ - rcar_canfd_configure_afl_rules(gpriv, ch); + rcar_canfd_configure_afl_rules(gpriv, ch, rule_entry); + rule_entry += RCANFD_CHANNEL_NUMRULES; } /* Configure common interrupts */ -- 2.47.2

1 month, 2 weeks

1
0
0 0

[PATCH net 3/6] dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M

by Marc Kleine-Budde

From: Biju Das <biju.das.jz(a)bp.renesas.com> The Renesas R-Car V4M(R8A779H0) SoC, supports up to four channels. Fix the typo 5->4 in pattern properties. Fixes: ced52c6ed257 ("dt-bindings: can: renesas,rcar-canfd: Document R-Car V4M support") Cc: stable(a)vger.kernel.org Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Acked-by: "Rob Herring (Arm)" <robh(a)kernel.org> Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> Link: https://patch.msgid.link/20250307170330.173425-2-biju.das.jz@bp.renesas.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- .../devicetree/bindings/net/can/renesas,rcar-canfd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/devicetree/bindings/net/can/renesas,rcar-canfd.yaml b/Documentation/devicetree/bindings/net/can/renesas,rcar-canfd.yaml index 7c5ac5d2e880..f6884f6e59e7 100644 --- a/Documentation/devicetree/bindings/net/can/renesas,rcar-canfd.yaml +++ b/Documentation/devicetree/bindings/net/can/renesas,rcar-canfd.yaml @@ -170,7 +170,7 @@ allOf: const: renesas,r8a779h0-canfd then: patternProperties: - "^channel[5-7]$": false + "^channel[4-7]$": false else: if: not: -- 2.47.2

1 month, 2 weeks

1
0
0 0

[PATCH v3 1/2] can: flexcan: only change CAN state when link up in system PM

by haibo.chen＠nxp.com

From: Haibo Chen <haibo.chen(a)nxp.com> After a suspend/resume cycle on a down interface, it will come up as ERROR-ACTIVE. $ ip -details -s -s a s dev flexcan0 3: flexcan0: <NOARP,ECHO> mtu 16 qdisc pfifo_fast state DOWN group default qlen 10 link/can promiscuity 0 allmulti 0 minmtu 0 maxmtu 0 can state STOPPED (berr-counter tx 0 rx 0) restart-ms 1000 $ sudo systemctl suspend $ ip -details -s -s a s dev flexcan0 3: flexcan0: <NOARP,ECHO> mtu 16 qdisc pfifo_fast state DOWN group default qlen 10 link/can promiscuity 0 allmulti 0 minmtu 0 maxmtu 0 can state ERROR-ACTIVE (berr-counter tx 0 rx 0) restart-ms 1000 And only set CAN state to CAN_STATE_ERROR_ACTIVE when resume process has no issue, otherwise keep in CAN_STATE_SLEEPING as suspend did. Fixes: 4de349e786a3 ("can: flexcan: fix resume function") Cc: stable(a)vger.kernel.org Signed-off-by: Haibo Chen <haibo.chen(a)nxp.com> --- Changes for v3: - only handle priv->can.state when netif_running(dev) return true in PM. --- drivers/net/can/flexcan/flexcan-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/flexcan/flexcan-core.c b/drivers/net/can/flexcan/flexcan-core.c index b347a1c93536..d4d342d8f490 100644 --- a/drivers/net/can/flexcan/flexcan-core.c +++ b/drivers/net/can/flexcan/flexcan-core.c @@ -2299,8 +2299,8 @@ static int __maybe_unused flexcan_suspend(struct device *device) } netif_stop_queue(dev); netif_device_detach(dev); + priv->can.state = CAN_STATE_SLEEPING; } - priv->can.state = CAN_STATE_SLEEPING; return 0; } @@ -2311,7 +2311,6 @@ static int __maybe_unused flexcan_resume(struct device *device) struct flexcan_priv *priv = netdev_priv(dev); int err; - priv->can.state = CAN_STATE_ERROR_ACTIVE; if (netif_running(dev)) { netif_device_attach(dev); netif_start_queue(dev); @@ -2331,6 +2330,7 @@ static int __maybe_unused flexcan_resume(struct device *device) flexcan_chip_interrupts_enable(dev); } + priv->can.state = CAN_STATE_ERROR_ACTIVE; } return 0; -- 2.34.1

1 month, 2 weeks

2
2
0 0

[PATCH v2] wifi: mt76: mt7925: fix the incomplete revert of [tx,rx]_ba for MLO

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Since the `Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"` was not completely clean, submit this patch to fully clean it up. Cc: stable(a)vger.kernel.org Fixes: 73915469c55a ("Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"") Change-Id: I2d851e6b79905baae35f691578bf50d56ad0adbf Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- v2: rewrite the subject --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 1ecba46d770d..1bdc313844c4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -572,10 +572,10 @@ void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb) static int mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, - struct mt76_wcid *wcid, struct ieee80211_ampdu_params *params, bool enable, bool tx) { + struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv; struct sta_rec_ba_uni *ba; struct sk_buff *skb; struct tlv *tlv; @@ -608,13 +608,12 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; if (enable && !params->amsdu) msta->deflink.wcid.amsdu = false; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, true); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, @@ -623,10 +622,9 @@ int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, false); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, false); } static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val) -- 2.45.2

1 month, 2 weeks

2
1
0 0

Re: sched/deadline: warning in migrate_enable for boosted tasks

by juri.lelli＠redhat.com

Hello, On 14/03/25 04:02, Ma, Jiping wrote: > Hi, All > > We encounter this kernel warning, it looks similar with the one you > are discussing [PATCH 6.6 331/356] sched/deadline: Fix warning in > migrate_enable for boosted tasks - Greg > Kroah-Hartman<https://lore.kernel.org/all/20241212144257.639344223@linuxfoundation.org/>. > Do you have any idea for the issue? > > kernel: warning [ 998.494702] WARNING: CPU: 19 PID: 217 at kernel/sched/deadline.c:277 dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494705] Modules linked in: iptable_nat ceph netfs macvlan igb_uio(O) uio nbd rbd libceph dns_resolver nf_conntrack_netlink nfnetlink_queue xt_NFQUEUE xt_set xt_multiport ipt_rpfilter ip6t_rpfilter ip_set_hash_net ip_set_hash_ip ip_set veth wireguard libchacha20poly1305 chacha_x86_64 poly1305_x86_64 curve25519_x86_64 libcurve25519_generic libchacha xt_nat xt_MASQUERADE xt_mark ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment vfio_pci vfio_pci_core binfmt_misc iscsi_target_mod target_core_mod drbd dm_crypt trusted asn1_encoder xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge virtio_net net_failover failover nfsd auth_rpcgss nfs_acl lockd grace overlay 8021q garp stp mrp llc xfs vfio_iommu_type1 vfio sctp ip6_udp_tunnel udp_tunnel xprtrdma(O) svcrdma(O) rpcrdma(O) nvmet_rdma(O) nvme_rdma(O) ib_srp(O) ib_isert(O) ib_iser(O) rdma_rxe(O) mlx5_ib(O) mlx5_core(O) mlxfw(O) mlxdevm(O) psample tls macsec rdma_ucm(O) rdma_cm(O) iw_cm(O) > kernel: warning [ 998.494748] ib_uverbs(O) ib_ucm(O) ib_cm(O) lru_cache libcrc32c fuse drm sunrpc efivarfs ip_tables ext4 mbcache jbd2 dm_multipath dm_mod sd_mod t10_pi crc64_rocksoft_generic crc64_rocksoft crc64 iTCO_wdt wmi_bmof iTCO_vendor_support dell_smbios dell_wmi_descriptor ledtrig_audio rfkill video intel_uncore_frequency intel_uncore_frequency_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul bnxt_re(O) crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 ib_core(O) rapl mlx_compat(O) uas intel_cstate intel_uncore acpi_ipmi mei_me ahci i2c_i801 bnxt_en(O) usb_storage i2c_smbus intel_pch_thermal mei libahci intel_vsec wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter iavf(O) i40e(O) ice(O) [last unloaded: drbd] > kernel: warning [ 998.494781] CPU: 19 PID: 217 Comm: ktimers/19 Kdump: loaded Tainted: G W O 6.6.0-1-rt-amd64 #1 Debian 6.6.52-1.stx.95 > kernel: warning [ 998.494783] Hardware name: Dell Inc. PowerEdge XR11/0P2RNT, BIOS 1.15.2 09/10/2024 > kernel: warning [ 998.494784] RIP: 0010:dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494786] Code: 48 c7 c7 e0 eb 89 ae c6 05 fd a2 6d 01 01 e8 9b ac f9 ff 0f 0b eb 81 48 c7 c7 c5 39 83 ae c6 05 e7 a2 6d 01 01 e8 84 ac f9 ff <0f> 0b 48 8b 83 28 09 00 00 49 39 c5 0f 83 53 ff ff ff 48 c7 83 28 > kernel: warning [ 998.494788] RSP: 0000:ff32fa3140adbca8 EFLAGS: 00010082 > kernel: warning [ 998.494790] RAX: 0000000000000000 RBX: ff2ef1f93faf23c0 RCX: ff2ef1f93fae0608 > kernel: warning [ 998.494791] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ff2ef1f93fae0600 > kernel: warning [ 998.494793] RBP: ff2ef1e9c19eaf80 R08: 0000000000000000 R09: ff32fa3140adbc30 > kernel: warning [ 998.494794] R10: 0000000000000001 R11: 0000000000000015 R12: 000000000000000e > kernel: warning [ 998.494795] R13: 0000000000000000 R14: 00000000ffffffff R15: 000000000000000e > kernel: warning [ 998.494796] FS: 0000000000000000(0000) GS:ff2ef1f93fac0000(0000) knlGS:0000000000000000 > kernel: warning [ 998.494798] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > kernel: warning [ 998.494799] CR2: 00000000181b50a0 CR3: 000000063db68005 CR4: 0000000000771ee0 > kernel: warning [ 998.494801] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > kernel: warning [ 998.494802] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > kernel: warning [ 998.494803] PKRU: 55555554 > kernel: warning [ 998.494804] Call Trace: > kernel: warning [ 998.494805] <TASK> > kernel: warning [ 998.494805] ? __warn+0x89/0x140 > kernel: warning [ 998.494808] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494810] ? report_bug+0x198/0x1b0 > kernel: warning [ 998.494814] ? handle_bug+0x3c/0x70 > kernel: warning [ 998.494816] ? exc_invalid_op+0x18/0x70 > kernel: warning [ 998.494818] ? asm_exc_invalid_op+0x1a/0x20 > kernel: warning [ 998.494821] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494823] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494825] rt_mutex_setprio+0x240/0x460 > kernel: warning [ 998.494828] rt_mutex_slowunlock+0x143/0x280 > kernel: warning [ 998.494831] ? __pfx_mce_timer_fn+0x10/0x10 > kernel: warning [ 998.494833] mce_timer_fn+0x90/0xe0 > kernel: warning [ 998.494835] ? __pfx_mce_timer_fn+0x10/0x10 > kernel: warning [ 998.494837] call_timer_fn+0x24/0x130 > kernel: warning [ 998.494840] expire_timers+0xd3/0x1c0 Not sure it's the same issue. Stacktrace looks different. Anyway, are you maybe able to verify if the issue is still reproducible with latest v6.6-rt stable (v6.6.78-rt51 at the time of writing)? Looks like you are on v6.6-rt, thus the question. Thanks, Juri

1 month, 2 weeks

2
1
0 0

[PATCH v3 0/2] R-Car CANFD fixes

by Biju Das

This patch series addresses 2 issues 1) Fix typo in pattern properties for R-Car V4M. 2) Fix page entries in the AFL list. v2->v3: * Collected tags. * Dropped unused variables cfg and start from rcar_canfd_configure_afl_rules(). v1->v2: * Split fixes patches as separate series. * Added Rb tag from Geert for binding patch. * Added the tag Cc:stable@vger.kernel.org Biju Das (2): dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M can: rcar_canfd: Fix page entries in the AFL list .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- drivers/net/can/rcar/rcar_canfd.c | 28 ++++++++----------- 2 files changed, 12 insertions(+), 18 deletions(-) -- 2.43.0

1 month, 2 weeks

2
3
0 0

[PATCH v4 0/7] KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs

by Akihiko Odaki

Prepare vPMC registers for user-initiated changes after first run. This is important specifically for debugging Windows on QEMU with GDB; QEMU tries to write back all visible registers when resuming the VM execution with GDB, corrupting the PMU state. Windows always uses the PMU so this can cause adverse effects on that particular OS. This series also contains patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}", which reverts semantic changes made for the mentioned registers in the past. It is necessary to migrate the PMU state properly on Firecracker, QEMU, and crosvm. Signed-off-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> --- Changes in v4: - Reverted changes for functions implementing ioctls in patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Removed kvm_pmu_vcpu_reset(). - Reordered function calls in kvm_vcpu_reload_pmu() for better style. - Link to v3: https://lore.kernel.org/r/20250312-pmc-v3-0-0411cab5dc3d@daynix.com Changes in v3: - Added patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Added an explanation of this path series' motivation to each patch. - Explained why userspace register writes and register reset should be covered in patch "KVM: arm64: PMU: Reload when user modifies registers". - Marked patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" for stable. - Reoreded so that patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" would come first. - Added patch "KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0". - Added patch "KVM: arm64: Reload PMCNTENSET_EL0". - Link to v2: https://lore.kernel.org/r/20250307-pmc-v2-0-6c3375a5f1e4@daynix.com Changes in v2: - Changed to utilize KVM_REQ_RELOAD_PMU as suggested by Oliver Upton. - Added patch "KVM: arm64: PMU: Reload when user modifies registers" to cover more registers. - Added patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}". - Link to v1: https://lore.kernel.org/r/20250302-pmc-v1-1-caff989093dc@daynix.com --- Akihiko Odaki (7): KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} KVM: arm64: PMU: Assume PMU presence in pmu-emul.c KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs KVM: arm64: PMU: Reload when user modifies registers KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0 KVM: arm64: PMU: Reload PMCNTENSET_EL0 KVM: arm64: PMU: Reload when resetting arch/arm64/kvm/arm.c | 8 ++++--- arch/arm64/kvm/pmu-emul.c | 60 ++++++++++++++--------------------------------- arch/arm64/kvm/reset.c | 3 --- arch/arm64/kvm/sys_regs.c | 53 +++++++++++++++++++++++------------------ include/kvm/arm_pmu.h | 3 +-- 5 files changed, 53 insertions(+), 74 deletions(-) --- base-commit: da2f480cb24d39d480b1e235eda0dd2d01f8765b change-id: 20250302-pmc-b90a86af945c Best regards, -- Akihiko Odaki <akihiko.odaki(a)daynix.com>

1 month, 2 weeks

2
2
0 0

patch "iio: adc: ad7768-1: Fix conversion result sign" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7768-1: Fix conversion result sign to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 8236644f5ecb180e80ad92d691c22bc509b747bb Mon Sep 17 00:00:00 2001 From: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Date: Thu, 6 Mar 2025 18:00:29 -0300 Subject: iio: adc: ad7768-1: Fix conversion result sign The ad7768-1 ADC output code is two's complement, meaning that the voltage conversion result is a signed value.. Since the value is a 24 bit one, stored in a 32 bit variable, the sign should be extended in order to get the correct representation. Also the channel description has been updated to signed representation, to match the ADC specifications. Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") Reviewed-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt(a)analog.com> Signed-off-by: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Signed-off-by: Jonathan Santos <Jonathan.Santos(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/505994d3b71c2aa38ba714d909a68e021f12124c.174126812… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7768-1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index ea829c51e80b..09e7cccfd51c 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -142,7 +142,7 @@ static const struct iio_chan_spec ad7768_channels[] = { .channel = 0, .scan_index = 0, .scan_type = { - .sign = 'u', + .sign = 's', .realbits = 24, .storagebits = 32, .shift = 8, @@ -373,7 +373,7 @@ static int ad7768_read_raw(struct iio_dev *indio_dev, iio_device_release_direct(indio_dev); if (ret < 0) return ret; - *val = ret; + *val = sign_extend32(ret, chan->scan_type.realbits - 1); return IIO_VAL_INT; -- 2.48.1

1 month, 2 weeks

1
0
0 0

patch "iio: adc: ad7768-1: Fix conversion result sign" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7768-1: Fix conversion result sign to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 8236644f5ecb180e80ad92d691c22bc509b747bb Mon Sep 17 00:00:00 2001 From: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Date: Thu, 6 Mar 2025 18:00:29 -0300 Subject: iio: adc: ad7768-1: Fix conversion result sign The ad7768-1 ADC output code is two's complement, meaning that the voltage conversion result is a signed value.. Since the value is a 24 bit one, stored in a 32 bit variable, the sign should be extended in order to get the correct representation. Also the channel description has been updated to signed representation, to match the ADC specifications. Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") Reviewed-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt(a)analog.com> Signed-off-by: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Signed-off-by: Jonathan Santos <Jonathan.Santos(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/505994d3b71c2aa38ba714d909a68e021f12124c.174126812… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7768-1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index ea829c51e80b..09e7cccfd51c 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -142,7 +142,7 @@ static const struct iio_chan_spec ad7768_channels[] = { .channel = 0, .scan_index = 0, .scan_type = { - .sign = 'u', + .sign = 's', .realbits = 24, .storagebits = 32, .shift = 8, @@ -373,7 +373,7 @@ static int ad7768_read_raw(struct iio_dev *indio_dev, iio_device_release_direct(indio_dev); if (ret < 0) return ret; - *val = ret; + *val = sign_extend32(ret, chan->scan_type.realbits - 1); return IIO_VAL_INT; -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH] wifi: mt76: mt7925: fix the incomplete revert

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Since the `Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"` was not completely clean, submit this patch to fully clean it up. Cc: stable(a)vger.kernel.org Fixes: 73915469c55a ("Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 1ecba46d770d..1bdc313844c4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -572,10 +572,10 @@ void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb) static int mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, - struct mt76_wcid *wcid, struct ieee80211_ampdu_params *params, bool enable, bool tx) { + struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv; struct sta_rec_ba_uni *ba; struct sk_buff *skb; struct tlv *tlv; @@ -608,13 +608,12 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; if (enable && !params->amsdu) msta->deflink.wcid.amsdu = false; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, true); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, @@ -623,10 +622,9 @@ int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, false); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, false); } static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val) -- 2.45.2

1 month, 2 weeks

2
1
0 0

[PATCH v3] KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests

by Amit Machhiwal

Currently on book3s-hv, the capability KVM_CAP_SPAPR_TCE_VFIO is only available for KVM Guests running on PowerNV and not for the KVM guests running on pSeries hypervisors. This prevents a pSeries L2 guest from leveraging the in-kernel acceleration for H_PUT_TCE_INDIRECT and H_STUFF_TCE hcalls that results in slow startup times for large memory guests. Support for VFIO on pSeries was restored in commit f431a8cde7f1 ("powerpc/iommu: Reimplement the iommu_table_group_ops for pSeries"), making it possible to re-enable this capability on pSeries hosts. This change enables KVM_CAP_SPAPR_TCE_VFIO for nested PAPR guests on pSeries, while maintaining the existing behavior on PowerNV. Booting an L2 guest with 128GB of memory shows an average 11% improvement in startup time. Fixes: f431a8cde7f1 ("powerpc/iommu: Reimplement the iommu_table_group_ops for pSeries") Cc: stable(a)vger.kernel.org Reviewed-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Signed-off-by: Amit Machhiwal <amachhiw(a)linux.ibm.com> --- Changes since v2: * Updated the patch description * v2: https://lore.kernel.org/all/20250129094033.2265211-1-amachhiw@linux.ibm.com/ Changes since v1: * Addressed review comments from Ritesh * v1: https://lore.kernel.org/all/20250109132053.158436-1-amachhiw@linux.ibm.com/ arch/powerpc/kvm/powerpc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c index ce1d91eed231..a7138eb18d59 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -543,26 +543,23 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = !hv_enabled; break; #ifdef CONFIG_KVM_MPIC case KVM_CAP_IRQ_MPIC: r = 1; break; #endif #ifdef CONFIG_PPC_BOOK3S_64 case KVM_CAP_SPAPR_TCE: + fallthrough; case KVM_CAP_SPAPR_TCE_64: - r = 1; - break; case KVM_CAP_SPAPR_TCE_VFIO: - r = !!cpu_has_feature(CPU_FTR_HVMODE); - break; case KVM_CAP_PPC_RTAS: case KVM_CAP_PPC_FIXUP_HCALL: case KVM_CAP_PPC_ENABLE_HCALL: #ifdef CONFIG_KVM_XICS case KVM_CAP_IRQ_XICS: #endif case KVM_CAP_PPC_GET_CPU_CHAR: r = 1; break; #ifdef CONFIG_KVM_XIVE base-commit: 6537cfb395f352782918d8ee7b7f10ba2cc3cbf2 -- 2.48.1

1 month, 2 weeks

2
1
0 0

[PATCH 5.10.y 5.15.y] ptp: Ensure info->enable callback is always set

by Abdelkareem Abdelsaamad

From: Thomas Weißschuh <linux(a)weissschuh.net> commit fd53aa40e65f518453115b6f56183b0c201db26b upstream. The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. Fixes: d94ba80ebbea ("ptp: Added a brand new class driver for ptp clocks.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Acked-by: Richard Cochran <richardcochran(a)gmail.com> Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Link: https://patch.msgid.link/20250123-ptp-enable-v1-1-b015834d3a47@weissschuh.n… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 42704b26b0f1 ("ptp: Add cycles support for virtual clocks") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- drivers/ptp/ptp_clock.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c index 4d775cd8ee3c..c895e26b1f17 100644 --- a/drivers/ptp/ptp_clock.c +++ b/drivers/ptp/ptp_clock.c @@ -188,6 +188,11 @@ static void ptp_clock_release(struct device *dev) kfree(ptp); } +static int ptp_enable(struct ptp_clock_info *ptp, struct ptp_clock_request *request, int on) +{ + return -EOPNOTSUPP; +} + static void ptp_aux_kworker(struct kthread_work *work) { struct ptp_clock *ptp = container_of(work, struct ptp_clock, @@ -233,6 +238,9 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, mutex_init(&ptp->pincfg_mux); init_waitqueue_head(&ptp->tsev_wq); + if (!ptp->info->enable) + ptp->info->enable = ptp_enable; + if (ptp->info->do_aux_work) { kthread_init_delayed_work(&ptp->aux_work, ptp_aux_kworker); ptp->kworker = kthread_create_worker(0, "ptp%d", ptp->index); -- 2.47.1

1 month, 2 weeks

2
1
0 0

[PATCH 6.6.y 0/2] wifi: rtw89: RTL8852BE: Fix the shutdown issue

by Zenm Chen

This patch series addresses a shutdown issue reported in [1]. This problem has been fixed on kernel 6.12 and later, kernel 6.6 is the last kernel these upstream patches should go to because the Realtek RTL8852BE chip supported by kernel since v6.2 is the only chip known to have this problem. [1] https://github.com/lwfinger/rtw89/issues/372 Zenm Chen (2): wifi: rtw89: pci: add pre_deinit to be called after probe complete wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit drivers/net/wireless/realtek/rtw89/core.c | 2 ++ drivers/net/wireless/realtek/rtw89/core.h | 6 ++++++ drivers/net/wireless/realtek/rtw89/pci.c | 10 ++++++++++ 3 files changed, 18 insertions(+) -- 2.48.1

1 month, 2 weeks

3
6
0 0

[PATCH v4 0/7] drm/v3d: Fix GPU reset issues on the Raspberry Pi 5

by Maíra Canal

This series addresses GPU reset issues reported in [1], where running a long compute job would trigger repeated GPU resets, leading to a UI freeze. Patches #1 and #2 prevent the same faulty job from being resubmitted in a loop, mitigating the first cause of the issue. However, the issue isn't entirely solved. Even with only a single GPU reset, the UI still freezes on the Raspberry Pi 5, indicating a GPU hang. Patches #3 to #6 address this by properly configuring the V3D_SMS registers, which are required for power management and resets in V3D 7.1. Patch #7 updates the DT maintainership, replacing Emma with the current v3d driver maintainer. [1] https://github.com/raspberrypi/linux/issues/6660 Best Regards, - Maíra --- v1 -> v2: - [1/6, 2/6, 5/6] Add Iago's R-b (Iago Toral) - [3/6] Use V3D_GEN_* macros consistently throughout the driver (Phil Elwell) - [3/6] Don't add Iago's R-b in 3/6 due to changes in the patch - [4/6] Add per-compatible restrictions to enforce per‐SoC register rules (Conor Dooley) - [6/6] Add Emma's A-b, collected through IRC (Emma Anholt) - [6/6] Add Rob's A-b (Rob Herring) - Link to v1: https://lore.kernel.org/r/20250226-v3d-gpu-reset-fixes-v1-0-83a969fdd9c1@ig… v2 -> v3: - [3/7] Add Iago's R-b (Iago Toral) - [4/7, 5/7] Separate the patches to ease the reviewing process -> Now, PATCH 4/7 only adds the per-compatible rules and PATCH 5/7 adds the SMS registers - [4/7] `allOf` goes above `additionalProperties` (Krzysztof Kozlowski) - [4/7, 5/7] Sync `reg` and `reg-names` items (Krzysztof Kozlowski) - Link to v2: https://lore.kernel.org/r/20250308-v3d-gpu-reset-fixes-v2-0-2939c30f0cc4@ig… v3 -> v4: - [4/7] BCM2712 has an external reset controller, therefore the "bridge" register is not needed (Krzysztof Kozlowski) - [4/7] Remove the word "required" from the reg descriptions (Rob Herring) - [5/7] Improve commit message (Rob Herring) - Link to v3: https://lore.kernel.org/r/20250311-v3d-gpu-reset-fixes-v3-0-64f7a4247ec0@ig… --- Maíra Canal (7): drm/v3d: Don't run jobs that have errors flagged in its fence drm/v3d: Set job pointer to NULL when the job's fence has an error drm/v3d: Associate a V3D tech revision to all supported devices dt-bindings: gpu: v3d: Add per-compatible register restrictions dt-bindings: gpu: v3d: Add SMS register to BCM2712 compatible drm/v3d: Use V3D_SMS registers for power on/off and reset on V3D 7.x dt-bindings: gpu: Add V3D driver maintainer as DT maintainer .../devicetree/bindings/gpu/brcm,bcm-v3d.yaml | 77 ++++++++++--- drivers/gpu/drm/v3d/v3d_debugfs.c | 126 ++++++++++----------- drivers/gpu/drm/v3d/v3d_drv.c | 62 +++++++++- drivers/gpu/drm/v3d/v3d_drv.h | 22 +++- drivers/gpu/drm/v3d/v3d_gem.c | 27 ++++- drivers/gpu/drm/v3d/v3d_irq.c | 6 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 4 +- drivers/gpu/drm/v3d/v3d_regs.h | 26 +++++ drivers/gpu/drm/v3d/v3d_sched.c | 29 ++++- 9 files changed, 279 insertions(+), 100 deletions(-) --- base-commit: 10646ddac2917b31c985ceff0e4982c42a9c924b change-id: 20250224-v3d-gpu-reset-fixes-2d21fc70711d

1 month, 2 weeks

1
2
0 0

Re: [PATCH 5.10 458/462] btrfs: bring back the incorrectly removed extent buffer lock recursion support

by pk

Hi all. I confirm that the patch fixes the issue for me. Thank you very much.

1 month, 2 weeks

1
0
0 0

[PATCH] udf: Fix inode_getblk() return value

by Jan Kara

Smatch noticed that inode_getblk() can return 1 on successful mapping of a block instead of expected 0 after commit b405c1e58b73 ("udf: refactor udf_next_aext() to handle error"). This could confuse some of the callers and lead to strange failures (although the one reported by Smatch in udf_mkdir() is impossible to trigger in practice). Fix the return value of inode_getblk(). Link: https://lore.kernel.org/all/cb514af7-bbe0-435b-934f-dd1d7a16d2cd@stanley.mo… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Fixes: b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/inode.c | 1 + 1 file changed, 1 insertion(+) I plan to merge this patch through my tree. diff --git a/fs/udf/inode.c b/fs/udf/inode.c index 70c907fe8af9..4386dd845e40 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -810,6 +810,7 @@ static int inode_getblk(struct inode *inode, struct udf_map_rq *map) } map->oflags = UDF_BLK_MAPPED; map->pblk = udf_get_lb_pblock(inode->i_sb, &eloc, offset); + ret = 0; goto out_free; } -- 2.43.0

1 month, 2 weeks

2
2
0 0

[PATCH 5.10.y 5.15.y] ipv6: Fix signed integer overflow in __ip6_append_data

by Abdelkareem Abdelsaamad

From: Wang Yufen <wangyufen(a)huawei.com> [ Upstream commit f93431c86b631bbca5614c66f966bf3ddb3c2803 ] Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type to size_t. UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:1489:19 2147479552 + 8567 cannot be represented in type 'int' CPU: 0 PID: 253 Comm: err Not tainted 5.16.0+ #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x214/0x230 show_stack+0x30/0x78 dump_stack_lvl+0xf8/0x118 dump_stack+0x18/0x30 ubsan_epilogue+0x18/0x60 handle_overflow+0xd0/0xf0 __ubsan_handle_add_overflow+0x34/0x44 __ip6_append_data.isra.48+0x1598/0x1688 ip6_append_data+0x128/0x260 udpv6_sendmsg+0x680/0xdd0 inet6_sendmsg+0x54/0x90 sock_sendmsg+0x70/0x88 ____sys_sendmsg+0xe8/0x368 ___sys_sendmsg+0x98/0xe0 __sys_sendmmsg+0xf4/0x3b8 __arm64_sys_sendmmsg+0x34/0x48 invoke_syscall+0x64/0x160 el0_svc_common.constprop.4+0x124/0x300 do_el0_svc+0x44/0xc8 el0_svc+0x3c/0x1e8 el0t_64_sync_handler+0x88/0xb0 el0t_64_sync+0x16c/0x170 Changes since v1: -Change the variable [length] type to unsigned, as Eric Dumazet suggested. Changes since v2: -Don't change exthdrlen type in ip6_make_skb, as Paolo Abeni suggested. Changes since v3: -Don't change ulen type in udpv6_sendmsg and l2tp_ip6_sendmsg, as Jakub Kicinski suggested. Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Wang Yufen <wangyufen(a)huawei.com> Link: https://lore.kernel.org/r/20220607120028.845916-1-wangyufen@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Conflict due to f37a4cc6bb0b ("udp6: pass flow in ip6_make_skb together with cork") not in the tree ] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- include/net/ipv6.h | 4 ++-- net/ipv6/ip6_output.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 47d644de0e47..2909233427de 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -991,7 +991,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr); int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags); @@ -1007,7 +1007,7 @@ struct sk_buff *__ip6_make_skb(struct sock *sk, struct sk_buff_head *queue, struct sk_buff *ip6_make_skb(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags, struct inet_cork_full *cork); diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4da3238836b7..d0f69026b689 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1448,7 +1448,7 @@ static int __ip6_append_data(struct sock *sk, struct page_frag *pfrag, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, unsigned int flags, struct ipcm6_cookie *ipc6) { struct sk_buff *skb, *skb_prev = NULL; @@ -1794,7 +1794,7 @@ static int __ip6_append_data(struct sock *sk, int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags) { @@ -1988,7 +1988,7 @@ EXPORT_SYMBOL_GPL(ip6_flush_pending_frames); struct sk_buff *ip6_make_skb(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags, struct inet_cork_full *cork) -- 2.47.1

1 month, 2 weeks

2
1
0 0

[PATCH 5.10.y 5.15.y] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

by Abdelkareem Abdelsaamad

From: Kuan-Wei Chiu <visitorckw(a)gmail.com> [ Upstream commit 3d6f83df8ff2d5de84b50377e4f0d45e25311c7a ] Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Acked-by: Petr Mladek <pmladek(a)suse.com> Link: https://lore.kernel.org/r/20240928113608.1438087-1-visitorckw@gmail.com Signed-off-by: Petr Mladek <pmladek(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit 9a6d43844de2479a3ff8d674c3e2a16172e01598) Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index a8af93cbc293..3a7fd61c0e7b 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -420,7 +420,7 @@ static u64 clear_seq; /* record buffer */ #define LOG_ALIGN __alignof__(unsigned long) #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) -#define LOG_BUF_LEN_MAX (u32)(1 << 31) +#define LOG_BUF_LEN_MAX ((u32)1 << 31) static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN); static char *log_buf = __log_buf; static u32 log_buf_len = __LOG_BUF_LEN; -- 2.47.1

1 month, 2 weeks

2
1
0 0

[PATCH v4 4/6] misc: pci_endpoint_test: Fix irq_type to convey the correct type

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, "irq_type" as global and test->irq_type. The global is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). The type set in this function isn't reflected in the global "irq_type", so ioctl(PCITEST_GET_IRQTYPE) returns the previous type. As a result, the wrong type is displayed in old "pcitest" as follows: # pcitest -i 0 SET IRQ TYPE TO LEGACY: OKAY # pcitest -I GET IRQ TYPE: MSI And new "pcitest" in kselftest results in an error as follows: # RUN pci_ep_basic.LEGACY_IRQ_TEST ... # pci_endpoint_test.c:104:LEGACY_IRQ_TEST:Expected 0 (0) == ret (1) # pci_endpoint_test.c:104:LEGACY_IRQ_TEST:Can't get Legacy IRQ type Fix this issue by propagating the current type to the global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index acf3d8dab131..896392c428de 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -833,6 +833,7 @@ static int pci_endpoint_test_set_irq(struct pci_endpoint_test *test, return ret; } + irq_type = test->irq_type; return 0; } -- 2.25.1

1 month, 2 weeks

2
1
0 0

[PATCH 5/5] batman-adv: Ignore own maximum aggregation size during RX

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> An OGMv1 and OGMv2 packet receive processing were not only limited by the number of bytes in the received packet but also by the nodes maximum aggregation packet size limit. But this limit is relevant for TX and not for RX. It must not be enforced by batadv_(i)v_ogm_aggr_packet to avoid loss of information in case of a different limit for sender and receiver. This has a minor side effect for B.A.T.M.A.N. IV because the batadv_iv_ogm_aggr_packet is also used for the preprocessing for the TX. But since the aggregation code itself will not allow more than BATADV_MAX_AGGREGATION_BYTES bytes, this check was never triggering (in this context) prior of removing it. Cc: stable(a)vger.kernel.org Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_iv_ogm.c | 3 +-- net/batman-adv/bat_v_ogm.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index 07ae5dd1f150..b12645949ae5 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -325,8 +325,7 @@ batadv_iv_ogm_aggr_packet(int buff_pos, int packet_len, /* check if there is enough space for the optional TVLV */ next_buff_pos += ntohs(ogm_packet->tvlv_len); - return (next_buff_pos <= packet_len) && - (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES); + return next_buff_pos <= packet_len; } /* send a batman ogm to a given interface */ diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index e503ee0d896b..8f89ffe6020c 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -839,8 +839,7 @@ batadv_v_ogm_aggr_packet(int buff_pos, int packet_len, /* check if there is enough space for the optional TVLV */ next_buff_pos += ntohs(ogm2_packet->tvlv_len); - return (next_buff_pos <= packet_len) && - (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES); + return next_buff_pos <= packet_len; } /** -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH 4/5] batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1()

by Simon Wunderlich

From: Remi Pommarel <repk(a)triplefau.lt> Since commit 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data"), the introduction of batadv_tvlv_tt_data's flex array member in batadv_tt_tvlv_ogm_handler_v1() put tt_changes at invalid offset. Those TT changes are supposed to be filled from the end of batadv_tvlv_tt_data structure (including vlan_data flexible array), but only the flex array size is taken into account missing completely the size of the fixed part of the structure itself. Fix the tt_change offset computation by using struct_size() instead of flex_array_size() so both flex array member and its container structure sizes are taken into account. Cc: stable(a)vger.kernel.org Fixes: 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data") Signed-off-by: Remi Pommarel <repk(a)triplefau.lt> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/translation-table.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 760d51fdbdf6..7d5de4cbb814 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -3959,23 +3959,21 @@ static void batadv_tt_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, struct batadv_tvlv_tt_change *tt_change; struct batadv_tvlv_tt_data *tt_data; u16 num_entries, num_vlan; - size_t flex_size; + size_t tt_data_sz; if (tvlv_value_len < sizeof(*tt_data)) return; tt_data = tvlv_value; - tvlv_value_len -= sizeof(*tt_data); - num_vlan = ntohs(tt_data->num_vlan); - flex_size = flex_array_size(tt_data, vlan_data, num_vlan); - if (tvlv_value_len < flex_size) + tt_data_sz = struct_size(tt_data, vlan_data, num_vlan); + if (tvlv_value_len < tt_data_sz) return; tt_change = (struct batadv_tvlv_tt_change *)((void *)tt_data - + flex_size); - tvlv_value_len -= flex_size; + + tt_data_sz); + tvlv_value_len -= tt_data_sz; num_entries = batadv_tt_entries(tvlv_value_len); -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH 3/5] batman-adv: Drop unmanaged ELP metric worker

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v.c | 2 -- net/batman-adv/bat_v_elp.c | 71 ++++++++++++++++++++++++++------------ net/batman-adv/bat_v_elp.h | 2 -- net/batman-adv/types.h | 3 -- 4 files changed, 48 insertions(+), 30 deletions(-) diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /** -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH 2/5] batman-adv: Ignore neighbor throughput metrics in error case

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> If a temporary error happened in the evaluation of the neighbor throughput information, then the invalid throughput result should not be stored in the throughtput EWMA. Cc: stable(a)vger.kernel.org Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v_elp.c | 50 ++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index fbf499bcc671..65e52de52bcd 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -59,11 +59,13 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface) /** * batadv_v_elp_get_throughput() - get the throughput towards a neighbour * @neigh: the neighbour for which the throughput has to be obtained + * @pthroughput: calculated throughput towards the given neighbour in multiples + * of 100kpbs (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc). * - * Return: The throughput towards the given neighbour in multiples of 100kpbs - * (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc). + * Return: true when value behind @pthroughput was set */ -static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) +static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, + u32 *pthroughput) { struct batadv_hard_iface *hard_iface = neigh->if_incoming; struct net_device *soft_iface = hard_iface->soft_iface; @@ -77,14 +79,16 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) * batman-adv interface */ if (!soft_iface) - return BATADV_THROUGHPUT_DEFAULT_VALUE; + return false; /* if the user specified a customised value for this interface, then * return it directly */ throughput = atomic_read(&hard_iface->bat_v.throughput_override); - if (throughput != 0) - return throughput; + if (throughput != 0) { + *pthroughput = throughput; + return true; + } /* if this is a wireless device, then ask its throughput through * cfg80211 API @@ -111,19 +115,24 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) * possible to delete this neighbor. For now set * the throughput metric to 0. */ - return 0; + *pthroughput = 0; + return true; } if (ret) goto default_throughput; - if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) - return sinfo.expected_throughput / 100; + if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) { + *pthroughput = sinfo.expected_throughput / 100; + return true; + } /* try to estimate the expected throughput based on reported tx * rates */ - if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) - return cfg80211_calculate_bitrate(&sinfo.txrate) / 3; + if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) { + *pthroughput = cfg80211_calculate_bitrate(&sinfo.txrate) / 3; + return true; + } goto default_throughput; } @@ -142,8 +151,10 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) hard_iface->bat_v.flags &= ~BATADV_FULL_DUPLEX; throughput = link_settings.base.speed; - if (throughput && throughput != SPEED_UNKNOWN) - return throughput * 10; + if (throughput && throughput != SPEED_UNKNOWN) { + *pthroughput = throughput * 10; + return true; + } } default_throughput: @@ -157,7 +168,8 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) } /* if none of the above cases apply, return the base_throughput */ - return BATADV_THROUGHPUT_DEFAULT_VALUE; + *pthroughput = BATADV_THROUGHPUT_DEFAULT_VALUE; + return true; } /** @@ -169,15 +181,21 @@ void batadv_v_elp_throughput_metric_update(struct work_struct *work) { struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; struct batadv_hardif_neigh_node *neigh; + u32 throughput; + bool valid; neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, metric_work); neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, bat_v); - ewma_throughput_add(&neigh->bat_v.throughput, - batadv_v_elp_get_throughput(neigh)); + valid = batadv_v_elp_get_throughput(neigh, &throughput); + if (!valid) + goto put_neigh; + + ewma_throughput_add(&neigh->bat_v.throughput, throughput); +put_neigh: /* decrement refcounter to balance increment performed before scheduling * this task */ -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH 1/5] batman-adv: fix panic during interface removal

by Simon Wunderlich

From: Andy Strohman <andrew(a)andrewstrohman.com> Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft interface up until the work is finished. This fixes a crash triggered by reboot that looks like this: Call trace: batadv_v_mesh_free+0xd0/0x4dc [batman_adv] batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x178/0x398 worker_thread+0x2e8/0x4d0 kthread+0xd8/0xdc ret_from_fork+0x10/0x20 (the batadv_v_mesh_free call is misleading, and does not actually happen) I was able to make the issue happen more reliably by changing hardif_neigh->bat_v.metric_work work to be delayed work. This allowed me to track down and confirm the fix. Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Andy Strohman <andrew(a)andrewstrohman.com> [sven(a)narfation.org: prevent entering batadv_v_elp_get_throughput without soft_iface] Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v_elp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 1d704574e6bf..fbf499bcc671 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -66,12 +66,19 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface) static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) { struct batadv_hard_iface *hard_iface = neigh->if_incoming; + struct net_device *soft_iface = hard_iface->soft_iface; struct ethtool_link_ksettings link_settings; struct net_device *real_netdev; struct station_info sinfo; u32 throughput; int ret; + /* don't query throughput when no longer associated with any + * batman-adv interface + */ + if (!soft_iface) + return BATADV_THROUGHPUT_DEFAULT_VALUE; + /* if the user specified a customised value for this interface, then * return it directly */ @@ -141,7 +148,7 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) default_throughput: if (!(hard_iface->bat_v.flags & BATADV_WARNING_DEFAULT)) { - batadv_info(hard_iface->soft_iface, + batadv_info(soft_iface, "WiFi driver or ethtool info does not provide information about link speeds on interface %s, therefore defaulting to hardcoded throughput values of %u.%1u Mbps. Consider overriding the throughput manually or checking your driver.\n", hard_iface->net_dev->name, BATADV_THROUGHPUT_DEFAULT_VALUE / 10, -- 2.39.5

1 month, 2 weeks

1
0
0 0

[PATCH stable 6.6] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..9db35305f257 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

1 month, 2 weeks

4
5
0 0

FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030948-playhouse-strongman-c9c3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan <surenb(a)google.com> Date: Wed, 26 Feb 2025 10:55:09 -0800 Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index f5c6b3454f76..d06453fa8aba 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; put_swap_device(si); si = NULL;

1 month, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030947-disloyal-bust-0d23@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan <surenb(a)google.com> Date: Wed, 26 Feb 2025 10:55:09 -0800 Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index f5c6b3454f76..d06453fa8aba 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; put_swap_device(si); si = NULL;

1 month, 2 weeks

3
2
0 0

Re: [PATCH] drm/ttm/tests: fix potential null pointer dereference in ttm_bo_unreserve_bulk()

by Qasim Ijaz

On Thu, Mar 13, 2025 at 03:20:34PM +0100, Christian König wrote: > Am 11.03.25 um 20:01 schrieb Qasim Ijaz: > > In the ttm_bo_unreserve_bulk() test function, resv is allocated > > using kunit_kzalloc(), but the subsequent assertion mistakenly > > verifies the ttm_dev pointer instead of checking the resv pointer. > > This mistake means that if allocation for resv fails, the error will > > go undetected, resv will be NULL and a call to dma_resv_init(resv) > > The description here is correct, but the subject line is a bit misleading. > > Please use something like this instead "drm/ttm/tests: incorrect assert in ttm_bo_unreserve_bulk()". > > > will dereference a NULL pointer. > > That irrelevant, an allocation failure will result in a NULL pointer deref anyway. This is just an unit test. > > > > > Fix the assertion to properly verify the resv pointer. > > > > Fixes: 588c4c8d58c4 ("drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk") > > Cc: stable(a)vger.kernel.org > > Please drop those tags. This is just an unit test, not relevant for stability and therefore shouldn't be backported. > > Regards, > Christian. > Thank you for the feedback Christian, I will resend a new patch with the changes you described. Thanks, Qasim. > > Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> > > --- > > drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > index f8f20d2f6174..e08e5a138420 100644 > > --- a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > +++ b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > @@ -340,7 +340,7 @@ static void ttm_bo_unreserve_bulk(struct kunit *test) > > KUNIT_ASSERT_NOT_NULL(test, ttm_dev); > > > > resv = kunit_kzalloc(test, sizeof(*resv), GFP_KERNEL); > > - KUNIT_ASSERT_NOT_NULL(test, ttm_dev); > > + KUNIT_ASSERT_NOT_NULL(test, resv); > > > > err = ttm_device_kunit_init(priv, ttm_dev, false, false); > > KUNIT_ASSERT_EQ(test, err, 0); >

1 month, 2 weeks

1
0
0 0

[PATCH 5.4,4.10 1/2] perf cs-etm: Add missing variable in cs_etm__process_queues()

by Ben Hutchings

Commit 5afd032961e8 "perf cs-etm: Don't flush when packet_queue fills up" uses i as a loop counter in cs_etm__process_queues(). It was backported to the 5.4 and 5.10 stable branches, but the i variable doesn't exist there as it was only added in 5.15. Declare i with the expected type. Fixes: 1ed167325c32 ("perf cs-etm: Don't flush when packet_queue fills up") Fixes: 26db806fa23e ("perf cs-etm: Don't flush when packet_queue fills up") Signed-off-by: Ben Hutchings <benh(a)debian.org> --- tools/perf/util/cs-etm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c index e3fa32b83367..2055d582a8a4 100644 --- a/tools/perf/util/cs-etm.c +++ b/tools/perf/util/cs-etm.c @@ -2171,7 +2171,7 @@ static int cs_etm__process_timeless_queues(struct cs_etm_auxtrace *etm, static int cs_etm__process_queues(struct cs_etm_auxtrace *etm) { int ret = 0; - unsigned int cs_queue_nr, queue_nr; + unsigned int cs_queue_nr, queue_nr, i; u8 trace_chan_id; u64 timestamp; struct auxtrace_queue *queue;

1 month, 2 weeks

3
7
0 0

[PATCH] drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini()

by Wentao Liang

In gfx_v12_0_cp_gfx_load_me_microcode_rs64(), gfx_v12_0_pfp_fini() is incorrectly used to free 'me' field of 'gfx', since gfx_v12_0_pfp_fini() can only release 'pfp' field of 'gfx'. The release function of 'me' field should be gfx_v12_0_me_fini(). Fixes: 52cb80c12e8a ("drm/amdgpu: Add gfx v12_0 ip block support (v6)") Cc: stable(a)vger.kernel.org # 6.11+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c index da327ab48a57..02bc2eddf0c0 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c @@ -2413,7 +2413,7 @@ static int gfx_v12_0_cp_gfx_load_me_microcode_rs64(struct amdgpu_device *adev) (void **)&adev->gfx.me.me_fw_data_ptr); if (r) { dev_err(adev->dev, "(%d) failed to create me data bo\n", r); - gfx_v12_0_pfp_fini(adev); + gfx_v12_0_me_fini(adev); return r; } -- 2.42.0.windows.2

1 month, 2 weeks

3
2
0 0

[PATCH] drm/amd/display: avoid NPD when ASIC does not support DMUB

by Thadeu Lima de Souza Cascardo

ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 37.447808] #PF: supervisor read access in kernel mode [ 37.452959] #PF: error_code(0x0000) - not-present page [ 37.458112] PGD 0 P4D 0 [ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88 [ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.572697] Call Trace: [ 37.575152] <TASK> [ 37.577258] ? __die_body+0x66/0xb0 [ 37.580756] ? page_fault_oops+0x3e7/0x4a0 [ 37.584861] ? exc_page_fault+0x3e/0xe0 [ 37.588706] ? exc_page_fault+0x5c/0xe0 [ 37.592550] ? asm_exc_page_fault+0x22/0x30 [ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.601107] dcn10_cursor_lock+0x1e1/0x240 [ 37.605211] program_cursor_attributes+0x81/0x190 [ 37.609923] commit_planes_for_stream+0x998/0x1ef0 [ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0 [ 37.619703] dc_update_planes_and_stream+0x78/0x140 [ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0 [ 37.629832] ? srso_return_thunk+0x5/0x5f [ 37.633847] ? mark_held_locks+0x6d/0xd0 [ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.642135] ? srso_return_thunk+0x5/0x5f [ 37.646148] ? lockdep_hardirqs_on+0x95/0x150 [ 37.650510] ? srso_return_thunk+0x5/0x5f [ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50 [ 37.658883] ? srso_return_thunk+0x5/0x5f [ 37.662897] ? wait_for_common+0x186/0x1c0 [ 37.666998] ? srso_return_thunk+0x5/0x5f [ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170 [ 37.675983] commit_tail+0xf5/0x1c0 [ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0 [ 37.684186] drm_atomic_commit+0xd6/0x100 [ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10 [ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130 [ 37.698054] drm_mode_cursor_common+0x501/0x670 [ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.707572] drm_mode_cursor_ioctl+0x48/0x70 [ 37.711851] drm_ioctl_kernel+0xf2/0x150 [ 37.715781] drm_ioctl+0x363/0x590 [ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.724165] amdgpu_drm_ioctl+0x41/0x80 [ 37.728013] __se_sys_ioctl+0x7f/0xd0 [ 37.731685] do_syscall_64+0x87/0x100 [ 37.735355] ? vma_end_read+0x12/0xe0 [ 37.739024] ? srso_return_thunk+0x5/0x5f [ 37.743041] ? find_held_lock+0x47/0xf0 [ 37.746884] ? vma_end_read+0x12/0xe0 [ 37.750552] ? srso_return_thunk+0x5/0x5f [ 37.754565] ? lock_release+0x1c4/0x2e0 [ 37.758406] ? vma_end_read+0x12/0xe0 [ 37.762079] ? exc_page_fault+0x84/0xe0 [ 37.765921] ? srso_return_thunk+0x5/0x5f [ 37.769938] ? lockdep_hardirqs_on+0x95/0x150 [ 37.774303] ? srso_return_thunk+0x5/0x5f [ 37.778317] ? exc_page_fault+0x84/0xe0 [ 37.782163] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 37.787218] RIP: 0033:0x784aa5ec3059 [ 37.790803] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1d 48 8b 45 c8 64 48 2b 04 25 28 00 0 [ 37.809553] RSP: 002b:0000784a9cdf90e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.817121] RAX: ffffffffffffffda RBX: 0000784a9cdf917c RCX: 0000784aa5ec3059 [ 37.824256] RDX: 0000784a9cdf917c RSI: 00000000c01c64a3 RDI: 0000000000000020 [ 37.831391] RBP: 0000784a9cdf9130 R08: 0000000000000100 R09: 0000000000ff0000 [ 37.838525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000025c01606ed0 [ 37.845657] R13: 0000025c00030200 R14: 00000000c01c64a3 R15: 0000000000000020 [ 37.852799] </TASK> [ 37.854992] Modules linked in: [ 37.864546] gsmi: Log Shutdown Reason 0x03 [ 37.868656] CR2: 0000000000000058 [ 37.871979] ---[ end trace 0000000000000000 ]--- [ 37.880976] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.885954] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.904703] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.909933] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.917068] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.924201] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.931336] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.938469] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.945602] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.953689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.959435] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.966570] Kernel panic - not syncing: Fatal exception [ 37.971901] Kernel Offset: 0x30200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 37.982840] gsmi: Log Shutdown Reason 0x02 Fixes: b5c764d6ed55 ("drm/amd/display: Use HW lock mgr for PSR1") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org Cc: Sun peng Li <sunpeng.li(a)amd.com> Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Daniel Wheeler <daniel.wheeler(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c index 5bb8b78bf250a0e56c3e99ce7c99ed7f70c8f0f6..eef817a4c580aca2ebc7fb1b77cfc0377d477bdc 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c @@ -63,6 +63,9 @@ void dmub_hw_lock_mgr_inbox0_cmd(struct dc_dmub_srv *dmub_srv, bool should_use_dmub_lock(struct dc_link *link) { + /* ASIC doesn't support DMUB */ + if (!link->ctx->dmub_srv) + return false; if (link->psr_settings.psr_version == DC_PSR_VERSION_SU_1 || link->psr_settings.psr_version == DC_PSR_VERSION_1) return true; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250205-amdgpu-dmub-3fc25a0bc68e Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

1 month, 2 weeks

4
4
0 0

[PATCH 1/1] PCI/bwctrl: Disable PCIe BW controller during reset

by Ilpo Järvinen

PCIe BW controller enables BW notifications for Downstream Ports by setting Link Bandwidth Management Interrupt Enable (LBMIE) and Link Autonomous Bandwidth Interrupt Enable (LABIE) (PCIe Spec. r6.2 sec. 7.5.3.7). It was discovered that performing a reset can lead to the device underneath the Downstream Port becoming unavailable if BW notifications are left enabled throughout the reset sequence (at least LBMIE was found to cause an issue). While the PCIe Specifications do not indicate BW notifications could not be kept enabled during resets, the PCIe Link state during an intentional reset is not of large interest. Thus, disable BW controller for the bridge while reset is performed and re-enable it after the reset has completed to workaround the problems some devices encounter if BW notifications are left on throughout the reset sequence. Keep a counter for the disable/enable because MFD will execute pci_dev_save_and_disable() and pci_dev_restore() back to back for sibling devices: [ 50.139010] vfio-pci 0000:01:00.0: resetting [ 50.139053] vfio-pci 0000:01:00.1: resetting [ 50.141126] pcieport 0000:00:01.1: PME: Spurious native interrupt! [ 50.141133] pcieport 0000:00:01.1: PME: Spurious native interrupt! [ 50.441466] vfio-pci 0000:01:00.0: reset done [ 50.501534] vfio-pci 0000:01:00.1: reset done Fixes: 665745f27487 ("PCI/bwctrl: Re-add BW notification portdrv as PCIe BW controller") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219765 Tested-by: Joel Mathew Thomas <proxy0(a)tutamail.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- I suspect the root cause is some kind of violation of specifications. Resets shouldn't cause devices to become unavailable just because BW notifications have been enabled. Before somebody comments on those dual rwsems, I do have yet to be submitted patch to simplify the locking as per Lukas Wunner's earlier suggestion. I've just focused on solving the regressions first. drivers/pci/pci.c | 8 +++++++ drivers/pci/pci.h | 4 ++++ drivers/pci/pcie/bwctrl.c | 49 ++++++++++++++++++++++++++++++++------- 3 files changed, 53 insertions(+), 8 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 869d204a70a3..7a53d7474175 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5148,6 +5148,7 @@ static void pci_dev_save_and_disable(struct pci_dev *dev) { const struct pci_error_handlers *err_handler = dev->driver ? dev->driver->err_handler : NULL; + struct pci_dev *bridge = pci_upstream_bridge(dev); /* * dev->driver->err_handler->reset_prepare() is protected against @@ -5166,6 +5167,9 @@ static void pci_dev_save_and_disable(struct pci_dev *dev) */ pci_set_power_state(dev, PCI_D0); + if (bridge) + pcie_bwnotif_disable(bridge); + pci_save_state(dev); /* * Disable the device by clearing the Command register, except for @@ -5181,9 +5185,13 @@ static void pci_dev_restore(struct pci_dev *dev) { const struct pci_error_handlers *err_handler = dev->driver ? dev->driver->err_handler : NULL; + struct pci_dev *bridge = pci_upstream_bridge(dev); pci_restore_state(dev); + if (bridge) + pcie_bwnotif_enable(bridge); + /* * dev->driver->err_handler->reset_done() is protected against * races with ->remove() by the device lock, which must be held by diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index 01e51db8d285..856546f1aad9 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -759,12 +759,16 @@ static inline void pcie_ecrc_get_policy(char *str) { } #ifdef CONFIG_PCIEPORTBUS void pcie_reset_lbms_count(struct pci_dev *port); int pcie_lbms_count(struct pci_dev *port, unsigned long *val); +void pcie_bwnotif_enable(struct pci_dev *port); +void pcie_bwnotif_disable(struct pci_dev *port); #else static inline void pcie_reset_lbms_count(struct pci_dev *port) {} static inline int pcie_lbms_count(struct pci_dev *port, unsigned long *val) { return -EOPNOTSUPP; } +static inline void pcie_bwnotif_enable(struct pci_dev *port) {} +static inline void pcie_bwnotif_disable(struct pci_dev *port) {} #endif struct pci_dev_reset_methods { diff --git a/drivers/pci/pcie/bwctrl.c b/drivers/pci/pcie/bwctrl.c index 0a5e7efbce2c..a117f6f67c07 100644 --- a/drivers/pci/pcie/bwctrl.c +++ b/drivers/pci/pcie/bwctrl.c @@ -40,11 +40,13 @@ * @set_speed_mutex: Serializes link speed changes * @lbms_count: Count for LBMS (since last reset) * @cdev: Thermal cooling device associated with the port + * @disable_count: BW notifications disabled/enabled counter */ struct pcie_bwctrl_data { struct mutex set_speed_mutex; atomic_t lbms_count; struct thermal_cooling_device *cdev; + int disable_count; }; /* @@ -200,10 +202,9 @@ int pcie_set_target_speed(struct pci_dev *port, enum pci_bus_speed speed_req, return ret; } -static void pcie_bwnotif_enable(struct pcie_device *srv) +static void __pcie_bwnotif_enable(struct pci_dev *port) { - struct pcie_bwctrl_data *data = srv->port->link_bwctrl; - struct pci_dev *port = srv->port; + struct pcie_bwctrl_data *data = port->link_bwctrl; u16 link_status; int ret; @@ -224,12 +225,44 @@ static void pcie_bwnotif_enable(struct pcie_device *srv) pcie_update_link_speed(port->subordinate); } -static void pcie_bwnotif_disable(struct pci_dev *port) +void pcie_bwnotif_enable(struct pci_dev *port) +{ + guard(rwsem_read)(&pcie_bwctrl_setspeed_rwsem); + guard(rwsem_read)(&pcie_bwctrl_lbms_rwsem); + + if (!port->link_bwctrl) + return; + + port->link_bwctrl->disable_count--; + if (!port->link_bwctrl->disable_count) { + __pcie_bwnotif_enable(port); + pci_dbg(port, "BW notifications enabled\n"); + } + WARN_ON_ONCE(port->link_bwctrl->disable_count < 0); +} + +static void __pcie_bwnotif_disable(struct pci_dev *port) { pcie_capability_clear_word(port, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_LBMIE | PCI_EXP_LNKCTL_LABIE); } +void pcie_bwnotif_disable(struct pci_dev *port) +{ + guard(rwsem_read)(&pcie_bwctrl_setspeed_rwsem); + guard(rwsem_read)(&pcie_bwctrl_lbms_rwsem); + + if (!port->link_bwctrl) + return; + + port->link_bwctrl->disable_count++; + + if (port->link_bwctrl->disable_count == 1) { + __pcie_bwnotif_disable(port); + pci_dbg(port, "BW notifications disabled\n"); + } +} + static irqreturn_t pcie_bwnotif_irq(int irq, void *context) { struct pcie_device *srv = context; @@ -314,7 +347,7 @@ static int pcie_bwnotif_probe(struct pcie_device *srv) return ret; } - pcie_bwnotif_enable(srv); + __pcie_bwnotif_enable(port); } } @@ -336,7 +369,7 @@ static void pcie_bwnotif_remove(struct pcie_device *srv) scoped_guard(rwsem_write, &pcie_bwctrl_setspeed_rwsem) { scoped_guard(rwsem_write, &pcie_bwctrl_lbms_rwsem) { - pcie_bwnotif_disable(srv->port); + __pcie_bwnotif_disable(srv->port); free_irq(srv->irq, srv); @@ -347,13 +380,13 @@ static void pcie_bwnotif_remove(struct pcie_device *srv) static int pcie_bwnotif_suspend(struct pcie_device *srv) { - pcie_bwnotif_disable(srv->port); + __pcie_bwnotif_disable(srv->port); return 0; } static int pcie_bwnotif_resume(struct pcie_device *srv) { - pcie_bwnotif_enable(srv); + __pcie_bwnotif_enable(srv->port); return 0; } base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b -- 2.39.5

1 month, 2 weeks

2
7
0 0

[PATCH] drm/ttm/tests: fix potential null pointer dereference in ttm_bo_unreserve_bulk()

by Qasim Ijaz

In the ttm_bo_unreserve_bulk() test function, resv is allocated using kunit_kzalloc(), but the subsequent assertion mistakenly verifies the ttm_dev pointer instead of checking the resv pointer. This mistake means that if allocation for resv fails, the error will go undetected, resv will be NULL and a call to dma_resv_init(resv) will dereference a NULL pointer. Fix the assertion to properly verify the resv pointer. Fixes: 588c4c8d58c4 ("drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c index f8f20d2f6174..e08e5a138420 100644 --- a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c +++ b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c @@ -340,7 +340,7 @@ static void ttm_bo_unreserve_bulk(struct kunit *test) KUNIT_ASSERT_NOT_NULL(test, ttm_dev); resv = kunit_kzalloc(test, sizeof(*resv), GFP_KERNEL); - KUNIT_ASSERT_NOT_NULL(test, ttm_dev); + KUNIT_ASSERT_NOT_NULL(test, resv); err = ttm_device_kunit_init(priv, ttm_dev, false, false); KUNIT_ASSERT_EQ(test, err, 0); -- 2.39.5

1 month, 2 weeks

2
1
0 0

[PATCH 5.4 000/328] 5.4.291-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.291 release. There are 328 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 13 Mar 2025 14:56:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.291-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.291-rc1 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: skip BAR resizing if the bios already did it Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Yang Yang <yang.yang29(a)zte.com.cn> kernel/acct.c: use dedicated helper to access rlimit values Hui Su <sh_def(a)163.com> kernel/acct.c: use #elif instead of #end and #elif Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Maksym Glubokiy <maksym.glubokiy(a)plvision.eu> net: extract port range fields from fl_flow_key Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add type for ALC287 Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Davidlohr Bueso <dave(a)stgolabs.net> usb/gadget: f_midi: Replace tasklet with work Allen Pais <allen.lkml(a)gmail.com> usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: Increase DWC3 controller halt timeout Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - some more fixes to RSA test vectors Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - populate RSA CRT parameters in RSA test vectors lei he <helei.sig11(a)bytedance.com> crypto: testmgr - fix version number of RSA tests Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - Fix wrong test case of RSA Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - fix wrong key length for pkcs1pad Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Xin Long <lucien.xin(a)gmail.com> vlan: move dev_put into vlan_dev_uninit Xin Long <lucien.xin(a)gmail.com> vlan: introduce vlan_dev_free_egress_priority Stefan Berger <stefanb(a)linux.ibm.com> ima: Fix use-after-free on a dentry's dname.name Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" David Woodhouse <dwmw(a)amazon.co.uk> x86/i8253: Disable PIT timer 0 when not in use Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> parport_pc: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> serial: 8250_pci: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> can: ems_pci: move ASIX AX99100 ids to pci_ids.h Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not output warnings when clearing dirty buffers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Li Zetao <lizetao1(a)huawei.com> neighbour: delete redundant judgment statements Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Jiri Pirko <jiri(a)nvidia.com> net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Huacai Chen <chenhuacai(a)loongson.cn> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)linux.alibaba.com> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Petr Tesarik <petr.tesarik.ext(a)huawei.com> xen: remove a confusing comment on auto-translated guest I/O Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Emil Renner Berthing <kernel(a)esmil.dk> net: usb: rtl8150: use new tasklet API Romain Perier <romain.perier(a)gmail.com> tasklet: Introduce new initialization API Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: add bounds checks to host bulk flow fairness counts Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: eliminate staggered calls to kunmap in nilfs_rename Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Oleksij Rempel <linux(a)rempel-privat.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Malcolm Priestley <tvboxspy(a)gmail.com> media: lmedm04: Use GFP_KERNEL for URB allocation/submission. Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leonro(a)nvidia.com> RDMA/mlx4: Avoid false error about access to uninitialized gids array Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Kees Cook <keescook(a)chromium.org> selftests/harness: Display signed values correctly Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused dualmac control leftovers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused timer and related code Jakob Koschel <jakobkoschel(a)gmail.com> rtlwifi: replace usage of found with dedicated list iterator variable Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct Kees Cook <keescook(a)chromium.org> overflow: Allow mixed type arguments Keith Busch <kbusch(a)kernel.org> overflow: Correct check_shl_overflow() comment Kees Cook <keescook(a)chromium.org> overflow: Add __must_check attribute to check_*() helpers Ben Hutchings <benh(a)debian.org> udf: Fix use of check_add_overflow() with mixed type arguments Ben Hutchings <benh(a)debian.org> perf cs-etm: Add missing variable in cs_etm__process_queues() ------------- Diffstat: .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- Makefile | 9 +- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 2 + arch/alpha/kernel/entry.S | 24 +-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm/boot/dts/mt7623.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/kernel/cacheinfo.c | 12 +- arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/kvm/vsie.c | 25 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/intel.c | 52 +++-- arch/x86/kernel/i8253.c | 11 +- arch/x86/mm/init.c | 32 +-- arch/x86/xen/mmu_pv.c | 79 +++++-- block/partitions/ldm.h | 2 +- block/partitions/mac.c | 18 +- crypto/testmgr.h | 227 +++++++++++++++------ drivers/acpi/apei/ghes.c | 10 +- drivers/base/bus.c | 2 + drivers/base/regmap/regmap-irq.c | 2 + drivers/block/nbd.c | 1 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clocksource/i8253.c | 13 +- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/core.c | 13 +- drivers/dma/ti/edma.c | 3 +- drivers/firmware/Kconfig | 2 +- drivers/gpio/gpio-bcm-kona.c | 71 +++++-- drivers/gpio/gpio-rcar.c | 7 +- drivers/gpio/gpio-stmpe.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 16 ++ drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/drm_dp_cec.c | 14 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-core.c | 2 + drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hid/wacom_wac.c | 5 + drivers/hwmon/ad7314.c | 10 + drivers/hwmon/ntc_thermistor.c | 66 +++--- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/leds/leds-lp8860.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ov5640.c | 1 + drivers/media/platform/exynos4-is/mipi-csis.c | 10 +- drivers/media/platform/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 14 +- drivers/media/usb/uvc/uvc_ctrl.c | 85 ++++++-- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 9 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/sdio.c | 2 + drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/net/caif/caif_virtio.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/ethernet/broadcom/tg3.c | 58 ++++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 31 ++- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/loopback.c | 14 ++ drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/team/team.c | 11 +- drivers/net/tun.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/net/usb/rtl8150.c | 28 ++- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/realtek/rtlwifi/base.c | 36 +--- drivers/net/wireless/realtek/rtlwifi/base.h | 2 - drivers/net/wireless/realtek/rtlwifi/pci.c | 65 +----- .../net/wireless/realtek/rtlwifi/rtl8192se/dm.c | 42 ++-- .../net/wireless/realtek/rtlwifi/rtl8192se/fw.c | 40 ++-- .../net/wireless/realtek/rtlwifi/rtl8192se/hw.c | 157 +++++++------- .../net/wireless/realtek/rtlwifi/rtl8192se/led.c | 10 +- .../net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 211 ++++++++++--------- .../net/wireless/realtek/rtlwifi/rtl8192se/rf.c | 70 +++---- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 11 +- .../net/wireless/realtek/rtlwifi/rtl8192se/trx.c | 10 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 --- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 8 +- drivers/nvmem/core.c | 2 + drivers/of/base.c | 8 +- drivers/parport/parport_pc.c | 5 + drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/power/supply/da9150-fg.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++------ drivers/ptp/ptp_clock.c | 8 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/regulator/of_regulator.c | 14 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/storvsc_drv.c | 1 + drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/slimbus/messaging.c | 5 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-mxs.c | 3 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/tee/optee/supp.c | 35 +--- drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 ++ drivers/tty/serial/8250/8250_pci.c | 10 + drivers/tty/serial/8250/8250_port.c | 9 + drivers/tty/serial/sh-sci.c | 25 ++- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/class/cdc-acm.c | 28 ++- drivers/usb/core/hub.c | 13 +- drivers/usb/core/quirks.c | 10 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 37 +++- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/f_midi.c | 22 +- drivers/usb/gadget/function/f_tcm.c | 54 ++--- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-pci.c | 8 +- drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/host/xhci.c | 23 ++- drivers/usb/host/xhci.h | 9 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 +++-- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 + drivers/usb/typec/tcpm/tcpm.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 2 +- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 + drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + fs/afs/xdr_fs.h | 2 +- fs/binfmt_flat.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/super.c | 2 +- fs/btrfs/transaction.c | 4 +- fs/nfsd/nfs4callback.c | 1 + fs/nilfs2/dir.c | 24 +-- fs/nilfs2/inode.c | 10 +- fs/nilfs2/mdt.c | 6 +- fs/nilfs2/namei.c | 37 ++-- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/page.c | 55 ++--- fs/nilfs2/page.h | 4 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/dir.c | 25 ++- fs/ocfs2/quota_global.c | 5 + fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/orangefs/orangefs-debugfs.c | 4 +- fs/squashfs/inode.c | 5 +- fs/ubifs/debug.c | 22 +- fs/udf/super.c | 2 +- include/linux/i8253.h | 1 + include/linux/interrupt.h | 28 ++- include/linux/kallsyms.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/netdevice.h | 6 + include/linux/overflow.h | 101 +++++---- include/linux/pci_ids.h | 4 + include/linux/pps_kernel.h | 3 +- include/linux/usb/hcd.h | 5 +- include/net/flow_dissector.h | 16 ++ include/net/flow_offload.h | 6 + include/net/l3mdev.h | 2 + include/net/net_namespace.h | 15 +- include/trace/events/oom.h | 36 +++- kernel/acct.c | 141 ++++++++----- kernel/events/core.c | 17 +- kernel/padata.c | 2 +- kernel/power/hibernate.c | 7 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/softirq.c | 18 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ftrace.c | 27 ++- mm/memcontrol.c | 7 +- mm/oom_kill.c | 14 +- mm/page_alloc.c | 1 + net/8021q/vlan.c | 3 +- net/8021q/vlan.h | 2 +- net/8021q/vlan_dev.c | 15 +- net/8021q/vlan_netlink.c | 7 +- net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 116 ++++++++--- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/bluetooth/l2cap_sock.c | 3 +- net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/drop_monitor.c | 39 ++-- net/core/flow_dissector.c | 49 +++-- net/core/flow_offload.c | 7 + net/core/neighbour.c | 11 +- net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/ipmr_base.c | 3 - net/ipv4/route.c | 8 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp.c | 4 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/ipv6/ndisc.c | 28 +-- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/llc/llc_s_ac.c | 49 +++-- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/openvswitch/datapath.c | 12 +- net/rose/af_rose.c | 24 ++- net/rose/rose_timer.c | 15 ++ net/sched/cls_flower.c | 8 +- net/sched/sch_api.c | 4 + net/sched/sch_cake.c | 140 +++++++------ net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/sunrpc/cache.c | 10 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- scripts/Makefile.extrawarn | 5 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- security/integrity/ima/ima_api.c | 16 +- security/integrity/ima/ima_template_lib.c | 17 +- security/tomoyo/common.c | 2 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 86 +++++++- sound/soc/codecs/es8328.c | 15 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 +- sound/soc/sunxi/sun4i-spdif.c | 7 + tools/perf/bench/epoll-wait.c | 7 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/cs-etm.c | 2 +- tools/perf/util/env.c | 5 +- tools/perf/util/env.h | 2 +- tools/perf/util/header.c | 8 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + tools/testing/selftests/kselftest_harness.h | 42 +++- tools/testing/selftests/net/udpgso.c | 26 +++ 305 files changed, 3058 insertions(+), 1680 deletions(-)

1 month, 2 weeks

5
335
0 0

[PATCH net 13/13] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family

by Marek Behún

Implement the workaround for erratum 3.3 RGMII timing may be out of spec when transmit delay is enabled for the 6320 family, which says: When transmit delay is enabled via Port register 1 bit 14 = 1, duty cycle may be out of spec. Under very rare conditions this may cause the attached device receive CRC errors. Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 5.4.x --- drivers/net/dsa/mv88e6xxx/chip.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 898aff46693b..6e7c9bbd9787 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -3674,6 +3674,21 @@ static int mv88e6xxx_stats_setup(struct mv88e6xxx_chip *chip) return mv88e6xxx_g1_stats_clear(chip); } +static int mv88e6320_setup_errata(struct mv88e6xxx_chip *chip) +{ + u16 dummy; + int err; + + /* Workaround for erratum + * 3.3 RGMII timing may be out of spec when transmit delay is enabled + */ + err = mv88e6xxx_port_hidden_write(chip, 0, 0xf, 0x7, 0xe000); + if (err) + return err; + + return mv88e6xxx_port_hidden_read(chip, 0, 0xf, 0x7, &dummy); +} + /* Check if the errata has already been applied. */ static bool mv88e6390_setup_errata_applied(struct mv88e6xxx_chip *chip) { @@ -5125,6 +5140,7 @@ static const struct mv88e6xxx_ops mv88e6290_ops = { static const struct mv88e6xxx_ops mv88e6320_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, @@ -5180,6 +5196,7 @@ static const struct mv88e6xxx_ops mv88e6320_ops = { static const struct mv88e6xxx_ops mv88e6321_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH net 12/13] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family

by Marek Behún

Fix internal PHYs definition for the 6320 family, which has only 2 internal PHYs (on ports 3 and 4). Fixes: bc3931557d1d ("net: dsa: mv88e6xxx: Add number of internal PHYs") Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.6.x --- drivers/net/dsa/mv88e6xxx/chip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 3849b8d55fa9..898aff46693b 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -6240,7 +6240,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, @@ -6267,7 +6268,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, -- 2.48.1

1 month, 2 weeks

1
0
0 0

[PATCH v4 0/3] leds: rgb: leds-qcom-lpg: PWM fixes

by Abel Vesa

The PWM allow configuring the PWM resolution from 8 bits PWM values up to 15 bits values, for the Hi-Res PWMs, and then either 6-bit or 9-bit for the normal PWMs. The current implementation loops through all possible resolutions (PWM sizes), for the PWM subtype, on top of the already existing process of determining the prediv, exponent and refclk. The first and second issues are related to capping the computed PWM value. The third issue is that it uses the wrong maximum possible PWM value for determining the best matched period. Fix all of them. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v4: - Rebased on next-20250305 - Re-worded the commit messages for the first two patches to include an example that should better explain what the issue that is being fixed is. As per Uwe's request. - Link to v3: https://lore.kernel.org/r/20250303-leds-qcom-lpg-fix-max-pwm-on-hi-res-v3-0… Changes in v3: - Added a new patch that fixes the normal PWMs, since they now support 6-bit resolution as well. Added it as first patch. - Re-worded the second patch. Included Bjorn's suggestion and R-b tag. - Link to v2: https://lore.kernel.org/r/20250226-leds-qcom-lpg-fix-max-pwm-on-hi-res-v2-0… Changes in v2: - Re-worded the commit to drop the details that are not important w.r.t. what the patch is fixing. - Added another patch which fixes the resolution used for determining best matched period and PWM config. - Link to v1: https://lore.kernel.org/r/20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-v1-1… --- Abel Vesa (3): leds: rgb: leds-qcom-lpg: Fix pwm resolution max for normal PWMs leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs drivers/leds/rgb/leds-qcom-lpg.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- base-commit: 7ec162622e66a4ff886f8f28712ea1b13069e1aa change-id: 20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-067e8782a79b Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 month, 2 weeks

2
3
0 0

FAILED: patch "[PATCH] virt: sev-guest: Move SNP Guest Request data pages handling" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 3e385c0d6ce88ac9916dcf84267bd5855d830748 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030957-magnetism-lustily-55d9@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e385c0d6ce88ac9916dcf84267bd5855d830748 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy <aik(a)amd.com> Date: Fri, 7 Mar 2025 12:37:00 +1100 Subject: [PATCH] virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex Compared to the SNP Guest Request, the "Extended" version adds data pages for receiving certificates. If not enough pages provided, the HV can report to the VM how much is needed so the VM can reallocate and repeat. Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") moved handling of the allocated/desired pages number out of scope of said mutex and create a possibility for a race (multiple instances trying to trigger Extended request in a VM) as there is just one instance of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex. Fix the issue by moving the data blob/size and the GHCB input struct (snp_req_data) into snp_guest_req which is allocated on stack now and accessed by the GHCB caller under that mutex. Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of four callers needs it. Free the received blob in get_ext_report() right after it is copied to the userspace. Possible future users of snp_send_guest_request() are likely to have different ideas about the buffer size anyways. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Nikunj A Dadhania <nikunj(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250307013700.437505-3-aik@amd.com diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..96c7bc698e6b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2853,19 +2853,8 @@ struct snp_msg_desc *snp_msg_alloc(void) if (!mdesc->response) goto e_free_request; - mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); - if (!mdesc->certs_data) - goto e_free_response; - - /* initial the input address for guest request */ - mdesc->input.req_gpa = __pa(mdesc->request); - mdesc->input.resp_gpa = __pa(mdesc->response); - mdesc->input.data_gpa = __pa(mdesc->certs_data); - return mdesc; -e_free_response: - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); e_free_request: free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); e_unmap: @@ -2885,7 +2874,6 @@ void snp_msg_free(struct snp_msg_desc *mdesc) kfree(mdesc->ctx); free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); iounmap((__force void __iomem *)mdesc->secrets); memset(mdesc, 0, sizeof(*mdesc)); @@ -3054,7 +3042,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(req, &mdesc->input, rio); + rc = snp_issue_guest_request(req, &req->input, rio); switch (rc) { case -ENOSPC: /* @@ -3064,7 +3052,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = mdesc->input.data_npages; + override_npages = req->input.data_npages; req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* @@ -3120,7 +3108,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r } if (override_npages) - mdesc->input.data_npages = override_npages; + req->input.data_npages = override_npages; return rc; } @@ -3158,6 +3146,11 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req */ memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request)); + /* Initialize the input address for guest request */ + req->input.req_gpa = __pa(mdesc->request); + req->input.resp_gpa = __pa(mdesc->response); + req->input.data_gpa = req->certs_data ? __pa(req->certs_data) : 0; + rc = __handle_guest_request(mdesc, req, rio); if (rc) { if (rc == -EIO && diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..ba7999f66abe 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -203,6 +203,9 @@ struct snp_guest_req { unsigned int vmpck_id; u8 msg_version; u8 msg_type; + + struct snp_req_data input; + void *certs_data; }; /* @@ -263,9 +266,6 @@ struct snp_msg_desc { struct snp_guest_msg secret_request, secret_response; struct snp_secrets_page *secrets; - struct snp_req_data input; - - void *certs_data; struct aesgcm_ctx *ctx; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 23ac177472be..70fbc9a3e703 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -176,6 +176,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_guest_req req = {}; int ret, npages = 0, resp_len; sockptr_t certs_address; + struct page *page; if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; @@ -209,8 +210,20 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ - memset(mdesc->certs_data, 0, report_req->certs_len); npages = report_req->certs_len >> PAGE_SHIFT; + page = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, + get_order(report_req->certs_len)); + if (!page) + return -ENOMEM; + + req.certs_data = page_address(page); + ret = set_memory_decrypted((unsigned long)req.certs_data, npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(report_req->certs_len)); + return -EFAULT; + } + cmd: /* * The intermediate response buffer is used while decrypting the @@ -219,10 +232,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques */ resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize; report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!report_resp) - return -ENOMEM; + if (!report_resp) { + ret = -ENOMEM; + goto e_free_data; + } - mdesc->input.data_npages = npages; + req.input.data_npages = npages; req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; @@ -237,7 +252,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - report_req->certs_len = mdesc->input.data_npages << PAGE_SHIFT; + report_req->certs_len = req.input.data_npages << PAGE_SHIFT; if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) ret = -EFAULT; @@ -246,7 +261,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && copy_to_sockptr(certs_address, mdesc->certs_data, report_req->certs_len)) { + if (npages && copy_to_sockptr(certs_address, req.certs_data, report_req->certs_len)) { ret = -EFAULT; goto e_free; } @@ -256,6 +271,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques e_free: kfree(report_resp); +e_free_data: + if (npages) { + if (set_memory_encrypted((unsigned long)req.certs_data, npages)) + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + else + __free_pages(page, get_order(report_req->certs_len)); + } return ret; }

1 month, 2 weeks

5
10
0 0

[PATCH 5.10.y] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel

by Abdelkareem Abdelsaamad

From: Sean Christopherson <seanjc(a)google.com> commit a8de7f100bb5989d9c3627d3a223ee1c863f3b69 upstream. Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlightenments are exposed to the guest without an in-kernel local APIC: dump_stack+0xbe/0xfd __kasan_report.cold+0x34/0x84 kasan_report+0x3a/0x50 __apic_accept_irq+0x3a/0x5c0 kvm_hv_send_ipi.isra.0+0x34e/0x820 kvm_hv_hypercall+0x8d9/0x9d0 kvm_emulate_hypercall+0x506/0x7e0 __vmx_handle_exit+0x283/0xb60 vmx_handle_exit+0x1d/0xd0 vcpu_enter_guest+0x16b0/0x24c0 vcpu_run+0xc0/0x550 kvm_arch_vcpu_ioctl_run+0x170/0x6d0 kvm_vcpu_ioctl+0x413/0xb20 __se_sys_ioctl+0x111/0x160 do_syscal1_64+0x30/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode can't be modified after vCPUs are created, i.e. if one vCPU has an in-kernel local APIC, then all vCPUs have an in-kernel local APIC. Reported-by: Dongjie Zou <zoudongjie(a)huawei.com> Fixes: 214ff83d4473 ("KVM: x86: hyperv: implement PV IPI send hypercalls") Fixes: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID") Cc: stable(a)vger.kernel.org Reviewed-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Link: https://lore.kernel.org/r/20250118003454.2619573-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 72167a9d7da2 ("KVM: x86: hyper-v: Stop shadowing global 'current_vcpu' variable") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- arch/x86/kvm/hyperv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 20eb8f55e1f1..e097faf12c82 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1618,6 +1618,9 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *current_vcpu, u64 ingpa, u64 outgpa, u32 vector; bool all_cpus; + if (!lapic_in_kernel(current_vcpu)) + return HV_STATUS_INVALID_HYPERCALL_INPUT; + if (!ex) { if (!fast) { if (unlikely(kvm_read_guest(kvm, ingpa, &send_ipi, @@ -2060,7 +2063,8 @@ int kvm_vcpu_ioctl_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->eax |= HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED; ent->eax |= HV_X64_APIC_ACCESS_RECOMMENDED; ent->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED; - ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; + if (!vcpu || lapic_in_kernel(vcpu)) + ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; ent->eax |= HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED; if (evmcs_ver) ent->eax |= HV_X64_ENLIGHTENED_VMCS_RECOMMENDED; -- 2.47.1

1 month, 2 weeks

2
1
0 0

[PATCH 5.10.y] x86/kexec: fix memory leak of elf header buffer

by Abdelkareem Abdelsaamad

From: Baoquan He <bhe(a)redhat.com> commit b3e34a47f98974d0844444c5121aaff123004e57 upstream. This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160 [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0 [<0000000019afff23>] crash_load_segments+0x260/0x470 [<0000000019ebe95c>] bzImage64_load+0x814/0xad0 [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0 [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0 [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530 [<0000000087c19992>] do_syscall_64+0x3b/0x90 [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers. While it's not freed back to system correctly when kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing x86 specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there. And also remove the incorrect elf header buffer freeing code. Before calling arch specific kexec_file loading function, the image instance has been initialized. So 'image->elf_headers' must be NULL. It doesn't make sense to free the elf header buffer in the place. Three different people have reported three bugs about the memory leak on x86_64 inside Redhat. Link: https://lkml.kernel.org/r/20220223113225.63106-2-bhe@redhat.com Signed-off-by: Baoquan He <bhe(a)redhat.com> Acked-by: Dave Young <dyoung(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 179350f00e06 ("x86: Use ELF fields defined in 'struct kimage'") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- arch/x86/kernel/machine_kexec_64.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index a29a44a98e5b..19f6aafd595a 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -402,9 +402,6 @@ void machine_kexec(struct kimage *image) #ifdef CONFIG_KEXEC_FILE void *arch_kexec_kernel_image_load(struct kimage *image) { - vfree(image->arch.elf_headers); - image->arch.elf_headers = NULL; - if (!image->fops || !image->fops->load) return ERR_PTR(-ENOEXEC); @@ -540,6 +537,15 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, (int)ELF64_R_TYPE(rel[i].r_info), value); return -ENOEXEC; } + +int arch_kimage_file_post_load_cleanup(struct kimage *image) +{ + vfree(image->arch.elf_headers); + image->arch.elf_headers = NULL; + image->arch.elf_headers_sz = 0; + + return kexec_image_post_load_cleanup_default(image); +} #endif /* CONFIG_KEXEC_FILE */ static int -- 2.47.1

1 month, 2 weeks

2
1
0 0

[PATCH 6.1.y] fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super

by Miguel García

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> commit 91a4b1ee78cb100b19b70f077c247f211110348f upstream. This patch is a backport and fixes an UBSAN warning about shift-out-of-bounds in ntfs_fill_super() function of the NTFS3 driver. The original code incorrectly calculated MFT record size, causing undefined behavior when performing bit shifts with values that exceed type limits. The fix has been verified by executing the syzkaller reproducer test case. After applying this patch, the system successfully handles the test case without kernel panic or UBSAN warnings. Bug: https://syzkaller.appspot.com/bug?extid=010986becd65dbf9464b Reported-by: syzbot+010986becd65dbf9464b(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Miguel Garcia Roman <miguelgarciaroman8(a)gmail.com> (cherry picked from commit 91a4b1ee78cb100b19b70f077c247f211110348f) --- fs/ntfs3/ntfs_fs.h | 2 ++ fs/ntfs3/super.c | 68 +++++++++++++++++++++++++++++++--------------- 2 files changed, 48 insertions(+), 22 deletions(-) diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 26dbe1b46fdd..cbbf1ccc38e3 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -42,9 +42,11 @@ enum utf16_endian; #define MINUS_ONE_T ((size_t)(-1)) /* Biggest MFT / smallest cluster */ #define MAXIMUM_BYTES_PER_MFT 4096 +#define MAXIMUM_SHIFT_BYTES_PER_MFT 12 #define NTFS_BLOCKS_PER_MFT_RECORD (MAXIMUM_BYTES_PER_MFT / 512) #define MAXIMUM_BYTES_PER_INDEX 4096 +#define MAXIMUM_SHIFT_BYTES_PER_INDEX 12 #define NTFS_BLOCKS_PER_INODE (MAXIMUM_BYTES_PER_INDEX / 512) /* NTFS specific error code when fixup failed. */ diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index eee54214f4a3..a9063771afcc 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -680,7 +680,7 @@ static u32 true_sectors_per_clst(const struct NTFS_BOOT *boot) * ntfs_init_from_boot - Init internal info from on-disk boot sector. */ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, - u64 dev_size) + u64 dev_size) { struct ntfs_sb_info *sbi = sb->s_fs_info; int err; @@ -705,12 +705,12 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* 0x55AA is not mandaroty. Thanks Maxim Suhanov*/ /*if (0x55 != boot->boot_magic[0] || 0xAA != boot->boot_magic[1]) - * goto out; + * goto out; */ boot_sector_size = (u32)boot->bytes_per_sector[1] << 8; if (boot->bytes_per_sector[0] || boot_sector_size < SECTOR_SIZE || - !is_power_of_2(boot_sector_size)) { + !is_power_of_2(boot_sector_size)) { goto out; } @@ -733,15 +733,49 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* Check MFT record size. */ if ((boot->record_size < 0 && - SECTOR_SIZE > (2U << (-boot->record_size))) || - (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + SECTOR_SIZE > (2U << (-boot->record_size))) || + (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + goto out; + } + + /* Calculate cluster size */ + sbi->cluster_size = boot_sector_size * sct_per_clst; + sbi->cluster_bits = blksize_bits(sbi->cluster_size); + + if (boot->record_size >= 0) { + record_size = (u32)boot->record_size << sbi->cluster_bits; + } else if (-boot->record_size <= MAXIMUM_SHIFT_BYTES_PER_MFT) { + record_size = 1u << (-boot->record_size); + } else { + ntfs_err(sb, "%s: invalid record size %d.", "NTFS", + boot->record_size); + goto out; + } + + sbi->record_size = record_size; + sbi->record_bits = blksize_bits(record_size); + sbi->attr_size_tr = (5 * record_size >> 4); // ~320 bytes + + if (record_size > MAXIMUM_BYTES_PER_MFT) { + ntfs_err(sb, "Unsupported bytes per MFT record %u.", + record_size); + goto out; + } + + if (boot->index_size >= 0) { + sbi->index_size = (u32)boot->index_size << sbi->cluster_bits; + } else if (-boot->index_size <= MAXIMUM_SHIFT_BYTES_PER_INDEX) { + sbi->index_size = 1u << (-boot->index_size); + } else { + ntfs_err(sb, "%s: invalid index size %d.", "NTFS", + boot->index_size); goto out; } /* Check index record size. */ if ((boot->index_size < 0 && - SECTOR_SIZE > (2U << (-boot->index_size))) || - (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { + SECTOR_SIZE > (2U << (-boot->index_size))) || + (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { goto out; } @@ -762,9 +796,6 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, dev_size += sector_size - 1; } - sbi->cluster_size = boot_sector_size * sct_per_clst; - sbi->cluster_bits = blksize_bits(sbi->cluster_size); - sbi->mft.lbo = mlcn << sbi->cluster_bits; sbi->mft.lbo2 = mlcn2 << sbi->cluster_bits; @@ -785,9 +816,9 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sbi->cluster_mask = sbi->cluster_size - 1; sbi->cluster_mask_inv = ~(u64)sbi->cluster_mask; sbi->record_size = record_size = boot->record_size < 0 - ? 1 << (-boot->record_size) - : (u32)boot->record_size - << sbi->cluster_bits; + ? 1 << (-boot->record_size) + : (u32)boot->record_size + << sbi->cluster_bits; if (record_size > MAXIMUM_BYTES_PER_MFT || record_size < SECTOR_SIZE) goto out; @@ -801,8 +832,8 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, ALIGN(sizeof(enum ATTR_TYPE), 8); sbi->index_size = boot->index_size < 0 - ? 1u << (-boot->index_size) - : (u32)boot->index_size << sbi->cluster_bits; + ? 1u << (-boot->index_size) + : (u32)boot->index_size << sbi->cluster_bits; sbi->volume.ser_num = le64_to_cpu(boot->serial_num); @@ -871,13 +902,6 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sb->s_maxbytes = 0xFFFFFFFFull << sbi->cluster_bits; #endif - /* - * Compute the MFT zone at two steps. - * It would be nice if we are able to allocate 1/8 of - * total clusters for MFT but not more then 512 MB. - */ - sbi->zone_max = min_t(CLST, 0x20000000 >> sbi->cluster_bits, clusters >> 3); - err = 0; out: -- 2.34.1

1 month, 2 weeks

2
1
0 0

[PATCH 6.6.y] bpf: Use raw_spinlock_t in ringbuf

by jianqi.ren.cn＠windriver.com

From: Wander Lairson Costa <wander.lairson(a)gmail.com> [ Upstream commit 8b62645b09f870d70c7910e7550289d444239a46 ] The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_count: 1, expected: 0 RCU nest depth: 1, expected: 1 INFO: lockdep is turned off. Preemption disabled at: [<ffffd33a5c88ea44>] migrate_enable+0xc0/0x39c CPU: 7 PID: 556208 Comm: test_progs Tainted: G Hardware name: Qualcomm SA8775P Ride (DT) Call trace: dump_backtrace+0xac/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0xac/0xe8 dump_stack+0x18/0x30 __might_resched+0x3bc/0x4fc rt_spin_lock+0x8c/0x1a4 __bpf_ringbuf_reserve+0xc4/0x254 bpf_ringbuf_reserve_dynptr+0x5c/0xdc bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238 trace_call_bpf+0x238/0x774 perf_call_bpf_enter.isra.0+0x104/0x194 perf_syscall_enter+0x2f8/0x510 trace_sys_enter+0x39c/0x564 syscall_trace_enter+0x220/0x3c0 do_el0_svc+0x138/0x1dc el0_svc+0x54/0x130 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Switch the spinlock to raw_spinlock_t to avoid this error. Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Brian Grech <bgrech(a)redhat.com> Signed-off-by: Wander Lairson Costa <wander.lairson(a)gmail.com> Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/r/20240920190700.617253-1-wander@redhat.com Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- kernel/bpf/ringbuf.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index 528f4d634226..6aff5ee483b6 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -29,7 +29,7 @@ struct bpf_ringbuf { u64 mask; struct page **pages; int nr_pages; - spinlock_t spinlock ____cacheline_aligned_in_smp; + raw_spinlock_t spinlock ____cacheline_aligned_in_smp; /* For user-space producer ring buffers, an atomic_t busy bit is used * to synchronize access to the ring buffers in the kernel, rather than * the spinlock that is used for kernel-producer ring buffers. This is @@ -173,7 +173,7 @@ static struct bpf_ringbuf *bpf_ringbuf_alloc(size_t data_sz, int numa_node) if (!rb) return NULL; - spin_lock_init(&rb->spinlock); + raw_spin_lock_init(&rb->spinlock); atomic_set(&rb->busy, 0); init_waitqueue_head(&rb->waitq); init_irq_work(&rb->work, bpf_ringbuf_notify); @@ -417,10 +417,10 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) cons_pos = smp_load_acquire(&rb->consumer_pos); if (in_nmi()) { - if (!spin_trylock_irqsave(&rb->spinlock, flags)) + if (!raw_spin_trylock_irqsave(&rb->spinlock, flags)) return NULL; } else { - spin_lock_irqsave(&rb->spinlock, flags); + raw_spin_lock_irqsave(&rb->spinlock, flags); } pend_pos = rb->pending_pos; @@ -446,7 +446,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) */ if (new_prod_pos - cons_pos > rb->mask || new_prod_pos - pend_pos > rb->mask) { - spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } @@ -458,7 +458,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) /* pairs with consumer's smp_load_acquire() */ smp_store_release(&rb->producer_pos, new_prod_pos); - spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return (void *)hdr + BPF_RINGBUF_HDR_SZ; } -- 2.25.1

1 month, 2 weeks

2
1
0 0

[PATCH net] net: mana: cleanup mana struct after debugfs_remove()

by Shradha Gupta

When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized and ends up pointing to older, cleaned-up dentry. Further in the hibernation path, as part of power_down(), mana_gd_shutdown() is triggered. This call, unaware of the failures in resume, tries to cleanup the already cleaned up mana_port_debugfs value and hits the following bug: [ 191.359296] mana 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access in kernel mode [ 191.361125] #PF: error_code(0x0002) - not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098 [ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] <TASK> [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] ? __die+0x24/0x70 [ 191.374468] ? page_fault_oops+0x290/0x5b0 [ 191.374875] ? do_user_addr_fault+0x448/0x800 [ 191.375357] ? exc_page_fault+0x7a/0x160 [ 191.375971] ? asm_exc_page_fault+0x27/0x30 [ 191.376416] ? down_write+0x19/0x50 [ 191.376832] ? down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] ? __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] ? __flush_work+0x1e2/0x3b0 [ 191.379362] ? __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] ? __pfx_lru_add+0x10/0x10 [ 191.387515] ? queued_spin_unlock+0x9/0x10 [ 191.387937] ? do_anonymous_page+0x33c/0xa00 [ 191.388374] ? __handle_mm_fault+0xcf3/0x1210 [ 191.388805] ? __count_memcg_events+0xbe/0x180 [ 191.389235] ? handle_mm_fault+0xae/0x300 [ 191.389588] ? do_user_addr_fault+0x559/0x800 [ 191.390027] ? irqentry_exit_to_user_mode+0x43/0x230 [ 191.390525] ? irqentry_exit+0x1d/0x30 [ 191.390879] ? exc_page_fault+0x86/0x160 [ 191.391235] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 191.391745] RIP: 0033:0x7dbc4ff1c574 [ 191.392111] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 [ 191.393412] RSP: 002b:00007ffd95a23ab8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 191.393990] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007dbc4ff1c574 [ 191.394594] RDX: 0000000000000005 RSI: 00005a6eeadb0ce0 RDI: 0000000000000001 [ 191.395215] RBP: 00007ffd95a23ae0 R08: 00007dbc50003b20 R09: 0000000000000000 [ 191.395805] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000005 [ 191.396404] R13: 00005a6eeadb0ce0 R14: 00007dbc500045c0 R15: 00007dbc50001ee0 [ 191.396987] </TASK> To fix this, we explicitly set such mana debugfs variables to NULL after debugfs_remove() is called. Fixes: 6607c17c6c5e ("net: mana: Enable debugfs files for MANA device") Cc: stable(a)vger.kernel.org Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/gdma_main.c | 11 ++++++++++- drivers/net/ethernet/microsoft/mana/mana_en.c | 10 ++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index c15a5ef4674e..f1966788c98e 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -1579,6 +1579,7 @@ static int mana_gd_probe(struct pci_dev *pdev, const struct pci_device_id *ent) * adapter-MTU file and apc->mana_pci_debugfs folder. */ debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; pci_iounmap(pdev, bar0_va); free_gc: pci_set_drvdata(pdev, NULL); @@ -1601,6 +1602,8 @@ static void mana_gd_remove(struct pci_dev *pdev) debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; + pci_iounmap(pdev, gc->bar0_va); vfree(gc); @@ -1656,6 +1659,8 @@ static void mana_gd_shutdown(struct pci_dev *pdev) debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; + pci_disable_device(pdev); } @@ -1682,8 +1687,10 @@ static int __init mana_driver_init(void) mana_debugfs_root = debugfs_create_dir("mana", NULL); err = pci_register_driver(&mana_driver); - if (err) + if (err) { debugfs_remove(mana_debugfs_root); + mana_debugfs_root = NULL; + } return err; } @@ -1693,6 +1700,8 @@ static void __exit mana_driver_exit(void) pci_unregister_driver(&mana_driver); debugfs_remove(mana_debugfs_root); + + mana_debugfs_root = NULL; } module_init(mana_driver_init); diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 2d826077d38c..9a8171f099b6 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -748,12 +748,11 @@ static const struct net_device_ops mana_devops = { static void mana_cleanup_port_context(struct mana_port_context *apc) { /* - * at this point all dir/files under the vport directory - * are already cleaned up. - * We are sure the apc->mana_port_debugfs remove will not - * cause any freed memory access issues + * make sure subsequent cleanup attempts don't end up removing already + * cleaned dentry pointer */ debugfs_remove(apc->mana_port_debugfs); + apc->mana_port_debugfs = NULL; kfree(apc->rxqs); apc->rxqs = NULL; } @@ -1264,6 +1263,7 @@ static void mana_destroy_eq(struct mana_context *ac) return; debugfs_remove_recursive(ac->mana_eqs_debugfs); + ac->mana_eqs_debugfs = NULL; for (i = 0; i < gc->max_num_queues; i++) { eq = ac->eqs[i].eq; @@ -1926,6 +1926,7 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { debugfs_remove_recursive(apc->tx_qp[i].mana_tx_debugfs); + apc->tx_qp[i].mana_tx_debugfs = NULL; napi = &apc->tx_qp[i].tx_cq.napi; if (apc->tx_qp[i].txq.napi_initialized) { @@ -2113,6 +2114,7 @@ static void mana_destroy_rxq(struct mana_port_context *apc, return; debugfs_remove_recursive(rxq->mana_rx_debugfs); + rxq->mana_rx_debugfs = NULL; napi = &rxq->rx_cq.napi; -- 2.34.1

1 month, 2 weeks

3
2
0 0

Linux 6.13.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.7 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/sysctl/kernel.rst | 11 Documentation/devicetree/bindings/iio/adc/adi,ad7606.yaml | 1 Makefile | 7 arch/arm/mm/fault-armv.c | 37 +- arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 +--- arch/loongarch/include/asm/bug.h | 13 arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 +++ arch/loongarch/kvm/exit.c | 6 arch/loongarch/kvm/main.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/loongarch/kvm/vm.c | 6 arch/loongarch/mm/mmap.c | 6 arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 18 - arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/pgtable_64.c | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/svm/svm.c | 49 +++ arch/x86/kvm/svm/svm.h | 2 arch/x86/kvm/svm/vmenter.S | 10 arch/x86/kvm/vmx/vmx.c | 8 arch/x86/kvm/vmx/vmx.h | 2 arch/x86/kvm/x86.c | 2 block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 drivers/gpu/drm/imagination/pvr_queue.c | 18 - drivers/gpu/drm/imagination/pvr_queue.h | 4 drivers/gpu/drm/imagination/pvr_vm.c | 134 +++++++-- drivers/gpu/drm/imagination/pvr_vm.h | 3 drivers/gpu/drm/nouveau/Kconfig | 1 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tiny/bochs.c | 5 drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_hmm.c | 188 +++++++++---- drivers/gpu/drm/xe/xe_hmm.h | 7 drivers/gpu/drm/xe/xe_pt.c | 96 +++--- drivers/gpu/drm/xe/xe_pt_walk.c | 3 drivers/gpu/drm/xe/xe_pt_walk.h | 4 drivers/gpu/drm/xe/xe_vm.c | 100 ++++--- drivers/gpu/drm/xe/xe_vm.h | 10 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-corsair-void.c | 83 +++-- drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++-- drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/ad7192.c | 2 drivers/iio/adc/ad7606.c | 2 drivers/iio/adc/at91-sama5d2_adc.c | 68 ++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 drivers/iio/light/apds9306.c | 4 drivers/iio/light/hid-sensor-prox.c | 7 drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/vsc-tp.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++-------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 drivers/net/ipa/data/ipa_data-v4.7.c | 18 - drivers/net/mctp/mctp-i3c.c | 3 drivers/net/phy/phy.c | 43 +++ drivers/net/phy/phy_device.c | 2 drivers/net/ppp/ppp_generic.c | 28 + drivers/net/wireless/intel/iwlwifi/fw/dump.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 77 +++-- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 23 - drivers/nvme/host/ioctl.c | 12 drivers/nvme/host/tcp.c | 81 +++++ drivers/nvme/target/nvmet.h | 1 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/usb/atm/cxacru.c | 13 drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 +++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 - drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-hub.c | 8 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 25 - drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/typec/ucsi/ucsi_acpi.c | 21 - drivers/usb/typec/ucsi/ucsi_ccg.c | 1 drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 drivers/virt/acrn/hsm.c | 6 drivers/virt/coco/sev-guest/sev-guest.c | 24 + fs/btrfs/inode.c | 9 fs/btrfs/volumes.c | 1 fs/coredump.c | 15 - fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/exfat/file.c | 2 fs/exfat/namei.c | 2 fs/nfs/file.c | 3 fs/smb/client/cifsglob.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/reparse.h | 28 + fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2inode.c | 4 fs/smb/client/smb2ops.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/linux/compaction.h | 5 include/linux/cred.h | 9 include/linux/ethtool.h | 23 + include/linux/hugetlb.h | 4 include/linux/nvme-tcp.h | 2 include/linux/phy.h | 36 ++ include/linux/phylib_stubs.h | 42 ++ include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 15 + kernel/trace/trace_probe.h | 2 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/internal.h | 5 mm/kmsan/hooks.c | 1 mm/memory-failure.c | 63 ++-- mm/memory.c | 21 - mm/memory_hotplug.c | 26 - mm/page_alloc.c | 4 mm/userfaultfd.c | 17 + mm/vma.c | 12 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ethtool/cabletest.c | 8 net/ethtool/linkstate.c | 26 + net/ethtool/netlink.c | 6 net/ethtool/netlink.h | 5 net/ethtool/phy.c | 2 net/ethtool/plca.c | 6 net/ethtool/pse-pd.c | 4 net/ethtool/stats.c | 18 + net/ethtool/strset.c | 2 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 +-- net/mac80211/ieee80211_i.h | 2 net/mac80211/mlme.c | 1 net/mac80211/parse.c | 164 ++++++++--- net/mptcp/pm_netlink.c | 18 + net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 rust/kernel/block/mq/gen_disk.rs | 6 sound/core/seq/seq_clientmgr.c | 46 ++- sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 107 ++++++- sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/testing/selftests/damon/damon_nr_regions.py | 2 tools/testing/selftests/damon/damos_quota.py | 9 tools/testing/selftests/damon/damos_quota_goal.py | 3 tools/testing/selftests/mm/hugepage-mremap.c | 2 tools/testing/selftests/mm/ksm_functional_tests.c | 8 tools/testing/selftests/mm/memfd_secret.c | 14 tools/testing/selftests/mm/mkdirty.c | 8 tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 tools/testing/selftests/mm/uffd-common.c | 4 tools/testing/selftests/mm/uffd-stress.c | 15 - tools/testing/selftests/mm/uffd-unit-tests.c | 14 usr/include/Makefile | 2 239 files changed, 2390 insertions(+), 1068 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alessio Belle (1): drm/imagination: Fix timestamps in firmware traces Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Martin (1): drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Andy Shevchenko (1): eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (3): iio: dac: ad3552r: clear reset status flag dt-bindings: iio: dac: adi-axi-adc: fix ad7606 pwm-names iio: adc: ad7606: fix wrong scale available AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antheas Kapenekakis (1): ALSA: hda/realtek: Remove (revert) duplicate Ally X config Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (1): x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Benjamin Berg (1): wifi: iwlwifi: mvm: log error for failures after D3 Bibo Mao (5): LoongArch: Set hugetlb mmap base address aligned with pmd size LoongArch: Set max_pfn with the PFN of the last page LoongArch: KVM: Add interrupt checking for AVEC LoongArch: KVM: Reload guest CSR registers after sleep LoongArch: KVM: Fix GPA size issue about VM Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Brendan King (3): drm/imagination: avoid deadlock on fence release drm/imagination: Hold drm_gem_gpuva lock for unmap drm/imagination: only init job done fences once Brian Geffon (1): mm: fix finish_fault() handling for large folios Christian A. Ehrhardt (1): acpi: typec: ucsi: Introduce a ->poll_cci method Christian Brauner (1): cred: return old creds from revert_creds_light() Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Dan Carpenter (1): nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Dave Airlie (1): drm/nouveau: select FW caching Emmanuel Grumbach (2): wifi: iwlwifi: mvm: don't dump the firmware state upon RFKILL while suspend wifi: iwlwifi: mvm: don't try to talk to a dead firmware Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Eric Sandeen (1): exfat: short-circuit zero-byte writes in exfat_file_write_iter Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Gabriel Krisman Bertazi (1): Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Greg Kroah-Hartman (1): Linux 6.13.7 Hans de Goede (1): mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): btrfs: fix a leaked chunk map issue in read_one_chunk() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Herbert Xu (1): cred: Fix RCU warnings in override/revert_creds Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Ilan Peer (4): wifi: iwlwifi: Free pages allocated when failing to build A-MSDU wifi: iwlwifi: Fix A-MSDU TSO preparation wifi: mac80211: Support parsing EPCS ML element wifi: iwlwifi: pcie: Fix TSO preparation Jakub Kicinski (1): net: ethtool: plumb PHY stats to PHY drivers Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: apds9306: fix max_scale_nano values Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Johannes Berg (4): wifi: iwlwifi: mvm: clean up ROC on failure wifi: iwlwifi: limit printed string from FW file wifi: mac80211: fix MLE non-inheritance parsing wifi: mac80211: fix vendor-specific inheritance John Hubbard (1): Revert "selftests/mm: remove local __NR_* definitions" Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Kees Cook (1): coredump: Only sort VMAs when core_sort_vma sysctl is set Keith Busch (1): nvme-ioctl: fix leaked requests on mapping error Kenneth Feng (1): drm/amd/pm: always allow ih interrupt from fw Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Lorenzo Stoakes (1): mm: abort vma_modify() on merge out of memory failure Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Ma Wupeng (3): mm: memory-failure: update ttu flag inside unmap_poisoned_folio hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio mm: memory-hotplug: check folio ref count first in do_migrate_range Maarten Lankhorst (1): drm/xe: Remove double pageflip Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marc Zyngier (1): xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Markus Burri (1): iio: adc: ad7192: fix channel select Masami Hiramatsu (Google) (3): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: tprobe-events: Reject invalid tracepoint name tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Matt Johnston (1): mctp i3c: handle NULL header address Matthew Auld (1): drm/xe/userptr: properly setup pfn_flags_mask Matthew Brost (1): drm/xe: Add staging tree for VM binds Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maurizio Lombardi (4): nvmet: remove old function prototype nvme-tcp: add basic support for the C2HTermReq PDU nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme-tcp: Fix a C2HTermReq error message Maxime Chevallier (1): net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (2): usb: xhci: Fix host controllers "dying" after suspend and resume usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Miri Korenblit (1): wifi: iwlwifi: fw: avoid using an uninitialized variable Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Naohiro Aota (1): btrfs: zoned: fix extent range end unlock in cow_file_range() Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikunj A Dadhania (1): virt: sev-guest: Allocate request data dynamically Oleksij Rempel (1): ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pali Rohár (1): cifs: Remove symlink member from cifs_open_info_data union Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (2): loongarch: Use ASM_REACHABLE perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (2): stmmac: loongson: Pass correct arg to PCI function drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qi Zheng (1): arm: pgtable: fix NULL pointer dereference issue Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Ricardo Ribalda (1): iio: hid-sensor-prox: Split difference from multiple channels Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (7): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: SVM: Save host DR masks on CPUs with DebugSwap KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules SeongJae Park (4): selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced selftests/damon/damos_quota: make real expectation of quota exceeds selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Steve French (1): smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Stuart Hayhurst (1): HID: corsair-void: Update power supply values with a unified work handler Suren Baghdasaryan (1): userfaultfd: do not block on locking a large folio with raised refcount Takashi Iwai (2): ALSA: seq: Avoid module auto-load handling at event delivery drm/bochs: Fix DPMS regression Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Hellström (6): drm/xe/hmm: Style- and include fixes drm/xe/hmm: Don't dereference struct page pointers without notifier lock drm/xe/vm: Fix a misplaced #endif drm/xe/vm: Validate userptr during gpu vma prefetching drm/xe: Fix fault mode invalidation with unbind drm/xe/userptr: Unmap userptrs in the mmu notifier Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tvrtko Ursulin (1): drm/xe: Fix GT "for each engine" workarounds Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuezhang Mo (1): exfat: fix just enough dentries but allocate a new cluster to dir Yutaro Ohno (1): rust: block: fix formatting in GenDisk doc Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

1 month, 2 weeks

1
1
0 0

Linux 6.12.19

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.19 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 9 .gitignore | 1 Documentation/admin-guide/sysctl/kernel.rst | 11 Documentation/rust/coding-guidelines.rst | 146 + MAINTAINERS | 8 Makefile | 22 arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 arch/loongarch/include/asm/bug.h | 13 arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 arch/loongarch/kvm/exit.c | 6 arch/loongarch/kvm/main.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/loongarch/kvm/vm.c | 6 arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/powerpc/kvm/e500_mmu_host.c | 19 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 17 arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/pgtable_64.c | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/svm/svm.c | 49 arch/x86/kvm/svm/svm.h | 2 arch/x86/kvm/svm/vmenter.S | 10 arch/x86/kvm/vmx/vmx.c | 8 arch/x86/kvm/vmx/vmx.h | 2 arch/x86/kvm/x86.c | 2 arch/x86/mm/init.c | 23 block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/rnull.rs | 4 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-rcar.c | 31 drivers/gpio/gpio-vf610.c | 11 drivers/gpu/drm/Kconfig | 12 drivers/gpu/drm/Makefile | 6 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 drivers/gpu/drm/drm_client_setup.c | 66 drivers/gpu/drm/drm_fb_helper.c | 85 - drivers/gpu/drm/drm_fbdev_client.c | 141 + drivers/gpu/drm/drm_fbdev_ttm.c | 142 - drivers/gpu/drm/drm_fourcc.c | 30 drivers/gpu/drm/drm_panic_qr.rs | 25 drivers/gpu/drm/i915/display/i9xx_plane.c | 22 drivers/gpu/drm/i915/display/icl_dsi.c | 448 ++--- drivers/gpu/drm/i915/display/icl_dsi.h | 4 drivers/gpu/drm/i915/display/intel_atomic_plane.c | 49 drivers/gpu/drm/i915/display/intel_atomic_plane.h | 19 drivers/gpu/drm/i915/display/intel_color.c | 17 drivers/gpu/drm/i915/display/intel_color.h | 1 drivers/gpu/drm/i915/display/intel_cursor.c | 101 - drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_de.h | 11 drivers/gpu/drm/i915/display/intel_display.c | 58 drivers/gpu/drm/i915/display/intel_display_types.h | 16 drivers/gpu/drm/i915/display/intel_sprite.c | 27 drivers/gpu/drm/i915/display/skl_universal_plane.c | 307 ++- drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 drivers/gpu/drm/imagination/pvr_queue.c | 18 drivers/gpu/drm/imagination/pvr_queue.h | 4 drivers/gpu/drm/imagination/pvr_vm.c | 134 + drivers/gpu/drm/imagination/pvr_vm.h | 3 drivers/gpu/drm/nouveau/Kconfig | 2 drivers/gpu/drm/nouveau/nouveau_drm.c | 10 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_hmm.c | 188 +- drivers/gpu/drm/xe/xe_hmm.h | 7 drivers/gpu/drm/xe/xe_pt.c | 96 - drivers/gpu/drm/xe/xe_pt_walk.c | 3 drivers/gpu/drm/xe/xe_pt_walk.h | 4 drivers/gpu/drm/xe/xe_vm.c | 100 - drivers/gpu/drm/xe/xe_vm.h | 10 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/iio/adc/ad7192.c | 2 drivers/iio/adc/at91-sama5d2_adc.c | 68 drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 drivers/iio/light/apds9306.c | 4 drivers/misc/cardreader/rtsx_usb.c | 15 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/vsc-tp.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 drivers/net/ipa/data/ipa_data-v4.7.c | 18 drivers/net/mctp/mctp-i3c.c | 3 drivers/net/phy/phy.c | 43 drivers/net/phy/phy_device.c | 2 drivers/net/ppp/ppp_generic.c | 28 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 23 drivers/nvme/host/ioctl.c | 20 drivers/nvme/host/nvme.h | 7 drivers/nvme/host/pci.c | 147 + drivers/nvme/host/tcp.c | 81 drivers/nvme/target/tcp.c | 15 drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/usb/atm/cxacru.c | 13 drivers/usb/core/hub.c | 33 drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 - drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-hub.c | 8 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 25 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/typec/ucsi/ucsi_acpi.c | 21 drivers/usb/typec/ucsi/ucsi_ccg.c | 1 drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 drivers/virt/acrn/hsm.c | 6 fs/btrfs/file.c | 9 fs/btrfs/volumes.c | 1 fs/coredump.c | 15 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/exfat/file.c | 2 fs/exfat/namei.c | 2 fs/netfs/read_collect.c | 21 fs/netfs/read_pgpriv2.c | 5 fs/nfs/file.c | 3 fs/smb/client/cifsglob.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/reparse.h | 28 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2inode.c | 4 fs/smb/client/smb2ops.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/drm/drm_client_setup.h | 26 include/drm/drm_drv.h | 18 include/drm/drm_fbdev_client.h | 19 include/drm/drm_fbdev_ttm.h | 13 include/drm/drm_fourcc.h | 1 include/linux/compaction.h | 5 include/linux/ethtool.h | 23 include/linux/hugetlb.h | 4 include/linux/nvme-tcp.h | 2 include/linux/nvme.h | 1 include/linux/phy.h | 36 include/linux/phylib_stubs.h | 42 include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 15 kernel/trace/trace_probe.h | 2 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/internal.h | 5 mm/kasan/kasan_test_rust.rs | 3 mm/kmsan/hooks.c | 1 mm/memory-failure.c | 63 mm/memory.c | 21 mm/memory_hotplug.c | 26 mm/page_alloc.c | 4 mm/userfaultfd.c | 17 mm/vma.c | 12 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ethtool/cabletest.c | 8 net/ethtool/linkstate.c | 26 net/ethtool/netlink.c | 6 net/ethtool/netlink.h | 5 net/ethtool/phy.c | 2 net/ethtool/plca.c | 6 net/ethtool/pse-pd.c | 4 net/ethtool/stats.c | 18 net/ethtool/strset.c | 2 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 net/mac80211/ieee80211_i.h | 2 net/mac80211/mlme.c | 1 net/mac80211/parse.c | 164 + net/mptcp/pm_netlink.c | 18 net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 rust/Makefile | 92 - rust/bindgen_parameters | 5 rust/bindings/bindings_helper.h | 1 rust/bindings/lib.rs | 6 rust/exports.c | 1 rust/ffi.rs | 48 rust/helpers/helpers.c | 1 rust/helpers/slab.c | 6 rust/helpers/vmalloc.c | 9 rust/kernel/alloc.rs | 150 + rust/kernel/alloc/allocator.rs | 208 +- rust/kernel/alloc/allocator_test.rs | 95 + rust/kernel/alloc/box_ext.rs | 89 - rust/kernel/alloc/kbox.rs | 456 +++++ rust/kernel/alloc/kvec.rs | 913 +++++++++++ rust/kernel/alloc/layout.rs | 91 + rust/kernel/alloc/vec_ext.rs | 185 -- rust/kernel/block/mq/gen_disk.rs | 6 rust/kernel/block/mq/operations.rs | 18 rust/kernel/block/mq/raw_writer.rs | 2 rust/kernel/block/mq/tag_set.rs | 2 rust/kernel/error.rs | 82 rust/kernel/firmware.rs | 2 rust/kernel/init.rs | 127 - rust/kernel/init/__internal.rs | 13 rust/kernel/init/macros.rs | 18 rust/kernel/ioctl.rs | 2 rust/kernel/lib.rs | 5 rust/kernel/list.rs | 1 rust/kernel/list/arc_field.rs | 2 rust/kernel/net/phy.rs | 16 rust/kernel/prelude.rs | 5 rust/kernel/print.rs | 5 rust/kernel/rbtree.rs | 49 rust/kernel/std_vendor.rs | 12 rust/kernel/str.rs | 46 rust/kernel/sync/arc.rs | 25 rust/kernel/sync/arc/std_vendor.rs | 2 rust/kernel/sync/condvar.rs | 7 rust/kernel/sync/lock.rs | 8 rust/kernel/sync/lock/mutex.rs | 4 rust/kernel/sync/lock/spinlock.rs | 4 rust/kernel/sync/locked_by.rs | 2 rust/kernel/task.rs | 8 rust/kernel/time.rs | 4 rust/kernel/types.rs | 140 - rust/kernel/uaccess.rs | 48 rust/kernel/workqueue.rs | 29 rust/macros/lib.rs | 14 rust/macros/module.rs | 8 rust/uapi/lib.rs | 6 samples/rust/rust_minimal.rs | 4 samples/rust/rust_print.rs | 1 scripts/Makefile.build | 4 scripts/generate_rust_analyzer.py | 11 sound/core/seq/seq_clientmgr.c | 46 sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 107 + sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 sound/usb/usx2y/usbusx2yaudio.c | 27 tools/testing/selftests/bpf/benchs/bench_trigger.c | 3 tools/testing/selftests/bpf/bpf_util.h | 9 tools/testing/selftests/bpf/map_tests/task_storage_map.c | 3 tools/testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c | 10 tools/testing/selftests/bpf/prog_tests/core_reloc.c | 2 tools/testing/selftests/bpf/prog_tests/linked_funcs.c | 2 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c | 4 tools/testing/selftests/bpf/prog_tests/task_local_storage.c | 8 tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 2 tools/testing/selftests/damon/damon_nr_regions.py | 2 tools/testing/selftests/damon/damos_quota.py | 9 tools/testing/selftests/damon/damos_quota_goal.py | 3 tools/testing/selftests/mm/hugepage-mremap.c | 2 tools/testing/selftests/mm/ksm_functional_tests.c | 8 tools/testing/selftests/mm/memfd_secret.c | 14 tools/testing/selftests/mm/mkdirty.c | 8 tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 tools/testing/selftests/mm/uffd-common.c | 4 tools/testing/selftests/mm/uffd-stress.c | 15 tools/testing/selftests/mm/uffd-unit-tests.c | 14 usr/include/Makefile | 2 335 files changed, 6008 insertions(+), 2448 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alessio Belle (1): drm/imagination: Fix timestamps in firmware traces Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Martin (1): drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antheas Kapenekakis (1): ALSA: hda/realtek: Remove (revert) duplicate Ally X config Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (1): x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Asahi Lina (1): rust: alloc: Fix `ArrayLayout` allocations Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bartosz Golaszewski (1): gpio: vf610: use generic device_get_match_data() Benno Lossin (1): rust: alloc: introduce `ArrayLayout` Bibo Mao (4): LoongArch: Set max_pfn with the PFN of the last page LoongArch: KVM: Add interrupt checking for AVEC LoongArch: KVM: Reload guest CSR registers after sleep LoongArch: KVM: Fix GPA size issue about VM Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Brendan King (3): drm/imagination: avoid deadlock on fence release drm/imagination: Hold drm_gem_gpuva lock for unmap drm/imagination: only init job done fences once Brian Geffon (1): mm: fix finish_fault() handling for large folios Christian A. Ehrhardt (1): acpi: typec: ucsi: Introduce a ->poll_cci method Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Dan Carpenter (1): nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Danilo Krummrich (28): rust: alloc: add `Allocator` trait rust: alloc: separate `aligned_size` from `krealloc_aligned` rust: alloc: rename `KernelAllocator` to `Kmalloc` rust: alloc: implement `ReallocFunc` rust: alloc: make `allocator` module public rust: alloc: implement `Allocator` for `Kmalloc` rust: alloc: add module `allocator_test` rust: alloc: implement `Vmalloc` allocator rust: alloc: implement `KVmalloc` allocator rust: alloc: add __GFP_NOWARN to `Flags` rust: alloc: implement kernel `Box` rust: treewide: switch to our kernel `Box` type rust: alloc: remove extension of std's `Box` rust: alloc: add `Box` to prelude rust: alloc: implement kernel `Vec` type rust: alloc: implement `IntoIterator` for `Vec` rust: alloc: implement `collect` for `IntoIter` rust: treewide: switch to the kernel `Vec` type rust: alloc: remove `VecExt` extension rust: alloc: add `Vec` to prelude rust: error: use `core::alloc::LayoutError` rust: error: check for config `test` in `Error::name` rust: alloc: implement `contains` for `Flags` rust: alloc: implement `Cmalloc` in module allocator_test rust: str: test: replace `alloc::format` rust: alloc: update module comment of alloc.rs kbuild: rust: remove the `alloc` crate and `GlobalAlloc` MAINTAINERS: add entry for the Rust `alloc` module Dave Airlie (1): drm/nouveau: select FW caching Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't try to talk to a dead firmware Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Eric Sandeen (1): exfat: short-circuit zero-byte writes in exfat_file_write_iter Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Ethan D. Twardy (1): rust: kbuild: expand rusttest target for macros Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Filipe Xavier (2): rust: error: make conversion functions public rust: error: optimize error type to use nonzero Gabriel Krisman Bertazi (1): Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Gary Guo (4): rust: fix size_t in bindgen prototypes of C builtins rust: map `__kernel_size_t` and friends also to usize/isize rust: use custom FFI integer types rust: map `long` to `isize` and `char` to `u8` Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.12.19 Hans de Goede (1): mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): btrfs: fix a leaked chunk map issue in read_one_chunk() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Ilan Peer (4): wifi: iwlwifi: Free pages allocated when failing to build A-MSDU wifi: iwlwifi: Fix A-MSDU TSO preparation wifi: mac80211: Support parsing EPCS ML element wifi: iwlwifi: pcie: Fix TSO preparation Imre Deak (1): drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jakub Kicinski (1): net: ethtool: plumb PHY stats to PHY drivers Jani Nikula (1): drm/i915/dsi: convert to struct intel_display Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: apds9306: fix max_scale_nano values Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johan Korsnes (1): gpio: vf610: add locking to gpio direction functions Johannes Berg (4): wifi: iwlwifi: mvm: clean up ROC on failure wifi: iwlwifi: limit printed string from FW file wifi: mac80211: fix MLE non-inheritance parsing wifi: mac80211: fix vendor-specific inheritance John Hubbard (1): Revert "selftests/mm: remove local __NR_* definitions" Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Kees Cook (1): coredump: Only sort VMAs when core_sort_vma sysctl is set Keith Busch (3): nvme-pci: add support for sgl metadata nvme-pci: use sgls for all user requests if possible nvme-ioctl: fix leaked requests on mapping error Kenneth Feng (1): drm/amd/pm: always allow ih interrupt from fw Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Kumar Kartikeya Dwivedi (1): selftests/bpf: Clean up open-coded gettid syscall invocations Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Lorenzo Stoakes (1): mm: abort vma_modify() on merge out of memory failure Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Ma Wupeng (3): mm: memory-failure: update ttu flag inside unmap_poisoned_folio hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio mm: memory-hotplug: check folio ref count first in do_migrate_range Maarten Lankhorst (1): drm/xe: Remove double pageflip Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marc Zyngier (1): xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Markus Burri (1): iio: adc: ad7192: fix channel select Masami Hiramatsu (Google) (3): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: tprobe-events: Reject invalid tracepoint name tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Matt Johnston (1): mctp i3c: handle NULL header address Matthew Auld (1): drm/xe/userptr: properly setup pfn_flags_mask Matthew Brost (1): drm/xe: Add staging tree for VM binds Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maurizio Lombardi (3): nvme-tcp: add basic support for the C2HTermReq PDU nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme-tcp: Fix a C2HTermReq error message Max Kellermann (2): fs/netfs/read_pgpriv2: skip folio queues without `marks3` fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Maxime Chevallier (1): net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Miguel Ojeda (19): rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]` rust: sort global Rust flags rust: types: avoid repetition in `{As,From}Bytes` impls rust: enable `clippy::undocumented_unsafe_blocks` lint rust: enable `clippy::unnecessary_safety_comment` lint rust: enable `clippy::unnecessary_safety_doc` lint rust: enable `clippy::ignored_unit_patterns` lint rust: enable `rustdoc::unescaped_backticks` lint rust: init: remove unneeded `#[allow(clippy::disallowed_names)]` rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]` rust: introduce `.clippy.toml` rust: replace `clippy::dbg_macro` with `disallowed_macros` rust: provide proper code documentation titles rust: enable Clippy's `check-private-items` Documentation: rust: add coding guidelines on lints rust: start using the `#[expect(...)]` attribute Documentation: rust: discuss `#[expect(...)]` in the guidelines rust: finish using custom FFI integer types docs: rust: remove spurious item in `expect` list Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Oleksij Rempel (1): ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pali Rohár (1): cifs: Remove symlink member from cifs_open_info_data union Paolo Bonzini (1): KVM: e500: always restore irqs Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (2): loongarch: Use ASM_REACHABLE perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (2): stmmac: loongson: Pass correct arg to PCI function drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Qu Wenruo (1): btrfs: fix data overwriting bug during buffered write when block size < page size Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (7): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: SVM: Save host DR masks on CPUs with DebugSwap KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules SeongJae Park (4): selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced selftests/damon/damos_quota: make real expectation of quota exceeds selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Steve French (1): smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Suren Baghdasaryan (1): userfaultfd: do not block on locking a large folio with raised refcount Takashi Iwai (1): ALSA: seq: Avoid module auto-load handling at event delivery Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Böhler (7): drm/panic: avoid reimplementing Iterator::find drm/panic: remove unnecessary borrow in alignment_pattern drm/panic: prefer eliding lifetimes drm/panic: remove redundant field when assigning value drm/panic: correctly indent continuation of line in list item drm/panic: allow verbose boolean for clarity drm/panic: allow verbose version check Thomas Hellström (6): drm/xe/hmm: Style- and include fixes drm/xe/hmm: Don't dereference struct page pointers without notifier lock drm/xe/vm: Fix a misplaced #endif drm/xe/vm: Validate userptr during gpu vma prefetching drm/xe: Fix fault mode invalidation with unbind drm/xe/userptr: Unmap userptrs in the mmu notifier Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (5): drm/fbdev-helper: Move color-mode lookup into 4CC format helper drm/fbdev: Add memory-agnostic fbdev client drm: Add client-agnostic setup helper drm/fbdev-ttm: Support struct drm_driver.fbdev_probe drm/nouveau: Run DRM default client setup Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tvrtko Ursulin (1): drm/xe: Fix GT "for each engine" workarounds Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Ville Syrjälä (2): drm/i915/color: Extract intel_color_modeset() drm/i915: Plumb 'dsb' all way to the plane hooks Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuezhang Mo (1): exfat: fix just enough dentries but allocate a new cluster to dir Yutaro Ohno (1): rust: block: fix formatting in GenDisk doc Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

1 month, 2 weeks

1
1
0 0

Linux 6.6.83

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.83 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 1 arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 ++--- arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 +++- arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/powerpc/kvm/e500_mmu_host.c | 21 + arch/riscv/include/asm/cpufeature.h | 1 arch/riscv/include/asm/csr.h | 3 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/include/asm/hwcap.h | 16 + arch/riscv/kernel/cacheinfo.c | 54 +++- arch/riscv/kernel/cpufeature.c | 6 arch/riscv/kernel/setup.c | 6 arch/riscv/kernel/smpboot.c | 4 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 17 + arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/acpi.c | 14 - arch/x86/boot/compressed/cmdline.c | 4 arch/x86/boot/compressed/ident_map_64.c | 7 arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/mem.c | 6 arch/x86/boot/compressed/misc.c | 26 +- arch/x86/boot/compressed/misc.h | 1 arch/x86/boot/compressed/pgtable_64.c | 11 arch/x86/boot/compressed/sev.c | 2 arch/x86/include/asm/boot.h | 2 arch/x86/include/asm/spec-ctrl.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 +++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/svm.c | 21 + arch/x86/kvm/svm/svm.h | 2 arch/x86/mm/init.c | 23 + block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 2 drivers/firmware/efi/libstub/x86-stub.h | 2 drivers/firmware/efi/mokvar-table.c | 42 +-- drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/i915/display/icl_dsi.c | 4 drivers/gpu/drm/i915/display/intel_ddi.c | 46 +++ drivers/gpu/drm/i915/i915_reg.h | 4 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++--- drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/at91-sama5d2_adc.c | 68 +++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 - drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/enetc/enetc.c | 25 +- drivers/net/ethernet/freescale/enetc/enetc.h | 9 drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 27 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 21 + drivers/net/ipa/data/ipa_data-v4.7.c | 18 - drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/spi/spi-mxs.c | 3 drivers/usb/atm/cxacru.c | 13 - drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 ++++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 + drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 - drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 15 - drivers/virt/acrn/hsm.c | 6 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/nfs/direct.c | 19 + fs/nfs/file.c | 3 fs/smb/client/inode.c | 4 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/linux/compaction.h | 5 include/linux/hugetlb.h | 4 include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 2 kernel/trace/trace_probe.h | 1 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/kmsan/hooks.c | 1 mm/memory.c | 6 mm/page_alloc.c | 1 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 ++-- net/mptcp/pm_netlink.c | 18 + net/sched/sch_fifo.c | 3 net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 security/integrity/ima/ima_main.c | 7 security/integrity/integrity.h | 3 sound/core/seq/seq_clientmgr.c | 46 ++- sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 99 ++++++++ sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 ++ sound/usb/usx2y/usbusx2yaudio.c | 27 -- usr/include/Makefile | 2 166 files changed, 1330 insertions(+), 707 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Jones (1): RISC-V: Enable cbo.zero in usermode Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bibo Mao (1): LoongArch: Set max_pfn with the PFN of the last page Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Farouk Bouabid (1): arm64: dts: rockchip: add rs485 support on uart5 of px30-ringneck-haikou Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Gal Pressman (1): net: enetc: Remove setting of RX software timestamp Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.6.83 Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (4): Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Imre Deak (2): drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Lucas De Marchi (1): drm/i915/xe2lpd: Move D2D enable/disable Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Martyn Welch (1): net: enetc: Replace ifdef with IS_ENABLED Masami Hiramatsu (Google) (2): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Miquel Sabaté Solà (1): riscv: Prevent a bad reference count on CPU nodes Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nick Child (2): ibmvnic: Perform tx CSO during send scrq direct ibmvnic: Inspect header requirements before using scrq direct Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Paulo Alcantara (1): smb: client: fix chmod(2) regression with ATTR_READONLY Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Peter Zijlstra (1): perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (1): drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (1): riscv: cacheinfo: Use of_property_present() for non-boolean properties Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roberto Sassu (1): ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Samuel Holland (1): riscv: Fix enabling cbo.zero when running in M-mode Sean Christopherson (2): KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules Takashi Iwai (1): ALSA: seq: Avoid module auto-load handling at event delivery Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Trond Myklebust (1): NFS: O_DIRECT writes must check and adjust the file length Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (1): x86/speculation: Add __update_spec_ctrl() helper Wei Fang (1): net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yong-Xuan Wang (1): riscv: signal: fix signal_minsigstksz Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yunhui Cui (2): riscv: cacheinfo: remove the useless input parameter (node) of ci_leaf_init() riscv: cacheinfo: initialize cacheinfo's level and type from ACPI PPTT Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

1 month, 2 weeks

1
1
0 0

Linux 6.1.131

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.131 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 arch/loongarch/kernel/machine_kexec.c | 4 arch/powerpc/kvm/e500_mmu_host.c | 21 + arch/s390/kernel/traps.c | 6 arch/x86/include/asm/spec-ctrl.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/bugs.c | 2 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 +++- arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/svm/svm.c | 12 + arch/x86/kvm/svm/svm.h | 2 arch/x86/mm/init.c | 23 + block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++--- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/idle/intel_idle.c | 4 drivers/iio/adc/at91-sama5d2_adc.c | 68 +++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 - drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c | 6 drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 21 + drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/slimbus/messaging.c | 5 drivers/spi/spi-mxs.c | 3 drivers/usb/atm/cxacru.c | 13 - drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 ++++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 + drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 - drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/virt/acrn/hsm.c | 6 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/nilfs2/dir.c | 24 -- fs/nilfs2/namei.c | 37 +-- fs/nilfs2/nilfs.h | 10 fs/ntfs3/record.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/transport_ipc.c | 1 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 mm/kmsan/hooks.c | 1 mm/memory.c | 6 mm/page_alloc.c | 1 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 ++-- net/mptcp/pm_netlink.c | 18 + net/vmw_vsock/af_vsock.c | 77 ++++-- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 99 ++++++++ sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 ++ sound/usb/usx2y/usbusx2yaudio.c | 27 -- 106 files changed, 968 insertions(+), 506 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Arnd Bergmann (1): ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.1.131 Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (4): Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Irui Wang (1): media: mediatek: vcodec: Handle invalid decoder vsi Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Konstantin Komarov (1): fs/ntfs3: Add rough attr alloc_size check Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Luczaj (3): bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (4): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nick Child (2): ibmvnic: Perform tx CSO during send scrq direct ibmvnic: Inspect header requirements before using scrq direct Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (1): cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS Philipp Stanner (1): drm/sched: Fix preprocessor guard Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (1): mm: don't skip arch_sync_kernel_mappings() in error paths Ryusuke Konishi (3): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (1): KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tuo Li (1): scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (1): x86/speculation: Add __update_spec_ctrl() helper Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

1 month, 2 weeks

1
1
0 0

Linux 5.15.179

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.179 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/dev-tools/kfence.rst | 12 Documentation/devicetree/bindings/connector/usb-connector.yaml | 3 Documentation/devicetree/bindings/display/brcm,bcm2711-hdmi.yaml | 3 Documentation/devicetree/bindings/display/bridge/adi,adv7511.yaml | 5 Documentation/devicetree/bindings/display/bridge/synopsys,dw-hdmi.yaml | 5 Documentation/devicetree/bindings/display/panel/display-timings.yaml | 3 Documentation/devicetree/bindings/display/ste,mcde.yaml | 4 Documentation/devicetree/bindings/input/adc-joystick.yaml | 9 Documentation/devicetree/bindings/leds/cznic,turris-omnia-leds.yaml | 5 Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 32 - Documentation/devicetree/bindings/leds/leds-lp50xx.yaml | 5 Documentation/devicetree/bindings/leds/leds-pwm-multicolor.yaml | 78 +++ Documentation/devicetree/bindings/leds/leds-qcom-lpg.yaml | 175 +++++++ Documentation/devicetree/bindings/mfd/google,cros-ec.yaml | 12 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/mtd/rockchip,nand-controller.yaml | 3 Documentation/devicetree/bindings/net/ti,cpsw-switch.yaml | 3 Documentation/devicetree/bindings/phy/phy-stm32-usbphyc.yaml | 3 Documentation/devicetree/bindings/power/supply/sbs,sbs-manager.yaml | 4 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Documentation/devicetree/bindings/remoteproc/ti,k3-r5f-rproc.yaml | 3 Documentation/devicetree/bindings/soc/ti/ti,pruss.yaml | 15 Documentation/devicetree/bindings/sound/st,stm32-sai.yaml | 3 Documentation/devicetree/bindings/sound/tlv320adcx140.yaml | 13 Documentation/devicetree/bindings/spi/spi-controller.yaml | 69 --- Documentation/devicetree/bindings/spi/spi-peripheral-props.yaml | 87 +++ Documentation/devicetree/bindings/usb/st,stusb160x.yaml | 4 Documentation/kbuild/kconfig.rst | 9 Makefile | 7 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/dra7-l4.dtsi | 2 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm/mach-at91/pm.c | 31 - arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 38 - arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/include/asm/mman.h | 9 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/mips/loongson64/boardinfo.c | 2 arch/mips/math-emu/cp1emu.c | 2 arch/mips/mm/init.c | 2 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/powerpc/platforms/pseries/svm.c | 3 arch/s390/include/asm/futex.h | 2 arch/s390/kernel/smp.c | 2 arch/s390/kernel/traps.c | 6 arch/s390/kvm/vsie.c | 25 - arch/x86/Kconfig | 3 arch/x86/boot/compressed/Makefile | 1 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/cpu/bugs.c | 20 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/cpu/sgx/encl.c | 108 +++- arch/x86/kernel/cpu/sgx/encl.h | 8 arch/x86/kernel/cpu/sgx/ioctl.c | 17 arch/x86/kernel/cpu/sgx/main.c | 31 - arch/x86/kernel/i8253.c | 11 arch/x86/kernel/static_call.c | 1 arch/x86/kvm/hyperv.c | 6 arch/x86/mm/init.c | 23 - arch/x86/mm/tlb.c | 35 + arch/x86/xen/mmu_pv.c | 79 ++- arch/x86/xen/p2m.c | 2 arch/x86/xen/xen-head.S | 5 block/Kconfig | 12 block/bdev.c | 9 block/blk-cgroup.c | 1 block/genhd.c | 28 + block/partitions/efi.c | 2 block/partitions/ldm.h | 2 block/partitions/mac.c | 18 crypto/testmgr.h | 227 +++++++-- drivers/acpi/apei/ghes.c | 10 drivers/acpi/fan.c | 10 drivers/base/arch_numa.c | 2 drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/tpm/eventlog/acpi.c | 16 drivers/char/tpm/eventlog/efi.c | 13 drivers/char/tpm/eventlog/of.c | 3 drivers/char/tpm/tpm-chip.c | 1 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/gcc-mdm9607.c | 2 drivers/clk/qcom/gcc-sm6350.c | 22 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/clocksource/i8253.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 + drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 182 +++---- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/ixp4xx_crypto.c | 3 drivers/crypto/qce/aead.c | 2 drivers/crypto/qce/core.c | 13 drivers/crypto/qce/sha.c | 2 drivers/crypto/qce/skcipher.c | 2 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/efi/sysfb_efi.c | 2 drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-bcm-kona.c | 71 ++- drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-rcar.c | 31 - drivers/gpio/gpio-stmpe.c | 15 drivers/gpio/gpio-xilinx.c | 33 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/drm_dp_cec.c | 14 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_probe_helper.c | 116 +++-- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-core.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-multitouch.c | 7 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hid/wacom_wac.c | 5 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 +- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/i2c/i2c-core-acpi.c | 22 drivers/idle/intel_idle.c | 4 drivers/iio/light/as73211.c | 24 - drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 6 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/devx.c | 1 drivers/infiniband/hw/mlx5/mr.c | 16 drivers/infiniband/hw/mlx5/odp.c | 61 +- drivers/infiniband/hw/mlx5/qp.c | 4 drivers/leds/leds-lp8860.c | 2 drivers/leds/leds-netxbig.c | 1 drivers/md/Kconfig | 4 drivers/md/dm-crypt.c | 27 - drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ccs/ccs-data.c | 14 drivers/media/i2c/imx412.c | 42 - drivers/media/i2c/ov5640.c | 1 drivers/media/i2c/ov9282.c | 2 drivers/media/platform/exynos4-is/mipi-csis.c | 10 drivers/media/platform/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/marvell-ccic/mcam-core.c | 7 drivers/media/platform/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_ctrl.c | 139 +++++- drivers/media/usb/uvc/uvc_driver.c | 105 ++-- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/usb/uvc/uvc_v4l2.c | 4 drivers/media/usb/uvc/uvcvideo.h | 20 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/memory/jedec_ddr.h | 47 ++ drivers/memory/jedec_ddr_data.c | 41 + drivers/memory/of_memory.c | 87 +++ drivers/memory/of_memory.h | 9 drivers/memory/tegra/Kconfig | 1 drivers/memory/tegra/tegra20-emc.c | 203 ++++++++ drivers/mfd/lpc_ich.c | 3 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-msm.c | 53 ++ drivers/mtd/hyperbus/hbmc-am654.c | 29 - drivers/mtd/hyperbus/hyperbus-core.c | 8 drivers/mtd/hyperbus/rpc-if.c | 5 drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/nand/raw/cadence-nand-controller.c | 44 + drivers/net/caif/caif_virtio.c | 2 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/broadcom/tg3.c | 58 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++---- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/enetc/enetc.c | 69 ++- drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 - drivers/net/ethernet/mellanox/mlx5/core/mr.c | 1 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/loopback.c | 14 drivers/net/netdevsim/ipsec.c | 12 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/ppp/ppp_generic.c | 28 - drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/gl620a.c | 4 drivers/net/usb/rtl8150.c | 22 drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 42 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 67 -- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++ drivers/nvme/host/core.c | 16 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/pci.c | 4 drivers/nvme/target/tcp.c | 15 drivers/nvmem/core.c | 2 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/base.c | 8 drivers/of/of_reserved_mem.c | 3 drivers/parport/parport_pc.c | 5 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pci/endpoint/pci-epf-core.c | 1 drivers/pci/quirks.c | 1 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/power/supply/da9150-fg.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 ++--- drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_clock.c | 8 drivers/ptp/ptp_ocp.c | 2 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/regulator/of_regulator.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/s390/char/sclp_early.c | 2 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 - drivers/scsi/scsi_lib.c | 60 +- drivers/scsi/storvsc_drv.c | 1 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/slimbus/messaging.c | 5 drivers/soc/mediatek/mtk-devapc.c | 36 - drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-mxs.c | 3 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/tee/optee/supp.c | 35 - drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/sh-sci.c | 25 + drivers/tty/serial/xilinx_uartps.c | 10 drivers/usb/atm/cxacru.c | 13 drivers/usb/chipidea/ci_hdrc_imx.c | 38 - drivers/usb/class/cdc-acm.c | 28 - drivers/usb/core/hub.c | 49 ++ drivers/usb/core/quirks.c | 10 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/core.c | 115 +++-- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 47 +- drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/f_midi.c | 10 drivers/usb/gadget/function/f_tcm.c | 66 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 18 drivers/usb/host/xhci-ring.c | 12 drivers/usb/host/xhci.c | 23 - drivers/usb/host/xhci.h | 11 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/vdpa/mlx5/core/resources.c | 1 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/virt/acrn/hsm.c | 6 fs/afs/cell.c | 1 fs/afs/dir.c | 7 fs/afs/internal.h | 23 - fs/afs/server.c | 1 fs/afs/server_list.c | 114 ++++ fs/afs/vl_alias.c | 2 fs/afs/volume.c | 40 - fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/binfmt_flat.c | 2 fs/btrfs/file.c | 6 fs/btrfs/inode.c | 4 fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/cifs/smb2ops.c | 4 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/f2fs/dir.c | 53 +- fs/f2fs/f2fs.h | 6 fs/f2fs/file.c | 13 fs/f2fs/inline.c | 5 fs/file_table.c | 47 +- fs/inode.c | 39 + fs/ksmbd/transport_ipc.c | 9 fs/nfs/flexfilelayout/flexfilelayout.c | 27 - fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 8 fs/nilfs2/dir.c | 24 - fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/nilfs2/page.c | 55 +- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 - fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/overlayfs/copy_up.c | 44 + fs/overlayfs/dir.c | 100 ++-- fs/overlayfs/inode.c | 17 fs/overlayfs/namei.c | 6 fs/overlayfs/overlayfs.h | 92 ++-- fs/overlayfs/readdir.c | 32 - fs/overlayfs/super.c | 40 - fs/overlayfs/util.c | 18 fs/proc/proc_sysctl.c | 3 fs/pstore/blk.c | 4 fs/select.c | 4 fs/squashfs/inode.c | 5 fs/ubifs/debug.c | 22 fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_qm_bhv.c | 41 + fs/xfs/xfs_super.c | 11 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_probe_helper.h | 1 include/linux/cgroup-defs.h | 6 include/linux/efi.h | 1 include/linux/fs.h | 6 include/linux/i8253.h | 1 include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/memblock.h | 12 include/linux/mlx5/driver.h | 2 include/linux/mtd/hyperbus.h | 4 include/linux/netdevice.h | 8 include/linux/pci_ids.h | 4 include/linux/pps_kernel.h | 3 include/linux/sched.h | 4 include/linux/sched/sysctl.h | 14 include/linux/sched/task.h | 1 include/linux/sysctl.h | 6 include/linux/usb/hcd.h | 5 include/linux/usb/tcpm.h | 3 include/net/dst.h | 9 include/net/flow_dissector.h | 16 include/net/flow_offload.h | 6 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/net/netns/ipv4.h | 3 include/net/route.h | 9 include/trace/events/oom.h | 36 + include/uapi/linux/input-event-codes.h | 1 include/uapi/linux/seg6_iptunnel.h | 2 kernel/acct.c | 134 +++-- kernel/bpf/syscall.c | 18 kernel/cgroup/cgroup.c | 20 kernel/debug/kdb/kdb_io.c | 2 kernel/dma/swiotlb.c | 2 kernel/events/core.c | 17 kernel/hung_task.c | 81 +++ kernel/irq/internals.h | 9 kernel/padata.c | 45 + kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 10 kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/fair.c | 23 - kernel/sched/stats.h | 22 kernel/sysctl.c | 146 ------ kernel/time/clocksource.c | 11 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 27 - lib/Kconfig.debug | 8 lib/Kconfig.kfence | 12 lib/cpumask.c | 2 mm/kfence/core.c | 51 ++ mm/memcontrol.c | 7 mm/memory.c | 6 mm/oom_kill.c | 14 mm/page_alloc.c | 1 mm/percpu.c | 8 mm/sparse.c | 2 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 123 +++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/bluetooth/l2cap_core.c | 9 net/bluetooth/l2cap_sock.c | 7 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/dev.c | 37 + net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/flow_offload.c | 7 net/core/neighbour.c | 11 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 5 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/arp.c | 6 net/ipv4/devinet.c | 3 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 102 +++- net/ipv4/tcp_cubic.c | 8 net/ipv4/tcp_minisocks.c | 10 net/ipv4/tcp_offload.c | 11 net/ipv4/udp.c | 4 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/ipv6/mcast.c | 14 net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 62 +- net/ipv6/seg6_iptunnel.c | 227 ++++++++- net/ipv6/udp.c | 4 net/llc/llc_s_ac.c | 49 +- net/mptcp/options.c | 13 net/mptcp/pm_netlink.c | 6 net/mptcp/protocol.c | 1 net/mptcp/protocol.h | 30 - net/ncsi/internal.h | 2 net/ncsi/ncsi-cmd.c | 3 net/ncsi/ncsi-manage.c | 38 + net/ncsi/ncsi-pkt.h | 10 net/ncsi/ncsi-rsp.c | 58 +- net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_flow_offload.c | 16 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 40 + net/rose/rose_timer.c | 15 net/sched/cls_flower.c | 8 net/sched/sch_api.c | 4 net/sched/sch_cake.c | 140 +++--- net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 - net/smc/smc_rx.h | 8 net/sunrpc/cache.c | 10 net/tipc/crypto.c | 4 net/vmw_vsock/af_vsock.c | 82 ++- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 samples/landlock/sandboxer.c | 7 scripts/Makefile.extrawarn | 5 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 scripts/kconfig/conf.c | 6 scripts/kconfig/confdata.c | 102 ++-- scripts/kconfig/lkc_proto.h | 2 scripts/kconfig/symbol.c | 10 security/landlock/fs.c | 86 +-- security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_realtek.c | 78 +++ sound/soc/codecs/es8328.c | 15 sound/soc/intel/boards/bytcr_rt5640.c | 17 sound/soc/sh/rz-ssi.c | 5 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/midi.c | 2 sound/usb/quirks.c | 3 sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/bootconfig/main.c | 4 tools/lib/bpf/linker.c | 22 tools/perf/bench/epoll-wait.c | 7 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/bpf-event.c | 10 tools/perf/util/env.c | 13 tools/perf/util/env.h | 4 tools/perf/util/header.c | 8 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/pmtu.sh | 229 +++++++++- tools/testing/selftests/net/rtnetlink.sh | 4 tools/testing/selftests/net/udpgso.c | 26 + 607 files changed, 6983 insertions(+), 3348 deletions(-) Aharon Landau (1): RDMA/mlx5: Remove iova from struct mlx5_core_mkey Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Stein (1): usb: chipidea: ci_hdrc_imx: use dev_err_probe() Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alexander Usyskin (1): mei: me: add panther lake P DID Amir Goldstein (1): ovl: use wrappers to all vfs_*xattr() calls Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andrea Mayer (2): seg6: add support for SRv6 H.Encaps.Red behavior seg6: add support for SRv6 H.L2Encaps.Red behavior Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Andy Strohman (1): batman-adv: fix panic during interface removal AngeloGioacchino Del Regno (2): soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (2): net: avoid race between device unregistration and ethnl ops net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): efi: Avoid cold plugged memory for placing the kernel vmlinux.lds: Ensure that const vars with relocations are mapped R/O Armin Wolf (1): platform/x86: acer-wmi: Ignore AC events Arnaldo Carvalho de Melo (1): perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Arnd Bergmann (2): media: cxd2841er: fix 64-bit division on gcc-9 sunrpc: suppress warnings for unused procfs functions Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bartosz Golaszewski (3): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path gpio: xilinx: remove excess kernel doc Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Bjorn Andersson (1): dt-bindings: leds: Add Qualcomm Light Pulse Generator binding Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Caleb Sander Mateos (1): nvme/ioctl: add missing space in err message Calvin Owens (1): pps: Fix a use-after-free Carlos Galo (1): mm: update mark_victim tracepoints fields Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chao Yu (1): f2fs: fix to wait dio completion Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (4): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (7): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings arm64: dts: mediatek: mt8183: Disable DSI display output by default Chenghai Huang (1): crypto: hisilicon/sec2 - optimize the error return process Chengming Zhou (1): sched/psi: Use task->psi_flags to clear in CPU migration Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Brauner (3): acct: perform last write from workqueue acct: block access to kernel internal filesystems ovl: pass ofs to creation operations Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Christoph Hellwig (2): block: deprecate autoloading based on dev_t scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command() Christophe Leroy (3): select: Fix unbalanced user_access_end() powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (6): ASoC: renesas: rz-ssi: Use only the proper amount of dividers serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Colin Ian King (1): afs: remove variable nr_servers Cong Wang (3): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Cosmin Tanislav (1): media: mc: fix endpoint iteration Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (7): rdma/cxgb4: Prevent potential integer overflow on 32bit tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() media: imx-jpeg: Fix potential error pointer dereference in detach_pm() ksmbd: fix integer overflows on 32 bit systems ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Darrick J. Wong (2): xfs: report realtime block quota limits on realtime directories xfs: don't over-report free space or inodes in statvfs Dave Stevenson (1): media: i2c: ov9282: Correct the exposure offset David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (5): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call afs: Make it possible to find the volumes that are using a server afs: Fix the server_list to unuse a displaced server rather than putting it David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (4): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: cfg80211: adjust allocation of colocated AP data wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (6): arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Osipenko (3): memory: Add LPDDR2-info helpers memory: tegra20-emc: Support matching timings by LPDDR2 configuration memory: tegra20-emc: Correct memory device mask Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Eddie James (1): tpm: Use managed allocation for bios event log Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Ekansh Gupta (1): misc: fastrpc: Fix registered buffer page address Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Biggers (1): crypto: qce - fix priority to be less than ARMv8 CE Eric Dumazet (20): ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() net: add dev_net_rcu() helper ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: add RCU protection to mld_newpack() llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Eugen Hristev (1): pstore/blk: trivial typo fixes Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabien Parent (1): arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (3): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection usb: typec: ucsi: increase timeout for PPM reset operations Filipe Manana (3): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: fix hole expansion when writing at an offset beyond EOF btrfs: avoid monopolizing a core when activating a swap file Florian Westphal (1): netfilter: nft_flow_offload: update tcp state flags under lock Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Geert Uytterhoeven (1): dt-bindings: leds: class-multicolor: Fix path to color definitions Georg Gottleuber (2): nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 5.15.179 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guillaume Nault (1): selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (2): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao Zhang (1): mm/page_alloc: fix uninitialized variable Hao-ran Zheng (1): btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Haoxiang Li (5): drm/komeda: Add check for komeda_get_layer_fourcc_list() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Hardik Gajjar (1): usb: xhci: Add timeout argument in address_device USB HCD callback Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. He Lugang (1): HID: multitouch: Add support for lenovo Y9000P Touchpad He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/traps: Fix test_monitor_call() inline assembly Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Howard Chu (1): perf trace: Fix runtime error of index out of bounds Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Ignat Korchagin (2): crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - some more fixes to RSA test vectors Ilan Peer (1): wifi: cfg80211: Handle specific BSSID in 6GHz scanning Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Koschel (1): rtlwifi: replace usage of found with dedicated list iterator variable Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (2): net: netdevsim: try to close UDP port harness races net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Sakkinen (2): tpm: Change to kvalloc() in eventlog/acpi.c x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: as73211: fix channel handling in only-color triggered buffer Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (4): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (2): Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (10): ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Ogness (1): kdb: Do not assume write() callback available John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (3): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (7): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kai Ye (2): crypto: hisilicon/sec - add some comments for soft fallback crypto: hisilicon/sec - delete redundant blank lines Kailang Yang (2): ALSA: hda/realtek: Fixup ALC225 depop procedure ALSA: hda/realtek: update ALC222 depop optimize Kan Liang (1): perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Keisuke Nishimura (1): nvme: Add error check for xa_store in nvme_get_effects_log Kexy Biscuit (1): MIPS: Loongson64: remove ROM Size unit in boardinfo King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Koichiro Den (2): Revert "btrfs: avoid monopolizing a core when activating a swap file" gpio: aggregator: protect driver attr handlers against module unload Konrad Dybcio (2): arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (6): dt-bindings: leds: class-multicolor: reference class directly in multi-led node arm64: dts: qcom: sm8350: Fix MPSS memory length soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path soc: mediatek: mtk-devapc: Fix leaking IO map on error paths soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Lei He (2): crypto: testmgr - fix wrong key length for pkcs1pad crypto: testmgr - Fix wrong test case of RSA Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lijo Lazar (1): drm/amd/pm: Mark MM activity as unsupported Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Luca Weiss (3): media: i2c: imx412: Add missing newline to prints clk: qcom: gcc-sm6350: Add missing parent_map for two clocks nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Luis Chamberlain (3): sysctl: share unsigned long const values fs: move inode sysctls to its own file fs: move fs stat sysctls to file_table.c Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Maarten Lankhorst (1): drm/modeset: Handle tiled displays in pan_display_atomic. Maciej S. Szmigiero (1): net: wwan: iosm: Fix hibernation by re-binding the driver around it Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Glubokiy (1): net: extract port range fields from fl_flow_key Maksym Planeta (1): Grab mm lock before grabbing pt lock Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Elver (2): kfence: allow use of a deferrable timer kfence: skip __GFP_THISNODE allocations on NUMA systems Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Marek Vasut (2): clk: imx8mp: Fix clkout1/2 support USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Masahiro Yamada (7): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: require a space after '#' for valid input kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() kconfig: deduplicate code in conf_read_simple() kconfig: fix memory leak in sym_warn_unmet_dep() Mateusz Jończyk (1): mips/math-emu: fix emulation of the prefx instruction Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maxime Ripard (1): drm/probe-helper: Create a HPD IRQ event helper for a single connector Mehdi Djait (1): media: ccs: Fix cleanup order in ccs_probe() Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michael Guralnik (2): RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults RDMA/mlx5: Fix indirect mkey ODP page count Michal Luczaj (4): vsock: Allow retrying on connect() failure bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (2): usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mickaël Salaün (3): landlock: Move filesystem helpers and add a new one landlock: Handle weird files selftests/landlock: Fix error message Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mike Rapoport (2): xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer memblock: drop memblock_free_early_nid() and memblock_free_early() Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Milos Reljin (1): net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Mingwei Zheng (1): spi: zynq-qspi: Add check for clk_enable() Miri Korenblit (1): wifi: iwlwifi: avoid memory leak Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (1): exfat: fix soft lockup in exfat_clear_bitmap Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 arm64: Handle .ARM.attributes section in linker scripts Neil Armstrong (2): dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties NeilBrown (1): md: select BLOCK_LEGACY_AUTOLOAD Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (6): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() usbnet: gl620a: fix endpoint checking in genelink_bind() wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Niravkumar L Rabara (4): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single mtd: rawnand: cadence: fix unchecked dereference Octavian Purdila (1): team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pablo Neira Ayuso (1): netfilter: nf_tables: reject mismatching sum of field_len with set key length Paolo Abeni (3): mptcp: consolidate suboption status mptcp: prevent excessive coalescing on receive mptcp: always handle address removal under msk socket lock Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Patrisious Haddad (1): RDMA/mlx5: Fix bind QP error cleanup flow Paul Fertser (3): net/ncsi: fix locking in Get MAC Address handling net/ncsi: wait for the last response to Deselect Package before configuring channel net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Delevoryas (1): net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Peter Zijlstra (1): sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Philipp Stanner (1): drm/sched: Fix preprocessor guard Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Pratyush Yadav (1): spi: dt-bindings: add schema listing peripheral-specific properties Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Reinette Chatre (4): x86/sgx: Support loading enclave page without VMA permissions check x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() x86/sgx: Export sgx_encl_{grow,shrink}() x86/sgx: Support VA page allocation without reclaiming Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (10): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Set error_idx during ctrl_commit errors media: uvcvideo: Refactor iterators media: uvcvideo: Only save async fh if success media: uvcvideo: Avoid invalid memory access media: uvcvideo: Avoid returning invalid controls media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Remove dangling pointers Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Rob Herring (1): dt-bindings: Another pass removing cases of 'allOf' containing a '$ref' Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Romain Naour (1): ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryan Roberts (1): mm: don't skip arch_sync_kernel_mappings() in error paths Ryusuke Konishi (6): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Sakari Ailus (2): media: ccs: Clean up parsed CCS static data on parse failure media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Satya Priya Kakitapalli (1): clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Sean Anderson (3): gpio: xilinx: Convert gpio_lock to raw spinlock tty: xilinx_uartps: split sysrq handling net: cadence: macb: Synchronize stats calculations Sean Christopherson (3): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Sergey Senozhatsky (2): kconfig: add warn-unknown-symbols sanity check kconfig: WERROR unmet symbol dependency Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Stas Sergeev (1): tun: fix group permission check Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Sumit Garg (1): tee: optee: Fix supplicant wait loop Sven Eckelmann (3): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop initialization of flexible ethtool_link_ksettings batman-adv: Drop unmanaged ELP metric worker Sven Schwermer (2): dt-bindings: leds: Optional multi-led unit address dt-bindings: leds: Add multicolor PWM LED bindings Takashi Iwai (2): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (10): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (7): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Gleixner (3): genirq: Make handle_enforce_irqctx() unconditionally available sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Thomas Weißschuh (4): padata: fix sysfs store callback check ptp: Properly handle compat ioctls ptp: Ensure info->enable callback is always set kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Toke Høiland-Jørgensen (1): sched: sch_cake: add bounds checks to host bulk flow fairness counts Tomi Valkeinen (1): drm/tidss: Fix issue in irq handling causing irq-flood issue Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Uwe Kleine-König (4): mtd: hyperbus: Make hyperbus_unregister_device() return void mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Val Packett (4): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Ville Syrjälä (1): drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Vladimir Vdovin (1): net: ipv4: Cache pmtu for all packet paths if multipath enabled Vladimir Zapolskiy (1): arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wang Hai (1): tcp: Defer ts_recent changes until req is owned WangYuli (2): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wei Fang (3): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (4): PM: hibernate: Add error handling for syscore_suspend() xfs: Add error handling for xfs_reflink_cancel_cow_range gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Wesley Cheng (1): usb: dwc3: Increase DWC3 controller halt timeout Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoming Ni (2): hung_task: move hung_task sysctl interface to hung_task.c sysctl: use const for typically used max/min proc sysctls Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yan Zhai (2): udp: gso: do not drop small packets when PMTU reduces bpf: skip non exist keys in generic_map_lookup_batch Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Ye Bin (1): scsi: core: Clear driver private data when retrying request Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Yury Norov (1): clocksource: Replace cpumask_weight() with cpumask_empty() Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zichen Xie (1): samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (7): of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() huangshaobo (1): kfence: enable check kfence canary on panic via boot param lei he (1): crypto: testmgr - fix version number of RSA tests pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null xu xin (2): Namespaceify min_pmtu sysctl Namespaceify mtu_expires sysctl

1 month, 2 weeks

1
1
0 0

Linux 5.10.235

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.235 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Makefile | 7 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8516.dtsi | 38 - arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 2 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/include/asm/mman.h | 9 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/include/asm/futex.h | 2 arch/s390/kernel/traps.c | 6 arch/s390/kvm/vsie.c | 25 - arch/x86/Kconfig | 3 arch/x86/boot/compressed/Makefile | 1 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/msr-index.h | 3 arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/cpu/bugs.c | 20 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/i8253.c | 11 arch/x86/kernel/static_call.c | 1 arch/x86/mm/init.c | 23 - arch/x86/xen/mmu_pv.c | 79 ++- arch/x86/xen/xen-head.S | 5 block/blk-cgroup.c | 1 block/partitions/efi.c | 2 block/partitions/ldm.h | 2 block/partitions/mac.c | 18 crypto/testmgr.h | 227 +++++++--- drivers/acpi/apei/ghes.c | 10 drivers/acpi/fan.c | 10 drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/tpm/eventlog/acpi.c | 16 drivers/char/tpm/eventlog/efi.c | 13 drivers/char/tpm/eventlog/of.c | 3 drivers/char/tpm/tpm-chip.c | 1 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/clocksource/i8253.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 + drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/hisilicon/qm.c | 46 +- drivers/crypto/qce/core.c | 13 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/efi/mokvar-table.c | 41 - drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-bcm-kona.c | 71 ++- drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-rcar.c | 7 drivers/gpio/gpio-stmpe.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/drm_dp_cec.c | 14 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_probe_helper.c | 116 +++-- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-core.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hid/wacom_wac.c | 5 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 +- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/i2c/i2c-core-acpi.c | 22 drivers/idle/intel_idle.c | 4 drivers/iio/light/as73211.c | 24 - drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 6 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/leds/leds-lp8860.c | 2 drivers/leds/leds-netxbig.c | 1 drivers/md/dm-crypt.c | 27 - drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ov5640.c | 1 drivers/media/platform/exynos4-is/mipi-csis.c | 10 drivers/media/platform/marvell-ccic/mcam-core.c | 7 drivers/media/platform/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/dvb-usb-v2/lmedm04.c | 14 drivers/media/usb/uvc/uvc_ctrl.c | 85 +++ drivers/media/usb/uvc/uvc_driver.c | 63 +- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvcvideo.h | 9 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/mfd/lpc_ich.c | 3 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-msm.c | 53 ++ drivers/mtd/hyperbus/hbmc-am654.c | 19 drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/nand/raw/cadence-nand-controller.c | 44 + drivers/net/caif/caif_virtio.c | 2 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/broadcom/tg3.c | 58 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++---- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 - drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/loopback.c | 14 drivers/net/netdevsim/ipsec.c | 12 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/ppp/ppp_generic.c | 28 - drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/gl620a.c | 4 drivers/net/usb/rtl8150.c | 28 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 42 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 67 -- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 13 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 16 drivers/nvme/host/pci.c | 66 ++ drivers/nvme/target/tcp.c | 15 drivers/nvmem/core.c | 2 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/base.c | 8 drivers/parport/parport_pc.c | 5 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pci/quirks.c | 1 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/power/supply/da9150-fg.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 ++--- drivers/ptp/ptp_clock.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/regulator/of_regulator.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 - drivers/scsi/storvsc_drv.c | 1 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/slimbus/messaging.c | 5 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-mxs.c | 3 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/tee/optee/supp.c | 35 - drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/sh-sci.c | 25 + drivers/usb/atm/cxacru.c | 13 drivers/usb/class/cdc-acm.c | 28 - drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 10 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 37 + drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/f_midi.c | 22 drivers/usb/gadget/function/f_tcm.c | 66 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 17 drivers/usb/host/xhci-ring.c | 12 drivers/usb/host/xhci.c | 23 - drivers/usb/host/xhci.h | 11 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 fs/afs/dir.c | 7 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/binfmt_flat.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/locking.c | 68 ++ fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/cifs/smb2ops.c | 4 fs/f2fs/file.c | 13 fs/nfs/flexfilelayout/flexfilelayout.c | 27 - fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 8 fs/nilfs2/dir.c | 24 - fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/nilfs2/page.c | 55 +- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 - fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/select.c | 4 fs/squashfs/inode.c | 5 fs/ubifs/debug.c | 22 fs/udf/super.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_probe_helper.h | 1 include/linux/efi.h | 1 include/linux/i8253.h | 1 include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/mlx5/driver.h | 1 include/linux/netdevice.h | 6 include/linux/pci_ids.h | 4 include/linux/pps_kernel.h | 3 include/linux/usb/hcd.h | 5 include/net/dst.h | 23 - include/net/flow_dissector.h | 16 include/net/flow_offload.h | 6 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/trace/events/oom.h | 36 + include/uapi/linux/input-event-codes.h | 1 kernel/acct.c | 141 +++--- kernel/bpf/syscall.c | 18 kernel/debug/kdb/kdb_io.c | 2 kernel/events/core.c | 17 kernel/irq/internals.h | 9 kernel/padata.c | 45 + kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 8 kernel/sched/cpufreq_schedutil.c | 12 kernel/time/clocksource.c | 79 +++ kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 27 - lib/Kconfig.debug | 8 mm/memcontrol.c | 7 mm/oom_kill.c | 14 mm/page_alloc.c | 1 net/8021q/vlan.c | 3 net/8021q/vlan.h | 2 net/8021q/vlan_dev.c | 15 net/8021q/vlan_netlink.c | 7 net/batman-adv/bat_v.c | 3 net/batman-adv/bat_v_elp.c | 124 +++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/bat_v_ogm.c | 1 net/batman-adv/fragmentation.c | 2 net/batman-adv/hard-interface.c | 1 net/batman-adv/icmp_socket.c | 1 net/batman-adv/main.c | 1 net/batman-adv/netlink.c | 1 net/batman-adv/tp_meter.c | 1 net/batman-adv/types.h | 3 net/bluetooth/l2cap_core.c | 9 net/bluetooth/l2cap_sock.c | 7 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/flow_offload.c | 7 net/core/neighbour.c | 11 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 5 net/hsr/hsr_forward.c | 7 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/ip_input.c | 1 net/ipv4/ip_output.c | 1 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 8 net/ipv4/tcp_minisocks.c | 10 net/ipv4/tcp_offload.c | 11 net/ipv4/udp.c | 4 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/ipv6/ip6_output.c | 1 net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 67 +- net/ipv6/seg6_iptunnel.c | 2 net/ipv6/udp.c | 4 net/llc/llc_s_ac.c | 49 +- net/mptcp/pm_netlink.c | 6 net/mptcp/protocol.c | 1 net/ncsi/ncsi-manage.c | 13 net/netfilter/nf_tables_api.c | 8 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 40 + net/rose/rose_timer.c | 15 net/sched/cls_flower.c | 8 net/sched/sch_api.c | 4 net/sched/sch_cake.c | 140 +++--- net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 - net/smc/smc_rx.h | 8 net/sunrpc/cache.c | 10 net/tipc/crypto.c | 4 net/vmw_vsock/af_vsock.c | 82 ++- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 scripts/Makefile.extrawarn | 5 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 security/integrity/ima/ima_api.c | 16 security/integrity/ima/ima_template_lib.c | 17 security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_realtek.c | 78 +++ sound/soc/codecs/es8328.c | 15 sound/soc/intel/boards/bytcr_rt5640.c | 17 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/midi.c | 2 sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/bootconfig/main.c | 4 tools/perf/bench/epoll-wait.c | 7 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/bpf-event.c | 10 tools/perf/util/cs-etm.c | 2 tools/perf/util/dso.c | 14 tools/perf/util/env.c | 28 - tools/perf/util/env.h | 8 tools/perf/util/header.c | 29 - tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/rtnetlink.sh | 4 tools/testing/selftests/net/udpgso.c | 26 + 434 files changed, 4053 insertions(+), 2023 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alexander Usyskin (1): mei: me: add panther lake P DID Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Andy Strohman (1): batman-adv: fix panic during interface removal AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): efi: Avoid cold plugged memory for placing the kernel vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnaldo Carvalho de Melo (2): perf env: Conditionally compile BPF support code on having HAVE_LIBBPF_SUPPORT perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Arnd Bergmann (2): media: cxd2841er: fix 64-bit division on gcc-9 sunrpc: suppress warnings for unused procfs functions Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Bartosz Golaszewski (2): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path Ben Hutchings (2): perf cs-etm: Add missing variable in cs_etm__process_queues() udf: Fix use of check_add_overflow() with mixed type arguments Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Brian Vazquez (2): net: use indirect call helpers for dst_input net: use indirect call helpers for dst_output Calvin Owens (1): pps: Fix a use-after-free Carlos Galo (1): mm: update mark_victim tracepoints fields Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Casey Chen (1): nvme-pci: fix multiple races in nvme_setup_io_queues Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chao Yu (1): f2fs: fix to wait dio completion Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (4): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (4): arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Brauner (2): acct: block access to kernel internal filesystems acct: perform last write from workqueue Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Christophe Leroy (3): select: Fix unbalanced user_access_end() powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (5): serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Colin Ian King (1): rtlwifi: remove redundant assignment to variable err Cong Wang (3): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Cosmin Tanislav (1): media: mc: fix endpoint iteration Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (4): rdma/cxgb4: Prevent potential integer overflow on 32bit tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (3): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Davidlohr Bueso (1): usb/gadget: f_midi: Replace tasklet with work Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (4): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: cfg80211: adjust allocation of colocated AP data wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (3): arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Eddie James (1): tpm: Use managed allocation for bios event log Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Ekansh Gupta (1): misc: fastrpc: Fix registered buffer page address Elson Roy Serrao (1): usb: roles: set switch registered flag early on Emil Renner Berthing (1): net: usb: rtl8150: use new tasklet API Eric Dumazet (17): ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() team: better TEAM_OPTION_TYPE_STRING validation net: add dev_net_rcu() helper ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabien Parent (1): arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (3): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection usb: typec: ucsi: increase timeout for PPM reset operations Filipe Manana (3): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: avoid monopolizing a core when activating a swap file btrfs: bring back the incorrectly removed extent buffer lock recursion support Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 5.10.235 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (2): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): drm/komeda: Add check for komeda_get_layer_fourcc_list() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Hardik Gajjar (1): usb: xhci: Add timeout argument in address_device USB HCD callback Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/traps: Fix test_monitor_call() inline assembly Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Howard Chu (1): perf trace: Fix runtime error of index out of bounds Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Hui Su (1): kernel/acct.c: use #elif instead of #end and #elif Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Ignat Korchagin (2): crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - some more fixes to RSA test vectors Ilan Peer (1): wifi: cfg80211: Handle specific BSSID in 6GHz scanning Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Koschel (1): rtlwifi: replace usage of found with dedicated list iterator variable Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (2): net: netdevsim: try to close UDP port harness races net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Sakkinen (1): tpm: Change to kvalloc() in eventlog/acpi.c Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: as73211: fix channel handling in only-color triggered buffer Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (4): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (7): ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Ogness (1): kdb: Do not assume write() callback available John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (3): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (5): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek: Fixup ALC225 depop procedure ALSA: hda/realtek: update ALC222 depop optimize Kan Liang (1): perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Keisuke Nishimura (1): nvme: Add error check for xa_store in nvme_get_effects_log King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Koichiro Den (2): Revert "btrfs: avoid monopolizing a core when activating a swap file" gpio: aggregator: protect driver attr handlers against module unload Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Kozlowski (2): soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Lei He (2): crypto: testmgr - fix wrong key length for pkcs1pad crypto: testmgr - Fix wrong test case of RSA Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Luca Weiss (1): nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Maarten Lankhorst (1): drm/modeset: Handle tiled displays in pan_display_atomic. Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Glubokiy (1): net: extract port range fields from fl_flow_key Maksym Planeta (1): Grab mm lock before grabbing pt lock Malcolm Priestley (1): media: lmedm04: Use GFP_KERNEL for URB allocation/submission. Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Marek Vasut (2): clk: imx8mp: Fix clkout1/2 support USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Masahiro Yamada (2): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maxime Ripard (1): drm/probe-helper: Create a HPD IRQ event helper for a single connector Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michal Luczaj (4): vsock: Allow retrying on connect() failure bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (2): usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Mingwei Zheng (2): spi: zynq-qspi: Add check for clk_enable() pwm: stm32: Add check for clk_enable() Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 arm64: Handle .ARM.attributes section in linker scripts Neil Armstrong (1): dt-bindings: mmc: controller: clarify the address-cells description Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (6): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() usbnet: gl620a: fix endpoint checking in genelink_bind() wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Niravkumar L Rabara (4): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single mtd: rawnand: cadence: fix unchecked dereference Octavian Purdila (1): team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (1): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Oliver Neukum (1): media: rc: iguanair: handle timeouts Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pablo Neira Ayuso (1): netfilter: nf_tables: reject mismatching sum of field_len with set key length Paolo Abeni (2): mptcp: prevent excessive coalescing on receive mptcp: always handle address removal under msk socket lock Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Patrisious Haddad (1): RDMA/mlx5: Fix bind QP error cleanup flow Paul E. McKenney (1): clocksource: Limit number of CPUs checked for clock synchronization Paul Fertser (1): net/ncsi: wait for the last response to Deselect Package before configuring channel Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Philipp Stanner (1): drm/sched: Fix preprocessor guard Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafael J. Wysocki (1): cpufreq: schedutil: Simplify sugov_update_next_freq() Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Randy Dunlap (1): partitions: ldm: remove the initial kernel-doc notation Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (5): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Only save async fh if success media: uvcvideo: Remove dangling pointers Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryusuke Konishi (6): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Sean Christopherson (2): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (2): module: Extend the preempt disabled section in dereference_symbol_descriptor(). clocksource: Replace deprecated CPU-hotplug functions. Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev (1): tun: fix group permission check Stefan Berger (1): ima: Fix use-after-free on a dentry's dname.name Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Sumit Garg (1): tee: optee: Fix supplicant wait loop Sven Eckelmann (4): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Add new include for min/max helpers batman-adv: Drop initialization of flexible ethtool_link_ksettings batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (2): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (10): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (6): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Gleixner (3): genirq: Make handle_enforce_irqctx() unconditionally available sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Thomas Weißschuh (3): padata: fix sysfs store callback check ptp: Ensure info->enable callback is always set kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Toke Høiland-Jørgensen (1): sched: sch_cake: add bounds checks to host bulk flow fairness counts Tomi Valkeinen (1): drm/tidss: Fix issue in irq handling causing irq-flood issue Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Val Packett (4): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wang Hai (1): tcp: Defer ts_recent changes until req is owned WangYuli (2): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Weili Qian (1): crypto: hisilicon/qm - inject error before stopping queue Wentao Liang (3): PM: hibernate: Add error handling for syscore_suspend() gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Wesley Cheng (1): usb: dwc3: Increase DWC3 controller halt timeout Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xin Long (2): vlan: introduce vlan_dev_free_egress_priority vlan: move dev_put into vlan_dev_uninit Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yan Zhai (2): udp: gso: do not drop small packets when PMTU reduces bpf: skip non exist keys in generic_map_lookup_batch Yang Yang (1): kernel/acct.c: use dedicated helper to access rlimit values Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Yury Norov (1): clocksource: Replace cpumask_weight() with cpumask_empty() Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zheng Yongjun (1): net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh() Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zijun Hu (5): PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' lei he (1): crypto: testmgr - fix version number of RSA tests pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null

1 month, 2 weeks

1
1
0 0