- Linux-stable-mirror - lists.linaro.org

[PATCH] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

by Bart Van Assche

The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first. Reported-by: Eric Biggers <ebiggers(a)kernel.org> Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Fixes: b820de741ae4 ("fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index da18dbcfcb22..9cdaa2faa536 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -589,8 +589,8 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) { - struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw); - struct kioctx *ctx = req->ki_ctx; + struct aio_kiocb *req; + struct kioctx *ctx; unsigned long flags; /* @@ -600,9 +600,13 @@ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) if (!(iocb->ki_flags & IOCB_AIO_RW)) return; + req = container_of(iocb, struct aio_kiocb, rw); + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; + ctx = req->ki_ctx; + spin_lock_irqsave(&ctx->ctx_lock, flags); list_add_tail(&req->ki_list, &ctx->active_reqs); req->ki_cancel = cancel;

1 year, 6 months

4
3
0 0

[PATCH] arm64/mm: Add memory barrier for mm_cid

by levi.yun

Currently arm64's switch_mm() doesn't always have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the activly used cid when it fails to observe active task after it sets lazy_put. By adding an smp_mb() in arm64's check_and_switch_context(), Guarantee to observe active task after sched_mm_cid_remote_clear() success to set lazy_put. Signed-off-by: levi.yun <yeoreum.yun(a)arm.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- I'm really sorry if you got this multiple times. I had some problems with the SMTP server... arch/arm64/mm/context.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c index 188197590fc9..7a9e8e6647a0 100644 --- a/arch/arm64/mm/context.c +++ b/arch/arm64/mm/context.c @@ -268,6 +268,11 @@ void check_and_switch_context(struct mm_struct *mm) */ if (!system_uses_ttbr0_pan()) cpu_switch_mm(mm->pgd, mm); + + /* + * See the comments on switch_mm_cid describing user -> user transition. + */ + smp_mb(); } unsigned long arm64_mm_context_get(struct mm_struct *mm) -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 year, 6 months

3
4
0 0

[PATCH v3] acpi: Use access_width over bit_width for system memory accesses

by Jarred White

To align with ACPI 6.3+, since bit_width can be any 8-bit value, we cannot depend on it being always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits we want to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fallback to using the bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> CC: srivatsabhat(a)linux.microsoft.com CC: stable(a)vger.kernel.org #5.15+ --- changelog: v1-->v2: https://lore.kernel.org/linux-acpi/20231216001312.1160-1-jarredwhite@linux.… 1. Fixed coding style errors 2. Backwards compatibility with ioremapping of address still an open question. Suggestions are welcomed. v2-->v3: 1. Created a fallback mechanism to revert to using the bit_width 2. Re-labeled macro to GET_BIT_WIDTH 3. Collapsed the if/else statements in the cpc_read() and cpc_write() routines drivers/acpi/cppc_acpi.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..57de7edda7a5 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using the bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,9 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + /* Check for access_width for the size, otherwise use bit_width */ + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +993,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1005,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1029,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1050,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1087,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break; -- 2.34.1

1 year, 6 months

3
3
0 0

[PATCH] Revert "fs/aio: Make io_cancel() generate completions again"

by Bart Van Assche

Patch "fs/aio: Make io_cancel() generate completions again" is based on the assumption that calling kiocb->ki_cancel() does not complete R/W requests. This is incorrect: the two drivers that call kiocb_set_cancel_fn() callers set a cancellation function that calls usb_ep_dequeue(). According to its documentation, usb_ep_dequeue() calls the completion routine with status -ECONNRESET. Hence this revert. Cc: Benjamin LaHaise <ben(a)communityfibre.ca> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: stable(a)vger.kernel.org Reported-by: syzbot+b91eb2ed18f599dd3c31(a)syzkaller.appspotmail.com Fixes: 54cbc058d86b ("fs/aio: Make io_cancel() generate completions again") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- fs/aio.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 28223f511931..da18dbcfcb22 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -2165,11 +2165,14 @@ COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id, #endif /* sys_io_cancel: - * Attempts to cancel an iocb previously passed to io_submit(). If the - * operation is successfully cancelled 0 is returned. May fail with - * -EFAULT if any of the data structures pointed to are invalid. May - * fail with -EINVAL if aio_context specified by ctx_id is invalid. Will - * fail with -ENOSYS if not implemented. + * Attempts to cancel an iocb previously passed to io_submit. If + * the operation is successfully cancelled, the resulting event is + * copied into the memory pointed to by result without being placed + * into the completion queue and 0 is returned. May fail with + * -EFAULT if any of the data structures pointed to are invalid. + * May fail with -EINVAL if aio_context specified by ctx_id is + * invalid. May fail with -EAGAIN if the iocb specified was not + * cancelled. Will fail with -ENOSYS if not implemented. */ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, struct io_event __user *, result) @@ -2200,12 +2203,14 @@ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, } spin_unlock_irq(&ctx->ctx_lock); - /* - * The result argument is no longer used - the io_event is always - * delivered via the ring buffer. - */ - if (ret == 0 && kiocb->rw.ki_flags & IOCB_AIO_RW) - aio_complete_rw(&kiocb->rw, -EINTR); + if (!ret) { + /* + * The result argument is no longer used - the io_event is + * always delivered via the ring buffer. -EINPROGRESS indicates + * cancellation is progress: + */ + ret = -EINPROGRESS; + } percpu_ref_put(&ctx->users);

1 year, 6 months

3
4
0 0

[PATCH 5.15 00/84] 5.15.151-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.151 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.151-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.151-rc1 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Gal Pressman <gal(a)nvidia.com> Revert "tls: rx: move counting TlsDecryptErrors for sync" Jakub Kicinski <kuba(a)kernel.org> net: tls: fix async vs NIC crypto offload Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel(a)gmail.com> bpf: Add table ID to bpf_fib_lookup BPF helper Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "interconnect: Fix locking for runpm vs reclaim" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Drop oob_skb ref before purging queue in GC. Max Krummenacher <max.krummenacher(a)toradex.com> Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Abeni <pabeni(a)redhat.com> mptcp: push at DSS boundaries Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Jean Sacren <sakiwit(a)gmail.com> mptcp: clean up harmless false expressions Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: rename timer related helper to less confusing names Paolo Abeni <pabeni(a)redhat.com> mptcp: process pending subflow error on close Paolo Abeni <pabeni(a)redhat.com> mptcp: move __mptcp_error_report in protocol.c Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk(a)gigaio.com> dmaengine: ptdma: use consistent DMA masks Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby(a)kernel.org> fbcon: always restore the old font data in fbcon_do_set_font() Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd(a)queasysnail.net> tls: decrement decrypt_pending if no async completion will be called Jakub Kicinski <kuba(a)kernel.org> tls: rx: use async as an in-out argument Jakub Kicinski <kuba(a)kernel.org> tls: rx: assume crypto always calls our callback Jakub Kicinski <kuba(a)kernel.org> tls: rx: move counting TlsDecryptErrors for sync Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't track the async count Jakub Kicinski <kuba(a)kernel.org> tls: rx: factor out writing ContentType to cmsg Jakub Kicinski <kuba(a)kernel.org> tls: rx: wrap decryption arguments in a structure Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't report text length from the bowels of decrypt Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop unnecessary arguments from tls_setup_from_iter() Jakub Kicinski <kuba(a)kernel.org> tls: hw: rx: use return value of tls_device_decrypted() to carry status Jakub Kicinski <kuba(a)kernel.org> tls: rx: refactor decrypt_skb_update() Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't issue wake ups when data is decrypted Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the decryption status in socket context Jakub Kicinski <kuba(a)kernel.org> tls: rx: don't store the record type in socket context Oleksij Rempel <linux(a)rempel-privat.de> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw(a)strlen.de> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw(a)strlen.de> netfilter: let reset rules clean out conntrack entries Florian Westphal <fw(a)strlen.de> netfilter: make function op structures const Florian Westphal <fw(a)strlen.de> netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: silence bogus compiler warning Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Jakub Raczynski <j.raczynski(a)samsung.com> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman(a)uliege.be> uapi: in6: replace temporary label with rfc9486 Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba(a)kernel.org> veth: try harder when allocating queue memory Vasily Averin <vvs(a)openvz.org> net: enable memcg accounting for veth queues Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba(a)kernel.org> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies(a)telus.net> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++++ arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 +- drivers/interconnect/core.c | 18 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +++- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/net/veth.c | 40 +-- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- include/linux/netfilter.h | 14 +- include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_conntrack.h | 8 + include/net/strparser.h | 4 + include/net/tls.h | 11 +- include/uapi/linux/bpf.h | 37 ++- include/uapi/linux/in6.h | 2 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 ++++- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mptcp/diag.c | 3 + net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++-- net/mptcp/subflow.c | 36 --- net/netfilter/core.c | 45 +-- net/netfilter/nf_conntrack_core.c | 21 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_proto_tcp.c | 35 +++ net/netfilter/nf_nat_core.c | 2 +- net/netfilter/nf_tables_api.c | 7 + net/netfilter/nfnetlink_queue.c | 10 +- net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/tls/tls_device.c | 6 +- net/tls/tls_sw.c | 316 ++++++++++------------ net/unix/garbage.c | 22 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- tools/include/uapi/linux/bpf.h | 37 ++- tools/testing/selftests/net/mptcp/config | 2 + 72 files changed, 1046 insertions(+), 529 deletions(-)

1 year, 6 months

7
91
0 0

Re: [PATCH,V2] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU

by Kalle Valo

Larry Finger <Larry.Finger(a)gmail.com> wrote: > From: Nick Morrow <morrownr(a)gmail.com> > > Add VID/PIDs that are known to be missing for this driver. > > Removed /* 8811CU */ and /* 8821CU */ as they are redundant > since the file is specific to those chips. > > Removed /* TOTOLINK A650UA v3 */ as the manufacturer. It has a REALTEK > VID so it may not be specific to this adapter. > > Verified and tested. > > Cc: stable(a)vger.kernel.org > Signed-off-by: Nick Morrow <morrownr(a)gmail.com> > Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > Acked-by: Ping-Ke Shih <pkshih(a)realtek.com> Patch applied to wireless-next.git, thanks. b8a62478f3b1 wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU -- https://patchwork.kernel.org/project/linux-wireless/patch/4ume7mjw63u7.XlMU… https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatc…

1 year, 6 months

1
0
0 0

+ mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() has been added to the -mm mm-unstable branch. Its filename is mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: swap: fix race between free_swap_and_cache() and swapoff() Date: Tue, 5 Mar 2024 15:13:49 +0000 There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities, swap_page_trans_huge_swapped() (called by free_swap_and_cache()) to access the freed memory for swap_map. This is a theoretical problem and I haven't been able to provoke it from a test case. But there has been agreement based on code review that this is possible (see link below). Fix it by using get_swap_device()/put_swap_device(), which will stall swapoff(). There was an extra check in _swap_info_get() to confirm that the swap entry was valid. This wasn't present in get_swap_device() so I've added it. I couldn't find any existing get_swap_device() call sites where this extra check would cause any false alarms. Details of how to provoke one possible issue (thanks to David Hildenbrand for deriving this): --8<----- __swap_entry_free() might be the last user and result in "count == SWAP_HAS_CACHE". swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0. So the question is: could someone reclaim the folio and turn si->inuse_pages==0, before we completed swap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are still references by swap entries. Process 1 still references subpage 0 via swap entry. Process 2 still references subpage 1 via swap entry. Process 1 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted in the hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). -> count == SWAP_HAS_CACHE Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap(). __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()-> put_swap_folio()->free_swap_slot()->swapcache_free_entries()-> swap_entry_free()->swap_range_free()-> ... WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries); What stops swapoff to succeed after process 2 reclaimed the swap cache but before process1 finished its call to swap_page_trans_huge_swapped()? --8<----- Link: https://lkml.kernel.org/r/20240305151349.3781428-1-ryan.roberts@arm.com Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch") Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redha… Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) --- a/mm/swapfile.c~mm-swap-fix-race-between-free_swap_and_cache-and-swapoff +++ a/mm/swapfile.c @@ -1281,7 +1281,9 @@ struct swap_info_struct *get_swap_device smp_rmb(); offset = swp_offset(entry); if (offset >= si->max) - goto put_out; + goto bad_offset; + if (data_race(!si->swap_map[swp_offset(entry)])) + goto bad_free; return si; bad_nofile: @@ -1289,9 +1291,14 @@ bad_nofile: out: return NULL; put_out: - pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); percpu_ref_put(&si->users); return NULL; +bad_offset: + pr_err("%s: %s%08lx\n", __func__, Bad_offset, entry.val); + goto put_out; +bad_free: + pr_err("%s: %s%08lx\n", __func__, Unused_offset, entry.val); + goto put_out; } static unsigned char __swap_entry_free(struct swap_info_struct *p, @@ -1609,13 +1616,14 @@ int free_swap_and_cache(swp_entry_t entr if (non_swap_entry(entry)) return 1; - p = _swap_info_get(entry); + p = get_swap_device(entry); if (p) { count = __swap_entry_free(p, entry); if (count == SWAP_HAS_CACHE && !swap_page_trans_huge_swapped(p, entry)) __try_to_reclaim_swap(p, swp_offset(entry), TTRS_UNMAPPED | TTRS_FULL); + put_swap_device(p); } return p != NULL; } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-swap-fix-race-between-free_swap_and_cache-and-swapoff.patch

1 year, 6 months

1
0
0 0

Re: [PATCH 6.7 000/161] 6.7.9-rc3 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 6 months

1
0
0 0

[PATCH STABLE v5.15.y] mm/migrate: set swap entry values of THP tail pages properly.

by Zi Yan

From: Zi Yan <ziy(a)nvidia.com> The tail pages in a THP can have swap entry information stored in their private field. When migrating to a new page, all tail pages of the new page need to update ->private to avoid future data corruption. Corresponding swapcache entries need to be updated as well. e71769ae5260 ("mm: enable thp migration for shmem thp") fixed it already. Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/migrate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/migrate.c b/mm/migrate.c index c7d5566623ad..c37af50f312d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -424,8 +424,12 @@ int migrate_page_move_mapping(struct address_space *mapping, if (PageSwapBacked(page)) { __SetPageSwapBacked(newpage); if (PageSwapCache(page)) { + int i; + SetPageSwapCache(newpage); - set_page_private(newpage, page_private(page)); + for (i = 0; i < (1 << compound_order(page)); i++) + set_page_private(newpage + i, + page_private(page + i)); } } else { VM_BUG_ON_PAGE(PageSwapCache(page), page); -- 2.43.0

1 year, 6 months

3
2
0 0

[PATCH] LoongArch: Define the __io_aw() hook as mmiowb()

by Huacai Chen

Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of mmiowb()") remove all mmiowb() in drivers, but it says: "NOTE: mmiowb() has only ever guaranteed ordering in conjunction with spin_unlock(). However, pairing each mmiowb() removal in this patch with the corresponding call to spin_unlock() is not at all trivial, so there is a small chance that this change may regress any drivers incorrectly relying on mmiowb() to order MMIO writes between CPUs using lock-free synchronisation." The mmio in radeon_ring_commit() is protected by a mutex rather than a spinlock, but in the mutex fastpath it behaves similar to spinlock. We can add mmiowb() calls in the radeon driver but the maintainer says he doesn't like such a workaround, and radeon is not the only example of mutex protected mmio. So we should extend the mmiowb tracking system from spinlock to mutex, and maybe other locking primitives. This is not easy and error prone, so we solve it in the architectural code, by simply defining the __io_aw() hook as mmiowb(). And we no longer need to override queued_spin_unlock() so use the generic definition. Without this, we get such an error when run 'glxgears' on weak ordering architectures such as LoongArch: radeon 0000:04:00.0: ring 0 stalled for more than 10324msec radeon 0000:04:00.0: ring 3 stalled for more than 10240msec radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3) radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) Link: https://lore.kernel.org/dri-devel/29df7e26-d7a8-4f67-b988-44353c4270ac@amd.… Link: https://lore.kernel.org/linux-arch/20240301130532.3953167-1-chenhuacai@loon… Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 ++ arch/loongarch/include/asm/qspinlock.h | 18 ------------------ 3 files changed, 3 insertions(+), 18 deletions(-) delete mode 100644 arch/loongarch/include/asm/qspinlock.h diff --git a/arch/loongarch/include/asm/Kbuild b/arch/loongarch/include/asm/Kbuild index a97c0edbb866..2dbec7853ae8 100644 --- a/arch/loongarch/include/asm/Kbuild +++ b/arch/loongarch/include/asm/Kbuild @@ -6,6 +6,7 @@ generic-y += mcs_spinlock.h generic-y += parport.h generic-y += early_ioremap.h generic-y += qrwlock.h +generic-y += qspinlock.h generic-y += rwsem.h generic-y += segment.h generic-y += user.h diff --git a/arch/loongarch/include/asm/io.h b/arch/loongarch/include/asm/io.h index c486c2341b66..4a8adcca329b 100644 --- a/arch/loongarch/include/asm/io.h +++ b/arch/loongarch/include/asm/io.h @@ -71,6 +71,8 @@ extern void __memcpy_fromio(void *to, const volatile void __iomem *from, size_t #define memcpy_fromio(a, c, l) __memcpy_fromio((a), (c), (l)) #define memcpy_toio(c, a, l) __memcpy_toio((c), (a), (l)) +#define __io_aw() mmiowb() + #include <asm-generic/io.h> #define ARCH_HAS_VALID_PHYS_ADDR_RANGE diff --git a/arch/loongarch/include/asm/qspinlock.h b/arch/loongarch/include/asm/qspinlock.h deleted file mode 100644 index 34f43f8ad591..000000000000 --- a/arch/loongarch/include/asm/qspinlock.h +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#ifndef _ASM_QSPINLOCK_H -#define _ASM_QSPINLOCK_H - -#include <asm-generic/qspinlock_types.h> - -#define queued_spin_unlock queued_spin_unlock - -static inline void queued_spin_unlock(struct qspinlock *lock) -{ - compiletime_assert_atomic_type(lock->locked); - c_sync(); - WRITE_ONCE(lock->locked, 0); -} - -#include <asm-generic/qspinlock.h> - -#endif /* _ASM_QSPINLOCK_H */ -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reinstate commit 88b065943cb5 ("drm/i915/dsi: Do display on sequence later on icl+"), for the most part. Turns out some machines (eg. Chuwi Minibook X) really do need that updated order. It is also the order the Windows driver uses. However we can't just undo the revert since that would again break Lenovo 82TQ. After staring at the VBT sequences for both machines I've concluded that the Lenovo 82TQ sequences look somewhat broken: - INIT_OTP is not present at all - what should be in INIT_OTP is found in DISPLAY_ON - what should be in DISPLAY_ON is found in BACKLIGHT_ON (along with the actual backlight stuff) The Chuwi Minibook X on the other hand has a full complement of sequences in its VBT. So let's try to deal with the broken sequences in the Lenovo 82TQ VBT by simply swapping the (non-existent) INIT_OTP sequence with the DISPLAY_ON sequence. Thus we execute DISPLAY_ON when intending to execute INIT_OTP, and execute nothing at all when intending to execute DISPLAY_ON. That should be 100% equivalent to the revert, for such broken VBTs. Cc: stable(a)vger.kernel.org Fixes: dc524d05974f ("Revert "drm/i915/dsi: Do display on sequence later on icl+"") References: https://gitlab.freedesktop.org/drm/intel/-/issues/10071 Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10334 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 43 +++++++++++++++++++---- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/display/icl_dsi.c b/drivers/gpu/drm/i915/display/icl_dsi.c index eda4a8b88590..ac456a2275db 100644 --- a/drivers/gpu/drm/i915/display/icl_dsi.c +++ b/drivers/gpu/drm/i915/display/icl_dsi.c @@ -1155,7 +1155,6 @@ static void gen11_dsi_powerup_panel(struct intel_encoder *encoder) } intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_INIT_OTP); - intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON); /* ensure all panel commands dispatched before enabling transcoder */ wait_for_cmds_dispatched_to_panel(encoder); @@ -1256,6 +1255,8 @@ static void gen11_dsi_enable(struct intel_atomic_state *state, /* step6d: enable dsi transcoder */ gen11_dsi_enable_transcoder(encoder); + intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON); + /* step7: enable backlight */ intel_backlight_enable(crtc_state, conn_state); intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_BACKLIGHT_ON); diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index 343726de9aa7..373291d10af9 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1955,16 +1955,12 @@ static int get_init_otp_deassert_fragment_len(struct drm_i915_private *i915, * these devices we split the init OTP sequence into a deassert sequence and * the actual init OTP part. */ -static void fixup_mipi_sequences(struct drm_i915_private *i915, - struct intel_panel *panel) +static void vlv_fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) { u8 *init_otp; int len; - /* Limit this to VLV for now. */ - if (!IS_VALLEYVIEW(i915)) - return; - /* Limit this to v1 vid-mode sequences */ if (panel->vbt.dsi.config->is_cmd_mode || panel->vbt.dsi.seq_version != 1) @@ -2000,6 +1996,41 @@ static void fixup_mipi_sequences(struct drm_i915_private *i915, panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] = init_otp + len - 1; } +/* + * Some machines (eg. Lenovo 82TQ) appear to have broken + * VBT sequences: + * - INIT_OTP is not present at all + * - what should be in INIT_OTP is in DISPLAY_ON + * - what should be in DISPLAY_ON is in BACKLIGHT_ON + * (along with the actual backlight stuff) + * + * To make those work we simply swap DISPLAY_ON and INIT_OTP. + * + * TODO: Do we need to limit this to specific machines, + * or examine the contents of the sequences to + * avoid false positives? + */ +static void icl_fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) +{ + if (!panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] && + panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]) { + drm_dbg_kms(&i915->drm, "Broken VBT: Swapping INIT_OTP and DISPLAY_ON sequences\n"); + + swap(panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP], + panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]); + } +} + +static void fixup_mipi_sequences(struct drm_i915_private *i915, + struct intel_panel *panel) +{ + if (DISPLAY_VER(i915) >= 11) + icl_fixup_mipi_sequences(i915, panel); + else if (IS_VALLEYVIEW(i915)) + vlv_fixup_mipi_sequences(i915, panel); +} + static void parse_mipi_sequence(struct drm_i915_private *i915, struct intel_panel *panel) -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH v2] mmc: tmio: avoid concurrent runs of mmc_request_done()

by Wolfram Sang

With the to-be-fixed commit, the reset_work handler cleared 'host->mrq' outside of the spinlock protected critical section. That leaves a small race window during execution of 'tmio_mmc_reset()' where the done_work handler could grab a pointer to the now invalid 'host->mrq'. Both would use it to call mmc_request_done() causing problems (see link below). However, 'host->mrq' cannot simply be cleared earlier inside the critical section. That would allow new mrqs to come in asynchronously while the actual reset of the controller still needs to be done. So, like 'tmio_mmc_set_ios()', an ERR_PTR is used to prevent new mrqs from coming in but still avoiding concurrency between work handlers. Reported-by: Dirk Behme <dirk.behme(a)de.bosch.com> Closes: https://lore.kernel.org/all/20240220061356.3001761-1-dirk.behme@de.bosch.co… Fixes: df3ef2d3c92c ("mmc: protect the tmio_mmc driver against a theoretical race") Signed-off-by: Wolfram Sang <wsa+renesas(a)sang-engineering.com> Tested-by: Dirk Behme <dirk.behme(a)de.bosch.com> Reviewed-by: Dirk Behme <dirk.behme(a)de.bosch.com> Cc: stable(a)vger.kernel.org # 3.0+ --- Change since v1/RFT: added Dirk's tags and stable tag @Ulf: this is nasty, subtle stuff. Would be awesome to have it in 6.8 already! drivers/mmc/host/tmio_mmc_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mmc/host/tmio_mmc_core.c b/drivers/mmc/host/tmio_mmc_core.c index be7f18fd4836..c253d176db69 100644 --- a/drivers/mmc/host/tmio_mmc_core.c +++ b/drivers/mmc/host/tmio_mmc_core.c @@ -259,6 +259,8 @@ static void tmio_mmc_reset_work(struct work_struct *work) else mrq->cmd->error = -ETIMEDOUT; + /* No new calls yet, but disallow concurrent tmio_mmc_done_work() */ + host->mrq = ERR_PTR(-EBUSY); host->cmd = NULL; host->data = NULL; -- 2.43.0

1 year, 6 months

3
2
0 0

[PATCH v2 1/2] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf

by Karol Herbst

If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call. Fixes: b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") Cc: Danilo Krummrich <dakr(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v6.6+ Signed-off-by: Karol Herbst <kherbst(a)redhat.com> Reviewed-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Danilo Krummrich <dakr(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240304183157.1587152-1-kher… --- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c index 49c2bcbef1299..5a887d67dc0e8 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c @@ -764,7 +764,7 @@ nouveau_gem_ioctl_pushbuf(struct drm_device *dev, void *data, return -ENOMEM; if (unlikely(nouveau_cli_uvmm(cli))) - return -ENOSYS; + return nouveau_abi16_put(abi16, -ENOSYS); list_for_each_entry(temp, &abi16->channels, head) { if (temp->chan->chid == req->channel) { -- 2.44.0

1 year, 6 months

1
0
0 0

[PATCH 1/1] xhci: Fix failure to detect ring expansion need.

by Mathias Nyman

Ring expansion checker may incorrectly assume a completely full ring is empty, missing the need for expansion. This is due to a special empty ring case where the dequeue ends up ahead of the enqueue pointer. This is seen when enqueued TRBs fill up exactly a segment, with enqueue then pointing to the end link TRB. Once those TRBs are handled the dequeue pointer will follow the link TRB and end up pointing to the first entry on the next segment, past the enqueue. This same enqueue - dequeue condition can be true if a ring is full, with enqueue ending on that last link TRB before the dequeue pointer on the next segment. This can be seen when queuing several ~510 small URBs via usbfs in one go before a single one is handled (i.e. dequeue not moved from first entry in segment). Expand the ring already when enqueue reaches the link TRB before the dequeue segment, instead of expanding it when enqueue moves into the dequeue segment. Reported-by: Chris Yokum <linux-usb(a)mail.totalphase.com> Closes: https://lore.kernel.org/all/949223224.833962.1709339266739.JavaMail.zimbra@… Tested-by: Chris Yokum <linux-usb(a)mail.totalphase.com> Fixes: f5af638f0609 ("xhci: Fix transfer ring expansion size calculation") Cc: stable(a)vger.kernel.org # v6.5+ Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index f0d8a607ff21..4f64b814d4aa 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -326,7 +326,13 @@ static unsigned int xhci_ring_expansion_needed(struct xhci_hcd *xhci, struct xhc /* how many trbs will be queued past the enqueue segment? */ trbs_past_seg = enq_used + num_trbs - (TRBS_PER_SEGMENT - 1); - if (trbs_past_seg <= 0) + /* + * Consider expanding the ring already if num_trbs fills the current + * segment (i.e. trbs_past_seg == 0), not only when num_trbs goes into + * the next segment. Avoids confusing full ring with special empty ring + * case below + */ + if (trbs_past_seg < 0) return 0; /* Empty ring special case, enqueue stuck on link trb while dequeue advanced */ -- 2.25.1

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030538-luckiness-crevice-fa39@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030537-amiss-payable-3723@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 6 months

1
0
0 0

[PATCH 5.10 00/42] 5.10.212-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.212 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 06 Mar 2024 21:15:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.212-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.212-rc1 Davide Caratti <dcaratti(a)redhat.com> mptcp: fix double-free on socket dismantle Chuanhong Guo <gch981213(a)gmail.com> mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas(a)gmail.com> gpio: 74x164: Enable output pins after registers are reset Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix possible deadlock in subflow diag Paolo Bonzini <pbonzini(a)redhat.com> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande(a)quicinc.com> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Zong Li <zong.li(a)sifive.com> riscv: add CALLER_ADDRx support Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman(a)marvell.com> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan(a)semenov.dev> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein(a)hpe.com> dmaengine: fsl-qdma: init irq after reg initialization Peng Ma <peng.ma(a)nxp.com> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba(a)suse.com> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos(a)ics.forth.gr> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells(a)redhat.com> afs: Fix endless loop in directory parsing Takashi Iwai <tiwai(a)suse.de> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede(a)redhat.com> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd(a)arndb.de> efi/capsule-loader: fix incorrect allocation size Lin Ma <linma(a)zju.edu.cn> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Ignat Korchagin <ignat(a)cloudflare.com> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu(a)chromium.org> Bluetooth: Avoid potential use-after-free in hci_error_reset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Oleksij Rempel <linux(a)rempel-privat.de> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet(a)google.com> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Yunjian Wang <wangyunjian(a)huawei.com> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw(a)strlen.de> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka(a)redhat.com> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu(a)nxp.com> mtd: spinand: gigadevice: Fix the get ecc status issue Reto Schneider <reto.schneider(a)husqvarnagroup.com> mtd: spinand: gigadevice: Support GD5F1GQ5UExxG zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/ftrace.h | 5 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/return_address.c | 48 ++++++ arch/x86/kernel/cpu/intel.c | 178 +++++++++++---------- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/dma/fsl-qdma.c | 25 +-- drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 ++++-- drivers/mtd/nand/spi/gigadevice.c | 81 ++++++++-- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/platform/x86/touchscreen_dmi.c | 4 +- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 ++- fs/cachefiles/bind.c | 3 + fs/ext4/mballoc.c | 39 ++--- fs/hugetlbfs/inode.c | 6 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +++- net/ipv6/addrconf.c | 7 +- net/mptcp/diag.c | 3 + net/mptcp/protocol.c | 49 ++++++ net/netfilter/nft_compat.c | 20 +++ net/netlink/af_netlink.c | 2 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - 39 files changed, 485 insertions(+), 196 deletions(-)

1 year, 6 months

5
46
0 0

[PATCH v2] btrfs: scrub: fix false alerts on zoned device scrubing

by Qu Wenruo

[BUG] When using zoned devices (zbc), scrub would always report super block errors like the following: # btrfs scrub start -fB /mnt/btrfs/ Starting scrub on devid 1 scrub done for b7b5c759-1baa-4561-a0ca-b8d0babcde56 Scrub started: Tue Mar 5 12:49:14 2024 Status: finished Duration: 0:00:00 Total to scrub: 288.00KiB Rate: 288.00KiB/s Error summary: super=2 Corrected: 0 Uncorrectable: 0 Unverified: 0 [CAUSE] Since the very beginning of scrub, we always go with btrfs_sb_offset() to grab the super blocks. This is fine for regular btrfs filesystems, but for zoned btrfs, super blocks are stored in dedicated zones with a ring buffer like structure. This means the old btrfs_sb_offset() is not able to give the correct bytenr for us to grabbing the super blocks, thus except the primary super block, the rest would be garbage and cause the above false alerts. [FIX] Instead of btrfs_sb_offset(), go with btrfs_sb_log_location() which is zoned friendly, to grab the correct super block location. This would introduce new error patterns, as btrfs_sb_log_location() can fail with extra errors. Here for -ENOENT we just end the scrub as there are no more super blocks. For other errors, we record it as a super block error and exit. Reported-by: WA AM <waautomata(a)gmail.com> Link: https://lore.kernel.org/all/CANU2Z0EvUzfYxczLgGUiREoMndE9WdQnbaawV5Fv5gNXpt… CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: Johannes Thumshirn <Johannes.Thumshirn(a)wdc.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/scrub.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- Changelog: v2: - Use READ to replace the number 0 - Continue checking the next super block if we hit a non-ENOENT error diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index c4bd0e60db59..201b547aac4c 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2788,7 +2788,6 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, struct btrfs_device *scrub_dev) { int i; - u64 bytenr; u64 gen; int ret = 0; struct page *page; @@ -2812,7 +2811,17 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, gen = btrfs_get_last_trans_committed(fs_info); for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) { - bytenr = btrfs_sb_offset(i); + u64 bytenr; + + ret = btrfs_sb_log_location(scrub_dev, i, READ, &bytenr); + if (ret == -ENOENT) + break; + if (ret < 0) { + spin_lock(&sctx->stat_lock); + sctx->stat.super_errors++; + spin_unlock(&sctx->stat_lock); + continue; + } if (bytenr + BTRFS_SUPER_INFO_SIZE > scrub_dev->commit_total_bytes) break; -- 2.44.0

1 year, 6 months

1
1
0 0

[PATCH] btrfs: scrub: fix false alerts on zoned device scrubing

by Qu Wenruo

[BUG] When using zoned devices (zbc), scrub would always report super block errors like the following: # btrfs scrub start -fB /mnt/btrfs/ Starting scrub on devid 1 scrub done for b7b5c759-1baa-4561-a0ca-b8d0babcde56 Scrub started: Tue Mar 5 12:49:14 2024 Status: finished Duration: 0:00:00 Total to scrub: 288.00KiB Rate: 288.00KiB/s Error summary: super=2 Corrected: 0 Uncorrectable: 0 Unverified: 0 [CAUSE] Since the very beginning of scrub, we always go with btrfs_sb_offset() to grab the super blocks. This is fine for regular btrfs filesystems, but for zoned btrfs, super blocks are stored in dedicated zones with a ring buffer like structure. This means the old btrfs_sb_offset() is not able to give the correct bytenr for us to grabbing the super blocks, thus except the primary super block, the rest would be garbage and cause the above false alerts. [FIX] Instead of btrfs_sb_offset(), go with btrfs_sb_log_location() which is zoned friendly, to grab the correct super block location. This would introduce new error patterns, as btrfs_sb_log_location() can fail with extra errors. Here for -ENOENT we just end the scrub as there are no more super blocks. For other errors, we record it as a super block error and exit. Reported-by: WA AM <waautomata(a)gmail.com> Link: https://lore.kernel.org/all/CANU2Z0EvUzfYxczLgGUiREoMndE9WdQnbaawV5Fv5gNXpt… CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Johannes Thumshirn <Johannes.Thumshirn(a)wdc.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/scrub.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index c4bd0e60db59..e1b67baa4072 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2788,7 +2788,6 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, struct btrfs_device *scrub_dev) { int i; - u64 bytenr; u64 gen; int ret = 0; struct page *page; @@ -2812,7 +2811,17 @@ static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx, gen = btrfs_get_last_trans_committed(fs_info); for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) { - bytenr = btrfs_sb_offset(i); + u64 bytenr; + + ret = btrfs_sb_log_location(scrub_dev, i, 0, &bytenr); + if (ret == -ENOENT) + break; + if (ret < 0) { + spin_lock(&sctx->stat_lock); + sctx->stat.super_errors++; + spin_unlock(&sctx->stat_lock); + break; + } if (bytenr + BTRFS_SUPER_INFO_SIZE > scrub_dev->commit_total_bytes) break; -- 2.44.0

1 year, 6 months

2
2
0 0

[PATCH v3 09/10] arm64: dts: qcom: sc8280xp-x13s: disable ASPM L0s for NVMe and modem

by Johan Hovold

There are indications that ASPM L0s is not working very well on this machine so disable it also for the NVMe and modem controllers for now. Note that this is done as a precaution based on problems with the Wi-Fi on the X13s as well as the NVMe, modem and Wi-Fi on the sc8280xp-crd reference design (the NVMe controller on my X13s does not support L0s and the machine lacks a modem). Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 9567b82db9a5..057e4d9d3c0f 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -695,6 +695,8 @@ keyboard@68 { }; &pcie2a { + aspm-no-l0s; + perst-gpios = <&tlmm 143 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 145 GPIO_ACTIVE_LOW>; @@ -714,6 +716,8 @@ &pcie2a_phy { }; &pcie3a { + aspm-no-l0s; + perst-gpios = <&tlmm 151 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v3 08/10] arm64: dts: qcom: sc8280xp-x13s: disable ASPM L0s for Wi-Fi

by Johan Hovold

Enabling ASPM L0s on the Lenovo Thinkpad X13s results in Correctable Errors (BadTLP, Timeout) when accessing the Wi-Fi controller so disable it for now. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index eb8a16aa233e..9567b82db9a5 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -734,6 +734,7 @@ &pcie3a_phy { &pcie4 { max-link-speed = <2>; + aspm-no-l0s; perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v3 07/10] arm64: dts: qcom: sc8280xp-crd: disable ASPM L0s for modem and Wi-Fi

by Johan Hovold

There are indications that ASPM L0s is not working very well on this machine so disable it also for the modem and Wi-Fi controllers for now. This specifically avoids having the modem and Wi-Fi controllers bounce in an out of L0s when not used (the modem still bounces in and out of L1) as well as intermittent Correctable errors on the Wi-Fi link when not used. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts index 7e94a68d5d9f..8fc0380f65a0 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts @@ -546,6 +546,8 @@ &pcie2a_phy { }; &pcie3a { + aspm-no-l0s; + perst-gpios = <&tlmm 151 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; @@ -566,6 +568,7 @@ &pcie3a_phy { &pcie4 { max-link-speed = <2>; + aspm-no-l0s; perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v3 06/10] arm64: dts: qcom: sc8280xp-crd: disable ASPM L0s for NVMe

by Johan Hovold

Enabling ASPM L0s on the CRD results in a large amount of Correctable Errors (Timeout) when accessing the NVMe controller so disable it for now. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts index 41215567b3ae..7e94a68d5d9f 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts @@ -525,6 +525,8 @@ keyboard@68 { }; &pcie2a { + aspm-no-l0s; + perst-gpios = <&tlmm 143 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 145 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v3 05/10] arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP

by Johan Hovold

Add the missing PCIe CX performance level votes to avoid relying on other drivers (e.g. USB or UFS) to maintain the nominal performance level required for Gen3 speeds. Fixes: 813e83157001 ("arm64: dts: qcom: sc8280xp/sa8540p: add PCIe2-4 nodes") Cc: stable(a)vger.kernel.org # 6.2 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi index c8e84c53935c..424d143ee26a 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi +++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi @@ -1780,6 +1780,7 @@ pcie4: pcie@1c00000 { reset-names = "pci"; power-domains = <&gcc PCIE_4_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie4_phy>; phy-names = "pciephy"; @@ -1878,6 +1879,7 @@ pcie3b: pcie@1c08000 { reset-names = "pci"; power-domains = <&gcc PCIE_3B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3b_phy>; phy-names = "pciephy"; @@ -1976,6 +1978,7 @@ pcie3a: pcie@1c10000 { reset-names = "pci"; power-domains = <&gcc PCIE_3A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3a_phy>; phy-names = "pciephy"; @@ -2077,6 +2080,7 @@ pcie2b: pcie@1c18000 { reset-names = "pci"; power-domains = <&gcc PCIE_2B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2b_phy>; phy-names = "pciephy"; @@ -2175,6 +2179,7 @@ pcie2a: pcie@1c20000 { reset-names = "pci"; power-domains = <&gcc PCIE_2A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2a_phy>; phy-names = "pciephy"; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v3 04/10] PCI: qcom: Add support for disabling ASPM L0s in devicetree

by Johan Hovold

Commit 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") started enabling ASPM unconditionally when the hardware claims to support it. This triggers Correctable Errors for some PCIe devices on machines like the Lenovo ThinkPad X13s, which could indicate an incomplete driver ASPM implementation or that the hardware does in fact not support L0s. Add support for disabling ASPM L0s in the devicetree when it is not supported on a particular machine and controller. Note that only the 1.9.0 ops enable ASPM currently. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 09d485df34b9..0fb5dc06d2ef 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -273,6 +273,25 @@ static int qcom_pcie_start_link(struct dw_pcie *pci) return 0; } +static void qcom_pcie_clear_aspm_l0s(struct dw_pcie *pci) +{ + u16 offset; + u32 val; + + if (!of_property_read_bool(pci->dev->of_node, "aspm-no-l0s")) + return; + + offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + + dw_pcie_dbi_ro_wr_en(pci); + + val = readl(pci->dbi_base + offset + PCI_EXP_LNKCAP); + val &= ~PCI_EXP_LNKCAP_ASPM_L0S; + writel(val, pci->dbi_base + offset + PCI_EXP_LNKCAP); + + dw_pcie_dbi_ro_wr_dis(pci); +} + static void qcom_pcie_clear_hpc(struct dw_pcie *pci) { u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); @@ -962,6 +981,7 @@ static int qcom_pcie_init_2_7_0(struct qcom_pcie *pcie) static int qcom_pcie_post_init_2_7_0(struct qcom_pcie *pcie) { + qcom_pcie_clear_aspm_l0s(pcie->pci); qcom_pcie_clear_hpc(pcie->pci); return 0; -- 2.43.0

1 year, 6 months

1
0
0 0

[PATCH v2 0/3] Support intra-function call validation

by Rui Qi

Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. When compiling the sample code for kernel live patching, the following message is displayed when enabled: livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack Reproduction steps: 1.git checkout v5.4.269 -b v5.4.269 2.make defconfig 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m 4. make -j bzImage 5. make samples/livepatch/livepatch-sample.ko 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M 7. insmod livepatch-sample.ko Kernel live patch cannot complete successfully. After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows: [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack ...... BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269 After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"), which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support. Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, allowing the kernel live patching feature to work correctly. Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Rui Qi (1): x86/speculation: Support intra-function call validation arch/x86/include/asm/nospec-branch.h | 7 ++ include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 64 +++++++++++++++++-- 5 files changed, 91 insertions(+), 5 deletions(-) -- 2.39.2 (Apple Git-143)

1 year, 6 months

2
9
0 0

RE: [PATCH 3/5] virtio_blk: Fix device surprise removal

by Parav Pandit

> From: Parav Pandit <parav(a)nvidia.com> > Sent: Tuesday, March 5, 2024 12:06 PM > > When the PCI device is surprise removed, requests won't complete from the > device. These IOs are never completed and disk deletion hangs indefinitely. > > Fix it by aborting the IOs which the device will never complete when the VQ is > broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however timeout can take > very long time. For unresponsive device, quickly completing the request with > error enables users and upper layer to react quickly. > > Verified with multiple device unplug cycles with pending IOs in virtio used ring > and some pending with device. > > Also verified without surprise removal. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: lirongqing(a)baidu.com > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Co-developed-by: Chaitanya Kulkarni <kch(a)nvidia.com> > Signed-off-by: Chaitanya Kulkarni <kch(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > --- Please ignore this patch, I am still debugging and verifying it. Incorrectly it got CCed to stable. I am sorry for the noise. > changelog: > v0->v1: > - addressed comments from Ming and Michael > - changed the flow to not depend on broken vq anymore to avoid > the race of missing the detection > - flow updated to quiesce request queue and device, followed by > syncing with any ongoing interrupt handler or callbacks, > finally finishing the requests which are not completed by device > with error. > --- > drivers/block/virtio_blk.c | 46 +++++++++++++++++++++++++++++++++++- > -- > 1 file changed, 43 insertions(+), 3 deletions(-) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index > 2bf14a0e2815..1956172b4b1a 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1562,9 +1562,52 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_cancel_request(struct request *rq, void *data) { > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + return true; > +} > + > static void virtblk_remove(struct virtio_device *vdev) { > struct virtio_blk *vblk = vdev->priv; > + int i; > + > + /* Block upper layer to not get any new requests */ > + blk_mq_quiesce_queue(vblk->disk->queue); > + > + mutex_lock(&vblk->vdev_mutex); > + > + /* Stop all the virtqueues and configuration change notification and > also > + * synchronize with pending interrupt handlers. > + */ > + virtio_reset_device(vdev); > + > + mutex_unlock(&vblk->vdev_mutex); > + > + /* Syncronize with any callback handlers for request completion */ > + for (i = 0; i < vblk->num_vqs; i++) > + virtblk_done(vblk->vqs[i].vq); > + > + blk_sync_queue(vblk->disk->queue); > + > + /* At this point block layer and device/transport are quiet; > + * hence, safely complete all the pending requests with error. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_cancel_request, > vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* > + * Unblock any pending dispatch I/Os before we destroy device. From > + * del_gendisk() -> __blk_mark_disk_dead(disk) will set GD_DEAD flag, > + * that will make sure any new I/O from bio_queue_enter() to fail. > + */ > + blk_mq_unquiesce_queue(vblk->disk->queue); > > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > @@ -1574,9 +1617,6 @@ static void virtblk_remove(struct virtio_device > *vdev) > > mutex_lock(&vblk->vdev_mutex); > > - /* Stop all the virtqueues. */ > - virtio_reset_device(vdev); > - > /* Virtqueues are stopped, nothing can use vblk->vdev anymore. */ > vblk->vdev = NULL; > > -- > 2.34.1

1 year, 6 months

1
0
0 0

[PATCH] tee: optee: Fix kernel panic caused by incorrect error handling

by Sumit Garg

The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = 0 [ 15.425031] FSC = 0x05: level 1 translation fault [ 15.429922] Data abort info: [ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000 [ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000 [ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") lead to the introduction of this bug. So fix it appropriately. Reported-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218542 Fixes: 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") Cc: stable(a)vger.kernel.org Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> --- drivers/tee/optee/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c index 9d2afac96acc..d296c70ddfdc 100644 --- a/drivers/tee/optee/device.c +++ b/drivers/tee/optee/device.c @@ -90,13 +90,14 @@ static int optee_register_device(const uuid_t *device_uuid, u32 func) if (rc) { pr_err("device registration failed, err: %d\n", rc); put_device(&optee_device->dev); + return rc; } if (func == PTA_CMD_GET_DEVICES_SUPP) device_create_file(&optee_device->dev, &dev_attr_need_supplicant); - return rc; + return 0; } static int __optee_enumerate_devices(u32 func) -- 2.34.1

1 year, 6 months

3
4
0 0

Re: [PATCH 6.7 000/162] 6.7.9-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] init-kconfig-lower-gcc-version-check-for-warray-bounds.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: init/Kconfig: lower GCC version check for -Warray-bounds has been removed from the -mm tree. Its filename was init-kconfig-lower-gcc-version-check-for-warray-bounds.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: init/Kconfig: lower GCC version check for -Warray-bounds Date: Fri, 23 Feb 2024 09:08:27 -0800 We continue to see false positives from -Warray-bounds even in GCC 10, which is getting reported in a few places[1] still: security/security.c:811:2: warning: `memcpy' offset 32 is out of the bounds [0, 0] [-Warray-bounds] Lower the GCC version check from 11 to 10. Link: https://lkml.kernel.org/r/20240223170824.work.768-kees@kernel.org Reported-by: Lu Yao <yaolu(a)kylinos.cn> Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/ Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.c… [1] Signed-off-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Paul Moore <paul(a)paul-moore.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: "Gustavo A. R. Silva" <gustavoars(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Marc Aur��le La France <tsi(a)tuyoix.net> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Randy Dunlap <rdunlap(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/init/Kconfig~init-kconfig-lower-gcc-version-check-for-warray-bounds +++ a/init/Kconfig @@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5) default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough) -# Currently, disable gcc-11+ array-bounds globally. +# Currently, disable gcc-10+ array-bounds globally. # It's still broken in gcc-13, so no upper bound yet. -config GCC11_NO_ARRAY_BOUNDS +config GCC10_NO_ARRAY_BOUNDS def_bool y config CC_NO_ARRAY_BOUNDS bool - default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS + default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS # Currently, disable -Wstringop-overflow for GCC globally. config GCC_NO_STRINGOP_OVERFLOW _ Patches currently in -mm which might be from keescook(a)chromium.org are

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close has been removed from the -mm tree. Its filename was mm-mmap-fix-vma_merge-case-7-with-vma_ops-close.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, mmap: fix vma_merge() case 7 with vma_ops->close Date: Thu, 22 Feb 2024 22:59:31 +0100 When debugging issues with a workload using SysV shmem, Michal Hocko has come up with a reproducer that shows how a series of mprotect() operations can result in an elevated shm_nattch and thus leak of the resource. The problem is caused by wrong assumptions in vma_merge() commit 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test"). The shmem vmas have a vma_ops->close callback that decrements shm_nattch, and we remove the vma without calling it. vma_merge() has thus historically avoided merging vma's with vma_ops->close and commit 714965ca8252 was supposed to keep it that way. It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming that it is never called on a vma that would be a candidate for removal. However, the vma_merge() code does also use the result of this check in the decision to remove a different vma in the merge case 7. A robust solution would be to refactor vma_merge() code in a way that the vma_ops->close check is only done for vma's that are actually going to be removed, and not as part of the preliminary checks. That would both solve the existing bug, and also allow additional merges that the checks currently prevent unnecessarily in some cases. However to fix the existing bug first with a minimized risk, and for easier stable backports, this patch only adds a vma_ops->close check to the buggy case 7 specifically. All other cases of vma removal are covered by the can_vma_merge_before() check that includes the test for vma_ops->close. The reproducer code, adapted from Michal Hocko's code: int main(int argc, char *argv[]) { int segment_id; size_t segment_size = 20 * PAGE_SIZE; char * sh_mem; struct shmid_ds shmid_ds; key_t key = 0x1234; segment_id = shmget(key, segment_size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); sh_mem = (char *)shmat(segment_id, NULL, 0); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE); mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE); mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE); shmdt(sh_mem); shmctl(segment_id, IPC_STAT, &shmid_ds); printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch); if (shmctl(segment_id, IPC_RMID, 0)) printf("IPCRM failed %d\n", errno); return (shmid_ds.shm_nattch) ? 1 : 0; } Link: https://lkml.kernel.org/r/20240222215930.14637-2-vbabka@suse.cz Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/mmap.c~mm-mmap-fix-vma_merge-case-7-with-vma_ops-close +++ a/mm/mmap.c @@ -954,13 +954,21 @@ static struct vm_area_struct } else if (merge_prev) { /* case 2 */ if (curr) { vma_start_write(curr); - err = dup_anon_vma(prev, curr, &anon_dup); if (end == curr->vm_end) { /* case 7 */ + /* + * can_vma_merge_after() assumed we would not be + * removing prev vma, so it skipped the check + * for vm_ops->close, but we are removing curr + */ + if (curr->vm_ops && curr->vm_ops->close) + err = -EINVAL; remove = curr; } else { /* case 5 */ adjust = curr; adj_start = (end - curr->vm_start); } + if (!err) + err = dup_anon_vma(prev, curr, &anon_dup); } } else { /* merge_next */ vma_start_write(next); _ Patches currently in -mm which might be from vbabka(a)suse.cz are

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails Date: Thu, 22 Feb 2024 16:08:15 +0800 After ptep_clear_flush(), if we find that src_folio is pinned we will fail UFFDIO_MOVE and put src_folio back to src_pte entry, but the change to src_folio->{mapping,index} is not restored in this process. This is not what we expected, so fix it. This can cause the rmap for that page to be invalid, possibly resulting in memory corruption. At least swapout+migration would no longer work, because we might fail to locate the mappings of that folio. Link: https://lkml.kernel.org/r/20240222080815.46291-1-zhengqi.arch@bytedance.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-fix-unexpected-change-to-src_folio-when-uffdio_move-fails +++ a/mm/userfaultfd.c @@ -914,9 +914,6 @@ static int move_present_pte(struct mm_st goto out; } - folio_move_anon_rmap(src_folio, dst_vma); - WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); - orig_src_pte = ptep_clear_flush(src_vma, src_addr, src_pte); /* Folio got pinned from under us. Put it back and fail the move. */ if (folio_maybe_dma_pinned(src_folio)) { @@ -925,6 +922,9 @@ static int move_present_pte(struct mm_st goto out; } + folio_move_anon_rmap(src_folio, dst_vma); + WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); + orig_dst_pte = mk_pte(&src_folio->page, dst_vma->vm_page_prot); /* Follow mremap() behavior and treat the entry dirty after the move */ orig_dst_pte = pte_mkwrite(pte_mkdirty(orig_dst_pte), dst_vma); _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are mm-pgtable-correct-the-wrong-comment-about-ptdesc-__page_flags.patch mm-pgtable-add-missing-pt_index-to-struct-ptdesc.patch s390-supplement-for-ptdesc-conversion.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations has been removed from the -mm tree. Its filename was mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Date: Wed, 21 Feb 2024 12:43:58 +0100 Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/gfp.h | 9 +++++++++ mm/compaction.c | 7 +------ mm/page_alloc.c | 10 ++++++---- mm/vmscan.c | 5 ++++- 4 files changed, 20 insertions(+), 11 deletions(-) --- a/include/linux/gfp.h~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t g return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC --- a/mm/compaction.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); --- a/mm/page_alloc.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ restart: * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ retry: /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ retry: * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) --- a/mm/vmscan.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(stru { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0)) _ Patches currently in -mm which might be from vbabka(a)suse.cz are

1 year, 6 months

1
0
0 0

[PATCH 5.10] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> [apanyaki: backport to v5.10-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 24e39984914f..f608663bdfd5 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -885,8 +885,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -929,8 +929,6 @@ static void __unbind_from_irq(unsigned int irq) if (VALID_EVTCHN(evtchn)) { unsigned int cpu = cpu_from_irq(irq); - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -943,6 +941,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 6 months

3
3
0 0

[PATCH v2] serial: Lock console when calling into driver before registration

by Peter Collingbourne

During the handoff from earlycon to the real console driver, we have two separate drivers operating on the same device concurrently. In the case of the 8250 driver these concurrent accesses cause problems due to the driver's use of banked registers, controlled by LCR.DLAB. It is possible for the setup(), config_port(), pm() and set_mctrl() callbacks to set DLAB, which can cause the earlycon code that intends to access TX to instead access DLL, leading to missed output and corruption on the serial line due to unintended modifications to the baud rate. In particular, for setup() we have: univ8250_console_setup() -> serial8250_console_setup() -> uart_set_options() -> serial8250_set_termios() -> serial8250_do_set_termios() -> serial8250_do_set_divisor() For config_port() we have: serial8250_config_port() -> autoconfig() For pm() we have: serial8250_pm() -> serial8250_do_pm() -> serial8250_set_sleep() For set_mctrl() we have (for some devices): serial8250_set_mctrl() -> omap8250_set_mctrl() -> __omap8250_set_mctrl() To avoid such problems, let's make it so that the console is locked during pre-registration calls to these callbacks, which will prevent the earlycon driver from running concurrently. Remove the partial solution to this problem in the 8250 driver that locked the console only during autoconfig_irq(), as this would result in a deadlock with the new approach. The console continues to be locked during autoconfig_irq() because it can only be called through uart_configure_port(). Although this patch introduces more locking than strictly necessary (and in particular it also locks during the call to rs485_config() which is not affected by this issue as far as I can tell), it follows the principle that it is the responsibility of the generic console code to manage the earlycon handoff by ensuring that earlycon and real console driver code cannot run concurrently, and not the individual drivers. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Reviewed-by: John Ogness <john.ogness(a)linutronix.de> Link: https://linux-review.googlesource.com/id/I7cf8124dcebf8618e6b2ee543fa5b2553… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_port.c | 6 ------ drivers/tty/serial/serial_core.c | 12 ++++++++++++ kernel/printk/printk.c | 21 ++++++++++++++++++--- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8ca061d3bbb9..1d65055dde27 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -1329,9 +1329,6 @@ static void autoconfig_irq(struct uart_8250_port *up) inb_p(ICP); } - if (uart_console(port)) - console_lock(); - /* forget possible initially masked and pending IRQ */ probe_irq_off(probe_irq_on()); save_mcr = serial8250_in_MCR(up); @@ -1371,9 +1368,6 @@ static void autoconfig_irq(struct uart_8250_port *up) if (port->flags & UPF_FOURPORT) outb_p(save_ICP, ICP); - if (uart_console(port)) - console_unlock(); - port->irq = (irq > 0) ? irq : 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index d6a58a9e072a..ff85ebd3a007 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2608,7 +2608,12 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, port->type = PORT_UNKNOWN; flags |= UART_CONFIG_TYPE; } + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); port->ops->config_port(port, flags); + if (uart_console(port)) + console_unlock(); } if (port->type != PORT_UNKNOWN) { @@ -2616,6 +2621,10 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_report_port(drv, port); + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); + /* Power up port for set_mctrl() */ uart_change_pm(state, UART_PM_STATE_ON); @@ -2632,6 +2641,9 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_rs485_config(port); + if (uart_console(port)) + console_unlock(); + /* * If this driver supports console, and it hasn't been * successfully registered yet, try to re-register it. diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index f2444b581e16..f51e4e5a869d 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -3263,6 +3263,21 @@ static int __init keep_bootcon_setup(char *str) early_param("keep_bootcon", keep_bootcon_setup); +static int console_call_setup(struct console *newcon, char *options) +{ + int err; + + if (!newcon->setup) + return 0; + + /* Synchronize with possible boot console. */ + console_lock(); + err = newcon->setup(newcon, options); + console_unlock(); + + return err; +} + /* * This is called by register_console() to try to match * the newly registered console with any of the ones selected @@ -3298,8 +3313,8 @@ static int try_enable_preferred_console(struct console *newcon, if (_braille_register_console(newcon, c)) return 0; - if (newcon->setup && - (err = newcon->setup(newcon, c->options)) != 0) + err = console_call_setup(newcon, c->options); + if (err != 0) return err; } newcon->flags |= CON_ENABLED; @@ -3325,7 +3340,7 @@ static void try_enable_default_console(struct console *newcon) if (newcon->index < 0) newcon->index = 0; - if (newcon->setup && newcon->setup(newcon, NULL) != 0) + if (console_call_setup(newcon, NULL) != 0) return; newcon->flags |= CON_ENABLED; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

2
2
0 0

[PATCH v3] serial: Lock console when calling into driver before registration

by Peter Collingbourne

During the handoff from earlycon to the real console driver, we have two separate drivers operating on the same device concurrently. In the case of the 8250 driver these concurrent accesses cause problems due to the driver's use of banked registers, controlled by LCR.DLAB. It is possible for the setup(), config_port(), pm() and set_mctrl() callbacks to set DLAB, which can cause the earlycon code that intends to access TX to instead access DLL, leading to missed output and corruption on the serial line due to unintended modifications to the baud rate. In particular, for setup() we have: univ8250_console_setup() -> serial8250_console_setup() -> uart_set_options() -> serial8250_set_termios() -> serial8250_do_set_termios() -> serial8250_do_set_divisor() For config_port() we have: serial8250_config_port() -> autoconfig() For pm() we have: serial8250_pm() -> serial8250_do_pm() -> serial8250_set_sleep() For set_mctrl() we have (for some devices): serial8250_set_mctrl() -> omap8250_set_mctrl() -> __omap8250_set_mctrl() To avoid such problems, let's make it so that the console is locked during pre-registration calls to these callbacks, which will prevent the earlycon driver from running concurrently. Remove the partial solution to this problem in the 8250 driver that locked the console only during autoconfig_irq(), as this would result in a deadlock with the new approach. The console continues to be locked during autoconfig_irq() because it can only be called through uart_configure_port(). Although this patch introduces more locking than strictly necessary (and in particular it also locks during the call to rs485_config() which is not affected by this issue as far as I can tell), it follows the principle that it is the responsibility of the generic console code to manage the earlycon handoff by ensuring that earlycon and real console driver code cannot run concurrently, and not the individual drivers. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Reviewed-by: John Ogness <john.ogness(a)linutronix.de> Link: https://linux-review.googlesource.com/id/I7cf8124dcebf8618e6b2ee543fa5b2553… Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org --- v3: - switch to if (err) v2: - add some comments drivers/tty/serial/8250/8250_port.c | 6 ------ drivers/tty/serial/serial_core.c | 12 ++++++++++++ kernel/printk/printk.c | 21 ++++++++++++++++++--- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8ca061d3bbb9..1d65055dde27 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -1329,9 +1329,6 @@ static void autoconfig_irq(struct uart_8250_port *up) inb_p(ICP); } - if (uart_console(port)) - console_lock(); - /* forget possible initially masked and pending IRQ */ probe_irq_off(probe_irq_on()); save_mcr = serial8250_in_MCR(up); @@ -1371,9 +1368,6 @@ static void autoconfig_irq(struct uart_8250_port *up) if (port->flags & UPF_FOURPORT) outb_p(save_ICP, ICP); - if (uart_console(port)) - console_unlock(); - port->irq = (irq > 0) ? irq : 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index d6a58a9e072a..ff85ebd3a007 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2608,7 +2608,12 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, port->type = PORT_UNKNOWN; flags |= UART_CONFIG_TYPE; } + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); port->ops->config_port(port, flags); + if (uart_console(port)) + console_unlock(); } if (port->type != PORT_UNKNOWN) { @@ -2616,6 +2621,10 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_report_port(drv, port); + /* Synchronize with possible boot console. */ + if (uart_console(port)) + console_lock(); + /* Power up port for set_mctrl() */ uart_change_pm(state, UART_PM_STATE_ON); @@ -2632,6 +2641,9 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, uart_rs485_config(port); + if (uart_console(port)) + console_unlock(); + /* * If this driver supports console, and it hasn't been * successfully registered yet, try to re-register it. diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index f2444b581e16..89f2aa2e1172 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -3263,6 +3263,21 @@ static int __init keep_bootcon_setup(char *str) early_param("keep_bootcon", keep_bootcon_setup); +static int console_call_setup(struct console *newcon, char *options) +{ + int err; + + if (!newcon->setup) + return 0; + + /* Synchronize with possible boot console. */ + console_lock(); + err = newcon->setup(newcon, options); + console_unlock(); + + return err; +} + /* * This is called by register_console() to try to match * the newly registered console with any of the ones selected @@ -3298,8 +3313,8 @@ static int try_enable_preferred_console(struct console *newcon, if (_braille_register_console(newcon, c)) return 0; - if (newcon->setup && - (err = newcon->setup(newcon, c->options)) != 0) + err = console_call_setup(newcon, c->options); + if (err) return err; } newcon->flags |= CON_ENABLED; @@ -3325,7 +3340,7 @@ static void try_enable_default_console(struct console *newcon) if (newcon->index < 0) newcon->index = 0; - if (newcon->setup && newcon->setup(newcon, NULL) != 0) + if (console_call_setup(newcon, NULL) != 0) return; newcon->flags |= CON_ENABLED; -- 2.44.0.278.ge034bb2e1d-goog

1 year, 6 months

1
0
0 0

[PATCH v2] Bluetooth: btnxpuart: Fix btnxpuart_close

by Francesco Dolcini

From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Fix scheduling while atomic BUG in btnxpuart_close(), properly purge the transmit queue and free the receive skb. [ 10.973809] BUG: scheduling while atomic: kworker/u9:0/80/0x00000002 ... [ 10.980740] CPU: 3 PID: 80 Comm: kworker/u9:0 Not tainted 6.8.0-rc7-0.0.0-devel-00005-g61fdfceacf09 #1 [ 10.980751] Hardware name: Toradex Verdin AM62 WB on Dahlia Board (DT) [ 10.980760] Workqueue: hci0 hci_power_off [bluetooth] [ 10.981169] Call trace: ... [ 10.981363] uart_update_mctrl+0x58/0x78 [ 10.981373] uart_dtr_rts+0x104/0x114 [ 10.981381] tty_port_shutdown+0xd4/0xdc [ 10.981396] tty_port_close+0x40/0xbc [ 10.981407] uart_close+0x34/0x9c [ 10.981414] ttyport_close+0x50/0x94 [ 10.981430] serdev_device_close+0x40/0x50 [ 10.981442] btnxpuart_close+0x24/0x98 [btnxpuart] [ 10.981469] hci_dev_close_sync+0x2d8/0x718 [bluetooth] [ 10.981728] hci_dev_do_close+0x2c/0x70 [bluetooth] [ 10.981862] hci_power_off+0x20/0x64 [bluetooth] Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Cc: stable(a)vger.kernel.org Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Reviewed-by: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> [ fd: reword commit message ] Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- v2: - reword commit message - added rb neeraj v1: https://lore.kernel.org/all/20231018145540.34014-2-marcel@ziswiler.com/ --- drivers/bluetooth/btnxpuart.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index 55b6e3dcd4ec..0b93c2ff29e4 100644 --- a/drivers/bluetooth/btnxpuart.c +++ b/drivers/bluetooth/btnxpuart.c @@ -1252,6 +1252,9 @@ static int btnxpuart_close(struct hci_dev *hdev) ps_wakeup(nxpdev); serdev_device_close(nxpdev->serdev); + skb_queue_purge(&nxpdev->txq); + kfree_skb(nxpdev->rx_skb); + nxpdev->rx_skb = NULL; clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state); return 0; } -- 2.39.2

1 year, 6 months

2
1
0 0

[PATCH 5.15] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> [apanyaki: backport to v5.15-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index ee691b20d4a3..04ff194fecf4 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -936,8 +936,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -981,8 +981,6 @@ static void __unbind_from_irq(unsigned int irq) unsigned int cpu = cpu_from_irq(irq); struct xenbus_device *dev; - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -1000,6 +998,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 6 months

1
0
0 0

[PATCH 6.1] xen/events: close evtchn after mapping cleanup

by Andrew Panyakin

From: Maximilian Heyne <mheyne(a)amazon.de> Commit fa765c4b4aed2d64266b694520ecb025c862c5a9 upstream shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compare to upstream patch this one does not have close_evtchn flag because there is no need to handle static event channels. This feature was added only in 58f6259b7a08f ("xen/evtchn: Introduce new IOCTL to bind static evtchn") drivers/xen/events/events_base.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 00f8e349921d..96b96516c980 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -937,8 +937,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -982,8 +982,6 @@ static void __unbind_from_irq(unsigned int irq) unsigned int cpu = cpu_from_irq(irq); struct xenbus_device *dev; - xen_evtchn_close(evtchn); - switch (type_from_irq(irq)) { case IRQT_VIRQ: per_cpu(virq_to_irq, cpu)[virq_from_irq(irq)] = -1; @@ -1001,6 +999,7 @@ static void __unbind_from_irq(unsigned int irq) } xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } xen_free_irq(irq); -- 2.40.1

1 year, 6 months

1
0
0 0

[PATCH stable v6.7] drm/nouveau: don't fini scheduler before entity flush

by Danilo Krummrich

This bug is present in v6.7 only, since the scheduler design has been re-worked in v6.8. Client scheduler entities must be flushed before an associated GPU scheduler is teared down. Otherwise the entitiy might still hold a pointer to the scheduler's runqueue which is freed at scheduler tear down already. [ 305.224293] ================================================================== [ 305.224297] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224310] Read of size 8 at addr ffff8881440a8f48 by task rmmod/4436 [ 305.224317] CPU: 10 PID: 4436 Comm: rmmod Tainted: G U 6.7.6-100.fc38.x86_64+debug #1 [ 305.224321] Hardware name: Dell Inc. Precision 7550/01PXFR, BIOS 1.27.0 11/08/2023 [ 305.224324] Call Trace: [ 305.224327] <TASK> [ 305.224329] dump_stack_lvl+0x76/0xd0 [ 305.224336] print_report+0xcf/0x670 [ 305.224342] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224352] ? __virt_addr_valid+0x215/0x410 [ 305.224359] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224368] kasan_report+0xa6/0xe0 [ 305.224373] ? drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224385] drm_sched_entity_flush+0x6c4/0x7b0 [gpu_sched] [ 305.224395] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched] [ 305.224406] ? rcu_is_watching+0x15/0xb0 [ 305.224413] drm_sched_entity_destroy+0x17/0x20 [gpu_sched] [ 305.224422] nouveau_cli_fini+0x6c/0x120 [nouveau] [ 305.224658] nouveau_drm_device_fini+0x2ac/0x490 [nouveau] [ 305.224871] nouveau_drm_remove+0x18e/0x220 [nouveau] [ 305.225082] ? __pfx_nouveau_drm_remove+0x10/0x10 [nouveau] [ 305.225290] ? rcu_is_watching+0x15/0xb0 [ 305.225295] ? _raw_spin_unlock_irqrestore+0x66/0x80 [ 305.225299] ? trace_hardirqs_on+0x16/0x100 [ 305.225304] ? _raw_spin_unlock_irqrestore+0x4f/0x80 [ 305.225310] pci_device_remove+0xa3/0x1d0 [ 305.225316] device_release_driver_internal+0x379/0x540 [ 305.225322] driver_detach+0xc5/0x180 [ 305.225327] bus_remove_driver+0x11e/0x2a0 [ 305.225333] pci_unregister_driver+0x2a/0x250 [ 305.225339] nouveau_drm_exit+0x1f/0x970 [nouveau] [ 305.225548] __do_sys_delete_module+0x350/0x580 [ 305.225554] ? __pfx___do_sys_delete_module+0x10/0x10 [ 305.225562] ? syscall_enter_from_user_mode+0x26/0x90 [ 305.225567] ? rcu_is_watching+0x15/0xb0 [ 305.225571] ? syscall_enter_from_user_mode+0x26/0x90 [ 305.225575] ? trace_hardirqs_on+0x16/0x100 [ 305.225580] do_syscall_64+0x61/0xe0 [ 305.225584] ? rcu_is_watching+0x15/0xb0 [ 305.225587] ? syscall_exit_to_user_mode+0x1f/0x50 [ 305.225592] ? trace_hardirqs_on_prepare+0xe3/0x100 [ 305.225596] ? do_syscall_64+0x70/0xe0 [ 305.225600] ? trace_hardirqs_on_prepare+0xe3/0x100 [ 305.225604] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.225609] RIP: 0033:0x7f6148f3592b [ 305.225650] Code: 73 01 c3 48 8b 0d dd 04 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ad 04 0c 00 f7 d8 64 89 01 48 [ 305.225653] RSP: 002b:00007ffe89986f08 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 305.225659] RAX: ffffffffffffffda RBX: 000055cbb036e900 RCX: 00007f6148f3592b [ 305.225662] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055cbb036e968 [ 305.225664] RBP: 00007ffe89986f30 R08: 1999999999999999 R09: 0000000000000000 [ 305.225667] R10: 00007f6148fa6ac0 R11: 0000000000000206 R12: 0000000000000000 [ 305.225670] R13: 00007ffe89987190 R14: 000055cbb036e900 R15: 0000000000000000 [ 305.225678] </TASK> [ 305.225683] Allocated by task 484: [ 305.225685] kasan_save_stack+0x33/0x60 [ 305.225690] kasan_set_track+0x25/0x30 [ 305.225693] __kasan_kmalloc+0x8f/0xa0 [ 305.225696] drm_sched_init+0x3c7/0xce0 [gpu_sched] [ 305.225705] nouveau_sched_init+0xd2/0x110 [nouveau] [ 305.225913] nouveau_drm_device_init+0x130/0x3290 [nouveau] [ 305.226121] nouveau_drm_probe+0x1ab/0x6b0 [nouveau] [ 305.226329] local_pci_probe+0xda/0x190 [ 305.226333] pci_device_probe+0x23a/0x780 [ 305.226337] really_probe+0x3df/0xb80 [ 305.226341] __driver_probe_device+0x18c/0x450 [ 305.226345] driver_probe_device+0x4a/0x120 [ 305.226348] __driver_attach+0x1e5/0x4a0 [ 305.226351] bus_for_each_dev+0x106/0x190 [ 305.226355] bus_add_driver+0x2a1/0x570 [ 305.226358] driver_register+0x134/0x460 [ 305.226361] do_one_initcall+0xd3/0x430 [ 305.226366] do_init_module+0x238/0x770 [ 305.226370] load_module+0x5581/0x6f10 [ 305.226374] __do_sys_init_module+0x1f2/0x220 [ 305.226377] do_syscall_64+0x61/0xe0 [ 305.226381] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.226387] Freed by task 4436: [ 305.226389] kasan_save_stack+0x33/0x60 [ 305.226392] kasan_set_track+0x25/0x30 [ 305.226396] kasan_save_free_info+0x2b/0x50 [ 305.226399] __kasan_slab_free+0x10b/0x1a0 [ 305.226402] slab_free_freelist_hook+0x12b/0x1e0 [ 305.226406] __kmem_cache_free+0xd4/0x1d0 [ 305.226410] drm_sched_fini+0x178/0x320 [gpu_sched] [ 305.226418] nouveau_drm_device_fini+0x2a0/0x490 [nouveau] [ 305.226624] nouveau_drm_remove+0x18e/0x220 [nouveau] [ 305.226832] pci_device_remove+0xa3/0x1d0 [ 305.226836] device_release_driver_internal+0x379/0x540 [ 305.226840] driver_detach+0xc5/0x180 [ 305.226843] bus_remove_driver+0x11e/0x2a0 [ 305.226847] pci_unregister_driver+0x2a/0x250 [ 305.226850] nouveau_drm_exit+0x1f/0x970 [nouveau] [ 305.227056] __do_sys_delete_module+0x350/0x580 [ 305.227060] do_syscall_64+0x61/0xe0 [ 305.227064] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 305.227070] The buggy address belongs to the object at ffff8881440a8f00 which belongs to the cache kmalloc-128 of size 128 [ 305.227073] The buggy address is located 72 bytes inside of freed 128-byte region [ffff8881440a8f00, ffff8881440a8f80) [ 305.227078] The buggy address belongs to the physical page: [ 305.227081] page:00000000627efa0a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1440a8 [ 305.227085] head:00000000627efa0a order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 305.227088] flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 305.227093] page_type: 0xffffffff() [ 305.227097] raw: 0017ffffc0000840 ffff8881000428c0 ffffea0005b33500 dead000000000002 [ 305.227100] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 305.227102] page dumped because: kasan: bad access detected [ 305.227106] Memory state around the buggy address: [ 305.227109] ffff8881440a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 305.227112] ffff8881440a8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 305.227114] >ffff8881440a8f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 305.227117] ^ [ 305.227120] ffff8881440a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 305.227122] ffff8881440a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 305.227125] ================================================================== Cc: <stable(a)vger.kernel.org> # v6.7 only Reported-by: Karol Herbst <kherbst(a)redhat.com> Closes: https://gist.githubusercontent.com/karolherbst/a20eb0f937a06ed6aabe2ac2ca3d… Fixes: b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") Signed-off-by: Danilo Krummrich <dakr(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 50589f982d1a..75545da9d1e9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -708,10 +708,11 @@ nouveau_drm_device_fini(struct drm_device *dev) } mutex_unlock(&drm->clients_lock); - nouveau_sched_fini(drm); - nouveau_cli_fini(&drm->client); nouveau_cli_fini(&drm->master); + + nouveau_sched_fini(drm); + nvif_parent_dtor(&drm->parent); mutex_destroy(&drm->clients_lock); kfree(drm); -- 2.44.0

1 year, 6 months

2
4
0 0

FAILED: patch "[PATCH] mptcp: fix double-free on socket dismantle" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 10048689def7e40a4405acda16fdc6477d4ecc5c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-plausible-harmonics-a964@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 10048689def7 ("mptcp: fix double-free on socket dismantle") 7e8b88ec35ee ("mptcp: consolidate passive msk socket initialization") a88d0092b24b ("mptcp: simplify subflow_syn_recv_sock()") 2bb9a37f0e19 ("mptcp: avoid unneeded address copy") b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets") 3a236aef280e ("mptcp: refactor passive socket initialization") 7d803344fdc3 ("mptcp: fix deadlock in fastopen error path") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") f2bb566f5c97 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 10048689def7e40a4405acda16fdc6477d4ecc5c Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:18 +0100 Subject: [PATCH] mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0 __do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 __kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130 __sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0 __netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888485950880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff888485950900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950980: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc Something similar (a refcount underflow) happens with CALIPSO/IPv6. Fix this by duplicating IP / IPv6 options after clone, so that ip{,6}_sock_destruct() doesn't end up freeing the same memory area twice. Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections") Cc: stable(a)vger.kernel.org Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-8-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2c8f931c6d5b..7833a49f6214 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3178,8 +3178,50 @@ static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } + +static void mptcp_copy_ip6_options(struct sock *newsk, const struct sock *sk) +{ + const struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + struct ipv6_pinfo *newnp; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + net_warn_ratelimited("%s: Failed to copy ip6 options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} #endif +static void mptcp_copy_ip_options(struct sock *newsk, const struct sock *sk) +{ + struct ip_options_rcu *inet_opt, *newopt = NULL; + const struct inet_sock *inet = inet_sk(sk); + struct inet_sock *newinet; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + net_warn_ratelimited("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + struct sock *mptcp_sk_clone_init(const struct sock *sk, const struct mptcp_options_received *mp_opt, struct sock *ssk, @@ -3200,6 +3242,13 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_init_sock(nsk); +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + if (nsk->sk_family == AF_INET6) + mptcp_copy_ip6_options(nsk, sk); + else +#endif + mptcp_copy_ip_options(nsk, sk); + msk = mptcp_sk(nsk); msk->local_key = subflow_req->local_key; msk->token = subflow_req->token;

1 year, 6 months

3
2
0 0

[PATCH] btrfs: qgroup: verify btrfs_qgroup_inherit parameter

by Qu Wenruo

[BUG] Currently btrfs can create subvolume with an invalid qgroup inherit without triggering any error: # mkfs.btrfs -O quota -f $dev # mount $dev $mnt # btrfs subvolume create -i 2/0 $mnt/subv1 # btrfs qgroup show -prce --sync $mnt Qgroupid Referenced Exclusive Path -------- ---------- --------- ---- 0/5 16.00KiB 16.00KiB <toplevel> 0/256 16.00KiB 16.00KiB subv1 [CAUSE] We only do a very basic size check for btrfs_qgroup_inherit structure, but never really verify if the values are correct. Thus in btrfs_qgroup_inherit() function, we have to skip non-existing qgroups, and never return any error. [FIX] Fix the behavior and introduce extra checks: - Introduce early check for btrfs_qgroup_inherit structure Not only the size, but also all the qgroup ids would be verifyed. And the timing is very early, so we can return error early. This early check is very important for snapshot creation, as snapshot is delayed to transaction commit. - Drop support for btrfs_qgroup_inherit::num_ref_copies and num_excl_copies Those two members are used to specify to copy refr/excl numbers from other qgroups. This would definitely mark qgroup inconsistent, and btrfs-progs has dropped the support for them for a long time. It's time to drop the support for kernel. - Verify the supported btrfs_qgroup_inherit::flags Just in case we want to add extra flags for btrfs_qgroup_inherit. Now above subvolume creation would fail with -ENOENT other than silently ignore the non-existing qgroup. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/ioctl.c | 16 +++--------- fs/btrfs/qgroup.c | 52 ++++++++++++++++++++++++++++++++++++++ fs/btrfs/qgroup.h | 3 +++ include/uapi/linux/btrfs.h | 1 + 4 files changed, 59 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 8b80fbea1e72..c19ce2e292dc 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1382,7 +1382,7 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, if (vol_args->flags & BTRFS_SUBVOL_RDONLY) readonly = true; if (vol_args->flags & BTRFS_SUBVOL_QGROUP_INHERIT) { - u64 nums; + struct btrfs_fs_info *fs_info = inode_to_fs_info(file_inode(file)); if (vol_args->size < sizeof(*inherit) || vol_args->size > PAGE_SIZE) { @@ -1395,19 +1395,9 @@ static noinline int btrfs_ioctl_snap_create_v2(struct file *file, goto free_args; } - if (inherit->num_qgroups > PAGE_SIZE || - inherit->num_ref_copies > PAGE_SIZE || - inherit->num_excl_copies > PAGE_SIZE) { - ret = -EINVAL; + ret = btrfs_qgroup_check_inherit(fs_info, inherit, vol_args->size); + if (ret < 0) goto free_inherit; - } - - nums = inherit->num_qgroups + 2 * inherit->num_ref_copies + - 2 * inherit->num_excl_copies; - if (vol_args->size != struct_size(inherit, qgroups, nums)) { - ret = -EINVAL; - goto free_inherit; - } } ret = __btrfs_ioctl_snap_create(file, file_mnt_idmap(file), diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c index 4fa83c76b37b..66968092b554 100644 --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -3046,6 +3046,58 @@ int btrfs_run_qgroups(struct btrfs_trans_handle *trans) return ret; } +int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info, + struct btrfs_qgroup_inherit *inherit, + size_t size) +{ + if (inherit->flags & ~BTRFS_QGROUP_INHERIT_FLAGS_SUPP) + return -EOPNOTSUPP; + if (size < sizeof(*inherit) || size > PAGE_SIZE) + return -EINVAL; + + /* + * In the past we allow btrfs_qgroup_inherit to specify to copy + * refr/excl numbers directly from other qgroups. + * This behavior has been disable in btrfs-progs for a very long time, + * but here we should also disable them for kernel, as this behavior + * is known to mark qgroup inconsistent, and a rescan would wipe out the + * change anyway. + * + * So here we just reject any btrfs_qgroup_inherit with num_ref_copies or + * num_excl_copies. + */ + if (inherit->num_ref_copies || inherit->num_excl_copies) + return -EINVAL; + + if (inherit->num_qgroups > PAGE_SIZE) + return -EINVAL; + + if (size != struct_size(inherit, qgroups, inherit->num_qgroups)) + return -EINVAL; + + /* + * Now check all the remaining qgroups, they should all: + * - Exist + * - Be higher level qgroups. + */ + for (int i = 0; i < inherit->num_qgroups; i++) { + struct btrfs_qgroup *qgroup; + u64 qgroupid = inherit->qgroups[i]; + + if (btrfs_qgroup_level(qgroupid) == 0) + return -EINVAL; + + spin_lock(&fs_info->qgroup_lock); + qgroup = find_qgroup_rb(fs_info, qgroupid); + if (!qgroup) { + spin_unlock(&fs_info->qgroup_lock); + return -ENOENT; + } + spin_unlock(&fs_info->qgroup_lock); + } + return 0; +} + static int qgroup_auto_inherit(struct btrfs_fs_info *fs_info, u64 inode_rootid, struct btrfs_qgroup_inherit **inherit) diff --git a/fs/btrfs/qgroup.h b/fs/btrfs/qgroup.h index 1f664261c064..706640be0ec2 100644 --- a/fs/btrfs/qgroup.h +++ b/fs/btrfs/qgroup.h @@ -350,6 +350,9 @@ int btrfs_qgroup_account_extent(struct btrfs_trans_handle *trans, u64 bytenr, struct ulist *new_roots); int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans); int btrfs_run_qgroups(struct btrfs_trans_handle *trans); +int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info, + struct btrfs_qgroup_inherit *inherit, + size_t size); int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, u64 objectid, u64 inode_rootid, struct btrfs_qgroup_inherit *inherit); diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h index f8bc34a6bcfa..cdf6ad872149 100644 --- a/include/uapi/linux/btrfs.h +++ b/include/uapi/linux/btrfs.h @@ -92,6 +92,7 @@ struct btrfs_qgroup_limit { * struct btrfs_qgroup_inherit.flags */ #define BTRFS_QGROUP_INHERIT_SET_LIMITS (1ULL << 0) +#define BTRFS_QGROUP_INHERIT_FLAGS_SUPP (BTRFS_QGROUP_INHERIT_SET_LIMITS) struct btrfs_qgroup_inherit { __u64 flags; -- 2.43.2

1 year, 6 months

3
3
0 0

FAILED: patch "[PATCH] mptcp: fix double-free on socket dismantle" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 10048689def7e40a4405acda16fdc6477d4ecc5c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030452-appliance-decidable-ccdb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 10048689def7 ("mptcp: fix double-free on socket dismantle") 7e8b88ec35ee ("mptcp: consolidate passive msk socket initialization") a88d0092b24b ("mptcp: simplify subflow_syn_recv_sock()") 2bb9a37f0e19 ("mptcp: avoid unneeded address copy") b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets") 3a236aef280e ("mptcp: refactor passive socket initialization") 7d803344fdc3 ("mptcp: fix deadlock in fastopen error path") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") f2bb566f5c97 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 10048689def7e40a4405acda16fdc6477d4ecc5c Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:18 +0100 Subject: [PATCH] mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0 __do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 __kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130 __sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0 __netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888485950880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff888485950900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888485950980: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc Something similar (a refcount underflow) happens with CALIPSO/IPv6. Fix this by duplicating IP / IPv6 options after clone, so that ip{,6}_sock_destruct() doesn't end up freeing the same memory area twice. Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections") Cc: stable(a)vger.kernel.org Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-8-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2c8f931c6d5b..7833a49f6214 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3178,8 +3178,50 @@ static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } + +static void mptcp_copy_ip6_options(struct sock *newsk, const struct sock *sk) +{ + const struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + struct ipv6_pinfo *newnp; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + net_warn_ratelimited("%s: Failed to copy ip6 options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} #endif +static void mptcp_copy_ip_options(struct sock *newsk, const struct sock *sk) +{ + struct ip_options_rcu *inet_opt, *newopt = NULL; + const struct inet_sock *inet = inet_sk(sk); + struct inet_sock *newinet; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + net_warn_ratelimited("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + struct sock *mptcp_sk_clone_init(const struct sock *sk, const struct mptcp_options_received *mp_opt, struct sock *ssk, @@ -3200,6 +3242,13 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, __mptcp_init_sock(nsk); +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + if (nsk->sk_family == AF_INET6) + mptcp_copy_ip6_options(nsk, sk); + else +#endif + mptcp_copy_ip_options(nsk, sk); + msk = mptcp_sk(nsk); msk->local_key = subflow_req->local_key; msk->token = subflow_req->token;

1 year, 6 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-swimsuit-antacid-a0dd@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 6 months

3
7
0 0

FAILED: patch "[PATCH] mptcp: fix snd_wnd initialization for passive socket" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x adf1bb78dab55e36d4d557aa2fb446ebcfe9e5ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030417-jaws-icky-a0f2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: adf1bb78dab5 ("mptcp: fix snd_wnd initialization for passive socket") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From adf1bb78dab55e36d4d557aa2fb446ebcfe9e5ce Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:15 +0100 Subject: [PATCH] mptcp: fix snd_wnd initialization for passive socket Such value should be inherited from the first subflow, but passive sockets always used 'rsk_rcv_wnd'. Fixes: 6f8a612a33e4 ("mptcp: keep track of advertised windows right edge") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-5-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 442fa7d9b57a..2c8f931c6d5b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3211,7 +3211,7 @@ struct sock *mptcp_sk_clone_init(const struct sock *sk, msk->write_seq = subflow_req->idsn + 1; msk->snd_nxt = msk->write_seq; msk->snd_una = msk->write_seq; - msk->wnd_end = msk->snd_nxt + req->rsk_rcv_wnd; + msk->wnd_end = msk->snd_nxt + tcp_sk(ssk)->snd_wnd; msk->setsockopt_seq = mptcp_sk(sk)->setsockopt_seq; mptcp_init_sched(msk, mptcp_sk(sk)->sched);

1 year, 6 months

3
2
0 0

Re: [PATCH] libceph: init the cursor when preparing the sparse read

by Ilya Dryomov

On Mon, Mar 4, 2024 at 3:00 PM Xiubo Li <xiubli(a)redhat.com> wrote: > > > On 3/4/24 19:02, Ilya Dryomov wrote: > > On Mon, Mar 4, 2024 at 2:02 AM Xiubo Li <xiubli(a)redhat.com> wrote: > > On 3/2/24 00:16, Ilya Dryomov wrote: > > On Thu, Feb 29, 2024 at 5:22 AM <xiubli(a)redhat.com> wrote: > > From: Xiubo Li <xiubli(a)redhat.com> > > The osd code has remove cursor initilizing code and this will make > the sparse read state into a infinite loop. We should initialize > the cursor just before each sparse-read in messnger v2. > > Cc: stable(a)vger.kernel.org > URL: https://tracker.ceph.com/issues/64607 > Fixes: 8e46a2d068c9 ("libceph: just wait for more data to be available on the socket") > Reported-by: Luis Henriques <lhenriques(a)suse.de> > Signed-off-by: Xiubo Li <xiubli(a)redhat.com> > --- > net/ceph/messenger_v2.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c > index a0ca5414b333..7ae0f80100f4 100644 > --- a/net/ceph/messenger_v2.c > +++ b/net/ceph/messenger_v2.c > @@ -2025,6 +2025,7 @@ static int prepare_sparse_read_cont(struct ceph_connection *con) > static int prepare_sparse_read_data(struct ceph_connection *con) > { > struct ceph_msg *msg = con->in_msg; > + u64 len = con->in_msg->sparse_read_total ? : data_len(con->in_msg); > > Hi Xiubo, > > Why is sparse_read_total being tested here? Isn't this function > supposed to be called only for sparse reads, after the state is set to > IN_S_PREPARE_SPARSE_DATA based on a similar test: > > if (msg->sparse_read_total) > con->v2.in_state = IN_S_PREPARE_SPARSE_DATA; > else > con->v2.in_state = IN_S_PREPARE_READ_DATA; > > Then the patch could be simplified and just be: > > diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c > index a0ca5414b333..ab3ab130a911 100644 > --- a/net/ceph/messenger_v2.c > +++ b/net/ceph/messenger_v2.c > @@ -2034,6 +2034,9 @@ static int prepare_sparse_read_data(struct > ceph_connection *con) > if (!con_secure(con)) > con->in_data_crc = -1; > > + ceph_msg_data_cursor_init(&con->v2.in_cursor, con->in_msg, > + con->in_msg->sparse_read_total); > + > reset_in_kvecs(con); > con->v2.in_state = IN_S_PREPARE_SPARSE_DATA_CONT; > con->v2.data_len_remain = data_len(msg); > > Else where should we do the test like this ? > > Hi Xiubo, > > I suspect you copied this test from prepare_message_data() in msgr1, > where that function is called unconditionally for all reads. In msgr2, > prepare_sparse_read_data() is called conditionally, so the test just > seems bogus. > > That said, CephFS is the only user of sparse read code, so you should > know better at this point ;) > > As we know the 'sparse_read_total' it's a dedicated member and will be set only in sparse-read case. > > In msgr1 for all the read cases they will call "prepare_message_data()", so I just did this check in "prepare_message_data()". Right. > > While for msgr2 it's a little different from msg1 and it won't call 'prepare_read_data()' for all the reads, and for sparse-read it has its own dedicated helper, which is "prepare_sparse_read_data()". Right. > So I just did this check in 'prepare_sparse_read_data()' instead. This where I'm getting lost. Why do a "is this a sparse read" check in a helper that is dedicated to sparse reads and isn't called for anything else? > For "prepare_read_data()" it doesn't make any sense to check "sparse_read_total". Right, so why doesn't the same go for prepare_sparse_read_data()? Thanks, Ilya

1 year, 6 months

1
0
0 0

Seaside Serendipity: Stock Up on Our Functional and Fashionable Beach Chairs.

by Justcool Furniture

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030421-badly-bucket-6555@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") f4a75e9d1100 ("selftests: mptcp: run userspace pm tests slower") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 6 months

2
6
0 0

[PATCH 6.7.y v2 0/5] Delay VERW - 6.7.y backport

by Pawan Gupta

v2: - Dropped already backported patch "x86/bugs: Add asm helpers for executing VERW". https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… - Boot tested with KASLR and KPTI enabled. - Rebased to v6.7.8 v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-7-y-v1-0-ab25f6431… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 2/7: A conflict was resolved for the hunk swapgs_restore_regs_and_return_to_usermode. Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (4): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/arch/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 ------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 20 +++++++++++++++---- 11 files changed, 75 insertions(+), 45 deletions(-) --- base-commit: d6d6c49dbf4512f1421f5e42896e2d70dc121f9a change-id: 20240226-delay-verw-backport-6-7-y-a2cb3f26bb90 Best regards, -- Thanks, Pawan

1 year, 6 months

2
6
0 0

[PATCH] libceph: init the cursor when preparing the sparse read

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> The osd code has remove cursor initilizing code and this will make the sparse read state into a infinite loop. We should initialize the cursor just before each sparse-read in messnger v2. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/64607 Fixes: 8e46a2d068c9 ("libceph: just wait for more data to be available on the socket") Reported-by: Luis Henriques <lhenriques(a)suse.de> Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- net/ceph/messenger_v2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c index a0ca5414b333..7ae0f80100f4 100644 --- a/net/ceph/messenger_v2.c +++ b/net/ceph/messenger_v2.c @@ -2025,6 +2025,7 @@ static int prepare_sparse_read_cont(struct ceph_connection *con) static int prepare_sparse_read_data(struct ceph_connection *con) { struct ceph_msg *msg = con->in_msg; + u64 len = con->in_msg->sparse_read_total ? : data_len(con->in_msg); dout("%s: starting sparse read\n", __func__); @@ -2034,6 +2035,8 @@ static int prepare_sparse_read_data(struct ceph_connection *con) if (!con_secure(con)) con->in_data_crc = -1; + ceph_msg_data_cursor_init(&con->v2.in_cursor, con->in_msg, len); + reset_in_kvecs(con); con->v2.in_state = IN_S_PREPARE_SPARSE_DATA_CONT; con->v2.data_len_remain = data_len(msg); -- 2.43.0

1 year, 6 months

4
10
0 0

[PATCH net 0/2] selftests: mptcp: fixes for diag.sh

by Matthieu Baerts (NGI0)

Here are two patches fixing issues in MPTCP diag.sh kselftest: - Patch 1 makes sure the exit code is '1' in case of error, and not the test ID, not to return an exit code that would be wrongly interpreted by the ksefltests framework, e.g. '4' means 'skip'. - Patch 2 avoids waiting for unnecessary conditions, which can cause timeouts in some very slow environments. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt Matthieu Baerts (NGI0) (1): selftests: mptcp: diag: avoid extra waiting tools/testing/selftests/net/mptcp/diag.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) --- base-commit: 1c61728be22c1cb49c1be88693e72d8c06b1c81e change-id: 20240301-upstream-net-20240301-selftests-mptcp-diag-exit-timeout-207d7925b7c0 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 6 months

2
2
0 0

[PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> These are the remaining patches that bring v6.1 in sync with v6.6 in terms of support for 4k section alignment and strict separation of executable and writable mappings. More details in [0]. [0] https://lkml.kernel.org/r/CAMj1kXE5y%2B6Fef1SqsePO1p8eGEL_qKR9ZkNPNKb-y6P8-… Ard Biesheuvel (15): arm64: efi: Limit allocations to 48-bit addressable physical region x86/efistub: Simplify and clean up handover entry code x86/decompressor: Avoid magic offsets for EFI handover entrypoint x86/efistub: Clear BSS in EFI handover protocol entrypoint x86/decompressor: Move global symbol references to C code efi/libstub: Add limit argument to efi_random_alloc() x86/efistub: Perform 4/5 level paging switch from the stub x86/decompressor: Factor out kernel decompression and relocation x86/efistub: Prefer EFI memory attributes protocol over DXE services x86/efistub: Perform SNP feature test while running in the firmware x86/efistub: Avoid legacy decompressor when doing EFI boot efi/x86: Avoid physical KASLR on older Dell systems x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: efistub: Assign global boot_params variable Evgeniy Baskov (1): efi/libstub: Add memory attribute protocol definitions Johan Hovold (1): efi: efivars: prevent double registration Yuntao Wang (1): efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Documentation/x86/boot.rst | 2 +- arch/arm64/include/asm/efi.h | 1 + arch/x86/boot/compressed/Makefile | 5 + arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/efi_mixed.S | 107 +++---- arch/x86/boot/compressed/head_32.S | 32 --- arch/x86/boot/compressed/head_64.S | 63 +---- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/misc.c | 69 +++-- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 9 +- arch/x86/boot/compressed/sev.c | 114 ++++---- arch/x86/include/asm/boot.h | 10 + arch/x86/include/asm/efi.h | 14 +- arch/x86/include/asm/sev.h | 7 + drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/alignedmem.c | 2 + drivers/firmware/efi/libstub/arm64-stub.c | 7 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 2 + drivers/firmware/efi/libstub/efistub.h | 28 +- drivers/firmware/efi/libstub/mem.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 14 +- drivers/firmware/efi/libstub/x86-5lvl.c | 95 +++++++ drivers/firmware/efi/libstub/x86-stub.c | 295 +++++++++++--------- drivers/firmware/efi/libstub/x86-stub.h | 17 ++ drivers/firmware/efi/vars.c | 13 +- include/linux/efi.h | 1 + 29 files changed, 560 insertions(+), 402 deletions(-) create mode 100644 drivers/firmware/efi/libstub/x86-5lvl.c create mode 100644 drivers/firmware/efi/libstub/x86-stub.h -- 2.44.0.278.ge034bb2e1d-goog

1 year, 6 months

2
19
0 0

FAILED: patch "[PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7092dbee23282b6fcf1313fc64e2b92649ee16e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030422-dinner-rotten-5ef3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") f4a75e9d1100 ("selftests: mptcp: run userspace pm tests slower") 03668c65d153 ("selftests: mptcp: join: rework detailed report") 9e86a297796b ("selftests: mptcp: sockopt: format subtests results in TAP") 7f117cd37c61 ("selftests: mptcp: join: format subtests results in TAP") c4192967e62f ("selftests: mptcp: lib: format subtests results in TAP") e198ad759273 ("selftests: mptcp: userspace_pm: uniform results printing") 8320b1387a15 ("selftests: mptcp: userspace_pm: fix shellcheck warnings") e141c1e8e4c1 ("selftests: mptcp: userspace pm: don't stop if error") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 966c6c3adfb1 ("selftests: mptcp: userspace_pm: report errors with 'remove' tests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7092dbee23282b6fcf1313fc64e2b92649ee16e8 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 23 Feb 2024 17:14:12 +0100 Subject: [PATCH] selftests: mptcp: rm subflow with v4/v4mapped addr Now both a v4 address and a v4-mapped address are supported when destroying a userspace pm subflow, this patch adds a second subflow to "userspace pm add & remove address" test, and two subflows could be removed two different ways, one with the v4mapped and one with v4. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/387 Fixes: 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-2-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index c07386e21e0a..e68b1bc2c2e4 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3333,16 +3333,17 @@ userspace_pm_rm_sf() { local evts=$evts_ns1 local t=${3:-1} - local ip=4 + local ip local tk da dp sp local cnt [ "$1" == "$ns2" ] && evts=$evts_ns2 - if mptcp_lib_is_v6 $2; then ip=6; fi + [ -n "$(mptcp_lib_evts_get_info "saddr4" "$evts" $t)" ] && ip=4 + [ -n "$(mptcp_lib_evts_get_info "saddr6" "$evts" $t)" ] && ip=6 tk=$(mptcp_lib_evts_get_info token "$evts") - da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t) - dp=$(mptcp_lib_evts_get_info dport "$evts" $t) - sp=$(mptcp_lib_evts_get_info sport "$evts" $t) + da=$(mptcp_lib_evts_get_info "daddr$ip" "$evts" $t $2) + dp=$(mptcp_lib_evts_get_info dport "$evts" $t $2) + sp=$(mptcp_lib_evts_get_info sport "$evts" $t $2) cnt=$(rm_sf_count ${1}) ip netns exec $1 ./pm_nl_ctl dsf lip $2 lport $sp \ @@ -3429,20 +3430,23 @@ userspace_tests() if reset_with_events "userspace pm add & remove address" && continue_if mptcp_lib_has_file '/proc/sys/net/mptcp/pm_type'; then set_userspace_pm $ns1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns2 2 2 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! wait_mpj $ns1 userspace_pm_add_addr $ns1 10.0.2.1 10 - chk_join_nr 1 1 1 - chk_add_nr 1 1 - chk_mptcp_info subflows 1 subflows 1 - chk_subflows_total 2 2 - chk_mptcp_info add_addr_signal 1 add_addr_accepted 1 + userspace_pm_add_addr $ns1 10.0.3.1 20 + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_mptcp_info subflows 2 subflows 2 + chk_subflows_total 3 3 + chk_mptcp_info add_addr_signal 2 add_addr_accepted 2 userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $SUB_ESTABLISHED - chk_rm_nr 1 1 invert + userspace_pm_rm_addr $ns1 20 + userspace_pm_rm_sf $ns1 10.0.3.1 $SUB_ESTABLISHED + chk_rm_nr 2 2 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 3a2abae5993e..3777d66fc56d 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -213,9 +213,9 @@ mptcp_lib_get_info_value() { grep "${2}" | sed -n 's/.*$'"${1}"':$$[0-9a-f:.]*$.*$/\2/p;q' } -# $1: info name ; $2: evts_ns ; $3: event type +# $1: info name ; $2: evts_ns ; [$3: event type; [$4: addr]] mptcp_lib_evts_get_info() { - mptcp_lib_get_info_value "${1}" "^type:${3:-1}," < "${2}" + grep "${4:-}" "${2}" | mptcp_lib_get_info_value "${1}" "^type:${3:-1}," } # $1: PID

1 year, 6 months

3
5
0 0

[PATCH stable 6.1] NFS: Fix data corruption caused by congestion.

by NeilBrown

when AOP_WRITEPAGE_ACTIVATE is returned (as NFS does when it detects congestion) it is important that the page is redirtied. nfs_writepage_locked() doesn't do this, so files can become corrupted as writes can be lost. Note that this is not needed in v6.8 as AOP_WRITEPAGE_ACTIVATE cannot be returned. It is needed for kernels v5.18..v6.7. From 6.3 onward the patch is different as it needs to mention "folio", not "page". Reported-and-tested-by: Jacek Tomaka <Jacek.Tomaka(a)poczta.fm> Fixes: 6df25e58532b ("nfs: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> --- fs/nfs/write.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/nfs/write.c b/fs/nfs/write.c index f41d24b54fd1..6a0606668417 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -667,8 +667,10 @@ static int nfs_writepage_locked(struct page *page, int err; if (wbc->sync_mode == WB_SYNC_NONE && - NFS_SERVER(inode)->write_congested) + NFS_SERVER(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } nfs_inc_stats(inode, NFSIOS_VFSWRITEPAGE); nfs_pageio_init_write(&pgio, inode, 0, -- 2.43.0

1 year, 6 months

2
1
0 0

[REGRESSION][PATCH 5.15 v1] Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"

by max.oss.09＠gmail.com

From: Max Krummenacher <max.krummenacher(a)toradex.com> This reverts commit ef4a40953c8076626875ff91c41e210fcee7a6fd. The commit was applied to make further commits apply cleanly, but the commit depends on other commits in the same patchset. I.e. the controlling DSI host would need a change too. Thus one would need to backport the full patchset changing the DSI hosts and all downstream DSI device drivers. Revert the commit and fix up the conflicts with the backported fixes to the lt8912b driver. Signed-off-by: Max Krummenacher <max.krummenacher(a)toradex.com> Conflicts: drivers/gpu/drm/bridge/lontium-lt8912b.c --- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/bridge/lontium-lt8912b.c b/drivers/gpu/drm/bridge/lontium-lt8912b.c index 6891863ed5104..e16b0fc0cda0f 100644 --- a/drivers/gpu/drm/bridge/lontium-lt8912b.c +++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c @@ -571,6 +571,10 @@ static int lt8912_bridge_attach(struct drm_bridge *bridge, if (ret) goto error; + ret = lt8912_attach_dsi(lt); + if (ret) + goto error; + return 0; error: @@ -726,15 +730,8 @@ static int lt8912_probe(struct i2c_client *client, drm_bridge_add(&lt->bridge); - ret = lt8912_attach_dsi(lt); - if (ret) - goto err_attach; - return 0; -err_attach: - drm_bridge_remove(&lt->bridge); - lt8912_free_i2c(lt); err_i2c: lt8912_put_dt(lt); err_dt_parse: -- 2.42.0

1 year, 6 months

2
1
0 0

EFI/x86 backports for v6.1

by Ard Biesheuvel

Please consider the patches below for backporting to v6.1. They should all apply cleanly in the given order. These are prerequisites for NX compat support on x86, but the remaining changes do not apply cleanly and will be sent as a patch series at a later date. By themselves, these changes not only constitute a reasonable cleanup, they are also needed for future support of x86s [0] CPUs that are no longer able to transition out of long mode. Documentation/x86/boot.rst | 2 +- arch/x86/Kconfig | 17 + arch/x86/boot/compressed/Makefile | 8 +- arch/x86/boot/compressed/efi_mixed.S | 383 +++++++++++++++++++ arch/x86/boot/compressed/efi_thunk_64.S | 195 ---------- arch/x86/boot/compressed/head_32.S | 25 +- arch/x86/boot/compressed/head_64.S | 566 ++++++----------------------- arch/x86/boot/compressed/mem_encrypt.S | 152 +++++++- arch/x86/boot/compressed/misc.c | 34 +- arch/x86/boot/compressed/misc.h | 2 - arch/x86/boot/compressed/pgtable.h | 10 +- arch/x86/boot/compressed/pgtable_64.c | 87 ++--- arch/x86/boot/header.S | 2 +- arch/x86/boot/tools/build.c | 2 + drivers/firmware/efi/efi.c | 22 ++ drivers/firmware/efi/libstub/alignedmem.c | 5 +- drivers/firmware/efi/libstub/arm64-stub.c | 6 +- drivers/firmware/efi/libstub/efistub.h | 6 +- drivers/firmware/efi/libstub/mem.c | 3 +- drivers/firmware/efi/libstub/randomalloc.c | 5 +- drivers/firmware/efi/libstub/x86-stub.c | 53 ++- drivers/firmware/efi/vars.c | 13 +- include/linux/decompress/mm.h | 2 +- 23 files changed, 805 insertions(+), 795 deletions(-) [0] https://www.intel.com/content/www/us/en/developer/articles/technical/envisi… 9cf42bca30e9 efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory cb8bda8ad443 x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S e2ab9eab324c x86/boot/compressed: Move 32-bit entrypoint code into .text section 5c3a85f35b58 x86/boot/compressed: Move bootargs parsing out of 32-bit startup code 91592b5c0c2f x86/boot/compressed: Move efi32_pe_entry into .text section 73a6dec80e2a x86/boot/compressed: Move efi32_entry out of head_64.S 7f22ca396778 x86/boot/compressed: Move efi32_pe_entry() out of head_64.S 4b52016247ae x86/boot/compressed, efi: Merge multiple definitions of image_offset into one 630f337f0c4f x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk 6aac80a8da46 x86/boot/compressed: Avoid touching ECX in startup32_set_idt_entry() d73a257f7f86 x86/boot/compressed: Pull global variable reference into startup32_load_idt() c6355995ba47 x86/boot/compressed: Move startup32_load_idt() into .text section 9ea813be3d34 x86/boot/compressed: Move startup32_load_idt() out of head_64.S b5d854cd4b6a x86/boot/compressed: Move startup32_check_sev_cbit() into .text 9d7eaae6a071 x86/boot/compressed: Move startup32_check_sev_cbit() out of head_64.S 30c9ca16a527 x86/boot/compressed: Adhere to calling convention in get_sev_encryption_bit() 61de13df9590 x86/boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y bad267f9e18f efi: verify that variable services are supported 0217a40d7ba6 efi: efivars: prevent double registration cc3fdda2876e x86/efi: Make the deprecated EFI handover protocol optional 7734a0f31e99 x86/boot: Robustify calling startup_{32,64}() from the decompressor code d2d7a54f69b6 x86/efistub: Branch straight to kernel entry point from C code df9215f15206 x86/efistub: Simplify and clean up handover entry code 127920645876 x86/decompressor: Avoid magic offsets for EFI handover entrypoint d7156b986d4c x86/efistub: Clear BSS in EFI handover protocol entrypoint 8b63cba746f8 x86/decompressor: Store boot_params pointer in callee save register 00c6b0978ec1 x86/decompressor: Assign paging related global variables earlier e8972a76aa90 x86/decompressor: Call trampoline as a normal function 918a7a04e717 x86/decompressor: Use standard calling convention for trampoline bd328aa01ff7 x86/decompressor: Avoid the need for a stack in the 32-bit trampoline 64ef578b6b68 x86/decompressor: Call trampoline directly from C code f97b67a773cd x86/decompressor: Only call the trampoline when changing paging levels cb83cece57e1 x86/decompressor: Pass pgtable address to trampoline directly 03dda95137d3 x86/decompressor: Merge trampoline cleanup with switching code 24388292e2d7 x86/decompressor: Move global symbol references to C code 8217ad0a435f decompress: Use 8 byte alignment

1 year, 6 months

2
2
0 0

[PATCH v5.15-v5.4] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

by Vamsi Krishna Brahmajosyula

From: Oscar Salvador <osalvador(a)suse.de> commit 79d72c68c58784a3e1cd2378669d51bfd0cb7498 upstream. When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hcd(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula(a)broadcom.com> --- fs/hugetlbfs/inode.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 54379ee573b1..9b6004bc96de 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1234,6 +1234,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1278,11 +1279,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps >> 20); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size: -- 2.43.2

1 year, 6 months

2
1
0 0

[PATCH] mm/huge_memory: fix swap entry values of tail pages of THP

by Charan Teja Kalla

An anon THP page is first added to swap cache before reclaiming it. Initially, each tail page contains the proper swap entry value(stored in ->private field) which is filled from add_to_swap_cache(). After migrating the THP page sitting on the swap cache, only the swap entry of the head page is filled(see folio_migrate_mapping()). Now when this page is tried to split(one case is when this page is again migrated, see migrate_pages()->try_split_thp()), the tail pages ->private is not stored with proper swap entry values. When this tail page is now try to be freed, as part of it delete_from_swap_cache() is called which operates on the wrong swap cache index and eventually replaces the wrong swap cache index with shadow/NULL value, frees the page. This leads to the state with a swap cache containing the freed page. This issue can manifest in many forms and the most common thing observed is the rcu stall during the swapin (see mapping_get_entry()). On the recent kernels, this issues is indirectly getting fixed with the series[1], to be specific[2]. When tried to back port this series, it is observed many merge conflicts and also seems dependent on many other changes. As backporting to LTS branches is not a trivial one, the similar change from [2] is picked as a fix. [1] https://lore.kernel.org/all/20230821160849.531668-1-david@redhat.com/ [2] https://lore.kernel.org/all/20230821160849.531668-5-david@redhat.com/ Closes: https://lore.kernel.org/linux-mm/69cb784f-578d-ded1-cd9f-c6db04696336@quici… Fixes: 3417013e0d18 ("mm/migrate: Add folio_migrate_mapping()") Cc: <stable(a)vger.kernel.org> # see patch description, applicable to <=6.1 Signed-off-by: Charan Teja Kalla <quic_charante(a)quicinc.com> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 5957794..cc5273f 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2477,6 +2477,8 @@ static void __split_huge_page_tail(struct page *head, int tail, if (!folio_test_swapcache(page_folio(head))) { VM_WARN_ON_ONCE_PAGE(page_tail->private != 0, page_tail); page_tail->private = 0; + } else { + set_page_private(page_tail, (unsigned long)head->private + tail); } /* Page flags must be visible before we make the page non-compound. */ -- 2.7.4

1 year, 6 months

5
16
0 0

Please apply commit 5b750b22530fe53bf7fd6a30baacd53ada26911b to linux-6.1.y

by Nathan Chancellor

Hi Greg and Sasha, Please apply upstream commit 5b750b22530f ("drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml") to linux-6.1.y, as it is needed to avoid instances of -Wframe-larger-than in allmodconfig, which has -Werror enabled. It applies cleanly for me and it is already in 6.6 and 6.7. The fixes tag is not entirely accurate and commit e63e35f0164c ("drm/amd/display: Increase frame-larger-than for all display_mode_vba files"), which was recently applied to that tree, depends on it (I should have made that clearer in the patch). If there are any issues, please let me know. Cheers, Nathan

1 year, 6 months

2
1
0 0

[PATCH 4.19/5.4/5.10/5.15] cachefiles: fix memory leak in cachefiles_add_cache()

by Baokun Li

commit e21a2f17566cbd64926fb8f16323972f7a064444 upstream. The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks. Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240217081431.796809-1-libaokun1@huawei.com Acked-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/cachefiles/bind.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 4a717d400807..9b34d46bf8ee 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -249,6 +249,8 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) kmem_cache_free(cachefiles_object_jar, fsdef); error_root_object: cachefiles_end_secure(cache, saved_cred); + put_cred(cache->cache_cred); + cache->cache_cred = NULL; pr_err("Failed to register: %d\n", ret); return ret; } @@ -269,6 +271,7 @@ void cachefiles_daemon_unbind(struct cachefiles_cache *cache) dput(cache->graveyard); mntput(cache->mnt); + put_cred(cache->cache_cred); kfree(cache->rootdirname); kfree(cache->secctx); -- 2.31.1

1 year, 6 months

2
1
0 0

[PATCH] usb: serial: Add device ID for cp210x

by Cameron Williams

Add device ID for a (probably fake) CP2102 UART device. lsusb -v output: Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 1.10 bDeviceClass 0 [unknown] bDeviceSubClass 0 [unknown] bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x11ca VeriFone Inc idProduct 0x0212 Verifone USB to Printer bcdDevice 1.00 iManufacturer 1 Silicon Labs iProduct 2 Verifone USB to Printer iSerial 3 0001 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x0020 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 [unknown] bInterfaceProtocol 0 iInterface 2 Verifone USB to Printer Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Device Status: 0x0000 (Bus Powered) Signed-off-by: Cameron Williams <cang1(a)live.co.uk> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index 923e0ed85..d339d81f6 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -177,6 +177,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0xF004) }, /* Elan Digital Systems USBcount50 */ { USB_DEVICE(0x10C5, 0xEA61) }, /* Silicon Labs MobiData GPRS USB Modem */ { USB_DEVICE(0x10CE, 0xEA6A) }, /* Silicon Labs MobiData GPRS USB Modem 100EU */ + { USB_DEVICE(0x11CA, 0x0212) }, /* Verifone USB to Printer (UART, CP2102) */ { USB_DEVICE(0x12B8, 0xEC60) }, /* Link G4 ECU */ { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */ { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */ -- 2.43.1

1 year, 6 months

2
1
0 0

[PATCH v3 0/5] Pinephone video out fixes (flipping between two frames)

by Frank Oltmanns

On some pinephones the video output sometimes freezes (flips between two frames) [1]. It seems to be that the reason for this behaviour is that PLL-MIPI is outside its limits, and the GPU is not running at a fixed rate. In this patch series I propose the following changes: 1. sunxi-ng: Adhere to the following constraints given in the Allwinner A64 Manual regarding PLL-MIPI: * M/N <= 3 * (PLL_VIDEO0)/M >= 24MHz * 500MHz <= clockrate <= 1400MHz 2. Remove two operating points from the A64 DTS OPPs, so that the GPU runs at a fixed rate of 432 MHz. Note, that when pinning the GPU to 432 MHz the issue [1] completely disappears for me. I've searched the BSP and could not find any indication that supports the idea of having the three OPPs. The only frequency I found in the BPSs for A64 is 432 MHz, which has also proven stable for me. Another bigger change compared to the previous version is that I've removed the patch to adapt the XBD599 panel's timings to Allwinner A64's PLL-MIPI new constraints from this series. Mainly, because I'm currently evaluationg other options that may or may not work. (It may work at least until HDMI support is upstreamed.) I'll probably resend the patch at a later point in time. I very much appreciate your feedback! [1] https://gitlab.com/postmarketOS/pmaports/-/issues/805 Signed-off-by: Frank Oltmanns <frank(a)oltmanns.dev> --- Changes in v3: - dts: Pin GPU to 432 MHz. - nkm and a64: Move minimum and maximum rate handling to the common part of the sunxi-ng driver. - Removed st7703 patch from series. - Link to v2: https://lore.kernel.org/r/20240205-pinephone-pll-fixes-v2-0-96a46a2d8c9b@ol… Changes in v2: - dts: Increase minimum GPU frequency to 192 MHz. - nkm and a64: Add minimum and maximum rate for PLL-MIPI. - nkm: Use the same approach for skipping invalid rates in ccu_nkm_find_best() as in ccu_nkm_find_best_with_parent_adj(). - nkm: Improve names for ratio struct members and hence get rid of describing comments. - nkm and a64: Correct description in the commit messages: M/N <= 3 - Remove patches for nm as they were not needed. - st7703: Rework the commit message to cover more background for the change. - Link to v1: https://lore.kernel.org/r/20231218-pinephone-pll-fixes-v1-0-e238b6ed6dc1@ol… --- Frank Oltmanns (5): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI clk: sunxi-ng: nkm: Support constraints on m/n ratio and parent rate clk: sunxi-ng: a64: Add constraints on PLL-MIPI's n/m ratio and parent rate arm64: dts: allwinner: a64: Run GPU at 432 MHz arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 8 -------- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 14 +++++++++----- drivers/clk/sunxi-ng/ccu_common.c | 15 +++++++++++++++ drivers/clk/sunxi-ng/ccu_common.h | 3 +++ drivers/clk/sunxi-ng/ccu_nkm.c | 21 +++++++++++++++++++++ drivers/clk/sunxi-ng/ccu_nkm.h | 2 ++ 6 files changed, 50 insertions(+), 13 deletions(-) --- base-commit: 216c1282dde38ca87ebdf1ccacee5a0682901574 change-id: 20231218-pinephone-pll-fixes-0ccdfde273e4 Best regards, -- Frank Oltmanns <frank(a)oltmanns.dev>

1 year, 6 months

2
4
0 0

[PATCH 5.10/5.15/6.1 0/1] soundwire: stream: use consistent pattern for freeing buffers

by Daniil Dulov

Svacer reports NULL-pointer dereference and double free issues in do_bank_switch() in case sdw_ml_sync_bank_switch() returns an error not on the first iteration of the list_for_each_entry() loop. These problems are present in 5.10, 5.15 and 6.1 stable releases. These problems have been fixed by the following upstream patch that can be cleanly applied to 5.10, 5.15 and 6.1 branches.

1 year, 6 months

1
1
0 0

Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1

by Brennan Lamoreaux

Hi stable maintainers, The following patch in mainline is listed as a fix for CVE-2023-2176: 8d037973d48c026224ab285e6a06985ccac6f7bf (RDMA/core: Refactor rdma_bind_addr) And the following is a fix for a regression in the above patch: 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95 (RDMA/core: Update CMA destination address on rdma_resolve_addr) To my knowledge, at least back to v6.1 is vulnerable to this same bug. Since these should apply directly to 6.1.y, can these be picked up for that branch? Regards, Brennan

1 year, 6 months

3
7
0 0

[PATCH 6.1.y v2 0/6] Delay VERW - 6.1.y backport

by Pawan Gupta

v2: - Runtime patch jmp instead of verw in macro CLEAR_CPU_BUFFERS due to lack of relative addressing support in relocations in kernels <v6.5. - Rebased to v6.1.80 - Boot tested with KASLR and KPTI enabled. - Fixed warning: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction - Verified VERW being executed with mitigation ON, and not being executed with mitigation turned OFF. - Rebased to v6.1.80. v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-1-y-v1-0-b3a2c5b9b… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 1,2,5 and 6 needed conflict resolution. I saw a few new warnings: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction I tried using REACHABLE, but that did not fix the warning. For the below warning: vmlinux.o: warning: objtool: .altinstr_replacement+0x17: unsupported relocation in alternatives section not sure if this is related to this series or a pre-existing warning, I will check later without this series. I am not too concerned because the alternative did substitute verw correctly: entry_SYSCALL_64: ... 0xffffffff8200013d <+253>: swapgs 0xffffffff82000140 <+256>: verw 0xffffffff82000000 0xffffffff82000148 <+264>: sysretq 0xffffffff8200014b <+267>: int3 Cc: Dave Hansen <dave.hansen(a)linux.intel.com> To: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (5): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry.S | 23 ++++++++++++++++++++++ arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 27 +++++++++++++------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 12 ++++++++---- 13 files changed, 106 insertions(+), 46 deletions(-) --- base-commit: a3eb3a74aa8c94e6c8130b55f3b031f29162868c change-id: 20240226-delay-verw-backport-6-1-y-4b0cec84087c Best regards, -- Thanks, Pawan

1 year, 6 months

1
6
0 0

FAILED: patch "[PATCH] mptcp: push at DSS boundaries" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b9cd26f640a308ea314ad23532de9a8592cd09d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030448-walrus-tribunal-7b38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b9cd26f640a3 ("mptcp: push at DSS boundaries") 1094c6fe7280 ("mptcp: fix possible divide by zero") 8ce568ed06ce ("mptcp: drop tx skb cache") 4e14867d5e91 ("mptcp: tune re-injections for csum enabled mode") 2948d0a1e5ae ("mptcp: factor out __mptcp_retrans helper()") eaeef1ce55ec ("mptcp: fix memory accounting on allocation error") d489ded1a369 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9cd26f640a308ea314ad23532de9a8592cd09d2 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Feb 2024 17:14:14 +0100 Subject: [PATCH] mptcp: push at DSS boundaries when inserting not contiguous data in the subflow write queue, the protocol creates a new skb and prevent the TCP stack from merging it later with already queued skbs by setting the EOR marker. Still no push flag is explicitly set at the end of previous GSO packet, making the aggregation on the receiver side sub-optimal - and packetdrill self-tests less predictable. Explicitly mark the end of not contiguous DSS with the push flag. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240223-upstream-net-20240223-misc-fixes-v1-4-16… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 948606a537da..442fa7d9b57a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1260,6 +1260,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext = mptcp_get_ext(skb); if (!mptcp_skb_can_collapse_to(data_seq, skb, mpext)) { TCP_SKB_CB(skb)->eor = 1; + tcp_mark_push(tcp_sk(ssk), skb); goto alloc_skb; }

1 year, 6 months

3
2
0 0

How to increase conversions on your website?

by Ray Galt

Hi there! Are you interested in increasing your customer base through your company's website? We're transforming the virtual world into tangible profits by creating functional, responsive websites and profitable online stores, optimized for search engine rankings. Whether you need a simple website or a complex web application, our team of experts utilizes advanced tools to deliver fast and user-friendly products. Would you be interested in hearing more about what we can do for you in this regard? Best regards Ray Galt

1 year, 6 months

1
0
0 0

[PATCH v3] i2c: acpi: Unbind mux adapters before delete

by Hamish Martin

There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When this table is loaded we see the creation of a device for the overall PCA9548 chip and 8 further devices - one i2c_adapter each for the mux channels. These are all bound to their ACPI equivalents via an eventual invocation of acpi_bind_one(). When we unload the SSDT overlay we run into the problem. The ACPI devices are deleted as normal via acpi_device_del_work_fn() and the acpi_device_del_list. However, the following warning and stack trace is output as the deletion does not go smoothly: ------------[ cut here ]------------ kernfs: can not remove 'physical_node', no directory WARNING: CPU: 1 PID: 11 at fs/kernfs/dir.c:1674 kernfs_remove_by_name_ns+0xb9/0xc0 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u128:0 Not tainted 6.8.0-rc6+ #1 Hardware name: congatec AG conga-B7E3/conga-B7E3, BIOS 5.13 05/16/2023 Workqueue: kacpi_hotplug acpi_device_del_work_fn RIP: 0010:kernfs_remove_by_name_ns+0xb9/0xc0 Code: e4 00 48 89 ef e8 07 71 db ff 5b b8 fe ff ff ff 5d 41 5c 41 5d e9 a7 55 e4 00 0f 0b eb a6 48 c7 c7 f0 38 0d 9d e8 97 0a d5 ff <0f> 0b eb dc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffff9f864008fb28 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8ef90a8d4940 RCX: 0000000000000000 RDX: ffff8f000e267d10 RSI: ffff8f000e25c780 RDI: ffff8f000e25c780 RBP: ffff8ef9186f9870 R08: 0000000000013ffb R09: 00000000ffffbfff R10: 00000000ffffbfff R11: ffff8f000e0a0000 R12: ffff9f864008fb50 R13: ffff8ef90c93dd60 R14: ffff8ef9010d0958 R15: ffff8ef9186f98c8 FS: 0000000000000000(0000) GS:ffff8f000e240000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48f5253a08 CR3: 00000003cb82e000 CR4: 00000000003506f0 Call Trace: <TASK> ? kernfs_remove_by_name_ns+0xb9/0xc0 ? __warn+0x7c/0x130 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? report_bug+0x171/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? kernfs_remove_by_name_ns+0xb9/0xc0 acpi_unbind_one+0x108/0x180 device_del+0x18b/0x490 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_del_adapter.part.0+0x1bf/0x250 i2c_mux_del_adapters+0xa1/0xe0 i2c_device_remove+0x1e/0x80 device_release_driver_internal+0x19a/0x200 bus_remove_device+0xbf/0x100 device_del+0x157/0x490 ? __pfx_device_match_fwnode+0x10/0x10 ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_acpi_notify+0x10f/0x140 notifier_call_chain+0x58/0xd0 blocking_notifier_call_chain+0x3a/0x60 acpi_device_del_work_fn+0x85/0x1d0 process_one_work+0x134/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe3/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> ---[ end trace 0000000000000000 ]--- ... repeated 7 more times, 1 for each channel of the mux ... The issue is that the binding of the ACPI devices to their peer I2C adapters is not correctly cleaned up. Digging deeper into the issue we see that the deletion order is such that the ACPI devices matching the mux channel i2c adapters are deleted first during the SSDT overlay removal. For each of the channels we see a call to i2c_acpi_notify() with ACPI_RECONFIG_DEVICE_REMOVE but, because these devices are not actually i2c_clients, nothing is done for them. Later on, after each of the mux channels has been dealt with, we come to delete the i2c_client representing the PCA9548 device. This is the call stack we see above, whereby the kernel cleans up the i2c_client including destruction of the mux and its channel adapters. At this point we do attempt to unbind from the ACPI peers but those peers no longer exist and so we hit the kernfs errors. The fix is to augment i2c_acpi_notify() to handle i2c_adapters. But, given that the life cycle of the adapters is linked to the i2c_client, instead of deleting the i2c_adapters during the i2c_acpi_notify(), we just trigger unbinding of the ACPI device from the adapter device, and allow the clean up of the adapter to continue in the way it always has. Signed-off-by: Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)kernel.org> Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") Cc: <stable(a)vger.kernel.org> # v4.8+ --- drivers/i2c/i2c-core-acpi.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index d6037a328669..67fa8deccef6 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -445,6 +445,11 @@ static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev) return i2c_find_device_by_fwnode(acpi_fwnode_handle(adev)); } +static struct i2c_adapter *i2c_acpi_find_adapter_by_adev(struct acpi_device *adev) +{ + return i2c_find_adapter_by_fwnode(acpi_fwnode_handle(adev)); +} + static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, void *arg) { @@ -471,11 +476,17 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, break; client = i2c_acpi_find_client_by_adev(adev); - if (!client) - break; + if (client) { + i2c_unregister_device(client); + put_device(&client->dev); + } + + adapter = i2c_acpi_find_adapter_by_adev(adev); + if (adapter) { + acpi_device_notify_remove(&adapter->dev); + put_device(&adapter->dev); + } - i2c_unregister_device(client); - put_device(&client->dev); break; } -- 2.43.0

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: move __mptcp_error_report in protocol.c" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d5fbeff1ab812b6c473b6924bee8748469462e2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100421-divisible-bacterium-18b5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5fbeff1ab812b6c473b6924bee8748469462e2c Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:46 +0200 Subject: [PATCH] mptcp: move __mptcp_error_report in protocol.c This will simplify the next patch ("mptcp: process pending subflow error on close"). No functional change intended. Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a7fc16f5175d..915860027b1a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -770,6 +770,42 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) return moved; } +void __mptcp_error_report(struct sock *sk) +{ + struct mptcp_subflow_context *subflow; + struct mptcp_sock *msk = mptcp_sk(sk); + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + int err = sock_error(ssk); + int ssk_state; + + if (!err) + continue; + + /* only propagate errors on fallen-back sockets or + * on MPC connect + */ + if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) + continue; + + /* We need to propagate only transition to CLOSE state. + * Orphaned socket will see such state change via + * subflow_sched_work_if_closed() and that path will properly + * destroy the msk as needed. + */ + ssk_state = inet_sk_state_load(ssk); + if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) + inet_sk_state_store(sk, ssk_state); + WRITE_ONCE(sk->sk_err, -err); + + /* This barrier is coupled with smp_rmb() in mptcp_poll() */ + smp_wmb(); + sk_error_report(sk); + break; + } +} + /* In most cases we will be able to lock the mptcp socket. If its already * owned, we need to defer to the work queue to avoid ABBA deadlock. */ diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 9bf3c7bc1762..2f40c23fdb0d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1362,42 +1362,6 @@ void mptcp_space(const struct sock *ssk, int *space, int *full_space) *full_space = mptcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf)); } -void __mptcp_error_report(struct sock *sk) -{ - struct mptcp_subflow_context *subflow; - struct mptcp_sock *msk = mptcp_sk(sk); - - mptcp_for_each_subflow(msk, subflow) { - struct sock *ssk = mptcp_subflow_tcp_sock(subflow); - int err = sock_error(ssk); - int ssk_state; - - if (!err) - continue; - - /* only propagate errors on fallen-back sockets or - * on MPC connect - */ - if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) - continue; - - /* We need to propagate only transition to CLOSE state. - * Orphaned socket will see such state change via - * subflow_sched_work_if_closed() and that path will properly - * destroy the msk as needed. - */ - ssk_state = inet_sk_state_load(ssk); - if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) - inet_sk_state_store(sk, ssk_state); - WRITE_ONCE(sk->sk_err, -err); - - /* This barrier is coupled with smp_rmb() in mptcp_poll() */ - smp_wmb(); - sk_error_report(sk); - break; - } -} - static void subflow_error_report(struct sock *ssk) { struct sock *sk = mptcp_subflow_ctx(ssk)->conn;

1 year, 6 months

3
2
0 0

[PATCH 6.1.y] mptcp: continue marking the first subflow as UNCONNECTED

by Matthieu Baerts (NGI0)

After the 'Fixes' commit mentioned below, which is a partial backport, the MPTCP worker was no longer marking the first subflow as "UNCONNECTED" when the socket was transitioning to TCP_CLOSE state. As a result, in v6.1, it was no longer possible to reconnect to the just disconnected socket. Continue to do that like before, only for the first subflow. A few refactoring have been done around the 'msk->subflow' in later versions, and it looks like this is not needed to do that there, but still needed in v6.1. Without that, the 'disconnect' tests from the mptcp_connect.sh selftest fail: they repeat the transfer 3 times by reconnecting to the server each time. Fixes: 7857e35ef10e ("mptcp: get rid of msk->subflow") Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - This is specific to the 6.1 version having the partial backport. --- net/mptcp/protocol.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index cdabb00648bd2..125825db642cc 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2440,6 +2440,8 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, need_push = (flags & MPTCP_CF_PUSH) && __mptcp_retransmit_pending_data(sk); if (!dispose_it) { __mptcp_subflow_disconnect(ssk, subflow, flags); + if (msk->subflow && ssk == msk->subflow->sk) + msk->subflow->state = SS_UNCONNECTED; release_sock(ssk); goto out; -- 2.43.0

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030400-blooper-quaking-0f36@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 4a64981dfee9 ("mm/mempolicy: convert migrate_page_add() to migrate_folio_add()") 3dae02bbd07f ("mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()") de1f5055523e ("mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()") 07bb1fbaa2bb ("mm/damon/paddr: convert damon_pa_*() to use a folio") f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") 07e8c82b5eff ("madvise: convert madvise_cold_or_pageout_pte_range() to use folios") 18250e78f9c7 ("mm/damon/paddr: support DAMOS filters") fd3b1bc3c86e ("mm/madvise: fix madvise_pageout for private file mappings") 7438899b0b8d ("folio-compat: remove try_to_release_page()") 64ab3195ea07 ("khugepage: replace try_to_release_page() with filemap_release_folio()") ece62684dcfb ("hugetlbfs: convert hugetlb_delete_from_page_cache() to use folios") 241f68859656 ("mm/migrate_device.c: refactor migrate_vma and migrate_deivce_coherent_page()") 16ce101db85d ("mm/memory.c: fix race when faulting a device private page") fa27759af4a6 ("hugetlb: clean up code checking for fault/truncation races") c86272287bc6 ("hugetlb: create remove_inode_single_folio to remove single file folio") 7e1813d48dd3 ("hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030457-nineteen-synthesis-5112@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 4a64981dfee9 ("mm/mempolicy: convert migrate_page_add() to migrate_folio_add()") 3dae02bbd07f ("mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()") de1f5055523e ("mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()") 07bb1fbaa2bb ("mm/damon/paddr: convert damon_pa_*() to use a folio") f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") 07e8c82b5eff ("madvise: convert madvise_cold_or_pageout_pte_range() to use folios") 18250e78f9c7 ("mm/damon/paddr: support DAMOS filters") fd3b1bc3c86e ("mm/madvise: fix madvise_pageout for private file mappings") 7438899b0b8d ("folio-compat: remove try_to_release_page()") 64ab3195ea07 ("khugepage: replace try_to_release_page() with filemap_release_folio()") ece62684dcfb ("hugetlbfs: convert hugetlb_delete_from_page_cache() to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2774f256e7c0219e2b0a0894af1c76bdabc4f974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-recite-camera-0413@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 2774f256e7c0 ("mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2774f256e7c0219e2b0a0894af1c76bdabc4f974 Mon Sep 17 00:00:00 2001 From: Byungchul Park <byungchul(a)sk.com> Date: Fri, 16 Feb 2024 20:15:02 +0900 Subject: [PATCH] mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index cc9f2bcd73b4..c27b1f8097d4 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] iommufd/selftest: Fix mock_dev_num bug" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x fde372df96afddcda3ec94944351f2a14f7cd98d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-backlog-ouch-0e53@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: fde372df96af ("iommufd/selftest: Fix mock_dev_num bug") 47f2bd2ff382 ("iommufd/selftest: Check the bus type during probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fde372df96afddcda3ec94944351f2a14f7cd98d Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:46 -0800 Subject: [PATCH] iommufd/selftest: Fix mock_dev_num bug Syzkaller reported the following bug: sysfs: cannot create duplicate filename '/devices/iommufd_mock4' Call Trace: sysfs_warn_dup+0x71/0x90 sysfs_create_dir_ns+0x1ee/0x260 ? sysfs_create_mount_point+0x80/0x80 ? spin_bug+0x1d0/0x1d0 ? do_raw_spin_unlock+0x54/0x220 kobject_add_internal+0x221/0x970 kobject_add+0x11c/0x1e0 ? lockdep_hardirqs_on_prepare+0x273/0x3e0 ? kset_create_and_add+0x160/0x160 ? kobject_put+0x5d/0x390 ? bus_get_dev_root+0x4a/0x60 ? kobject_put+0x5d/0x390 device_add+0x1d5/0x1550 ? __fw_devlink_link_to_consumers.isra.0+0x1f0/0x1f0 ? __init_waitqueue_head+0xcb/0x150 iommufd_test+0x462/0x3b60 ? lock_release+0x1fe/0x640 ? __might_fault+0x117/0x170 ? reacquire_held_locks+0x4b0/0x4b0 ? iommufd_selftest_destroy+0xd0/0xd0 ? __might_fault+0xbe/0x170 iommufd_fops_ioctl+0x256/0x350 ? iommufd_option+0x180/0x180 ? __lock_acquire+0x1755/0x45f0 __x64_sys_ioctl+0xa13/0x1640 The bug is triggered when Syzkaller created multiple mock devices but didn't destroy them in the same sequence, messing up the mock_dev_num counter. Replace the atomic with an mock_dev_ida. Cc: stable(a)vger.kernel.org Fixes: 23a1b46f15d5 ("iommufd/selftest: Make the mock iommu driver into a real driver") Link: https://lore.kernel.org/r/5af41d5af6d5c013cc51de01427abb8141b3587e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 8abf9747773e..2bfe77bd351d 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -36,7 +36,7 @@ static struct mock_bus_type iommufd_mock_bus_type = { }, }; -static atomic_t mock_dev_num; +static DEFINE_IDA(mock_dev_ida); enum { MOCK_DIRTY_TRACK = 1, @@ -123,6 +123,7 @@ enum selftest_obj_type { struct mock_dev { struct device dev; unsigned long flags; + int id; }; struct selftest_obj { @@ -631,7 +632,7 @@ static void mock_dev_release(struct device *dev) { struct mock_dev *mdev = container_of(dev, struct mock_dev, dev); - atomic_dec(&mock_dev_num); + ida_free(&mock_dev_ida, mdev->id); kfree(mdev); } @@ -653,8 +654,12 @@ static struct mock_dev *mock_dev_create(unsigned long dev_flags) mdev->dev.release = mock_dev_release; mdev->dev.bus = &iommufd_mock_bus_type.bus; - rc = dev_set_name(&mdev->dev, "iommufd_mock%u", - atomic_inc_return(&mock_dev_num)); + rc = ida_alloc(&mock_dev_ida, GFP_KERNEL); + if (rc < 0) + goto err_put; + mdev->id = rc; + + rc = dev_set_name(&mdev->dev, "iommufd_mock%u", mdev->id); if (rc) goto err_put;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] iommufd/selftest: Fix mock_dev_num bug" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fde372df96afddcda3ec94944351f2a14f7cd98d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030420-fester-semester-873a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fde372df96af ("iommufd/selftest: Fix mock_dev_num bug") 47f2bd2ff382 ("iommufd/selftest: Check the bus type during probe") 65fe32f7a447 ("iommufd/selftest: Add nested domain allocation for mock domain") 2bdabb8e82f5 ("iommu: Pass in parent domain with user_data to domain_alloc_user op") 9744a7ab62cc ("iommufd: Rename IOMMUFD_OBJ_HW_PAGETABLE to IOMMUFD_OBJ_HWPT_PAGING") 266ce58989ba ("iommufd/selftest: Test IOMMU_HWPT_ALLOC_DIRTY_TRACKING") e04b23c8d4ed ("iommufd/selftest: Expand mock_domain with dev_flags") 421a511a293f ("iommu/amd: Access/Dirty bit support in IOPTEs") 134288158a41 ("iommu/amd: Add domain_alloc_user based domain allocation") e2a4b2947849 ("iommufd: Add IOMMU_HWPT_SET_DIRTY_TRACKING") 750e2e902b71 ("iommu: Add iommu_domain ops for dirty tracking") c97d1b20d383 ("iommu/vt-d: Add domain_alloc_user op") 408663619fcf ("iommufd/selftest: Add domain_alloc_user() support in iommu mock") 4ff542163397 ("iommufd: Support allocating nested parent domain") 89d63875d80e ("iommufd: Flow user flags for domain allocation to domain_alloc_user()") 7975b722087f ("iommufd: Use the domain_alloc_user() op for domain allocation") 909f4abd1097 ("iommu: Add new iommu op to create domains owned by userspace") bb812e0069ce ("iommufd/selftest: Iterate idev_ids in mock_domain's alloc_hwpt test") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fde372df96afddcda3ec94944351f2a14f7cd98d Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:46 -0800 Subject: [PATCH] iommufd/selftest: Fix mock_dev_num bug Syzkaller reported the following bug: sysfs: cannot create duplicate filename '/devices/iommufd_mock4' Call Trace: sysfs_warn_dup+0x71/0x90 sysfs_create_dir_ns+0x1ee/0x260 ? sysfs_create_mount_point+0x80/0x80 ? spin_bug+0x1d0/0x1d0 ? do_raw_spin_unlock+0x54/0x220 kobject_add_internal+0x221/0x970 kobject_add+0x11c/0x1e0 ? lockdep_hardirqs_on_prepare+0x273/0x3e0 ? kset_create_and_add+0x160/0x160 ? kobject_put+0x5d/0x390 ? bus_get_dev_root+0x4a/0x60 ? kobject_put+0x5d/0x390 device_add+0x1d5/0x1550 ? __fw_devlink_link_to_consumers.isra.0+0x1f0/0x1f0 ? __init_waitqueue_head+0xcb/0x150 iommufd_test+0x462/0x3b60 ? lock_release+0x1fe/0x640 ? __might_fault+0x117/0x170 ? reacquire_held_locks+0x4b0/0x4b0 ? iommufd_selftest_destroy+0xd0/0xd0 ? __might_fault+0xbe/0x170 iommufd_fops_ioctl+0x256/0x350 ? iommufd_option+0x180/0x180 ? __lock_acquire+0x1755/0x45f0 __x64_sys_ioctl+0xa13/0x1640 The bug is triggered when Syzkaller created multiple mock devices but didn't destroy them in the same sequence, messing up the mock_dev_num counter. Replace the atomic with an mock_dev_ida. Cc: stable(a)vger.kernel.org Fixes: 23a1b46f15d5 ("iommufd/selftest: Make the mock iommu driver into a real driver") Link: https://lore.kernel.org/r/5af41d5af6d5c013cc51de01427abb8141b3587e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 8abf9747773e..2bfe77bd351d 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -36,7 +36,7 @@ static struct mock_bus_type iommufd_mock_bus_type = { }, }; -static atomic_t mock_dev_num; +static DEFINE_IDA(mock_dev_ida); enum { MOCK_DIRTY_TRACK = 1, @@ -123,6 +123,7 @@ enum selftest_obj_type { struct mock_dev { struct device dev; unsigned long flags; + int id; }; struct selftest_obj { @@ -631,7 +632,7 @@ static void mock_dev_release(struct device *dev) { struct mock_dev *mdev = container_of(dev, struct mock_dev, dev); - atomic_dec(&mock_dev_num); + ida_free(&mock_dev_ida, mdev->id); kfree(mdev); } @@ -653,8 +654,12 @@ static struct mock_dev *mock_dev_create(unsigned long dev_flags) mdev->dev.release = mock_dev_release; mdev->dev.bus = &iommufd_mock_bus_type.bus; - rc = dev_set_name(&mdev->dev, "iommufd_mock%u", - atomic_inc_return(&mock_dev_num)); + rc = ida_alloc(&mock_dev_ida, GFP_KERNEL); + if (rc < 0) + goto err_put; + mdev->id = rc; + + rc = dev_set_name(&mdev->dev, "iommufd_mock%u", mdev->id); if (rc) goto err_put;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] iommufd: Fix protection fault in iommufd_test_syz_conv_iova" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cf7c2789822db8b5efa34f5ebcf1621bc0008d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030407-headway-blustery-23f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cf7c2789822d ("iommufd: Fix protection fault in iommufd_test_syz_conv_iova") bd7a282650b8 ("iommufd: Add iommufd_ctx to iommufd_put_object()") 65fe32f7a447 ("iommufd/selftest: Add nested domain allocation for mock domain") 2bdabb8e82f5 ("iommu: Pass in parent domain with user_data to domain_alloc_user op") b5021cb264e6 ("iommufd: Share iommufd_hwpt_alloc with IOMMUFD_OBJ_HWPT_NESTED") 89db31635c87 ("iommufd: Derive iommufd_hwpt_paging from iommufd_hw_pagetable") 58d84f430dc7 ("iommufd/device: Wrap IOMMUFD_OBJ_HWPT_PAGING-only configurations") 9744a7ab62cc ("iommufd: Rename IOMMUFD_OBJ_HW_PAGETABLE to IOMMUFD_OBJ_HWPT_PAGING") 2ccabf81ddff ("iommufd: Only enforce cache coherency in iommufd_hw_pagetable_alloc") a9af47e382a4 ("iommufd/selftest: Test IOMMU_HWPT_GET_DIRTY_BITMAP") 7adf267d66d1 ("iommufd/selftest: Test IOMMU_HWPT_SET_DIRTY_TRACKING") 266ce58989ba ("iommufd/selftest: Test IOMMU_HWPT_ALLOC_DIRTY_TRACKING") e04b23c8d4ed ("iommufd/selftest: Expand mock_domain with dev_flags") 421a511a293f ("iommu/amd: Access/Dirty bit support in IOPTEs") 134288158a41 ("iommu/amd: Add domain_alloc_user based domain allocation") b9a60d6f850e ("iommufd: Add IOMMU_HWPT_GET_DIRTY_BITMAP") e2a4b2947849 ("iommufd: Add IOMMU_HWPT_SET_DIRTY_TRACKING") 5f9bdbf4c658 ("iommufd: Add a flag to enforce dirty tracking on attach") 750e2e902b71 ("iommu: Add iommu_domain ops for dirty tracking") b5f9e63278d6 ("iommufd: Correct IOMMU_HWPT_ALLOC_NEST_PARENT description") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf7c2789822db8b5efa34f5ebcf1621bc0008d48 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Thu, 22 Feb 2024 13:23:47 -0800 Subject: [PATCH] iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] Call Trace: lock_acquire lock_acquire+0x1ce/0x4f0 down_read+0x93/0x4a0 iommufd_test_syz_conv_iova+0x56/0x1f0 iommufd_test_access_rw.isra.0+0x2ec/0x390 iommufd_test+0x1058/0x1e30 iommufd_fops_ioctl+0x381/0x510 vfs_ioctl __do_sys_ioctl __se_sys_ioctl __x64_sys_ioctl+0x170/0x1e0 do_syscall_x64 do_syscall_64+0x71/0x140 This is because the new iommufd_access_change_ioas() sets access->ioas to NULL during its process, so the lock might be gone in a concurrent racing context. Fix this by doing the same access->ioas sanity as iommufd_access_rw() and iommufd_access_pin_pages() functions do. Cc: stable(a)vger.kernel.org Fixes: 9227da7816dd ("iommufd: Add iommufd_access_change_ioas(_id) helpers") Link: https://lore.kernel.org/r/3f1932acaf1dd494d404c04364d73ce8f57f3e5e.17086366… Reported-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c index 2bfe77bd351d..d59e199a8705 100644 --- a/drivers/iommu/iommufd/selftest.c +++ b/drivers/iommu/iommufd/selftest.c @@ -63,8 +63,8 @@ enum { * In syzkaller mode the 64 bit IOVA is converted into an nth area and offset * value. This has a much smaller randomization space and syzkaller can hit it. */ -static unsigned long iommufd_test_syz_conv_iova(struct io_pagetable *iopt, - u64 *iova) +static unsigned long __iommufd_test_syz_conv_iova(struct io_pagetable *iopt, + u64 *iova) { struct syz_layout { __u32 nth_area; @@ -88,6 +88,21 @@ static unsigned long iommufd_test_syz_conv_iova(struct io_pagetable *iopt, return 0; } +static unsigned long iommufd_test_syz_conv_iova(struct iommufd_access *access, + u64 *iova) +{ + unsigned long ret; + + mutex_lock(&access->ioas_lock); + if (!access->ioas) { + mutex_unlock(&access->ioas_lock); + return 0; + } + ret = __iommufd_test_syz_conv_iova(&access->ioas->iopt, iova); + mutex_unlock(&access->ioas_lock); + return ret; +} + void iommufd_test_syz_conv_iova_id(struct iommufd_ucmd *ucmd, unsigned int ioas_id, u64 *iova, u32 *flags) { @@ -100,7 +115,7 @@ void iommufd_test_syz_conv_iova_id(struct iommufd_ucmd *ucmd, ioas = iommufd_get_ioas(ucmd->ictx, ioas_id); if (IS_ERR(ioas)) return; - *iova = iommufd_test_syz_conv_iova(&ioas->iopt, iova); + *iova = __iommufd_test_syz_conv_iova(&ioas->iopt, iova); iommufd_put_object(ucmd->ictx, &ioas->obj); } @@ -1161,7 +1176,7 @@ static int iommufd_test_access_pages(struct iommufd_ucmd *ucmd, } if (flags & MOCK_FLAGS_ACCESS_SYZ) - iova = iommufd_test_syz_conv_iova(&staccess->access->ioas->iopt, + iova = iommufd_test_syz_conv_iova(staccess->access, &cmd->access_pages.iova); npages = (ALIGN(iova + length, PAGE_SIZE) - @@ -1263,8 +1278,8 @@ static int iommufd_test_access_rw(struct iommufd_ucmd *ucmd, } if (flags & MOCK_FLAGS_ACCESS_SYZ) - iova = iommufd_test_syz_conv_iova(&staccess->access->ioas->iopt, - &cmd->access_rw.iova); + iova = iommufd_test_syz_conv_iova(staccess->access, + &cmd->access_rw.iova); rc = iommufd_access_rw(staccess->access, iova, tmp, length, flags); if (rc)

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] riscv: Add a custom ISA extension for the [ms]envcfg CSR" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 4774848fef6041716a4883217eb75f6b10eb183b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030445-rants-grading-f698@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 4774848fef60 ("riscv: Add a custom ISA extension for the [ms]envcfg CSR") aec3353963b8 ("riscv: add ISA extension parsing for vector crypto") 0d8295ed975b ("riscv: add ISA extension parsing for scalar crypto") e45f463a9b01 ("riscv: add ISA extension parsing for Zbc") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4774848fef6041716a4883217eb75f6b10eb183b Mon Sep 17 00:00:00 2001 From: Samuel Holland <samuel.holland(a)sifive.com> Date: Tue, 27 Feb 2024 22:55:34 -0800 Subject: [PATCH] riscv: Add a custom ISA extension for the [ms]envcfg CSR The [ms]envcfg CSR was added in version 1.12 of the RISC-V privileged ISA (aka S[ms]1p12). However, bits in this CSR are defined by several other extensions which may be implemented separately from any particular version of the privileged ISA (for example, some unrelated errata may prevent an implementation from claiming conformance with Ss1p12). As a result, Linux cannot simply use the privileged ISA version to determine if the CSR is present. It must also check if any of these other extensions are implemented. It also cannot probe the existence of the CSR at runtime, because Linux does not require Sstrict, so (in the absence of additional information) it cannot know if a CSR at that address is [ms]envcfg or part of some non-conforming vendor extension. Since there are several standard extensions that imply the existence of the [ms]envcfg CSR, it becomes unwieldy to check for all of them wherever the CSR is accessed. Instead, define a custom Xlinuxenvcfg ISA extension bit that is implied by the other extensions and denotes that the CSR exists as defined in the privileged ISA, containing at least one of the fields common between menvcfg and senvcfg. This extension does not need to be parsed from the devicetree or ISA string because it can only be implemented as a subset of some other standard extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Conor Dooley <conor.dooley(a)microchip.com> Reviewed-by: Andrew Jones <ajones(a)ventanamicro.com> Link: https://lore.kernel.org/r/20240228065559.3434837-3-samuel.holland@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..1f2d2599c655 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -81,6 +81,8 @@ #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_XLINUXENVCFG 127 + #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..dacffef68ce2 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -201,6 +201,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +/* + * While the [ms]envcfg CSRs were not defined until version 1.12 of the RISC-V + * privileged ISA, the existence of the CSRs is implied by any extension which + * specifies [ms]envcfg bit(s). Hence, we define a custom ISA extension for the + * existence of the CSR, and treat it as a subset of those other extensions. + */ +static const unsigned int riscv_xlinuxenvcfg_exts[] = { + RISCV_ISA_EXT_XLINUXENVCFG +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -250,8 +260,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(c, RISCV_ISA_EXT_c), __RISCV_ISA_EXT_DATA(v, RISCV_ISA_EXT_v), __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h), - __RISCV_ISA_EXT_DATA(zicbom, RISCV_ISA_EXT_ZICBOM), - __RISCV_ISA_EXT_DATA(zicboz, RISCV_ISA_EXT_ZICBOZ), + __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM, riscv_xlinuxenvcfg_exts), + __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ, riscv_xlinuxenvcfg_exts), __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR), __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND), __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR),

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030412-frisbee-unframed-7c15@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") 043cb41a85de ("riscv: introduce interfaces to patch kernel code") 6bd33e1ece52 ("riscv: add nommu support") a4c3733d32a7 ("riscv: abstract out CSR names for supervisor vs machine mode") 0c3ac28931d5 ("riscv: separate MMIO functions into their own header file") 00a5bf3a8ca3 ("RISC-V: Add PCIe I/O BAR memory mapping") 1e1ac1cb651a ("Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] riscv: add CALLER_ADDRx support" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 680341382da56bd192ebfa4e58eaf4fec2e5bca7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030411-default-joylessly-3437@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 680341382da5 ("riscv: add CALLER_ADDRx support") 7ce047715030 ("riscv: Workaround mcount name prior to clang-13") 2f095504f4b9 ("scripts/recordmcount.pl: Fix RISC-V regex for clang") 5ad84adf5456 ("riscv: Fixup patch_text panic in ftrace") 67d945778099 ("riscv: Fixup wrong ftrace remove cflag") 043cb41a85de ("riscv: introduce interfaces to patch kernel code") 6bd33e1ece52 ("riscv: add nommu support") a4c3733d32a7 ("riscv: abstract out CSR names for supervisor vs machine mode") 0c3ac28931d5 ("riscv: separate MMIO functions into their own header file") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680341382da56bd192ebfa4e58eaf4fec2e5bca7 Mon Sep 17 00:00:00 2001 From: Zong Li <zong.li(a)sifive.com> Date: Fri, 2 Feb 2024 01:51:02 +0000 Subject: [PATCH] riscv: add CALLER_ADDRx support CALLER_ADDRx returns caller's address at specified level, they are used for several tracers. These macros eventually use __builtin_return_address(n) to get the caller's address if arch doesn't define their own implementation. In RISC-V, __builtin_return_address(n) only works when n == 0, we need to walk the stack frame to get the caller's address at specified level. data.level started from 'level + 3' due to the call flow of getting caller's address in RISC-V implementation. If we don't have additional three iteration, the level is corresponding to follows: callsite -> return_address -> arch_stack_walk -> walk_stackframe | | | | level 3 level 2 level 1 level 0 Fixes: 10626c32e382 ("riscv/ftrace: Add basic support") Cc: stable(a)vger.kernel.org Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Zong Li <zong.li(a)sifive.com> Link: https://lore.kernel.org/r/20240202015102.26251-1-zong.li@sifive.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h index 329172122952..15055f9df4da 100644 --- a/arch/riscv/include/asm/ftrace.h +++ b/arch/riscv/include/asm/ftrace.h @@ -25,6 +25,11 @@ #define ARCH_SUPPORTS_FTRACE_OPS 1 #ifndef __ASSEMBLY__ + +extern void *return_address(unsigned int level); + +#define ftrace_return_address(n) return_address(n) + void MCOUNT_NAME(void); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index f71910718053..604d6bf7e476 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -7,6 +7,7 @@ ifdef CONFIG_FTRACE CFLAGS_REMOVE_ftrace.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_patch.o = $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_sbi.o = $(CC_FLAGS_FTRACE) +CFLAGS_REMOVE_return_address.o = $(CC_FLAGS_FTRACE) endif CFLAGS_syscall_table.o += $(call cc-option,-Wno-override-init,) CFLAGS_compat_syscall_table.o += $(call cc-option,-Wno-override-init,) @@ -46,6 +47,7 @@ obj-y += irq.o obj-y += process.o obj-y += ptrace.o obj-y += reset.o +obj-y += return_address.o obj-y += setup.o obj-y += signal.o obj-y += syscall_table.o diff --git a/arch/riscv/kernel/return_address.c b/arch/riscv/kernel/return_address.c new file mode 100644 index 000000000000..c8115ec8fb30 --- /dev/null +++ b/arch/riscv/kernel/return_address.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This code come from arch/arm64/kernel/return_address.c + * + * Copyright (C) 2023 SiFive. + */ + +#include <linux/export.h> +#include <linux/kprobes.h> +#include <linux/stacktrace.h> + +struct return_address_data { + unsigned int level; + void *addr; +}; + +static bool save_return_addr(void *d, unsigned long pc) +{ + struct return_address_data *data = d; + + if (!data->level) { + data->addr = (void *)pc; + return false; + } + + --data->level; + + return true; +} +NOKPROBE_SYMBOL(save_return_addr); + +noinline void *return_address(unsigned int level) +{ + struct return_address_data data; + + data.level = level + 3; + data.addr = NULL; + + arch_stack_walk(save_return_addr, &data, current, NULL); + + if (!data.level) + return data.addr; + else + return NULL; + +} +EXPORT_SYMBOL_GPL(return_address); +NOKPROBE_SYMBOL(return_address);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: fix PHY init clock stability" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8e9f25a290ae0016353c9ea13314c95fb3207812 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030401-cushy-sterility-1d74@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8e9f25a290ae ("mmc: sdhci-xenon: fix PHY init clock stability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e9f25a290ae0016353c9ea13314c95fb3207812 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 22:09:30 +0200 Subject: [PATCH] mmc: sdhci-xenon: fix PHY init clock stability Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222200930.1277665-1-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: fix PHY init clock stability" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8e9f25a290ae0016353c9ea13314c95fb3207812 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030400-debate-conclude-99e5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8e9f25a290ae ("mmc: sdhci-xenon: fix PHY init clock stability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e9f25a290ae0016353c9ea13314c95fb3207812 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 22:09:30 +0200 Subject: [PATCH] mmc: sdhci-xenon: fix PHY init clock stability Each time SD/mmc phy is initialized, at times, in some of the attempts, phy fails to completes its initialization which results into timeout error. Per the HW spec, it is a pre-requisite to ensure a stable SD clock before a phy initialization is attempted. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222200930.1277665-1-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index 8cf3a375de65..c3096230a969 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -11,6 +11,7 @@ #include <linux/slab.h> #include <linux/delay.h> #include <linux/ktime.h> +#include <linux/iopoll.h> #include <linux/of_address.h> #include "sdhci-pltfm.h" @@ -216,6 +217,19 @@ static int xenon_alloc_emmc_phy(struct sdhci_host *host) return 0; } +static int xenon_check_stability_internal_clk(struct sdhci_host *host) +{ + u32 reg; + int err; + + err = read_poll_timeout(sdhci_readw, reg, reg & SDHCI_CLOCK_INT_STABLE, + 1100, 20000, false, host, SDHCI_CLOCK_CONTROL); + if (err) + dev_err(mmc_dev(host->mmc), "phy_init: Internal clock never stabilized.\n"); + + return err; +} + /* * eMMC 5.0/5.1 PHY init/re-init. * eMMC PHY init should be executed after: @@ -232,6 +246,11 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) struct xenon_priv *priv = sdhci_pltfm_priv(pltfm_host); struct xenon_emmc_phy_regs *phy_regs = priv->emmc_phy_regs; + int ret = xenon_check_stability_internal_clk(host); + + if (ret) + return ret; + reg = sdhci_readl(host, phy_regs->timing_adj); reg |= XENON_PHY_INITIALIZAION; sdhci_writel(host, reg, phy_regs->timing_adj);

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: add timeout for PHY init complete" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030409-purchase-uselessly-906f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 09e23823ae9a ("mmc: sdhci-xenon: add timeout for PHY init complete") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 21:17:14 +0200 Subject: [PATCH] mmc: sdhci-xenon: add timeout for PHY init complete AC5X spec says PHY init complete bit must be polled until zero. We see cases in which timeout can take longer than the standard calculation on AC5X, which is expected following the spec comment above. According to the spec, we must wait as long as it takes for that bit to toggle on AC5X. Cap that with 100 delay loops so we won't get stuck forever. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222191714.1216470-3-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index c3096230a969..cc9d28b75eb9 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -110,6 +110,8 @@ #define XENON_EMMC_PHY_LOGIC_TIMING_ADJUST (XENON_EMMC_PHY_REG_BASE + 0x18) #define XENON_LOGIC_TIMING_VALUE 0x00AA8977 +#define XENON_MAX_PHY_TIMEOUT_LOOPS 100 + /* * List offset of PHY registers and some special register values * in eMMC PHY 5.0 or eMMC PHY 5.1 @@ -278,18 +280,27 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) /* get the wait time */ wait /= clock; wait++; - /* wait for host eMMC PHY init completes */ - udelay(wait); - reg = sdhci_readl(host, phy_regs->timing_adj); - reg &= XENON_PHY_INITIALIZAION; - if (reg) { + /* + * AC5X spec says bit must be polled until zero. + * We see cases in which timeout can take longer + * than the standard calculation on AC5X, which is + * expected following the spec comment above. + * According to the spec, we must wait as long as + * it takes for that bit to toggle on AC5X. + * Cap that with 100 delay loops so we won't get + * stuck here forever: + */ + + ret = read_poll_timeout(sdhci_readl, reg, + !(reg & XENON_PHY_INITIALIZAION), + wait, XENON_MAX_PHY_TIMEOUT_LOOPS * wait, + false, host, phy_regs->timing_adj); + if (ret) dev_err(mmc_dev(host->mmc), "eMMC PHY init cannot complete after %d us\n", - wait); - return -ETIMEDOUT; - } + wait * XENON_MAX_PHY_TIMEOUT_LOOPS); - return 0; + return ret; } #define ARMADA_3700_SOC_PAD_1_8V 0x1

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-xenon: add timeout for PHY init complete" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030408-hyphen-moonwalk-5e0e@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 09e23823ae9a ("mmc: sdhci-xenon: add timeout for PHY init complete") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09e23823ae9a3e2d5d20f2e1efe0d6e48cef9129 Mon Sep 17 00:00:00 2001 From: Elad Nachman <enachman(a)marvell.com> Date: Thu, 22 Feb 2024 21:17:14 +0200 Subject: [PATCH] mmc: sdhci-xenon: add timeout for PHY init complete AC5X spec says PHY init complete bit must be polled until zero. We see cases in which timeout can take longer than the standard calculation on AC5X, which is expected following the spec comment above. According to the spec, we must wait as long as it takes for that bit to toggle on AC5X. Cap that with 100 delay loops so we won't get stuck forever. Fixes: 06c8b667ff5b ("mmc: sdhci-xenon: Add support to PHYs of Marvell Xenon SDHC") Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Elad Nachman <enachman(a)marvell.com> Link: https://lore.kernel.org/r/20240222191714.1216470-3-enachman@marvell.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c index c3096230a969..cc9d28b75eb9 100644 --- a/drivers/mmc/host/sdhci-xenon-phy.c +++ b/drivers/mmc/host/sdhci-xenon-phy.c @@ -110,6 +110,8 @@ #define XENON_EMMC_PHY_LOGIC_TIMING_ADJUST (XENON_EMMC_PHY_REG_BASE + 0x18) #define XENON_LOGIC_TIMING_VALUE 0x00AA8977 +#define XENON_MAX_PHY_TIMEOUT_LOOPS 100 + /* * List offset of PHY registers and some special register values * in eMMC PHY 5.0 or eMMC PHY 5.1 @@ -278,18 +280,27 @@ static int xenon_emmc_phy_init(struct sdhci_host *host) /* get the wait time */ wait /= clock; wait++; - /* wait for host eMMC PHY init completes */ - udelay(wait); - reg = sdhci_readl(host, phy_regs->timing_adj); - reg &= XENON_PHY_INITIALIZAION; - if (reg) { + /* + * AC5X spec says bit must be polled until zero. + * We see cases in which timeout can take longer + * than the standard calculation on AC5X, which is + * expected following the spec comment above. + * According to the spec, we must wait as long as + * it takes for that bit to toggle on AC5X. + * Cap that with 100 delay loops so we won't get + * stuck here forever: + */ + + ret = read_poll_timeout(sdhci_readl, reg, + !(reg & XENON_PHY_INITIALIZAION), + wait, XENON_MAX_PHY_TIMEOUT_LOOPS * wait, + false, host, phy_regs->timing_adj); + if (ret) dev_err(mmc_dev(host->mmc), "eMMC PHY init cannot complete after %d us\n", - wait); - return -ETIMEDOUT; - } + wait * XENON_MAX_PHY_TIMEOUT_LOOPS); - return 0; + return ret; } #define ARMADA_3700_SOC_PAD_1_8V 0x1

1 year, 6 months

1
0
0 0

[PATCH regression fix] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume

by Hans de Goede

When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the device has already been turned off by the runtime-suspend handler and if configured for wakeup and the device is runtime-suspended at this point then it is not turned back on to serve as a wakeup source. Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable the regulators which as a side effect made calling poweroff() twice ok. Now that poweroff() correctly disables the regulators, doing this twice triggers a WARN() in the regulator core: unbalanced disables for regulator-dummy WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable ... Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if already runtime-suspended and add a poweron() call when necessary to make wakeup work. lis3lv02d_i2c_resume() has similar issues, with an added weirness that it always powers on the device if it is runtime suspended, after which the first runtime-resume will call poweron() again, causing the enabled count for the regulator to increase by 1 every suspend/resume. These unbalanced regulator_enable() calls cause the regulator to never be turned off and trigger the following WARN() on driver unbind: WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put Fix this by making lis3lv02d_i2c_resume() mirror the new suspend(). Fixes: b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback") Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/regressions/5fc6da74-af0a-4aac-b4d5-a000b39a63a5@mo… Cc: stable(a)vger.kernel.org Cc: regressions(a)lists.linux.dev Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c index c6eb27d46cb0..15119584473c 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c +++ b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c @@ -198,8 +198,14 @@ static int lis3lv02d_i2c_suspend(struct device *dev) struct i2c_client *client = to_i2c_client(dev); struct lis3lv02d *lis3 = i2c_get_clientdata(client); - if (!lis3->pdata || !lis3->pdata->wakeup_flags) + /* Turn on for wakeup if turned off by runtime suspend */ + if (lis3->pdata && lis3->pdata->wakeup_flags) { + if (pm_runtime_suspended(dev)) + lis3lv02d_poweron(lis3); + /* For non wakeup turn off if not already turned off by runtime suspend */ + } else if (!pm_runtime_suspended(dev)) lis3lv02d_poweroff(lis3); + return 0; } @@ -208,13 +214,12 @@ static int lis3lv02d_i2c_resume(struct device *dev) struct i2c_client *client = to_i2c_client(dev); struct lis3lv02d *lis3 = i2c_get_clientdata(client); - /* - * pm_runtime documentation says that devices should always - * be powered on at resume. Pm_runtime turns them off after system - * wide resume is complete. - */ - if (!lis3->pdata || !lis3->pdata->wakeup_flags || - pm_runtime_suspended(dev)) + /* Turn back off if turned on for wakeup and runtime suspended*/ + if (lis3->pdata && lis3->pdata->wakeup_flags) { + if (pm_runtime_suspended(dev)) + lis3lv02d_poweroff(lis3); + /* For non wakeup turn back on if not runtime suspended */ + } else if (!pm_runtime_suspended(dev)) lis3lv02d_poweron(lis3); return 0; -- 2.43.0

1 year, 6 months

4
4
0 0

FAILED: patch "[PATCH] ceph: switch to corrected encoding of max_xattr_size in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 51d31149a88b5c5a8d2d33f06df93f6187a25b4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030406-ambiguity-strict-2ed2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 51d31149a88b ("ceph: switch to corrected encoding of max_xattr_size in mdsmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51d31149a88b5c5a8d2d33f06df93f6187a25b4c Mon Sep 17 00:00:00 2001 From: Xiubo Li <xiubli(a)redhat.com> Date: Mon, 19 Feb 2024 13:14:32 +0800 Subject: [PATCH] ceph: switch to corrected encoding of max_xattr_size in mdsmap The addition of bal_rank_mask with encoding version 17 was merged into ceph.git in Oct 2022 and made it into v18.2.0 release normally. A few months later, the much delayed addition of max_xattr_size got merged, also with encoding version 17, placed before bal_rank_mask in the encoding -- but it didn't make v18.2.0 release. The way this ended up being resolved on the MDS side is that bal_rank_mask will continue to be encoded in version 17 while max_xattr_size is now encoded in version 18. This does mean that older kernels will misdecode version 17, but this is also true for v18.2.0 and v18.2.1 clients in userspace. The best we can do is backport this adjustment -- see ceph.git commit 78abfeaff27fee343fb664db633de5b221699a73 for details. [ idryomov: changelog ] Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/64440 Fixes: d93231a6bc8a ("ceph: prevent a client from exceeding the MDS maximum xattr size") Signed-off-by: Xiubo Li <xiubli(a)redhat.com> Reviewed-by: Patrick Donnelly <pdonnell(a)ibm.com> Reviewed-by: Venky Shankar <vshankar(a)redhat.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index fae97c25ce58..8109aba66e02 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -380,10 +380,11 @@ struct ceph_mdsmap *ceph_mdsmap_decode(struct ceph_mds_client *mdsc, void **p, ceph_decode_skip_8(p, end, bad_ext); /* required_client_features */ ceph_decode_skip_set(p, end, 64, bad_ext); + /* bal_rank_mask */ + ceph_decode_skip_string(p, end, bad_ext); + } + if (mdsmap_ev >= 18) { ceph_decode_64_safe(p, end, m->m_max_xattr_size, bad_ext); - } else { - /* This forces the usage of the (sync) SETXATTR Op */ - m->m_max_xattr_size = 0; } bad_ext: doutc(cl, "m_enabled: %d, m_damaged: %d, m_num_laggy: %d\n", diff --git a/fs/ceph/mdsmap.h b/fs/ceph/mdsmap.h index 89f1931f1ba6..1f2171dd01bf 100644 --- a/fs/ceph/mdsmap.h +++ b/fs/ceph/mdsmap.h @@ -27,7 +27,11 @@ struct ceph_mdsmap { u32 m_session_timeout; /* seconds */ u32 m_session_autoclose; /* seconds */ u64 m_max_file_size; - u64 m_max_xattr_size; /* maximum size for xattrs blob */ + /* + * maximum size for xattrs blob. + * Zeroed by default to force the usage of the (sync) SETXATTR Op. + */ + u64 m_max_xattr_size; u32 m_max_mds; /* expected up:active mds number */ u32 m_num_active_mds; /* actual up:active mds number */ u32 possible_max_rank; /* possible max rank index */

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] ceph: switch to corrected encoding of max_xattr_size in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51d31149a88b5c5a8d2d33f06df93f6187a25b4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030405-life-despair-ad2e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 51d31149a88b ("ceph: switch to corrected encoding of max_xattr_size in mdsmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51d31149a88b5c5a8d2d33f06df93f6187a25b4c Mon Sep 17 00:00:00 2001 From: Xiubo Li <xiubli(a)redhat.com> Date: Mon, 19 Feb 2024 13:14:32 +0800 Subject: [PATCH] ceph: switch to corrected encoding of max_xattr_size in mdsmap The addition of bal_rank_mask with encoding version 17 was merged into ceph.git in Oct 2022 and made it into v18.2.0 release normally. A few months later, the much delayed addition of max_xattr_size got merged, also with encoding version 17, placed before bal_rank_mask in the encoding -- but it didn't make v18.2.0 release. The way this ended up being resolved on the MDS side is that bal_rank_mask will continue to be encoded in version 17 while max_xattr_size is now encoded in version 18. This does mean that older kernels will misdecode version 17, but this is also true for v18.2.0 and v18.2.1 clients in userspace. The best we can do is backport this adjustment -- see ceph.git commit 78abfeaff27fee343fb664db633de5b221699a73 for details. [ idryomov: changelog ] Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/64440 Fixes: d93231a6bc8a ("ceph: prevent a client from exceeding the MDS maximum xattr size") Signed-off-by: Xiubo Li <xiubli(a)redhat.com> Reviewed-by: Patrick Donnelly <pdonnell(a)ibm.com> Reviewed-by: Venky Shankar <vshankar(a)redhat.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index fae97c25ce58..8109aba66e02 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -380,10 +380,11 @@ struct ceph_mdsmap *ceph_mdsmap_decode(struct ceph_mds_client *mdsc, void **p, ceph_decode_skip_8(p, end, bad_ext); /* required_client_features */ ceph_decode_skip_set(p, end, 64, bad_ext); + /* bal_rank_mask */ + ceph_decode_skip_string(p, end, bad_ext); + } + if (mdsmap_ev >= 18) { ceph_decode_64_safe(p, end, m->m_max_xattr_size, bad_ext); - } else { - /* This forces the usage of the (sync) SETXATTR Op */ - m->m_max_xattr_size = 0; } bad_ext: doutc(cl, "m_enabled: %d, m_damaged: %d, m_num_laggy: %d\n", diff --git a/fs/ceph/mdsmap.h b/fs/ceph/mdsmap.h index 89f1931f1ba6..1f2171dd01bf 100644 --- a/fs/ceph/mdsmap.h +++ b/fs/ceph/mdsmap.h @@ -27,7 +27,11 @@ struct ceph_mdsmap { u32 m_session_timeout; /* seconds */ u32 m_session_autoclose; /* seconds */ u64 m_max_file_size; - u64 m_max_xattr_size; /* maximum size for xattrs blob */ + /* + * maximum size for xattrs blob. + * Zeroed by default to force the usage of the (sync) SETXATTR Op. + */ + u64 m_max_xattr_size; u32 m_max_mds; /* expected up:active mds number */ u32 m_num_active_mds; /* actual up:active mds number */ u32 possible_max_rank; /* possible max rank index */

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030457-stalemate-feast-3b12@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") fe8d33bd33d5 ("mmc: mmci_sdmmc: fix DMA API warning overlapping mappings") 127e6e98ca9b ("mmc: mmci_sdmmc: Replace sg_dma_xxx macros") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-crudeness-popcorn-ce16@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b1ba3f9040be5efc4396d86c9752cdc564730be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030453-spectacle-evade-eaed@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b1ba3f9040b ("mmc: mmci: stm32: fix DMA API overlapping mappings warning") 970dc9c11a17 ("mmc: mmci: stm32: use a buffer for unaligned DMA requests") 0d319dd5a271 ("mmc: mmci: stm32: correctly check all elements of sg list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b1ba3f9040be5efc4396d86c9752cdc564730be Mon Sep 17 00:00:00 2001 From: Christophe Kerello <christophe.kerello(a)foss.st.com> Date: Wed, 7 Feb 2024 15:39:51 +0100 Subject: [PATCH] mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Fixes: 46b723dd867d ("mmc: mmci: add stm32 sdmmc variant") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240207143951.938144-1-christophe.kerello@foss.s… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mmci_stm32_sdmmc.c b/drivers/mmc/host/mmci_stm32_sdmmc.c index 35067e1e6cd8..f5da7f9baa52 100644 --- a/drivers/mmc/host/mmci_stm32_sdmmc.c +++ b/drivers/mmc/host/mmci_stm32_sdmmc.c @@ -225,6 +225,8 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) struct scatterlist *sg; int i; + host->dma_in_progress = true; + if (!host->variant->dma_lli || data->sg_len == 1 || idma->use_bounce_buffer) { u32 dma_addr; @@ -263,9 +265,30 @@ static int sdmmc_idma_start(struct mmci_host *host, unsigned int *datactrl) return 0; } +static void sdmmc_idma_error(struct mmci_host *host) +{ + struct mmc_data *data = host->data; + struct sdmmc_idma *idma = host->dma_priv; + + if (!dma_inprogress(host)) + return; + + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; + data->host_cookie = 0; + + if (!idma->use_bounce_buffer) + dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, + mmc_get_dma_dir(data)); +} + static void sdmmc_idma_finalize(struct mmci_host *host, struct mmc_data *data) { + if (!dma_inprogress(host)) + return; + writel_relaxed(0, host->base + MMCI_STM32_IDMACTRLR); + host->dma_in_progress = false; if (!data->host_cookie) sdmmc_idma_unprep_data(host, data, 0); @@ -676,6 +699,7 @@ static struct mmci_host_ops sdmmc_variant_ops = { .dma_setup = sdmmc_idma_setup, .dma_start = sdmmc_idma_start, .dma_finalize = sdmmc_idma_finalize, + .dma_error = sdmmc_idma_error, .set_clkreg = mmci_sdmmc_set_clkreg, .set_pwrreg = mmci_sdmmc_set_pwrreg, .busy_complete = sdmmc_busy_complete,

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030434-underling-helmet-8fbe@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030433-nickname-giblet-5b8d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] dmaengine: fsl-edma: correct max_segment_size setting" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x a79f949a5ce1d45329d63742c2a995f2b47f9852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030433-wand-unicorn-9af0@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a79f949a5ce1d45329d63742c2a995f2b47f9852 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Wed, 7 Feb 2024 14:47:32 -0500 Subject: [PATCH] dmaengine: fsl-edma: correct max_segment_size setting Correcting the previous setting of 0x3fff to the actual value of 0x7fff. Introduced new macro 'EDMA_TCD_ITER_MASK' for improved code clarity and utilization of FIELD_GET to obtain the accurate maximum value. Cc: stable(a)vger.kernel.org Fixes: e06748539432 ("dmaengine: fsl-edma: support edma memcpy") Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240207194733.2112870-1-Frank.Li@nxp.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/dma/fsl-edma-common.h b/drivers/dma/fsl-edma-common.h index bb5221158a77..f5e216b157c7 100644 --- a/drivers/dma/fsl-edma-common.h +++ b/drivers/dma/fsl-edma-common.h @@ -30,8 +30,9 @@ #define EDMA_TCD_ATTR_SSIZE(x) (((x) & GENMASK(2, 0)) << 8) #define EDMA_TCD_ATTR_SMOD(x) (((x) & GENMASK(4, 0)) << 11) -#define EDMA_TCD_CITER_CITER(x) ((x) & GENMASK(14, 0)) -#define EDMA_TCD_BITER_BITER(x) ((x) & GENMASK(14, 0)) +#define EDMA_TCD_ITER_MASK GENMASK(14, 0) +#define EDMA_TCD_CITER_CITER(x) ((x) & EDMA_TCD_ITER_MASK) +#define EDMA_TCD_BITER_BITER(x) ((x) & EDMA_TCD_ITER_MASK) #define EDMA_TCD_CSR_START BIT(0) #define EDMA_TCD_CSR_INT_MAJOR BIT(1) diff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 45cc419b1b4a..d36e28b9c767 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -10,6 +10,7 @@ */ #include <dt-bindings/dma/fsl-edma.h> +#include <linux/bitfield.h> #include <linux/module.h> #include <linux/interrupt.h> #include <linux/clk.h> @@ -582,7 +583,8 @@ static int fsl_edma_probe(struct platform_device *pdev) DMAENGINE_ALIGN_32_BYTES; /* Per worst case 'nbytes = 1' take CITER as the max_seg_size */ - dma_set_max_seg_size(fsl_edma->dma_dev.dev, 0x3fff); + dma_set_max_seg_size(fsl_edma->dma_dev.dev, + FIELD_GET(EDMA_TCD_ITER_MASK, EDMA_TCD_ITER_MASK)); fsl_edma->dma_dev.residue_granularity = DMA_RESIDUE_GRANULARITY_SEGMENT;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b979f2d50a099f3402418d7ff5f26c3952fb08bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-jolly-catcall-c2e8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b979f2d50a09 ("soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free") 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") f86955f2b1ff ("soc: qcom: pmic_glink: fix connector type to be DisplayPort") 5692aeea5bcb ("soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b979f2d50a099f3402418d7ff5f26c3952fb08bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Sat, 17 Feb 2024 16:02:25 +0100 Subject: [PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit'] Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: <stable(a)vger.kernel.org> # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-4-johan+l… diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback,

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x b979f2d50a099f3402418d7ff5f26c3952fb08bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030452-unlatch-jailer-3f13@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: b979f2d50a09 ("soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free") 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b979f2d50a099f3402418d7ff5f26c3952fb08bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Sat, 17 Feb 2024 16:02:25 +0100 Subject: [PATCH] soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit'] Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Fixes: 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE") Cc: <stable(a)vger.kernel.org> # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-4-johan+l… diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index 5fcd0fdd2faa..b3808fc24c69 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -76,7 +76,7 @@ struct pmic_glink_altmode_port { struct work_struct work; - struct device *bridge; + struct auxiliary_device *bridge; enum typec_orientation orientation; u16 svid; @@ -230,7 +230,7 @@ static void pmic_glink_altmode_worker(struct work_struct *work) else pmic_glink_altmode_enable_usb(altmode, alt_port); - drm_aux_hpd_bridge_notify(alt_port->bridge, + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, alt_port->hpd_state ? connector_status_connected : connector_status_disconnected); @@ -454,7 +454,7 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, alt_port->index = port; INIT_WORK(&alt_port->work, pmic_glink_altmode_worker); - alt_port->bridge = drm_dp_hpd_bridge_register(dev, to_of_node(fwnode)); + alt_port->bridge = devm_drm_dp_hpd_bridge_alloc(dev, to_of_node(fwnode)); if (IS_ERR(alt_port->bridge)) { fwnode_handle_put(fwnode); return PTR_ERR(alt_port->bridge); @@ -510,6 +510,16 @@ static int pmic_glink_altmode_probe(struct auxiliary_device *adev, } } + for (port = 0; port < ARRAY_SIZE(altmode->ports); port++) { + alt_port = &altmode->ports[port]; + if (!alt_port->bridge) + continue; + + ret = devm_drm_dp_hpd_bridge_add(dev, alt_port->bridge); + if (ret) + return ret; + } + altmode->client = devm_pmic_glink_register_client(dev, altmode->owner_id, pmic_glink_altmode_callback,

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix double free of anonymous device after snapshot" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e2b54eaf28df0c978626c9736b94f003b523b451 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030455-ensure-outward-f8cc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e2b54eaf28df ("btrfs: fix double free of anonymous device after snapshot creation failure") e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") caae78e03234 ("btrfs: move common inode creation code into btrfs_create_new_inode()") 3538d68dbd97 ("btrfs: reserve correct number of items for inode creation") 5f465bf1f15a ("btrfs: factor out common part of btrfs_{mknod,create,mkdir}()") a1fd0c35ffe3 ("btrfs: allocate inode outside of btrfs_new_inode()") 305eaac00911 ("btrfs: set inode flags earlier in btrfs_new_inode()") 6437d4583531 ("btrfs: move btrfs_get_free_objectid() call into btrfs_new_inode()") 23c24ef8e418 ("btrfs: don't pass parent objectid to btrfs_new_inode() explicitly") 75b993cf4305 ("btrfs: remove unused mnt_userns parameter from __btrfs_set_acl") c51fa51190f9 ("btrfs: remove unnecessary set_nlink() in btrfs_create_subvol_root()") 6d831f7ef9f0 ("btrfs: remove unnecessary inode_set_bytes(0) call") 9124e15f2798 ("btrfs: remove unnecessary btrfs_i_size_write(0) calls") 81512e89f2b7 ("btrfs: get rid of btrfs_add_nondir()") 2256e901f5bd ("btrfs: fix anon_dev leak in create_subvol()") c16218714307 ("btrfs: reserve correct number of items for rename") 1b58ae0e4d3e ("btrfs: skip transaction commit after failure to create subvolume") 33fab972497a ("btrfs: fix double free of anon_dev after failure to create subvolume") b7ef5f3a6f37 ("btrfs: loop only once over data sizes array when inserting an item batch") 086dcbfa50d3 ("btrfs: insert items in batches when logging a directory when possible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2b54eaf28df0c978626c9736b94f003b523b451 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 23 Feb 2024 16:38:43 +0000 Subject: [PATCH] btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking; 5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK> btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 </TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(), so this change may not fix the case triggered by syzbot. To fix at least the code path from the example above, change btrfs_get_root_ref() and its callers to receive a dev_t pointer argument for the anonymous device number, so that in case it frees the number, it also resets it to 0, so that up in the call chain we don't attempt to do the double free. CC: stable(a)vger.kernel.org # 5.10+ Link: https://lore.kernel.org/linux-btrfs/000000000000f673a1061202f630@google.com/ Fixes: e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index e71ef97d0a7c..c843563914ca 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1307,12 +1307,12 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info) * * @objectid: root id * @anon_dev: preallocated anonymous block device number for new roots, - * pass 0 for new allocation. + * pass NULL for a new allocation. * @check_ref: whether to check root item references, If true, return -ENOENT * for orphan roots */ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev, + u64 objectid, dev_t *anon_dev, bool check_ref) { struct btrfs_root *root; @@ -1342,9 +1342,9 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * that common but still possible. In that case, we just need * to free the anon_dev. */ - if (unlikely(anon_dev)) { - free_anon_bdev(anon_dev); - anon_dev = 0; + if (unlikely(anon_dev && *anon_dev)) { + free_anon_bdev(*anon_dev); + *anon_dev = 0; } if (check_ref && btrfs_root_refs(&root->root_item) == 0) { @@ -1366,7 +1366,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, goto fail; } - ret = btrfs_init_fs_root(root, anon_dev); + ret = btrfs_init_fs_root(root, anon_dev ? *anon_dev : 0); if (ret) goto fail; @@ -1402,7 +1402,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * root's anon_dev to 0 to avoid a double free, once by btrfs_put_root() * and once again by our caller. */ - if (anon_dev) + if (anon_dev && *anon_dev) root->anon_dev = 0; btrfs_put_root(root); return ERR_PTR(ret); @@ -1418,7 +1418,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref) { - return btrfs_get_root_ref(fs_info, objectid, 0, check_ref); + return btrfs_get_root_ref(fs_info, objectid, NULL, check_ref); } /* @@ -1426,11 +1426,11 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, * the anonymous block device id * * @objectid: tree objectid - * @anon_dev: if zero, allocate a new anonymous block device or use the - * parameter value + * @anon_dev: if NULL, allocate a new anonymous block device or use the + * parameter value if not NULL */ struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev) + u64 objectid, dev_t *anon_dev) { return btrfs_get_root_ref(fs_info, objectid, anon_dev, true); } diff --git a/fs/btrfs/disk-io.h b/fs/btrfs/disk-io.h index 9413726b329b..eb3473d1c1ac 100644 --- a/fs/btrfs/disk-io.h +++ b/fs/btrfs/disk-io.h @@ -61,7 +61,7 @@ void btrfs_free_fs_roots(struct btrfs_fs_info *fs_info); struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref); struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev); + u64 objectid, dev_t *anon_dev); struct btrfs_root *btrfs_get_fs_root_commit_root(struct btrfs_fs_info *fs_info, struct btrfs_path *path, u64 objectid); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index fb2323b323bf..b004e3b75311 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -721,7 +721,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, free_extent_buffer(leaf); leaf = NULL; - new_root = btrfs_get_new_fs_root(fs_info, objectid, anon_dev); + new_root = btrfs_get_new_fs_root(fs_info, objectid, &anon_dev); if (IS_ERR(new_root)) { ret = PTR_ERR(new_root); btrfs_abort_transaction(trans, ret); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index c52807d97efa..bf8e64c766b6 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1834,7 +1834,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, } key.offset = (u64)-1; - pending->snap = btrfs_get_new_fs_root(fs_info, objectid, pending->anon_dev); + pending->snap = btrfs_get_new_fs_root(fs_info, objectid, &pending->anon_dev); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); pending->snap = NULL;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix double free of anonymous device after snapshot" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e2b54eaf28df0c978626c9736b94f003b523b451 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030451-curtly-phoney-bfc5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e2b54eaf28df ("btrfs: fix double free of anonymous device after snapshot creation failure") e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") caae78e03234 ("btrfs: move common inode creation code into btrfs_create_new_inode()") 3538d68dbd97 ("btrfs: reserve correct number of items for inode creation") 5f465bf1f15a ("btrfs: factor out common part of btrfs_{mknod,create,mkdir}()") a1fd0c35ffe3 ("btrfs: allocate inode outside of btrfs_new_inode()") 305eaac00911 ("btrfs: set inode flags earlier in btrfs_new_inode()") 6437d4583531 ("btrfs: move btrfs_get_free_objectid() call into btrfs_new_inode()") 23c24ef8e418 ("btrfs: don't pass parent objectid to btrfs_new_inode() explicitly") 75b993cf4305 ("btrfs: remove unused mnt_userns parameter from __btrfs_set_acl") c51fa51190f9 ("btrfs: remove unnecessary set_nlink() in btrfs_create_subvol_root()") 6d831f7ef9f0 ("btrfs: remove unnecessary inode_set_bytes(0) call") 9124e15f2798 ("btrfs: remove unnecessary btrfs_i_size_write(0) calls") 81512e89f2b7 ("btrfs: get rid of btrfs_add_nondir()") 2256e901f5bd ("btrfs: fix anon_dev leak in create_subvol()") c16218714307 ("btrfs: reserve correct number of items for rename") 1b58ae0e4d3e ("btrfs: skip transaction commit after failure to create subvolume") 33fab972497a ("btrfs: fix double free of anon_dev after failure to create subvolume") b7ef5f3a6f37 ("btrfs: loop only once over data sizes array when inserting an item batch") 086dcbfa50d3 ("btrfs: insert items in batches when logging a directory when possible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e2b54eaf28df0c978626c9736b94f003b523b451 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 23 Feb 2024 16:38:43 +0000 Subject: [PATCH] btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking; 5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK> btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 </TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(), so this change may not fix the case triggered by syzbot. To fix at least the code path from the example above, change btrfs_get_root_ref() and its callers to receive a dev_t pointer argument for the anonymous device number, so that in case it frees the number, it also resets it to 0, so that up in the call chain we don't attempt to do the double free. CC: stable(a)vger.kernel.org # 5.10+ Link: https://lore.kernel.org/linux-btrfs/000000000000f673a1061202f630@google.com/ Fixes: e03ee2fe873e ("btrfs: do not ASSERT() if the newly created subvolume already got read") Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index e71ef97d0a7c..c843563914ca 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1307,12 +1307,12 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info) * * @objectid: root id * @anon_dev: preallocated anonymous block device number for new roots, - * pass 0 for new allocation. + * pass NULL for a new allocation. * @check_ref: whether to check root item references, If true, return -ENOENT * for orphan roots */ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev, + u64 objectid, dev_t *anon_dev, bool check_ref) { struct btrfs_root *root; @@ -1342,9 +1342,9 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * that common but still possible. In that case, we just need * to free the anon_dev. */ - if (unlikely(anon_dev)) { - free_anon_bdev(anon_dev); - anon_dev = 0; + if (unlikely(anon_dev && *anon_dev)) { + free_anon_bdev(*anon_dev); + *anon_dev = 0; } if (check_ref && btrfs_root_refs(&root->root_item) == 0) { @@ -1366,7 +1366,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, goto fail; } - ret = btrfs_init_fs_root(root, anon_dev); + ret = btrfs_init_fs_root(root, anon_dev ? *anon_dev : 0); if (ret) goto fail; @@ -1402,7 +1402,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, * root's anon_dev to 0 to avoid a double free, once by btrfs_put_root() * and once again by our caller. */ - if (anon_dev) + if (anon_dev && *anon_dev) root->anon_dev = 0; btrfs_put_root(root); return ERR_PTR(ret); @@ -1418,7 +1418,7 @@ static struct btrfs_root *btrfs_get_root_ref(struct btrfs_fs_info *fs_info, struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref) { - return btrfs_get_root_ref(fs_info, objectid, 0, check_ref); + return btrfs_get_root_ref(fs_info, objectid, NULL, check_ref); } /* @@ -1426,11 +1426,11 @@ struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, * the anonymous block device id * * @objectid: tree objectid - * @anon_dev: if zero, allocate a new anonymous block device or use the - * parameter value + * @anon_dev: if NULL, allocate a new anonymous block device or use the + * parameter value if not NULL */ struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev) + u64 objectid, dev_t *anon_dev) { return btrfs_get_root_ref(fs_info, objectid, anon_dev, true); } diff --git a/fs/btrfs/disk-io.h b/fs/btrfs/disk-io.h index 9413726b329b..eb3473d1c1ac 100644 --- a/fs/btrfs/disk-io.h +++ b/fs/btrfs/disk-io.h @@ -61,7 +61,7 @@ void btrfs_free_fs_roots(struct btrfs_fs_info *fs_info); struct btrfs_root *btrfs_get_fs_root(struct btrfs_fs_info *fs_info, u64 objectid, bool check_ref); struct btrfs_root *btrfs_get_new_fs_root(struct btrfs_fs_info *fs_info, - u64 objectid, dev_t anon_dev); + u64 objectid, dev_t *anon_dev); struct btrfs_root *btrfs_get_fs_root_commit_root(struct btrfs_fs_info *fs_info, struct btrfs_path *path, u64 objectid); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index fb2323b323bf..b004e3b75311 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -721,7 +721,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, free_extent_buffer(leaf); leaf = NULL; - new_root = btrfs_get_new_fs_root(fs_info, objectid, anon_dev); + new_root = btrfs_get_new_fs_root(fs_info, objectid, &anon_dev); if (IS_ERR(new_root)) { ret = PTR_ERR(new_root); btrfs_abort_transaction(trans, ret); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index c52807d97efa..bf8e64c766b6 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1834,7 +1834,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, } key.offset = (u64)-1; - pending->snap = btrfs_get_new_fs_root(fs_info, objectid, pending->anon_dev); + pending->snap = btrfs_get_new_fs_root(fs_info, objectid, &pending->anon_dev); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); pending->snap = NULL;

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] TOMOYO: Add policy namespace support." failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x bd03a3e4c9a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030412-composer-onset-5496@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sun, 26 Jun 2011 23:19:52 +0900 Subject: [PATCH] TOMOYO: Add policy namespace support. Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris(a)namei.org> diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index e882f17065f2..ef2172f29583 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -151,13 +151,15 @@ static unsigned int tomoyo_log_count; /** * tomoyo_get_audit - Get audit mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * @is_granted: True if granted log, false otherwise. * * Returns true if this request should be audited, false otherwise. */ -static bool tomoyo_get_audit(const u8 profile, const u8 index, +static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, + const u8 profile, const u8 index, const bool is_granted) { u8 mode; @@ -165,7 +167,7 @@ static bool tomoyo_get_audit(const u8 profile, const u8 index, struct tomoyo_profile *p; if (!tomoyo_policy_loaded) return false; - p = tomoyo_profile(profile); + p = tomoyo_profile(ns, profile); if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) return false; mode = p->config[index]; @@ -194,7 +196,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, char *buf; struct tomoyo_log *entry; bool quota_exceeded = false; - if (!tomoyo_get_audit(r->profile, r->type, r->granted)) + if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted)) goto out; buf = tomoyo_init_log(r, len, fmt, args); if (!buf) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 507ebf01e43b..50481d2cf970 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -11,12 +11,6 @@ #include <linux/security.h> #include "common.h" -/* Profile version. Currently only 20090903 is defined. */ -static unsigned int tomoyo_profile_version; - -/* Profile table. Memory is allocated as needed. */ -static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; - /* String table for operation mode. */ const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { [TOMOYO_CONFIG_DISABLED] = "disabled", @@ -216,6 +210,50 @@ static void tomoyo_set_slash(struct tomoyo_io_buffer *head) tomoyo_set_string(head, "/"); } +/* List of namespaces. */ +LIST_HEAD(tomoyo_namespace_list); +/* True if namespace other than tomoyo_kernel_namespace is defined. */ +static bool tomoyo_namespace_enabled; + +/** + * tomoyo_init_policy_namespace - Initialize namespace. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * + * Returns nothing. + */ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) +{ + unsigned int idx; + for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) + INIT_LIST_HEAD(&ns->acl_group[idx]); + for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) + INIT_LIST_HEAD(&ns->group_list[idx]); + for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) + INIT_LIST_HEAD(&ns->policy_list[idx]); + ns->profile_version = 20100903; + tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); + list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); +} + +/** + * tomoyo_print_namespace - Print namespace header. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) +{ + if (!tomoyo_namespace_enabled) + return; + tomoyo_set_string(head, + container_of(head->r.ns, + struct tomoyo_policy_namespace, + namespace_list)->name); + tomoyo_set_space(head); +} + /** * tomoyo_print_name_union - Print a tomoyo_name_union. * @@ -283,23 +321,25 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, /** * tomoyo_assign_profile - Create a new profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to create. * * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. */ -static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) +static struct tomoyo_profile *tomoyo_assign_profile +(struct tomoyo_policy_namespace *ns, const unsigned int profile) { struct tomoyo_profile *ptr; struct tomoyo_profile *entry; if (profile >= TOMOYO_MAX_PROFILES) return NULL; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (ptr) return ptr; entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (!ptr && tomoyo_memory_ok(entry)) { ptr = entry; ptr->default_config = TOMOYO_CONFIG_DISABLED | @@ -310,7 +350,7 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; mb(); /* Avoid out-of-order execution. */ - tomoyo_profile_ptr[profile] = ptr; + ns->profile_ptr[profile] = ptr; entry = NULL; } mutex_unlock(&tomoyo_policy_lock); @@ -322,14 +362,16 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) /** * tomoyo_profile - Find a profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to find. * * Returns pointer to "struct tomoyo_profile". */ -struct tomoyo_profile *tomoyo_profile(const u8 profile) +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile) { static struct tomoyo_profile tomoyo_null_profile; - struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; + struct tomoyo_profile *ptr = ns->profile_ptr[profile]; if (!ptr) ptr = &tomoyo_null_profile; return ptr; @@ -454,13 +496,14 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) unsigned int i; char *cp; struct tomoyo_profile *profile; - if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) + if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) + == 1) return 0; i = simple_strtoul(data, &cp, 10); if (*cp != '-') return -EINVAL; data = cp + 1; - profile = tomoyo_assign_profile(i); + profile = tomoyo_assign_profile(head->w.ns, i); if (!profile) return -EINVAL; cp = strchr(data, '='); @@ -518,19 +561,25 @@ static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) static void tomoyo_read_profile(struct tomoyo_io_buffer *head) { u8 index; + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); const struct tomoyo_profile *profile; + if (head->r.eof) + return; next: index = head->r.index; - profile = tomoyo_profile_ptr[index]; + profile = ns->profile_ptr[index]; switch (head->r.step) { case 0: - tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 20090903); + tomoyo_print_namespace(head); + tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", + ns->profile_version); head->r.step++; break; case 1: for ( ; head->r.index < TOMOYO_MAX_PROFILES; head->r.index++) - if (tomoyo_profile_ptr[head->r.index]) + if (ns->profile_ptr[head->r.index]) break; if (head->r.index == TOMOYO_MAX_PROFILES) return; @@ -541,6 +590,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) u8 i; const struct tomoyo_path_info *comment = profile->comment; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-COMMENT=", index); tomoyo_set_string(head, comment ? comment->name : ""); tomoyo_set_lf(head); @@ -555,6 +605,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) break; case 3: { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); tomoyo_print_config(head, profile->default_config); head->r.bit = 0; @@ -568,6 +619,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) const u8 config = profile->config[i]; if (config == TOMOYO_CONFIG_USE_DEFAULT) continue; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", tomoyo_mac_keywords[i]); tomoyo_print_config(head, config); @@ -607,8 +659,10 @@ static int tomoyo_update_manager_entry(const char *manager, { struct tomoyo_manager e = { }; struct tomoyo_acl_param param = { + /* .ns = &tomoyo_kernel_namespace, */ .is_delete = is_delete, - .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER], + .list = &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], }; int error = is_delete ? -ENOENT : -ENOMEM; if (tomoyo_domain_def(manager)) { @@ -640,13 +694,12 @@ static int tomoyo_update_manager_entry(const char *manager, static int tomoyo_write_manager(struct tomoyo_io_buffer *head) { char *data = head->write_buf; - bool is_delete = tomoyo_str_starts(&data, "delete "); if (!strcmp(data, "manage_by_non_root")) { - tomoyo_manage_by_non_root = !is_delete; + tomoyo_manage_by_non_root = !head->w.is_delete; return 0; } - return tomoyo_update_manager_entry(data, is_delete); + return tomoyo_update_manager_entry(data, head->w.is_delete); } /** @@ -660,8 +713,8 @@ static void tomoyo_read_manager(struct tomoyo_io_buffer *head) { if (head->r.eof) return; - list_for_each_cookie(head->r.acl, - &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { + list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER]) { struct tomoyo_manager *ptr = list_entry(head->r.acl, typeof(*ptr), head.list); if (ptr->head.is_deleted) @@ -694,8 +747,8 @@ static bool tomoyo_manager(void) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && ptr->is_domain && !tomoyo_pathcmp(domainname, ptr->manager)) { found = true; @@ -707,8 +760,8 @@ static bool tomoyo_manager(void) exe = tomoyo_get_exe(); if (!exe) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && !ptr->is_domain && !strcmp(exe, ptr->manager->name)) { found = true; @@ -729,7 +782,7 @@ static bool tomoyo_manager(void) } /** - * tomoyo_select_one - Parse select command. + * tomoyo_select_domain - Parse select command. * * @head: Pointer to "struct tomoyo_io_buffer". * @data: String to parse. @@ -738,16 +791,15 @@ static bool tomoyo_manager(void) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) +static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, + const char *data) { unsigned int pid; struct tomoyo_domain_info *domain = NULL; bool global_pid = false; - - if (!strcmp(data, "allow_execute")) { - head->r.print_execute_only = true; - return true; - } + if (strncmp(data, "select ", 7)) + return false; + data += 7; if (sscanf(data, "pid=%u", &pid) == 1 || (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { struct task_struct *p; @@ -818,6 +870,7 @@ static int tomoyo_delete_domain(char *domainname) /** * tomoyo_write_domain2 - Write domain policy. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @list: Pointer to "struct list_head". * @data: Policy to be interpreted. * @is_delete: True if it is a delete request. @@ -826,10 +879,12 @@ static int tomoyo_delete_domain(char *domainname) * * Caller holds tomoyo_read_lock(). */ -static int tomoyo_write_domain2(struct list_head *list, char *data, +static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, + struct list_head *list, char *data, const bool is_delete) { struct tomoyo_acl_param param = { + .ns = ns, .list = list, .data = data, .is_delete = is_delete, @@ -862,37 +917,28 @@ static int tomoyo_write_domain2(struct list_head *list, char *data, static int tomoyo_write_domain(struct tomoyo_io_buffer *head) { char *data = head->write_buf; + struct tomoyo_policy_namespace *ns; struct tomoyo_domain_info *domain = head->w.domain; - bool is_delete = false; - bool is_select = false; + const bool is_delete = head->w.is_delete; + bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); unsigned int profile; - - if (tomoyo_str_starts(&data, "delete ")) - is_delete = true; - else if (tomoyo_str_starts(&data, "select ")) - is_select = true; - if (is_select && tomoyo_select_one(head, data)) - return 0; - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; - if (tomoyo_domain_def(data)) { + if (*data == '<') { domain = NULL; if (is_delete) tomoyo_delete_domain(data); else if (is_select) domain = tomoyo_find_domain(data); else - domain = tomoyo_assign_domain(data, 0); + domain = tomoyo_assign_domain(data, false); head->w.domain = domain; return 0; } if (!domain) return -EINVAL; - + ns = domain->ns; if (sscanf(data, "use_profile %u", &profile) == 1 && profile < TOMOYO_MAX_PROFILES) { - if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) + if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) domain->profile = (u8) profile; return 0; } @@ -910,7 +956,8 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) domain->transition_failed = !is_delete; return 0; } - return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete); + return tomoyo_write_domain2(ns, &domain->acl_info_list, data, + is_delete); } /** @@ -924,9 +971,11 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) static void tomoyo_set_group(struct tomoyo_io_buffer *head, const char *category) { - if (head->type == TOMOYO_EXCEPTIONPOLICY) + if (head->type == TOMOYO_EXCEPTIONPOLICY) { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "acl_group %u ", head->r.acl_group_index); + } tomoyo_set_string(head, category); } @@ -956,7 +1005,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { if (!(perm & (1 << bit))) continue; - if (head->r.print_execute_only && + if (head->r.print_transition_related_only && bit != TOMOYO_TYPE_EXECUTE) continue; if (first) { @@ -970,7 +1019,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, if (first) return true; tomoyo_print_name_union(head, &ptr->name); - } else if (head->r.print_execute_only) { + } else if (head->r.print_transition_related_only) { return true; } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { struct tomoyo_path2_acl *ptr = @@ -1147,8 +1196,8 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) domain = tomoyo_find_domain(cp + 1); if (strict_strtoul(data, 10, &profile)) return -EINVAL; - if (domain && profile < TOMOYO_MAX_PROFILES - && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) + if (domain && (!tomoyo_policy_loaded || + head->w.ns->profile_ptr[(u8) profile])) domain->profile = (u8) profile; return 0; } @@ -1246,10 +1295,12 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) } static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { - [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain", - [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain", - [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain", - [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain", + [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", + [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", + [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", }; static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { @@ -1268,19 +1319,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { */ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) { + const bool is_delete = head->w.is_delete; struct tomoyo_acl_param param = { + .ns = head->w.ns, + .is_delete = is_delete, .data = head->write_buf, }; u8 i; - param.is_delete = tomoyo_str_starts(&param.data, "delete "); - if (!param.is_delete && tomoyo_str_starts(&param.data, "select ") && - !strcmp(param.data, "execute_only")) { - head->r.print_execute_only = true; - return 0; - } - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; if (tomoyo_str_starts(&param.data, "aggregator ")) return tomoyo_write_aggregator(&param); for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) @@ -1294,8 +1339,9 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) char *data; group = simple_strtoul(param.data, &data, 10); if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') - return tomoyo_write_domain2(&tomoyo_acl_group[group], - data, param.is_delete); + return tomoyo_write_domain2 + (head->w.ns, &head->w.ns->acl_group[group], + data, is_delete); } return -EINVAL; } @@ -1312,7 +1358,10 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) */ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->group_list[idx]; + list_for_each_cookie(head->r.group, list) { struct tomoyo_group *group = list_entry(head->r.group, typeof(*group), head.list); list_for_each_cookie(head->r.acl, &group->member_list) { @@ -1322,6 +1371,7 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) continue; if (!tomoyo_flush(head)) return false; + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_group_name[idx]); tomoyo_set_string(head, group->group_name->name); if (idx == TOMOYO_PATH_GROUP) { @@ -1355,7 +1405,10 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) */ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->policy_list[idx]; + list_for_each_cookie(head->r.acl, list) { struct tomoyo_acl_head *acl = container_of(head->r.acl, typeof(*acl), list); if (acl->is_deleted) @@ -1367,6 +1420,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_transition_control *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_transition_type [ptr->type]); tomoyo_set_string(head, ptr->program ? @@ -1381,6 +1435,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_aggregator *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, "aggregator "); tomoyo_set_string(head, ptr->original_name->name); @@ -1407,6 +1462,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) */ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); if (head->r.eof) return; while (head->r.step < TOMOYO_MAX_POLICY && @@ -1423,7 +1480,7 @@ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) + TOMOYO_MAX_ACL_GROUPS) { head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY - TOMOYO_MAX_GROUP; - if (!tomoyo_read_domain2(head, &tomoyo_acl_group + if (!tomoyo_read_domain2(head, &ns->acl_group [head->r.acl_group_index])) return; head->r.step++; @@ -1484,7 +1541,8 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) return; snprintf(buffer, len - 1, "%s", cp); tomoyo_normalize_line(buffer); - tomoyo_write_domain2(&domain->acl_info_list, buffer, false); + tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, + false); kfree(buffer); } @@ -1895,6 +1953,45 @@ int tomoyo_poll_control(struct file *file, poll_table *wait) return head->poll(file, wait); } +/** + * tomoyo_set_namespace_cursor - Set namespace to read. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) +{ + struct list_head *ns; + if (head->type != TOMOYO_EXCEPTIONPOLICY && + head->type != TOMOYO_PROFILE) + return; + /* + * If this is the first read, or reading previous namespace finished + * and has more namespaces to read, update the namespace cursor. + */ + ns = head->r.ns; + if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { + /* Clearing is OK because tomoyo_flush() returned true. */ + memset(&head->r, 0, sizeof(head->r)); + head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; + } +} + +/** + * tomoyo_has_more_namespace - Check for unread namespaces. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns true if we have more entries to print, false otherwise. + */ +static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) +{ + return (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) && head->r.eof && + head->r.ns->next != &tomoyo_namespace_list; +} + /** * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. * @@ -1919,13 +2016,53 @@ int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, head->read_user_buf_avail = buffer_len; if (tomoyo_flush(head)) /* Call the policy handler. */ - head->read(head); - tomoyo_flush(head); + do { + tomoyo_set_namespace_cursor(head); + head->read(head); + } while (tomoyo_flush(head) && + tomoyo_has_more_namespace(head)); len = head->read_user_buf - buffer; mutex_unlock(&head->io_sem); return len; } +/** + * tomoyo_parse_policy - Parse a policy line. + * + * @head: Poiter to "struct tomoyo_io_buffer". + * @line: Line to parse. + * + * Returns 0 on success, negative value otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) +{ + /* Delete request? */ + head->w.is_delete = !strncmp(line, "delete ", 7); + if (head->w.is_delete) + memmove(line, line + 7, strlen(line + 7) + 1); + /* Selecting namespace to update. */ + if (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) { + if (*line == '<') { + char *cp = strchr(line, ' '); + if (cp) { + *cp++ = '\0'; + head->w.ns = tomoyo_assign_namespace(line); + memmove(line, cp, strlen(cp) + 1); + } else + head->w.ns = NULL; + } else + head->w.ns = &tomoyo_kernel_namespace; + /* Don't allow updating if namespace is invalid. */ + if (!head->w.ns) + return -ENOENT; + } + /* Do the update. */ + return head->write(head); +} + /** * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. * @@ -1941,27 +2078,31 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, const char __user *buffer, const int buffer_len) { int error = buffer_len; - int avail_len = buffer_len; + size_t avail_len = buffer_len; char *cp0 = head->write_buf; - if (!head->write) return -ENOSYS; if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT; - /* Don't allow updating policies by non manager programs. */ - if (head->write != tomoyo_write_pid && - head->write != tomoyo_write_domain && - head->write != tomoyo_write_exception && !tomoyo_manager()) - return -EPERM; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; /* Read a line and dispatch it to the policy handler. */ while (avail_len > 0) { char c; if (head->w.avail >= head->writebuf_size - 1) { - error = -ENOMEM; - break; - } else if (get_user(c, buffer)) { + const int len = head->writebuf_size * 2; + char *cp = kzalloc(len, GFP_NOFS); + if (!cp) { + error = -ENOMEM; + break; + } + memmove(cp, cp0, head->w.avail); + kfree(cp0); + head->write_buf = cp; + cp0 = cp; + head->writebuf_size = len; + } + if (get_user(c, buffer)) { error = -EFAULT; break; } @@ -1973,8 +2114,40 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, cp0[head->w.avail - 1] = '\0'; head->w.avail = 0; tomoyo_normalize_line(cp0); - head->write(head); + if (!strcmp(cp0, "reset")) { + head->w.ns = &tomoyo_kernel_namespace; + head->w.domain = NULL; + memset(&head->r, 0, sizeof(head->r)); + continue; + } + /* Don't allow updating policies by non manager programs. */ + switch (head->type) { + case TOMOYO_PROCESS_STATUS: + /* This does not write anything. */ + break; + case TOMOYO_DOMAINPOLICY: + if (tomoyo_select_domain(head, cp0)) + continue; + /* fall through */ + case TOMOYO_EXCEPTIONPOLICY: + if (!strcmp(cp0, "select transition_only")) { + head->r.print_transition_related_only = true; + continue; + } + /* fall through */ + default: + if (!tomoyo_manager()) { + error = -EPERM; + goto out; + } + } + switch (tomoyo_parse_policy(head, cp0)) { + case -EPERM: + error = -EPERM; + goto out; + } } +out: mutex_unlock(&head->io_sem); return error; } @@ -2019,27 +2192,27 @@ void tomoyo_check_profile(void) struct tomoyo_domain_info *domain; const int idx = tomoyo_read_lock(); tomoyo_policy_loaded = true; - /* Check all profiles currently assigned to domains are defined. */ + printk(KERN_INFO "TOMOYO: 2.4.0\n"); list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { const u8 profile = domain->profile; - if (tomoyo_profile_ptr[profile]) + const struct tomoyo_policy_namespace *ns = domain->ns; + if (ns->profile_version != 20100903) + printk(KERN_ERR + "Profile version %u is not supported.\n", + ns->profile_version); + else if (!ns->profile_ptr[profile]) + printk(KERN_ERR + "Profile %u (used by '%s') is not defined.\n", + profile, domain->domainname->name); + else continue; - printk(KERN_ERR "You need to define profile %u before using it.\n", - profile); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " + printk(KERN_ERR + "Userland tools for TOMOYO 2.4 must be installed and " + "policy must be initialized.\n"); + printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " "for more information.\n"); - panic("Profile %u (used by '%s') not defined.\n", - profile, domain->domainname->name); + panic("STOP!"); } tomoyo_read_unlock(idx); - if (tomoyo_profile_version != 20090903) { - printk(KERN_ERR "You need to install userland programs for " - "TOMOYO 2.3 and initialize policy configuration.\n"); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " - "for more information.\n"); - panic("Profile version %u is not supported.\n", - tomoyo_profile_version); - } - printk(KERN_INFO "TOMOYO: 2.3.0\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 4bc3975516cb..53c8798e38b7 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -74,10 +74,6 @@ enum tomoyo_group_id { TOMOYO_MAX_GROUP }; -/* A domain definition starts with <kernel>. */ -#define TOMOYO_ROOT_NAME "<kernel>" -#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) - /* Index numbers for type of numeric values. */ enum tomoyo_value_type { TOMOYO_VALUE_TYPE_INVALID, @@ -89,6 +85,8 @@ enum tomoyo_value_type { /* Index numbers for domain transition control keywords. */ enum tomoyo_transition_type { /* Do not change this order, */ + TOMOYO_TRANSITION_CONTROL_NO_RESET, + TOMOYO_TRANSITION_CONTROL_RESET, TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, TOMOYO_TRANSITION_CONTROL_INITIALIZE, TOMOYO_TRANSITION_CONTROL_NO_KEEP, @@ -246,6 +244,8 @@ struct tomoyo_shared_acl_head { atomic_t users; } __packed; +struct tomoyo_policy_namespace; + /* Structure for request info. */ struct tomoyo_request_info { struct tomoyo_domain_info *domain; @@ -359,6 +359,8 @@ struct tomoyo_domain_info { struct list_head acl_info_list; /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; + /* Namespace for this domain. Never NULL. */ + struct tomoyo_policy_namespace *ns; u8 profile; /* Profile number to use. */ u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ @@ -423,6 +425,7 @@ struct tomoyo_mount_acl { struct tomoyo_acl_param { char *data; struct list_head *list; + struct tomoyo_policy_namespace *ns; bool is_delete; }; @@ -443,6 +446,7 @@ struct tomoyo_io_buffer { char __user *read_user_buf; int read_user_buf_avail; struct { + struct list_head *ns; struct list_head *domain; struct list_head *group; struct list_head *acl; @@ -455,14 +459,16 @@ struct tomoyo_io_buffer { u8 w_pos; bool eof; bool print_this_domain_only; - bool print_execute_only; + bool print_transition_related_only; const char *w[TOMOYO_MAX_IO_READ_QUEUE]; } r; struct { + struct tomoyo_policy_namespace *ns; /* The position currently writing to. */ struct tomoyo_domain_info *domain; /* Bytes available for writing. */ int avail; + bool is_delete; } w; /* Buffer for reading. */ char *read_buf; @@ -533,8 +539,27 @@ struct tomoyo_time { u8 sec; }; +/* Structure for policy namespace. */ +struct tomoyo_policy_namespace { + /* Profile table. Memory is allocated as needed. */ + struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; + /* List of "struct tomoyo_group". */ + struct list_head group_list[TOMOYO_MAX_GROUP]; + /* List of policy. */ + struct list_head policy_list[TOMOYO_MAX_POLICY]; + /* The global ACL referred by "use_group" keyword. */ + struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; + /* List for connecting to tomoyo_namespace_list list. */ + struct list_head namespace_list; + /* Profile version. Currently only 20100903 is defined. */ + unsigned int profile_version; + /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ + const char *name; +}; + /********** Function prototypes. **********/ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); bool tomoyo_str_starts(char **src, const char *find); const char *tomoyo_get_exe(void); void tomoyo_normalize_line(unsigned char *buffer); @@ -553,7 +578,8 @@ tomoyo_compare_name_union(const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); bool tomoyo_compare_number_union(const unsigned long value, const struct tomoyo_number_union *ptr); -int tomoyo_get_mode(const u8 profile, const u8 index); +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index); void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); bool tomoyo_correct_domain(const unsigned char *domainname); @@ -589,8 +615,11 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile); -struct tomoyo_profile *tomoyo_profile(const u8 profile); + const bool transit); +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile); +struct tomoyo_policy_namespace *tomoyo_assign_namespace +(const char *domainname); struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, @@ -646,6 +675,8 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param); bool tomoyo_permstr(const char *string, const char *keyword); const char *tomoyo_yesno(const unsigned int value); +void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); void tomoyo_read_log(struct tomoyo_io_buffer *head); @@ -661,8 +692,6 @@ extern struct srcu_struct tomoyo_ss; /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; /* Lock for protecting policy. */ @@ -671,10 +700,10 @@ extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; -extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The kernel's domain. */ extern struct tomoyo_domain_info tomoyo_kernel_domain; +extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; +extern struct list_head tomoyo_namespace_list; extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; @@ -809,6 +838,16 @@ static inline bool tomoyo_same_number_union a->value_type[1] == b->value_type[1]; } +/** + * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. + * + * Returns pointer to "struct tomoyo_policy_namespace" for current thread. + */ +static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) +{ + return tomoyo_domain()->ns; +} + #if defined(CONFIG_SLOB) /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index af5f325e2f33..71acebc747c3 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -12,9 +12,6 @@ /* Variables definitions.*/ -/* The global ACL referred by "use_group" keyword. */ -struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The initial domain. */ struct tomoyo_domain_info tomoyo_kernel_domain; @@ -158,7 +155,7 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, } if (!retried) { retried = true; - list = &tomoyo_acl_group[domain->group]; + list = &domain->ns->acl_group[domain->group]; goto retry; } r->granted = false; @@ -167,13 +164,10 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, /* The list for "struct tomoyo_domain_info". */ LIST_HEAD(tomoyo_domain_list); -struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; - /** * tomoyo_last_word - Get last component of a domainname. * - * @domainname: Domainname to check. + * @name: Domainname to check. * * Returns the last word of @domainname. */ @@ -247,7 +241,7 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, if (!e.domainname) goto out; } - param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_transition_control); out: @@ -257,59 +251,88 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, } /** - * tomoyo_transition_type - Get domain transition type. + * tomoyo_scan_transition - Try to find specific domain transition type. * - * @domainname: The name of domain. - * @program: The name of program. + * @list: Pointer to "struct list_head". + * @domainname: The name of current domain. + * @program: The name of requested program. + * @last_name: The last component of @domainname. + * @type: One of values in "enum tomoyo_transition_type". * - * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program - * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing - * @program suppresses domain transition, others otherwise. + * Returns true if found one, false otherwise. * * Caller holds tomoyo_read_lock(). */ -static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname, - const struct tomoyo_path_info *program) +static inline bool tomoyo_scan_transition +(const struct list_head *list, const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program, const char *last_name, + const enum tomoyo_transition_type type) { const struct tomoyo_transition_control *ptr; - const char *last_name = tomoyo_last_word(domainname->name); - u8 type; - for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) { - next: - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_TRANSITION_CONTROL], - head.list) { - if (ptr->head.is_deleted || ptr->type != type) - continue; - if (ptr->domainname) { - if (!ptr->is_last_name) { - if (ptr->domainname != domainname) - continue; - } else { - /* - * Use direct strcmp() since this is - * unlikely used. - */ - if (strcmp(ptr->domainname->name, - last_name)) - continue; - } - } - if (ptr->program && - tomoyo_pathcmp(ptr->program, program)) - continue; - if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) { + list_for_each_entry_rcu(ptr, list, head.list) { + if (ptr->head.is_deleted || ptr->type != type) + continue; + if (ptr->domainname) { + if (!ptr->is_last_name) { + if (ptr->domainname != domainname) + continue; + } else { /* - * Do not check for initialize_domain if - * no_initialize_domain matched. + * Use direct strcmp() since this is + * unlikely used. */ - type = TOMOYO_TRANSITION_CONTROL_NO_KEEP; - goto next; + if (strcmp(ptr->domainname->name, last_name)) + continue; } - goto done; } + if (ptr->program && tomoyo_pathcmp(ptr->program, program)) + continue; + return true; + } + return false; +} + +/** + * tomoyo_transition_type - Get domain transition type. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * @domainname: The name of current domain. + * @program: The name of requested program. + * + * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes + * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if + * executing @program reinitializes domain transition within that namespace, + * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname , + * others otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static enum tomoyo_transition_type tomoyo_transition_type +(const struct tomoyo_policy_namespace *ns, + const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program) +{ + const char *last_name = tomoyo_last_word(domainname->name); + enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET; + while (type < TOMOYO_MAX_TRANSITION_TYPE) { + const struct list_head * const list = + &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + if (!tomoyo_scan_transition(list, domainname, program, + last_name, type)) { + type++; + continue; + } + if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET && + type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) + break; + /* + * Do not check for reset_domain if no_reset_domain matched. + * Do not check for initialize_domain if no_initialize_domain + * matched. + */ + type++; + type++; } - done: return type; } @@ -355,7 +378,7 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) if (!e.original_name || !e.aggregated_name || e.aggregated_name->is_patterned) /* No patterns allowed. */ goto out; - param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]; + param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_aggregator); out: @@ -365,53 +388,171 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) } /** - * tomoyo_assign_domain - Create a domain. + * tomoyo_find_namespace - Find specified namespace. + * + * @name: Name of namespace to find. + * @len: Length of @name. + * + * Returns pointer to "struct tomoyo_policy_namespace" if found, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static struct tomoyo_policy_namespace *tomoyo_find_namespace +(const char *name, const unsigned int len) +{ + struct tomoyo_policy_namespace *ns; + list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { + if (strncmp(name, ns->name, len) || + (name[len] && name[len] != ' ')) + continue; + return ns; + } + return NULL; +} + +/** + * tomoyo_assign_namespace - Create a new namespace. + * + * @domainname: Name of namespace to create. + * + * Returns pointer to "struct tomoyo_policy_namespace" on success, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname) +{ + struct tomoyo_policy_namespace *ptr; + struct tomoyo_policy_namespace *entry; + const char *cp = domainname; + unsigned int len = 0; + while (*cp && *cp++ != ' ') + len++; + ptr = tomoyo_find_namespace(domainname, len); + if (ptr) + return ptr; + if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) + return NULL; + entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); + if (!entry) + return NULL; + if (mutex_lock_interruptible(&tomoyo_policy_lock)) + goto out; + ptr = tomoyo_find_namespace(domainname, len); + if (!ptr && tomoyo_memory_ok(entry)) { + char *name = (char *) (entry + 1); + ptr = entry; + memmove(name, domainname, len); + name[len] = '\0'; + entry->name = name; + tomoyo_init_policy_namespace(entry); + entry = NULL; + } + mutex_unlock(&tomoyo_policy_lock); +out: + kfree(entry); + return ptr; +} + +/** + * tomoyo_namespace_jump - Check for namespace jump. + * + * @domainname: Name of domain. + * + * Returns true if namespace differs, false otherwise. + */ +static bool tomoyo_namespace_jump(const char *domainname) +{ + const char *namespace = tomoyo_current_namespace()->name; + const int len = strlen(namespace); + return strncmp(domainname, namespace, len) || + (domainname[len] && domainname[len] != ' '); +} + +/** + * tomoyo_assign_domain - Create a domain or a namespace. * * @domainname: The name of domain. - * @profile: Profile number to assign if the domain was newly created. + * @transit: True if transit to domain found or created. * * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. * * Caller holds tomoyo_read_lock(). */ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile) + const bool transit) { - struct tomoyo_domain_info *entry; - struct tomoyo_domain_info *domain = NULL; - const struct tomoyo_path_info *saved_domainname; - bool found = false; - - if (!tomoyo_correct_domain(domainname)) + struct tomoyo_domain_info e = { }; + struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); + bool created = false; + if (entry) { + if (transit) { + /* + * Since namespace is created at runtime, profiles may + * not be created by the moment the process transits to + * that domain. Do not perform domain transition if + * profile for that domain is not yet created. + */ + if (!entry->ns->profile_ptr[entry->profile]) + return NULL; + } + return entry; + } + /* Requested domain does not exist. */ + /* Don't create requested domain if domainname is invalid. */ + if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || + !tomoyo_correct_domain(domainname)) return NULL; - saved_domainname = tomoyo_get_name(domainname); - if (!saved_domainname) + /* + * Since definition of profiles and acl_groups may differ across + * namespaces, do not inherit "use_profile" and "use_group" settings + * by automatically creating requested domain upon domain transition. + */ + if (transit && tomoyo_namespace_jump(domainname)) + return NULL; + e.ns = tomoyo_assign_namespace(domainname); + if (!e.ns) + return NULL; + /* + * "use_profile" and "use_group" settings for automatically created + * domains are inherited from current domain. These are 0 for manually + * created domains. + */ + if (transit) { + const struct tomoyo_domain_info *domain = tomoyo_domain(); + e.profile = domain->profile; + e.group = domain->group; + } + e.domainname = tomoyo_get_name(domainname); + if (!e.domainname) return NULL; - entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { - if (domain->is_deleted || - tomoyo_pathcmp(saved_domainname, domain->domainname)) - continue; - found = true; - break; - } - if (!found && tomoyo_memory_ok(entry)) { - INIT_LIST_HEAD(&entry->acl_info_list); - entry->domainname = saved_domainname; - saved_domainname = NULL; - entry->profile = profile; - list_add_tail_rcu(&entry->list, &tomoyo_domain_list); - domain = entry; - entry = NULL; - found = true; + entry = tomoyo_find_domain(domainname); + if (!entry) { + entry = tomoyo_commit_ok(&e, sizeof(e)); + if (entry) { + INIT_LIST_HEAD(&entry->acl_info_list); + list_add_tail_rcu(&entry->list, &tomoyo_domain_list); + created = true; + } } mutex_unlock(&tomoyo_policy_lock); - out: - tomoyo_put_name(saved_domainname); - kfree(entry); - return found ? domain : NULL; +out: + tomoyo_put_name(e.domainname); + if (entry && transit) { + if (created) { + struct tomoyo_request_info r; + tomoyo_init_request_info(&r, entry, + TOMOYO_MAC_FILE_EXECUTE); + r.granted = false; + tomoyo_write_log(&r, "use_profile %u\n", + entry->profile); + tomoyo_write_log(&r, "use_group %u\n", entry->group); + } + } + return entry; } /** @@ -434,6 +575,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bool is_enforce; int retval = -ENOMEM; bool need_kfree = false; + bool reject_on_transition_failure = false; struct tomoyo_path_info rn = { }; /* real name */ mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); @@ -457,8 +599,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) /* Check 'aggregator' directive. */ { struct tomoyo_aggregator *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_AGGREGATOR], head.list) { + struct list_head *list = + &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; + /* Check 'aggregator' directive. */ + list_for_each_entry_rcu(ptr, list, head.list) { if (ptr->head.is_deleted || !tomoyo_path_matches_pattern(&rn, ptr->original_name)) @@ -492,11 +636,21 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } /* Calculate domain to transit to. */ - switch (tomoyo_transition_type(old_domain->domainname, &rn)) { + switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, + &rn)) { + case TOMOYO_TRANSITION_CONTROL_RESET: + /* Transit to the root of specified namespace. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); + /* + * Make do_execve() fail if domain transition across namespaces + * has failed. + */ + reject_on_transition_failure = true; + break; case TOMOYO_TRANSITION_CONTROL_INITIALIZE: - /* Transit to the child of tomoyo_kernel_domain domain. */ - snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " " - "%s", rn.name); + /* Transit to the child of current namespace's root. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", + old_domain->ns->name, rn.name); break; case TOMOYO_TRANSITION_CONTROL_KEEP: /* Keep current domain. */ @@ -519,19 +673,25 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } break; } - if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10) - goto done; - domain = tomoyo_find_domain(tmp); if (!domain) - domain = tomoyo_assign_domain(tmp, old_domain->profile); - done: + domain = tomoyo_assign_domain(tmp, true); if (domain) - goto out; - printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp); - if (is_enforce) - retval = -EPERM; - else - old_domain->transition_failed = true; + retval = 0; + else if (reject_on_transition_failure) { + printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); + retval = -ENOMEM; + } else if (r.mode == TOMOYO_CONFIG_ENFORCING) + retval = -ENOMEM; + else { + retval = 0; + if (!old_domain->transition_failed) { + old_domain->transition_failed = true; + r.granted = false; + tomoyo_write_log(&r, "%s", "transition_failed\n"); + printk(KERN_WARNING + "ERROR: Domain '%s' not defined.\n", tmp); + } + } out: if (!domain) domain = old_domain; diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 4f8526af9069..323ddc73a125 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -603,7 +603,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, int error; r->type = tomoyo_p2mac[operation]; - r->mode = tomoyo_get_mode(r->profile, r->type); + r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); if (r->mode == TOMOYO_CONFIG_DISABLED) return 0; r->param_type = TOMOYO_TYPE_PATH_ACL; diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 412ee8309c23..782e844dca7f 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -292,15 +292,12 @@ static bool tomoyo_collect_acl(struct list_head *list) static void tomoyo_collect_entry(void) { int i; + enum tomoyo_policy_id id; + struct tomoyo_policy_namespace *ns; + int idx; if (mutex_lock_interruptible(&tomoyo_policy_lock)) return; - for (i = 0; i < TOMOYO_MAX_POLICY; i++) { - if (!tomoyo_collect_member(i, &tomoyo_policy_list[i])) - goto unlock; - } - for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) - if (!tomoyo_collect_acl(&tomoyo_acl_group[i])) - goto unlock; + idx = tomoyo_read_lock(); { struct tomoyo_domain_info *domain; list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { @@ -317,39 +314,49 @@ static void tomoyo_collect_entry(void) goto unlock; } } + list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) { + for (id = 0; id < TOMOYO_MAX_POLICY; id++) + if (!tomoyo_collect_member(id, &ns->policy_list[id])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) + if (!tomoyo_collect_acl(&ns->acl_group[i])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_GROUP; i++) { + struct list_head *list = &ns->group_list[i]; + struct tomoyo_group *group; + switch (i) { + case 0: + id = TOMOYO_ID_PATH_GROUP; + break; + default: + id = TOMOYO_ID_NUMBER_GROUP; + break; + } + list_for_each_entry(group, list, head.list) { + if (!tomoyo_collect_member + (id, &group->member_list)) + goto unlock; + if (!list_empty(&group->member_list) || + atomic_read(&group->head.users)) + continue; + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, + &group->head.list)) + goto unlock; + } + } + } for (i = 0; i < TOMOYO_MAX_HASH; i++) { - struct tomoyo_name *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], head.list) { - if (atomic_read(&ptr->head.users)) + struct list_head *list = &tomoyo_name_list[i]; + struct tomoyo_shared_acl_head *ptr; + list_for_each_entry(ptr, list, list) { + if (atomic_read(&ptr->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->head.list)) + if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list)) goto unlock; } } - for (i = 0; i < TOMOYO_MAX_GROUP; i++) { - struct list_head *list = &tomoyo_group_list[i]; - int id; - struct tomoyo_group *group; - switch (i) { - case 0: - id = TOMOYO_ID_PATH_GROUP; - break; - default: - id = TOMOYO_ID_NUMBER_GROUP; - break; - } - list_for_each_entry(group, list, head.list) { - if (!tomoyo_collect_member(id, &group->member_list)) - goto unlock; - if (!list_empty(&group->member_list) || - atomic_read(&group->head.users)) - continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, - &group->head.list)) - goto unlock; - } - } - unlock: +unlock: + tomoyo_read_unlock(idx); mutex_unlock(&tomoyo_policy_lock); } diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 7a0493943d6d..39d012823f84 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -118,7 +118,7 @@ struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, return NULL; if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list = &tomoyo_group_list[idx]; + list = &param->ns->group_list[idx]; list_for_each_entry(group, list, head.list) { if (e.group_name != group->group_name) continue; @@ -199,27 +199,23 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) return ptr ? &ptr->entry : NULL; } +/* Initial namespace.*/ +struct tomoyo_policy_namespace tomoyo_kernel_namespace; + /** * tomoyo_mm_init - Initialize mm related code. */ void __init tomoyo_mm_init(void) { int idx; - - for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) - INIT_LIST_HEAD(&tomoyo_policy_list[idx]); - for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) - INIT_LIST_HEAD(&tomoyo_group_list[idx]); for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) INIT_LIST_HEAD(&tomoyo_name_list[idx]); + tomoyo_kernel_namespace.name = "<kernel>"; + tomoyo_init_policy_namespace(&tomoyo_kernel_namespace); + tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); - for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) - INIT_LIST_HEAD(&tomoyo_acl_group[idx]); - tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME); + tomoyo_kernel_domain.domainname = tomoyo_get_name("<kernel>"); list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list); - idx = tomoyo_read_lock(); - if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain) - panic("Can't register tomoyo_kernel_domain"); #if 0 /* Will be replaced with tomoyo_load_builtin_policy(). */ { @@ -230,7 +226,6 @@ void __init tomoyo_mm_init(void) TOMOYO_TRANSITION_CONTROL_INITIALIZE); } #endif - tomoyo_read_unlock(idx); } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) */ bool tomoyo_correct_domain(const unsigned char *domainname) { - if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, - TOMOYO_ROOT_NAME_LEN)) - goto out; - domainname += TOMOYO_ROOT_NAME_LEN; - if (!*domainname) + if (!domainname || !tomoyo_domain_def(domainname)) + return false; + domainname = strchr(domainname, ' '); + if (!domainname++) return true; - if (*domainname++ != ' ') - goto out; while (1) { const unsigned char *cp = strchr(domainname, ' '); if (!cp) break; if (*domainname != '/' || !tomoyo_correct_word2(domainname, cp - domainname)) - goto out; + return false; domainname = cp + 1; } return tomoyo_correct_path(domainname); - out: - return false; } /** @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) */ bool tomoyo_domain_def(const unsigned char *buffer) { - return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); + const unsigned char *cp; + int len; + if (*buffer != '<') + return false; + cp = strchr(buffer, ' '); + if (!cp) + len = strlen(buffer); + else + len = cp - buffer; + if (buffer[len - 1] != '>' || + !tomoyo_correct_word2(buffer + 1, len - 2)) + return false; + return true; } /** @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) /** * tomoyo_get_mode - Get MAC mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * * Returns mode. */ -int tomoyo_get_mode(const u8 profile, const u8 index) +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index) { u8 mode; const u8 category = TOMOYO_MAC_CATEGORY_FILE; if (!tomoyo_policy_loaded) return TOMOYO_CONFIG_DISABLED; - mode = tomoyo_profile(profile)->config[index]; + mode = tomoyo_profile(ns, profile)->config[index]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->config[category]; + mode = tomoyo_profile(ns, profile)->config[category]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->default_config; + mode = tomoyo_profile(ns, profile)->default_config; return mode & 3; } @@ -872,25 +881,10 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, profile = domain->profile; r->profile = profile; r->type = index; - r->mode = tomoyo_get_mode(profile, index); + r->mode = tomoyo_get_mode(domain->ns, profile, index); return r->mode; } -/** - * tomoyo_last_word - Get last component of a line. - * - * @line: A line. - * - * Returns the last word of a line. - */ -const char *tomoyo_last_word(const char *name) -{ - const char *cp = strrchr(name, ' '); - if (cp) - return cp + 1; - return name; -} - /** * tomoyo_domain_quota_is_ok - Check for domain's quota. * @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) if (perm & (1 << i)) count++; } - if (count < tomoyo_profile(domain->profile)-> + if (count < tomoyo_profile(domain->ns, domain->profile)-> pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) return true; if (!domain->quota_warned) {

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] TOMOYO: Add policy namespace support." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bd03a3e4c9a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024030411-calculate-dragonish-2e1a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd03a3e4c9a9df0c6b007045fa7fc8889111a478 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sun, 26 Jun 2011 23:19:52 +0900 Subject: [PATCH] TOMOYO: Add policy namespace support. Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments, for TOMOYO cannot distinguish between environments outside the container and environments inside the container since LXC environments are created using pivot_root(). To address this problem, this patch introduces policy namespace. Each policy namespace has its own set of domain policy, exception policy and profiles, which are all independent of other namespaces. This independency allows users to develop policy without worrying interference among namespaces. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris(a)namei.org> diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index e882f17065f2..ef2172f29583 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -151,13 +151,15 @@ static unsigned int tomoyo_log_count; /** * tomoyo_get_audit - Get audit mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * @is_granted: True if granted log, false otherwise. * * Returns true if this request should be audited, false otherwise. */ -static bool tomoyo_get_audit(const u8 profile, const u8 index, +static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, + const u8 profile, const u8 index, const bool is_granted) { u8 mode; @@ -165,7 +167,7 @@ static bool tomoyo_get_audit(const u8 profile, const u8 index, struct tomoyo_profile *p; if (!tomoyo_policy_loaded) return false; - p = tomoyo_profile(profile); + p = tomoyo_profile(ns, profile); if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) return false; mode = p->config[index]; @@ -194,7 +196,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, char *buf; struct tomoyo_log *entry; bool quota_exceeded = false; - if (!tomoyo_get_audit(r->profile, r->type, r->granted)) + if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted)) goto out; buf = tomoyo_init_log(r, len, fmt, args); if (!buf) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 507ebf01e43b..50481d2cf970 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -11,12 +11,6 @@ #include <linux/security.h> #include "common.h" -/* Profile version. Currently only 20090903 is defined. */ -static unsigned int tomoyo_profile_version; - -/* Profile table. Memory is allocated as needed. */ -static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; - /* String table for operation mode. */ const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { [TOMOYO_CONFIG_DISABLED] = "disabled", @@ -216,6 +210,50 @@ static void tomoyo_set_slash(struct tomoyo_io_buffer *head) tomoyo_set_string(head, "/"); } +/* List of namespaces. */ +LIST_HEAD(tomoyo_namespace_list); +/* True if namespace other than tomoyo_kernel_namespace is defined. */ +static bool tomoyo_namespace_enabled; + +/** + * tomoyo_init_policy_namespace - Initialize namespace. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * + * Returns nothing. + */ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) +{ + unsigned int idx; + for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) + INIT_LIST_HEAD(&ns->acl_group[idx]); + for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) + INIT_LIST_HEAD(&ns->group_list[idx]); + for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) + INIT_LIST_HEAD(&ns->policy_list[idx]); + ns->profile_version = 20100903; + tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); + list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); +} + +/** + * tomoyo_print_namespace - Print namespace header. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) +{ + if (!tomoyo_namespace_enabled) + return; + tomoyo_set_string(head, + container_of(head->r.ns, + struct tomoyo_policy_namespace, + namespace_list)->name); + tomoyo_set_space(head); +} + /** * tomoyo_print_name_union - Print a tomoyo_name_union. * @@ -283,23 +321,25 @@ static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, /** * tomoyo_assign_profile - Create a new profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to create. * * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. */ -static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) +static struct tomoyo_profile *tomoyo_assign_profile +(struct tomoyo_policy_namespace *ns, const unsigned int profile) { struct tomoyo_profile *ptr; struct tomoyo_profile *entry; if (profile >= TOMOYO_MAX_PROFILES) return NULL; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (ptr) return ptr; entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - ptr = tomoyo_profile_ptr[profile]; + ptr = ns->profile_ptr[profile]; if (!ptr && tomoyo_memory_ok(entry)) { ptr = entry; ptr->default_config = TOMOYO_CONFIG_DISABLED | @@ -310,7 +350,7 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; mb(); /* Avoid out-of-order execution. */ - tomoyo_profile_ptr[profile] = ptr; + ns->profile_ptr[profile] = ptr; entry = NULL; } mutex_unlock(&tomoyo_policy_lock); @@ -322,14 +362,16 @@ static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) /** * tomoyo_profile - Find a profile. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number to find. * * Returns pointer to "struct tomoyo_profile". */ -struct tomoyo_profile *tomoyo_profile(const u8 profile) +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile) { static struct tomoyo_profile tomoyo_null_profile; - struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; + struct tomoyo_profile *ptr = ns->profile_ptr[profile]; if (!ptr) ptr = &tomoyo_null_profile; return ptr; @@ -454,13 +496,14 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head) unsigned int i; char *cp; struct tomoyo_profile *profile; - if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) + if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) + == 1) return 0; i = simple_strtoul(data, &cp, 10); if (*cp != '-') return -EINVAL; data = cp + 1; - profile = tomoyo_assign_profile(i); + profile = tomoyo_assign_profile(head->w.ns, i); if (!profile) return -EINVAL; cp = strchr(data, '='); @@ -518,19 +561,25 @@ static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) static void tomoyo_read_profile(struct tomoyo_io_buffer *head) { u8 index; + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); const struct tomoyo_profile *profile; + if (head->r.eof) + return; next: index = head->r.index; - profile = tomoyo_profile_ptr[index]; + profile = ns->profile_ptr[index]; switch (head->r.step) { case 0: - tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 20090903); + tomoyo_print_namespace(head); + tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", + ns->profile_version); head->r.step++; break; case 1: for ( ; head->r.index < TOMOYO_MAX_PROFILES; head->r.index++) - if (tomoyo_profile_ptr[head->r.index]) + if (ns->profile_ptr[head->r.index]) break; if (head->r.index == TOMOYO_MAX_PROFILES) return; @@ -541,6 +590,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) u8 i; const struct tomoyo_path_info *comment = profile->comment; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-COMMENT=", index); tomoyo_set_string(head, comment ? comment->name : ""); tomoyo_set_lf(head); @@ -555,6 +605,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) break; case 3: { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); tomoyo_print_config(head, profile->default_config); head->r.bit = 0; @@ -568,6 +619,7 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) const u8 config = profile->config[i]; if (config == TOMOYO_CONFIG_USE_DEFAULT) continue; + tomoyo_print_namespace(head); tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", tomoyo_mac_keywords[i]); tomoyo_print_config(head, config); @@ -607,8 +659,10 @@ static int tomoyo_update_manager_entry(const char *manager, { struct tomoyo_manager e = { }; struct tomoyo_acl_param param = { + /* .ns = &tomoyo_kernel_namespace, */ .is_delete = is_delete, - .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER], + .list = &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], }; int error = is_delete ? -ENOENT : -ENOMEM; if (tomoyo_domain_def(manager)) { @@ -640,13 +694,12 @@ static int tomoyo_update_manager_entry(const char *manager, static int tomoyo_write_manager(struct tomoyo_io_buffer *head) { char *data = head->write_buf; - bool is_delete = tomoyo_str_starts(&data, "delete "); if (!strcmp(data, "manage_by_non_root")) { - tomoyo_manage_by_non_root = !is_delete; + tomoyo_manage_by_non_root = !head->w.is_delete; return 0; } - return tomoyo_update_manager_entry(data, is_delete); + return tomoyo_update_manager_entry(data, head->w.is_delete); } /** @@ -660,8 +713,8 @@ static void tomoyo_read_manager(struct tomoyo_io_buffer *head) { if (head->r.eof) return; - list_for_each_cookie(head->r.acl, - &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { + list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER]) { struct tomoyo_manager *ptr = list_entry(head->r.acl, typeof(*ptr), head.list); if (ptr->head.is_deleted) @@ -694,8 +747,8 @@ static bool tomoyo_manager(void) return true; if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && ptr->is_domain && !tomoyo_pathcmp(domainname, ptr->manager)) { found = true; @@ -707,8 +760,8 @@ static bool tomoyo_manager(void) exe = tomoyo_get_exe(); if (!exe) return false; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], - head.list) { + list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. + policy_list[TOMOYO_ID_MANAGER], head.list) { if (!ptr->head.is_deleted && !ptr->is_domain && !strcmp(exe, ptr->manager->name)) { found = true; @@ -729,7 +782,7 @@ static bool tomoyo_manager(void) } /** - * tomoyo_select_one - Parse select command. + * tomoyo_select_domain - Parse select command. * * @head: Pointer to "struct tomoyo_io_buffer". * @data: String to parse. @@ -738,16 +791,15 @@ static bool tomoyo_manager(void) * * Caller holds tomoyo_read_lock(). */ -static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) +static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, + const char *data) { unsigned int pid; struct tomoyo_domain_info *domain = NULL; bool global_pid = false; - - if (!strcmp(data, "allow_execute")) { - head->r.print_execute_only = true; - return true; - } + if (strncmp(data, "select ", 7)) + return false; + data += 7; if (sscanf(data, "pid=%u", &pid) == 1 || (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { struct task_struct *p; @@ -818,6 +870,7 @@ static int tomoyo_delete_domain(char *domainname) /** * tomoyo_write_domain2 - Write domain policy. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @list: Pointer to "struct list_head". * @data: Policy to be interpreted. * @is_delete: True if it is a delete request. @@ -826,10 +879,12 @@ static int tomoyo_delete_domain(char *domainname) * * Caller holds tomoyo_read_lock(). */ -static int tomoyo_write_domain2(struct list_head *list, char *data, +static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, + struct list_head *list, char *data, const bool is_delete) { struct tomoyo_acl_param param = { + .ns = ns, .list = list, .data = data, .is_delete = is_delete, @@ -862,37 +917,28 @@ static int tomoyo_write_domain2(struct list_head *list, char *data, static int tomoyo_write_domain(struct tomoyo_io_buffer *head) { char *data = head->write_buf; + struct tomoyo_policy_namespace *ns; struct tomoyo_domain_info *domain = head->w.domain; - bool is_delete = false; - bool is_select = false; + const bool is_delete = head->w.is_delete; + bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); unsigned int profile; - - if (tomoyo_str_starts(&data, "delete ")) - is_delete = true; - else if (tomoyo_str_starts(&data, "select ")) - is_select = true; - if (is_select && tomoyo_select_one(head, data)) - return 0; - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; - if (tomoyo_domain_def(data)) { + if (*data == '<') { domain = NULL; if (is_delete) tomoyo_delete_domain(data); else if (is_select) domain = tomoyo_find_domain(data); else - domain = tomoyo_assign_domain(data, 0); + domain = tomoyo_assign_domain(data, false); head->w.domain = domain; return 0; } if (!domain) return -EINVAL; - + ns = domain->ns; if (sscanf(data, "use_profile %u", &profile) == 1 && profile < TOMOYO_MAX_PROFILES) { - if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) + if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) domain->profile = (u8) profile; return 0; } @@ -910,7 +956,8 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) domain->transition_failed = !is_delete; return 0; } - return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete); + return tomoyo_write_domain2(ns, &domain->acl_info_list, data, + is_delete); } /** @@ -924,9 +971,11 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) static void tomoyo_set_group(struct tomoyo_io_buffer *head, const char *category) { - if (head->type == TOMOYO_EXCEPTIONPOLICY) + if (head->type == TOMOYO_EXCEPTIONPOLICY) { + tomoyo_print_namespace(head); tomoyo_io_printf(head, "acl_group %u ", head->r.acl_group_index); + } tomoyo_set_string(head, category); } @@ -956,7 +1005,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { if (!(perm & (1 << bit))) continue; - if (head->r.print_execute_only && + if (head->r.print_transition_related_only && bit != TOMOYO_TYPE_EXECUTE) continue; if (first) { @@ -970,7 +1019,7 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, if (first) return true; tomoyo_print_name_union(head, &ptr->name); - } else if (head->r.print_execute_only) { + } else if (head->r.print_transition_related_only) { return true; } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { struct tomoyo_path2_acl *ptr = @@ -1147,8 +1196,8 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) domain = tomoyo_find_domain(cp + 1); if (strict_strtoul(data, 10, &profile)) return -EINVAL; - if (domain && profile < TOMOYO_MAX_PROFILES - && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) + if (domain && (!tomoyo_policy_loaded || + head->w.ns->profile_ptr[(u8) profile])) domain->profile = (u8) profile; return 0; } @@ -1246,10 +1295,12 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) } static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { - [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain", - [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain", - [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain", - [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain", + [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", + [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", + [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", + [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", }; static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { @@ -1268,19 +1319,13 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { */ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) { + const bool is_delete = head->w.is_delete; struct tomoyo_acl_param param = { + .ns = head->w.ns, + .is_delete = is_delete, .data = head->write_buf, }; u8 i; - param.is_delete = tomoyo_str_starts(&param.data, "delete "); - if (!param.is_delete && tomoyo_str_starts(&param.data, "select ") && - !strcmp(param.data, "execute_only")) { - head->r.print_execute_only = true; - return 0; - } - /* Don't allow updating policies by non manager programs. */ - if (!tomoyo_manager()) - return -EPERM; if (tomoyo_str_starts(&param.data, "aggregator ")) return tomoyo_write_aggregator(&param); for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) @@ -1294,8 +1339,9 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) char *data; group = simple_strtoul(param.data, &data, 10); if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') - return tomoyo_write_domain2(&tomoyo_acl_group[group], - data, param.is_delete); + return tomoyo_write_domain2 + (head->w.ns, &head->w.ns->acl_group[group], + data, is_delete); } return -EINVAL; } @@ -1312,7 +1358,10 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head) */ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->group_list[idx]; + list_for_each_cookie(head->r.group, list) { struct tomoyo_group *group = list_entry(head->r.group, typeof(*group), head.list); list_for_each_cookie(head->r.acl, &group->member_list) { @@ -1322,6 +1371,7 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) continue; if (!tomoyo_flush(head)) return false; + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_group_name[idx]); tomoyo_set_string(head, group->group_name->name); if (idx == TOMOYO_PATH_GROUP) { @@ -1355,7 +1405,10 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) */ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { - list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); + struct list_head *list = &ns->policy_list[idx]; + list_for_each_cookie(head->r.acl, list) { struct tomoyo_acl_head *acl = container_of(head->r.acl, typeof(*acl), list); if (acl->is_deleted) @@ -1367,6 +1420,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_transition_control *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, tomoyo_transition_type [ptr->type]); tomoyo_set_string(head, ptr->program ? @@ -1381,6 +1435,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) { struct tomoyo_aggregator *ptr = container_of(acl, typeof(*ptr), head); + tomoyo_print_namespace(head); tomoyo_set_string(head, "aggregator "); tomoyo_set_string(head, ptr->original_name->name); @@ -1407,6 +1462,8 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) */ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) { + struct tomoyo_policy_namespace *ns = + container_of(head->r.ns, typeof(*ns), namespace_list); if (head->r.eof) return; while (head->r.step < TOMOYO_MAX_POLICY && @@ -1423,7 +1480,7 @@ static void tomoyo_read_exception(struct tomoyo_io_buffer *head) + TOMOYO_MAX_ACL_GROUPS) { head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY - TOMOYO_MAX_GROUP; - if (!tomoyo_read_domain2(head, &tomoyo_acl_group + if (!tomoyo_read_domain2(head, &ns->acl_group [head->r.acl_group_index])) return; head->r.step++; @@ -1484,7 +1541,8 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) return; snprintf(buffer, len - 1, "%s", cp); tomoyo_normalize_line(buffer); - tomoyo_write_domain2(&domain->acl_info_list, buffer, false); + tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, + false); kfree(buffer); } @@ -1895,6 +1953,45 @@ int tomoyo_poll_control(struct file *file, poll_table *wait) return head->poll(file, wait); } +/** + * tomoyo_set_namespace_cursor - Set namespace to read. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns nothing. + */ +static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) +{ + struct list_head *ns; + if (head->type != TOMOYO_EXCEPTIONPOLICY && + head->type != TOMOYO_PROFILE) + return; + /* + * If this is the first read, or reading previous namespace finished + * and has more namespaces to read, update the namespace cursor. + */ + ns = head->r.ns; + if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { + /* Clearing is OK because tomoyo_flush() returned true. */ + memset(&head->r, 0, sizeof(head->r)); + head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; + } +} + +/** + * tomoyo_has_more_namespace - Check for unread namespaces. + * + * @head: Pointer to "struct tomoyo_io_buffer". + * + * Returns true if we have more entries to print, false otherwise. + */ +static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) +{ + return (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) && head->r.eof && + head->r.ns->next != &tomoyo_namespace_list; +} + /** * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. * @@ -1919,13 +2016,53 @@ int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, head->read_user_buf_avail = buffer_len; if (tomoyo_flush(head)) /* Call the policy handler. */ - head->read(head); - tomoyo_flush(head); + do { + tomoyo_set_namespace_cursor(head); + head->read(head); + } while (tomoyo_flush(head) && + tomoyo_has_more_namespace(head)); len = head->read_user_buf - buffer; mutex_unlock(&head->io_sem); return len; } +/** + * tomoyo_parse_policy - Parse a policy line. + * + * @head: Poiter to "struct tomoyo_io_buffer". + * @line: Line to parse. + * + * Returns 0 on success, negative value otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) +{ + /* Delete request? */ + head->w.is_delete = !strncmp(line, "delete ", 7); + if (head->w.is_delete) + memmove(line, line + 7, strlen(line + 7) + 1); + /* Selecting namespace to update. */ + if (head->type == TOMOYO_EXCEPTIONPOLICY || + head->type == TOMOYO_PROFILE) { + if (*line == '<') { + char *cp = strchr(line, ' '); + if (cp) { + *cp++ = '\0'; + head->w.ns = tomoyo_assign_namespace(line); + memmove(line, cp, strlen(cp) + 1); + } else + head->w.ns = NULL; + } else + head->w.ns = &tomoyo_kernel_namespace; + /* Don't allow updating if namespace is invalid. */ + if (!head->w.ns) + return -ENOENT; + } + /* Do the update. */ + return head->write(head); +} + /** * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. * @@ -1941,27 +2078,31 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, const char __user *buffer, const int buffer_len) { int error = buffer_len; - int avail_len = buffer_len; + size_t avail_len = buffer_len; char *cp0 = head->write_buf; - if (!head->write) return -ENOSYS; if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT; - /* Don't allow updating policies by non manager programs. */ - if (head->write != tomoyo_write_pid && - head->write != tomoyo_write_domain && - head->write != tomoyo_write_exception && !tomoyo_manager()) - return -EPERM; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; /* Read a line and dispatch it to the policy handler. */ while (avail_len > 0) { char c; if (head->w.avail >= head->writebuf_size - 1) { - error = -ENOMEM; - break; - } else if (get_user(c, buffer)) { + const int len = head->writebuf_size * 2; + char *cp = kzalloc(len, GFP_NOFS); + if (!cp) { + error = -ENOMEM; + break; + } + memmove(cp, cp0, head->w.avail); + kfree(cp0); + head->write_buf = cp; + cp0 = cp; + head->writebuf_size = len; + } + if (get_user(c, buffer)) { error = -EFAULT; break; } @@ -1973,8 +2114,40 @@ int tomoyo_write_control(struct tomoyo_io_buffer *head, cp0[head->w.avail - 1] = '\0'; head->w.avail = 0; tomoyo_normalize_line(cp0); - head->write(head); + if (!strcmp(cp0, "reset")) { + head->w.ns = &tomoyo_kernel_namespace; + head->w.domain = NULL; + memset(&head->r, 0, sizeof(head->r)); + continue; + } + /* Don't allow updating policies by non manager programs. */ + switch (head->type) { + case TOMOYO_PROCESS_STATUS: + /* This does not write anything. */ + break; + case TOMOYO_DOMAINPOLICY: + if (tomoyo_select_domain(head, cp0)) + continue; + /* fall through */ + case TOMOYO_EXCEPTIONPOLICY: + if (!strcmp(cp0, "select transition_only")) { + head->r.print_transition_related_only = true; + continue; + } + /* fall through */ + default: + if (!tomoyo_manager()) { + error = -EPERM; + goto out; + } + } + switch (tomoyo_parse_policy(head, cp0)) { + case -EPERM: + error = -EPERM; + goto out; + } } +out: mutex_unlock(&head->io_sem); return error; } @@ -2019,27 +2192,27 @@ void tomoyo_check_profile(void) struct tomoyo_domain_info *domain; const int idx = tomoyo_read_lock(); tomoyo_policy_loaded = true; - /* Check all profiles currently assigned to domains are defined. */ + printk(KERN_INFO "TOMOYO: 2.4.0\n"); list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { const u8 profile = domain->profile; - if (tomoyo_profile_ptr[profile]) + const struct tomoyo_policy_namespace *ns = domain->ns; + if (ns->profile_version != 20100903) + printk(KERN_ERR + "Profile version %u is not supported.\n", + ns->profile_version); + else if (!ns->profile_ptr[profile]) + printk(KERN_ERR + "Profile %u (used by '%s') is not defined.\n", + profile, domain->domainname->name); + else continue; - printk(KERN_ERR "You need to define profile %u before using it.\n", - profile); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " + printk(KERN_ERR + "Userland tools for TOMOYO 2.4 must be installed and " + "policy must be initialized.\n"); + printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " "for more information.\n"); - panic("Profile %u (used by '%s') not defined.\n", - profile, domain->domainname->name); + panic("STOP!"); } tomoyo_read_unlock(idx); - if (tomoyo_profile_version != 20090903) { - printk(KERN_ERR "You need to install userland programs for " - "TOMOYO 2.3 and initialize policy configuration.\n"); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " - "for more information.\n"); - panic("Profile version %u is not supported.\n", - tomoyo_profile_version); - } - printk(KERN_INFO "TOMOYO: 2.3.0\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 4bc3975516cb..53c8798e38b7 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -74,10 +74,6 @@ enum tomoyo_group_id { TOMOYO_MAX_GROUP }; -/* A domain definition starts with <kernel>. */ -#define TOMOYO_ROOT_NAME "<kernel>" -#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) - /* Index numbers for type of numeric values. */ enum tomoyo_value_type { TOMOYO_VALUE_TYPE_INVALID, @@ -89,6 +85,8 @@ enum tomoyo_value_type { /* Index numbers for domain transition control keywords. */ enum tomoyo_transition_type { /* Do not change this order, */ + TOMOYO_TRANSITION_CONTROL_NO_RESET, + TOMOYO_TRANSITION_CONTROL_RESET, TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, TOMOYO_TRANSITION_CONTROL_INITIALIZE, TOMOYO_TRANSITION_CONTROL_NO_KEEP, @@ -246,6 +244,8 @@ struct tomoyo_shared_acl_head { atomic_t users; } __packed; +struct tomoyo_policy_namespace; + /* Structure for request info. */ struct tomoyo_request_info { struct tomoyo_domain_info *domain; @@ -359,6 +359,8 @@ struct tomoyo_domain_info { struct list_head acl_info_list; /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; + /* Namespace for this domain. Never NULL. */ + struct tomoyo_policy_namespace *ns; u8 profile; /* Profile number to use. */ u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ @@ -423,6 +425,7 @@ struct tomoyo_mount_acl { struct tomoyo_acl_param { char *data; struct list_head *list; + struct tomoyo_policy_namespace *ns; bool is_delete; }; @@ -443,6 +446,7 @@ struct tomoyo_io_buffer { char __user *read_user_buf; int read_user_buf_avail; struct { + struct list_head *ns; struct list_head *domain; struct list_head *group; struct list_head *acl; @@ -455,14 +459,16 @@ struct tomoyo_io_buffer { u8 w_pos; bool eof; bool print_this_domain_only; - bool print_execute_only; + bool print_transition_related_only; const char *w[TOMOYO_MAX_IO_READ_QUEUE]; } r; struct { + struct tomoyo_policy_namespace *ns; /* The position currently writing to. */ struct tomoyo_domain_info *domain; /* Bytes available for writing. */ int avail; + bool is_delete; } w; /* Buffer for reading. */ char *read_buf; @@ -533,8 +539,27 @@ struct tomoyo_time { u8 sec; }; +/* Structure for policy namespace. */ +struct tomoyo_policy_namespace { + /* Profile table. Memory is allocated as needed. */ + struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; + /* List of "struct tomoyo_group". */ + struct list_head group_list[TOMOYO_MAX_GROUP]; + /* List of policy. */ + struct list_head policy_list[TOMOYO_MAX_POLICY]; + /* The global ACL referred by "use_group" keyword. */ + struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; + /* List for connecting to tomoyo_namespace_list list. */ + struct list_head namespace_list; + /* Profile version. Currently only 20100903 is defined. */ + unsigned int profile_version; + /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ + const char *name; +}; + /********** Function prototypes. **********/ +void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); bool tomoyo_str_starts(char **src, const char *find); const char *tomoyo_get_exe(void); void tomoyo_normalize_line(unsigned char *buffer); @@ -553,7 +578,8 @@ tomoyo_compare_name_union(const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); bool tomoyo_compare_number_union(const unsigned long value, const struct tomoyo_number_union *ptr); -int tomoyo_get_mode(const u8 profile, const u8 index); +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index); void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); bool tomoyo_correct_domain(const unsigned char *domainname); @@ -589,8 +615,11 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile); -struct tomoyo_profile *tomoyo_profile(const u8 profile); + const bool transit); +struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, + const u8 profile); +struct tomoyo_policy_namespace *tomoyo_assign_namespace +(const char *domainname); struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, @@ -646,6 +675,8 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param); bool tomoyo_permstr(const char *string, const char *keyword); const char *tomoyo_yesno(const unsigned int value); +void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); void tomoyo_read_log(struct tomoyo_io_buffer *head); @@ -661,8 +692,6 @@ extern struct srcu_struct tomoyo_ss; /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; /* Lock for protecting policy. */ @@ -671,10 +700,10 @@ extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; -extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The kernel's domain. */ extern struct tomoyo_domain_info tomoyo_kernel_domain; +extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; +extern struct list_head tomoyo_namespace_list; extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; @@ -809,6 +838,16 @@ static inline bool tomoyo_same_number_union a->value_type[1] == b->value_type[1]; } +/** + * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. + * + * Returns pointer to "struct tomoyo_policy_namespace" for current thread. + */ +static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) +{ + return tomoyo_domain()->ns; +} + #if defined(CONFIG_SLOB) /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index af5f325e2f33..71acebc747c3 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -12,9 +12,6 @@ /* Variables definitions.*/ -/* The global ACL referred by "use_group" keyword. */ -struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; - /* The initial domain. */ struct tomoyo_domain_info tomoyo_kernel_domain; @@ -158,7 +155,7 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, } if (!retried) { retried = true; - list = &tomoyo_acl_group[domain->group]; + list = &domain->ns->acl_group[domain->group]; goto retry; } r->granted = false; @@ -167,13 +164,10 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, /* The list for "struct tomoyo_domain_info". */ LIST_HEAD(tomoyo_domain_list); -struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; -struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; - /** * tomoyo_last_word - Get last component of a domainname. * - * @domainname: Domainname to check. + * @name: Domainname to check. * * Returns the last word of @domainname. */ @@ -247,7 +241,7 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, if (!e.domainname) goto out; } - param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_transition_control); out: @@ -257,59 +251,88 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, } /** - * tomoyo_transition_type - Get domain transition type. + * tomoyo_scan_transition - Try to find specific domain transition type. * - * @domainname: The name of domain. - * @program: The name of program. + * @list: Pointer to "struct list_head". + * @domainname: The name of current domain. + * @program: The name of requested program. + * @last_name: The last component of @domainname. + * @type: One of values in "enum tomoyo_transition_type". * - * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program - * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing - * @program suppresses domain transition, others otherwise. + * Returns true if found one, false otherwise. * * Caller holds tomoyo_read_lock(). */ -static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname, - const struct tomoyo_path_info *program) +static inline bool tomoyo_scan_transition +(const struct list_head *list, const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program, const char *last_name, + const enum tomoyo_transition_type type) { const struct tomoyo_transition_control *ptr; - const char *last_name = tomoyo_last_word(domainname->name); - u8 type; - for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) { - next: - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_TRANSITION_CONTROL], - head.list) { - if (ptr->head.is_deleted || ptr->type != type) - continue; - if (ptr->domainname) { - if (!ptr->is_last_name) { - if (ptr->domainname != domainname) - continue; - } else { - /* - * Use direct strcmp() since this is - * unlikely used. - */ - if (strcmp(ptr->domainname->name, - last_name)) - continue; - } - } - if (ptr->program && - tomoyo_pathcmp(ptr->program, program)) - continue; - if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) { + list_for_each_entry_rcu(ptr, list, head.list) { + if (ptr->head.is_deleted || ptr->type != type) + continue; + if (ptr->domainname) { + if (!ptr->is_last_name) { + if (ptr->domainname != domainname) + continue; + } else { /* - * Do not check for initialize_domain if - * no_initialize_domain matched. + * Use direct strcmp() since this is + * unlikely used. */ - type = TOMOYO_TRANSITION_CONTROL_NO_KEEP; - goto next; + if (strcmp(ptr->domainname->name, last_name)) + continue; } - goto done; } + if (ptr->program && tomoyo_pathcmp(ptr->program, program)) + continue; + return true; + } + return false; +} + +/** + * tomoyo_transition_type - Get domain transition type. + * + * @ns: Pointer to "struct tomoyo_policy_namespace". + * @domainname: The name of current domain. + * @program: The name of requested program. + * + * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes + * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if + * executing @program reinitializes domain transition within that namespace, + * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname , + * others otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static enum tomoyo_transition_type tomoyo_transition_type +(const struct tomoyo_policy_namespace *ns, + const struct tomoyo_path_info *domainname, + const struct tomoyo_path_info *program) +{ + const char *last_name = tomoyo_last_word(domainname->name); + enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET; + while (type < TOMOYO_MAX_TRANSITION_TYPE) { + const struct list_head * const list = + &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; + if (!tomoyo_scan_transition(list, domainname, program, + last_name, type)) { + type++; + continue; + } + if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET && + type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) + break; + /* + * Do not check for reset_domain if no_reset_domain matched. + * Do not check for initialize_domain if no_initialize_domain + * matched. + */ + type++; + type++; } - done: return type; } @@ -355,7 +378,7 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) if (!e.original_name || !e.aggregated_name || e.aggregated_name->is_patterned) /* No patterns allowed. */ goto out; - param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]; + param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR]; error = tomoyo_update_policy(&e.head, sizeof(e), param, tomoyo_same_aggregator); out: @@ -365,53 +388,171 @@ int tomoyo_write_aggregator(struct tomoyo_acl_param *param) } /** - * tomoyo_assign_domain - Create a domain. + * tomoyo_find_namespace - Find specified namespace. + * + * @name: Name of namespace to find. + * @len: Length of @name. + * + * Returns pointer to "struct tomoyo_policy_namespace" if found, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +static struct tomoyo_policy_namespace *tomoyo_find_namespace +(const char *name, const unsigned int len) +{ + struct tomoyo_policy_namespace *ns; + list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { + if (strncmp(name, ns->name, len) || + (name[len] && name[len] != ' ')) + continue; + return ns; + } + return NULL; +} + +/** + * tomoyo_assign_namespace - Create a new namespace. + * + * @domainname: Name of namespace to create. + * + * Returns pointer to "struct tomoyo_policy_namespace" on success, + * NULL otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname) +{ + struct tomoyo_policy_namespace *ptr; + struct tomoyo_policy_namespace *entry; + const char *cp = domainname; + unsigned int len = 0; + while (*cp && *cp++ != ' ') + len++; + ptr = tomoyo_find_namespace(domainname, len); + if (ptr) + return ptr; + if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) + return NULL; + entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); + if (!entry) + return NULL; + if (mutex_lock_interruptible(&tomoyo_policy_lock)) + goto out; + ptr = tomoyo_find_namespace(domainname, len); + if (!ptr && tomoyo_memory_ok(entry)) { + char *name = (char *) (entry + 1); + ptr = entry; + memmove(name, domainname, len); + name[len] = '\0'; + entry->name = name; + tomoyo_init_policy_namespace(entry); + entry = NULL; + } + mutex_unlock(&tomoyo_policy_lock); +out: + kfree(entry); + return ptr; +} + +/** + * tomoyo_namespace_jump - Check for namespace jump. + * + * @domainname: Name of domain. + * + * Returns true if namespace differs, false otherwise. + */ +static bool tomoyo_namespace_jump(const char *domainname) +{ + const char *namespace = tomoyo_current_namespace()->name; + const int len = strlen(namespace); + return strncmp(domainname, namespace, len) || + (domainname[len] && domainname[len] != ' '); +} + +/** + * tomoyo_assign_domain - Create a domain or a namespace. * * @domainname: The name of domain. - * @profile: Profile number to assign if the domain was newly created. + * @transit: True if transit to domain found or created. * * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. * * Caller holds tomoyo_read_lock(). */ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, - const u8 profile) + const bool transit) { - struct tomoyo_domain_info *entry; - struct tomoyo_domain_info *domain = NULL; - const struct tomoyo_path_info *saved_domainname; - bool found = false; - - if (!tomoyo_correct_domain(domainname)) + struct tomoyo_domain_info e = { }; + struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); + bool created = false; + if (entry) { + if (transit) { + /* + * Since namespace is created at runtime, profiles may + * not be created by the moment the process transits to + * that domain. Do not perform domain transition if + * profile for that domain is not yet created. + */ + if (!entry->ns->profile_ptr[entry->profile]) + return NULL; + } + return entry; + } + /* Requested domain does not exist. */ + /* Don't create requested domain if domainname is invalid. */ + if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || + !tomoyo_correct_domain(domainname)) return NULL; - saved_domainname = tomoyo_get_name(domainname); - if (!saved_domainname) + /* + * Since definition of profiles and acl_groups may differ across + * namespaces, do not inherit "use_profile" and "use_group" settings + * by automatically creating requested domain upon domain transition. + */ + if (transit && tomoyo_namespace_jump(domainname)) + return NULL; + e.ns = tomoyo_assign_namespace(domainname); + if (!e.ns) + return NULL; + /* + * "use_profile" and "use_group" settings for automatically created + * domains are inherited from current domain. These are 0 for manually + * created domains. + */ + if (transit) { + const struct tomoyo_domain_info *domain = tomoyo_domain(); + e.profile = domain->profile; + e.group = domain->group; + } + e.domainname = tomoyo_get_name(domainname); + if (!e.domainname) return NULL; - entry = kzalloc(sizeof(*entry), GFP_NOFS); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { - if (domain->is_deleted || - tomoyo_pathcmp(saved_domainname, domain->domainname)) - continue; - found = true; - break; - } - if (!found && tomoyo_memory_ok(entry)) { - INIT_LIST_HEAD(&entry->acl_info_list); - entry->domainname = saved_domainname; - saved_domainname = NULL; - entry->profile = profile; - list_add_tail_rcu(&entry->list, &tomoyo_domain_list); - domain = entry; - entry = NULL; - found = true; + entry = tomoyo_find_domain(domainname); + if (!entry) { + entry = tomoyo_commit_ok(&e, sizeof(e)); + if (entry) { + INIT_LIST_HEAD(&entry->acl_info_list); + list_add_tail_rcu(&entry->list, &tomoyo_domain_list); + created = true; + } } mutex_unlock(&tomoyo_policy_lock); - out: - tomoyo_put_name(saved_domainname); - kfree(entry); - return found ? domain : NULL; +out: + tomoyo_put_name(e.domainname); + if (entry && transit) { + if (created) { + struct tomoyo_request_info r; + tomoyo_init_request_info(&r, entry, + TOMOYO_MAC_FILE_EXECUTE); + r.granted = false; + tomoyo_write_log(&r, "use_profile %u\n", + entry->profile); + tomoyo_write_log(&r, "use_group %u\n", entry->group); + } + } + return entry; } /** @@ -434,6 +575,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bool is_enforce; int retval = -ENOMEM; bool need_kfree = false; + bool reject_on_transition_failure = false; struct tomoyo_path_info rn = { }; /* real name */ mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); @@ -457,8 +599,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) /* Check 'aggregator' directive. */ { struct tomoyo_aggregator *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_policy_list - [TOMOYO_ID_AGGREGATOR], head.list) { + struct list_head *list = + &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; + /* Check 'aggregator' directive. */ + list_for_each_entry_rcu(ptr, list, head.list) { if (ptr->head.is_deleted || !tomoyo_path_matches_pattern(&rn, ptr->original_name)) @@ -492,11 +636,21 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } /* Calculate domain to transit to. */ - switch (tomoyo_transition_type(old_domain->domainname, &rn)) { + switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, + &rn)) { + case TOMOYO_TRANSITION_CONTROL_RESET: + /* Transit to the root of specified namespace. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); + /* + * Make do_execve() fail if domain transition across namespaces + * has failed. + */ + reject_on_transition_failure = true; + break; case TOMOYO_TRANSITION_CONTROL_INITIALIZE: - /* Transit to the child of tomoyo_kernel_domain domain. */ - snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " " - "%s", rn.name); + /* Transit to the child of current namespace's root. */ + snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", + old_domain->ns->name, rn.name); break; case TOMOYO_TRANSITION_CONTROL_KEEP: /* Keep current domain. */ @@ -519,19 +673,25 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) } break; } - if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10) - goto done; - domain = tomoyo_find_domain(tmp); if (!domain) - domain = tomoyo_assign_domain(tmp, old_domain->profile); - done: + domain = tomoyo_assign_domain(tmp, true); if (domain) - goto out; - printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp); - if (is_enforce) - retval = -EPERM; - else - old_domain->transition_failed = true; + retval = 0; + else if (reject_on_transition_failure) { + printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); + retval = -ENOMEM; + } else if (r.mode == TOMOYO_CONFIG_ENFORCING) + retval = -ENOMEM; + else { + retval = 0; + if (!old_domain->transition_failed) { + old_domain->transition_failed = true; + r.granted = false; + tomoyo_write_log(&r, "%s", "transition_failed\n"); + printk(KERN_WARNING + "ERROR: Domain '%s' not defined.\n", tmp); + } + } out: if (!domain) domain = old_domain; diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 4f8526af9069..323ddc73a125 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -603,7 +603,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, int error; r->type = tomoyo_p2mac[operation]; - r->mode = tomoyo_get_mode(r->profile, r->type); + r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); if (r->mode == TOMOYO_CONFIG_DISABLED) return 0; r->param_type = TOMOYO_TYPE_PATH_ACL; diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 412ee8309c23..782e844dca7f 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -292,15 +292,12 @@ static bool tomoyo_collect_acl(struct list_head *list) static void tomoyo_collect_entry(void) { int i; + enum tomoyo_policy_id id; + struct tomoyo_policy_namespace *ns; + int idx; if (mutex_lock_interruptible(&tomoyo_policy_lock)) return; - for (i = 0; i < TOMOYO_MAX_POLICY; i++) { - if (!tomoyo_collect_member(i, &tomoyo_policy_list[i])) - goto unlock; - } - for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) - if (!tomoyo_collect_acl(&tomoyo_acl_group[i])) - goto unlock; + idx = tomoyo_read_lock(); { struct tomoyo_domain_info *domain; list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { @@ -317,39 +314,49 @@ static void tomoyo_collect_entry(void) goto unlock; } } + list_for_each_entry_rcu(ns, &tomoyo_namespace_list, namespace_list) { + for (id = 0; id < TOMOYO_MAX_POLICY; id++) + if (!tomoyo_collect_member(id, &ns->policy_list[id])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) + if (!tomoyo_collect_acl(&ns->acl_group[i])) + goto unlock; + for (i = 0; i < TOMOYO_MAX_GROUP; i++) { + struct list_head *list = &ns->group_list[i]; + struct tomoyo_group *group; + switch (i) { + case 0: + id = TOMOYO_ID_PATH_GROUP; + break; + default: + id = TOMOYO_ID_NUMBER_GROUP; + break; + } + list_for_each_entry(group, list, head.list) { + if (!tomoyo_collect_member + (id, &group->member_list)) + goto unlock; + if (!list_empty(&group->member_list) || + atomic_read(&group->head.users)) + continue; + if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, + &group->head.list)) + goto unlock; + } + } + } for (i = 0; i < TOMOYO_MAX_HASH; i++) { - struct tomoyo_name *ptr; - list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], head.list) { - if (atomic_read(&ptr->head.users)) + struct list_head *list = &tomoyo_name_list[i]; + struct tomoyo_shared_acl_head *ptr; + list_for_each_entry(ptr, list, list) { + if (atomic_read(&ptr->users)) continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->head.list)) + if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list)) goto unlock; } } - for (i = 0; i < TOMOYO_MAX_GROUP; i++) { - struct list_head *list = &tomoyo_group_list[i]; - int id; - struct tomoyo_group *group; - switch (i) { - case 0: - id = TOMOYO_ID_PATH_GROUP; - break; - default: - id = TOMOYO_ID_NUMBER_GROUP; - break; - } - list_for_each_entry(group, list, head.list) { - if (!tomoyo_collect_member(id, &group->member_list)) - goto unlock; - if (!list_empty(&group->member_list) || - atomic_read(&group->head.users)) - continue; - if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, - &group->head.list)) - goto unlock; - } - } - unlock: +unlock: + tomoyo_read_unlock(idx); mutex_unlock(&tomoyo_policy_lock); } diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 7a0493943d6d..39d012823f84 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -118,7 +118,7 @@ struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, return NULL; if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; - list = &tomoyo_group_list[idx]; + list = &param->ns->group_list[idx]; list_for_each_entry(group, list, head.list) { if (e.group_name != group->group_name) continue; @@ -199,27 +199,23 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) return ptr ? &ptr->entry : NULL; } +/* Initial namespace.*/ +struct tomoyo_policy_namespace tomoyo_kernel_namespace; + /** * tomoyo_mm_init - Initialize mm related code. */ void __init tomoyo_mm_init(void) { int idx; - - for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) - INIT_LIST_HEAD(&tomoyo_policy_list[idx]); - for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) - INIT_LIST_HEAD(&tomoyo_group_list[idx]); for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) INIT_LIST_HEAD(&tomoyo_name_list[idx]); + tomoyo_kernel_namespace.name = "<kernel>"; + tomoyo_init_policy_namespace(&tomoyo_kernel_namespace); + tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); - for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) - INIT_LIST_HEAD(&tomoyo_acl_group[idx]); - tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME); + tomoyo_kernel_domain.domainname = tomoyo_get_name("<kernel>"); list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list); - idx = tomoyo_read_lock(); - if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain) - panic("Can't register tomoyo_kernel_domain"); #if 0 /* Will be replaced with tomoyo_load_builtin_policy(). */ { @@ -230,7 +226,6 @@ void __init tomoyo_mm_init(void) TOMOYO_TRANSITION_CONTROL_INITIALIZE); } #endif - tomoyo_read_unlock(idx); } diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) */ bool tomoyo_correct_domain(const unsigned char *domainname) { - if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, - TOMOYO_ROOT_NAME_LEN)) - goto out; - domainname += TOMOYO_ROOT_NAME_LEN; - if (!*domainname) + if (!domainname || !tomoyo_domain_def(domainname)) + return false; + domainname = strchr(domainname, ' '); + if (!domainname++) return true; - if (*domainname++ != ' ') - goto out; while (1) { const unsigned char *cp = strchr(domainname, ' '); if (!cp) break; if (*domainname != '/' || !tomoyo_correct_word2(domainname, cp - domainname)) - goto out; + return false; domainname = cp + 1; } return tomoyo_correct_path(domainname); - out: - return false; } /** @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) */ bool tomoyo_domain_def(const unsigned char *buffer) { - return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); + const unsigned char *cp; + int len; + if (*buffer != '<') + return false; + cp = strchr(buffer, ' '); + if (!cp) + len = strlen(buffer); + else + len = cp - buffer; + if (buffer[len - 1] != '>' || + !tomoyo_correct_word2(buffer + 1, len - 2)) + return false; + return true; } /** @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) /** * tomoyo_get_mode - Get MAC mode. * + * @ns: Pointer to "struct tomoyo_policy_namespace". * @profile: Profile number. * @index: Index number of functionality. * * Returns mode. */ -int tomoyo_get_mode(const u8 profile, const u8 index) +int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, + const u8 index) { u8 mode; const u8 category = TOMOYO_MAC_CATEGORY_FILE; if (!tomoyo_policy_loaded) return TOMOYO_CONFIG_DISABLED; - mode = tomoyo_profile(profile)->config[index]; + mode = tomoyo_profile(ns, profile)->config[index]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->config[category]; + mode = tomoyo_profile(ns, profile)->config[category]; if (mode == TOMOYO_CONFIG_USE_DEFAULT) - mode = tomoyo_profile(profile)->default_config; + mode = tomoyo_profile(ns, profile)->default_config; return mode & 3; } @@ -872,25 +881,10 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, profile = domain->profile; r->profile = profile; r->type = index; - r->mode = tomoyo_get_mode(profile, index); + r->mode = tomoyo_get_mode(domain->ns, profile, index); return r->mode; } -/** - * tomoyo_last_word - Get last component of a line. - * - * @line: A line. - * - * Returns the last word of a line. - */ -const char *tomoyo_last_word(const char *name) -{ - const char *cp = strrchr(name, ' '); - if (cp) - return cp + 1; - return name; -} - /** * tomoyo_domain_quota_is_ok - Check for domain's quota. * @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) if (perm & (1 << i)) count++; } - if (count < tomoyo_profile(domain->profile)-> + if (count < tomoyo_profile(domain->ns, domain->profile)-> pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) return true; if (!domain->quota_warned) {

1 year, 6 months

1
0
0 0

[PATCH 6.6.y v2 0/5] Delay VERW - 6.6.y backport

by Pawan Gupta

v2: - Dropped already backported patch "x86/bugs: Add asm helpers for executing VERW" https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… - Booted fine with KASLR and KPTI enabled. - Rebased to v6.6.20 v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-6-y-v1-0-aa17b2922… This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 2/6 needed a conflict to be resolved for the hunk swapgs_restore_regs_and_return_to_usermode. This is only compile and boot tested on qemu. Cc: Dave Hansen <dave.hansen(a)linux.intel.com> To: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (4): x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/arch/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 12 ------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 20 +++++++++++++++---- 11 files changed, 75 insertions(+), 45 deletions(-) --- base-commit: 9b4a8eac17f0d840729384618b4b1e876233026c change-id: 20240226-delay-verw-backport-6-6-y-2cda3298e600 Best regards, -- Thanks, Pawan

1 year, 6 months

1
5
0 0

patch "iio: accel: adxl367: fix I2C FIFO data register" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: adxl367: fix I2C FIFO data register to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 11dadb631007324c7a8bcb2650eda88ed2b9eed0 Mon Sep 17 00:00:00 2001 From: Cosmin Tanislav <demonsingur(a)gmail.com> Date: Wed, 7 Feb 2024 05:36:51 +0200 Subject: iio: accel: adxl367: fix I2C FIFO data register As specified in the datasheet, the I2C FIFO data register is 0x18, not 0x42. 0x42 was used by mistake when adapting the ADXL372 driver. Fix this mistake. Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240207033657.206171-2-demonsingur@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/adxl367_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/accel/adxl367_i2c.c b/drivers/iio/accel/adxl367_i2c.c index b595fe94f3a3..62c74bdc0d77 100644 --- a/drivers/iio/accel/adxl367_i2c.c +++ b/drivers/iio/accel/adxl367_i2c.c @@ -11,7 +11,7 @@ #include "adxl367.h" -#define ADXL367_I2C_FIFO_DATA 0x42 +#define ADXL367_I2C_FIFO_DATA 0x18 struct adxl367_i2c_state { struct regmap *regmap; -- 2.44.0

1 year, 6 months

1
0
0 0

patch "iio: accel: adxl367: fix DEVID read after reset" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: adxl367: fix DEVID read after reset to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 1b926914bbe4e30cb32f268893ef7d82a85275b8 Mon Sep 17 00:00:00 2001 From: Cosmin Tanislav <demonsingur(a)gmail.com> Date: Wed, 7 Feb 2024 05:36:50 +0200 Subject: iio: accel: adxl367: fix DEVID read after reset regmap_read_poll_timeout() will not sleep before reading, causing the first read to return -ENXIO on I2C, since the chip does not respond to it while it is being reset. The datasheet specifies that a soft reset operation has a latency of 7.5ms. Add a 15ms sleep between reset and reading the DEVID register, and switch to a simple regmap_read() call. Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver") Signed-off-by: Cosmin Tanislav <demonsingur(a)gmail.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240207033657.206171-1-demonsingur@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/adxl367.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/iio/accel/adxl367.c b/drivers/iio/accel/adxl367.c index 90b7ae6d42b7..484fe2e9fb17 100644 --- a/drivers/iio/accel/adxl367.c +++ b/drivers/iio/accel/adxl367.c @@ -1429,9 +1429,11 @@ static int adxl367_verify_devid(struct adxl367_state *st) unsigned int val; int ret; - ret = regmap_read_poll_timeout(st->regmap, ADXL367_REG_DEVID, val, - val == ADXL367_DEVID_AD, 1000, 10000); + ret = regmap_read(st->regmap, ADXL367_REG_DEVID, &val); if (ret) + return dev_err_probe(st->dev, ret, "Failed to read dev id\n"); + + if (val != ADXL367_DEVID_AD) return dev_err_probe(st->dev, -ENODEV, "Invalid dev id 0x%02X, expected 0x%02X\n", val, ADXL367_DEVID_AD); @@ -1510,6 +1512,8 @@ int adxl367_probe(struct device *dev, const struct adxl367_ops *ops, if (ret) return ret; + fsleep(15000); + ret = adxl367_verify_devid(st); if (ret) return ret; -- 2.44.0

1 year, 6 months

1
0
0 0

patch "iio: pressure: Fixes BMP38x and BMP390 SPI support" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: Fixes BMP38x and BMP390 SPI support to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From a9dd9ba323114f366eb07f1d9630822f8df6cbb2 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Mon, 19 Feb 2024 20:13:59 +0100 Subject: iio: pressure: Fixes BMP38x and BMP390 SPI support According to the datasheet of BMP38x and BMP390 devices, for an SPI read operation the first byte that is returned needs to be dropped, and the rest of the bytes are the actual data returned from the sensor. Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Acked-by: Angel Iglesias <ang.iglesiasg(a)gmail.com> Link: https://lore.kernel.org/r/20240219191359.18367-1-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-spi.c | 50 ++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/drivers/iio/pressure/bmp280-spi.c b/drivers/iio/pressure/bmp280-spi.c index e8a5fed07e88..a444d4b2978b 100644 --- a/drivers/iio/pressure/bmp280-spi.c +++ b/drivers/iio/pressure/bmp280-spi.c @@ -4,6 +4,7 @@ * * Inspired by the older BMP085 driver drivers/misc/bmp085-spi.c */ +#include <linux/bits.h> #include <linux/module.h> #include <linux/spi/spi.h> #include <linux/err.h> @@ -35,6 +36,34 @@ static int bmp280_regmap_spi_read(void *context, const void *reg, return spi_write_then_read(spi, reg, reg_size, val, val_size); } +static int bmp380_regmap_spi_read(void *context, const void *reg, + size_t reg_size, void *val, size_t val_size) +{ + struct spi_device *spi = to_spi_device(context); + u8 rx_buf[4]; + ssize_t status; + + /* + * Maximum number of consecutive bytes read for a temperature or + * pressure measurement is 3. + */ + if (val_size > 3) + return -EINVAL; + + /* + * According to the BMP3xx datasheets, for a basic SPI read opertion, + * the first byte needs to be dropped and the rest are the requested + * data. + */ + status = spi_write_then_read(spi, reg, 1, rx_buf, val_size + 1); + if (status) + return status; + + memcpy(val, rx_buf + 1, val_size); + + return 0; +} + static struct regmap_bus bmp280_regmap_bus = { .write = bmp280_regmap_spi_write, .read = bmp280_regmap_spi_read, @@ -42,10 +71,19 @@ static struct regmap_bus bmp280_regmap_bus = { .val_format_endian_default = REGMAP_ENDIAN_BIG, }; +static struct regmap_bus bmp380_regmap_bus = { + .write = bmp280_regmap_spi_write, + .read = bmp380_regmap_spi_read, + .read_flag_mask = BIT(7), + .reg_format_endian_default = REGMAP_ENDIAN_BIG, + .val_format_endian_default = REGMAP_ENDIAN_BIG, +}; + static int bmp280_spi_probe(struct spi_device *spi) { const struct spi_device_id *id = spi_get_device_id(spi); const struct bmp280_chip_info *chip_info; + struct regmap_bus *bmp_regmap_bus; struct regmap *regmap; int ret; @@ -58,8 +96,18 @@ static int bmp280_spi_probe(struct spi_device *spi) chip_info = spi_get_device_match_data(spi); + switch (chip_info->chip_id[0]) { + case BMP380_CHIP_ID: + case BMP390_CHIP_ID: + bmp_regmap_bus = &bmp380_regmap_bus; + break; + default: + bmp_regmap_bus = &bmp280_regmap_bus; + break; + } + regmap = devm_regmap_init(&spi->dev, - &bmp280_regmap_bus, + bmp_regmap_bus, &spi->dev, chip_info->regmap_config); if (IS_ERR(regmap)) { -- 2.44.0

1 year, 6 months

1
0
0 0

[PATCH] serial: 8250_dw: Do not reclock if already at correct rate

by Peter Collingbourne

When userspace opens the console, we call set_termios() passing a termios with the console's configured baud rate. Currently this causes dw8250_set_termios() to disable and then re-enable the UART clock at the same frequency as it was originally. This can cause corruption of any concurrent console output. Fix it by skipping the reclocking if we are already at the correct rate. Signed-off-by: Peter Collingbourne <pcc(a)google.com> Link: https://linux-review.googlesource.com/id/I2e3761d239cbf29ed41412e5338f30bff… Fixes: 4e26b134bd17 ("serial: 8250_dw: clock rate handling for all ACPI platforms") Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_dw.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index 2d1f350a4bea..c1d43f040c43 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -357,9 +357,9 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, long rate; int ret; - clk_disable_unprepare(d->clk); rate = clk_round_rate(d->clk, newrate); - if (rate > 0) { + if (rate > 0 && p->uartclk != rate) { + clk_disable_unprepare(d->clk); /* * Note that any clock-notifer worker will block in * serial8250_update_uartclk() until we are done. @@ -367,8 +367,8 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, ret = clk_set_rate(d->clk, newrate); if (!ret) p->uartclk = rate; + clk_prepare_enable(d->clk); } - clk_prepare_enable(d->clk); dw8250_do_set_termios(p, termios, old); } -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

3
2
0 0

patch "iio: adc: rockchip_saradc: use mask for write_enable bitfield" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: use mask for write_enable bitfield to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 5b4e4b72034f85f7a0cdd147d3d729c5a22c8764 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:22 +0100 Subject: iio: adc: rockchip_saradc: use mask for write_enable bitfield Some of the registers on the SARADCv2 have bits write protected except if another bit is set. This is usually done by having the lowest 16 bits store the data to write and the highest 16 bits specify which of the 16 lowest bits should have their value written to the hardware block. The write_enable mask for the channel selection was incorrect because it was just the value shifted by 16 bits, which means it would only ever write bits and never clear them. So e.g. if someone starts a conversion on channel 5, the lowest 4 bits would be 0x5, then starts a conversion on channel 0, it would still be 5. Instead of shifting the value by 16 as the mask, let's use the OR'ing of the appropriate masks shifted by 16. Note that this is not an issue currently because the only SARADCv2 currently supported has a reset defined in its Device Tree, that reset resets the SARADC controller before starting a conversion on a channel. However, this reset is handled as optional by the probe function and thus proper masking should be used in the event an SARADCv2 without a reset ever makes it upstream. Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-2-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index 2da8d6f3241a..1c0042fbbb54 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -102,12 +102,12 @@ static void rockchip_saradc_start_v2(struct rockchip_saradc *info, int chn) writel_relaxed(0xc, info->regs + SARADC_T_DAS_SOC); writel_relaxed(0x20, info->regs + SARADC_T_PD_SOC); val = FIELD_PREP(SARADC2_EN_END_INT, 1); - val |= val << 16; + val |= SARADC2_EN_END_INT << 16; writel_relaxed(val, info->regs + SARADC2_END_INT_EN); val = FIELD_PREP(SARADC2_START, 1) | FIELD_PREP(SARADC2_SINGLE_MODE, 1) | FIELD_PREP(SARADC2_CONV_CHANNELS, chn); - val |= val << 16; + val |= (SARADC2_START | SARADC2_SINGLE_MODE | SARADC2_CONV_CHANNELS) << 16; writel(val, info->regs + SARADC2_CONV_CON); } -- 2.44.0

1 year, 6 months

1
0
0 0

patch "iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From b0a4546df24a4f8c59b2d05ae141bd70ceccc386 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:21 +0100 Subject: iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 The SARADCv2 on RK3588 (the only SoC currently supported that has an SARADCv2) selects the channel through the channel_sel bitfield which is the 4 lowest bits, therefore the mask should be GENMASK(3, 0) and not GENMASK(15, 0). Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-1-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index dd94667a623b..2da8d6f3241a 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -52,7 +52,7 @@ #define SARADC2_START BIT(4) #define SARADC2_SINGLE_MODE BIT(5) -#define SARADC2_CONV_CHANNELS GENMASK(15, 0) +#define SARADC2_CONV_CHANNELS GENMASK(3, 0) struct rockchip_saradc; -- 2.44.0

1 year, 6 months

1
0
0 0

patch "iio: adc: rockchip_saradc: use mask for write_enable bitfield" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: use mask for write_enable bitfield to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 5b4e4b72034f85f7a0cdd147d3d729c5a22c8764 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:22 +0100 Subject: iio: adc: rockchip_saradc: use mask for write_enable bitfield Some of the registers on the SARADCv2 have bits write protected except if another bit is set. This is usually done by having the lowest 16 bits store the data to write and the highest 16 bits specify which of the 16 lowest bits should have their value written to the hardware block. The write_enable mask for the channel selection was incorrect because it was just the value shifted by 16 bits, which means it would only ever write bits and never clear them. So e.g. if someone starts a conversion on channel 5, the lowest 4 bits would be 0x5, then starts a conversion on channel 0, it would still be 5. Instead of shifting the value by 16 as the mask, let's use the OR'ing of the appropriate masks shifted by 16. Note that this is not an issue currently because the only SARADCv2 currently supported has a reset defined in its Device Tree, that reset resets the SARADC controller before starting a conversion on a channel. However, this reset is handled as optional by the probe function and thus proper masking should be used in the event an SARADCv2 without a reset ever makes it upstream. Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-2-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index 2da8d6f3241a..1c0042fbbb54 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -102,12 +102,12 @@ static void rockchip_saradc_start_v2(struct rockchip_saradc *info, int chn) writel_relaxed(0xc, info->regs + SARADC_T_DAS_SOC); writel_relaxed(0x20, info->regs + SARADC_T_PD_SOC); val = FIELD_PREP(SARADC2_EN_END_INT, 1); - val |= val << 16; + val |= SARADC2_EN_END_INT << 16; writel_relaxed(val, info->regs + SARADC2_END_INT_EN); val = FIELD_PREP(SARADC2_START, 1) | FIELD_PREP(SARADC2_SINGLE_MODE, 1) | FIELD_PREP(SARADC2_CONV_CHANNELS, chn); - val |= val << 16; + val |= (SARADC2_START | SARADC2_SINGLE_MODE | SARADC2_CONV_CHANNELS) << 16; writel(val, info->regs + SARADC2_CONV_CON); } -- 2.44.0

1 year, 6 months

1
0
0 0

patch "iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From b0a4546df24a4f8c59b2d05ae141bd70ceccc386 Mon Sep 17 00:00:00 2001 From: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Date: Fri, 23 Feb 2024 13:45:21 +0100 Subject: iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 The SARADCv2 on RK3588 (the only SoC currently supported that has an SARADCv2) selects the channel through the channel_sel bitfield which is the 4 lowest bits, therefore the mask should be GENMASK(3, 0) and not GENMASK(15, 0). Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588") Signed-off-by: Quentin Schulz <quentin.schulz(a)theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko(a)sntech.de> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-1-84b06a0f623a@the… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/rockchip_saradc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index dd94667a623b..2da8d6f3241a 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -52,7 +52,7 @@ #define SARADC2_START BIT(4) #define SARADC2_SINGLE_MODE BIT(5) -#define SARADC2_CONV_CHANNELS GENMASK(15, 0) +#define SARADC2_CONV_CHANNELS GENMASK(3, 0) struct rockchip_saradc; -- 2.44.0

1 year, 6 months

1
0
0 0

Linux 6.7.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.8 kernel. Only users that had build problems with 6.7.7 need to upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/ntfs3/frecord.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.7.8 Mark O'Donovan (1): fs/ntfs3: fix build without CONFIG_NTFS3_LZX_XPRESS

1 year, 6 months

1
1
0 0

Linux 6.6.20

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.20 kernel. Only users that had build problems with 6.6.19 need to upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/ntfs3/frecord.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.6.20 Mark O'Donovan (1): fs/ntfs3: fix build without CONFIG_NTFS3_LZX_XPRESS

1 year, 6 months

1
1
0 0

Linux 6.6.19

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.19 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/conf.py | 6 Makefile | 2 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 arch/arm/boot/dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 arch/arm/boot/dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 16 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/include/asm/acpi.h | 4 arch/loongarch/kernel/acpi.c | 4 arch/loongarch/kernel/setup.c | 4 arch/loongarch/kernel/smp.c | 122 +- arch/loongarch/vdso/Makefile | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/parisc/kernel/unwind.c | 14 arch/powerpc/include/asm/ppc-pci.h | 10 arch/powerpc/kernel/iommu.c | 23 arch/powerpc/platforms/pseries/pci_dlpar.c | 4 arch/s390/pci/pci.c | 2 arch/sparc/Makefile | 2 arch/sparc/video/Makefile | 2 arch/x86/entry/entry.S | 23 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/nospec-branch.h | 13 arch/x86/mm/numa.c | 21 block/blk-map.c | 13 drivers/accel/ivpu/ivpu_drv.c | 5 drivers/accel/ivpu/ivpu_hw_37xx.c | 2 drivers/accel/ivpu/ivpu_hw_40xx.c | 9 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/ata/ahci.c | 49 - drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 +- drivers/ata/libata-core.c | 4 drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/bus/imx-weim.c | 2 drivers/cache/ax45mp_cache.c | 4 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/acpi.c | 46 - drivers/cxl/core/pci.c | 6 drivers/dma/apple-admac.c | 5 drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 38 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 4 drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 14 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 drivers/gpu/drm/amd/display/dc/link/link_validation.c | 62 + drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 182 +++- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 9 drivers/gpu/drm/drm_syncobj.c | 19 drivers/gpu/drm/i915/display/intel_sdvo.c | 10 drivers/gpu/drm/i915/display/intel_tv.c | 10 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hid/hid-logitech-hidpp.c | 2 drivers/hid/hid-nvidia-shield.c | 4 drivers/hwmon/coretemp.c | 2 drivers/hwmon/nct6775-core.c | 14 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/mlx5/cong.c | 6 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-mbigen.c | 8 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 +- drivers/md/dm-integrity.c | 91 +- drivers/md/dm-verity-target.c | 86 +- drivers/md/dm-verity.h | 6 drivers/md/md.c | 6 drivers/misc/open-dice.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/ipa/ipa_interrupt.c | 2 drivers/net/phy/realtek.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 drivers/nvme/host/fc.c | 47 - drivers/nvme/target/fc.c | 131 +-- drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi/irqdomain.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 67 + drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/max5970-regulator.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/sd.c | 26 drivers/scsi/smartpqi/smartpqi.h | 1 drivers/scsi/smartpqi/smartpqi_init.c | 88 +- drivers/spi/spi-cs42l43.c | 5 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-intel-pci.c | 1 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 - drivers/tty/serial/stm32-usart.c | 4 drivers/ufs/core/ufshcd.c | 5 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/gadget/udc/omap_udc.c | 3 drivers/usb/roles/class.c | 29 drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/usb/typec/tcpm/tcpm.c | 3 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 + drivers/vfio/iova_bitmap.c | 25 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 drivers/xen/events/events_2l.c | 8 drivers/xen/events/events_base.c | 426 ++++------ drivers/xen/events/events_internal.h | 1 drivers/xen/evtchn.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/defrag.c | 2 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/erofs/namei.c | 28 fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 45 - fs/ntfs3/attrlist.c | 12 fs/ntfs3/bitmap.c | 4 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 53 + fs/ntfs3/frecord.c | 17 fs/ntfs3/fslog.c | 232 ++--- fs/ntfs3/fsntfs.c | 27 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 25 fs/ntfs3/namei.c | 12 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 23 fs/ntfs3/record.c | 18 fs/ntfs3/super.c | 49 - fs/ntfs3/xattr.c | 6 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 12 fs/smb/client/connect.c | 11 fs/smb/client/dfs.c | 7 fs/smb/client/file.c | 3 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/sess.c | 5 fs/smb/client/smb2pdu.c | 26 fs/smb/client/transport.c | 18 include/linux/ceph/osd_client.h | 3 include/linux/fs.h | 2 include/linux/memblock.h | 2 include/linux/mlx5/mlx5_ifc.h | 2 include/linux/swap.h | 5 include/net/ipv6_stubs.h | 5 include/net/netfilter/nf_flow_table.h | 2 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 5 include/uapi/linux/bpf.h | 10 include/xen/events.h | 4 kernel/bpf/helpers.c | 5 kernel/sched/rt.c | 9 lib/Kconfig.debug | 1 mm/damon/lru_sort.c | 43 - mm/damon/reclaim.c | 18 mm/memblock.c | 5 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 7 net/bridge/br_switchdev.c | 84 + net/ceph/osd_client.c | 18 net/core/filter.c | 18 net/core/skmsg.c | 7 net/devlink/core.c | 12 net/devlink/port.c | 2 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 net/ipv6/addrconf.c | 21 net/ipv6/af_inet6.c | 1 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/mlme.c | 1 net/mac80211/scan.c | 30 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 8 net/mptcp/fastopen.c | 6 net/mptcp/mib.c | 1 net/mptcp/mib.h | 8 net/mptcp/options.c | 9 net/mptcp/pm_netlink.c | 74 + net/mptcp/pm_userspace.c | 52 + net/mptcp/protocol.c | 69 + net/mptcp/protocol.h | 25 net/mptcp/subflow.c | 86 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 17 net/netfilter/nf_tables_api.c | 81 - net/phonet/datagram.c | 4 net/phonet/pep.c | 41 net/sched/act_mirred.c | 147 +-- net/sched/cls_flower.c | 5 net/switchdev/switchdev.c | 73 + net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 3 scripts/bpf_doc.py | 2 sound/pci/hda/hda_intel.c | 6 sound/soc/amd/acp/acp-mach-common.c | 9 sound/soc/codecs/wm_adsp.c | 29 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/include/uapi/linux/bpf.h | 10 tools/net/ynl/lib/ynl.c | 19 tools/testing/selftests/drivers/net/bonding/bond_options.sh | 2 tools/testing/selftests/iommu/config | 5 tools/testing/selftests/mm/uffd-unit-tests.c | 6 tools/testing/selftests/net/forwarding/tc_actions.sh | 3 tools/testing/selftests/net/mptcp/diag.sh | 46 - tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 tools/testing/selftests/net/mptcp/simult_flows.sh | 3 tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 tools/testing/selftests/riscv/mm/mmap_test.h | 3 tools/testing/selftests/riscv/vector/v_initval_nolibc.c | 2 tools/testing/selftests/riscv/vector/vstate_prctl.c | 4 299 files changed, 3611 insertions(+), 1716 deletions(-) Aaro Koskinen (1): usb: gadget: omap_udc: fix USB gadget regression on Palm TE Alex Elder (1): net: ipa: don't overrun IPA suspend interrupt registers Alexander Stein (1): arm64: dts: tqma8mpql: fix audio codec iov-supply Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alice Chao (1): scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andrzej Kacprowski (1): accel/ivpu: Don't enable any tiles by default on VPU40xx Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio RDMA/srpt: Support specifying the srpt_service_guid parameter Benjamin Berg (1): wifi: iwlwifi: do not announce EPCS support Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Charles Keepax (1): spi: cs42l43: Handle error from devm_pm_runtime_enable Chen Jun (1): irqchip/mbigen: Don't use bus_get_dev_root() to find the parent Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Chengming Zhou (1): mm/zswap: invalidate duplicate entry when !zswap_enabled Chris Morgan (1): arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Christoph Müllner (2): tools: selftests: riscv: Fix compile warnings in vector tests tools: selftests: riscv: Fix compile warnings in mm tests Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (1): sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): ata: libata-core: Do not try to set sleeping devices to standby Dan Carpenter (2): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() xen/events: fix error code in xen_bind_pirq_msi_to_irq() Dan Williams (1): cxl/acpi: Fix load failures due to single window creation failure Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() David Strahan (1): scsi: smartpqi: Add new controller PCI IDs Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (2): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Fainelli (1): net: bcmasp: Indicate MAC is in charge of PHY PM Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gaurav Batra (1): powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Geliang Tang (7): mptcp: add CurrEstab MIB counter support mptcp: use mptcp_set_state mptcp: add needs_id for userspace appending addr selftests: mptcp: diag: check CURRESTAB counters selftests: mptcp: add mptcp_lib_get_counter mptcp: userspace pm send RM_ADDR for ID 0 mptcp: add needs_id for netlink appending addr Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.6.19 Guenter Roeck (3): lib/Kconfig.debug: TEST_IOV_ITER depends on MMU parisc: Fix stack unwinder hwmon: (nct6775) Fix access to temperature configuration registers Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hangbin Liu (1): selftests: bonding: set active slave to primary eth1 specifically Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (3): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (4): LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] LoongArch: Call early_init_fdt_scan_reserved_mem() earlier LoongArch: Disable IRQ before init_fn() for nonboot CPUs LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jacek Lawrynowicz (1): accel/ivpu: Disable d3hot_delay on all NPU generations Jakub Kicinski (4): net/sched: act_mirred: use the backlog for mirred ingress net/sched: act_mirred: don't override retval if we already lost the skb tools: ynl: make sure we always pass yarg to mnl_cb_run tools: ynl: don't leak mcast_groups on init error Jan Kiszka (1): riscv/efistub: Ensure GP-relative addressing is not used Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Javier Martinez Canillas (1): sparc: Fix undefined reference to fb_is_primary_device Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Jianbo Liu (1): net/sched: flower: Add lock protection when remove filter handle Jiri Kosina (1): HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Jiri Pirko (1): devlink: fix port dump cmd type Joao Martins (3): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (3): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Jonathan Corbet (1): docs: Instruct LaTeX to cope with deeper nesting Juergen Gross (4): xen/events: reduce externally visible helper functions xen/events: remove some simple helpers from events_base.c xen/events: drop xen_allocate_irqs_dynamic() xen/events: modify internal [un]bind interfaces Justin Chen (1): net: bcmasp: Sanity check is off by one Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (2): RDMA/bnxt_re: Return error for SRQ resize RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion LoongArch: vDSO: Disable UBSAN instrumentation Konstantin Komarov (20): fs/ntfs3: Improve alternative boot processing fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Reduce stack usage fs/ntfs3: Fix multithreaded stress test fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add file_modified fs/ntfs3: Drop suid and sgid bits as a part of fpunch fs/ntfs3: Implement super_operations::shutdown fs/ntfs3: ntfs3_forced_shutdown use int instead of bool fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Use kvfree to free memory allocated by kvmalloc fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Use i_size_read and i_size_write fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Fixed overflow check in mi_enum_attr() fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Krystian Pradzynski (1): accel/ivpu/40xx: Stop passing SKU boot parameters to FW Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (2): dmaengine: ti: edma: Add some null pointer checks to the edma_probe HID: nvidia-shield: Add missing null pointer checks to LED initialization Lad Prabhakar (1): cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lijo Lazar (1): drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Liming Sun (1): platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Lino Sanfilippo (2): serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled serial: amba-pl011: Fix DMA transmission in RS485 mode Lucas Stach (1): bus: imx-weim: fix valid range check Lukas Wunner (1): ARM: dts: Fix TPM schema violations Mahesh Rajashekhara (1): scsi: smartpqi: Fix logical volume rescan race condition Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Marek Vasut (1): arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mario Limonciello (1): platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (2): arm64/sme: Restore SME registers on exit from suspend arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Zhang (1): IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Martin Blumenstingl (2): regulator: pwm-regulator: Add validity checks in continuous .get_voltage drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (2): scsi: sd: usb_storage: uas: Access media prior to querying device properties scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Martynas Pumputis (1): bpf: Derive source IP addr via bpf_*_fib_lookup() Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Matthieu Baerts (NGI0) (9): selftests: mptcp: userspace_pm: unique subtest names selftests: mptcp: simult flows: fix some subtest names selftests: mptcp: pm nl: also list skipped tests selftests: mptcp: pm nl: avoid error msg on older kernels selftests: mptcp: diag: fix bash warnings on older kernels selftests: mptcp: diag: unique 'in use' subtest names selftests: mptcp: diag: unique 'cestab' subtest names selftests: mptcp: join: stop transfer when check is done (part 1) selftests: mptcp: join: stop transfer when check is done (part 2) Maxime Ripard (1): drm/i915/tv: Fix TV mode Maximilian Heyne (1): xen/events: close evtchn after mapping cleanup Meenakshikumar Somasundaram (1): drm/amd/display: Add dpia display mode validation logic Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mika Westerberg (1): spi: intel-pci: Add support for Arrow Lake SPI serial flash Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Muhammad Usama Anjum (1): selftests/iommu: fix the config fragment Mukul Joshi (1): drm/amdkfd: Use correct drm device for cgroup permission check Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nathan Chancellor (1): drm/amd/display: Avoid enum conversion warning Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Ondrej Jirman (1): Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Pablo Neira Ayuso (3): netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (6): mptcp: fix more tx path fields initialization mptcp: corner case locking for rx path fields initialization mptcp: fix lockless access in subflow ULP diag mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation Patrick Rudolph (1): regulator (max5970): Fix IRQ handler Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawan Gupta (1): x86/bugs: Add asm helpers for executing VERW Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peichen Huang (1): drm/amd/display: Request usb4 bw for mst streams Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Qu Wenruo (1): btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Rui Salvaterra (2): ALSA: hda: Replace numeric device IDs with constant values ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup Sebastian Andrzej Siewior (1): xsk: Add truesize to skb_add_rx_frag(). SeongJae Park (2): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (8): cifs: open_cached_dir should not rely on primary channel cifs: cifs_pick_channel should try selecting active channels cifs: translate network errors on send to -ECONNABORTED cifs: helper function to check replayable error codes cifs: make sure that channel scaling is done only once cifs: do not search for channel if server is terminating cifs: change tcon status when need_reconnect is set on it cifs: handle cases where multiple sessions share connection Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (3): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz drm/amd/display: fixed integer types and null check locations Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam (1): drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Stanley.Yang (1): drm/amdgpu: Fix shared buff copy to user Steve French (2): smb3: clarify mount warning smb3: add missing null server pointer check Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Szuying Chen (1): ata: ahci: add identifiers for ASM2116 series adapters Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Terry Tritton (1): selftests/mm: uffd-unit-test check if huge page size is 0 Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (3): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref devlink: fix possible use-after-free and memory leaks in devlink_init() Venkata Prasad Potturu (1): ASoC: amd: acp: Add check for cpu dai link initialization Victor Nogueira (1): net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (3): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: dw-edma: increase size of 'name' in debugfs code Viresh Kumar (1): xen: evtchn: Allow shared registration of IRQ handers Wachowski, Karol (1): accel/ivpu: Force snooping for MMU writes Wayne Lin (1): drm/amd/display: adjust few initialization order in dm Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xiubo Li (1): libceph: fail sparse-read if the data length doesn't match Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (1): md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 6 months

2
3
0 0

6.6.19 won't compile with " [*] Compile the kernel with warnings as errors"

by Rainer Fiebig

The problem seems to be in fs/ntfs3/frecord.c. Original messages were in German, so here's my translation (original at the end of the post): [...] CC lib/zstd/common/zstd_common.o CC arch/x86/kernel/cpu/feat_ctl.o fs/ntfs3/frecord.c: In Funktion »ni_read_frame«: fs/ntfs3/frecord.c:2460:16: Error: variable >>i_size<< is not used" [-Werror=unused-variable] 2460 | loff_t i_size = i_size_read(&ni->vfs_inode); | ^~~~~~ AR lib/zstd/built-in.a [...] cc1: All warnings are treated as errors make[4]: *** [scripts/Makefile.build:243: fs/ntfs3/frecord.o] error 1 make[3]: *** [scripts/Makefile.build:480: fs/ntfs3] error 2 make[3]: *** Waiting for not yet finished processes.... [...] Let me know if you need further information. Thanks. Rainer -- Original messages: [...] CC lib/zstd/common/zstd_common.o CC arch/x86/kernel/cpu/feat_ctl.o fs/ntfs3/frecord.c: In Funktion »ni_read_frame«: fs/ntfs3/frecord.c:2460:16: Fehler: Variable »i_size« wird nicht verwendet [-Werror=unused-variable] 2460 | loff_t i_size = i_size_read(&ni->vfs_inode); | ^~~~~~ AR lib/zstd/built-in.a CC lib/bug.o CC fs/udf/inode.o CC arch/x86/kernel/cpu/intel.o CC arch/x86/kernel/process_64.o CC kernel/events/callchain.o CC lib/buildid.o cc1: Alle Warnungen werden als Fehler behandelt make[4]: *** [scripts/Makefile.build:243: fs/ntfs3/frecord.o] Fehler 1 make[3]: *** [scripts/Makefile.build:480: fs/ntfs3] Fehler 2 make[3]: *** Es wird auf noch nicht beendete Prozesse gewartet.... CC kernel/events/hw_breakpoint.o CC lib/clz_tab.o CC lib/cmdline.o CC fs/udf/lowlevel.o [...] -- The truth always turns out to be simpler than you thought. Richard Feynman

1 year, 6 months

3
3
0 0

Linux 6.7.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.7 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/conf.py | 6 Documentation/dev-tools/kunit/usage.rst | 10 Makefile | 2 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 arch/arm/boot/dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 arch/arm/boot/dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 16 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/include/asm/acpi.h | 4 arch/loongarch/kernel/acpi.c | 4 arch/loongarch/kernel/setup.c | 4 arch/loongarch/kernel/smp.c | 122 ++--- arch/loongarch/vdso/Makefile | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/parisc/kernel/unwind.c | 14 arch/powerpc/include/asm/ppc-pci.h | 10 arch/powerpc/kernel/iommu.c | 23 arch/powerpc/kvm/book3s_hv.c | 26 + arch/powerpc/kvm/book3s_hv_nestedv2.c | 20 arch/powerpc/platforms/pseries/pci_dlpar.c | 4 arch/s390/pci/pci.c | 2 arch/sparc/Makefile | 2 arch/sparc/video/Makefile | 2 arch/x86/entry/entry.S | 23 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/nospec-branch.h | 13 arch/x86/kernel/traps.c | 2 arch/x86/mm/numa.c | 21 block/blk-map.c | 13 drivers/accel/ivpu/ivpu_drv.c | 5 drivers/accel/ivpu/ivpu_hw_37xx.c | 2 drivers/accel/ivpu/ivpu_hw_40xx.c | 9 drivers/accel/ivpu/ivpu_mmu.c | 3 drivers/ata/ahci.c | 44 + drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 +++-- drivers/ata/libata-core.c | 59 +- drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/bus/imx-weim.c | 2 drivers/cache/ax45mp_cache.c | 4 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/acpi.c | 46 + drivers/cxl/core/pci.c | 49 +- drivers/dma/apple-admac.c | 5 drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpio/gpiolib.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 57 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 4 drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 14 drivers/gpu/drm/amd/display/dc/dce/dce_panel_cntl.c | 1 drivers/gpu/drm/amd/display/dc/dcn301/dcn301_panel_cntl.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_panel_cntl.c | 18 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 4 drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h | 2 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 + drivers/gpu/drm/amd/display/dc/link/link_factory.c | 26 - drivers/gpu/drm/amd/display/dc/link/link_validation.c | 62 ++ drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 182 +++++-- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 9 drivers/gpu/drm/drm_buddy.c | 4 drivers/gpu/drm/drm_syncobj.c | 19 drivers/gpu/drm/i915/display/intel_sdvo.c | 10 drivers/gpu/drm/i915/display/intel_tv.c | 10 drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 5 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 18 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hid/hid-logitech-hidpp.c | 2 drivers/hid/hid-nvidia-shield.c | 4 drivers/hwmon/coretemp.c | 2 drivers/hwmon/nct6775-core.c | 14 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/mlx5/cong.c | 6 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 45 - drivers/iommu/intel/iommu.c | 87 +++ drivers/iommu/intel/iommu.h | 7 drivers/iommu/intel/nested.c | 14 drivers/iommu/intel/pasid.c | 5 drivers/iommu/intel/pasid.h | 1 drivers/iommu/iommu-sva.c | 2 drivers/iommu/iommufd/hw_pagetable.c | 3 drivers/iommu/iommufd/iova_bitmap.c | 68 ++ drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-mbigen.c | 8 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 +++- drivers/md/dm-integrity.c | 91 +++ drivers/md/dm-verity-target.c | 86 +++ drivers/md/dm-verity.h | 6 drivers/md/md.c | 70 +-- drivers/md/raid10.c | 16 drivers/md/raid5.c | 29 - drivers/misc/open-dice.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/ipa/ipa_interrupt.c | 2 drivers/net/phy/realtek.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 drivers/nvme/host/fc.c | 47 -- drivers/nvme/target/fc.c | 137 +++-- drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/msi/irqdomain.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++ drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/think-lmi.c | 20 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 + drivers/platform/x86/x86-android-tablets/core.c | 3 drivers/platform/x86/x86-android-tablets/lenovo.c | 1 drivers/platform/x86/x86-android-tablets/x86-android-tablets.h | 1 drivers/regulator/max5970-regulator.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/sd.c | 26 + drivers/scsi/smartpqi/smartpqi.h | 1 drivers/scsi/smartpqi/smartpqi_init.c | 88 +++ drivers/spi/spi-cs42l43.c | 5 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-intel-pci.c | 1 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 +- drivers/tty/serial/stm32-usart.c | 4 drivers/ufs/core/ufshcd.c | 7 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/gadget/udc/omap_udc.c | 3 drivers/usb/roles/class.c | 29 - drivers/usb/storage/scsiglue.c | 7 drivers/usb/storage/uas.c | 7 drivers/usb/typec/tcpm/tcpm.c | 3 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 ++- drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/defrag.c | 2 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/ceph/caps.c | 6 fs/ceph/mds_client.c | 9 fs/ceph/mds_client.h | 2 fs/ceph/super.h | 2 fs/erofs/namei.c | 28 - fs/ext4/extents.c | 111 +++- fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 45 + fs/ntfs3/attrlist.c | 12 fs/ntfs3/bitmap.c | 4 fs/ntfs3/dir.c | 44 + fs/ntfs3/file.c | 72 ++- fs/ntfs3/frecord.c | 19 fs/ntfs3/fslog.c | 232 ++++------ fs/ntfs3/fsntfs.c | 29 + fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 32 + fs/ntfs3/namei.c | 12 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 25 - fs/ntfs3/record.c | 18 fs/ntfs3/super.c | 49 +- fs/ntfs3/xattr.c | 6 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 12 fs/smb/client/connect.c | 11 fs/smb/client/dfs.c | 7 fs/smb/client/file.c | 3 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/sess.c | 5 fs/smb/client/smb2pdu.c | 26 + fs/smb/client/transport.c | 18 include/kunit/resource.h | 21 include/linux/ceph/osd_client.h | 3 include/linux/fs.h | 2 include/linux/iommu.h | 12 include/linux/memblock.h | 2 include/linux/mlx5/mlx5_ifc.h | 2 include/linux/swap.h | 5 include/net/netfilter/nf_flow_table.h | 2 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 5 kernel/bpf/helpers.c | 5 lib/Kconfig.debug | 1 lib/kunit/kunit-test.c | 5 lib/kunit/test.c | 6 mm/damon/core.c | 15 mm/damon/lru_sort.c | 43 + mm/damon/reclaim.c | 18 mm/memblock.c | 6 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 7 net/bridge/br_switchdev.c | 84 ++- net/ceph/osd_client.c | 18 net/core/skmsg.c | 7 net/core/sock.c | 23 net/devlink/core.c | 12 net/devlink/port.c | 2 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 + net/ipv4/udp.c | 7 net/ipv6/addrconf.c | 21 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/debugfs_netdev.c | 4 net/mac80211/debugfs_netdev.h | 5 net/mac80211/iface.c | 2 net/mac80211/mlme.c | 8 net/mac80211/scan.c | 30 - net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 8 net/mptcp/fastopen.c | 6 net/mptcp/mib.c | 1 net/mptcp/mib.h | 8 net/mptcp/options.c | 9 net/mptcp/pm_netlink.c | 74 ++- net/mptcp/pm_userspace.c | 15 net/mptcp/protocol.c | 69 +- net/mptcp/protocol.h | 25 - net/mptcp/subflow.c | 86 ++- net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 17 net/netfilter/nf_tables_api.c | 81 +-- net/phonet/datagram.c | 4 net/phonet/pep.c | 41 + net/sched/act_mirred.c | 147 +++--- net/sched/cls_flower.c | 5 net/switchdev/switchdev.c | 73 +++ net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 - net/unix/af_unix.c | 19 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 3 scripts/bpf_doc.py | 2 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/hda_intel.c | 6 sound/soc/amd/acp/acp-mach-common.c | 9 sound/soc/codecs/wm_adsp.c | 29 - sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/net/ynl/lib/ynl.c | 19 tools/testing/selftests/drivers/net/bonding/bond_options.sh | 2 tools/testing/selftests/iommu/config | 5 tools/testing/selftests/mm/uffd-unit-tests.c | 6 tools/testing/selftests/net/forwarding/tc_actions.sh | 3 tools/testing/selftests/net/mptcp/diag.sh | 46 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +--- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 tools/testing/selftests/net/mptcp/simult_flows.sh | 3 tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 tools/testing/selftests/riscv/hwprobe/cbo.c | 6 tools/testing/selftests/riscv/hwprobe/hwprobe.c | 4 tools/testing/selftests/riscv/mm/mmap_test.h | 3 tools/testing/selftests/riscv/vector/v_initval_nolibc.c | 2 tools/testing/selftests/riscv/vector/vstate_prctl.c | 4 339 files changed, 3835 insertions(+), 1815 deletions(-) Aaro Koskinen (1): usb: gadget: omap_udc: fix USB gadget regression on Palm TE Alex Elder (1): net: ipa: don't overrun IPA suspend interrupt registers Alexander Stein (1): arm64: dts: tqma8mpql: fix audio codec iov-supply Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alice Chao (1): scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Amit Machhiwal (1): KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat' Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andrzej Kacprowski (1): accel/ivpu: Don't enable any tiles by default on VPU40xx Anshuman Khandual (1): mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Arunpravin Paneer Selvam (1): drm/buddy: Modify duplicate list_splice_tail call Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio RDMA/srpt: Support specifying the srpt_service_guid parameter Benjamin Berg (1): wifi: iwlwifi: do not announce EPCS support Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Charlene Liu (1): drm/amd/display: fix USB-C flag update after enc10 feature init Charles Keepax (1): spi: cs42l43: Handle error from devm_pm_runtime_enable Chen Jun (1): irqchip/mbigen: Don't use bus_get_dev_root() to find the parent Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Chengming Zhou (1): mm/zswap: invalidate duplicate entry when !zswap_enabled Chhayly Leang (1): ALSA: hda: cs35l41: Support ASUS Zenbook UM3402YAR Chris Morgan (1): arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Christoph Müllner (4): tools: selftests: riscv: Fix compile warnings in hwprobe tools: selftests: riscv: Fix compile warnings in cbo tools: selftests: riscv: Fix compile warnings in vector tests tools: selftests: riscv: Fix compile warnings in mm tests Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Damien Le Moal (2): ata: libata-core: Do not try to set sleeping devices to standby ata: libata-core: Do not call ata_dev_power_set_standby() twice Dan Carpenter (2): scsi: ufs: Uninitialized variable in ufshcd_devfreq_target() drm/nouveau/mmu/r535: uninitialized variable in r535_bar_new_() Dan Williams (1): cxl/acpi: Fix load failures due to single window creation failure Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (9): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: free queue and assoc directly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() David Gow (1): kunit: Add a macro to wrap a deferred action function David Strahan (1): scsi: smartpqi: Add new controller PCI IDs Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Dmytro Laktyushkin (1): drm/amd/display: Fix DPSTREAM CLK on and off sequence Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Emil Renner Berthing (1): gpiolib: Handle no pin_ranges in gpiochip_generic_config() Eric Dumazet (3): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid net: implement lockless setsockopt(SO_PEEK_OFF) Erik Kurzinger (2): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Fainelli (1): net: bcmasp: Indicate MAC is in charge of PHY PM Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gaurav Batra (1): powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Geliang Tang (6): mptcp: add CurrEstab MIB counter support mptcp: use mptcp_set_state mptcp: add needs_id for userspace appending addr mptcp: add needs_id for netlink appending addr selftests: mptcp: diag: check CURRESTAB counters selftests: mptcp: add mptcp_lib_get_counter Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.7.7 Guenter Roeck (3): lib/Kconfig.debug: TEST_IOV_ITER depends on MMU parisc: Fix stack unwinder hwmon: (nct6775) Fix access to temperature configuration registers Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hangbin Liu (1): selftests: bonding: set active slave to primary eth1 specifically Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (4): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: x86-android-tablets: Fix keyboard touchscreen on Lenovo Yogabook1 X90 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (4): LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] LoongArch: Call early_init_fdt_scan_reserved_mem() earlier LoongArch: Disable IRQ before init_fn() for nonboot CPUs LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jacek Lawrynowicz (1): accel/ivpu: Disable d3hot_delay on all NPU generations Jakub Kicinski (4): net/sched: act_mirred: use the backlog for mirred ingress net/sched: act_mirred: don't override retval if we already lost the skb tools: ynl: make sure we always pass yarg to mnl_cb_run tools: ynl: don't leak mcast_groups on init error Jason Gunthorpe (3): iommufd: Reject non-zero data_type if no data_len is provided s390: use the correct count for __iowrite64_copy() iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock Javier Martinez Canillas (1): sparc: Fix undefined reference to fb_is_primary_device Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Jianbo Liu (1): net/sched: flower: Add lock protection when remove filter handle Jiri Kosina (1): HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Jiri Pirko (1): devlink: fix port dump cmd type Joao Martins (4): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Handle recording beyond the mapped pages iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (5): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: fix driver debugfs for vif type change wifi: mac80211: initialize SMPS mode correctly wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Jonathan Corbet (1): docs: Instruct LaTeX to cope with deeper nesting Justin Chen (1): net: bcmasp: Sanity check is off by one Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (2): RDMA/bnxt_re: Return error for SRQ resize RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion LoongArch: vDSO: Disable UBSAN instrumentation Kenzo Gomez (1): ALSA: hda: cs35l41: Support additional ASUS Zenbook UX3402VA Konstantin Komarov (23): fs/ntfs3: Improve alternative boot processing fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Reduce stack usage fs/ntfs3: Fix multithreaded stress test fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Correct use bh_read fs/ntfs3: Add file_modified fs/ntfs3: Drop suid and sgid bits as a part of fpunch fs/ntfs3: Implement super_operations::shutdown fs/ntfs3: ntfs3_forced_shutdown use int instead of bool fs/ntfs3: Add and fix comments fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Fix c/mtime typo fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Use kvfree to free memory allocated by kvmalloc fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Use i_size_read and i_size_write fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Fixed overflow check in mi_enum_attr() fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Krystian Pradzynski (1): accel/ivpu/40xx: Stop passing SKU boot parameters to FW Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (2): dmaengine: ti: edma: Add some null pointer checks to the edma_probe HID: nvidia-shield: Add missing null pointer checks to LED initialization Lad Prabhakar (1): cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lewis Huang (1): drm/amd/display: Only allow dig mapping to pwrseq in new asic Li Ming (1): cxl/pci: Skip to handle RAS errors if CXL.mem device is detached Lijo Lazar (1): drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Liming Sun (1): platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Lino Sanfilippo (2): serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled serial: amba-pl011: Fix DMA transmission in RS485 mode Lucas Stach (1): bus: imx-weim: fix valid range check Lukas Wunner (1): ARM: dts: Fix TPM schema violations Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Mahesh Rajashekhara (1): scsi: smartpqi: Fix logical volume rescan race condition Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Marek Vasut (1): arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (2): arm64/sme: Restore SME registers on exit from suspend arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Pearson (1): platform/x86: think-lmi: Fix password opcode ordering for workstations Mark Zhang (1): IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Martin Blumenstingl (2): regulator: pwm-regulator: Add validity checks in continuous .get_voltage drm/meson: Don't remove bridges which are created by other drivers Martin K. Petersen (2): scsi: sd: usb_storage: uas: Access media prior to querying device properties scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Matthieu Baerts (NGI0) (9): selftests: mptcp: userspace_pm: unique subtest names selftests: mptcp: simult flows: fix some subtest names selftests: mptcp: pm nl: also list skipped tests selftests: mptcp: pm nl: avoid error msg on older kernels selftests: mptcp: diag: fix bash warnings on older kernels selftests: mptcp: diag: unique 'in use' subtest names selftests: mptcp: diag: unique 'cestab' subtest names selftests: mptcp: join: stop transfer when check is done (part 1) selftests: mptcp: join: stop transfer when check is done (part 2) Maxime Ripard (1): drm/i915/tv: Fix TV mode Meenakshikumar Somasundaram (1): drm/amd/display: Add dpia display mode validation logic Melissa Wen (1): drm/amd/display: fix null-pointer dereference on edid reading Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mika Westerberg (1): spi: intel-pci: Add support for Arrow Lake SPI serial flash Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Muhammad Usama Anjum (1): selftests/iommu: fix the config fragment Mukul Joshi (1): drm/amdkfd: Use correct drm device for cgroup permission check Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nathan Chancellor (1): drm/amd/display: Avoid enum conversion warning Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Ondrej Jirman (1): Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Pablo Neira Ayuso (3): netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (6): mptcp: fix more tx path fields initialization mptcp: corner case locking for rx path fields initialization mptcp: fix lockless access in subflow ULP diag mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation Patrick Rudolph (1): regulator (max5970): Fix IRQ handler Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawan Gupta (1): x86/bugs: Add asm helpers for executing VERW Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peichen Huang (1): drm/amd/display: Request usb4 bw for mst streams Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Qu Wenruo (1): btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Roman Li (1): drm/amd/display: Disable ips before dc interrupt setting Rui Salvaterra (2): ALSA: hda: Replace numeric device IDs with constant values ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup Sebastian Andrzej Siewior (1): xsk: Add truesize to skb_add_rx_frag(). SeongJae Park (3): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/core: check apply interval in damon_do_apply_schemes() mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (8): cifs: open_cached_dir should not rely on primary channel cifs: cifs_pick_channel should try selecting active channels cifs: translate network errors on send to -ECONNABORTED cifs: helper function to check replayable error codes cifs: make sure that channel scaling is done only once cifs: do not search for channel if server is terminating cifs: change tcon status when need_reconnect is set on it cifs: handle cases where multiple sessions share connection Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (3): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz drm/amd/display: fixed integer types and null check locations Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam (2): drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Stanley.Yang (1): drm/amdgpu: Fix shared buff copy to user Steve French (2): smb3: clarify mount warning smb3: add missing null server pointer check Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Terry Tritton (1): selftests/mm: uffd-unit-test check if huge page size is 0 Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Timur Tabi (1): drm/nouveau: nvkm_gsp_radix3_sg() should use nvkm_gsp_mem_ctor() Tina Zhang (1): iommu: Add mm_get_enqcmd_pasid() helper function Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (3): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref devlink: fix possible use-after-free and memory leaks in devlink_init() Venkata Prasad Potturu (1): ASoC: amd: acp: Add check for cpu dai link initialization Victor Nogueira (1): net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (3): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: dw-edma: increase size of 'name' in debugfs code Wachowski, Karol (1): accel/ivpu: Force snooping for MMU writes Wayne Lin (1): drm/amd/display: adjust few initialization order in dm Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xiubo Li (2): libceph: fail sparse-read if the data length doesn't match ceph: always check dir caps asynchronously Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Liu (6): iommu/vt-d: Update iotlb in nested domain attach iommu/vt-d: Track nested domains in parent iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking() iommu/vt-d: Wrap the dirty tracking loop to be a helper iommu/vt-d: Add missing dirty tracking set for parent domain iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (6): md: Don't ignore suspended array in md_check_recovery() md: Don't ignore read-only array in md_check_recovery() md: Make sure md_do_sync() will set MD_RECOVERY_DONE md: Don't register sync_thread for reshape directly md: Don't suspend the array for interrupted reshape md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 6 months

2
2
0 0

[PATCH v2] usb: port: Don't try to peer unused USB ports based on location

by Mathias Nyman

Unused USB ports may have bogus location data in ACPI PLD tables. This causes port peering failures as these unused USB2 and USB3 ports location may match. Due to these failures the driver prints a "usb: port power management may be unreliable" warning, and unnecessarily blocks port power off during runtime suspend. This was debugged on a couple DELL systems where the unused ports all returned zeroes in their location data. Similar bugreports exist for other systems. Don't try to peer or match ports that have connect type set to USB_PORT_NOT_USED. Fixes: 3bfd659baec8 ("usb: find internal hub tier mismatch via acpi") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218465 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218486 Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Link: https://lore.kernel.org/linux-usb/5406d361-f5b7-4309-b0e6-8c94408f7d75@molg… Cc: stable(a)vger.kernel.org # v3.16+ Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- v1 -> v2 - Improve commit message - Add missing Fixes, Closes and Link tags - send this patch separately for easier picking to usb-linus drivers/usb/core/port.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index c628c1abc907..4d63496f98b6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -573,7 +573,7 @@ static int match_location(struct usb_device *peer_hdev, void *p) struct usb_hub *peer_hub = usb_hub_to_struct_hub(peer_hdev); struct usb_device *hdev = to_usb_device(port_dev->dev.parent->parent); - if (!peer_hub) + if (!peer_hub || port_dev->connect_type == USB_PORT_NOT_USED) return 0; hcd = bus_to_hcd(hdev->bus); @@ -584,7 +584,8 @@ static int match_location(struct usb_device *peer_hdev, void *p) for (port1 = 1; port1 <= peer_hdev->maxchild; port1++) { peer = peer_hub->ports[port1 - 1]; - if (peer && peer->location == port_dev->location) { + if (peer && peer->connect_type != USB_PORT_NOT_USED && + peer->location == port_dev->location) { link_peers_report(port_dev, peer); return 1; /* done */ } -- 2.25.1

1 year, 6 months

2
4
0 0

[PATCH] etnaviv: Restore some id values

by Christian Gmeiner

From: Christian Gmeiner <cgmeiner(a)igalia.com> The hwdb selection logic as a feature that allows it to mark some fields as 'don't care'. If we match with such a field we memcpy(..) the current etnaviv_chip_identity into ident. This step can overwrite some id values read from the GPU with the 'don't care' value. Fix this issue by restoring the affected values after the memcpy(..). As this is crucial for user space to know when this feature works as expected increment the minor version too. Fixes: 4078a1186dd3 ("drm/etnaviv: update hwdb selection logic") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Gmeiner <cgmeiner(a)igalia.com> --- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 6228ce603248..9a2965741dab 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -494,7 +494,7 @@ static const struct drm_driver etnaviv_drm_driver = { .desc = "etnaviv DRM", .date = "20151214", .major = 1, - .minor = 3, + .minor = 4, }; /* diff --git a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c index 67201242438b..1e38d66702f1 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c @@ -265,6 +265,9 @@ static const struct etnaviv_chip_identity etnaviv_chip_identities[] = { bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) { struct etnaviv_chip_identity *ident = &gpu->identity; + const u32 product_id = ident->product_id; + const u32 customer_id = ident->customer_id; + const u32 eco_id = ident->eco_id; int i; for (i = 0; i < ARRAY_SIZE(etnaviv_chip_identities); i++) { @@ -278,6 +281,17 @@ bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) etnaviv_chip_identities[i].eco_id == ~0U)) { memcpy(ident, &etnaviv_chip_identities[i], sizeof(*ident)); + + /* Restore some id values if ~0U aka 'don't care' is used. */ + if (etnaviv_chip_identities[i].product_id == ~0U) + ident->product_id = product_id; + + if (etnaviv_chip_identities[i].customer_id == ~0U) + ident->customer_id = customer_id; + + if (etnaviv_chip_identities[i].eco_id == ~0U) + ident->eco_id = eco_id; + return true; } } -- 2.44.0

1 year, 6 months

3
3
0 0

[PATCH v2] drm/etnaviv: Restore some id values

by Christian Gmeiner

From: Christian Gmeiner <cgmeiner(a)igalia.com> The hwdb selection logic as a feature that allows it to mark some fields as 'don't care'. If we match with such a field we memcpy(..) the current etnaviv_chip_identity into ident. This step can overwrite some id values read from the GPU with the 'don't care' value. Fix this issue by restoring the affected values after the memcpy(..). As this is crucial for user space to know when this feature works as expected increment the minor version too. Fixes: 4078a1186dd3 ("drm/etnaviv: update hwdb selection logic") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Gmeiner <cgmeiner(a)igalia.com> --- V1 -> V2: Fixed patch subject line and removed not needed if clauses. drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c index 6228ce603248..9a2965741dab 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c @@ -494,7 +494,7 @@ static const struct drm_driver etnaviv_drm_driver = { .desc = "etnaviv DRM", .date = "20151214", .major = 1, - .minor = 3, + .minor = 4, }; /* diff --git a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c index 67201242438b..8665f2658d51 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c @@ -265,6 +265,9 @@ static const struct etnaviv_chip_identity etnaviv_chip_identities[] = { bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) { struct etnaviv_chip_identity *ident = &gpu->identity; + const u32 product_id = ident->product_id; + const u32 customer_id = ident->customer_id; + const u32 eco_id = ident->eco_id; int i; for (i = 0; i < ARRAY_SIZE(etnaviv_chip_identities); i++) { @@ -278,6 +281,12 @@ bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu) etnaviv_chip_identities[i].eco_id == ~0U)) { memcpy(ident, &etnaviv_chip_identities[i], sizeof(*ident)); + + /* Restore some id values as ~0U aka 'don't care' might been used. */ + ident->product_id = product_id; + ident->customer_id = customer_id; + ident->eco_id = eco_id; + return true; } } -- 2.44.0

1 year, 6 months

1
0
0 0

Linux 5.15.150

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.150 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-platform-asus-wmi | 9 Makefile | 2 arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 arch/arm/boot/dts/bcm53573.dtsi | 20 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 79 arch/arm64/include/asm/exception.h | 5 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/arm64/mm/mmu.c | 4 arch/mips/include/asm/vpe.h | 1 arch/mips/kernel/smp-cps.c | 8 arch/mips/kernel/traps.c | 8 arch/mips/kernel/vpe-mt.c | 7 arch/mips/lantiq/prom.c | 6 arch/powerpc/kernel/eeh_driver.c | 71 arch/powerpc/kernel/rtas.c | 24 arch/powerpc/perf/hv-24x7.c | 42 arch/powerpc/platforms/powernv/pci-ioda.c | 3 arch/powerpc/platforms/pseries/lpar.c | 20 arch/powerpc/platforms/pseries/lparcfg.c | 20 arch/riscv/include/asm/parse_asm.h | 2 arch/s390/pci/pci.c | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/include/asm/text-patching.h | 30 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/fpu/signal.c | 12 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/paravirt.c | 23 arch/x86/kernel/static_call.c | 2 arch/x86/net/bpf_jit_comp.c | 2 drivers/acpi/button.c | 9 drivers/acpi/property.c | 4 drivers/acpi/resource.c | 35 drivers/acpi/video_detect.c | 34 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 6 drivers/ata/ahci_ceva.c | 125 - drivers/ata/ahci_da850.c | 47 drivers/ata/ahci_dm816.c | 4 drivers/ata/libahci_platform.c | 133 - drivers/block/nbd.c | 3 drivers/block/virtio_blk.c | 7 drivers/clk/clk.c | 11 drivers/clk/imx/clk-imx8mp.c | 23 drivers/clk/imx/clk.c | 3 drivers/clk/qcom/gcc-qcs404.c | 24 drivers/clk/qcom/gpucc-sc7180.c | 7 drivers/clk/qcom/gpucc-sdm845.c | 7 drivers/clk/renesas/renesas-cpg-mssr.c | 8 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/i915/display/intel_display_debugfs.c | 4 drivers/gpu/drm/i915/i915_reg.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 2 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hwmon/coretemp.c | 2 drivers/i2c/busses/i2c-imx.c | 97 - drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/sw/siw/siw_cm.c | 1 drivers/infiniband/sw/siw/siw_verbs.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/misc/iqs269a.c | 335 +-- drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/ads7846.c | 23 drivers/md/dm-crypt.c | 6 drivers/md/md.c | 14 drivers/md/raid10.c | 2 drivers/mmc/host/jz4740_mmc.c | 10 drivers/mmc/host/mxcmmc.c | 6 drivers/mtd/nand/raw/sunxi_nand.c | 2 drivers/net/ethernet/intel/igb/igb_main.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/realtek/r8169_main.c | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 29 drivers/net/gtp.c | 10 drivers/net/wireless/ath/ath11k/mac.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 131 - drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi.c | 2 drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/pwm-regulator.c | 3 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/mediatek/mtk-pm-domains.c | 15 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/tty/serial/8250/8250_port.c | 18 drivers/tty/serial/amba-pl011.c | 60 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/host/xhci-hub.c | 228 +- drivers/usb/host/xhci-mem.c | 10 drivers/usb/host/xhci-ring.c | 13 drivers/usb/host/xhci.h | 9 drivers/usb/roles/class.c | 29 drivers/vdpa/mlx5/core/mr.c | 1 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/disk-io.c | 3 fs/cifs/connect.c | 19 fs/cifs/smb2file.c | 1 fs/cifs/smb2ops.c | 54 fs/cifs/smb2pdu.c | 113 - fs/cifs/smb2proto.h | 16 fs/erofs/decompressor.c | 34 fs/exfat/dir.c | 15 fs/exfat/exfat_fs.h | 5 fs/ext4/extents.c | 111 - fs/ext4/mballoc.c | 70 fs/f2fs/gc.c | 41 fs/ksmbd/smb2pdu.c | 8 fs/ntfs3/attrib.c | 20 fs/ntfs3/attrlist.c | 8 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 2 fs/ntfs3/fslog.c | 14 fs/ntfs3/fsntfs.c | 24 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 14 fs/ntfs3/record.c | 16 fs/ntfs3/xattr.c | 3 fs/zonefs/super.c | 68 include/dt-bindings/clock/imx8mp-clock.h | 10 include/linux/ahci_platform.h | 5 include/linux/bpf.h | 14 include/linux/clk-provider.h | 15 include/linux/fs.h | 2 include/linux/pm.h | 80 include/linux/sched.h | 4 include/linux/sched/signal.h | 2 include/linux/socket.h | 5 include/net/netfilter/nf_flow_table.h | 4 include/net/tcp.h | 2 kernel/bpf/bpf_lru_list.c | 21 kernel/bpf/bpf_lru_list.h | 7 kernel/bpf/helpers.c | 76 kernel/bpf/verifier.c | 3 kernel/sched/fair.c | 2 kernel/sched/rt.c | 10 kernel/sysctl.c | 4 kernel/time/posix-timers.c | 31 kernel/trace/bpf_trace.c | 39 lib/debugobjects.c | 9 mm/userfaultfd.c | 14 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/core/devlink.c | 5 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/mlme.c | 1 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mptcp/diag.c | 6 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 41 net/netfilter/nf_tables_api.c | 3 net/netfilter/nft_flow_offload.c | 12 net/packet/af_packet.c | 12 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_api.c | 20 net/sched/sch_atm.c | 710 ------- net/sched/sch_cbq.c | 1817 ------------------- net/sched/sch_dsmark.c | 522 ----- net/tls/tls_main.c | 2 net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 net/wireless/wext-core.c | 6 scripts/bpf_doc.py | 2 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/include/uapi/linux/fscrypt.h | 3 tools/perf/trace/beauty/include/linux/socket.h | 2 tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 tools/virtio/linux/kernel.h | 2 tools/virtio/linux/vringh.h | 1 219 files changed, 2291 insertions(+), 4618 deletions(-) Alex Bee (2): arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alexey Khoroshilov (1): clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Andrei Vagin (1): x86/fpu: Stop relying on userspace for info to fault in xsave buffer Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnaldo Carvalho de Melo (2): tools headers UAPI: Sync linux/fscrypt.h with the kernel sources perf beauty: Update copy of linux/socket.h with the kernel sources Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (5): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: regenerate buddy after block freeing failed if under fc replay ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Borislav Petkov (AMD) (2): Revert "x86/ftrace: Use alternative RET encoding" Revert "x86/alternative: Make custom return thunk unconditional" Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Byungki Lee (1): f2fs: write checkpoint during FG_GC Chao Yu (1): f2fs: don't set GC_FAILURE_PIN for background GC Chen-Yu Tsai (2): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Chuansheng Liu (1): drm/i915/dg1: Update DMC_DEBUG3 register Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (2): i2c: imx: Add timer for handling the stop condition i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): zonefs: Improve error handling Dan Carpenter (1): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Daniel Axtens (1): powerpc/eeh: Small refactor of eeh_handle_normal_event() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Dave Marchevsky (1): bpf: Merge printk and seq_printf VARARG max macros David Sterba (1): btrfs: add xxhash to fast checksum implementations Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Baryshkov (4): clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Eli Cohen (1): vdpa/mlx5: Don't clear mr struct on destroy MR Enzo Matsumiya (1): cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Eugen Hristev (1): pmdomain: mediatek: fix race conditions with genpd FUKAUMI Naoki (1): arm64: dts: rockchip: fix regulator name on rk3399-rock-4 Fedor Pchelkin (1): ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (4): netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: can't schedule in nft_chain_validate Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Frederic Barrat (1): powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Ganesh Goudar (1): powerpc/eeh: Set channel state after notifying the drivers Gao Xiang (1): erofs: fix lz4 inplace decompression Geert Uytterhoeven (2): pmdomain: renesas: r8a77980-sysc: CR7 must be always on clk: renesas: cpg-mssr: Remove superfluous check in resume code Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.15.150 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Guo Zhengkui (1): drm/nouveau/instmem: fix uninitialized_var.cocci warning Guoqing Jiang (2): RDMA/siw: Balance the reference of cep->kref in the error path RDMA/siw: Correct wrong debug message Gustavo A. R. Silva (1): wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (7): platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Heiko Stuebner (2): RISC-V: fix funct4 definition for c.jalr in parse_asm.h arm64: dts: rockchip: set num-cs property for spi on px30 Heiner Kallweit (1): r8169: use new PM macros Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Hui Su (1): kernel/sched: Remove dl_boosted flag comment Ilpo Järvinen (1): serial: 8250: Remove serial_rs485 sanitization from em485 Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jeff LaBundy (5): Input: iqs269a - drop unused device node references Input: iqs269a - configure device with a single block write Input: iqs269a - increase interrupt handler return delay Input: iqs269a - do not poll during suspend or resume Input: iqs269a - do not poll during ATI Jiri Olsa (3): bpf: Add struct for bin_args arg in bpf_bprintf_prepare bpf: Do cleanup in bpf_bprintf_cleanup only when needed bpf: Remove trace_printk_lock Johannes Berg (2): wifi: mac80211: adding missing drv_mgd_complete_tx() call wifi: iwlwifi: mvm: avoid baid size integer overflow Jonathan Cameron (1): Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (1): net: dev: Convert sa_data to flexible array in struct sockaddr Kellen Renshaw (1): ACPI: resource: Add ASUS model S5402ZA to quirks Konstantin Komarov (10): fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (1): arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Li Jun (2): clk: imx: imx8mp: add shared clk gate for usb suspend clk dt-bindings: clocks: imx8mp: Add ID for usb suspend clock Lino Sanfilippo (1): serial: amba-pl011: Fix DMA transmission in RS485 mode Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Luca Ellero (3): Input: ads7846 - don't report pressure for ads7845 Input: ads7846 - always set last command to PWRDOWN Input: ads7846 - don't check penirq immediately for 7845 Lucas Stach (1): clk: imx8mp: add clkout1/2 support Luke D. Jones (1): platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute Magali Lemes (1): selftests: net: vrf-xfrm-tests: change authentication and encryption algos Marek Vasut (1): clk: imx8mp: Add DISP2 pixel clock Mark Rutland (1): arm64: mm: fix VA-range sanity check Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Martin KaFai Lau (2): bpf: Address KCSAN report on bpf_lru_list bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Mathias Nyman (6): xhci: cleanup xhci_hub_control port references xhci: move port specific items such as state completions to port structure xhci: rename resume_done to resume_timestamp xhci: clear usb2 resume related variables in one place. xhci: decouple usb2 port resume and get_port_status request handling xhci: track port suspend state correctly in unsuccessful resume cases Maxime Bizon (1): wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nathan Lynch (5): powerpc/pseries/lparcfg: add missing RTAS retry status handling powerpc/perf/hv-24x7: add missing RTAS retry status handling powerpc/pseries/lpar: add missing RTAS retry status handling powerpc/rtas: make all exports GPL powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Pablo Neira Ayuso (3): netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paul Cercueil (5): PM: core: Redefine pm_ptr() macro PM: core: Add new *_PM_OPS macros, deprecate old ones mmc: jz4740: Use the new PM macros mmc: mxc: Use the new PM macros PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA Paulo Alcantara (3): smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peilin Ye (1): net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Peng Fan (1): clk: imx: avoid memory leak Peter Zijlstra (5): x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Petr Oros (1): devlink: report devlink_port_type_warn source device Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Rafał Miłecki (3): ARM: dts: BCM53573: Drop nonexistent #usb-cells ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Randy Dunlap (4): MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set MIPS: vpe-mt: drop physical_memsize clk: linux/clk-provider.h: fix kernel-doc warnings and typos scsi: jazz_esp: Only build if SCSI core is builtin Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sakari Ailus (1): acpi: property: Let args be NULL in __acpi_node_get_property_reference Samuel Holland (1): mtd: rawnand: sunxi: Fix the size of the last OOB region Serge Semin (2): ata: libahci_platform: Convert to using devm bulk clocks API ata: libahci_platform: Introduce reset assertion/deassertion methods Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (2): cifs: add a warning when the in-flight count goes negative cifs: fix mid leak during reconnection after timeout threshold Stefano Garzarella (1): tools/virtio: fix build Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tamim Khan (2): ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA Tetsuo Handa (1): debugobjects: Recheck debug_objects_enabled before reporting Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Gleixner (1): posix-timers: Ensure timer ID search-loop limit is valid Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wang Qing (1): net: ethernet: ti: add missing of_node_put before return Wolfram Sang (2): spi: sh-msiof: avoid integer overflow in constants packet: move from strlcpy with unused retval to strscpy Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yicong Yang (1): sched/fair: Don't balance task to its current running CPU Yifan Zhang (1): drm/amdgpu: init iommu after amdkfd device init Ying Hsu (1): igb: Fix igb_down hung on surprise removal Youngmin Nam (1): arm64: set __exception_irq_entry with __irq_entry as a default Yu Kuai (2): md: fix data corruption for raid456 when reshape restart while grow up md/raid10: prevent soft lockup while flush writes Yuezhang Mo (1): exfat: support dynamic allocate bh for exfat_entry_set_cache Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return Zhong Jinghua (1): nbd: Add the maximum limit of allocated index in nbd_dev_add

1 year, 6 months

1
1
0 0

Linux 6.1.80

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.80 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/include/asm/fpsimd.h | 2 arch/arm64/kernel/fpsimd.c | 14 arch/arm64/kernel/suspend.c | 3 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/loongarch/Kconfig | 23 arch/loongarch/kernel/smp.c | 1 arch/mips/kernel/traps.c | 8 arch/parisc/kernel/processor.c | 8 arch/s390/pci/pci.c | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/static_call.c | 2 arch/x86/mm/numa.c | 21 arch/x86/net/bpf_jit_comp.c | 2 block/blk-map.c | 13 drivers/ata/ahci.c | 49 drivers/ata/ahci.h | 1 drivers/ata/ahci_ceva.c | 125 drivers/ata/libata-core.c | 4 drivers/block/aoe/aoeblk.c | 5 drivers/block/virtio_blk.c | 7 drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 5 drivers/cxl/core/pci.c | 6 drivers/dma/apple-admac.c | 5 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/soc15.c | 22 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 2 drivers/hwmon/coretemp.c | 2 drivers/i2c/busses/i2c-imx.c | 5 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/irdma/defs.h | 1 drivers/infiniband/hw/irdma/hw.c | 8 drivers/infiniband/hw/irdma/verbs.c | 9 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/joystick/xpad.c | 2 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/input/touchscreen/goodix.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-sifive-plic.c | 8 drivers/md/dm-crypt.c | 95 drivers/md/dm-integrity.c | 91 drivers/md/dm-verity-target.c | 86 drivers/md/dm-verity.h | 6 drivers/md/md.c | 6 drivers/misc/open-dice.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_main.h | 1 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 drivers/net/gtp.c | 10 drivers/net/phy/realtek.c | 4 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 131 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/dwc/pcie-designware-ep.c | 3 drivers/pci/msi/irqdomain.c | 2 drivers/platform/x86/intel/vbtn.c | 3 drivers/platform/x86/thinkpad_acpi.c | 5 drivers/platform/x86/touchscreen_dmi.c | 39 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/scsi/scsi.c | 22 drivers/scsi/smartpqi/smartpqi_init.c | 5 drivers/soc/mediatek/mtk-pm-domains.c | 15 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_pscsi.c | 9 drivers/target/target_core_transport.c | 4 drivers/tty/serial/amba-pl011.c | 60 drivers/ufs/core/ufshcd.c | 1 drivers/usb/cdns3/cdns3-gadget.c | 8 drivers/usb/cdns3/core.c | 1 drivers/usb/cdns3/drd.c | 13 drivers/usb/cdns3/drd.h | 6 drivers/usb/cdns3/host.c | 16 drivers/usb/dwc3/gadget.c | 5 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/usb/typec/ucsi/ucsi_acpi.c | 71 drivers/vfio/iova_bitmap.c | 25 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/cachefiles/cache.c | 2 fs/cachefiles/daemon.c | 1 fs/erofs/compress.h | 4 fs/erofs/decompressor.c | 60 fs/erofs/decompressor_lzma.c | 4 fs/erofs/internal.h | 28 fs/erofs/namei.c | 28 fs/erofs/super.c | 72 fs/erofs/zmap.c | 23 fs/ext4/extents.c | 111 fs/ext4/mballoc.c | 15 fs/ntfs3/attrib.c | 20 fs/ntfs3/attrlist.c | 8 fs/ntfs3/dir.c | 40 fs/ntfs3/file.c | 2 fs/ntfs3/fslog.c | 14 fs/ntfs3/fsntfs.c | 24 fs/ntfs3/inode.c | 2 fs/ntfs3/ntfs.h | 4 fs/ntfs3/ntfs_fs.h | 14 fs/ntfs3/record.c | 25 fs/ntfs3/xattr.c | 3 fs/smb/client/cached_dir.c | 2 fs/smb/client/cifsencrypt.c | 2 fs/smb/client/cifsglob.h | 2 fs/smb/client/fs_context.c | 2 fs/smb/client/readdir.c | 15 fs/smb/client/smb2pdu.c | 6 fs/smb/client/transport.c | 15 include/linux/fs.h | 2 include/linux/memblock.h | 2 include/linux/socket.h | 5 include/linux/swap.h | 5 include/net/netfilter/nf_flow_table.h | 4 include/net/switchdev.h | 3 include/net/tcp.h | 2 include/scsi/scsi_device.h | 4 kernel/bpf/helpers.c | 5 kernel/sched/rt.c | 12 mm/damon/lru_sort.c | 43 mm/damon/reclaim.c | 18 mm/memblock.c | 5 mm/memcontrol.c | 10 mm/memory.c | 20 mm/swap.h | 5 mm/swapfile.c | 13 mm/zswap.c | 2 net/bridge/br_switchdev.c | 84 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/core/skmsg.c | 7 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv4/inet_hashtables.c | 25 net/ipv6/addrconf.c | 21 net/ipv6/exthdrs.c | 10 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/cfg.c | 2 net/mac80211/mlme.c | 1 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mctp/route.c | 2 net/mptcp/diag.c | 6 net/mptcp/pm_netlink.c | 24 net/mptcp/pm_userspace.c | 54 net/mptcp/protocol.h | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_flow_table_core.c | 41 net/netfilter/nf_tables_api.c | 87 net/netfilter/nft_flow_offload.c | 12 net/packet/af_packet.c | 10 net/phonet/datagram.c | 4 net/phonet/pep.c | 41 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 706 ---- net/sched/sch_cbq.c | 1727 ---------- net/sched/sch_dsmark.c | 518 -- net/switchdev/switchdev.c | 73 net/tls/tls_main.c | 2 net/tls/tls_sw.c | 24 net/wireless/nl80211.c | 1 scripts/bpf_doc.py | 2 sound/soc/codecs/wm_adsp.c | 29 sound/soc/sunxi/sun4i-spdif.c | 5 sound/usb/clock.c | 10 sound/usb/format.c | 20 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json | 94 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json | 184 - tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json | 140 201 files changed, 1952 insertions(+), 4290 deletions(-) Alexander Tsoy (2): ALSA: usb-audio: Check presence of valid altsetting control ALSA: usb-audio: Ignore clock selector errors for single connection Alison Schofield (2): x86/numa: Fix the address overlap check in numa_fill_memblks() x86/numa: Fix the sort compare func used in numa_fill_memblks() Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (3): dm-integrity, dm-verity: reduce stack usage for recheck RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (4): ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() cachefiles: fix memory leak in cachefiles_add_cache() Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Borislav Petkov (AMD) (1): Revert "x86/alternative: Make custom return thunk unconditional" Brenton Simpson (1): Input: xpad - add Lenovo Legion Go controllers Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian A. Ehrhardt (2): block: Fix WARNING in _copy_from_iter usb: ucsi_acpi: Quirk to ack a connector change ack cmd Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Corey Minyard (1): i2c: imx: when being a target, mark the last read as processed Cyril Hrubis (2): sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Damien Le Moal (1): ata: libata-core: Do not try to set sleeping devices to standby Dan Carpenter (1): PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (8): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: defer cleanup using RCU properly nvmet-fc: hold reference on hostport match nvmet-fc: abort command when there is no binding nvmet-fc: avoid deadlock on delete association path nvmet-fc: take ref count on tgtport before delete assoc Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Don Brace (1): scsi: smartpqi: Fix disable_managed_interrupts Edward Adam Davis (1): fs/ntfs3: Fix oob in ntfs_listxattr Edward Lo (1): fs/ntfs3: Enhance the attribute size check Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Eugen Hristev (1): pmdomain: mediatek: fix race conditions with genpd Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (2): netfilter: nf_tables: set dormant flag on hook register failure netfilter: nf_tables: use kzalloc for hook allocation Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (2): erofs: simplify compression configuration parser erofs: fix inconsistent per-file compression format Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Geliang Tang (4): mptcp: make userspace_pm_append_new_local_addr static mptcp: add needs_id for userspace appending addr mptcp: userspace pm send RM_ADDR for ID 0 mptcp: add needs_id for netlink appending addr Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 6.1.80 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Hans de Goede (3): Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hector Martin (1): dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Helge Deller (1): Revert "parisc: Only list existing CPUs in cpu_possible_mask" Horatiu Vultur (1): net: sparx5: Add spinlock for frame transmission from CPU Huacai Chen (1): LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huang Pei (1): MIPS: reserve exception vector space ONLY ONCE Ism Hong (1): fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Kiszka (1): riscv/efistub: Ensure GP-relative addressing is not used Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jeremy Kerr (1): net: mctp: put sock on tag allocation failure Joao Martins (3): iommufd/iova_bitmap: Bounds check mapped::pages access iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array iommufd/iova_bitmap: Consider page offset for the pages to be pinned Johannes Berg (2): wifi: mac80211: set station RX-NSS on reconfig wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Weiner (1): mm: memcontrol: clarify swapaccount=0 deprecation warning Justin Iurman (1): Fix write to cloned skb in ipv6_hop_ioam() Kairui Song (1): mm/swap: fix race when skipping swapcache Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): smb: Work around Clang __bdos() type confusion net: dev: Convert sa_data to flexible array in struct sockaddr Konstantin Komarov (10): fs/ntfs3: Modified fix directory element type detection fs/ntfs3: Improve ntfs_dir_count fs/ntfs3: Correct hard links updating when dealing with DOS names fs/ntfs3: Print warning while fixing hard links count fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() fs/ntfs3: Disable ATTR_LIST_ENTRY size check fs/ntfs3: Prevent generic message "attempt to access beyond end of device" fs/ntfs3: Correct function is_rst_area_valid fs/ntfs3: Update inode->i_size after success write into compressed file Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (2): dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (2): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Lino Sanfilippo (1): serial: amba-pl011: Fix DMA transmission in RS485 mode Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Mario Limonciello (1): platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown (1): arm64/sme: Restore SME registers on exit from suspend Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Martin K. Petersen (1): scsi: core: Consult supported VPD page list prior to fetching page Martin KaFai Lau (1): bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Masahiro Yamada (2): LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mike Marciniszyn (1): RDMA/irdma: Fix KASAN issue with tasklet Mikulas Patocka (4): dm-crypt: recheck the integrity tag after a failure dm-integrity: recheck the integrity tag after a failure dm-crypt: don't modify the data when using authenticated encryption dm-verity: recheck the hash after a failure Mustafa Ismail (2): RDMA/irdma: Set the CQ read threshold for GEN 1 RDMA/irdma: Add AE for too many RNRS Nam Cao (1): irqchip/sifive-plic: Enable interrupt if needed before EOI Naohiro Aota (1): scsi: target: pscsi: Fix bio_put() for error case Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (3): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() irqchip/gic-v3-its: Do not assume vPE tables are preallocated Pablo Neira Ayuso (5): netfilter: flowtable: simplify route logic netfilter: nft_flow_offload: reset dst in route object after setting up flow netfilter: nft_flow_offload: release dst in case direct xmit path is used netfilter: nf_tables: rename function to destroy hook list netfilter: nf_tables: register hooks last when adding new chain/flowtable Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (2): smb: client: increase number of PDUs allowed in a compound request smb: client: set correct d_type for reparse points under DFS mounts Pavel Sakharov (1): net: stmmac: Fix incorrect dereference in interrupt handlers Pawel Laszczak (2): usb: cdnsp: blocked some cdns3 specific code usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (2): x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Phoenix Chen (1): platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Prike Liang (2): drm/amdgpu: skip to program GFXDEC registers for suspend abort drm/amdgpu: reset gpu for s3 suspend abort case Radhey Shyam Pandey (1): ata: ahci_ceva: fix error handling for Xilinx GT PHY support Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Richard Fitzgerald (1): ASoC: wm_adsp: Don't overwrite fwf_name with the default Robert Richter (1): cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Rémi Denis-Courmont (2): phonet: take correct lock to peek at the RX queue phonet/pep: fix racy skb_queue_empty() use SEO HOYOUNG (1): scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Sabrina Dubroca (3): tls: break out of main loop when PEEK gets a non-data record tls: stop recv() if initial process_rx_list gave us non-DATA tls: don't skip over different type records from the rx_list Sandeep Dhavale (1): erofs: fix refcount on the metabuf used for inode lookup SeongJae Park (2): mm/damon/lru_sort: fix quota status loss due to online tunings mm/damon/reclaim: fix quota stauts loss due to online tunings Shigeru Yoshida (1): bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Shiraz Saleem (1): RDMA/irdma: Validate max_send_wr and max_recv_wr Shyam Prasad N (2): cifs: open_cached_dir should not rely on primary channel cifs: translate network errors on send to -ECONNABORTED Siddharth Vadapalli (1): net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Sohaib Nadeem (2): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Steve French (1): smb3: clarify mount warning Subbaraya Sundeep (1): octeontx2-af: Consider the action set by PF Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Szuying Chen (1): ata: ahci: add identifiers for ASM2116 series adapters Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Thinh Nguyen (1): usb: dwc3: gadget: Don't disconnect if not started Thomas Hellström (1): drm/ttm: Fix an invalid freeing on already freed page in error path Tobias Waldekranz (2): net: bridge: switchdev: Skip MDB replays of deferred events on offload net: bridge: switchdev: Ensure deferred event delivery on unoffload Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Will Deacon (1): misc: open-dice: Fix spurious lockdep warning Wolfram Sang (1): spi: sh-msiof: avoid integer overflow in constants Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Yosry Ahmed (1): mm: zswap: fix missing folio cleanup in writeback race path Yu Kuai (1): md: Fix missing release of 'active_io' for flush Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (1): ext4: correct the hole length returned by ext4_map_blocks() Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return zhenwei pi (1): crypto: virtio/akcipher - Fix stack overflow on memcpy

1 year, 6 months

1
1
0 0

Linux 5.10.211

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.211 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 arch/arm/boot/dts/imx6sx.dtsi | 6 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/rockchip/px30.dtsi | 2 arch/arm64/kvm/vgic/vgic-its.c | 5 arch/powerpc/kernel/hw_breakpoint.c | 76 arch/s390/pci/pci.c | 2 arch/x86/include/asm/cpu_entry_area.h | 2 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/include/asm/text-patching.h | 30 arch/x86/include/asm/uaccess.h | 142 + arch/x86/kernel/alternative.c | 13 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/paravirt.c | 22 arch/x86/kernel/static_call.c | 2 arch/x86/net/bpf_jit_comp.c | 2 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/ataflop.c | 56 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/dma/ti/edma.c | 10 drivers/firewire/core-card.c | 18 drivers/firmware/efi/arm-runtime.c | 2 drivers/firmware/efi/efi-init.c | 19 drivers/firmware/efi/riscv-runtime.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/hw/qedr/verbs.c | 11 drivers/infiniband/ulp/srpt/ib_srpt.c | 17 drivers/input/serio/i8042-acpipnpio.h | 8 drivers/irqchip/irq-mips-gic.c | 2 drivers/md/dm-crypt.c | 6 drivers/media/pci/ttpci/av7110_av.c | 4 drivers/mtd/nand/spi/macronix.c | 20 drivers/net/ethernet/microchip/lan743x_ethtool.c | 9 drivers/net/gtp.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 14 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 10 drivers/nvme/host/fc.c | 47 drivers/nvme/target/fc.c | 11 drivers/nvme/target/fcloop.c | 6 drivers/nvme/target/tcp.c | 1 drivers/pci/msi.c | 2 drivers/platform/x86/intel-vbtn.c | 6 drivers/regulator/pwm-regulator.c | 3 drivers/s390/cio/device_ops.c | 6 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-hisi-sfc-v3xx.c | 5 drivers/spi/spi-sh-msiof.c | 16 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/tty/hvc/hvc_xen.c | 19 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 29 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/btrfs/ctree.h | 2 fs/btrfs/dir-item.c | 122 - fs/btrfs/inode.c | 48 fs/btrfs/tree-checker.c | 25 fs/btrfs/tree-log.c | 14 fs/cifs/smb2ops.c | 19 fs/cifs/smb2pdu.c | 93 - fs/cifs/smb2proto.h | 12 fs/erofs/decompressor.c | 24 fs/ext4/extents.c | 111 - fs/ext4/mballoc.c | 33 fs/jbd2/checkpoint.c | 137 - fs/zonefs/super.c | 68 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/linux/sched/task_stack.h | 2 include/linux/socket.h | 5 include/net/tcp.h | 2 kernel/sched/rt.c | 10 kernel/seccomp.c | 10 kernel/sysctl.c | 4 mm/userfaultfd.c | 14 net/core/dev.c | 2 net/core/dev_ioctl.c | 2 net/hsr/hsr_framereg.c | 16 net/hsr/hsr_framereg.h | 1 net/ipv4/arp.c | 3 net/ipv4/devinet.c | 21 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/mptcp/diag.c | 6 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 12 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 709 -------- net/sched/sch_cbq.c | 1816 ---------------------- net/sched/sch_dsmark.c | 521 ------ net/tls/tls_main.c | 2 net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 2 sound/soc/fsl/fsl_micfil.c | 15 sound/soc/intel/boards/bytcht_es8316.c | 14 sound/soc/intel/boards/bytcr_rt5640.c | 46 sound/soc/intel/boards/bytcr_rt5651.c | 41 sound/soc/sunxi/sun4i-spdif.c | 5 123 files changed, 1257 insertions(+), 3684 deletions(-) Andrew Bresticker (2): efi: runtime: Fix potential overflow of soft-reserved region size efi: Don't add memblocks for soft-reserved memory Andy Shevchenko (1): ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use Armin Wolf (1): drm/amd/display: Fix memory leak in dm_sw_fini() Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (3): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: regenerate buddy after block freeing failed if under fc replay Bart Van Assche (2): RDMA/srpt: Support specifying the srpt_service_guid parameter fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Benjamin Gray (1): powerpc/watchpoints: Annotate atomic context in more places Borislav Petkov (1): task_stack, x86/cea: Force-inline stack helpers Borislav Petkov (AMD) (2): Revert "x86/ftrace: Use alternative RET encoding" Revert "x86/alternative: Make custom return thunk unconditional" Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Damien Le Moal (1): zonefs: Improve error handling Dan Carpenter (1): media: av7110: prevent underflow in write_ts_to_decoder() Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (4): nvme-fc: do not wait in vain when unloading module nvmet-fcloop: swap the list_add_tail arguments nvmet-fc: release reference on target port nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Devyn Liu (1): spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (2): ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Filipe Manana (2): btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero Gao Xiang (1): erofs: fix lz4 inplace decompression Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.10.211 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Heiko Stuebner (1): arm64: dts: rockchip: set num-cs property for spi on px30 Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jan Beulich (1): x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Jiaxun Yang (1): irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable Johannes Berg (2): iwlwifi: mvm: do more useful queue sync accounting iwlwifi: mvm: write queue_sync_state only for sync Josef Bacik (1): btrfs: tree-checker: check for overlapping extent items Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kamal Heib (1): RDMA/qedr: Fix qedr_create_user_qp error flow Kees Cook (2): seccomp: Invalidate seccomp mode to catch death failures net: dev: Convert sa_data to flexible array in struct sockaddr Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Kuniyuki Iwashima (1): arp: Prevent overflow in arp_req_get(). Kunwu Chan (1): dmaengine: ti: edma: Add some null pointer checks to the edma_probe Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Marcos Paulo de Souza (1): btrfs: introduce btrfs_lookup_match_dir Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Max Verevkin (1): platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Michael Schmitz (2): block: ataflop: fix breakage introduced at blk-mq refactoring block: ataflop: more blk-mq refactoring fixes Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Paolo Abeni (1): mptcp: fix lockless access in subflow ULP diag Paulo Alcantara (3): smb: client: fix OOB in receive_encrypted_standard() smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix parsing of SMB3.1.1 POSIX create context Peter Oberparleiter (1): s390/cio: fix invalid -EBUSY on ccw_device_start Peter Zijlstra (6): x86/uaccess: Implement macros for CMPXCHG on user addresses x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/ftrace: Use alternative RET encoding x86/returnthunk: Allow different return thunks x86/alternative: Make custom return thunk unconditional Pierre-Louis Bossart (2): ASoC: Intel: boards: harden codec property handling ASoC: Intel: boards: get codec device with ACPI instead of bus search Rafał Miłecki (1): ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ravi Bangoria (1): powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions Roger Pau Monne (1): hvc/xen: prevent concurrent accesses to the shared ring Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sebastian Andrzej Siewior (1): hsr: Avoid double remove of a node. Sergej Bauer (1): lan743x: fix for potential NULL pointer dereference with bare card Shengjiu Wang (1): ASoC: fsl_micfil: register platform component before registering cpu dai Shyam Prasad N (1): cifs: add a warning when the in-flight count goes negative Szilard Fabian (1): Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (2): spi: sh-msiof: avoid integer overflow in constants packet: move from strlcpy with unused retval to strscpy Xiaolei Wang (1): ARM: dts: imx: Set default tuning step for imx6sx usdhc Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (2): usb: roles: fix NULL pointer issue when put module's reference usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. YouChing Lin (1): mtd: spinand: macronix: Add support for MX35LFxGE4AD Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhang Yi (3): ext4: correct the hole length returned by ext4_map_blocks() jbd2: remove redundant buffer io error checks jbd2: recheck chechpointing non-dirty buffer Zhihao Cheng (1): jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 6 months

1
1
0 0

Linux 5.4.270

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.270 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/s390/pci/pci.c | 2 arch/x86/kernel/alternative.c | 13 drivers/ata/ahci.c | 34 drivers/ata/ahci.h | 1 drivers/block/virtio_blk.c | 7 drivers/dma/fsl-qdma.c | 2 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 drivers/gpu/drm/drm_syncobj.c | 16 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 18 drivers/md/dm-crypt.c | 6 drivers/md/dm-integrity.c | 11 drivers/net/gtp.c | 10 drivers/nvme/target/fc.c | 8 drivers/nvme/target/tcp.c | 1 drivers/pci/controller/pci-tegra.c | 17 drivers/pci/msi.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 23 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/scsi/lpfc/lpfc_scsi.c | 12 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/spi/spi-mt7621.c | 8 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/cdns3/gadget.c | 8 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/afs/volume.c | 4 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/iomap/buffered-io.c | 3 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/linux/lockdep.h | 5 include/net/tcp.h | 1 kernel/sched/rt.c | 10 kernel/sysctl.c | 4 mm/memcontrol.c | 6 mm/userfaultfd.c | 14 net/bridge/br_device.c | 2 net/ipv4/af_inet.c | 2 net/ipv4/devinet.c | 21 net/ipv4/tcp.c | 27 net/ipv4/tcp_input.c | 4 net/ipv6/addrconf.c | 21 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_proto_sctp.c | 2 net/netfilter/nf_tables_api.c | 1 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1818 ---------------------- net/sched/sch_dsmark.c | 523 ------ net/tls/tls_sw.c | 12 net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + sound/pci/hda/patch_realtek.c | 6 sound/soc/sunxi/sun4i-spdif.c | 5 tools/testing/selftests/bpf/test_verifier.c | 13 virt/kvm/arm/vgic/vgic-its.c | 5 79 files changed, 562 insertions(+), 3254 deletions(-) Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (2): RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Björn Töpel (1): selftests/bpf: Avoid running unprivileged tests with alignment requirements Chen-Yu Tsai (1): ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Christian König (1): drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Christophe JAILLET (2): spi: mt7621: Fix an error message in mt7621_spi_probe() PCI: tegra: Fix OF node reference leak Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Daniel Wagner (1): nvmet-fc: abort command when there is no binding Daniil Dulov (1): afs: Increase buffer size in afs_update_volume_status() Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Eric Dumazet (3): tcp: add annotations around sk->sk_shutdown accesses ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Erik Kurzinger (1): drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Florian Westphal (1): netfilter: nf_tables: set dormant flag on hook register failure Frank Li (2): usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() usb: cdns3: fix memory double free when handle zero packet Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (1): Linux 5.4.270 Guixin Liu (1): nvmet-tcp: fix nvme tcp ida memory leak Hannes Reinecke (1): scsi: lpfc: Use unsigned type for num_sge Icenowy Zheng (1): Revert "drm/sun4i: dsi: Change the start delay calculation" Jakub Kicinski (2): tls: rx: jump to a more appropriate label tls: rx: drop pointless else after goto Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (1): s390: use the correct count for __iowrite64_copy() Kai-Heng Feng (1): ALSA: hda/realtek - Enable micmute LED on and HP system Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Kirill A. Shutemov (1): x86/alternatives: Disable KASAN in apply_alternatives() Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lee Jones (1): pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Lennert Buytenhek (1): ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Matthew Wilcox (Oracle) (1): iomap: Set all uptodate bits for an Uptodate page Miaoqian Lin (1): pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (2): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() dm-crypt: don't modify the data when using authenticated encryption Nathan Chancellor (1): drm/amdgpu: Fix type of second parameter in trans_msg() callback Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Nikolay Aleksandrov (1): net: bridge: clear bridge's private skb space on xmit Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Pali Rohár (1): PCI: tegra: Fix reporting GPIO error value Paolo Abeni (1): tcp: factor out __tcp_close() helper Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Sabrina Dubroca (1): tls: stop recv() if initial process_rx_list gave us non-DATA Sireesh Kodali (1): arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Soheil Hassas Yeganeh (1): tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Trek (1): drm/amdgpu: Check for valid number of registers to read Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (2): dmaengine: shdma: increase size of 'dev_id' dmaengine: fsl-qdma: increase size of 'irq_name' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xin Long (1): netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 6 months

1
1
0 0

Linux 4.19.308

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.308 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-ep93xx/core.c | 1 arch/s390/pci/pci.c | 2 drivers/ata/ahci.c | 5 drivers/block/virtio_blk.c | 7 drivers/dma/sh/shdma.h | 2 drivers/firewire/core-card.c | 18 drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 drivers/hwmon/coretemp.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 drivers/infiniband/hw/hfi1/pio.c | 6 drivers/infiniband/hw/hfi1/sdma.c | 2 drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 drivers/infiniband/ulp/iser/iser_verbs.c | 9 drivers/infiniband/ulp/isert/ib_isert.c | 2 drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 10 drivers/infiniband/ulp/srpt/ib_srpt.c | 52 drivers/md/dm-crypt.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 65 drivers/net/gtp.c | 10 drivers/pci/msi.c | 2 drivers/regulator/pwm-regulator.c | 3 drivers/s390/net/qeth_l3_main.c | 9 drivers/scsi/Kconfig | 2 drivers/soc/renesas/r8a77980-sysc.c | 3 drivers/target/target_core_device.c | 5 drivers/target/target_core_transport.c | 4 drivers/usb/gadget/function/f_ncm.c | 10 drivers/usb/roles/class.c | 12 drivers/video/fbdev/savage/savagefb_driver.c | 3 drivers/video/fbdev/sis/sis_main.c | 2 fs/aio.c | 9 fs/ext4/mballoc.c | 13 fs/nilfs2/dat.c | 27 include/linux/fs.h | 2 include/rdma/rdma_vt.h | 2 kernel/sched/rt.c | 10 kernel/sysctl.c | 5 mm/memcontrol.c | 23 mm/userfaultfd.c | 14 net/ipv6/seg6.c | 20 net/l2tp/l2tp_ip6.c | 2 net/mac80211/sta_info.c | 2 net/mac80211/tx.c | 2 net/packet/af_packet.c | 4 net/sched/Kconfig | 42 net/sched/Makefile | 3 net/sched/sch_atm.c | 708 -------- net/sched/sch_cbq.c | 1823 ---------------------- net/sched/sch_dsmark.c | 519 ------ net/wireless/nl80211.c | 1 scripts/bpf_helpers_doc.py | 157 + virt/kvm/arm/vgic/vgic-its.c | 5 55 files changed, 411 insertions(+), 3258 deletions(-) Aaro Koskinen (1): net: stmmac: fix notifier registration Alexandra Winter (1): s390/qeth: Fix potential loss of L3-IP@ in case of network issues Andrii Nakryiko (2): scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions scripts/bpf: Fix xdp_md forward declaration typo Arnd Bergmann (2): RDMA/srpt: fix function pointer cast warnings nouveau: fix function cast warnings Baokun Li (2): ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Bart Van Assche (3): RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/srpt: Make debug output more detailed fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Conrad Kostecki (1): ahci: asm1166: correct count of reported ports Cyril Hrubis (3): sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Disallow writing invalid values to sched_rt_period_us Daniel Vacek (1): IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Dmitry Bogdanov (1): scsi: target: core: Add TMF to tmr_list handling Felix Fietkau (1): wifi: mac80211: fix race condition on enabling fast-xmit Fullway Wang (2): fbdev: savage: Error out if pixclock equals zero fbdev: sis: Error out if pixclock equals zero GONG, Ruiqi (1): memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Geert Uytterhoeven (1): pmdomain: renesas: r8a77980-sysc: CR7 must be always on Gianmarco Lusvardi (1): bpf, scripts: Correct GPL license name Greg Kroah-Hartman (2): stmmac: no need to check return value of debugfs_create functions Linux 4.19.308 Jamal Hadi Salim (3): net/sched: Retire CBQ qdisc net/sched: Retire ATM qdisc net/sched: Retire dsmark qdisc Jason Gunthorpe (2): RDMA/ulp: Use dev_name instead of ibdev->name s390: use the correct count for __iowrite64_copy() Kalesh AP (1): RDMA/bnxt_re: Return error for SRQ resize Krishna Kurapati (1): usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Lokesh Gidra (1): userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Martin Blumenstingl (1): regulator: pwm-regulator: Add validity checks in continuous .get_voltage Michal Kazior (1): wifi: cfg80211: fix missing interfaces when dumping Mikulas Patocka (1): dm-crypt: don't modify the data when using authenticated encryption Nikita Shubin (1): ARM: ep93xx: Add terminator to gpiod_lookup_table Oliver Upton (2): KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Randy Dunlap (1): scsi: jazz_esp: Only build if SCSI core is builtin Roman Gushchin (1): mm: memcontrol: switch to rcu protection in drain_all_stock() Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests Takashi Sakamoto (1): firewire: core: send bus reset promptly on gap count error Tom Parkin (1): l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev (2): gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() ipv6: sr: fix possible use-after-free and null-ptr-deref Vidya Sagar (1): PCI/MSI: Prevent MSI hardware interrupt number truncation Vinod Koul (1): dmaengine: shdma: increase size of 'dev_id' Wolfram Sang (1): packet: move from strlcpy with unused retval to strscpy Xu Yang (1): usb: roles: don't get/set_role() when usb_role_switch is unregistered Yi Sun (1): virtio-blk: Ensure no requests in virtqueues before deleting vqs. Zhang Rui (1): hwmon: (coretemp) Enlarge per package core count limit Zhipeng Lu (1): IB/hfi1: Fix a memleak in init_credit_return

1 year, 6 months

1
1
0 0

RE: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

by Simon Kirby

Hi, I bisected a regression where reading from a Bluetooth device gets stuck in recvfrom() calls. The device here is a Wii Balance Board, using https://github.com/initialstate/beerfridge/blob/master/wiiboard_test.py; this worked fine in v6.6.1 and v6.6.8, but when I tried on a v6.6.14 build, the script no longer outputs any readings. 1d576c3a5af850bf11fbd103f9ba11aa6d6061fb is the first bad commit which maps to upstream commit 2e07e8348ea454615e268222ae3fc240421be768: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg With this commit in place, as also in v6.7 and v6.7.6, the script does not output anything _unless_ I strace the process, in which case a bunch of recvmsg() syscalls are shown, and then it hangs again. If I ^C the strace and run it a few times, eventually the script will get enough data and output a reading. If I don't strace the script, a hung task warning appears: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u9:1 state:D stack:0 pid:121 tgid:121 ppid:2 flags:0x00004000 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> On 6.8-rc6 with lockdep enabled, I get the following output: [ 22.122337] wlan0: associated [ 4547.622339] INFO: task kworker/u9:1:3528 blocked for more than 30 seconds. [ 4547.622530] ===================================================== [ 4547.622531] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 4547.622535] 6.8.0-rc6-lemon #190 Not tainted [ 4547.622538] ----------------------------------------------------- [ 4547.622540] khungtaskd/39 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 4547.622546] ffff888101554cf8 ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0}, at: __flush_work+0x4b/0x3f0 [ 4547.622569] and this task is already holding: [ 4547.622571] ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622586] which would create a new lock dependency: [ 4547.622587] (console_owner){....}-{0:0} -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622596] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 4547.622598] (&trans_pcie->irq_lock){+.-.}-{3:3} [ 4547.622601] ... which became SOFTIRQ-irq-safe at: [ 4547.622603] lock_acquire+0xb0/0x280 [ 4547.622611] _raw_spin_lock+0x2b/0x40 [ 4547.622618] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622627] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622634] net_rx_action+0x137/0x2a0 [ 4547.622639] __do_softirq+0xc7/0x402 [ 4547.622645] do_softirq+0x42/0xa0 [ 4547.622651] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622657] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622665] irq_thread_fn+0x1b/0x60 [ 4547.622670] irq_thread+0xe0/0x190 [ 4547.622675] kthread+0xe3/0x120 [ 4547.622679] ret_from_fork+0x2c/0x50 [ 4547.622684] ret_from_fork_asm+0x1b/0x30 [ 4547.622692] to a SOFTIRQ-irq-unsafe lock: [ 4547.622694] ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} [ 4547.622698] ... which became SOFTIRQ-irq-unsafe at: [ 4547.622699] ... [ 4547.622700] lock_acquire+0xb0/0x280 [ 4547.622706] process_one_work+0x199/0x480 [ 4547.622713] worker_thread+0x1be/0x3b0 [ 4547.622719] kthread+0xe3/0x120 [ 4547.622722] ret_from_fork+0x2c/0x50 [ 4547.622725] ret_from_fork_asm+0x1b/0x30 [ 4547.622731] other info that might help us debug this: [ 4547.622732] Chain exists of: &trans_pcie->irq_lock --> console_owner --> (work_completion)(&(&ops->cursor_work)->work) [ 4547.622739] Possible interrupt unsafe locking scenario: [ 4547.622741] CPU0 CPU1 [ 4547.622742] ---- ---- [ 4547.622742] lock((work_completion)(&(&ops->cursor_work)->work)); [ 4547.622745] local_irq_disable(); [ 4547.622746] lock(&trans_pcie->irq_lock); [ 4547.622749] lock(console_owner); [ 4547.622751] <Interrupt> [ 4547.622752] lock(&trans_pcie->irq_lock); [ 4547.622754] *** DEADLOCK *** [ 4547.622755] 5 locks held by khungtaskd/39: [ 4547.622759] #0: ffffffff836f14e0 (rcu_read_lock){....}-{1:3}, at: watchdog+0xd8/0x7b0 [ 4547.622778] #1: ffffffff836ee820 (console_lock){+.+.}-{0:0}, at: _printk+0x47/0x50 [ 4547.622789] #2: ffffffff836ee870 (console_srcu){....}-{0:0}, at: console_flush_all+0x74/0x4e0 [ 4547.622800] #3: ffffffff8367e600 (console_owner){....}-{0:0}, at: console_flush_all+0x1c9/0x4e0 [ 4547.622810] #4: ffffffff837d8758 (printing_lock){....}-{3:3}, at: vt_console_print+0x47/0x430 [ 4547.622822] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 4547.622824] -> (&trans_pcie->irq_lock){+.-.}-{3:3} { [ 4547.622830] HARDIRQ-ON-W at: [ 4547.622833] lock_acquire+0xb0/0x280 [ 4547.622839] _raw_spin_lock_bh+0x33/0x40 [ 4547.622845] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.622853] iwl_pci_probe+0x28/0x810 [ 4547.622859] pci_device_probe+0x94/0x120 [ 4547.622865] really_probe+0x15e/0x2f0 [ 4547.622872] __driver_probe_device+0x6e/0x110 [ 4547.622878] driver_probe_device+0x1a/0xe0 [ 4547.622884] __driver_attach+0x87/0x190 [ 4547.622890] bus_for_each_dev+0x66/0xb0 [ 4547.622894] bus_add_driver+0xea/0x1f0 [ 4547.622898] driver_register+0x54/0x100 [ 4547.622905] iwl_pci_register_driver+0x1a/0x40 [ 4547.622911] do_one_initcall+0x50/0x250 [ 4547.622918] kernel_init_freeable+0x243/0x3e0 [ 4547.622927] kernel_init+0x15/0x1a0 [ 4547.622931] ret_from_fork+0x2c/0x50 [ 4547.622935] ret_from_fork_asm+0x1b/0x30 [ 4547.622941] IN-SOFTIRQ-W at: [ 4547.622943] lock_acquire+0xb0/0x280 [ 4547.622948] _raw_spin_lock+0x2b/0x40 [ 4547.622953] iwl_pcie_napi_poll+0x7a/0x130 [ 4547.622961] __napi_poll.constprop.0+0x23/0x1e0 [ 4547.622966] net_rx_action+0x137/0x2a0 [ 4547.622971] __do_softirq+0xc7/0x402 [ 4547.622978] do_softirq+0x42/0xa0 [ 4547.622983] __local_bh_enable_ip+0xb8/0xd0 [ 4547.622989] iwl_pcie_irq_handler+0x539/0xb70 [ 4547.622996] irq_thread_fn+0x1b/0x60 [ 4547.623002] irq_thread+0xe0/0x190 [ 4547.623006] kthread+0xe3/0x120 [ 4547.623011] ret_from_fork+0x2c/0x50 [ 4547.623014] ret_from_fork_asm+0x1b/0x30 [ 4547.623020] INITIAL USE at: [ 4547.623022] lock_acquire+0xb0/0x280 [ 4547.623027] _raw_spin_lock_bh+0x33/0x40 [ 4547.623032] iwl_trans_pcie_alloc+0x2fd/0x990 [ 4547.623038] iwl_pci_probe+0x28/0x810 [ 4547.623043] pci_device_probe+0x94/0x120 [ 4547.623047] really_probe+0x15e/0x2f0 [ 4547.623053] __driver_probe_device+0x6e/0x110 [ 4547.623059] driver_probe_device+0x1a/0xe0 [ 4547.623064] __driver_attach+0x87/0x190 [ 4547.623070] bus_for_each_dev+0x66/0xb0 [ 4547.623073] bus_add_driver+0xea/0x1f0 [ 4547.623077] driver_register+0x54/0x100 [ 4547.623084] iwl_pci_register_driver+0x1a/0x40 [ 4547.623090] do_one_initcall+0x50/0x250 [ 4547.623096] kernel_init_freeable+0x243/0x3e0 [ 4547.623103] kernel_init+0x15/0x1a0 [ 4547.623107] ret_from_fork+0x2c/0x50 [ 4547.623110] ret_from_fork_asm+0x1b/0x30 [ 4547.623116] } [ 4547.623118] ... key at: [<ffffffff8502fe90>] __key.20+0x0/0x10 [ 4547.623129] -> (&trans_pcie->reg_lock){+...}-{3:3} { [ 4547.623134] HARDIRQ-ON-W at: [ 4547.623137] lock_acquire+0xb0/0x280 [ 4547.623142] _raw_spin_lock_bh+0x33/0x40 [ 4547.623147] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623151] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623160] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623165] iwl_pci_probe+0x42/0x810 [ 4547.623171] pci_device_probe+0x94/0x120 [ 4547.623175] really_probe+0x15e/0x2f0 [ 4547.623181] __driver_probe_device+0x6e/0x110 [ 4547.623186] driver_probe_device+0x1a/0xe0 [ 4547.623192] __driver_attach+0x87/0x190 [ 4547.623197] bus_for_each_dev+0x66/0xb0 [ 4547.623201] bus_add_driver+0xea/0x1f0 [ 4547.623205] driver_register+0x54/0x100 [ 4547.623211] iwl_pci_register_driver+0x1a/0x40 [ 4547.623217] do_one_initcall+0x50/0x250 [ 4547.623223] kernel_init_freeable+0x243/0x3e0 [ 4547.623229] kernel_init+0x15/0x1a0 [ 4547.623233] ret_from_fork+0x2c/0x50 [ 4547.623236] ret_from_fork_asm+0x1b/0x30 [ 4547.623242] INITIAL USE at: [ 4547.623244] lock_acquire+0xb0/0x280 [ 4547.623249] _raw_spin_lock_bh+0x33/0x40 [ 4547.623254] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623257] iwl_pcie_set_hw_ready+0x1e/0xa0 [ 4547.623266] iwl_pcie_prepare_card_hw+0x33/0x100 [ 4547.623271] iwl_pci_probe+0x42/0x810 [ 4547.623277] pci_device_probe+0x94/0x120 [ 4547.623281] really_probe+0x15e/0x2f0 [ 4547.623286] __driver_probe_device+0x6e/0x110 [ 4547.623292] driver_probe_device+0x1a/0xe0 [ 4547.623297] __driver_attach+0x87/0x190 [ 4547.623303] bus_for_each_dev+0x66/0xb0 [ 4547.623306] bus_add_driver+0xea/0x1f0 [ 4547.623310] driver_register+0x54/0x100 [ 4547.623316] iwl_pci_register_driver+0x1a/0x40 [ 4547.623323] do_one_initcall+0x50/0x250 [ 4547.623328] kernel_init_freeable+0x243/0x3e0 [ 4547.623334] kernel_init+0x15/0x1a0 [ 4547.623338] ret_from_fork+0x2c/0x50 [ 4547.623342] ret_from_fork_asm+0x1b/0x30 [ 4547.623347] } [ 4547.623348] ... key at: [<ffffffff8502fe80>] __key.19+0x0/0x10 [ 4547.623358] ... acquired at: [ 4547.623359] _raw_spin_lock_bh+0x33/0x40 [ 4547.623364] iwl_trans_pcie_set_bits_mask+0x25/0x60 [ 4547.623368] iwl_pcie_apm_init+0x6e/0x1c0 [ 4547.623372] iwl_trans_pcie_start_fw+0x224/0x670 [ 4547.623377] iwl_mvm_load_ucode_wait_alive+0xd3/0x5a0 [ 4547.623383] iwl_run_init_mvm_ucode+0x8c/0x3a0 [ 4547.623387] iwl_mvm_start_get_nvm+0x87/0x210 [ 4547.623393] iwl_op_mode_mvm_start+0x962/0xb30 [ 4547.623399] _iwl_op_mode_start.isra.0+0x72/0xb0 [ 4547.623403] iwl_opmode_register+0x6a/0xe0 [ 4547.623408] iwl_mvm_init+0x21/0x60 [ 4547.623413] do_one_initcall+0x50/0x250 [ 4547.623419] kernel_init_freeable+0x243/0x3e0 [ 4547.623425] kernel_init+0x15/0x1a0 [ 4547.623429] ret_from_fork+0x2c/0x50 [ 4547.623432] ret_from_fork_asm+0x1b/0x30 [ 4547.623441] -> (console_owner){....}-{0:0} { [ 4547.623446] INITIAL USE at: [ 4547.623452] lock_acquire+0xb0/0x280 [ 4547.623457] console_flush_all+0x1f2/0x4e0 [ 4547.623463] console_unlock+0x33/0x110 [ 4547.623469] vprintk_emit+0x9f/0x320 [ 4547.623475] _printk+0x47/0x50 [ 4547.623479] register_console+0x34b/0x4d0 [ 4547.623485] con_init+0x200/0x270 [ 4547.623494] console_init+0x4a/0x1e0 [ 4547.623504] start_kernel+0x2b9/0x660 [ 4547.623510] x86_64_start_reservations+0x18/0x30 [ 4547.623517] x86_64_start_kernel+0xad/0xc0 [ 4547.623522] secondary_startup_64_no_verify+0x170/0x17b [ 4547.623528] } [ 4547.623529] ... key at: [<ffffffff8367e600>] console_owner_dep_map+0x0/0x28 [ 4547.623538] ... acquired at: [ 4547.623540] console_flush_all+0x1f2/0x4e0 [ 4547.623545] console_unlock+0x33/0x110 [ 4547.623551] vprintk_emit+0x9f/0x320 [ 4547.623557] dev_vprintk_emit+0xce/0x160 [ 4547.623562] dev_printk_emit+0x3d/0x50 [ 4547.623566] _dev_info+0x5b/0x70 [ 4547.623572] __iwl_info+0x58/0x60 [ 4547.623576] iwl_pci_probe+0x11c/0x810 [ 4547.623582] pci_device_probe+0x94/0x120 [ 4547.623587] really_probe+0x15e/0x2f0 [ 4547.623592] __driver_probe_device+0x6e/0x110 [ 4547.623598] driver_probe_device+0x1a/0xe0 [ 4547.623603] __driver_attach+0x87/0x190 [ 4547.623609] bus_for_each_dev+0x66/0xb0 [ 4547.623612] bus_add_driver+0xea/0x1f0 [ 4547.623616] driver_register+0x54/0x100 [ 4547.623622] iwl_pci_register_driver+0x1a/0x40 [ 4547.623629] do_one_initcall+0x50/0x250 [ 4547.623634] kernel_init_freeable+0x243/0x3e0 [ 4547.623640] kernel_init+0x15/0x1a0 [ 4547.623644] ret_from_fork+0x2c/0x50 [ 4547.623648] ret_from_fork_asm+0x1b/0x30 [ 4547.623654] the dependencies between the lock to be acquired [ 4547.623655] and SOFTIRQ-irq-unsafe lock: [ 4547.623665] -> ((work_completion)(&(&ops->cursor_work)->work)){+.+.}-{0:0} { [ 4547.623670] HARDIRQ-ON-W at: [ 4547.623672] lock_acquire+0xb0/0x280 [ 4547.623677] process_one_work+0x199/0x480 [ 4547.623684] worker_thread+0x1be/0x3b0 [ 4547.623690] kthread+0xe3/0x120 [ 4547.623694] ret_from_fork+0x2c/0x50 [ 4547.623698] ret_from_fork_asm+0x1b/0x30 [ 4547.623704] SOFTIRQ-ON-W at: [ 4547.623705] lock_acquire+0xb0/0x280 [ 4547.623710] process_one_work+0x199/0x480 [ 4547.623716] worker_thread+0x1be/0x3b0 [ 4547.623722] kthread+0xe3/0x120 [ 4547.623725] ret_from_fork+0x2c/0x50 [ 4547.623729] ret_from_fork_asm+0x1b/0x30 [ 4547.623734] INITIAL USE at: [ 4547.623736] lock_acquire+0xb0/0x280 [ 4547.623741] process_one_work+0x199/0x480 [ 4547.623747] worker_thread+0x1be/0x3b0 [ 4547.623753] kthread+0xe3/0x120 [ 4547.623757] ret_from_fork+0x2c/0x50 [ 4547.623760] ret_from_fork_asm+0x1b/0x30 [ 4547.623766] } [ 4547.623767] ... key at: [<ffffffff850211b0>] __key.1+0x0/0x10 [ 4547.623775] ... acquired at: [ 4547.623777] lock_acquire+0xb0/0x280 [ 4547.623781] __flush_work+0x56/0x3f0 [ 4547.623789] __cancel_work_timer+0xd3/0x160 [ 4547.623796] fbcon_cursor+0x138/0x170 [ 4547.623802] hide_cursor+0x26/0xc0 [ 4547.623807] vt_console_print+0x41e/0x430 [ 4547.623814] console_flush_all+0x206/0x4e0 [ 4547.623820] console_unlock+0x33/0x110 [ 4547.623825] vprintk_emit+0x9f/0x320 [ 4547.623831] _printk+0x47/0x50 [ 4547.623834] watchdog+0x53a/0x7b0 [ 4547.623838] kthread+0xe3/0x120 [ 4547.623841] ret_from_fork+0x2c/0x50 [ 4547.623845] ret_from_fork_asm+0x1b/0x30 [ 4547.623851] stack backtrace: [ 4547.623854] CPU: 2 PID: 39 Comm: khungtaskd Not tainted 6.8.0-rc6-lemon #190 [ 4547.623860] Hardware name: LENOVO 80MK/VIUU4, BIOS C6CN29WW 09/02/2015 [ 4547.623862] Call Trace: [ 4547.623865] <TASK> [ 4547.623867] dump_stack_lvl+0x4a/0x80 [ 4547.623879] check_irq_usage+0x8aa/0xb10 [ 4547.623886] ? check_path.constprop.0+0x24/0x50 [ 4547.623896] ? check_noncircular+0x6d/0x120 [ 4547.623902] ? __lock_acquire+0x146a/0x25c0 [ 4547.623907] __lock_acquire+0x146a/0x25c0 [ 4547.623913] lock_acquire+0xb0/0x280 [ 4547.623918] ? __flush_work+0x4b/0x3f0 [ 4547.623925] ? __flush_work+0x4b/0x3f0 [ 4547.623932] __flush_work+0x56/0x3f0 [ 4547.623939] ? __flush_work+0x4b/0x3f0 [ 4547.623946] ? __lock_acquire+0x3ef/0x25c0 [ 4547.623952] __cancel_work_timer+0xd3/0x160 [ 4547.623960] fbcon_cursor+0x138/0x170 [ 4547.623965] hide_cursor+0x26/0xc0 [ 4547.623971] vt_console_print+0x41e/0x430 [ 4547.623977] ? lock_release+0xb5/0x230 [ 4547.623982] ? console_flush_all+0x1c9/0x4e0 [ 4547.623988] console_flush_all+0x206/0x4e0 [ 4547.623994] ? console_flush_all+0x1c9/0x4e0 [ 4547.624001] console_unlock+0x33/0x110 [ 4547.624007] vprintk_emit+0x9f/0x320 [ 4547.624013] _printk+0x47/0x50 [ 4547.624017] watchdog+0x53a/0x7b0 [ 4547.624021] ? __pfx_watchdog+0x10/0x10 [ 4547.624025] kthread+0xe3/0x120 [ 4547.624029] ? __pfx_kthread+0x10/0x10 [ 4547.624033] ret_from_fork+0x2c/0x50 [ 4547.624037] ? __pfx_kthread+0x10/0x10 [ 4547.624041] ret_from_fork_asm+0x1b/0x30 [ 4547.624049] </TASK> [ 4548.028173] Not tainted 6.8.0-rc6-lemon #190 [ 4548.029491] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4548.031047] task:kworker/u9:1 state:D stack:0 pid:3528 tgid:3528 ppid:2 flags:0x00004000 [ 4548.032620] Workqueue: hci0 hci_rx_work [ 4548.034099] Call Trace: [ 4548.035572] <TASK> [ 4548.036925] __schedule+0x427/0xd10 [ 4548.038382] ? schedule+0xf7/0x140 [ 4548.039822] schedule+0x45/0x140 [ 4548.041201] __lock_sock+0x86/0xf0 [ 4548.042601] ? __pfx_autoremove_wake_function+0x10/0x10 [ 4548.044030] lock_sock_nested+0x61/0x70 [ 4548.045390] l2cap_sock_recv_cb+0x21/0xa0 [ 4548.046842] l2cap_recv_frame+0x5be/0x2e70 [ 4548.048283] ? hci_rx_work+0x431/0x830 [ 4548.049701] ? lock_release+0xb5/0x230 [ 4548.051145] ? __mutex_unlock_slowpath+0x25/0x270 [ 4548.052524] hci_rx_work+0x457/0x830 [ 4548.053945] ? process_one_work+0x157/0x480 [ 4548.055460] process_one_work+0x1ca/0x480 [ 4548.056862] worker_thread+0x1be/0x3b0 [ 4548.058281] ? __pfx_worker_thread+0x10/0x10 [ 4548.059783] kthread+0xe3/0x120 [ 4548.061141] ? __pfx_kthread+0x10/0x10 [ 4548.062600] ret_from_fork+0x2c/0x50 [ 4548.064064] ? __pfx_kthread+0x10/0x10 [ 4548.065436] ret_from_fork_asm+0x1b/0x30 [ 4548.066867] </TASK> [ 4548.068313] INFO: lockdep is turned off. # cat /proc/3526/stack [<0>] __skb_wait_for_more_packets+0xfa/0x150 [<0>] __skb_recv_datagram+0x59/0xa0 [<0>] skb_recv_datagram+0x29/0x40 [<0>] bt_sock_recvmsg+0x42/0x1c0 [<0>] l2cap_sock_recvmsg+0x5d/0x170 [<0>] __sys_recvfrom+0x14e/0x160 [<0>] __x64_sys_recvfrom+0x1f/0x30 [<0>] do_syscall_64+0x75/0x150 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 This is on my laptop with iwlwifi, but at first I saw it on my desktop with Ethernet (and Intel 9260 Bluetooth). I can get another lockdep capture if that would be helpful. Simon-

1 year, 6 months

3
3
0 0

[PATCH v2] PM: suspend: Set mem_sleep_current during kernel command line setup

by Maulik Shah

psci_init_system_suspend() invokes suspend_set_ops() very early during bootup even before kernel command line for mem_sleep_default is setup. This leads to kernel command line mem_sleep_default=s2idle not working as mem_sleep_current gets changed to deep via suspend_set_ops() and never changes back to s2idle. Set mem_sleep_current along with mem_sleep_default during kernel command line setup as default suspend mode. Fixes: faf7ec4a92c0 ("drivers: firmware: psci: add system suspend support") CC: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Maulik Shah <quic_mkshah(a)quicinc.com> --- Changes in v2: - Set mem_sleep_current during mem_sleep_default kernel command line setup - Update commit message accordingly - Retain Fixes: tag - Link to v1: https://lore.kernel.org/r/20240219-suspend_ops_late_init-v1-1-6330ca9597fa@… --- kernel/power/suspend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/power/suspend.c b/kernel/power/suspend.c index 742eb26618cc..e3ae93bbcb9b 100644 --- a/kernel/power/suspend.c +++ b/kernel/power/suspend.c @@ -192,6 +192,7 @@ static int __init mem_sleep_default_setup(char *str) if (mem_sleep_labels[state] && !strcmp(str, mem_sleep_labels[state])) { mem_sleep_default = state; + mem_sleep_current = state; break; } --- base-commit: d37e1e4c52bc60578969f391fb81f947c3e83118 change-id: 20240219-suspend_ops_late_init-27fb0b15baee Best regards, -- Maulik Shah <quic_mkshah(a)quicinc.com>

1 year, 6 months

3
2
0 0

[PATCH] ubi: eba: properly rollback inside self_check_eba

by Fedor Pchelkin

In case of a memory allocation failure in the volumes loop we can only process the already allocated scan_eba and fm_eba array elements on the error path - others are still uninitialized. Found by Linux Verification Center (linuxtesting.org). Fixes: 00abf3041590 ("UBI: Add self_check_eba()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/mtd/ubi/eba.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 8d1f0e05892c..6f5eadb1598d 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -1557,6 +1557,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, GFP_KERNEL); if (!fm_eba[i]) { ret = -ENOMEM; + kfree(scan_eba[i]); goto out_free; } @@ -1592,7 +1593,7 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, } out_free: - for (i = 0; i < num_volumes; i++) { + while (--i >= 0) { if (!ubi->volumes[i]) continue; -- 2.43.2

1 year, 6 months

2
1
0 0

[PATCH 4.19.y 8/9] loop: Check for overflow while configuring loop

by Genjian

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit c490a0b5a4f36da3918181a8acdc6991d967c5f3 ] The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the offset. loop_device has lo_offset of type loff_t (see line 52 of loop.c), which is typdef-chained to long long, whereas loop_info64 has lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h). The function directly copies offset from info to the device as follows (See line 980 of loop.c): lo->lo_offset = info->lo_offset; This results in an overflow, which triggers a warning in iomap_iter() due to a call to iomap_iter_done() which has: WARN_ON_ONCE(iter->iomap.offset > iter->pos); Thus, check for negative value during loop_set_status_from_info(). Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a2… Reported-and-tested-by: syzbot+a8e049cd3abd342936b6(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20220823160810.181275-1-code@siddh.me Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Genjian Zhang <zhanggenjian(a)kylinos.cn> --- drivers/block/loop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 0fefd21f0c71..c1caa3e2355f 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1271,6 +1271,11 @@ loop_set_status_from_info(struct loop_device *lo, lo->lo_offset = info->lo_offset; lo->lo_sizelimit = info->lo_sizelimit; + + /* loff_t vars have been assigned __u64 */ + if (lo->lo_offset < 0 || lo->lo_sizelimit < 0) + return -EOVERFLOW; + memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE); memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE); lo->lo_file_name[LO_NAME_SIZE-1] = 0; -- 2.25.1

1 year, 6 months

1
0
0 0

GET BACK TO ME

by Hala Farooq Almoayyed

1 year, 6 months

1
0
0 0

[PATCH -fixes v4 2/3] riscv: Add a custom ISA extension for the [ms]envcfg CSR

by Samuel Holland

The [ms]envcfg CSR was added in version 1.12 of the RISC-V privileged ISA (aka S[ms]1p12). However, bits in this CSR are defined by several other extensions which may be implemented separately from any particular version of the privileged ISA (for example, some unrelated errata may prevent an implementation from claiming conformance with Ss1p12). As a result, Linux cannot simply use the privileged ISA version to determine if the CSR is present. It must also check if any of these other extensions are implemented. It also cannot probe the existence of the CSR at runtime, because Linux does not require Sstrict, so (in the absence of additional information) it cannot know if a CSR at that address is [ms]envcfg or part of some non-conforming vendor extension. Since there are several standard extensions that imply the existence of the [ms]envcfg CSR, it becomes unwieldy to check for all of them wherever the CSR is accessed. Instead, define a custom Xlinuxenvcfg ISA extension bit that is implied by the other extensions and denotes that the CSR exists as defined in the privileged ISA, containing at least one of the fields common between menvcfg and senvcfg. This extension does not need to be parsed from the devicetree or ISA string because it can only be implemented as a subset of some other standard extension. Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v4: - New patch for v4 arch/riscv/include/asm/hwcap.h | 2 ++ arch/riscv/kernel/cpufeature.c | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/riscv/include/asm/hwcap.h b/arch/riscv/include/asm/hwcap.h index 5340f818746b..1f2d2599c655 100644 --- a/arch/riscv/include/asm/hwcap.h +++ b/arch/riscv/include/asm/hwcap.h @@ -81,6 +81,8 @@ #define RISCV_ISA_EXT_ZTSO 72 #define RISCV_ISA_EXT_ZACAS 73 +#define RISCV_ISA_EXT_XLINUXENVCFG 127 + #define RISCV_ISA_EXT_MAX 128 #define RISCV_ISA_EXT_INVALID U32_MAX diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index c5b13f7dd482..dacffef68ce2 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -201,6 +201,16 @@ static const unsigned int riscv_zvbb_exts[] = { RISCV_ISA_EXT_ZVKB }; +/* + * While the [ms]envcfg CSRs were not defined until version 1.12 of the RISC-V + * privileged ISA, the existence of the CSRs is implied by any extension which + * specifies [ms]envcfg bit(s). Hence, we define a custom ISA extension for the + * existence of the CSR, and treat it as a subset of those other extensions. + */ +static const unsigned int riscv_xlinuxenvcfg_exts[] = { + RISCV_ISA_EXT_XLINUXENVCFG +}; + /* * The canonical order of ISA extension names in the ISA string is defined in * chapter 27 of the unprivileged specification. @@ -250,8 +260,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = { __RISCV_ISA_EXT_DATA(c, RISCV_ISA_EXT_c), __RISCV_ISA_EXT_DATA(v, RISCV_ISA_EXT_v), __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h), - __RISCV_ISA_EXT_DATA(zicbom, RISCV_ISA_EXT_ZICBOM), - __RISCV_ISA_EXT_DATA(zicboz, RISCV_ISA_EXT_ZICBOZ), + __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM, riscv_xlinuxenvcfg_exts), + __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ, riscv_xlinuxenvcfg_exts), __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR), __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND), __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR), -- 2.43.1

1 year, 6 months

4
5
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

1
0
0 0

Re: [REGRESSION] LVM-on-LVM: error while submitting device barriers

by Patrick Plenefisch

I'm unsure if this is just an LVM bug, or a BTRFS+LVM interaction bug, but LVM is definitely involved somehow. Upgrading from 5.10 to 6.1, I noticed one of my filesystems was read-only. In dmesg, I found: BTRFS error (device dm-75): bdev /dev/mapper/lvm-brokenDisk errs: wr 0, rd 0, flush 1, corrupt 0, gen 0 BTRFS warning (device dm-75): chunk 13631488 missing 1 devices, max tolerance is 0 for writable mount BTRFS: error (device dm-75) in write_all_supers:4379: errno=-5 IO failure (errors while submitting device barriers.) BTRFS info (device dm-75: state E): forced readonly BTRFS warning (device dm-75: state E): Skipping commit of aborted transaction. BTRFS: error (device dm-75: state EA) in cleanup_transaction:1992: errno=-5 IO failure At first I suspected a btrfs error, but a scrub found no errors, and it continued to be read-write on 5.10 kernels. Here is my setup: /dev/lvm/brokenDisk is a lvm-on-lvm volume. I have /dev/sd{a,b,c,d} (of varying sizes) in a lower VG, which has three LVs, all raid1 volumes. Two of the volumes are further used as PV's for an upper VGs. One of the upper VGs has no issues. The non-PV LV has no issue. The remaining one, /dev/lowerVG/lvmPool, hosting nested LVM, is used as a PV for VG "lvm", and has 3 volumes inside. Two of those volumes have no issues (and are btrfs), but the last one is /dev/lvm/brokenDisk. This volume is the only one that exhibits this behavior, so something is special. Or described as layers: /dev/sd{a,b,c,d} => PV => VG "lowerVG" /dev/lowerVG/single (RAID1 LV) => BTRFS, works fine /dev/lowerVG/works (RAID1 LV) => PV => VG "workingUpper" /dev/workingUpper/{a,b,c} => BTRFS, works fine /dev/lowerVG/lvmPool (RAID1 LV) => PV => VG "lvm" /dev/lvm/{a,b} => BTRFS, works fine /dev/lvm/brokenDisk => BTRFS, Exhibits errors After some investigation, here is what I've found: 1. This regression was introduced in 5.19. 5.18 and earlier kernels I can keep this filesystem rw and everything works as expected, while 5.19.0 and later the filesystem is immediately ro on any write attempt. I couldn't build rc1, but I did confirm rc2 already has this regression. 2. Passing /dev/lvm/brokenDisk to a KVM VM as /dev/vdb with an unaffected kernel inside the vm exhibits the ro barrier problem on unaffected kernels. 3. Passing /dev/lowerVG/lvmPool to a KVM VM as /dev/vdb with an affected kernel inside the VM and using LVM inside the VM exhibits correct behavior (I can keep the filesystem rw, no barrier errors on host or guest) 4. A discussion in IRC with BTRFS folks, and they think the BTRFS filesystem is fine (btrfs check and btrfs scrub also agree) 5. The dmesg error can be delayed indefinitely by not writing to the disk, or reading with noatime 6. This affects Debian, Ubuntu, NixOS, and Solus, so I'm fairly certain it's distro-agnostic, and purely a kernel issue. 7. I can't reproduce this with other LVM-on-LVM setups, so I think the asymmetric nature of the raid1 volume is potentially contributing 8. There are no new smart errors/failures on any of the disks, disks are healthy 9. I previously had raidintegrity=y and caching enabled. They didn't affect the issue #regzbot introduced v5.18..v5.19-rc2 Patrick

1 year, 6 months

3
5
0 0

[PATCH AUTOSEL 5.4 1/6] RDMA/mlx5: Relax DEVX access upon modify commands

by Sasha Levin

From: Yishai Hadas <yishaih(a)nvidia.com> [ Upstream commit be551ee1574280ef8afbf7c271212ac3e38933ef ] Relax DEVX access upon modify commands to be UVERBS_ACCESS_READ. The kernel doesn't need to protect what firmware protects, or what causes no damage to anyone but the user. As firmware needs to protect itself from parallel access to the same object, don't block parallel modify/query commands on the same object in the kernel side. This change will allow user space application to run parallel updates to different entries in the same bulk object. Tested-by: Tamar Mashiah <tmashiah(a)nvidia.com> Signed-off-by: Yishai Hadas <yishaih(a)nvidia.com> Reviewed-by: Michael Guralnik <michaelgur(a)nvidia.com> Link: https://lore.kernel.org/r/7407d5ed35dc427c1097699e12b49c01e1073406.17064339… Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/devx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c index 26cc7bbcdfe6a..7a3b56c150799 100644 --- a/drivers/infiniband/hw/mlx5/devx.c +++ b/drivers/infiniband/hw/mlx5/devx.c @@ -2811,7 +2811,7 @@ DECLARE_UVERBS_NAMED_METHOD( MLX5_IB_METHOD_DEVX_OBJ_MODIFY, UVERBS_ATTR_IDR(MLX5_IB_ATTR_DEVX_OBJ_MODIFY_HANDLE, UVERBS_IDR_ANY_OBJECT, - UVERBS_ACCESS_WRITE, + UVERBS_ACCESS_READ, UA_MANDATORY), UVERBS_ATTR_PTR_IN( MLX5_IB_ATTR_DEVX_OBJ_MODIFY_CMD_IN, -- 2.43.0

1 year, 6 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/8] RDMA/mlx5: Fix fortify source warning while accessing Eth segment

by Sasha Levin

From: Leon Romanovsky <leonro(a)nvidia.com> [ Upstream commit 4d5e86a56615cc387d21c629f9af8fb0e958d350 ] ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy [last unloaded: mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x72/0x90 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __warn+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x19/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] dev_hard_start_xmit+0x8e/0x1e0 ? validate_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 tcp_push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_64+0x59/0x90 ? do_user_addr_fault+0x1d0/0x640 ? exit_to_user_mode_prepare+0x3b/0xd0 ? irqentry_exit_to_user_mode+0x9/0x20 ? irqentry_exit+0x43/0x50 ? exc_page_fault+0x92/0x1b0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fc03ad14a37 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007ffdf8697fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000008024 RCX: 00007fc03ad14a37 RDX: 0000000000008024 RSI: 0000556f46bd8270 RDI: 0000000000000003 RBP: 0000556f46bb1800 R08: 0000000000007fe3 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000556f46bc66b0 R14: 000000000000000a R15: 0000556f46bb2f50 </TASK> ---[ end trace 0000000000000000 ]--- Link: https://lore.kernel.org/r/8228ad34bd1a25047586270f7b1fb4ddcd046282.17064339… Signed-off-by: Leon Romanovsky <leonro(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/mlx5/wr.c | 2 +- include/linux/mlx5/qp.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/wr.c b/drivers/infiniband/hw/mlx5/wr.c index d6038fb6c50c6..19fd440a6ce38 100644 --- a/drivers/infiniband/hw/mlx5/wr.c +++ b/drivers/infiniband/hw/mlx5/wr.c @@ -128,7 +128,7 @@ static void set_eth_seg(const struct ib_send_wr *wr, struct mlx5_ib_qp *qp, */ copysz = min_t(u64, *cur_edge - (void *)eseg->inline_hdr.start, left); - memcpy(eseg->inline_hdr.start, pdata, copysz); + memcpy(eseg->inline_hdr.data, pdata, copysz); stride = ALIGN(sizeof(struct mlx5_wqe_eth_seg) - sizeof(eseg->inline_hdr.start) + copysz, 16); *size += stride / 16; diff --git a/include/linux/mlx5/qp.h b/include/linux/mlx5/qp.h index d75ef8aa8fac0..28d44061d6700 100644 --- a/include/linux/mlx5/qp.h +++ b/include/linux/mlx5/qp.h @@ -261,7 +261,10 @@ struct mlx5_wqe_eth_seg { union { struct { __be16 sz; - u8 start[2]; + union { + u8 start[2]; + DECLARE_FLEX_ARRAY(u8, data); + }; } inline_hdr; struct { __be16 type; -- 2.43.0

1 year, 6 months

1
7
0 0

[PATCH AUTOSEL 6.6 01/22] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 6 months

1
21
0 0

[PATCH AUTOSEL 6.7 01/24] soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit 6dd9a236042e305d7b69ee92db7347bf5943e7d3 ] The symbol's prompt should be a one-line description, instead of just duplicating the symbol name. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/microchip/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/microchip/Kconfig b/drivers/soc/microchip/Kconfig index eb656b33156ba..f19e74d342aa2 100644 --- a/drivers/soc/microchip/Kconfig +++ b/drivers/soc/microchip/Kconfig @@ -1,5 +1,5 @@ config POLARFIRE_SOC_SYS_CTRL - tristate "POLARFIRE_SOC_SYS_CTRL" + tristate "Microchip PolarFire SoC (MPFS) system controller support" depends on POLARFIRE_SOC_MAILBOX help This driver adds support for the PolarFire SoC (MPFS) system controller. -- 2.43.0

1 year, 6 months

1
23
0 0

[PATCH 5.15 000/245] 5.15.150-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.150 release. There are 245 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.150-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.150-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't schedule in nft_chain_validate Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix scheduling-while-atomic splat Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Shyam Prasad N <nspmangalore(a)gmail.com> cifs: fix mid leak during reconnection after timeout threshold Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Corey Minyard <minyard(a)acm.org> i2c: imx: Add timer for handling the stop condition Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: simplify route logic Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Guo Zhengkui <guozhengkui(a)vivo.com> drm/nouveau/instmem: fix uninitialized_var.cocci warning Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Introduce reset assertion/deassertion methods Serge Semin <Sergey.Semin(a)baikalelectronics.ru> ata: libahci_platform: Convert to using devm bulk clocks API Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: track port suspend state correctly in unsuccessful resume cases Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: decouple usb2 port resume and get_port_status request handling Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: clear usb2 resume related variables in one place. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: rename resume_done to resume_timestamp Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: move port specific items such as state completions to port structure Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: cleanup xhci_hub_control port references Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA Kellen Renshaw <kellen.renshaw(a)canonical.com> ACPI: resource: Add ASUS model S5402ZA to quirks Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix regulator name on rk3399-rock-4 Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support dynamic allocate bh for exfat_entry_set_cache Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: avoid baid size integer overflow Ying Hsu <yinghsu(a)chromium.org> igb: Fix igb_down hung on surprise removal Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Petr Oros <poros(a)redhat.com> devlink: report devlink_port_type_warn source device Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Address KCSAN report on bpf_lru_list Maxime Bizon <mbizon(a)freebox.fr> wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Yicong Yang <yangyicong(a)hisilicon.com> sched/fair: Don't balance task to its current running CPU Mark Rutland <mark.rutland(a)arm.com> arm64: mm: fix VA-range sanity check Youngmin Nam <youngmin.nam(a)samsung.com> arm64: set __exception_irq_entry with __irq_entry as a default Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 Hans de Goede <hdegoede(a)redhat.com> ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A David Sterba <dsterba(a)suse.com> btrfs: add xxhash to fast checksum implementations Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure timer ID search-loop limit is valid Yu Kuai <yukuai3(a)huawei.com> md/raid10: prevent soft lockup while flush writes Yu Kuai <yukuai3(a)huawei.com> md: fix data corruption for raid456 when reshape restart while grow up Zhong Jinghua <zhongjinghua(a)huawei.com> nbd: Add the maximum limit of allocated index in nbd_dev_add Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: add rescheduling points during loop detection walks Peilin Ye <peilin.ye(a)bytedance.com> net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during ATI Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - do not poll during suspend or resume Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() Paul Cercueil <paul(a)crapouillou.net> PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro Paul Cercueil <paul(a)crapouillou.net> mmc: mxc: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> mmc: jz4740: Use the new PM macros Paul Cercueil <paul(a)crapouillou.net> PM: core: Add new *_PM_OPS macros, deprecate old ones Paul Cercueil <paul(a)crapouillou.net> PM: core: Redefine pm_ptr() macro Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: Set channel state after notifying the drivers Daniel Axtens <dja(a)axtens.net> powerpc/eeh: Small refactor of eeh_handle_normal_event() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: make all exports GPL Wang Qing <wangqing(a)vivo.com> net: ethernet: ti: add missing of_node_put before return Li Jun <jun.li(a)nxp.com> dt-bindings: clocks: imx8mp: Add ID for usb suspend clock Lucas Stach <l.stach(a)pengutronix.de> clk: imx8mp: add clkout1/2 support Marek Vasut <marex(a)denx.de> clk: imx8mp: Add DISP2 pixel clock Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Remove serial_rs485 sanitization from em485 Enzo Matsumiya <ematsumiya(a)suse.de> cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() Hui Su <suhui_kernel(a)163.com> kernel/sched: Remove dl_boosted flag comment Chuansheng Liu <chuansheng.liu(a)intel.com> drm/i915/dg1: Update DMC_DEBUG3 register Byungki Lee <dominicus79(a)gmail.com> f2fs: write checkpoint during FG_GC Chao Yu <chao(a)kernel.org> f2fs: don't set GC_FAILURE_PIN for background GC Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: init iommu after amdkfd device init Stefano Garzarella <sgarzare(a)redhat.com> tools/virtio: fix build Arnaldo Carvalho de Melo <acme(a)redhat.com> perf beauty: Update copy of linux/socket.h with the kernel sources Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers UAPI: Sync linux/fscrypt.h with the kernel sources Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger Sakari Ailus <sakari.ailus(a)linux.intel.com> acpi: property: Let args be NULL in __acpi_node_get_property_reference Luke D. Jones <luke(a)ljones.dev> platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute Randy Dunlap <rdunlap(a)infradead.org> clk: linux/clk-provider.h: fix kernel-doc warnings and typos Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Correct wrong debug message Guoqing Jiang <guoqing.jiang(a)linux.dev> RDMA/siw: Balance the reference of cep->kref in the error path Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Drop nonexistent #usb-cells Magali Lemes <magali.lemes(a)canonical.com> selftests: net: vrf-xfrm-tests: change authentication and encryption algos Eli Cohen <elic(a)nvidia.com> vdpa/mlx5: Don't clear mr struct on destroy MR Randy Dunlap <rdunlap(a)infradead.org> MIPS: vpe-mt: drop physical_memsize Randy Dunlap <rdunlap(a)infradead.org> MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lpar: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/perf/hv-24x7: add missing RTAS retry status handling Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lparcfg: add missing RTAS retry status handling Chen-Yu Tsai <wenst(a)chromium.org> clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC Frederic Barrat <fbarrat(a)linux.ibm.com> powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't check penirq immediately for 7845 Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - always set last command to PWRDOWN Peng Fan <peng.fan(a)nxp.com> clk: imx: avoid memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Remove superfluous check in resume code Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't report pressure for ads7845 Alexey Khoroshilov <khoroshilov(a)ispras.ru> clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - increase interrupt handler return delay Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - configure device with a single block write Jeff LaBundy <jeff(a)labundy.com> Input: iqs269a - drop unused device node references Heiko Stuebner <heiko.stuebner(a)vrull.eu> RISC-V: fix funct4 definition for c.jalr in parse_asm.h Samuel Holland <samuel(a)sholland.org> mtd: rawnand: sunxi: Fix the size of the last OOB region Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents Li Jun <jun.li(a)nxp.com> clk: imx: imx8mp: add shared clk gate for usb suspend clk Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Peter Zijlstra <peterz(a)infradead.org> x86/ftrace: Use alternative RET encoding Peter Zijlstra <peterz(a)infradead.org> x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() Peter Zijlstra <peterz(a)infradead.org> x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/ftrace: Use alternative RET encoding" Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix lz4 inplace decompression Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Jiri Olsa <jolsa(a)kernel.org> bpf: Remove trace_printk_lock Jiri Olsa <jolsa(a)kernel.org> bpf: Do cleanup in bpf_bprintf_cleanup only when needed Jiri Olsa <jolsa(a)kernel.org> bpf: Add struct for bin_args arg in bpf_bprintf_prepare Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Merge printk and seq_printf VARARG max macros Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Documentation/ABI/testing/sysfs-platform-asus-wmi | 9 + Makefile | 4 +- arch/arm/boot/dts/bcm47189-luxul-xap-1440.dts | 1 - arch/arm/boot/dts/bcm47189-luxul-xap-810.dts | 2 - arch/arm/boot/dts/bcm53573.dtsi | 20 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 79 +- arch/arm64/include/asm/exception.h | 5 - arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/arm64/mm/mmu.c | 4 +- arch/mips/include/asm/vpe.h | 1 - arch/mips/kernel/smp-cps.c | 8 +- arch/mips/kernel/traps.c | 8 +- arch/mips/kernel/vpe-mt.c | 7 +- arch/mips/lantiq/prom.c | 6 - arch/powerpc/kernel/eeh_driver.c | 71 +- arch/powerpc/kernel/rtas.c | 24 +- arch/powerpc/perf/hv-24x7.c | 42 +- arch/powerpc/platforms/powernv/pci-ioda.c | 3 +- arch/powerpc/platforms/pseries/lpar.c | 20 +- arch/powerpc/platforms/pseries/lparcfg.c | 20 +- arch/riscv/include/asm/parse_asm.h | 2 +- arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/include/asm/text-patching.h | 46 +- arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/fpu/signal.c | 12 +- arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/paravirt.c | 23 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- drivers/acpi/button.c | 9 + drivers/acpi/property.c | 4 + drivers/acpi/resource.c | 35 + drivers/acpi/video_detect.c | 34 + drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 6 +- drivers/ata/ahci_ceva.c | 125 +- drivers/ata/ahci_da850.c | 45 +- drivers/ata/ahci_dm816.c | 4 +- drivers/ata/libahci_platform.c | 135 +- drivers/block/nbd.c | 3 +- drivers/block/virtio_blk.c | 7 +- drivers/clk/clk.c | 11 + drivers/clk/imx/clk-imx8mp.c | 23 +- drivers/clk/imx/clk.c | 3 +- drivers/clk/qcom/gcc-qcs404.c | 24 +- drivers/clk/qcom/gpucc-sc7180.c | 7 +- drivers/clk/qcom/gpucc-sdm845.c | 7 +- drivers/clk/renesas/renesas-cpg-mssr.c | 8 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 6 +- .../gpu/drm/i915/display/intel_display_debugfs.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 2 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hwmon/coretemp.c | 2 +- drivers/i2c/busses/i2c-imx.c | 97 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/sw/siw/siw_cm.c | 1 - drivers/infiniband/sw/siw/siw_verbs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs269a.c | 335 ++-- drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/ads7846.c | 23 +- drivers/md/dm-crypt.c | 6 + drivers/md/md.c | 14 +- drivers/md/raid10.c | 2 + drivers/mmc/host/jz4740_mmc.c | 10 +- drivers/mmc/host/mxcmmc.c | 6 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 29 +- drivers/net/gtp.c | 10 +- drivers/net/wireless/ath/ath11k/mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 131 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi.c | 2 +- drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/pwm-regulator.c | 3 + drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/mediatek/mtk-pm-domains.c | 15 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/tty/serial/8250/8250_port.c | 18 +- drivers/tty/serial/amba-pl011.c | 60 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/host/xhci-hub.c | 228 +-- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 13 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/roles/class.c | 29 +- drivers/vdpa/mlx5/core/mr.c | 1 - drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/disk-io.c | 3 + fs/cifs/connect.c | 19 +- fs/cifs/smb2file.c | 1 - fs/cifs/smb2ops.c | 54 +- fs/cifs/smb2pdu.c | 115 +- fs/cifs/smb2proto.h | 16 +- fs/erofs/decompressor.c | 34 +- fs/exfat/dir.c | 15 + fs/exfat/exfat_fs.h | 5 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 70 +- fs/f2fs/gc.c | 39 +- fs/ksmbd/smb2pdu.c | 8 +- fs/ntfs3/attrib.c | 20 +- fs/ntfs3/attrlist.c | 8 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 2 + fs/ntfs3/fslog.c | 14 +- fs/ntfs3/fsntfs.c | 24 + fs/ntfs3/inode.c | 2 +- fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 14 +- fs/ntfs3/record.c | 16 +- fs/ntfs3/xattr.c | 3 + fs/zonefs/super.c | 68 +- include/dt-bindings/clock/imx8mp-clock.h | 10 +- include/linux/ahci_platform.h | 5 +- include/linux/bpf.h | 14 +- include/linux/clk-provider.h | 15 +- include/linux/fs.h | 2 + include/linux/pm.h | 80 +- include/linux/sched.h | 4 - include/linux/sched/signal.h | 2 +- include/linux/socket.h | 5 +- include/net/netfilter/nf_flow_table.h | 4 +- include/net/tcp.h | 2 +- kernel/bpf/bpf_lru_list.c | 21 +- kernel/bpf/bpf_lru_list.h | 7 +- kernel/bpf/helpers.c | 76 +- kernel/bpf/verifier.c | 3 +- kernel/sched/fair.c | 2 +- kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + kernel/time/posix-timers.c | 31 +- kernel/trace/bpf_trace.c | 39 +- lib/debugobjects.c | 9 + mm/userfaultfd.c | 14 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/devlink.c | 5 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/mlme.c | 1 + net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mptcp/diag.c | 6 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 41 +- net/netfilter/nf_tables_api.c | 3 + net/netfilter/nft_flow_offload.c | 14 +- net/packet/af_packet.c | 12 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_api.c | 20 +- net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1817 -------------------- net/sched/sch_dsmark.c | 522 ------ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + net/wireless/wext-core.c | 6 + scripts/bpf_doc.py | 2 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + tools/include/uapi/linux/fscrypt.h | 3 +- tools/perf/trace/beauty/include/linux/socket.h | 2 + tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +- tools/virtio/linux/kernel.h | 2 +- tools/virtio/linux/vringh.h | 1 + 218 files changed, 2296 insertions(+), 4619 deletions(-)

1 year, 6 months

12
261
0 0

[PATCH] block: Remove special-casing of compound pages

by Matthew Wilcox (Oracle)

The special casing was originally added in pre-git history; reproducing the commit log here: > commit a318a92567d77 > Author: Andrew Morton <akpm(a)osdl.org> > Date: Sun Sep 21 01:42:22 2003 -0700 > > [PATCH] Speed up direct-io hugetlbpage handling > > This patch short-circuits all the direct-io page dirtying logic for > higher-order pages. Without this, we pointlessly bounce BIOs up to > keventd all the time. In the last twenty years, compound pages have become used for more than just hugetlb. Rewrite these functions to operate on folios instead of pages and remove the special case for hugetlbfs; I don't think it's needed any more (and if it is, we can put it back in as a call to folio_test_hugetlb()). This was found by inspection; as far as I can tell, this bug can lead to pages used as the destination of a direct I/O read not being marked as dirty. If those pages are then reclaimed by the MM without being dirtied for some other reason, they won't be written out. Then when they're faulted back in, they will not contain the data they should. It'll take a pretty unusual setup to produce this problem with several races all going the wrong way. This problem predates the folio work; it could for example have been triggered by mmaping a THP in tmpfs and using that as the target of an O_DIRECT read. Fixes: 800d8c63b2e98 ("shmem: add huge pages support") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- block/bio.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/block/bio.c b/block/bio.c index 8672179213b9..f46d8ec71fbd 100644 --- a/block/bio.c +++ b/block/bio.c @@ -1171,13 +1171,22 @@ EXPORT_SYMBOL(bio_add_folio); void __bio_release_pages(struct bio *bio, bool mark_dirty) { - struct bvec_iter_all iter_all; - struct bio_vec *bvec; + struct folio_iter fi; + + bio_for_each_folio_all(fi, bio) { + struct page *page; + size_t done = 0; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (mark_dirty && !PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); - bio_release_page(bio, bvec->bv_page); + if (mark_dirty) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); + } + page = folio_page(fi.folio, fi.offset / PAGE_SIZE); + do { + bio_release_page(bio, page++); + done += PAGE_SIZE; + } while (done < fi.length); } } EXPORT_SYMBOL_GPL(__bio_release_pages); @@ -1455,18 +1464,12 @@ EXPORT_SYMBOL(bio_free_pages); * bio_set_pages_dirty() and bio_check_pages_dirty() are support functions * for performing direct-IO in BIOs. * - * The problem is that we cannot run set_page_dirty() from interrupt context + * The problem is that we cannot run folio_mark_dirty() from interrupt context * because the required locks are not interrupt-safe. So what we can do is to * mark the pages dirty _before_ performing IO. And in interrupt context, * check that the pages are still dirty. If so, fine. If not, redirty them * in process context. * - * We special-case compound pages here: normally this means reads into hugetlb - * pages. The logic in here doesn't really work right for compound pages - * because the VM does not uniformly chase down the head page in all cases. - * But dirtiness of compound pages is pretty meaningless anyway: the VM doesn't - * handle them at all. So we skip compound pages here at an early stage. - * * Note that this code is very hard to test under normal circumstances because * direct-io pins the pages with get_user_pages(). This makes * is_page_cache_freeable return false, and the VM will not clean the pages. @@ -1482,12 +1485,12 @@ EXPORT_SYMBOL(bio_free_pages); */ void bio_set_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; - struct bvec_iter_all iter_all; + struct folio_iter fi; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageCompound(bvec->bv_page)) - set_page_dirty_lock(bvec->bv_page); + bio_for_each_folio_all(fi, bio) { + folio_lock(fi.folio); + folio_mark_dirty(fi.folio); + folio_unlock(fi.folio); } } @@ -1530,12 +1533,11 @@ static void bio_dirty_fn(struct work_struct *work) void bio_check_pages_dirty(struct bio *bio) { - struct bio_vec *bvec; + struct folio_iter fi; unsigned long flags; - struct bvec_iter_all iter_all; - bio_for_each_segment_all(bvec, bio, iter_all) { - if (!PageDirty(bvec->bv_page) && !PageCompound(bvec->bv_page)) + bio_for_each_folio_all(fi, bio) { + if (!folio_test_dirty(fi.folio)) goto defer; } -- 2.40.1

1 year, 6 months

7
10
0 0

[PATCH v2] cpufreq: Limit resolving a frequency to policy min/max

by Shivnandan Kumar

Resolving a frequency to an efficient one should not transgress policy->max (which can be set for thermal reason) and policy->min. Currently there is possibility where scaling_cur_freq can exceed scaling_max_freq when scaling_max_freq is inefficient frequency. Add additional check to ensure that resolving a frequency will respect policy->min/max. Cc: <stable(a)vger.kernel.org> Fixes: 1f39fa0dccff ("cpufreq: Introducing CPUFREQ_RELATION_E") Signed-off-by: Shivnandan Kumar <quic_kshivnan(a)quicinc.com> -- Changes in v2: -rename function name from cpufreq_table_index_is_in_limits to cpufreq_is_in_limits -remove redundant outer parenthesis in return statement -Make comment single line -- --- include/linux/cpufreq.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h index afda5f24d3dd..7741244dee6e 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h @@ -1021,6 +1021,19 @@ static inline int cpufreq_table_find_index_c(struct cpufreq_policy *policy, efficiencies); } +static inline bool cpufreq_is_in_limits(struct cpufreq_policy *policy, + int idx) +{ + unsigned int freq; + + if (idx < 0) + return false; + + freq = policy->freq_table[idx].frequency; + + return freq == clamp_val(freq, policy->min, policy->max); +} + static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, unsigned int target_freq, unsigned int relation) @@ -1054,7 +1067,8 @@ static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy, return 0; } - if (idx < 0 && efficiencies) { + /* Limit frequency index to honor policy->min/max */ + if (!cpufreq_is_in_limits(policy, idx) && efficiencies) { efficiencies = false; goto retry; } -- 2.25.1

1 year, 6 months

2
1
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

2
2
0 0

[PATCH AUTOSEL 6.6 01/21] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index f96f821a7b50d..acc559652d6eb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 6 months

4
24
0 0

Re: [PATCH net] gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

by Pablo Neira Ayuso

On Thu, Feb 29, 2024 at 11:37:28AM +0300, Vasiliy Kovalev wrote: [...] > This patch fixes another problem, but a similar one, since the sequence is > incorrect when registering subsystems. > > Initially, the registration sequence in the gtp module was as follows: > > 1) rtnl_link_register(); > > 2) genl_register_family(); > > 3) register_pernet_subsys(); > > During debugging of the module, when starting the syzkaller reproducer, it > turned out that after genl_register_family() (2), > > without waiting for register_pernet_subsys()(3), the /.dumpit/ event is > triggered, in which the data of the unregistered pernet subsystem is > accessed. > > That is, the bug was fixed by the commit > > 136cfaca2256 ("gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()")[1] > > and the registration sequence became as follows: > > 1) rtnl_link_register(); > > 2) register_pernet_subsys(); > > 3) genl_register_family(); > > However, syzkaller has discovered another problem: > > after registering rtnl_link_register, the .newlink event is triggered, in > which the data of the unregistered pernet subsystem is accessed. > > This problem is reproducible on current stable kernels and the latest > upstream kernel 6.8-rc6, in which the patch 136cfaca2256 [1] is applied. > > Therefore, the correct sequence should be as follows: > > 1)register_pernet_subsys(); > > 2) rtnl_link_register(); > > 3) genl_register_family(); > > The proposed patch is developed on top of the commit changes [1], does not > conflict with it and fixes the described bug. > > [1] https://lore.kernel.org/lkml/20240220160434.29bcaf43@kernel.org/T/#mb1f72c2… Thanks for explaining, fix LGTM.

1 year, 6 months

1
0
0 0

[PATCH rc 0/3] iommufd: Fix three bugs found by Syzkaller

by Nicolin Chen

Jason has been running Syzkaller that found three bugs. Fix them properly. Nicolin Chen (3): iommufd: Fix iopt_access_list_id overwrite bug iommufd/selftest: Fix mock_dev_num bug iommufd: Fix protection fault in iommufd_test_syz_conv_iova drivers/iommu/iommufd/io_pagetable.c | 9 ++++--- drivers/iommu/iommufd/selftest.c | 40 +++++++++++++++++++++------- 2 files changed, 36 insertions(+), 13 deletions(-) -- 2.43.0

1 year, 6 months

3
6
0 0

[PATCH AUTOSEL 4.19 1/3] ASoC: rt5645: Make LattePanda board DMI match more precise

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 551539a8606e28cb2a130f8ef3e9834235b456c4 ] The DMI strings used for the LattePanda board DMI quirks are very generic. Using the dmidecode database from https://linux-hardware.org/ shows that the chosen DMI strings also match the following 2 laptops which also have a rt5645 codec: Insignia NS-P11W7100 https://linux-hardware.org/?computer=E092FFF8BA04 Insignia NS-P10W8100 https://linux-hardware.org/?computer=AFB6C0BF7934 All 4 hw revisions of the LattePanda board have "S70CR" in their BIOS version DMI strings: DF-BI-7-S70CR100-* DF-BI-7-S70CR110-* DF-BI-7-S70CR200-* LP-BS-7-S70CR700-* See e.g. https://linux-hardware.org/?computer=D98250A817C0 Add a partial (non exact) DMI match on this string to make the LattePanda board DMI match more precise to avoid false-positive matches. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240211212736.179605-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 37ad3bee66a47..352aefddc7d70 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -3796,6 +3796,16 @@ static const struct dmi_system_id dmi_platform_data[] = { DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"), DMI_EXACT_MATCH(DMI_BOARD_NAME, "Cherry Trail CR"), DMI_EXACT_MATCH(DMI_BOARD_VERSION, "Default string"), + /* + * Above strings are too generic, LattePanda BIOS versions for + * all 4 hw revisions are: + * DF-BI-7-S70CR100-* + * DF-BI-7-S70CR110-* + * DF-BI-7-S70CR200-* + * LP-BS-7-S70CR700-* + * Do a partial match for S70CR to avoid false positive matches. + */ + DMI_MATCH(DMI_BIOS_VERSION, "S70CR"), }, .driver_data = (void *)&lattepanda_board_platform_data, }, -- 2.43.0

1 year, 6 months

1
2
0 0

[PATCH AUTOSEL 5.4 1/5] selftests: tls: use exact comparison in recv_partial

by Sasha Levin

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 49d821064c44cb5ffdf272905236012ea9ce50e3 ] This exact case was fail for async crypto and we weren't catching it. Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 837206dbe5d6e..81bb3cc6704f8 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -580,12 +580,12 @@ TEST_F(tls, recv_partial) memset(recv_mem, 0, sizeof(recv_mem)); EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), + MSG_WAITALL), strlen(test_str_first)); EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); memset(recv_mem, 0, sizeof(recv_mem)); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), + MSG_WAITALL), strlen(test_str_second)); EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 0); } -- 2.43.0

1 year, 6 months

1
4
0 0

[PATCH AUTOSEL 5.15 1/7] btrfs: add and use helper to check if block group is used

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit 1693d5442c458ae8d5b0d58463b873cd879569ed ] Add a helper function to determine if a block group is being used and make use of it at btrfs_delete_unused_bgs(). This helper will also be used in future code changes. Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/block-group.c | 3 +-- fs/btrfs/block-group.h | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 4ca6828586af5..a2bac7196d18b 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1330,8 +1330,7 @@ void btrfs_delete_unused_bgs(struct btrfs_fs_info *fs_info) } spin_lock(&block_group->lock); - if (block_group->reserved || block_group->pinned || - block_group->used || block_group->ro || + if (btrfs_is_block_group_used(block_group) || block_group->ro || list_is_singular(&block_group->list)) { /* * We want to bail if we made new allocations or have diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index a15868d607a92..f042c1c85a255 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -211,6 +211,13 @@ static inline u64 btrfs_block_group_end(struct btrfs_block_group *block_group) return (block_group->start + block_group->length); } +static inline bool btrfs_is_block_group_used(const struct btrfs_block_group *bg) +{ + lockdep_assert_held(&bg->lock); + + return (bg->used > 0 || bg->reserved > 0 || bg->pinned > 0); +} + static inline bool btrfs_is_block_group_data_only( struct btrfs_block_group *block_group) { -- 2.43.0

1 year, 6 months

1
6
0 0

[PATCH AUTOSEL 6.1 01/12] media: Revert "media: rkisp1: Drop IRQF_SHARED"

by Sasha Levin

From: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> [ Upstream commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d ] This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. The rkisp1 does share interrupt lines on some platforms, after all. Thus we need to revert this, and implement a fix for the rkisp1 shared irq handling in a follow-up patch. Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideaso… Reported-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c index aeb6bb63667eb..41abb18b00acb 100644 --- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c @@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_device *pdev) rkisp1->irqs[il] = irq; } - ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, + ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, dev_driver_string(dev), dev); if (ret) { dev_err(dev, "request irq failed: %d\n", ret); -- 2.43.0

1 year, 6 months

1
11
0 0

[PATCH] debugfs: fix wait/cancellation handling during remove

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns out that despite all the review on the locking, we missed completely that the logic is wrong: if the refcount hits zero we can finish (and need not wait for the completion), but if it doesn't we have to trigger all the cancellations. As written, we can _never_ get into the loop triggering the cancellations. Fix this, and explain it better while at it. Cc: stable(a)vger.kernel.org Fixes: 8c88a474357e ("debugfs: add API to allow debugfs operations cancellation") Reported-by: Ben Greear <greearb(a)candelatech.com> Closes: https://lore.kernel.org/r/1c9fa9e5-09f1-0522-fdbc-dbcef4d255ca@candelatech.… Tested-by: Madhan Sai <madhan.singaraju(a)candelatech.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- fs/debugfs/inode.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 034a617cb1a5..a40da0065433 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -751,13 +751,28 @@ static void __debugfs_file_removed(struct dentry *dentry) if ((unsigned long)fsd & DEBUGFS_FSDATA_IS_REAL_FOPS_BIT) return; - /* if we hit zero, just wait for all to finish */ - if (!refcount_dec_and_test(&fsd->active_users)) { - wait_for_completion(&fsd->active_users_drained); + /* if this was the last reference, we're done */ + if (refcount_dec_and_test(&fsd->active_users)) return; - } - /* if we didn't hit zero, try to cancel any we can */ + /* + * If there's still a reference, the code that obtained it can + * be in different states: + * - The common case of not using cancellations, or already + * after debugfs_leave_cancellation(), where we just need + * to wait for debugfs_file_put() which signals the completion; + * - inside a cancellation section, i.e. between + * debugfs_enter_cancellation() and debugfs_leave_cancellation(), + * in which case we need to trigger the ->cancel() function, + * and then wait for debugfs_file_put() just like in the + * previous case; + * - before debugfs_enter_cancellation() (but obviously after + * debugfs_file_get()), in which case we may not see the + * cancellation in the list on the first round of the loop, + * but debugfs_enter_cancellation() signals the completion + * after adding it, so this code gets woken up to call the + * ->cancel() function. + */ while (refcount_read(&fsd->active_users)) { struct debugfs_cancellation *c; -- 2.43.2

1 year, 6 months

1
0
0 0

[v2] usb: xhci: Add error handling in xhci_map_urb_for_dma

by Prashanth K

Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- v2: Updated -EAGAIN to -ENOMEM drivers/usb/host/xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index c057c42c36f4..35e9efdee3b2 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1217,6 +1217,8 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb) temp = kzalloc_node(buf_len, GFP_ATOMIC, dev_to_node(hcd->self.sysdev)); + if (!temp) + return -ENOMEM; if (usb_urb_dir_out(urb)) sg_pcopy_to_buffer(urb->sg, urb->num_sgs, -- 2.25.1

1 year, 6 months

2
1
0 0

[PATCH 9/9] usb: xhci: Add error handling in xhci_map_urb_for_dma

by Mathias Nyman

From: Prashanth K <quic_prashk(a)quicinc.com> Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 5d70e0176527..8579603edaff 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1219,6 +1219,8 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb) temp = kzalloc_node(buf_len, GFP_ATOMIC, dev_to_node(hcd->self.sysdev)); + if (!temp) + return -ENOMEM; if (usb_urb_dir_out(urb)) sg_pcopy_to_buffer(urb->sg, urb->num_sgs, -- 2.25.1

1 year, 6 months

1
0
0 0

[PATCH v3 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..80d9430856a8 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + drain_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 6 months

3
6
0 0

[PATCH net] gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

by Alexander Ofitserov

The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [ 1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [ 1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ? arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ? mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ? __rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ? lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196] netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ? netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233] netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ? __check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ? netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ? netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290] ____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ? drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map_type+0x2c7/0x860 [ 1010.716343] ? lockdep_hardirqs_on_prepare+0x430/0x430 [ 1010.716350] ? debug_mutex_init+0x33/0x70 [ 1010.716360] ? percpu_counter_add_batch+0x8b/0x140 [ 1010.716367] ? lock_acquire+0x1fe/0x560 [ 1010.716373] ? find_held_lock+0x2c/0x110 [ 1010.716384] ? __fd_install+0x1b6/0x6f0 [ 1010.716389] ? lock_downgrade+0x810/0x810 [ 1010.716396] ? __fget_light+0x222/0x290 [ 1010.716403] __sys_sendmsg+0xea/0x1b0 [ 1010.716409] ? __sys_sendmsg_sock+0x40/0x40 [ 1010.716419] ? lockdep_hardirqs_on_prepare+0x2b3/0x430 [ 1010.716425] ? syscall_enter_from_user_mode+0x1d/0x60 [ 1010.716432] do_syscall_64+0x30/0x40 [ 1010.716438] entry_SYSCALL_64_after_hwframe+0x62/0xc7 [ 1010.716444] RIP: 0033:0x7fd1508cbd49 [ 1010.716452] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ef 70 0d 00 f7 d8 64 89 01 48 [ 1010.716456] RSP: 002b:00007fff18872348 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 1010.716463] RAX: ffffffffffffffda RBX: 000055f72bf0eac0 RCX: 00007fd1508cbd49 [ 1010.716468] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000006 [ 1010.716473] RBP: 00007fff18872360 R08: 00007fff18872360 R09: 00007fff18872360 [ 1010.716478] R10: 00007fff18872360 R11: 0000000000000202 R12: 000055f72bf0e1b0 [ 1010.716482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1010.716491] Modules linked in: gtp(+) udp_tunnel ib_core uinput af_packet rfkill qrtr joydev hid_generic usbhid hid kvm_intel iTCO_wdt intel_pmc_bxt iTCO_vendor_support kvm snd_hda_codec_generic ledtrig_audio irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel nls_utf8 snd_intel_dspcfg nls_cp866 psmouse aesni_intel vfat crypto_simd fat cryptd glue_helper snd_hda_codec pcspkr snd_hda_core i2c_i801 snd_hwdep i2c_smbus xhci_pci snd_pcm lpc_ich xhci_pci_renesas xhci_hcd qemu_fw_cfg tiny_power_button button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_dma_buf drm_kms_helper cec rc_core drm virtio_rng virtio_scsi rng_core virtio_balloon virtio_blk virtio_net virtio_console net_failover failover ahci libahci libata evdev scsi_mod input_leds serio_raw virtio_pci intel_agp [ 1010.716674] virtio_ring intel_gtt virtio [last unloaded: gtp] [ 1010.716693] ---[ end trace 04990a4ce61e174b ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") --- drivers/net/gtp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index 2129ae42c7030..0ddec4cc84093 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -1903,26 +1903,26 @@ static int __init gtp_init(void) get_random_bytes(&gtp_h_initval, sizeof(gtp_h_initval)); - err = rtnl_link_register(&gtp_link_ops); + err = register_pernet_subsys(&gtp_net_ops); if (err < 0) goto error_out; - err = register_pernet_subsys(&gtp_net_ops); + err = rtnl_link_register(&gtp_link_ops); if (err < 0) - goto unreg_rtnl_link; + goto unreg_pernet_subsys; err = genl_register_family(&gtp_genl_family); if (err < 0) - goto unreg_pernet_subsys; + goto unreg_rtnl_link; pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", sizeof(struct pdp_ctx)); return 0; -unreg_pernet_subsys: - unregister_pernet_subsys(&gtp_net_ops); unreg_rtnl_link: rtnl_link_unregister(&gtp_link_ops); +unreg_pernet_subsys: + unregister_pernet_subsys(&gtp_net_ops); error_out: pr_err("error loading GTP module loaded\n"); return err; -- 2.42.1

1 year, 6 months

5
4
0 0

[PATCH 5.4 00/84] 5.4.270-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.270 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.270-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.270-rc1 Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: Fix xdp_md forward declaration typo Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Christian König <christian.koenig(a)amd.com> drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Jakub Kicinski <kuba(a)kernel.org> tls: rx: drop pointless else after goto Jakub Kicinski <kuba(a)kernel.org> tls: rx: jump to a more appropriate label Jason Gunthorpe <jgg(a)nvidia.com> s390: use the correct count for __iowrite64_copy() Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make debug output more detailed Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: tegra: Fix OF node reference leak Pali Rohár <pali(a)kernel.org> PCI: tegra: Fix reporting GPIO error value Sireesh Kodali <sireeshkodali1(a)gmail.com> arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Fix type of second parameter in trans_msg() callback Matthew Wilcox (Oracle) <willy(a)infradead.org> iomap: Set all uptodate bits for an Uptodate page Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/alternatives: Disable KASAN in apply_alternatives() Trek <trek00(a)inbox.ru> drm/amdgpu: Check for valid number of registers to read Icenowy Zheng <icenowy(a)aosc.io> Revert "drm/sun4i: dsi: Change the start delay calculation" Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Enable micmute LED on and HP system Björn Töpel <bjorn.topel(a)gmail.com> selftests/bpf: Avoid running unprivileged tests with alignment requirements Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: clear bridge's private skb space on xmit Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: mt7621: Fix an error message in mt7621_spi_probe() John Stultz <john.stultz(a)linaro.org> driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Miaoqian Lin <linmq006(a)gmail.com> pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Lee Jones <lee.jones(a)linaro.org> pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Eric Dumazet <edumazet(a)google.com> tcp: add annotations around sk->sk_shutdown accesses Soheil Hassas Yeganeh <soheil(a)google.com> tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Paolo Abeni <pabeni(a)redhat.com> tcp: factor out __tcp_close() helper Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests GONG, Ruiqi <gongruiqi1(a)huawei.com> memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/s390/pci/pci.c | 2 +- arch/x86/kernel/alternative.c | 13 + drivers/ata/ahci.c | 34 +- drivers/ata/ahci.h | 1 + drivers/base/dd.c | 9 + drivers/block/virtio_blk.c | 7 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/firewire/core-card.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 5 +- drivers/gpu/drm/drm_syncobj.c | 16 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 18 +- drivers/md/dm-crypt.c | 6 + drivers/md/dm-integrity.c | 11 +- drivers/net/gtp.c | 10 +- drivers/nvme/target/fc.c | 8 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/pci-tegra.c | 17 +- drivers/pci/msi.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 23 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-mt7621.c | 8 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/usb/cdns3/gadget.c | 8 +- drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 12 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/ext4/mballoc.c | 13 +- fs/iomap/buffered-io.c | 3 + fs/nilfs2/dat.c | 27 +- include/linux/fs.h | 2 + include/linux/lockdep.h | 5 + include/net/tcp.h | 1 + kernel/sched/rt.c | 10 +- kernel/sysctl.c | 4 + mm/memcontrol.c | 6 + mm/userfaultfd.c | 14 +- net/bridge/br_device.c | 2 + net/ipv4/af_inet.c | 2 +- net/ipv4/devinet.c | 21 +- net/ipv4/tcp.c | 27 +- net/ipv4/tcp_input.c | 4 +- net/ipv6/addrconf.c | 21 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_tables_api.c | 1 + net/packet/af_packet.c | 4 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 710 -------- net/sched/sch_cbq.c | 1818 --------------------- net/sched/sch_dsmark.c | 523 ------ net/tls/tls_sw.c | 12 +- net/wireless/nl80211.c | 1 + scripts/bpf_helpers_doc.py | 157 +- sound/pci/hda/patch_realtek.c | 6 +- sound/soc/sunxi/sun4i-spdif.c | 5 + tools/testing/selftests/bpf/test_verifier.c | 13 + virt/kvm/arm/vgic/vgic-its.c | 5 + 80 files changed, 572 insertions(+), 3255 deletions(-)

1 year, 6 months

8
92
0 0

[PATCH 6.6 000/299] 6.6.19-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.19 release. There are 299 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.19-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.19-rc1 Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Szuying Chen <chensiying21(a)gmail.com> ata: ahci: add identifiers for ASM2116 series adapters Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: userspace pm send RM_ADDR for ID 0 Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_get_counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2) Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Chengming Zhou <zhouchengming(a)bytedance.com> mm/zswap: invalidate duplicate entry when !zswap_enabled Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 1) Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/iommu: fix the config fragment Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jianbo Liu <jianbol(a)nvidia.com> net/sched: flower: Add lock protection when remove filter handle Jiri Pirko <jiri(a)resnulli.us> devlink: fix port dump cmd type Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't leak mcast_groups on init error Jakub Kicinski <kuba(a)kernel.org> tools: ynl: make sure we always pass yarg to mnl_cb_run Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to temperature configuration registers Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Alex Elder <elder(a)linaro.org> net: ipa: don't overrun IPA suspend interrupt registers Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Maxime Ripard <mripard(a)kernel.org> drm/i915/tv: Fix TV mode Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Vasiliy Kovalev <kovalev(a)altlinux.org> devlink: fix possible use-after-free and memory leaks in devlink_init() Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Guenter Roeck <linux(a)roeck-us.net> parisc: Fix stack unwinder Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: set active slave to primary eth1 specifically Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Sanity check is off by one Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmasp: Indicate MAC is in charge of PHY PM Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: use the backlog for mirred ingress Victor Nogueira <victor(a)mojatatu.com> net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xsk: Add truesize to skb_add_rx_frag(). Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Lucas Stach <l.stach(a)pengutronix.de> bus: imx-weim: fix valid range check Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: tqma8mpql: fix audio codec iov-supply Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Martynas Pumputis <m(a)lambda.lt> bpf: Derive source IP addr via bpf_*_fib_lookup() Dan Carpenter <dan.carpenter(a)linaro.org> xen/events: fix error code in xen_bind_pirq_msi_to_irq() Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Avoid enum conversion warning Steve French <stfrench(a)microsoft.com> smb3: add missing null server pointer check Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'cestab' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'in use' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: fix bash warnings on older kernels Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: diag: check CURRESTAB counters Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: avoid error msg on older kernels Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: also list skipped tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: simult flows: fix some subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: userspace_pm: unique subtest names Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Aaro Koskinen <aaro.koskinen(a)iki.fi> usb: gadget: omap_udc: fix USB gadget regression on Palm TE Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled Ondrej Jirman <megi(a)xff.cz> Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated Chen Jun <chenjun102(a)huawei.com> irqchip/mbigen: Don't use bus_get_dev_root() to find the parent zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Don't enable any tiles by default on VPU40xx Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Javier Martinez Canillas <javierm(a)redhat.com> sparc: Fix undefined reference to fb_is_primary_device Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Terry Tritton <terry.tritton(a)linaro.org> selftests/mm: uffd-unit-test check if huge page size is 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Fix load failures due to single window creation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Guenter Roeck <linux(a)roeck-us.net> lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: adjust few initialization order in dm Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Qu Wenruo <wqu(a)suse.com> btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Call early_init_fdt_scan_reserved_mem() earlier Jonathan Corbet <corbet(a)lwn.net> docs: Instruct LaTeX to cope with deeper nesting Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Juergen Gross <jgross(a)suse.com> xen/events: modify internal [un]bind interfaces Juergen Gross <jgross(a)suse.com> xen/events: drop xen_allocate_irqs_dynamic() Juergen Gross <jgross(a)suse.com> xen/events: remove some simple helpers from events_base.c Juergen Gross <jgross(a)suse.com> xen/events: reduce externally visible helper functions Viresh Kumar <viresh.kumar(a)linaro.org> xen: evtchn: Allow shared registration of IRQ handers Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Peichen Huang <peichen.huang(a)amd.com> drm/amd/display: Request usb4 bw for mst streams Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Add dpia display mode validation logic Paolo Abeni <pabeni(a)redhat.com> mptcp: corner case locking for rx path fields initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: fix more tx path fields initialization Geliang Tang <geliang.tang(a)linux.dev> mptcp: use mptcp_set_state Geliang Tang <geliang.tang(a)linux.dev> mptcp: add CurrEstab MIB counter support Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle cases where multiple sessions share connection Shyam Prasad N <sprasad(a)microsoft.com> cifs: change tcon status when need_reconnect is set on it Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix shared buff copy to user Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Xiubo Li <xiubli(a)redhat.com> libceph: fail sparse-read if the data length doesn't match Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Krystian Pradzynski <krystian.pradzynski(a)intel.com> accel/ivpu/40xx: Stop passing SKU boot parameters to FW Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Disable d3hot_delay on all NPU generations Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Force snooping for MMU writes Kees Cook <keescook(a)chromium.org> LoongArch: vDSO: Disable UBSAN instrumentation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: do not announce EPCS support Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fixed overflow check in mi_enum_attr() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use i_size_read and i_size_write Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use kvfree to free memory allocated by kvmalloc Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: ntfs3_forced_shutdown use int instead of bool Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Implement super_operations::shutdown Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Drop suid and sgid bits as a part of fpunch Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add file_modified Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix multithreaded stress test Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Reduce stack usage Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve alternative boot processing Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not search for channel if server is terminating Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure that channel scaling is done only once Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Use correct drm device for cgroup permission check Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator (max5970): Fix IRQ handler Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Kunwu Chan <chentao(a)kylinos.cn> HID: nvidia-shield: Add missing null pointer checks to LED initialization Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Replace numeric device IDs with constant values Jiri Kosina <jkosina(a)suse.com> HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Add check for cpu dai link initialization Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lukas Wunner <lukas(a)wunner.de> ARM: dts: Fix TPM schema violations Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Charles Keepax <ckeepax(a)opensource.cirrus.com> spi: cs42l43: Handle error from devm_pm_runtime_enable Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: helper function to check replayable error codes Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_pick_channel should try selecting active channels Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel-pci: Add support for Arrow Lake SPI serial flash Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: dw-edma: increase size of 'name' in debugfs code Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in mm tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in vector tests Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: Fix logical volume rescan race condition David Strahan <david.strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us ------------- Diffstat: Documentation/conf.py | 6 + Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 +- .../dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 +- arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 +- .../dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 +- .../arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 +- .../boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 +- .../dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 +- arch/arm/mach-ep93xx/core.c | 1 + .../dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- .../dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 +- arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 +- arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 16 + arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +- arch/loongarch/include/asm/acpi.h | 4 +- arch/loongarch/kernel/acpi.c | 4 +- arch/loongarch/kernel/setup.c | 4 +- arch/loongarch/kernel/smp.c | 122 +++--- arch/loongarch/vdso/Makefile | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/parisc/kernel/unwind.c | 14 +- arch/powerpc/include/asm/ppc-pci.h | 10 + arch/powerpc/kernel/iommu.c | 23 +- arch/powerpc/platforms/pseries/pci_dlpar.c | 4 + arch/s390/pci/pci.c | 2 +- arch/sparc/Makefile | 2 +- arch/sparc/video/Makefile | 2 +- arch/x86/entry/entry.S | 23 ++ arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/nospec-branch.h | 13 + arch/x86/mm/numa.c | 21 +- block/blk-map.c | 13 +- drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 2 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 9 +- drivers/accel/ivpu/ivpu_mmu.c | 3 - drivers/ata/ahci.c | 49 ++- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 +++--- drivers/ata/libata-core.c | 4 + drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- drivers/bus/imx-weim.c | 2 +- drivers/cache/ax45mp_cache.c | 4 + .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/acpi.c | 46 ++- drivers/cxl/core/pci.c | 6 +- drivers/dma/apple-admac.c | 5 +- drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 +- drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 ++ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 38 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 +- drivers/gpu/drm/amd/display/dc/dc.h | 4 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 + drivers/gpu/drm/amd/display/dc/dc_types.h | 14 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 +- .../gpu/drm/amd/display/dc/link/link_validation.c | 60 ++- .../display/dc/link/protocols/link_dp_dpia_bw.c | 178 ++++++--- .../display/dc/link/protocols/link_dp_dpia_bw.h | 9 + drivers/gpu/drm/drm_syncobj.c | 19 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 10 +- drivers/gpu/drm/i915/display/intel_tv.c | 10 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-nvidia-shield.c | 4 + drivers/hwmon/coretemp.c | 2 +- drivers/hwmon/nct6775-core.c | 14 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/mlx5/cong.c | 6 + drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-mbigen.c | 8 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 ++++- drivers/md/dm-integrity.c | 91 ++++- drivers/md/dm-verity-target.c | 86 ++++- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 6 +- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/gtp.c | 10 +- drivers/net/ipa/ipa_interrupt.c | 2 +- drivers/net/phy/realtek.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 +- drivers/nvme/host/fc.c | 47 +-- drivers/nvme/target/fc.c | 131 ++++--- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++++ drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/max5970-regulator.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/sd.c | 26 +- drivers/scsi/smartpqi/smartpqi.h | 1 - drivers/scsi/smartpqi/smartpqi_init.c | 88 ++++- drivers/spi/spi-cs42l43.c | 5 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-intel-pci.c | 1 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +-- drivers/tty/serial/stm32-usart.c | 4 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/gadget/udc/omap_udc.c | 3 +- drivers/usb/roles/class.c | 29 +- drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/usb/typec/tcpm/tcpm.c | 3 - drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++- drivers/vfio/iova_bitmap.c | 25 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + drivers/xen/events/events_2l.c | 8 +- drivers/xen/events/events_base.c | 430 ++++++++++----------- drivers/xen/events/events_internal.h | 1 - drivers/xen/evtchn.c | 2 +- fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/defrag.c | 2 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/erofs/namei.c | 28 +- fs/ext4/extents.c | 111 ++++-- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 45 ++- fs/ntfs3/attrlist.c | 12 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 53 ++- fs/ntfs3/frecord.c | 17 +- fs/ntfs3/fslog.c | 228 +++++------ fs/ntfs3/fsntfs.c | 27 +- fs/ntfs3/index.c | 8 +- fs/ntfs3/inode.c | 25 +- fs/ntfs3/namei.c | 12 + fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 23 +- fs/ntfs3/record.c | 18 +- fs/ntfs3/super.c | 49 ++- fs/ntfs3/xattr.c | 6 + fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 12 +- fs/smb/client/connect.c | 11 + fs/smb/client/dfs.c | 7 +- fs/smb/client/file.c | 3 + fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/sess.c | 5 +- fs/smb/client/smb2pdu.c | 26 +- fs/smb/client/transport.c | 18 +- include/linux/ceph/osd_client.h | 3 +- include/linux/fs.h | 2 + include/linux/memblock.h | 2 + include/linux/mlx5/mlx5_ifc.h | 2 +- include/linux/swap.h | 5 + include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_flow_table.h | 2 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 5 +- include/uapi/linux/bpf.h | 10 + include/xen/events.h | 4 +- kernel/bpf/helpers.c | 5 +- kernel/sched/rt.c | 9 +- lib/Kconfig.debug | 1 + mm/damon/lru_sort.c | 43 ++- mm/damon/reclaim.c | 18 +- mm/memblock.c | 5 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 + mm/swap.h | 5 + mm/swapfile.c | 13 + mm/zswap.c | 7 +- net/bridge/br_switchdev.c | 86 +++-- net/ceph/osd_client.c | 18 +- net/core/filter.c | 18 +- net/core/skmsg.c | 7 +- net/devlink/core.c | 12 +- net/devlink/port.c | 2 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 +- net/ipv6/addrconf.c | 21 +- net/ipv6/af_inet6.c | 1 + net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/mlme.c | 1 + net/mac80211/scan.c | 30 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 8 +- net/mptcp/fastopen.c | 6 +- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 8 + net/mptcp/options.c | 9 +- net/mptcp/pm_netlink.c | 74 ++-- net/mptcp/pm_userspace.c | 52 ++- net/mptcp/protocol.c | 69 ++-- net/mptcp/protocol.h | 25 +- net/mptcp/subflow.c | 86 +++-- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 17 +- net/netfilter/nf_tables_api.c | 81 ++-- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +- net/sched/act_mirred.c | 147 +++---- net/sched/cls_flower.c | 5 +- net/switchdev/switchdev.c | 73 ++++ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 +- net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 3 +- scripts/bpf_doc.py | 2 +- sound/pci/hda/hda_intel.c | 6 +- sound/soc/amd/acp/acp-mach-common.c | 9 +- sound/soc/codecs/wm_adsp.c | 29 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + tools/include/uapi/linux/bpf.h | 10 + tools/net/ynl/lib/ynl.c | 19 +- .../selftests/drivers/net/bonding/bond_options.sh | 2 + tools/testing/selftests/iommu/config | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 6 + .../testing/selftests/net/forwarding/tc_actions.sh | 3 - tools/testing/selftests/net/mptcp/diag.sh | 46 ++- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 +++--- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 +- tools/testing/selftests/net/mptcp/simult_flows.sh | 3 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 +- tools/testing/selftests/riscv/mm/mmap_test.h | 3 + .../selftests/riscv/vector/v_initval_nolibc.c | 2 +- .../testing/selftests/riscv/vector/vstate_prctl.c | 4 +- 300 files changed, 3611 insertions(+), 1715 deletions(-)

1 year, 6 months

14
312
0 0

[PATCH 6.7 000/334] 6.7.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.7 release. There are 334 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.7-rc1 Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_get_counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2) Chengming Zhou <zhouchengming(a)bytedance.com> mm/zswap: invalidate duplicate entry when !zswap_enabled Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 1) Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Melissa Wen <mwen(a)igalia.com> drm/amd/display: fix null-pointer dereference on edid reading Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/iommu: fix the config fragment Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not use GFP_KERNEL under as spinlock Tina Zhang <tina.zhang(a)intel.com> iommu: Add mm_get_enqcmd_pasid() helper function Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jianbo Liu <jianbol(a)nvidia.com> net/sched: flower: Add lock protection when remove filter handle Jiri Pirko <jiri(a)resnulli.us> devlink: fix port dump cmd type Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't leak mcast_groups on init error Jakub Kicinski <kuba(a)kernel.org> tools: ynl: make sure we always pass yarg to mnl_cb_run Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to temperature configuration registers Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Reject non-zero data_type if no data_len is provided Alex Elder <elder(a)linaro.org> net: ipa: don't overrun IPA suspend interrupt registers Eric Dumazet <edumazet(a)google.com> net: implement lockless setsockopt(SO_PEEK_OFF) Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Add missing dirty tracking set for parent domain Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Wrap the dirty tracking loop to be a helper Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Remove domain parameter for intel_pasid_setup_dirty_tracking() Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Track nested domains in parent Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Update iotlb in nested domain attach Maxime Ripard <mripard(a)kernel.org> drm/i915/tv: Fix TV mode Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SMCR_EL1.EZT0 on exit from suspend Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Emil Renner Berthing <emil.renner.berthing(a)canonical.com> gpiolib: Handle no pin_ranges in gpiochip_generic_config() Amit Machhiwal <amachhiw(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix L2 guest reboot failure due to empty 'arch_compat' Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Vasiliy Kovalev <kovalev(a)altlinux.org> devlink: fix possible use-after-free and memory leaks in devlink_init() Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Guenter Roeck <linux(a)roeck-us.net> parisc: Fix stack unwinder Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Fix password opcode ordering for workstations Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: set active slave to primary eth1 specifically Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Sanity check is off by one Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmasp: Indicate MAC is in charge of PHY PM Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Dan Carpenter <dan.carpenter(a)linaro.org> drm/nouveau/mmu/r535: uninitialized variable in r535_bar_new_() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: use the backlog for mirred ingress Victor Nogueira <victor(a)mojatatu.com> net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Dan Carpenter <dan.carpenter(a)linaro.org> scsi: ufs: Uninitialized variable in ufshcd_devfreq_target() Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xsk: Add truesize to skb_add_rx_frag(). Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: Correct Indiedroid Nova GPIO Names Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Handle recording beyond the mapped pages Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Lucas Stach <l.stach(a)pengutronix.de> bus: imx-weim: fix valid range check Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: tqma8mpql: fix audio codec iov-supply Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Marek Vasut <marex(a)denx.de> arm64: dts: imx8mp: Disable UART4 by default on Data Modul i.MX8M Plus eDM SBC Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Don't expose debugfs entries for RRoCE general parameters if not supported Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Avoid enum conversion warning Steve French <stfrench(a)microsoft.com> smb3: add missing null server pointer check Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'cestab' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: unique 'in use' subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: diag: fix bash warnings on older kernels Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: diag: check CURRESTAB counters Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: avoid error msg on older kernels Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm nl: also list skipped tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: simult flows: fix some subtest names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: userspace_pm: unique subtest names Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on remote_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data races on local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Aaro Koskinen <aaro.koskinen(a)iki.fi> usb: gadget: omap_udc: fix USB gadget regression on Palm TE Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled Ondrej Jirman <megi(a)xff.cz> Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role" Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated Chen Jun <chenjun102(a)huawei.com> irqchip/mbigen: Don't use bus_get_dev_root() to find the parent zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Don't enable any tiles by default on VPU40xx Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Yu Kuai <yukuai3(a)huawei.com> md: Don't suspend the array for interrupted reshape Yu Kuai <yukuai3(a)huawei.com> md: Don't register sync_thread for reshape directly Yu Kuai <yukuai3(a)huawei.com> md: Make sure md_do_sync() will set MD_RECOVERY_DONE Yu Kuai <yukuai3(a)huawei.com> md: Don't ignore read-only array in md_check_recovery() Yu Kuai <yukuai3(a)huawei.com> md: Don't ignore suspended array in md_check_recovery() Javier Martinez Canillas <javierm(a)redhat.com> sparc: Fix undefined reference to fb_is_primary_device Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix keyboard touchscreen on Lenovo Yogabook1 X90 Anshuman Khandual <anshuman.khandual(a)arm.com> mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings SeongJae Park <sj(a)kernel.org> mm/damon/core: check apply interval in damon_do_apply_schemes() Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Terry Tritton <terry.tritton(a)linaro.org> selftests/mm: uffd-unit-test check if huge page size is 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Li Ming <ming4.li(a)intel.com> cxl/pci: Skip to handle RAS errors if CXL.mem device is detached Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Fix load failures due to single window creation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Guenter Roeck <linux(a)roeck-us.net> lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not call ata_dev_power_set_standby() twice Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: adjust few initialization order in dm Lewis Huang <lewis.huang(a)amd.com> drm/amd/display: Only allow dig mapping to pwrseq in new asic Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Modify duplicate list_splice_tail call Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: Don't remove bridges which are created by other drivers Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Qu Wenruo <wqu(a)suse.com> btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Call early_init_fdt_scan_reserved_mem() earlier Jonathan Corbet <corbet(a)lwn.net> docs: Instruct LaTeX to cope with deeper nesting Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW David Gow <davidgow(a)google.com> kunit: Add a macro to wrap a deferred action function Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Peichen Huang <peichen.huang(a)amd.com> drm/amd/display: Request usb4 bw for mst streams Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Add dpia display mode validation logic Paolo Abeni <pabeni(a)redhat.com> mptcp: corner case locking for rx path fields initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: fix more tx path fields initialization Geliang Tang <geliang.tang(a)linux.dev> mptcp: use mptcp_set_state Geliang Tang <geliang.tang(a)linux.dev> mptcp: add CurrEstab MIB counter support Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle cases where multiple sessions share connection Shyam Prasad N <sprasad(a)microsoft.com> cifs: change tcon status when need_reconnect is set on it Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix HDP flush for VFs on nbio v7.9 Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Fix shared buff copy to user Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Xiubo Li <xiubli(a)redhat.com> ceph: always check dir caps asynchronously Xiubo Li <xiubli(a)redhat.com> libceph: fail sparse-read if the data length doesn't match Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Krystian Pradzynski <krystian.pradzynski(a)intel.com> accel/ivpu/40xx: Stop passing SKU boot parameters to FW Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Disable d3hot_delay on all NPU generations Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Force snooping for MMU writes Kees Cook <keescook(a)chromium.org> LoongArch: vDSO: Disable UBSAN instrumentation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: nvkm_gsp_radix3_sg() should use nvkm_gsp_mem_ctor() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: do not announce EPCS support Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: accept broadcast probe responses on 6 GHz Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: initialize SMPS mode correctly Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix driver debugfs for vif type change Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fixed overflow check in mi_enum_attr() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use i_size_read and i_size_write Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use kvfree to free memory allocated by kvmalloc Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix c/mtime typo Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add and fix comments Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: ntfs3_forced_shutdown use int instead of bool Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Implement super_operations::shutdown Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Drop suid and sgid bits as a part of fpunch Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add file_modified Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct use bh_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix multithreaded stress test Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Reduce stack usage Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve alternative boot processing Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not search for channel if server is terminating Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: free queue and assoc directly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure that channel scaling is done only once Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: fix USB-C flag update after enc10 feature init Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Use correct drm device for cgroup permission check Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Patrick Rudolph <patrick.rudolph(a)9elements.com> regulator (max5970): Fix IRQ handler Chhayly Leang <clw.leang(a)gmail.com> ALSA: hda: cs35l41: Support ASUS Zenbook UM3402YAR Kenzo Gomez <kenzo.sgomez(a)gmail.com> ALSA: hda: cs35l41: Support additional ASUS Zenbook UX3402VA Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Kunwu Chan <chentao(a)kylinos.cn> HID: nvidia-shield: Add missing null pointer checks to LED initialization Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Increase default bdl_pos_adj for Apollo Lake Rui Salvaterra <rsalvaterra(a)gmail.com> ALSA: hda: Replace numeric device IDs with constant values Jiri Kosina <jikos(a)kernel.org> HID: logitech-hidpp: add support for Logitech G Pro X Superlight 2 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Add check for cpu dai link initialization Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable ips before dc interrupt setting Lukas Wunner <lukas(a)wunner.de> ARM: dts: Fix TPM schema violations Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Charles Keepax <ckeepax(a)opensource.cirrus.com> spi: cs42l43: Handle error from devm_pm_runtime_enable Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: helper function to check replayable error codes Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_pick_channel should try selecting active channels Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel-pci: Add support for Arrow Lake SPI serial flash Liming Sun <limings(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: dw-edma: increase size of 'name' in debugfs code Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in mm tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in vector tests Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in cbo Christoph Müllner <christoph.muellner(a)vrull.eu> tools: selftests: riscv: Fix compile warnings in hwprobe Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: Fix logical volume rescan race condition David Strahan <david.strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend ------------- Diffstat: Documentation/conf.py | 6 + Documentation/dev-tools/kunit/usage.rst | 10 +- Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-bletchley.dts | 4 +- .../dts/aspeed/aspeed-bmc-facebook-wedge400.dts | 4 +- arch/arm/boot/dts/aspeed/aspeed-bmc-opp-tacoma.dts | 2 +- .../dts/aspeed/ast2600-facebook-netbmc-common.dtsi | 4 +- .../arm/boot/dts/nxp/imx/imx6ull-phytec-tauri.dtsi | 2 +- .../boot/dts/nxp/imx/imx7d-flex-concentrator.dts | 2 +- .../dts/ti/omap/am335x-moxa-uc-2100-common.dtsi | 2 +- arch/arm/mach-ep93xx/core.c | 1 + .../dts/freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- .../dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts | 9 +- arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 10 +- arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 16 ++ arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +-- arch/loongarch/include/asm/acpi.h | 4 +- arch/loongarch/kernel/acpi.c | 4 +- arch/loongarch/kernel/setup.c | 4 +- arch/loongarch/kernel/smp.c | 122 ++++++----- arch/loongarch/vdso/Makefile | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/parisc/kernel/unwind.c | 14 +- arch/powerpc/include/asm/ppc-pci.h | 10 + arch/powerpc/kernel/iommu.c | 23 ++- arch/powerpc/kvm/book3s_hv.c | 26 ++- arch/powerpc/kvm/book3s_hv_nestedv2.c | 20 +- arch/powerpc/platforms/pseries/pci_dlpar.c | 4 + arch/s390/pci/pci.c | 2 +- arch/sparc/Makefile | 2 +- arch/sparc/video/Makefile | 2 +- arch/x86/entry/entry.S | 23 +++ arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/nospec-branch.h | 13 ++ arch/x86/kernel/traps.c | 2 +- arch/x86/mm/numa.c | 21 +- block/blk-map.c | 13 +- drivers/accel/ivpu/ivpu_drv.c | 5 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 2 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 9 +- drivers/accel/ivpu/ivpu_mmu.c | 3 - drivers/ata/ahci.c | 44 +++- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 ++++++----- drivers/ata/libata-core.c | 87 ++++---- drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- drivers/bus/imx-weim.c | 2 +- drivers/cache/ax45mp_cache.c | 4 + .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/acpi.c | 46 +++-- drivers/cxl/core/pci.c | 49 +++-- drivers/dma/apple-admac.c | 5 +- drivers/dma/dw-edma/dw-edma-v0-debugfs.c | 4 +- drivers/dma/dw-edma/dw-hdma-v0-debugfs.c | 4 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpio/gpiolib.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 6 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 ++ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 57 +++--- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 2 +- drivers/gpu/drm/amd/display/dc/dc.h | 4 +- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 6 + drivers/gpu/drm/amd/display/dc/dc_types.h | 14 +- .../gpu/drm/amd/display/dc/dce/dce_panel_cntl.c | 1 + .../drm/amd/display/dc/dcn301/dcn301_panel_cntl.c | 1 + .../drm/amd/display/dc/dcn31/dcn31_panel_cntl.c | 18 +- .../amd/display/dc/dcn32/dcn32_dio_link_encoder.c | 4 +- .../amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 4 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/inc/hw/panel_cntl.h | 2 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 42 +++- drivers/gpu/drm/amd/display/dc/link/link_factory.c | 26 +-- .../gpu/drm/amd/display/dc/link/link_validation.c | 60 +++++- .../display/dc/link/protocols/link_dp_dpia_bw.c | 178 ++++++++++++---- .../display/dc/link/protocols/link_dp_dpia_bw.h | 9 + drivers/gpu/drm/drm_buddy.c | 4 +- drivers/gpu/drm/drm_syncobj.c | 19 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 10 +- drivers/gpu/drm/i915/display/intel_tv.c | 10 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 1 - drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 - drivers/gpu/drm/meson/meson_encoder_hdmi.c | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/bar/r535.c | 5 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 18 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-nvidia-shield.c | 4 + drivers/hwmon/coretemp.c | 2 +- drivers/hwmon/nct6775-core.c | 14 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/mlx5/cong.c | 6 + drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 45 ++-- drivers/iommu/intel/iommu.c | 87 ++++++-- drivers/iommu/intel/iommu.h | 7 + drivers/iommu/intel/nested.c | 14 +- drivers/iommu/intel/pasid.c | 5 +- drivers/iommu/intel/pasid.h | 1 - drivers/iommu/iommu-sva.c | 2 +- drivers/iommu/iommufd/hw_pagetable.c | 3 +- drivers/iommu/iommufd/iova_bitmap.c | 68 +++++- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-mbigen.c | 8 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 +++++++-- drivers/md/dm-integrity.c | 91 +++++++- drivers/md/dm-verity-target.c | 86 +++++++- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 70 ++++--- drivers/md/raid10.c | 16 +- drivers/md/raid5.c | 29 +-- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + drivers/net/ethernet/broadcom/asp2/bcmasp.c | 6 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 3 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 -- drivers/net/gtp.c | 10 +- drivers/net/ipa/ipa_interrupt.c | 2 +- drivers/net/phy/realtek.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 5 +- drivers/nvme/host/fc.c | 47 +---- drivers/nvme/target/fc.c | 137 +++++++------ drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 67 ++++++ drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/think-lmi.c | 20 +- drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +++- drivers/platform/x86/x86-android-tablets/core.c | 3 + drivers/platform/x86/x86-android-tablets/lenovo.c | 1 + .../x86/x86-android-tablets/x86-android-tablets.h | 1 + drivers/regulator/max5970-regulator.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/sd.c | 26 ++- drivers/scsi/smartpqi/smartpqi.h | 1 - drivers/scsi/smartpqi/smartpqi_init.c | 88 +++++++- drivers/spi/spi-cs42l43.c | 5 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-intel-pci.c | 1 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +++--- drivers/tty/serial/stm32-usart.c | 4 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/gadget/udc/omap_udc.c | 3 +- drivers/usb/roles/class.c | 29 ++- drivers/usb/storage/scsiglue.c | 7 + drivers/usb/storage/uas.c | 7 + drivers/usb/typec/tcpm/tcpm.c | 3 - drivers/usb/typec/ucsi/ucsi_acpi.c | 71 ++++++- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/btrfs/defrag.c | 2 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/ceph/caps.c | 6 - fs/ceph/mds_client.c | 9 +- fs/ceph/mds_client.h | 2 +- fs/ceph/super.h | 2 - fs/erofs/namei.c | 28 +-- fs/ext4/extents.c | 111 ++++++---- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 45 ++-- fs/ntfs3/attrlist.c | 12 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/dir.c | 44 ++-- fs/ntfs3/file.c | 72 +++++-- fs/ntfs3/frecord.c | 19 +- fs/ntfs3/fslog.c | 228 ++++++++++----------- fs/ntfs3/fsntfs.c | 29 ++- fs/ntfs3/index.c | 8 +- fs/ntfs3/inode.c | 32 ++- fs/ntfs3/namei.c | 12 ++ fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 25 +-- fs/ntfs3/record.c | 18 +- fs/ntfs3/super.c | 49 +++-- fs/ntfs3/xattr.c | 6 + fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 12 +- fs/smb/client/connect.c | 11 + fs/smb/client/dfs.c | 7 +- fs/smb/client/file.c | 3 + fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/sess.c | 5 +- fs/smb/client/smb2pdu.c | 26 ++- fs/smb/client/transport.c | 18 +- include/kunit/resource.h | 21 ++ include/linux/ceph/osd_client.h | 3 +- include/linux/fs.h | 2 + include/linux/iommu.h | 12 ++ include/linux/memblock.h | 2 + include/linux/mlx5/mlx5_ifc.h | 2 +- include/linux/swap.h | 5 + include/net/netfilter/nf_flow_table.h | 2 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 5 +- kernel/bpf/helpers.c | 5 +- lib/Kconfig.debug | 1 + lib/kunit/kunit-test.c | 5 +- lib/kunit/test.c | 6 +- mm/damon/core.c | 15 +- mm/damon/lru_sort.c | 43 +++- mm/damon/reclaim.c | 18 +- mm/memblock.c | 6 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 ++ mm/swap.h | 5 + mm/swapfile.c | 13 ++ mm/zswap.c | 7 +- net/bridge/br_switchdev.c | 86 +++++--- net/ceph/osd_client.c | 18 +- net/core/skmsg.c | 7 +- net/core/sock.c | 23 +-- net/devlink/core.c | 12 +- net/devlink/port.c | 2 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 ++- net/ipv4/udp.c | 7 +- net/ipv6/addrconf.c | 21 +- net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/debugfs_netdev.c | 4 +- net/mac80211/debugfs_netdev.h | 5 - net/mac80211/iface.c | 2 +- net/mac80211/mlme.c | 8 +- net/mac80211/scan.c | 30 +-- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 8 +- net/mptcp/fastopen.c | 6 +- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 8 + net/mptcp/options.c | 9 +- net/mptcp/pm_netlink.c | 74 ++++--- net/mptcp/pm_userspace.c | 15 +- net/mptcp/protocol.c | 69 ++++--- net/mptcp/protocol.h | 25 ++- net/mptcp/subflow.c | 86 +++++--- net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 17 +- net/netfilter/nf_tables_api.c | 81 ++++---- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +++- net/sched/act_mirred.c | 147 ++++++------- net/sched/cls_flower.c | 5 +- net/switchdev/switchdev.c | 73 +++++++ net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 ++- net/unix/af_unix.c | 19 +- net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 3 +- scripts/bpf_doc.py | 2 +- sound/pci/hda/cs35l41_hda_property.c | 4 + sound/pci/hda/hda_intel.c | 6 +- sound/soc/amd/acp/acp-mach-common.c | 9 +- sound/soc/codecs/wm_adsp.c | 29 ++- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 ++ tools/net/ynl/lib/ynl.c | 19 +- .../selftests/drivers/net/bonding/bond_options.sh | 2 + tools/testing/selftests/iommu/config | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 6 + .../testing/selftests/net/forwarding/tc_actions.sh | 3 - tools/testing/selftests/net/mptcp/diag.sh | 46 ++++- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 41 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 109 ++++------ tools/testing/selftests/net/mptcp/mptcp_lib.sh | 16 ++ tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 +- tools/testing/selftests/net/mptcp/simult_flows.sh | 3 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 18 +- tools/testing/selftests/riscv/hwprobe/cbo.c | 6 +- tools/testing/selftests/riscv/hwprobe/hwprobe.c | 4 +- tools/testing/selftests/riscv/mm/mmap_test.h | 3 + .../selftests/riscv/vector/v_initval_nolibc.c | 2 +- .../testing/selftests/riscv/vector/vstate_prctl.c | 4 +- 340 files changed, 3847 insertions(+), 1826 deletions(-)

1 year, 6 months

14
348
0 0

[PATCH 6.1 000/195] 6.1.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.80 release. There are 195 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.80-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.80-rc1 Edward Lo <edward.lo(a)ambergroup.io> fs/ntfs3: Enhance the attribute size check Kuniyuki Iwashima <kuniyu(a)amazon.com> arp: Prevent overflow in arp_req_get(). Lennert Buytenhek <kernel(a)wantstofly.org> ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts Szuying Chen <chensiying21(a)gmail.com> ata: ahci: add identifiers for ASM2116 series adapters Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for netlink appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: userspace pm send RM_ADDR for ID 0 Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: fix missing folio cleanup in writeback race path Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio SeongJae Park <sj(a)kernel.org> mm/damon/reclaim: fix quota stauts loss due to online tunings Gao Xiang <xiang(a)kernel.org> erofs: fix inconsistent per-file compression format Gao Xiang <xiang(a)kernel.org> erofs: simplify compression configuration parser Corey Minyard <minyard(a)acm.org> i2c: imx: when being a target, mark the last read as processed Armin Wolf <W_Armin(a)gmx.de> drm/amd/display: Fix memory leak in dm_sw_fini() Erik Kurzinger <ekurzinger(a)nvidia.com> drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Siddharth Vadapalli <s-vadapalli(a)ti.com> net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY Justin Iurman <justin.iurman(a)uliege.be> Fix write to cloned skb in ipv6_hop_ioam() Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Rémi Denis-Courmont <courmisch(a)gmail.com> phonet: take correct lock to peek at the RX queue Horatiu Vultur <horatiu.vultur(a)microchip.com> net: sparx5: Add spinlock for frame transmission from CPU Jeremy Kerr <jk(a)codeconstruct.com.au> net: mctp: put sock on tag allocation failure Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: use kzalloc for hook allocation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: register hooks last when adding new chain/flowtable Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rename function to destroy hook list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: release dst in case direct xmit path is used Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_flow_offload: reset dst in route object after setting up flow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: simplify route logic Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: set dormant flag on hook register failure Sabrina Dubroca <sd(a)queasysnail.net> tls: don't skip over different type records from the rx_list Sabrina Dubroca <sd(a)queasysnail.net> tls: stop recv() if initial process_rx_list gave us non-DATA Sabrina Dubroca <sd(a)queasysnail.net> tls: break out of main loop when PEEK gets a non-data record Shigeru Yoshida <syoshida(a)redhat.com> bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() Jason Gunthorpe <jgg(a)ziepe.ca> s390: use the correct count for __iowrite64_copy() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Consider the action set by PF Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: thinkpad_acpi: Only update profile if successfully converted Mark Brown <broonie(a)kernel.org> arm64/sme: Restore SME registers on exit from suspend Kees Cook <keescook(a)chromium.org> net: dev: Convert sa_data to flexible array in struct sockaddr Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Daniil Dulov <d.dulov(a)aladdin.ru> afs: Increase buffer size in afs_update_volume_status() Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> ata: ahci_ceva: fix error handling for Xilinx GT PHY support Eric Dumazet <edumazet(a)google.com> ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Eric Dumazet <edumazet(a)google.com> ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Pavel Sakharov <p.sakharov(a)ispras.ru> net: stmmac: Fix incorrect dereference in interrupt handlers Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the sort compare func used in numa_fill_memblks() Alison Schofield <alison.schofield(a)intel.com> x86/numa: Fix the address overlap check in numa_fill_memblks() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> net: ethernet: adi: requires PHYLIB support Kuniyuki Iwashima <kuniyu(a)amazon.com> dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Ensure deferred event delivery on unoffload Tobias Waldekranz <tobias(a)waldekranz.com> net: bridge: switchdev: Skip MDB replays of deferred events on offload Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Fix disable_managed_interrupts Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set num-cs property for spi on px30 Kamal Heib <kheib(a)redhat.com> RDMA/qedr: Fix qedr_create_user_qp error flow Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Consider page offset for the pages to be pinned Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array Joao Martins <joao.m.martins(a)oracle.com> iommufd/iova_bitmap: Bounds check mapped::pages access Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add AE for too many RNRS Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Set the CQ read threshold for GEN 1 Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Validate max_send_wr and max_recv_wr Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Fix KASAN issue with tasklet Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Sohaib Nadeem <sohaib.nadeem(a)amd.com> Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix lockless access in subflow ULP diag Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: add needs_id for userspace appending addr Geliang Tang <geliang.tang(a)suse.com> mptcp: make userspace_pm_append_new_local_addr static Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Xu Yang <xu.yang_2(a)nxp.com> usb: roles: fix NULL pointer issue when put module's reference Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix memory double free when handle zero packet Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: blocked some cdns3 specific code Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't disconnect if not started Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: amba-pl011: Fix DMA transmission in RS485 mode Sandeep Dhavale <dhavale(a)google.com> erofs: fix refcount on the metabuf used for inode lookup Arnd Bergmann <arnd(a)arndb.de> dm-integrity, dm-verity: reduce stack usage for recheck Peter Zijlstra <peterz(a)infradead.org> x86/alternative: Make custom return thunk unconditional Borislav Petkov (AMD) <bp(a)alien8.de> Revert "x86/alternative: Make custom return thunk unconditional" Peter Zijlstra <peterz(a)infradead.org> x86/returnthunk: Allow different return thunks Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Enable interrupt if needed before EOI Oliver Upton <oliver.upton(a)linux.dev> irqchip/gic-v3-its: Do not assume vPE tables are preallocated zhenwei pi <pizhenwei(a)bytedance.com> crypto: virtio/akcipher - Fix stack overflow on memcpy Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Yu Kuai <yukuai3(a)huawei.com> md: Fix missing release of 'active_io' for flush Baokun Li <libaokun1(a)huawei.com> cachefiles: fix memory leak in cachefiles_add_cache() Hans de Goede <hdegoede(a)redhat.com> platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler Johannes Weiner <hannes(a)cmpxchg.org> mm: memcontrol: clarify swapaccount=0 deprecation warning SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: fix quota status loss due to online tunings Kairui Song <kasong(a)tencent.com> mm/swap: fix race when skipping swapcache Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Consult supported VPD page list prior to fetching page Naohiro Aota <naohiro.aota(a)wdc.com> scsi: target: pscsi: Fix bio_put() for error case Robert Richter <rrichter(a)amd.com> cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: recheck the hash after a failure Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: recheck the integrity tag after a failure Helge Deller <deller(a)gmx.de> Revert "parisc: Only list existing CPUs in cpu_possible_mask" Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: recheck the integrity tag after a failure Damien Le Moal <dlemoal(a)kernel.org> ata: libata-core: Do not try to set sleeping devices to standby Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix invalid -EBUSY on ccw_device_start Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Fix an invalid freeing on already freed page in error path Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Disable IRQ before init_fn() for nonboot CPUs Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Steve French <stfrench(a)microsoft.com> smb3: clarify mount warning Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse points under DFS mounts Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: reset gpu for s3 suspend abort case Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: skip to program GFXDEC registers for suspend abort Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Select ARCH_ENABLE_THP_MIGRATION instead of redefining it SEO HOYOUNG <hy50.seo(a)samsung.com> scsi: ufs: core: Remove the ufshcd_release() in ufshcd_err_handling_prepare() Hannes Reinecke <hare(a)suse.de> scsi: lpfc: Use unsigned type for num_sge Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Andrew Bresticker <abrestic(a)rivosinc.com> efi: Don't add memblocks for soft-reserved memory Andrew Bresticker <abrestic(a)rivosinc.com> efi: runtime: Fix potential overflow of soft-reserved region size Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: adding missing drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: set station RX-NSS on reconfig Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix oob in ntfs_listxattr Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_size after success write into compressed file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct function is_rst_area_valid Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Prevent generic message "attempt to access beyond end of device" Ism Hong <ism.hong(a)gmail.com> fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Disable ATTR_LIST_ENTRY size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name" Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Print warning while fixing hard links count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Correct hard links updating when dealing with DOS names Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Improve ntfs_dir_count Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Modified fix directory element type detection Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the hole length returned by ext4_map_blocks() Paulo Alcantara <pc(a)manguebit.com> smb: client: increase number of PDUs allowed in a compound request Daniel Wagner <dwagner(a)suse.de> nvmet-fc: take ref count on tgtport before delete assoc Daniel Wagner <dwagner(a)suse.de> nvmet-fc: avoid deadlock on delete association path Daniel Wagner <dwagner(a)suse.de> nvmet-fc: abort command when there is no binding Daniel Wagner <dwagner(a)suse.de> nvmet-fc: hold reference on hostport match Daniel Wagner <dwagner(a)suse.de> nvmet-fc: defer cleanup using RCU properly Daniel Wagner <dwagner(a)suse.de> nvmet-fc: release reference on target port Daniel Wagner <dwagner(a)suse.de> nvmet-fcloop: swap the list_add_tail arguments Daniel Wagner <dwagner(a)suse.de> nvme-fc: do not wait in vain when unloading module Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Ignore clock selector errors for single connection Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Don't overwrite fwf_name with the default Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Xin Long <lucien.xin(a)gmail.com> netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Will Deacon <will(a)kernel.org> misc: open-dice: Fix spurious lockdep warning Brenton Simpson <appsforartists(a)google.com> Input: xpad - add Lenovo Legion Go controllers Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: avoid integer overflow in constants Chen-Yu Tsai <wens(a)csie.org> ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Check presence of valid altsetting control Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Quirk to ack a connector change ack cmd Guixin Liu <kanie(a)linux.alibaba.com> nvmet-tcp: fix nvme tcp ida memory leak Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Kunwu Chan <chentao(a)kylinos.cn> dmaengine: ti: edma: Add some null pointer checks to the edma_probe Hans de Goede <hdegoede(a)redhat.com> Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Baokun Li <libaokun1(a)huawei.com> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Phoenix Chen <asbeltogf(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet Huang Pei <huangpei(a)loongson.cn> MIPS: reserve exception vector space ONLY ONCE Lennert Buytenhek <kernel(a)wantstofly.org> ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Shyam Prasad N <sprasad(a)microsoft.com> cifs: translate network errors on send to -ECONNABORTED Kees Cook <keescook(a)chromium.org> smb: Work around Clang __bdos() type confusion Christian A. Ehrhardt <lk(a)c--e.de> block: Fix WARNING in _copy_from_iter Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: fsl-qdma: increase size of 'irq_name' Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Shyam Prasad N <sprasad(a)microsoft.com> cifs: open_cached_dir should not rely on primary channel Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Hector Martin <marcan(a)marcan.st> dmaengine: apple-admac: Keep upper bits of REG_BUS_WIDTH Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/arm64/boot/dts/rockchip/px30.dtsi | 2 + arch/arm64/include/asm/fpsimd.h | 2 + arch/arm64/kernel/fpsimd.c | 14 + arch/arm64/kernel/suspend.c | 3 + arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/loongarch/Kconfig | 23 +- arch/loongarch/kernel/smp.c | 1 + arch/mips/kernel/traps.c | 8 +- arch/parisc/kernel/processor.c | 8 - arch/s390/pci/pci.c | 2 +- arch/x86/include/asm/nospec-branch.h | 2 + arch/x86/kernel/alternative.c | 13 +- arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/mm/numa.c | 21 +- arch/x86/net/bpf_jit_comp.c | 2 +- block/blk-map.c | 13 +- drivers/ata/ahci.c | 49 +- drivers/ata/ahci.h | 1 + drivers/ata/ahci_ceva.c | 125 +- drivers/ata/libata-core.c | 4 + drivers/block/aoe/aoeblk.c | 5 +- drivers/block/virtio_blk.c | 7 +- .../crypto/virtio/virtio_crypto_akcipher_algs.c | 5 +- drivers/cxl/core/pci.c | 6 +- drivers/dma/apple-admac.c | 5 +- drivers/dma/fsl-qdma.c | 2 +- drivers/dma/sh/shdma.h | 2 +- drivers/dma/ti/edma.c | 10 + drivers/firewire/core-card.c | 18 +- drivers/firmware/efi/arm-runtime.c | 2 +- drivers/firmware/efi/efi-init.c | 19 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/riscv-runtime.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 + drivers/gpu/drm/amd/amdgpu/soc15.c | 22 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + drivers/gpu/drm/drm_syncobj.c | 6 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- drivers/hwmon/coretemp.c | 2 +- drivers/i2c/busses/i2c-imx.c | 5 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/hw/irdma/defs.h | 1 + drivers/infiniband/hw/irdma/hw.c | 8 + drivers/infiniband/hw/irdma/verbs.c | 9 +- drivers/infiniband/hw/qedr/verbs.c | 11 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 17 +- drivers/input/joystick/xpad.c | 2 + drivers/input/serio/i8042-acpipnpio.h | 8 + drivers/input/touchscreen/goodix.c | 3 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 8 +- drivers/md/dm-crypt.c | 95 +- drivers/md/dm-integrity.c | 91 +- drivers/md/dm-verity-target.c | 86 +- drivers/md/dm-verity.h | 6 + drivers/md/md.c | 6 +- drivers/misc/open-dice.c | 2 +- drivers/net/ethernet/adi/Kconfig | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 4 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_main.h | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 - drivers/net/gtp.c | 10 +- drivers/net/phy/realtek.c | 4 +- drivers/nvme/host/fc.c | 47 +- drivers/nvme/target/fc.c | 131 +- drivers/nvme/target/fcloop.c | 6 +- drivers/nvme/target/tcp.c | 1 + drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/msi/irqdomain.c | 2 +- drivers/platform/x86/intel/vbtn.c | 3 - drivers/platform/x86/thinkpad_acpi.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 39 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/cio/device_ops.c | 6 +- drivers/scsi/Kconfig | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 12 +- drivers/scsi/scsi.c | 22 +- drivers/scsi/smartpqi/smartpqi_init.c | 5 +- drivers/soc/mediatek/mtk-pm-domains.c | 15 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/spi/spi-hisi-sfc-v3xx.c | 5 + drivers/spi/spi-sh-msiof.c | 16 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_pscsi.c | 9 +- drivers/target/target_core_transport.c | 4 + drivers/tty/serial/amba-pl011.c | 60 +- drivers/ufs/core/ufshcd.c | 1 - drivers/usb/cdns3/cdns3-gadget.c | 8 +- drivers/usb/cdns3/core.c | 1 - drivers/usb/cdns3/drd.c | 13 +- drivers/usb/cdns3/drd.h | 6 +- drivers/usb/cdns3/host.c | 16 +- drivers/usb/dwc3/gadget.c | 5 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 29 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +- drivers/vfio/iova_bitmap.c | 25 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/afs/volume.c | 4 +- fs/aio.c | 9 +- fs/cachefiles/cache.c | 2 + fs/cachefiles/daemon.c | 1 + fs/erofs/compress.h | 4 + fs/erofs/decompressor.c | 60 +- fs/erofs/decompressor_lzma.c | 4 +- fs/erofs/internal.h | 28 +- fs/erofs/namei.c | 28 +- fs/erofs/super.c | 72 +- fs/erofs/zmap.c | 23 +- fs/ext4/extents.c | 111 +- fs/ext4/mballoc.c | 15 +- fs/ntfs3/attrib.c | 20 +- fs/ntfs3/attrlist.c | 8 +- fs/ntfs3/dir.c | 40 +- fs/ntfs3/file.c | 2 + fs/ntfs3/fslog.c | 14 +- fs/ntfs3/fsntfs.c | 24 + fs/ntfs3/inode.c | 2 +- fs/ntfs3/ntfs.h | 4 +- fs/ntfs3/ntfs_fs.h | 14 +- fs/ntfs3/record.c | 25 +- fs/ntfs3/xattr.c | 3 + fs/smb/client/cached_dir.c | 2 +- fs/smb/client/cifsencrypt.c | 2 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/fs_context.c | 2 +- fs/smb/client/readdir.c | 15 +- fs/smb/client/smb2pdu.c | 6 + fs/smb/client/transport.c | 15 +- include/linux/fs.h | 2 + include/linux/memblock.h | 2 + include/linux/socket.h | 5 +- include/linux/swap.h | 5 + include/net/netfilter/nf_flow_table.h | 4 +- include/net/switchdev.h | 3 + include/net/tcp.h | 2 +- include/scsi/scsi_device.h | 4 - kernel/bpf/helpers.c | 5 +- kernel/sched/rt.c | 12 +- mm/damon/lru_sort.c | 43 +- mm/damon/reclaim.c | 18 +- mm/memblock.c | 5 +- mm/memcontrol.c | 10 +- mm/memory.c | 20 + mm/swap.h | 5 + mm/swapfile.c | 13 + mm/zswap.c | 2 + net/bridge/br_switchdev.c | 86 +- net/core/dev.c | 2 +- net/core/dev_ioctl.c | 2 +- net/core/skmsg.c | 7 +- net/ipv4/arp.c | 3 +- net/ipv4/devinet.c | 21 +- net/ipv4/inet_hashtables.c | 25 +- net/ipv6/addrconf.c | 21 +- net/ipv6/exthdrs.c | 10 + net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/cfg.c | 2 + net/mac80211/mlme.c | 1 + net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/mctp/route.c | 2 +- net/mptcp/diag.c | 6 +- net/mptcp/pm_netlink.c | 24 +- net/mptcp/pm_userspace.c | 54 +- net/mptcp/protocol.h | 2 - net/netfilter/nf_conntrack_proto_sctp.c | 2 +- net/netfilter/nf_flow_table_core.c | 41 +- net/netfilter/nf_tables_api.c | 87 +- net/netfilter/nft_flow_offload.c | 14 +- net/packet/af_packet.c | 10 +- net/phonet/datagram.c | 4 +- net/phonet/pep.c | 41 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 706 -------- net/sched/sch_cbq.c | 1727 -------------------- net/sched/sch_dsmark.c | 518 ------ net/switchdev/switchdev.c | 73 + net/tls/tls_main.c | 2 +- net/tls/tls_sw.c | 24 +- net/wireless/nl80211.c | 1 + scripts/bpf_doc.py | 2 +- sound/soc/codecs/wm_adsp.c | 29 +- sound/soc/sunxi/sun4i-spdif.c | 5 + sound/usb/clock.c | 10 +- sound/usb/format.c | 20 + .../selftests/tc-testing/tc-tests/qdiscs/atm.json | 94 -- .../selftests/tc-testing/tc-tests/qdiscs/cbq.json | 184 --- .../tc-testing/tc-tests/qdiscs/dsmark.json | 140 -- 202 files changed, 1956 insertions(+), 4293 deletions(-)

1 year, 6 months

13
207
0 0

[PATCH v2] xhci: Allow RPM on the USB controller (1022:43f7) by default

by Basavaraj Natikar

The AMD USB host controller (1022:43f7) does not enter PCI D3 by default when nothing is connected. This is due to the policy introduced by 'commit a611bf473d1f ("xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices")', which only covers 1.2 or later devices. Therefore, by default, allow RPM on the AMD USB controller [1022:43f7]. Fixes: 4baf12181509 ("xhci: Loosen RPM as default policy to cover for AMD xHC 1.1") Link: https://lore.kernel.org/all/12335218.O9o76ZdvQC@natalenko.name/ Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: stable(a)vger.kernel.org Tested-by: Oleksandr Natalenko <oleksandr(a)natalenko.name> Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> --- Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b534ca9752be..1eb7a41a75d7 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -473,6 +473,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; + else if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x43f7) + xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; if (xhci->quirks & XHCI_RESET_ON_RESUME) xhci_dbg_trace(xhci, trace_xhci_dbg_quirks, -- 2.25.1

1 year, 6 months

4
5
0 0

[PATCH v2 2/2] of: overlay: Synchronize of_overlay_remove() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_overlay_remove() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/overlay.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c index 2ae7e9d24a64..99659ae9fb28 100644 --- a/drivers/of/overlay.c +++ b/drivers/of/overlay.c @@ -853,6 +853,14 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) { int i; + /* + * Wait for any ongoing device link removals before removing some of + * nodes. Drop the global lock while waiting + */ + mutex_unlock(&of_mutex); + device_link_wait_removal(); + mutex_lock(&of_mutex); + if (ovcs->cset.entries.next) of_changeset_destroy(&ovcs->cset); @@ -862,7 +870,6 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs) ovcs->id = 0; } - for (i = 0; i < ovcs->count; i++) { of_node_put(ovcs->fragments[i].target); of_node_put(ovcs->fragments[i].overlay); -- 2.43.0

1 year, 6 months

2
4
0 0

[PATCH v2] USB:UAS:return ENODEV when submit urbs fail with device not attached.

by Weitao Wang

In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs function to return a value -ENODEV when submit URB fail with device in NOTATTACHED state. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> --- v1->v2 - Modify the description of this patch. drivers/usb/storage/uas.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 9707f53cfda9..967f18db525a 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,16 +541,15 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, @@ -562,9 +561,9 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -582,7 +581,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -602,7 +601,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -621,7 +620,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return (err == -ENODEV) ? -ENODEV : SCSI_MLQUEUE_DEVICE_BUSY; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +697,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; } -- 2.32.0

1 year, 6 months

3
7
0 0

[PATCH 6.1.y 0/6] Delay VERW - 6.1.y backport

by Pawan Gupta

This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface. Patch 1/6 includes a minor fix that is queued for upstream: https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@… Patch 1,2,5 and 6 needed conflict resolution. I saw a few new warnings: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction I tried using REACHABLE, but that did not fix the warning. For the below warning: vmlinux.o: warning: objtool: .altinstr_replacement+0x17: unsupported relocation in alternatives section not sure if this is related to this series or a pre-existing warning, I will check later without this series. I am not too concerned because the alternative did substitute verw correctly: entry_SYSCALL_64: ... 0xffffffff8200013d <+253>: swapgs 0xffffffff82000140 <+256>: verw 0xffffffff82000000 0xffffffff82000148 <+264>: sysretq 0xffffffff8200014b <+267>: int3 --- Pawan Gupta (5): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Documentation/x86/mds.rst | 38 +++++++++++++++++++++++++----------- arch/x86/entry/entry.S | 22 +++++++++++++++++++++ arch/x86/entry/entry_32.S | 3 +++ arch/x86/entry/entry_64.S | 11 +++++++++++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/nospec-branch.h | 25 ++++++++++++------------ arch/x86/kernel/cpu/bugs.c | 15 ++++++-------- arch/x86/kernel/nmi.c | 3 --- arch/x86/kvm/vmx/run_flags.h | 7 +++++-- arch/x86/kvm/vmx/vmenter.S | 9 ++++++--- arch/x86/kvm/vmx/vmx.c | 12 ++++++++---- 13 files changed, 103 insertions(+), 46 deletions(-) --- base-commit: 81e1dc2f70014b9523dd02ca763788e4f81e5bac change-id: 20240226-delay-verw-backport-6-1-y-4b0cec84087c

1 year, 6 months

3
12
0 0

[PATCH v2 1/2] driver core: Introduce device_link_wait_removal()

by Herve Codina

The commit 80dd33cf72d1 ("drivers: base: Fix device link removal") introduces a workqueue to release the consumer and supplier devices used in the devlink. In the job queued, devices are release and in turn, when all the references to these devices are dropped, the release function of the device itself is called. Nothing is present to provide some synchronisation with this workqueue in order to ensure that all ongoing releasing operations are done and so, some other operations can be started safely. For instance, in the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are released and related devlinks are removed (jobs pushed in the workqueue). During the step 2, OF nodes are destroyed but, without any synchronisation with devlink removal jobs, of_overlay_remove() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 Indeed, the missing of_node_put() call is going to be done, too late, from the workqueue job execution. Introduce device_link_wait_removal() to offer a way to synchronize operations waiting for the end of devlink removals (i.e. end of workqueue jobs). Also, as a flushing operation is done on the workqueue, the workqueue used is moved from a system-wide workqueue to a local one. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 26 +++++++++++++++++++++++--- include/linux/device.h | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index d5f4e4aac09b..80d9430856a8 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -44,6 +44,7 @@ static bool fw_devlink_is_permissive(void); static void __fw_devlink_link_to_consumers(struct device *dev); static bool fw_devlink_drv_reg_done; static bool fw_devlink_best_effort; +static struct workqueue_struct *device_link_wq; /** * __fwnode_link_add - Create a link between two fwnode_handles. @@ -532,12 +533,26 @@ static void devlink_dev_release(struct device *dev) /* * It may take a while to complete this work because of the SRCU * synchronization in device_link_release_fn() and if the consumer or - * supplier devices get deleted when it runs, so put it into the "long" - * workqueue. + * supplier devices get deleted when it runs, so put it into the + * dedicated workqueue. */ - queue_work(system_long_wq, &link->rm_work); + queue_work(device_link_wq, &link->rm_work); } +/** + * device_link_wait_removal - Wait for ongoing devlink removal jobs to terminate + */ +void device_link_wait_removal(void) +{ + /* + * devlink removal jobs are queued in the dedicated work queue. + * To be sure that all removal jobs are terminated, ensure that any + * scheduled work has run to completion. + */ + drain_workqueue(device_link_wq); +} +EXPORT_SYMBOL_GPL(device_link_wait_removal); + static struct class devlink_class = { .name = "devlink", .dev_groups = devlink_groups, @@ -4099,9 +4114,14 @@ int __init devices_init(void) sysfs_dev_char_kobj = kobject_create_and_add("char", dev_kobj); if (!sysfs_dev_char_kobj) goto char_kobj_err; + device_link_wq = alloc_workqueue("device_link_wq", 0, 0); + if (!device_link_wq) + goto wq_err; return 0; + wq_err: + kobject_put(sysfs_dev_char_kobj); char_kobj_err: kobject_put(sysfs_dev_block_kobj); block_kobj_err: diff --git a/include/linux/device.h b/include/linux/device.h index 1795121dee9a..d7d8305a72e8 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1249,6 +1249,7 @@ void device_link_del(struct device_link *link); void device_link_remove(void *consumer, struct device *supplier); void device_links_supplier_sync_state_pause(void); void device_links_supplier_sync_state_resume(void); +void device_link_wait_removal(void); /* Create alias, so I can be autoloaded. */ #define MODULE_ALIAS_CHARDEV(major,minor) \ -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH v2] spmi: hisi-spmi-controller: Fix kernel panic on rmmod

by Vamshi Gajjela

Ensure consistency in spmi_controller pointers between spmi_controller_remove/put and driver spmi_del_controller functions. The former requires a pointer to struct spmi_controller, while the latter passes a pointer of struct spmi_controller_dev, leading to a "Null pointer exception". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org --- v2: - Split into two separate patches - add Fixes and Cc stable drivers/spmi/hisi-spmi-controller.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 9cbd473487cb..4b6189d8cc4d 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -326,7 +326,8 @@ static int spmi_controller_probe(struct platform_device *pdev) static void spmi_del_controller(struct platform_device *pdev) { - struct spmi_controller *ctrl = platform_get_drvdata(pdev); + struct spmi_controller_dev *spmi_controller = platform_get_drvdata(pdev); + struct spmi_controller *ctrl = spmi_controller->controller; spmi_controller_remove(ctrl); spmi_controller_put(ctrl); -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

2
1
0 0

Re: [PATCH] of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing

by Saravana Kannan

On Fri, Feb 23, 2024 at 9:24 PM Saravana Kannan <saravanak(a)google.com> wrote: > > Introduced a stupid bug in commit 782bfd03c3ae ("of: property: Improve > finding the supplier of a remote-endpoint property") due to a last minute > incorrect edit of "index !=0" into "!index". This patch fixes it to be > "index > 0" to match the comment right next to it. Greg, this needs to land in the stable branches once Rob picks it up for the next 6.8-rc. -Saravana > > Reported-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> > Link: https://lore.kernel.org/lkml/20240223171849.10f9901d@booty/ > Fixes: 782bfd03c3ae ("of: property: Improve finding the supplier of a remote-endpoint property") > Signed-off-by: Saravana Kannan <saravanak(a)google.com> > --- > Using Link: instead of Closes: because Luca reported two separate issues. > > Sorry about introducing a stupid bug in an -rcX Rob. > > -Saravana > > drivers/of/property.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/of/property.c b/drivers/of/property.c > index b71267c6667c..fa8cd33be131 100644 > --- a/drivers/of/property.c > +++ b/drivers/of/property.c > @@ -1304,7 +1304,7 @@ static struct device_node *parse_remote_endpoint(struct device_node *np, > int index) > { > /* Return NULL for index > 0 to signify end of remote-endpoints. */ > - if (!index || strcmp(prop_name, "remote-endpoint")) > + if (index > 0 || strcmp(prop_name, "remote-endpoint")) > return NULL; > > return of_graph_get_remote_port_parent(np); > -- > 2.44.0.rc0.258.g7320e95886-goog >

1 year, 6 months

3
2
0 0

[PATCH v3 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Cc: stable(a)vger.kernel.org Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v3: - Fixed CC stable. Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

1
0
0 0

[PATCH v2 1/4] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros

by Jameson Thies

Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for plug type and updating the modal support macro for consistent naming. Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields") Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jameson Thies <jthies(a)google.com> --- Changes in v2: - Tested on usb-testing branch merged with chromeOS 6.8-rc2 kernel. drivers/usb/typec/ucsi/ucsi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 7e35ffbe0a6f2..469a2baf472e4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -259,12 +259,12 @@ struct ucsi_cable_property { #define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0) #define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1) #define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2) -#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0)) +#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3) #define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1 #define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2 #define UCSI_CABLE_PROPERTY_PLUG_OTHER 3 -#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5) +#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5) u8 latency; } __packed; -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

2
2
0 0

[PATCH v2] usb: typec: altmodes/displayport: create sysfs nodes after assigning driver data

by RD Babiera

The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Create sysfs nodes after typec_altmode_set_drvdata call. Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- Changes from v1: * Moved sysfs node creation instead of NULL checking dev_get_drvdata(). --- drivers/usb/typec/altmodes/displayport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c index 5a80776c7255..5bbdd2c04237 100644 --- a/drivers/usb/typec/altmodes/displayport.c +++ b/drivers/usb/typec/altmodes/displayport.c @@ -731,10 +731,6 @@ int dp_altmode_probe(struct typec_altmode *alt) DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo))) return -ENODEV; - ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); - if (ret) - return ret; - dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL); if (!dp) return -ENOMEM; @@ -766,6 +762,10 @@ int dp_altmode_probe(struct typec_altmode *alt) if (plug) typec_altmode_set_drvdata(plug, dp); + ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group); + if (ret) + return ret; + dp->state = plug ? DP_STATE_ENTER_PRIME : DP_STATE_ENTER; schedule_work(&dp->work); base-commit: a560a5672826fc1e057068bda93b3d4c98d037a2 -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 6 months

2
2
0 0

[PATCH] docs: Restore "smart quotes" for quotes

by Akira Yokosawa

Commit eaae75754d81 ("docs: turn off "smart quotes" in the HTML build") disabled conversion of quote marks along with that of dashes. Despite the short summary, the change affects not only HTML build but also other build targets including PDF. However, as "smart quotes" had been enabled for more than half a decade already, quite a few readers of HTML pages are likely expecting conversions of "foo" -> “foo” and 'bar' -> ‘bar’. Furthermore, in LaTeX typesetting convention, it is common to use distinct marks for opening and closing quote marks. To satisfy such readers' expectation, restore conversion of quotes only by setting smartquotes_action [1]. Link: [1] https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-smart… Cc: stable(a)vger.kernel.org # v6.4 Signed-off-by: Akira Yokosawa <akiyks(a)gmail.com> --- Documentation/conf.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/conf.py b/Documentation/conf.py index da64c9fb7e07..d148f3e8dd57 100644 --- a/Documentation/conf.py +++ b/Documentation/conf.py @@ -346,9 +346,9 @@ sys.stderr.write("Using %s theme\n" % html_theme) html_static_path = ['sphinx-static'] # If true, Docutils "smart quotes" will be used to convert quotes and dashes -# to typographically correct entities. This will convert "--" to "—", -# which is not always what we want, so disable it. -smartquotes = False +# to typographically correct entities. However, conversion of "--" to "—" +# is not always what we want, so enable only quotes. +smartquotes_action = 'q' # Custom sidebar templates, maps document names to template names. # Note that the RTD theme ignores this base-commit: 32ed7930304ca7600a54c2e702098bd2ce7086af -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH v2 04/12] PCI: qcom: Add support for disabling ASPM L0s in devicetree

by Johan Hovold

Commit 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") started enabling ASPM unconditionally when the hardware claims to support it. This triggers Correctable Errors for some PCIe devices on machines like the Lenovo ThinkPad X13s, which could indicate an incomplete driver ASPM implementation or that the hardware does in fact not support L0s. Add support for disabling ASPM L0s in the devicetree when it is not supported on a particular machine and controller. Note that only the 1.9.0 ops enable ASPM currently. Fixes: 9f4f3dfad8cf ("PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops") Cc: stable(a)vger.kernel.org # 6.7 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 09d485df34b9..0fb5dc06d2ef 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -273,6 +273,25 @@ static int qcom_pcie_start_link(struct dw_pcie *pci) return 0; } +static void qcom_pcie_clear_aspm_l0s(struct dw_pcie *pci) +{ + u16 offset; + u32 val; + + if (!of_property_read_bool(pci->dev->of_node, "aspm-no-l0s")) + return; + + offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + + dw_pcie_dbi_ro_wr_en(pci); + + val = readl(pci->dbi_base + offset + PCI_EXP_LNKCAP); + val &= ~PCI_EXP_LNKCAP_ASPM_L0S; + writel(val, pci->dbi_base + offset + PCI_EXP_LNKCAP); + + dw_pcie_dbi_ro_wr_dis(pci); +} + static void qcom_pcie_clear_hpc(struct dw_pcie *pci) { u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); @@ -962,6 +981,7 @@ static int qcom_pcie_init_2_7_0(struct qcom_pcie *pcie) static int qcom_pcie_post_init_2_7_0(struct qcom_pcie *pcie) { + qcom_pcie_clear_aspm_l0s(pcie->pci); qcom_pcie_clear_hpc(pcie->pci); return 0; -- 2.43.0

1 year, 6 months

3
3
0 0

[PATCH v1] ALSA: memalloc: Fix indefinite hang in non-iommu case

by Karthikeyan Ramasubramanian

Before 9d8e536 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") the alsa non-contiguous allocator always called the alsa fallback allocator in the non-iommu case. This allocated non-contig memory consisting of progressively smaller contiguous chunks. Allocation was fast due to the OR-ing in of __GFP_NORETRY. After 9d8e536 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") the code tries the dma non-contig allocator first, then falls back to the alsa fallback allocator. In the non-iommu case, the former supports only a single contiguous chunk. We have observed experimentally that under heavy memory fragmentation, allocating a large-ish contiguous chunk with __GFP_RETRY_MAYFAIL triggers an indefinite hang in the dma non-contig allocator. This has high-impact, as an occurrence will trigger a device reboot, resulting in loss of user state. Fix the non-iommu path by letting dma_alloc_noncontiguous() fail quickly so it does not get stuck looking for that elusive large contiguous chunk, in which case we will fall back to the alsa fallback allocator. Note that the iommu dma non-contiguous allocator is not affected. While assembling an array of pages, it tries consecutively smaller contiguous allocations, and lets higher-order chunk allocations fail quickly. Suggested-by: Sven van Ashbrook <svenva(a)chromium.org> Suggested-by: Brian Geffon <bgeffon(a)google.com> Fixes: 9d8e536d36e7 ("ALSA: memalloc: Try dma_alloc_noncontiguous() at first") Cc: stable(a)vger.kernel.org Cc: Sven van Ashbrook <svenva(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- sound/core/memalloc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c index f901504b5afc1..5f6526a0d731c 100644 --- a/sound/core/memalloc.c +++ b/sound/core/memalloc.c @@ -540,13 +540,18 @@ static void *snd_dma_noncontig_alloc(struct snd_dma_buffer *dmab, size_t size) { struct sg_table *sgt; void *p; + gfp_t gfp_flags = DEFAULT_GFP; #ifdef CONFIG_SND_DMA_SGBUF if (cpu_feature_enabled(X86_FEATURE_XENPV)) return snd_dma_sg_fallback_alloc(dmab, size); + + /* Non-IOMMU case: prevent allocator from searching forever */ + if (!get_dma_ops(dmab->dev.dev)) + gfp_flags |= __GFP_NORETRY; #endif sgt = dma_alloc_noncontiguous(dmab->dev.dev, size, dmab->dev.dir, - DEFAULT_GFP, 0); + gfp_flags, 0); #ifdef CONFIG_SND_DMA_SGBUF if (!sgt && !get_dma_ops(dmab->dev.dev)) return snd_dma_sg_fallback_alloc(dmab, size); -- 2.43.0.687.g38aa6559b0-goog

1 year, 6 months

4
13
0 0

[PATCH 1/4] fuse: replace remaining make_bad_inode() with fuse_make_bad()

by Miklos Szeredi

fuse_do_statx() was added with the wrong helper. Fixes: d3045530bdd2 ("fuse: implement statx") Cc: <stable(a)vger.kernel.org> # v6.6 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> --- fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 25c7c97f774b..ce6a38c56d54 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1214,7 +1214,7 @@ static int fuse_do_statx(struct inode *inode, struct file *file, if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) || ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) || inode_wrong_type(inode, sx->mode)))) { - make_bad_inode(inode); + fuse_make_bad(inode); return -EIO; } -- 2.43.2

1 year, 6 months

3
4
0 0

[PATCH 1/2] drm/i915: Don't explode when the dig port we don't have an AUX CH

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The icl+ power well code currently assumes that every AUX power well maps to an encoder which is using said power well. That is by no menas guaranteed as we: - only register encoders for ports declared in the VBT - combo PHY HDMI-only encoder no longer get an AUX CH since commit 9856308c94ca ("drm/i915: Only populate aux_ch if really needed") However we have places such as intel_power_domains_sanitize_state() that blindly traverse all the possible power wells. So these bits of code may very well encounbter an aux power well with no associated encoder. In this particular case the BIOS seems to have left one AUX power well enabled even though we're dealing with a HDMI only encoder on a combo PHY. We then proceed to turn off said power well and explode when we can't find a matching encoder. As a short term fix we should be able to just skip the PHY related parts of the power well programming since we know this situation can only happen with combo PHYs. Another option might be to go back to always picking an AUX CH for all encoders. However I'm a bit wary about that since we might in theory end up conflicting with the VBT AUX CH assignment. Also that wouldn't help with encoders not declared in the VBT, should we ever need to poke the corresponding power wells. Longer term we need to figure out what the actual relationship is between the PHY vs. AUX CH vs. AUX power well. Currently this is entirely unclear. Cc: stable(a)vger.kernel.org Fixes: 9856308c94ca ("drm/i915: Only populate aux_ch if really needed") Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10184 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- .../drm/i915/display/intel_display_power_well.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_power_well.c b/drivers/gpu/drm/i915/display/intel_display_power_well.c index 47cd6bb04366..06900ff307b2 100644 --- a/drivers/gpu/drm/i915/display/intel_display_power_well.c +++ b/drivers/gpu/drm/i915/display/intel_display_power_well.c @@ -246,7 +246,14 @@ static enum phy icl_aux_pw_to_phy(struct drm_i915_private *i915, enum aux_ch aux_ch = icl_aux_pw_to_ch(power_well); struct intel_digital_port *dig_port = aux_ch_to_digital_port(i915, aux_ch); - return intel_port_to_phy(i915, dig_port->base.port); + /* + * FIXME should we care about the (VBT defined) dig_port->aux_ch + * relationship or should this be purely defined by the hardware layout? + * Currently if the port doesn't appear in the VBT, or if it's declared + * as HDMI-only and routed to a combo PHY, the encoder either won't be + * present at all or it will not have an aux_ch assigned. + */ + return dig_port ? intel_port_to_phy(i915, dig_port->base.port) : PHY_NONE; } static void hsw_wait_for_power_well_enable(struct drm_i915_private *dev_priv, @@ -414,7 +421,8 @@ icl_combo_phy_aux_power_well_enable(struct drm_i915_private *dev_priv, intel_de_rmw(dev_priv, regs->driver, 0, HSW_PWR_WELL_CTL_REQ(pw_idx)); - if (DISPLAY_VER(dev_priv) < 12) + /* FIXME this is a mess */ + if (phy != PHY_NONE) intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), 0, ICL_LANE_ENABLE_AUX); @@ -437,7 +445,10 @@ icl_combo_phy_aux_power_well_disable(struct drm_i915_private *dev_priv, drm_WARN_ON(&dev_priv->drm, !IS_ICELAKE(dev_priv)); - intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), ICL_LANE_ENABLE_AUX, 0); + /* FIXME this is a mess */ + if (phy != PHY_NONE) + intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), + ICL_LANE_ENABLE_AUX, 0); intel_de_rmw(dev_priv, regs->driver, HSW_PWR_WELL_CTL_REQ(pw_idx), 0); -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH 32/34] drm/amd/display: Return the correct HDCP error code

by Alex Hung

From: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> [WHY & HOW] If the display is null when creating an HDCP session, return a proper error code. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c index 8c137d7c032e..7c9805705fd3 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c @@ -513,6 +513,9 @@ enum mod_hdcp_status mod_hdcp_hdcp2_create_session(struct mod_hdcp *hdcp) hdcp_cmd = (struct ta_hdcp_shared_memory *)psp->hdcp_context.context.mem_context.shared_buf; memset(hdcp_cmd, 0, sizeof(struct ta_hdcp_shared_memory)); + if (!display) + return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND; + hdcp_cmd->in_msg.hdcp2_create_session_v2.display_handle = display->index; if (hdcp->connection.link.adjust.hdcp2.force_type == MOD_HDCP_FORCE_TYPE_0) -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 29/34] drm/amd/display: Add a dc_state NULL check in dc_state_release

by Alex Hung

From: Allen Pan <allen.pan(a)amd.com> [How] Check wheather state is NULL before releasing it. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Allen Pan <allen.pan(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index 180ac47868c2..5cc7f8da209c 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -334,7 +334,8 @@ static void dc_state_free(struct kref *kref) void dc_state_release(struct dc_state *state) { - kref_put(&state->refcount, dc_state_free); + if (state != NULL) + kref_put(&state->refcount, dc_state_free); } /* * dc_state_add_stream() - Add a new dc_stream_state to a dc_state. -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 28/34] drm/amd/display: Implement wait_for_odm_update_pending_complete

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] Odm update is doubled buffered. We need to wait for ODM update to be completed before optimizing bandwidth or programming new udpates. [HOW] implement wait_for_odm_update_pending_complete function to wait for: 1. odm configuration update is no longer pending in timing generator. 2. no pending dpg pattern update for each active OPP. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 56 ++++++++++++++++++- .../gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 +++++ .../gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 + .../drm/amd/display/dc/dcn201/dcn201_opp.c | 1 + .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 4 +- drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 + .../amd/display/dc/inc/hw/timing_generator.h | 1 + .../amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +- .../amd/display/dc/optc/dcn32/dcn32_optc.c | 8 +++ .../amd/display/dc/optc/dcn32/dcn32_optc.h | 1 + 11 files changed, 90 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index e87aad983b40..d8967087335e 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1335,6 +1335,54 @@ static void disable_vbios_mode_if_required( } } +/** + * wait_for_blank_complete - wait for all active OPPs to finish pending blank + * pattern updates + * + * @dc: [in] dc reference + * @context: [in] hardware context in use + */ +static void wait_for_blank_complete(struct dc *dc, + struct dc_state *context) +{ + struct pipe_ctx *opp_head; + struct dce_hwseq *hws = dc->hwseq; + int i; + + if (!hws->funcs.wait_for_blank_complete) + return; + + for (i = 0; i < MAX_PIPES; i++) { + opp_head = &context->res_ctx.pipe_ctx[i]; + + if (!resource_is_pipe_type(opp_head, OPP_HEAD) || + dc_state_get_pipe_subvp_type(context, opp_head) == SUBVP_PHANTOM) + continue; + + hws->funcs.wait_for_blank_complete(opp_head->stream_res.opp); + } +} + +static void wait_for_odm_update_pending_complete(struct dc *dc, struct dc_state *context) +{ + struct pipe_ctx *otg_master; + struct timing_generator *tg; + int i; + + for (i = 0; i < MAX_PIPES; i++) { + otg_master = &context->res_ctx.pipe_ctx[i]; + if (!resource_is_pipe_type(otg_master, OTG_MASTER) || + dc_state_get_pipe_subvp_type(context, otg_master) == SUBVP_PHANTOM) + continue; + tg = otg_master->stream_res.tg; + if (tg->funcs->wait_odm_doublebuffer_pending_clear) + tg->funcs->wait_odm_doublebuffer_pending_clear(tg); + } + + /* ODM update may require to reprogram blank pattern for each OPP */ + wait_for_blank_complete(dc, context); +} + static void wait_for_no_pipes_pending(struct dc *dc, struct dc_state *context) { int i; @@ -2026,6 +2074,11 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c context->stream_count == 0) { /* Must wait for no flips to be pending before doing optimize bw */ wait_for_no_pipes_pending(dc, context); + /* + * optimized dispclk depends on ODM setup. Need to wait for ODM + * update pending complete before optimizing bandwidth. + */ + wait_for_odm_update_pending_complete(dc, context); /* pplib is notified if disp_num changed */ dc->hwss.optimize_bandwidth(dc, context); /* Need to do otg sync again as otg could be out of sync due to otg @@ -3591,7 +3644,7 @@ static void commit_planes_for_stream_fast(struct dc *dc, top_pipe_to_program->stream->update_flags.raw = 0; } -static void wait_for_outstanding_hw_updates(struct dc *dc, const struct dc_state *dc_context) +static void wait_for_outstanding_hw_updates(struct dc *dc, struct dc_state *dc_context) { /* * This function calls HWSS to wait for any potentially double buffered @@ -3629,6 +3682,7 @@ static void wait_for_outstanding_hw_updates(struct dc *dc, const struct dc_state } } } + wait_for_odm_update_pending_complete(dc, dc_context); } static void commit_planes_for_stream(struct dc *dc, diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c index 48a40dcc7050..5838a11efd00 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c @@ -384,6 +384,7 @@ static const struct opp_funcs dcn10_opp_funcs = { .opp_set_disp_pattern_generator = NULL, .opp_program_dpg_dimensions = NULL, .dpg_is_blanked = NULL, + .dpg_is_pending = NULL, .opp_destroy = opp1_destroy }; diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c index 0784d0198661..fbf1b6370eb2 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c @@ -337,6 +337,19 @@ bool opp2_dpg_is_blanked(struct output_pixel_processor *opp) (double_buffer_pending == 0); } +bool opp2_dpg_is_pending(struct output_pixel_processor *opp) +{ + struct dcn20_opp *oppn20 = TO_DCN20_OPP(opp); + uint32_t double_buffer_pending; + uint32_t dpg_en; + + REG_GET(DPG_CONTROL, DPG_EN, &dpg_en); + + REG_GET(DPG_STATUS, DPG_DOUBLE_BUFFER_PENDING, &double_buffer_pending); + + return (dpg_en == 1 && double_buffer_pending == 1); +} + void opp2_program_left_edge_extra_pixel ( struct output_pixel_processor *opp, bool count) @@ -363,6 +376,7 @@ static struct opp_funcs dcn20_opp_funcs = { .opp_set_disp_pattern_generator = opp2_set_disp_pattern_generator, .opp_program_dpg_dimensions = opp2_program_dpg_dimensions, .dpg_is_blanked = opp2_dpg_is_blanked, + .dpg_is_pending = opp2_dpg_is_pending, .opp_dpg_set_blank_color = opp2_dpg_set_blank_color, .opp_destroy = opp1_destroy, .opp_program_left_edge_extra_pixel = opp2_program_left_edge_extra_pixel, diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h index 3ab221bdd27d..8f186abd558d 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h +++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h @@ -159,6 +159,8 @@ void opp2_program_dpg_dimensions( bool opp2_dpg_is_blanked(struct output_pixel_processor *opp); +bool opp2_dpg_is_pending(struct output_pixel_processor *opp); + void opp2_dpg_set_blank_color( struct output_pixel_processor *opp, const struct tg_color *color); diff --git a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c index 8e77db46a409..6a71ba3dfc63 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c +++ b/drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c @@ -50,6 +50,7 @@ static struct opp_funcs dcn201_opp_funcs = { .opp_set_disp_pattern_generator = opp2_set_disp_pattern_generator, .opp_program_dpg_dimensions = opp2_program_dpg_dimensions, .dpg_is_blanked = opp2_dpg_is_blanked, + .dpg_is_pending = opp2_dpg_is_pending, .opp_dpg_set_blank_color = opp2_dpg_set_blank_color, .opp_destroy = opp1_destroy, .opp_program_left_edge_extra_pixel = opp2_program_left_edge_extra_pixel, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index a698f026198c..4dfc2dff5e01 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -2462,7 +2462,7 @@ bool dcn20_wait_for_blank_complete( int counter; for (counter = 0; counter < 1000; counter++) { - if (opp->funcs->dpg_is_blanked(opp)) + if (!opp->funcs->dpg_is_pending(opp)) break; udelay(100); @@ -2473,7 +2473,7 @@ bool dcn20_wait_for_blank_complete( return false; } - return true; + return opp->funcs->dpg_is_blanked(opp); } bool dcn20_dmdata_status_done(struct pipe_ctx *pipe_ctx) diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h b/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h index aee5372e292c..d89c92370d5b 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/opp.h @@ -337,6 +337,9 @@ struct opp_funcs { bool (*dpg_is_blanked)( struct output_pixel_processor *opp); + bool (*dpg_is_pending)(struct output_pixel_processor *opp); + + void (*opp_dpg_set_blank_color)( struct output_pixel_processor *opp, const struct tg_color *color); diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h b/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h index c5527f68f076..cd68ecc242c1 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h @@ -338,6 +338,7 @@ struct timing_generator_funcs { void (*init_odm)(struct timing_generator *tg); void (*wait_drr_doublebuffer_pending_clear)(struct timing_generator *tg); void (*set_long_vtotal)(struct timing_generator *optc, const struct long_vtotal_params *params); + void (*wait_odm_doublebuffer_pending_clear)(struct timing_generator *tg); }; #endif diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h b/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h index 4cfd1ed06777..8a45d26b7531 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h @@ -559,7 +559,8 @@ struct dcn_optc_registers { type OTG_CRC_DATA_STREAM_SPLIT_MODE;\ type OTG_CRC_DATA_FORMAT;\ type OTG_V_TOTAL_LAST_USED_BY_DRR;\ - type OTG_DRR_TIMING_DBUF_UPDATE_PENDING; + type OTG_DRR_TIMING_DBUF_UPDATE_PENDING;\ + type OTG_H_TIMING_DIV_MODE_DB_UPDATE_PENDING; #define TG_REG_FIELD_LIST_DCN3_2(type) \ type OTG_H_TIMING_DIV_MODE_MANUAL; diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c index 823493543325..f07a4c7e48bc 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c @@ -122,6 +122,13 @@ void optc32_get_odm_combine_segments(struct timing_generator *tg, int *odm_combi } } +void optc32_wait_odm_doublebuffer_pending_clear(struct timing_generator *tg) +{ + struct optc *optc1 = DCN10TG_FROM_TG(tg); + + REG_WAIT(OTG_DOUBLE_BUFFER_CONTROL, OTG_H_TIMING_DIV_MODE_DB_UPDATE_PENDING, 0, 2, 50000); +} + void optc32_set_h_timing_div_manual_mode(struct timing_generator *optc, bool manual_mode) { struct optc *optc1 = DCN10TG_FROM_TG(optc); @@ -345,6 +352,7 @@ static struct timing_generator_funcs dcn32_tg_funcs = { .set_odm_bypass = optc32_set_odm_bypass, .set_odm_combine = optc32_set_odm_combine, .get_odm_combine_segments = optc32_get_odm_combine_segments, + .wait_odm_doublebuffer_pending_clear = optc32_wait_odm_doublebuffer_pending_clear, .set_h_timing_div_manual_mode = optc32_set_h_timing_div_manual_mode, .get_optc_source = optc2_get_optc_source, .set_out_mux = optc3_set_out_mux, diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h index 8ce3b178cab0..0c2c14695561 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h @@ -183,5 +183,6 @@ void optc32_set_h_timing_div_manual_mode(struct timing_generator *optc, bool man void optc32_get_odm_combine_segments(struct timing_generator *tg, int *odm_combine_segments); void optc32_set_odm_bypass(struct timing_generator *optc, const struct dc_crtc_timing *dc_crtc_timing); +void optc32_wait_odm_doublebuffer_pending_clear(struct timing_generator *tg); #endif /* __DC_OPTC_DCN32_H__ */ -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 27/34] drm/amd/display: Lock all enabled otg pipes even with no planes

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] On DCN32 we support dynamic ODM even when OTG is blanked. When ODM configuration is dynamically changed and the OTG is on blank pattern, we will need to reprogram OPP's test pattern based on new ODM configuration. Therefore we need to lock the OTG pipe to avoid temporary corruption when we are reprogramming OPP blank patterns. [HOW] Add a new interdependent update lock implementation to lock all enabled OTG pipes even when there is no plane on the OTG for DCN32. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- .../amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 23 +++++++++++++++++++ .../amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 ++ .../amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index b890db0bfc46..c0b526cf1786 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1785,3 +1785,26 @@ void dcn32_prepare_bandwidth(struct dc *dc, context->bw_ctx.bw.dcn.clk.p_state_change_support = p_state_change_support; } } + +void dcn32_interdependent_update_lock(struct dc *dc, + struct dc_state *context, bool lock) +{ + unsigned int i; + struct pipe_ctx *pipe; + struct timing_generator *tg; + + for (i = 0; i < dc->res_pool->pipe_count; i++) { + pipe = &context->res_ctx.pipe_ctx[i]; + tg = pipe->stream_res.tg; + + if (!resource_is_pipe_type(pipe, OTG_MASTER) || + !tg->funcs->is_tg_enabled(tg) || + dc_state_get_pipe_subvp_type(context, pipe) == SUBVP_PHANTOM) + continue; + + if (lock) + dc->hwss.pipe_control_lock(dc, pipe, true); + else + dc->hwss.pipe_control_lock(dc, pipe, false); + } +} diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h index 069e20bc87c0..f55c11fc56ec 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h @@ -129,4 +129,6 @@ bool dcn32_is_pipe_topology_transition_seamless(struct dc *dc, void dcn32_prepare_bandwidth(struct dc *dc, struct dc_state *context); +void dcn32_interdependent_update_lock(struct dc *dc, + struct dc_state *context, bool lock); #endif /* __DC_HWSS_DCN32_H__ */ diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c index 2b073123d3ed..67d661dbd5b7 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c @@ -58,7 +58,7 @@ static const struct hw_sequencer_funcs dcn32_funcs = { .disable_plane = dcn20_disable_plane, .disable_pixel_data = dcn20_disable_pixel_data, .pipe_control_lock = dcn20_pipe_control_lock, - .interdependent_update_lock = dcn10_lock_all_pipes, + .interdependent_update_lock = dcn32_interdependent_update_lock, .cursor_lock = dcn10_cursor_lock, .prepare_bandwidth = dcn32_prepare_bandwidth, .optimize_bandwidth = dcn20_optimize_bandwidth, -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 23/34] drm/amd/display: Amend coasting vtotal for replay low hz

by Alex Hung

From: ChunTao Tso <chuntao.tso(a)amd.com> [WHY] The original coasting vtotal is 2 bytes, and it need to be amended to 4 bytes because low hz case. [HOW] Amend coasting vtotal from 2 bytes to 4 bytes. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: ChunTao Tso <chuntao.tso(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dc_types.h | 4 ++-- drivers/gpu/drm/amd/display/dc/inc/link.h | 4 ++-- .../display/dc/link/protocols/link_edp_panel_control.c | 4 ++-- .../display/dc/link/protocols/link_edp_panel_control.h | 4 ++-- drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 ++++++++ drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 +- drivers/gpu/drm/amd/display/modules/power/power_helpers.h | 2 +- 7 files changed, 18 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dc_types.h b/drivers/gpu/drm/amd/display/dc/dc_types.h index 9900dda2eef5..be2ac5c442a4 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_types.h +++ b/drivers/gpu/drm/amd/display/dc/dc_types.h @@ -1085,9 +1085,9 @@ struct replay_settings { /* SMU optimization is enabled */ bool replay_smu_opt_enable; /* Current Coasting vtotal */ - uint16_t coasting_vtotal; + uint32_t coasting_vtotal; /* Coasting vtotal table */ - uint16_t coasting_vtotal_table[PR_COASTING_TYPE_NUM]; + uint32_t coasting_vtotal_table[PR_COASTING_TYPE_NUM]; /* Maximum link off frame count */ enum replay_link_off_frame_count_level link_off_frame_count_level; /* Replay pseudo vtotal for abm + ips on full screen video which can improve ips residency */ diff --git a/drivers/gpu/drm/amd/display/dc/inc/link.h b/drivers/gpu/drm/amd/display/dc/inc/link.h index 26fe81f213da..bf29fc58ea6a 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/link.h +++ b/drivers/gpu/drm/amd/display/dc/inc/link.h @@ -285,12 +285,12 @@ struct link_service { enum replay_FW_Message_type msg, union dmub_replay_cmd_set *cmd_data); bool (*edp_set_coasting_vtotal)( - struct dc_link *link, uint16_t coasting_vtotal); + struct dc_link *link, uint32_t coasting_vtotal); bool (*edp_replay_residency)(const struct dc_link *link, unsigned int *residency, const bool is_start, const bool is_alpm); bool (*edp_set_replay_power_opt_and_coasting_vtotal)(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal); + const unsigned int *power_opts, uint32_t coasting_vtotal); bool (*edp_wait_for_t12)(struct dc_link *link); bool (*edp_is_ilr_optimization_required)(struct dc_link *link, diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c index acfbbc638cc6..3baa2bdd6dd6 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c @@ -1034,7 +1034,7 @@ bool edp_send_replay_cmd(struct dc_link *link, return true; } -bool edp_set_coasting_vtotal(struct dc_link *link, uint16_t coasting_vtotal) +bool edp_set_coasting_vtotal(struct dc_link *link, uint32_t coasting_vtotal) { struct dc *dc = link->ctx->dc; struct dmub_replay *replay = dc->res_pool->replay; @@ -1073,7 +1073,7 @@ bool edp_replay_residency(const struct dc_link *link, } bool edp_set_replay_power_opt_and_coasting_vtotal(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal) + const unsigned int *power_opts, uint32_t coasting_vtotal) { struct dc *dc = link->ctx->dc; struct dmub_replay *replay = dc->res_pool->replay; diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h index 34e521af7bb4..a158c6234d42 100644 --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h @@ -59,12 +59,12 @@ bool edp_setup_replay(struct dc_link *link, bool edp_send_replay_cmd(struct dc_link *link, enum replay_FW_Message_type msg, union dmub_replay_cmd_set *cmd_data); -bool edp_set_coasting_vtotal(struct dc_link *link, uint16_t coasting_vtotal); +bool edp_set_coasting_vtotal(struct dc_link *link, uint32_t coasting_vtotal); bool edp_replay_residency(const struct dc_link *link, unsigned int *residency, const bool is_start, const bool is_alpm); bool edp_get_replay_state(const struct dc_link *link, uint64_t *state); bool edp_set_replay_power_opt_and_coasting_vtotal(struct dc_link *link, - const unsigned int *power_opts, uint16_t coasting_vtotal); + const unsigned int *power_opts, uint32_t coasting_vtotal); bool edp_wait_for_t12(struct dc_link *link); bool edp_is_ilr_optimization_required(struct dc_link *link, struct dc_crtc_timing *crtc_timing); diff --git a/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h b/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h index 02ad641bd8df..4a650ac571d7 100644 --- a/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h +++ b/drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h @@ -3244,6 +3244,14 @@ struct dmub_cmd_replay_set_coasting_vtotal_data { * Currently the support is only for 0 or 1 */ uint8_t panel_inst; + /** + * 16-bit value dicated by driver that indicates the coasting vtotal high byte part. + */ + uint16_t coasting_vtotal_high; + /** + * Explicit padding to 4 byte boundary. + */ + uint8_t pad[2]; }; /** diff --git a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c index e304e8435fb8..2a3698fd2dc2 100644 --- a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c +++ b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c @@ -975,7 +975,7 @@ bool psr_su_set_dsc_slice_height(struct dc *dc, struct dc_link *link, void set_replay_coasting_vtotal(struct dc_link *link, enum replay_coasting_vtotal_type type, - uint16_t vtotal) + uint32_t vtotal) { link->replay_settings.coasting_vtotal_table[type] = vtotal; } diff --git a/drivers/gpu/drm/amd/display/modules/power/power_helpers.h b/drivers/gpu/drm/amd/display/modules/power/power_helpers.h index bef4815e1703..ff7e6f3cd6be 100644 --- a/drivers/gpu/drm/amd/display/modules/power/power_helpers.h +++ b/drivers/gpu/drm/amd/display/modules/power/power_helpers.h @@ -56,7 +56,7 @@ bool dmub_init_abm_config(struct resource_pool *res_pool, void init_replay_config(struct dc_link *link, struct replay_config *pr_config); void set_replay_coasting_vtotal(struct dc_link *link, enum replay_coasting_vtotal_type type, - uint16_t vtotal); + uint32_t vtotal); void set_replay_ips_full_screen_video_src_vtotal(struct dc_link *link, uint16_t vtotal); void calculate_replay_link_off_frame_count(struct dc_link *link, uint16_t vtotal, uint16_t htotal); -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 22/34] drm/amd/display: Add left edge pixel for YCbCr422/420 + ODM pipe split

by Alex Hung

From: George Shen <george.shen(a)amd.com> [WHY] Currently 3-tap chroma subsampling is used for YCbCr422/420. When ODM pipesplit is used, pixels on the left edge of ODM slices need one extra pixel from the right edge of the previous slice to calculate the correct chroma value. Without this change, the chroma value is slightly different than expected. This is usually imperceptible visually, but it impacts test pattern CRCs for compliance test automation. [HOW] Update logic to use the register for adding extra left edge pixel for YCbCr422/420 ODM cases. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 ++ .../gpu/drm/amd/display/dc/core/dc_resource.c | 37 +++++++++++++++++++ .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 10 +++++ .../gpu/drm/amd/display/dc/inc/core_types.h | 2 + drivers/gpu/drm/amd/display/dc/inc/resource.h | 4 ++ 5 files changed, 57 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index acd8f1257ade..ed6579633a58 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3147,6 +3147,10 @@ static bool update_planes_and_stream_state(struct dc *dc, if (otg_master && otg_master->stream->test_pattern.type != DP_TEST_PATTERN_VIDEO_MODE) resource_build_test_pattern_params(&context->res_ctx, otg_master); + + if (otg_master && (otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)) + resource_build_subsampling_params(&context->res_ctx, otg_master); } } diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 1b7765bc5e5e..96ea283bd169 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -822,6 +822,16 @@ static struct rect calculate_odm_slice_in_timing_active(struct pipe_ctx *pipe_ct stream->timing.v_border_bottom + stream->timing.v_border_top; + /* Recout for ODM slices after the first slice need one extra left edge pixel + * for 3-tap chroma subsampling. + */ + if (odm_slice_idx > 0 && + (pipe_ctx->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + pipe_ctx->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)) { + odm_rec.x -= 1; + odm_rec.width += 1; + } + return odm_rec; } @@ -1438,6 +1448,7 @@ void resource_build_test_pattern_params(struct resource_context *res_ctx, enum controller_dp_test_pattern controller_test_pattern; enum controller_dp_color_space controller_color_space; enum dc_color_depth color_depth = otg_master->stream->timing.display_color_depth; + enum dc_pixel_encoding pixel_encoding = otg_master->stream->timing.pixel_encoding; int h_active = otg_master->stream->timing.h_addressable + otg_master->stream->timing.h_border_left + otg_master->stream->timing.h_border_right; @@ -1469,10 +1480,36 @@ void resource_build_test_pattern_params(struct resource_context *res_ctx, else params->width = last_odm_slice_width; + /* Extra left edge pixel is required for 3-tap chroma subsampling. */ + if (i != 0 && (pixel_encoding == PIXEL_ENCODING_YCBCR422 || + pixel_encoding == PIXEL_ENCODING_YCBCR420)) { + params->offset -= 1; + params->width += 1; + } + offset += odm_slice_width; } } +void resource_build_subsampling_params(struct resource_context *res_ctx, + struct pipe_ctx *otg_master) +{ + struct pipe_ctx *opp_heads[MAX_PIPES]; + int odm_cnt = 1; + int i; + + odm_cnt = resource_get_opp_heads_for_otg_master(otg_master, res_ctx, opp_heads); + + /* For ODM slices after the first slice, extra left edge pixel is required + * for 3-tap chroma subsampling. + */ + if (otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR422 || + otg_master->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420) { + for (i = 0; i < odm_cnt; i++) + opp_heads[i]->stream_res.left_edge_extra_pixel = (i == 0) ? false : true; + } +} + bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) { const struct dc_plane_state *plane_state = pipe_ctx->plane_state; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index 40098d9f70cb..a698f026198c 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -1579,6 +1579,11 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, if (old_pipe->stream_res.tg != new_pipe->stream_res.tg) new_pipe->update_flags.bits.tg_changed = 1; + if (resource_is_pipe_type(new_pipe, OPP_HEAD)) { + if (old_pipe->stream_res.left_edge_extra_pixel != new_pipe->stream_res.left_edge_extra_pixel) + new_pipe->update_flags.bits.opp_changed = 1; + } + /* * Detect mpcc blending changes, only dpp inst and opp matter here, * mpccs getting removed/inserted update connected ones during their own @@ -1962,6 +1967,11 @@ static void dcn20_program_pipe( pipe_ctx->stream_res.opp, &pipe_ctx->stream->bit_depth_params, &pipe_ctx->stream->clamping); + + if (resource_is_pipe_type(pipe_ctx, OPP_HEAD)) + pipe_ctx->stream_res.opp->funcs->opp_program_left_edge_extra_pixel( + pipe_ctx->stream_res.opp, + pipe_ctx->stream_res.left_edge_extra_pixel); } /* Set ABM pipe after other pipe configurations done */ diff --git a/drivers/gpu/drm/amd/display/dc/inc/core_types.h b/drivers/gpu/drm/amd/display/dc/inc/core_types.h index b1b72e688f74..e034cbb40620 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/core_types.h +++ b/drivers/gpu/drm/amd/display/dc/inc/core_types.h @@ -333,6 +333,8 @@ struct stream_resource { uint8_t gsl_group; struct test_pattern_params test_pattern_params; + + bool left_edge_extra_pixel; }; struct plane_resource { diff --git a/drivers/gpu/drm/amd/display/dc/inc/resource.h b/drivers/gpu/drm/amd/display/dc/inc/resource.h index 77a60aa9f27b..b14d52e52fa2 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/resource.h +++ b/drivers/gpu/drm/amd/display/dc/inc/resource.h @@ -107,6 +107,10 @@ void resource_build_test_pattern_params( struct resource_context *res_ctx, struct pipe_ctx *pipe_ctx); +void resource_build_subsampling_params( + struct resource_context *res_ctx, + struct pipe_ctx *pipe_ctx); + bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx); enum dc_status resource_build_scaling_params_for_context( -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 18/34] drm/amd/display: Fix idle check for shared firmware state

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [WHY] We still had an instance of get_idle_state checking the PMFW scratch register instead of the actual idle allow signal. [HOW] Replace it with the SW state check for whether we had allowed idle through notify_idle. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Duncan Ma <duncan.ma(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index daf6c7fe0906..acd8f1257ade 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -4884,22 +4884,16 @@ void dc_exit_ips_for_hw_access_internal(struct dc *dc, const char *caller_name) bool dc_dmub_is_ips_idle_state(struct dc *dc) { - uint32_t idle_state = 0; - if (dc->debug.disable_idle_power_optimizations) return false; if (!dc->caps.ips_support || (dc->config.disable_ips == DMUB_IPS_DISABLE_ALL)) return false; - if (dc->hwss.get_idle_state) - idle_state = dc->hwss.get_idle_state(dc); - - if (!(idle_state & DMUB_IPS1_ALLOW_MASK) || - !(idle_state & DMUB_IPS2_ALLOW_MASK)) - return true; + if (!dc->ctx->dmub_srv) + return false; - return false; + return dc->ctx->dmub_srv->idle_allowed; } /* set min and max memory clock to lowest and highest DPM level, respectively */ -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 17/34] drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane

by Alex Hung

From: Wenjing Liu <wenjing.liu(a)amd.com> [WHY] When committing an update with ODM combine change when the plane is removing or already removed, we fail to detect odm change in pipe update flags. This has caused mismatch between new dc state and the actual hardware state, because we missed odm programming. [HOW] - Detect odm change even for otg master pipe without a plane. - Update odm config before calling program pipes for pipe with planes. The commit also updates blank pattern programming when odm is changed without plane. This is because number of OPP is changed when ODM combine is changed. Blank pattern is per OPP so we will need to reprogram OPP based on the new pipe topology. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- .../amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 41 ++++++++++--------- .../amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 7 ++++ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c index c55d5155ecb9..40098d9f70cb 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c @@ -1498,6 +1498,11 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, return; } + if (resource_is_pipe_type(new_pipe, OTG_MASTER) && + resource_is_odm_topology_changed(new_pipe, old_pipe)) + /* Detect odm changes */ + new_pipe->update_flags.bits.odm = 1; + /* Exit on unchanged, unused pipe */ if (!old_pipe->plane_state && !new_pipe->plane_state) return; @@ -1551,10 +1556,6 @@ static void dcn20_detect_pipe_changes(struct dc_state *old_state, /* Detect top pipe only changes */ if (resource_is_pipe_type(new_pipe, OTG_MASTER)) { - /* Detect odm changes */ - if (resource_is_odm_topology_changed(new_pipe, old_pipe)) - new_pipe->update_flags.bits.odm = 1; - /* Detect global sync changes */ if (old_pipe->pipe_dlg_param.vready_offset != new_pipe->pipe_dlg_param.vready_offset || old_pipe->pipe_dlg_param.vstartup_start != new_pipe->pipe_dlg_param.vstartup_start @@ -1999,19 +2000,20 @@ void dcn20_program_front_end_for_ctx( DC_LOGGER_INIT(dc->ctx->logger); unsigned int prev_hubp_count = 0; unsigned int hubp_count = 0; + struct pipe_ctx *pipe; if (resource_is_pipe_topology_changed(dc->current_state, context)) resource_log_pipe_topology_update(dc, context); if (dc->hwss.program_triplebuffer != NULL && dc->debug.enable_tri_buf) { for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; + pipe = &context->res_ctx.pipe_ctx[i]; - if (!pipe_ctx->top_pipe && !pipe_ctx->prev_odm_pipe && pipe_ctx->plane_state) { - ASSERT(!pipe_ctx->plane_state->triplebuffer_flips); + if (!pipe->top_pipe && !pipe->prev_odm_pipe && pipe->plane_state) { + ASSERT(!pipe->plane_state->triplebuffer_flips); /*turn off triple buffer for full update*/ dc->hwss.program_triplebuffer( - dc, pipe_ctx, pipe_ctx->plane_state->triplebuffer_flips); + dc, pipe, pipe->plane_state->triplebuffer_flips); } } } @@ -2085,12 +2087,22 @@ void dcn20_program_front_end_for_ctx( DC_LOG_DC("Reset mpcc for pipe %d\n", dc->current_state->res_ctx.pipe_ctx[i].pipe_idx); } + /* update ODM for blanked OTG master pipes */ + for (i = 0; i < dc->res_pool->pipe_count; i++) { + pipe = &context->res_ctx.pipe_ctx[i]; + if (resource_is_pipe_type(pipe, OTG_MASTER) && + !resource_is_pipe_type(pipe, DPP_PIPE) && + pipe->update_flags.bits.odm && + hws->funcs.update_odm) + hws->funcs.update_odm(dc, context, pipe); + } + /* * Program all updated pipes, order matters for mpcc setup. Start with * top pipe and program all pipes that follow in order */ for (i = 0; i < dc->res_pool->pipe_count; i++) { - struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i]; + pipe = &context->res_ctx.pipe_ctx[i]; if (pipe->plane_state && !pipe->top_pipe) { while (pipe) { @@ -2129,17 +2141,6 @@ void dcn20_program_front_end_for_ctx( context->stream_status[0].plane_count > 1) { pipe->plane_res.hubp->funcs->hubp_wait_pipe_read_start(pipe->plane_res.hubp); } - - /* when dynamic ODM is active, pipes must be reconfigured when all planes are - * disabled, as some transitions will leave software and hardware state - * mismatched. - */ - if (dc->debug.enable_single_display_2to1_odm_policy && - pipe->stream && - pipe->update_flags.bits.disable && - !pipe->prev_odm_pipe && - hws->funcs.update_odm) - hws->funcs.update_odm(dc, context, pipe); } } diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index aa36d7a56ca8..b890db0bfc46 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1156,6 +1156,13 @@ void dcn32_update_odm(struct dc *dc, struct dc_state *context, struct pipe_ctx * dsc->funcs->dsc_disconnect(dsc); } } + + if (!resource_is_pipe_type(pipe_ctx, DPP_PIPE)) + /* + * blank pattern is generated by OPP, reprogram blank pattern + * due to OPP count change + */ + dc->hwseq->funcs.blank_pixel_data(dc, pipe_ctx, true); } unsigned int dcn32_calculate_dccg_k1_k2_values(struct pipe_ctx *pipe_ctx, unsigned int *k1_div, unsigned int *k2_div) -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 16/34] drm/amd/display: Init DPPCLK from SMU on dcn32

by Alex Hung

From: Dillon Varone <dillon.varone(a)amd.com> [WHY & HOW] DPPCLK ranges should be obtained from the SMU when available. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> --- .../display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++++++++++ .../drm/amd/display/dc/dml2/dml2_wrapper.c | 28 +++++++++++++------ .../drm/amd/display/dc/dml2/dml2_wrapper.h | 3 ++ .../dc/resource/dcn32/dcn32_resource.c | 2 ++ .../dc/resource/dcn321/dcn321_resource.c | 2 ++ 5 files changed, 41 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c index 668f05c8654e..bec252e1dd27 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c @@ -216,6 +216,16 @@ void dcn32_init_clocks(struct clk_mgr *clk_mgr_base) if (clk_mgr_base->bw_params->dc_mode_limit.dispclk_mhz > 1950) clk_mgr_base->bw_params->dc_mode_limit.dispclk_mhz = 1950; + /* DPPCLK */ + dcn32_init_single_clock(clk_mgr, PPCLK_DPPCLK, + &clk_mgr_base->bw_params->clk_table.entries[0].dppclk_mhz, + &num_entries_per_clk->num_dppclk_levels); + num_levels = num_entries_per_clk->num_dppclk_levels; + clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz = dcn30_smu_get_dc_mode_max_dpm_freq(clk_mgr, PPCLK_DPPCLK); + //HW recommends limit of 1950 MHz in display clock for all DCN3.2.x + if (clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz > 1950) + clk_mgr_base->bw_params->dc_mode_limit.dppclk_mhz = 1950; + if (num_entries_per_clk->num_dcfclk_levels && num_entries_per_clk->num_dtbclk_levels && num_entries_per_clk->num_dispclk_levels) @@ -240,6 +250,10 @@ void dcn32_init_clocks(struct clk_mgr *clk_mgr_base) = khz_to_mhz_ceil(clk_mgr_base->ctx->dc->debug.min_dpp_clk_khz); } + for (i = 0; i < num_levels; i++) + if (clk_mgr_base->bw_params->clk_table.entries[i].dppclk_mhz > 1950) + clk_mgr_base->bw_params->clk_table.entries[i].dppclk_mhz = 1950; + /* Get UCLK, update bounding box */ clk_mgr_base->funcs->get_memclk_states_from_smu(clk_mgr_base); diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c index 2a58a7687bdb..72cca367062e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c @@ -703,13 +703,8 @@ static inline struct dml2_context *dml2_allocate_memory(void) return (struct dml2_context *) kzalloc(sizeof(struct dml2_context), GFP_KERNEL); } -bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) +static void dml2_init(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) { - // Allocate Mode Lib Ctx - *dml2 = dml2_allocate_memory(); - - if (!(*dml2)) - return false; // Store config options (*dml2)->config = *config; @@ -737,9 +732,18 @@ bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options initialize_dml2_soc_bbox(*dml2, in_dc, &(*dml2)->v20.dml_core_ctx.soc); initialize_dml2_soc_states(*dml2, in_dc, &(*dml2)->v20.dml_core_ctx.soc, &(*dml2)->v20.dml_core_ctx.states); +} + +bool dml2_create(const struct dc *in_dc, const struct dml2_configuration_options *config, struct dml2_context **dml2) +{ + // Allocate Mode Lib Ctx + *dml2 = dml2_allocate_memory(); + + if (!(*dml2)) + return false; + + dml2_init(in_dc, config, dml2); - /*Initialize DML20 instance which calls dml2_core_create, and core_dcn3_populate_informative*/ - //dml2_initialize_instance(&(*dml_ctx)->v20.dml_init); return true; } @@ -779,3 +783,11 @@ bool dml2_create_copy(struct dml2_context **dst_dml2, return true; } + +void dml2_reinit(const struct dc *in_dc, + const struct dml2_configuration_options *config, + struct dml2_context **dml2) +{ + + dml2_init(in_dc, config, dml2); +} diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h index ee0eb184eb6d..cc662d682fd4 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h @@ -214,6 +214,9 @@ void dml2_copy(struct dml2_context *dst_dml2, struct dml2_context *src_dml2); bool dml2_create_copy(struct dml2_context **dst_dml2, struct dml2_context *src_dml2); +void dml2_reinit(const struct dc *in_dc, + const struct dml2_configuration_options *config, + struct dml2_context **dml2); /* * dml2_validate - Determines if a display configuration is supported or not. diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index f844f57ecc49..ce1754cc1f46 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1931,6 +1931,8 @@ static void dcn32_update_bw_bounding_box(struct dc *dc, struct clk_bw_params *bw { DC_FP_START(); dcn32_update_bw_bounding_box_fpu(dc, bw_params); + if (dc->debug.using_dml2 && dc->current_state && dc->current_state->bw_ctx.dml2) + dml2_reinit(dc, &dc->dml2_options, &dc->current_state->bw_ctx.dml2); DC_FP_END(); } diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c index b356fed1726d..296a0a8e7145 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c @@ -1581,6 +1581,8 @@ static void dcn321_update_bw_bounding_box(struct dc *dc, struct clk_bw_params *b { DC_FP_START(); dcn321_update_bw_bounding_box_fpu(dc, bw_params); + if (dc->debug.using_dml2 && dc->current_state && dc->current_state->bw_ctx.dml2) + dml2_reinit(dc, &dc->dml2_options, &dc->current_state->bw_ctx.dml2); DC_FP_END(); } -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 15/34] drm/amd/display: Add monitor patch for specific eDP

by Alex Hung

From: Ryan Lin <tsung-hua.lin(a)amd.com> [WHY] Some eDP panels' ext caps don't write initial values. The value of dpcd_addr (0x317) can be random and the backlight control interface will be incorrect. [HOW] Add new panel patches to remove sink ext caps. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.5.x Cc: Tsung-hua Lin <tsung-hua.lin(a)amd.com> Cc: Chris Chi <moukong.chi(a)amd.com> Reviewed-by: Wayne Lin <wayne.lin(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ryan Lin <tsung-hua.lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index 85b7f58a7f35..c27063305a13 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -67,6 +67,8 @@ static void apply_edid_quirks(struct edid *edid, struct dc_edid_caps *edid_caps) /* Workaround for some monitors that do not clear DPCD 0x317 if FreeSync is unsupported */ case drm_edid_encode_panel_id('A', 'U', 'O', 0xA7AB): case drm_edid_encode_panel_id('A', 'U', 'O', 0xE69B): + case drm_edid_encode_panel_id('B', 'O', 'E', 0x092A): + case drm_edid_encode_panel_id('L', 'G', 'D', 0x06D1): DRM_DEBUG_DRIVER("Clearing DPCD 0x317 on monitor with panel id %X\n", panel_id); edid_caps->panel_patch.remove_sink_ext_caps = true; break; @@ -120,6 +122,8 @@ enum dc_edid_status dm_helpers_parse_edid_caps( edid_caps->edid_hdmi = connector->display_info.is_hdmi; + apply_edid_quirks(edid_buf, edid_caps); + sad_count = drm_edid_to_sad((struct edid *) edid->raw_edid, &sads); if (sad_count <= 0) return result; @@ -146,8 +150,6 @@ enum dc_edid_status dm_helpers_parse_edid_caps( else edid_caps->speaker_flags = DEFAULT_SPEAKER_LOCATION; - apply_edid_quirks(edid_buf, edid_caps); - kfree(sads); kfree(sadb); -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 11/34] drm/amd/display: Exit idle optimizations before HDCP execution

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc..9a5a1726acaf 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e..cdb17b093f2b 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 08/34] drm/amd/display: Allow dirty rects to be sent to dmub when abm is active

by Alex Hung

From: Josip Pavic <josip.pavic(a)amd.com> [WHY] It's beneficial for ABM to know when new frame data are available. [HOW] Add new condition to allow dirty rects to be sent to DMUB when ABM is active. ABM will use this as a signal that a new frame has arrived. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Anthony Koo <anthony.koo(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Josip Pavic <josip.pavic(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 5211c1c0f3c0..613d09c42f3b 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3270,6 +3270,9 @@ static bool dc_dmub_should_send_dirty_rect_cmd(struct dc *dc, struct dc_stream_s if (stream->link->replay_settings.config.replay_supported) return true; + if (stream->ctx->dce_version >= DCN_VERSION_3_5 && stream->abm_level) + return true; + return false; } -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 06/34] drm/amd/display: Override min required DCFCLK in dml1_validate

by Alex Hung

From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> [WHY]: Increasing min DCFCLK addresses underflow issues that occur when phantom pipe is turned on for some Sub-Viewport configs [HOW]: dcn32_override_min_req_dcfclk is added to override DCFCLK value in dml1_validate when subviewport is being used. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> --- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 ++++++ .../gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 1 + .../gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h | 3 +++ 3 files changed, 10 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c index 87760600e154..f98def6c8c2d 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c @@ -782,3 +782,9 @@ void dcn32_update_dml_pipes_odm_policy_based_on_context(struct dc *dc, struct dc pipe_cnt++; } } + +void dcn32_override_min_req_dcfclk(struct dc *dc, struct dc_state *context) +{ + if (dcn32_subvp_in_use(dc, context) && context->bw_ctx.bw.dcn.clk.dcfclk_khz <= MIN_SUBVP_DCFCLK_KHZ) + context->bw_ctx.bw.dcn.clk.dcfclk_khz = MIN_SUBVP_DCFCLK_KHZ; +} diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index 3f3951f3ba98..f844f57ecc49 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1771,6 +1771,7 @@ static bool dml1_validate(struct dc *dc, struct dc_state *context, bool fast_val dc->res_pool->funcs->calculate_wm_and_dlg(dc, context, pipes, pipe_cnt, vlevel); dcn32_override_min_req_memclk(dc, context); + dcn32_override_min_req_dcfclk(dc, context); BW_VAL_TRACE_END_WATERMARKS(); diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h index 0c87b0fabba7..2258c5c7212d 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h @@ -42,6 +42,7 @@ #define SUBVP_ACTIVE_MARGIN_LIST_LEN 2 #define DCN3_2_MAX_SUBVP_PIXEL_RATE_MHZ 1800 #define DCN3_2_VMIN_DISPCLK_HZ 717000000 +#define MIN_SUBVP_DCFCLK_KHZ 400000 #define TO_DCN32_RES_POOL(pool)\ container_of(pool, struct dcn32_resource_pool, base) @@ -181,6 +182,8 @@ bool dcn32_subvp_vblank_admissable(struct dc *dc, struct dc_state *context, int void dcn32_update_dml_pipes_odm_policy_based_on_context(struct dc *dc, struct dc_state *context, display_e2e_pipe_params_st *pipes); +void dcn32_override_min_req_dcfclk(struct dc *dc, struct dc_state *context); + /* definitions for run time init of reg offsets */ /* CLK SRC */ -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 05/34] drm/amd/display: Set DCN351 BB and IP the same as DCN35

by Alex Hung

From: Xi Liu <xi.liu(a)amd.com> [WHY & HOW] DCN351 and DCN35 should use the same bounding box and IP settings. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Xi Liu <xi.liu(a)amd.com> --- .../gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c index 17a58f41fc6a..a20f28a5d2e7 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c @@ -228,17 +228,13 @@ void dml2_init_socbb_params(struct dml2_context *dml2, const struct dc *in_dc, s break; case dml_project_dcn35: + case dml_project_dcn351: out->num_chans = 4; out->round_trip_ping_latency_dcfclk_cycles = 106; out->smn_latency_us = 2; out->dispclk_dppclk_vco_speed_mhz = 3600; break; - case dml_project_dcn351: - out->num_chans = 16; - out->round_trip_ping_latency_dcfclk_cycles = 1100; - out->smn_latency_us = 2; - break; } /* ---Overrides if available--- */ if (dml2->config.bbox_overrides.dram_num_chan) -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 01/34] drm/amd/display: Change default size for dummy plane in DML2

by Alex Hung

From: Swapnil Patel <swapnil.patel(a)amd.com> [WHY & HOW] Currently, to map dc states into dml_display_cfg, We create a dummy plane if the stream doesn't have any planes attached to it. This dummy plane uses max addersable width height. This results in certain mode validations failing when they shouldn't. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Swapnil Patel <swapnil.patel(a)amd.com> --- .../display/dc/dml2/dml2_translation_helper.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c index 1ba6933d2b36..17a58f41fc6a 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c @@ -824,13 +824,25 @@ static struct scaler_data get_scaler_data_for_plane(const struct dc_plane_state static void populate_dummy_dml_plane_cfg(struct dml_plane_cfg_st *out, unsigned int location, const struct dc_stream_state *in) { + dml_uint_t width, height; + + if (in->timing.h_addressable > 3840) + width = 3840; + else + width = in->timing.h_addressable; // 4K max + + if (in->timing.v_addressable > 2160) + height = 2160; + else + height = in->timing.v_addressable; // 4K max + out->CursorBPP[location] = dml_cur_32bit; out->CursorWidth[location] = 256; out->GPUVMMinPageSizeKBytes[location] = 256; - out->ViewportWidth[location] = in->timing.h_addressable; - out->ViewportHeight[location] = in->timing.v_addressable; + out->ViewportWidth[location] = width; + out->ViewportHeight[location] = height; out->ViewportStationary[location] = false; out->ViewportWidthChroma[location] = 0; out->ViewportHeightChroma[location] = 0; @@ -849,7 +861,7 @@ static void populate_dummy_dml_plane_cfg(struct dml_plane_cfg_st *out, unsigned out->HTapsChroma[location] = 0; out->VTapsChroma[location] = 0; out->SourceScan[location] = dml_rotation_0; - out->ScalerRecoutWidth[location] = in->timing.h_addressable; + out->ScalerRecoutWidth[location] = width; out->LBBitPerPixel[location] = 57; -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 4.19 00/52] 4.19.308-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.308 release. There are 52 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Feb 2024 13:15:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.308-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.308-rc1 Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: Fix xdp_md forward declaration typo Bart Van Assche <bvanassche(a)acm.org> fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Vidya Sagar <vidyas(a)nvidia.com> PCI/MSI: Prevent MSI hardware interrupt number truncation Jason Gunthorpe <jgg(a)nvidia.com> s390: use the correct count for __iowrite64_copy() Wolfram Sang <wsa+renesas(a)sang-engineering.com> packet: move from strlcpy with unused retval to strscpy Vasiliy Kovalev <kovalev(a)altlinux.org> ipv6: sr: fix possible use-after-free and null-ptr-deref Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warnings Randy Dunlap <rdunlap(a)infradead.org> scsi: jazz_esp: Only build if SCSI core is builtin Gianmarco Lusvardi <glusvardi(a)posteo.net> bpf, scripts: Correct GPL license name Andrii Nakryiko <andriin(a)fb.com> scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions Arnd Bergmann <arnd(a)arndb.de> RDMA/srpt: fix function pointer cast warnings Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Make debug output more detailed Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/ulp: Use dev_name instead of ibdev->name Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Return error for SRQ resize Zhipeng Lu <alexious(a)zju.edu.cn> IB/hfi1: Fix a memleak in init_credit_return Xu Yang <xu.yang_2(a)nxp.com> usb: roles: don't get/set_role() when usb_role_switch is unregistered Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Nikita Shubin <nikita.shubin(a)maquefel.me> ARM: ep93xx: Add terminator to gpiod_lookup_table Tom Parkin <tparkin(a)katalix.com> l2tp: pass correct message length to ip6_append_data Vasiliy Kovalev <kovalev(a)altlinux.org> gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt: don't modify the data when using authenticated encryption Roman Gushchin <guro(a)fb.com> mm: memcontrol: switch to rcu protection in drain_all_stock() Daniel Vacek <neelx(a)redhat.com> IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Yi Sun <yi.sun(a)unisoc.com> virtio-blk: Ensure no requests in virtqueues before deleting vqs. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: send bus reset promptly on gap count error Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Enlarge per package core count limit Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> regulator: pwm-regulator: Add validity checks in continuous .get_voltage Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Baokun Li <libaokun1(a)huawei.com> ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1166: correct count of reported ports Fullway Wang <fullwaywang(a)outlook.com> fbdev: sis: Error out if pixclock equals zero Fullway Wang <fullwaywang(a)outlook.com> fbdev: savage: Error out if pixclock equals zero Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: fix race condition on enabling fast-xmit Michal Kazior <michal(a)plume.com> wifi: cfg80211: fix missing interfaces when dumping Vinod Koul <vkoul(a)kernel.org> dmaengine: shdma: increase size of 'dev_id' Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: core: Add TMF to tmr_list handling Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Disallow writing invalid values to sched_rt_period_us Cyril Hrubis <chrubis(a)suse.cz> sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Cyril Hrubis <chrubis(a)suse.cz> sched/rt: Fix sysctl_sched_rr_timeslice intial value Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests GONG, Ruiqi <gongruiqi1(a)huawei.com> memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Aaro Koskinen <aaro.koskinen(a)nokia.com> net: stmmac: fix notifier registration Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> stmmac: no need to check return value of debugfs_create functions Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire dsmark qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire ATM qdisc Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire CBQ qdisc ------------- Diffstat: Makefile | 4 +- arch/arm/mach-ep93xx/core.c | 1 + arch/s390/pci/pci.c | 2 +- drivers/ata/ahci.c | 5 + drivers/block/virtio_blk.c | 7 +- drivers/dma/sh/shdma.h | 2 +- drivers/firewire/core-card.c | 18 +- drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c | 8 +- drivers/hwmon/coretemp.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 6 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 +- drivers/infiniband/ulp/iser/iser_verbs.c | 9 +- drivers/infiniband/ulp/isert/ib_isert.c | 2 +- drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c | 3 +- drivers/infiniband/ulp/srp/ib_srp.c | 10 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 52 +- drivers/md/dm-crypt.c | 6 + drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 65 +- drivers/net/gtp.c | 10 +- drivers/pci/msi.c | 2 +- drivers/regulator/pwm-regulator.c | 3 + drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/Kconfig | 2 +- drivers/soc/renesas/r8a77980-sysc.c | 3 +- drivers/target/target_core_device.c | 5 - drivers/target/target_core_transport.c | 4 + drivers/usb/gadget/function/f_ncm.c | 10 +- drivers/usb/roles/class.c | 12 +- drivers/video/fbdev/savage/savagefb_driver.c | 3 + drivers/video/fbdev/sis/sis_main.c | 2 + fs/aio.c | 9 +- fs/ext4/mballoc.c | 13 +- fs/nilfs2/dat.c | 27 +- include/linux/fs.h | 2 + include/rdma/rdma_vt.h | 2 +- kernel/sched/rt.c | 10 +- kernel/sysctl.c | 5 + mm/memcontrol.c | 23 +- mm/userfaultfd.c | 14 +- net/ipv6/seg6.c | 20 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/sta_info.c | 2 + net/mac80211/tx.c | 2 +- net/packet/af_packet.c | 4 +- net/sched/Kconfig | 42 - net/sched/Makefile | 3 - net/sched/sch_atm.c | 708 -------- net/sched/sch_cbq.c | 1823 --------------------- net/sched/sch_dsmark.c | 519 ------ net/wireless/nl80211.c | 1 + scripts/bpf_helpers_doc.py | 157 +- virt/kvm/arm/vgic/vgic-its.c | 5 + 55 files changed, 412 insertions(+), 3259 deletions(-)

1 year, 6 months

6
57
0 0

FAILED: patch "[PATCH] mptcp: fix duplicate subflow creation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 045e9d812868a2d80b7a57b224ce8009444b7bbc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022602-extended-buffer-5cf7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 045e9d812868 ("mptcp: fix duplicate subflow creation") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") bedee0b56113 ("mptcp: address lookup improvements") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") aaa25a2fa796 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 045e9d812868a2d80b7a57b224ce8009444b7bbc Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:33 +0100 Subject: [PATCH] mptcp: fix duplicate subflow creation Fullmesh endpoints could end-up unexpectedly generating duplicate subflows - same local and remote addresses - when multiple incoming ADD_ADDR are processed before the PM creates the subflow for the local endpoints. Address the issue explicitly checking for duplicates at subflow creation time. To avoid a quadratic computational complexity, track the unavailable remote address ids in a temporary bitmap and initialize such bitmap with the remote ids of all the existing subflows matching the local address currently processed. The above allows additionally replacing the existing code checking for duplicate entry in the current set with a simple bit test operation. Fixes: 2843ff6f36db ("mptcp: remote addresses fullmesh") Cc: stable(a)vger.kernel.org Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/435 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed6983af1ab2..58d17d9604e7 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -396,19 +396,6 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) } } -static bool lookup_address_in_vec(const struct mptcp_addr_info *addrs, unsigned int nr, - const struct mptcp_addr_info *addr) -{ - int i; - - for (i = 0; i < nr; i++) { - if (addrs[i].id == addr->id) - return true; - } - - return false; -} - /* Fill all the remote addresses into the array addrs[], * and return the array size. */ @@ -440,6 +427,16 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, msk->pm.subflows++; addrs[i++] = remote; } else { + DECLARE_BITMAP(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + + /* Forbid creation of new subflows matching existing + * ones, possibly already created by incoming ADD_ADDR + */ + bitmap_zero(unavail_id, MPTCP_PM_MAX_ADDR_ID + 1); + mptcp_for_each_subflow(msk, subflow) + if (READ_ONCE(subflow->local_id) == local->id) + __set_bit(subflow->remote_id, unavail_id); + mptcp_for_each_subflow(msk, subflow) { ssk = mptcp_subflow_tcp_sock(subflow); remote_address((struct sock_common *)ssk, &addrs[i]); @@ -447,11 +444,17 @@ static unsigned int fill_remote_addresses_vec(struct mptcp_sock *msk, if (deny_id0 && !addrs[i].id) continue; + if (test_bit(addrs[i].id, unavail_id)) + continue; + if (!mptcp_pm_addr_families_match(sk, local, &addrs[i])) continue; - if (!lookup_address_in_vec(addrs, i, &addrs[i]) && - msk->pm.subflows < subflows_max) { + if (msk->pm.subflows < subflows_max) { + /* forbid creating multiple address towards + * this id + */ + __set_bit(addrs[i].id, unavail_id); msk->pm.subflows++; i++; }

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: fix data races on local_id" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a7cfe776637004a4c938fde78be4bd608c32c3ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022610-approval-winking-e3d7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7cfe776637004a4c938fde78be4bd608c32c3ef Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Thu, 15 Feb 2024 19:25:31 +0100 Subject: [PATCH] mptcp: fix data races on local_id The local address id is accessed lockless by the NL PM, add all the required ONCE annotation. There is a caveat: the local id can be initialized late in the subflow life-cycle, and its validity is controlled by the local_id_valid flag. Remove such flag and encode the validity in the local_id field itself with negative value before initialization. That allows accessing the field consistently with a single read operation. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/diag.c b/net/mptcp/diag.c index e57c5f47f035..6ff6f14674aa 100644 --- a/net/mptcp/diag.c +++ b/net/mptcp/diag.c @@ -65,7 +65,7 @@ static int subflow_get_info(struct sock *sk, struct sk_buff *skb) sf->map_data_len) || nla_put_u32(skb, MPTCP_SUBFLOW_ATTR_FLAGS, flags) || nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_REM, sf->remote_id) || - nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, sf->local_id)) { + nla_put_u8(skb, MPTCP_SUBFLOW_ATTR_ID_LOC, subflow_get_local_id(sf))) { err = -EMSGSIZE; goto nla_failure; } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a24c9128dee9..912e25077437 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -800,7 +800,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_for_each_subflow_safe(msk, subflow, tmp) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); int how = RCV_SHUTDOWN | SEND_SHUTDOWN; - u8 id = subflow->local_id; + u8 id = subflow_get_local_id(subflow); if (rm_type == MPTCP_MIB_RMADDR && subflow->remote_id != rm_id) continue; @@ -809,7 +809,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", - i, rm_id, subflow->local_id, subflow->remote_id, + i, rm_id, id, subflow->remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); mptcp_subflow_shutdown(sk, ssk, how); @@ -1994,7 +1994,7 @@ static int mptcp_event_add_subflow(struct sk_buff *skb, const struct sock *ssk) if (WARN_ON_ONCE(!sf)) return -EINVAL; - if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, sf->local_id)) + if (nla_put_u8(skb, MPTCP_ATTR_LOC_ID, subflow_get_local_id(sf))) return -EMSGSIZE; if (nla_put_u8(skb, MPTCP_ATTR_REM_ID, sf->remote_id)) diff --git a/net/mptcp/pm_userspace.c b/net/mptcp/pm_userspace.c index e582b3b2d174..d396a5973429 100644 --- a/net/mptcp/pm_userspace.c +++ b/net/mptcp/pm_userspace.c @@ -234,7 +234,7 @@ static int mptcp_userspace_pm_remove_id_zero_address(struct mptcp_sock *msk, lock_sock(sk); mptcp_for_each_subflow(msk, subflow) { - if (subflow->local_id == 0) { + if (READ_ONCE(subflow->local_id) == 0) { has_id_0 = true; break; } diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8ef2927ebca2..948606a537da 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -85,7 +85,7 @@ static int __mptcp_socket_create(struct mptcp_sock *msk) subflow->subflow_id = msk->subflow_id++; /* This is the first subflow, always with id 0 */ - subflow->local_id_valid = 1; + WRITE_ONCE(subflow->local_id, 0); mptcp_sock_graft(msk->first, sk->sk_socket); iput(SOCK_INODE(ssock)); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index ed50f2015dc3..631a7f445f34 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -491,10 +491,9 @@ struct mptcp_subflow_context { remote_key_valid : 1, /* received the peer key from */ disposable : 1, /* ctx can be free at ulp release time */ stale : 1, /* unable to snd/rcv data, do not use for xmit */ - local_id_valid : 1, /* local_id is correctly initialized */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 9; + __unused : 10; bool data_avail; bool scheduled; u32 remote_nonce; @@ -505,7 +504,7 @@ struct mptcp_subflow_context { u8 hmac[MPTCPOPT_HMAC_LEN]; /* MPJ subflow only */ u64 iasn; /* initial ack sequence number, MPC subflows only */ }; - u8 local_id; + s16 local_id; /* if negative not initialized yet */ u8 remote_id; u8 reset_seen:1; u8 reset_transient:1; @@ -556,6 +555,7 @@ mptcp_subflow_ctx_reset(struct mptcp_subflow_context *subflow) { memset(&subflow->reset, 0, sizeof(subflow->reset)); subflow->request_mptcp = 1; + WRITE_ONCE(subflow->local_id, -1); } static inline u64 @@ -1022,6 +1022,15 @@ int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc); int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc); +static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflow) +{ + int local_id = READ_ONCE(subflow->local_id); + + if (local_id < 0) + return 0; + return local_id; +} + void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c34ecadee120..015184bbf06c 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -577,8 +577,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) static void subflow_set_local_id(struct mptcp_subflow_context *subflow, int local_id) { - subflow->local_id = local_id; - subflow->local_id_valid = 1; + WARN_ON_ONCE(local_id < 0 || local_id > 255); + WRITE_ONCE(subflow->local_id, local_id); } static int subflow_chk_local_id(struct sock *sk) @@ -587,7 +587,7 @@ static int subflow_chk_local_id(struct sock *sk) struct mptcp_sock *msk = mptcp_sk(subflow->conn); int err; - if (likely(subflow->local_id_valid)) + if (likely(subflow->local_id >= 0)) return 0; err = mptcp_pm_get_local_id(msk, (struct sock_common *)sk); @@ -1731,6 +1731,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, pr_debug("subflow=%p", ctx); ctx->tcp_sock = sk; + WRITE_ONCE(ctx->local_id, -1); return ctx; } @@ -1966,7 +1967,7 @@ static void subflow_ulp_clone(const struct request_sock *req, new_ctx->idsn = subflow_req->idsn; /* this is the first subflow, id is always 0 */ - new_ctx->local_id_valid = 1; + subflow_set_local_id(new_ctx, 0); } else if (subflow_req->mp_join) { new_ctx->ssn_offset = subflow_req->ssn_offset; new_ctx->mp_join = 1;

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: add needs_id for netlink appending addr" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 584f3894262634596532cf43a5e782e34a0ce374 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022732-wrought-cardiac-a27a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 584f38942626 ("mptcp: add needs_id for netlink appending addr") aab4d8564947 ("net: mptcp: use policy generated by YAML spec") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") 6ba7ce89905c ("mptcp: unify pm set_flags interfaces") a963853fd465 ("mptcp: use net instead of sock_net") dfc8d0603033 ("mptcp: implement delayed seq generation for passive fastopen") d15697185404 ("mptcp: allow privileged operations from user namespaces") 9c5d03d36251 ("genetlink: start to validate reserved header bytes") 02739545951a ("net: Fix data-races around sysctl_[rw]mem(_offset)?.") 892f396c8e68 ("mptcp: netlink: issue MP_PRIO signals from userspace PMs") a657430260e5 ("mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags") c21b50d5912b ("mptcp: Avoid acquiring PM lock for subflow priority changes") 6f664045c868 ("Merge tag 'mm-nonmm-stable-2022-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 584f3894262634596532cf43a5e782e34a0ce374 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Thu, 15 Feb 2024 19:25:29 +0100 Subject: [PATCH] mptcp: add needs_id for netlink appending addr Just the same as userspace PM, a new parameter needs_id is added for in-kernel PM mptcp_pm_nl_append_new_local_addr() too. Add a new helper mptcp_pm_has_addr_attr_id() to check whether an address ID is set from PM or not. In mptcp_pm_nl_get_local_id(), needs_id is always true, but in mptcp_pm_nl_add_addr_doit(), pass mptcp_pm_has_addr_attr_id() to needs_it. Fixes: efd5a4c04e18 ("mptcp: add the address ID assignment bitmap") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 287a60381eae..a24c9128dee9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -901,7 +901,8 @@ static void __mptcp_pm_release_addr_entry(struct mptcp_pm_addr_entry *entry) } static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, - struct mptcp_pm_addr_entry *entry) + struct mptcp_pm_addr_entry *entry, + bool needs_id) { struct mptcp_pm_addr_entry *cur, *del_entry = NULL; unsigned int addr_max; @@ -949,7 +950,7 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, } } - if (!entry->addr.id) { + if (!entry->addr.id && needs_id) { find_next: entry->addr.id = find_next_zero_bit(pernet->id_bitmap, MPTCP_PM_MAX_ADDR_ID + 1, @@ -960,7 +961,7 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm_nl_pernet *pernet, } } - if (!entry->addr.id) + if (!entry->addr.id && needs_id) goto out; __set_bit(entry->addr.id, pernet->id_bitmap); @@ -1092,7 +1093,7 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct mptcp_addr_info *skc entry->ifindex = 0; entry->flags = MPTCP_PM_ADDR_FLAG_IMPLICIT; entry->lsk = NULL; - ret = mptcp_pm_nl_append_new_local_addr(pernet, entry); + ret = mptcp_pm_nl_append_new_local_addr(pernet, entry, true); if (ret < 0) kfree(entry); @@ -1285,6 +1286,18 @@ static int mptcp_nl_add_subflow_or_signal_addr(struct net *net) return 0; } +static bool mptcp_pm_has_addr_attr_id(const struct nlattr *attr, + struct genl_info *info) +{ + struct nlattr *tb[MPTCP_PM_ADDR_ATTR_MAX + 1]; + + if (!nla_parse_nested_deprecated(tb, MPTCP_PM_ADDR_ATTR_MAX, attr, + mptcp_pm_address_nl_policy, info->extack) && + tb[MPTCP_PM_ADDR_ATTR_ID]) + return true; + return false; +} + int mptcp_pm_nl_add_addr_doit(struct sk_buff *skb, struct genl_info *info) { struct nlattr *attr = info->attrs[MPTCP_PM_ENDPOINT_ADDR]; @@ -1326,7 +1339,8 @@ int mptcp_pm_nl_add_addr_doit(struct sk_buff *skb, struct genl_info *info) goto out_free; } } - ret = mptcp_pm_nl_append_new_local_addr(pernet, entry); + ret = mptcp_pm_nl_append_new_local_addr(pernet, entry, + !mptcp_pm_has_addr_attr_id(attr, info)); if (ret < 0) { GENL_SET_ERR_MSG_FMT(info, "too many addresses or duplicate one: %d", ret); goto out_free;

1 year, 6 months

2
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: add missing kconfig for NF Filter in v6" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021943-wriggle-repair-49dd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8c86fad2cecd ("selftests: mptcp: add missing kconfig for NF Filter in v6") b6e074e171bc ("selftests: mptcp: add infinite map testcase") 39aab88242a8 ("selftests: mptcp: join: list failure at the end") c7d49c033de0 ("selftests: mptcp: join: alt. to exec specific tests") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 26516e10c433 ("selftests: mptcp: add more arguments for chk_join_nr") 8117dac3e7c3 ("selftests: mptcp: add invert check in check_transfer") 01542c9bf9ab ("selftests: mptcp: add fastclose testcase") cbfafac4cf8f ("selftests: mptcp: add extra_args in do_transfer") 922fd2b39e5a ("selftests: mptcp: add the MP_RST mibs check") e8e947ef50f6 ("selftests: mptcp: add the MP_FASTCLOSE mibs check") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 31 Jan 2024 22:49:48 +0100 Subject: [PATCH] selftests: mptcp: add missing kconfig for NF Filter in v6 Since the commit mentioned below, 'mptcp_join' selftests is using IPTables to add rules to the Filter table for IPv6. It is then required to have IP6_NF_FILTER KConfig. This KConfig is usually enabled by default in many defconfig, but we recently noticed that some CI were running our selftests without them enabled. Fixes: 523514ed0a99 ("selftests: mptcp: add ADD_ADDR IPv6 test cases") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selftests/net/mptcp/config index 2a00bf4acdfa..26fe466f803d 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -25,6 +25,7 @@ CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IP6_NF_FILTER=m CONFIG_NET_ACT_CSUM=m CONFIG_NET_ACT_PEDIT=m CONFIG_NET_CLS_ACT=y

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: add missing kconfig for NF Filter" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3645c844902bd4e173d6704fc2a37e8746904d67 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-lyricism-unshackle-b3ca@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3645c844902b ("selftests: mptcp: add missing kconfig for NF Filter") 46e967d187ed ("selftests: mptcp: add tests for subflow creation failure") 5fb62e9cd3ad ("selftests: mptcp: add tproxy test case") b6ab64b074f2 ("selftests: mptcp: more stable simult_flows tests") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3645c844902bd4e173d6704fc2a37e8746904d67 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 31 Jan 2024 22:49:47 +0100 Subject: [PATCH] selftests: mptcp: add missing kconfig for NF Filter Since the commit mentioned below, 'mptcp_join' selftests is using IPTables to add rules to the Filter table. It is then required to have IP_NF_FILTER KConfig. This KConfig is usually enabled by default in many defconfig, but we recently noticed that some CI were running our selftests without them enabled. Fixes: 8d014eaa9254 ("selftests: mptcp: add ADD_ADDR timeout test case") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selftests/net/mptcp/config index e317c2e44dae..2a00bf4acdfa 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -22,6 +22,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_SOCKET=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_NET_ACT_CSUM=m

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: rename timer related helper to less confusing names" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f6909dc1c1f4452879278128012da6c76bc186a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100402-launder-percent-3d59@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f6909dc1c1f4452879278128012da6c76bc186a5 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:48 +0200 Subject: [PATCH] mptcp: rename timer related helper to less confusing names The msk socket uses to different timeout to track close related events and retransmissions. The existing helpers do not indicate clearly which timer they actually touch, making the related code quite confusing. Change the existing helpers name to avoid such confusion. No functional change intended. This patch is linked to the next one ("mptcp: fix dangling connection hang-up"). The two patches are supposed to be backported together. Cc: stable(a)vger.kernel.org # v5.11+ Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 1c96b8da71df..c8f38f303a90 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -405,7 +405,7 @@ static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, return false; } -static void mptcp_stop_timer(struct sock *sk) +static void mptcp_stop_rtx_timer(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); @@ -911,12 +911,12 @@ static void __mptcp_flush_join_list(struct sock *sk, struct list_head *join_list } } -static bool mptcp_timer_pending(struct sock *sk) +static bool mptcp_rtx_timer_pending(struct sock *sk) { return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); } -static void mptcp_reset_timer(struct sock *sk) +static void mptcp_reset_rtx_timer(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); unsigned long tout; @@ -1050,10 +1050,10 @@ static void __mptcp_clean_una(struct sock *sk) out: if (snd_una == READ_ONCE(msk->snd_nxt) && snd_una == READ_ONCE(msk->write_seq)) { - if (mptcp_timer_pending(sk) && !mptcp_data_fin_enabled(msk)) - mptcp_stop_timer(sk); + if (mptcp_rtx_timer_pending(sk) && !mptcp_data_fin_enabled(msk)) + mptcp_stop_rtx_timer(sk); } else { - mptcp_reset_timer(sk); + mptcp_reset_rtx_timer(sk); } } @@ -1626,8 +1626,8 @@ void __mptcp_push_pending(struct sock *sk, unsigned int flags) mptcp_push_release(ssk, &info); /* ensure the rtx timer is running */ - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); if (do_check_data_fin) mptcp_check_send_data_fin(sk); } @@ -1690,8 +1690,8 @@ static void __mptcp_subflow_push_pending(struct sock *sk, struct sock *ssk, bool if (copied) { tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle, info.size_goal); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); if (msk->snd_data_fin_enable && msk->snd_nxt + 1 == msk->write_seq) @@ -2260,7 +2260,7 @@ static void mptcp_retransmit_timer(struct timer_list *t) sock_put(sk); } -static void mptcp_timeout_timer(struct timer_list *t) +static void mptcp_tout_timer(struct timer_list *t) { struct sock *sk = from_timer(sk, t, sk_timer); @@ -2629,14 +2629,14 @@ static void __mptcp_retrans(struct sock *sk) reset_timer: mptcp_check_and_set_pending(sk); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); } /* schedule the timeout timer for the relevant event: either close timeout * or mp_fail timeout. The close timeout takes precedence on the mp_fail one */ -void mptcp_reset_timeout(struct mptcp_sock *msk, unsigned long fail_tout) +void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout) { struct sock *sk = (struct sock *)msk; unsigned long timeout, close_timeout; @@ -2669,7 +2669,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) WRITE_ONCE(mptcp_subflow_ctx(ssk)->fail_tout, 0); unlock_sock_fast(ssk, slow); - mptcp_reset_timeout(msk, 0); + mptcp_reset_tout_timer(msk, 0); } static void mptcp_do_fastclose(struct sock *sk) @@ -2758,7 +2758,7 @@ static void __mptcp_init_sock(struct sock *sk) /* re-use the csk retrans timer for MPTCP-level retrans */ timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); - timer_setup(&sk->sk_timer, mptcp_timeout_timer, 0); + timer_setup(&sk->sk_timer, mptcp_tout_timer, 0); } static void mptcp_ca_reset(struct sock *sk) @@ -2849,8 +2849,8 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) } else { pr_debug("Sending DATA_FIN on subflow %p", ssk); tcp_send_ack(ssk); - if (!mptcp_timer_pending(sk)) - mptcp_reset_timer(sk); + if (!mptcp_rtx_timer_pending(sk)) + mptcp_reset_rtx_timer(sk); } break; } @@ -2933,7 +2933,7 @@ static void __mptcp_destroy_sock(struct sock *sk) might_sleep(); - mptcp_stop_timer(sk); + mptcp_stop_rtx_timer(sk); sk_stop_timer(sk, &sk->sk_timer); msk->pm.status = 0; mptcp_release_sched(msk); @@ -3053,7 +3053,7 @@ bool __mptcp_close(struct sock *sk, long timeout) __mptcp_destroy_sock(sk); do_cancel_work = true; } else { - mptcp_reset_timeout(msk, 0); + mptcp_reset_tout_timer(msk, 0); } return do_cancel_work; @@ -3116,7 +3116,7 @@ static int mptcp_disconnect(struct sock *sk, int flags) mptcp_check_listen_stop(sk); inet_sk_state_store(sk, TCP_CLOSE); - mptcp_stop_timer(sk); + mptcp_stop_rtx_timer(sk); sk_stop_timer(sk, &sk->sk_timer); if (msk->token) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 7254b3562575..5e2026815c8e 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -718,7 +718,7 @@ void mptcp_get_options(const struct sk_buff *skb, void mptcp_finish_connect(struct sock *sk); void __mptcp_set_connected(struct sock *sk); -void mptcp_reset_timeout(struct mptcp_sock *msk, unsigned long fail_tout); +void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout); static inline bool mptcp_is_fully_established(struct sock *sk) { return inet_sk_state_load(sk) == TCP_ESTABLISHED && diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 2f40c23fdb0d..433f290984c8 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1226,7 +1226,7 @@ static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk) WRITE_ONCE(subflow->fail_tout, fail_tout); tcp_send_ack(ssk); - mptcp_reset_timeout(msk, subflow->fail_tout); + mptcp_reset_tout_timer(msk, subflow->fail_tout); } static bool subflow_check_data_avail(struct sock *ssk)

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: process pending subflow error on close" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9f1a98813b4b686482e5ef3c9d998581cace0ba6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023100447-durable-snowiness-8b36@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f1a98813b4b686482e5ef3c9d998581cace0ba6 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Sat, 16 Sep 2023 12:52:47 +0200 Subject: [PATCH] mptcp: process pending subflow error on close On incoming TCP reset, subflow closing could happen before error propagation. That in turn could cause the socket error being ignored, and a missing socket state transition, as reported by Daire-Byrne. Address the issues explicitly checking for subflow socket error at close time. To avoid code duplication, factor-out of __mptcp_error_report() a new helper implementing the relevant bits. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/429 Fixes: 15cc10453398 ("mptcp: deliver ssk errors to msk") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 915860027b1a..1c96b8da71df 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -770,40 +770,44 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) return moved; } +static bool __mptcp_subflow_error_report(struct sock *sk, struct sock *ssk) +{ + int err = sock_error(ssk); + int ssk_state; + + if (!err) + return false; + + /* only propagate errors on fallen-back sockets or + * on MPC connect + */ + if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(mptcp_sk(sk))) + return false; + + /* We need to propagate only transition to CLOSE state. + * Orphaned socket will see such state change via + * subflow_sched_work_if_closed() and that path will properly + * destroy the msk as needed. + */ + ssk_state = inet_sk_state_load(ssk); + if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) + inet_sk_state_store(sk, ssk_state); + WRITE_ONCE(sk->sk_err, -err); + + /* This barrier is coupled with smp_rmb() in mptcp_poll() */ + smp_wmb(); + sk_error_report(sk); + return true; +} + void __mptcp_error_report(struct sock *sk) { struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - mptcp_for_each_subflow(msk, subflow) { - struct sock *ssk = mptcp_subflow_tcp_sock(subflow); - int err = sock_error(ssk); - int ssk_state; - - if (!err) - continue; - - /* only propagate errors on fallen-back sockets or - * on MPC connect - */ - if (sk->sk_state != TCP_SYN_SENT && !__mptcp_check_fallback(msk)) - continue; - - /* We need to propagate only transition to CLOSE state. - * Orphaned socket will see such state change via - * subflow_sched_work_if_closed() and that path will properly - * destroy the msk as needed. - */ - ssk_state = inet_sk_state_load(ssk); - if (ssk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DEAD)) - inet_sk_state_store(sk, ssk_state); - WRITE_ONCE(sk->sk_err, -err); - - /* This barrier is coupled with smp_rmb() in mptcp_poll() */ - smp_wmb(); - sk_error_report(sk); - break; - } + mptcp_for_each_subflow(msk, subflow) + if (__mptcp_subflow_error_report(sk, mptcp_subflow_tcp_sock(subflow))) + break; } /* In most cases we will be able to lock the mptcp socket. If its already @@ -2428,6 +2432,7 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, } out_release: + __mptcp_subflow_error_report(sk, ssk); release_sock(ssk); sock_put(ssk);

1 year, 6 months

2
1
0 0

[PATCH net-next v5 04/21] bitops: add missing prototype check

by Alexander Lobakin

Commit 8238b4579866 ("wait_on_bit: add an acquire memory barrier") added a new bitop, test_bit_acquire(), with proper wrapping in order to try to optimize it at compile-time, but missed the list of bitops used for checking their prototypes a bit below. The functions added have consistent prototypes, so that no more changes are required and no functional changes take place. Fixes: 8238b4579866 ("wait_on_bit: add an acquire memory barrier") Cc: stable(a)vger.kernel.org # 6.0+ Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- include/linux/bitops.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/bitops.h b/include/linux/bitops.h index 2ba557e067fe..f7f5a783da2a 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h @@ -80,6 +80,7 @@ __check_bitop_pr(__test_and_set_bit); __check_bitop_pr(__test_and_clear_bit); __check_bitop_pr(__test_and_change_bit); __check_bitop_pr(test_bit); +__check_bitop_pr(test_bit_acquire); #undef __check_bitop_pr -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH] drm/amd/display: Add monitor patch for specific eDP

by Rodrigo Siqueira

From: Ivan Lipski <ivlipski(a)amd.com> [WHY] Some eDP panels's ext caps don't write initial value cause the value of dpcd_addr(0x317) is random. It means that sometimes the eDP will clarify it is OLED, miniLED...etc cause the backlight control interface is incorrect. [HOW] Add a new panel patch to remove sink ext caps(HDR,OLED...etc) Cc: stable(a)vger.kernel.org # 6.5.x Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Tsung-hua Lin <tsung-hua.lin(a)amd.com> Cc: Chris Chi <moukong.chi(a)amd.com> Cc: Harry Wentland <Harry.Wentland(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Ivan Lipski <ivlipski(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index d9a482908380..764dc3ffd91b 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -63,6 +63,12 @@ static void apply_edid_quirks(struct edid *edid, struct dc_edid_caps *edid_caps) DRM_DEBUG_DRIVER("Disabling FAMS on monitor with panel id %X\n", panel_id); edid_caps->panel_patch.disable_fams = true; break; + /* Workaround for some monitors that do not clear DPCD 0x317 if FreeSync is unsupported */ + case drm_edid_encode_panel_id('A', 'U', 'O', 0xA7AB): + case drm_edid_encode_panel_id('A', 'U', 'O', 0xE69B): + DRM_DEBUG_DRIVER("Clearing DPCD 0x317 on monitor with panel id %X\n", panel_id); + edid_caps->panel_patch.remove_sink_ext_caps = true; + break; default: return; } -- 2.43.0

1 year, 6 months

3
2
0 0

[PATCH] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation

by Bjorn Andersson via B4 Relay

From: Bjorn Andersson <quic_bjorande(a)quicinc.com> Commit 'e3e56c050ab6 ("soc: qcom: rpmhpd: Make power_on actually enable the domain")' aimed to make sure that a power-domain that is being enabled without any particular performance-state requested will at least turn the rail on, to avoid filling DeviceTree with otherwise unnecessary required-opps properties. But in the event that aggregation happens on a disabled power-domain, with an enabled peer without performance-state, both the local and peer corner are 0. The peer's enabled_corner is not considered, with the result that the underlying (shared) resource is disabled. One case where this can be observed is when the display stack keeps mmcx enabled (but without a particular performance-state vote) in order to access registers and sync_state happens in the rpmhpd driver. As mmcx_ao is flushed the state of the peer (mmcx) is not considered and mmcx_ao ends up turning off "mmcx.lvl" underneath mmcx. This has been observed several times, but has been painted over in DeviceTree by adding an explicit vote for the lowest non-disabled performance-state. Fixes: e3e56c050ab6 ("soc: qcom: rpmhpd: Make power_on actually enable the domain") Reported-by: Johan Hovold <johan(a)kernel.org> Closes: https://lore.kernel.org/linux-arm-msm/ZdMwZa98L23mu3u6@hovoldconsulting.com/ Cc: <stable(a)vger.kernel.org> Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- This issue is the root cause of a display regression on SC8280XP boards, resulting in the system often resetting during boot. It was exposed by the refactoring of the DisplayPort driver in v6.8-rc1. --- drivers/pmdomain/qcom/rpmhpd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/pmdomain/qcom/rpmhpd.c b/drivers/pmdomain/qcom/rpmhpd.c index 3078896b1300..47df910645f6 100644 --- a/drivers/pmdomain/qcom/rpmhpd.c +++ b/drivers/pmdomain/qcom/rpmhpd.c @@ -692,6 +692,7 @@ static int rpmhpd_aggregate_corner(struct rpmhpd *pd, unsigned int corner) unsigned int active_corner, sleep_corner; unsigned int this_active_corner = 0, this_sleep_corner = 0; unsigned int peer_active_corner = 0, peer_sleep_corner = 0; + unsigned int peer_enabled_corner; if (pd->state_synced) { to_active_sleep(pd, corner, &this_active_corner, &this_sleep_corner); @@ -701,9 +702,11 @@ static int rpmhpd_aggregate_corner(struct rpmhpd *pd, unsigned int corner) this_sleep_corner = pd->level_count - 1; } - if (peer && peer->enabled) - to_active_sleep(peer, peer->corner, &peer_active_corner, + if (peer && peer->enabled) { + peer_enabled_corner = max(peer->corner, peer->enable_corner); + to_active_sleep(peer, peer_enabled_corner, &peer_active_corner, &peer_sleep_corner); + } active_corner = max(this_active_corner, peer_active_corner); --- base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d change-id: 20240226-rpmhpd-enable-corner-fix-c5e07fe7b986 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

1 year, 6 months

7
6
0 0

[PATCH -fixes v4 3/3] riscv: Save/restore envcfg CSR during CPU suspend

by Samuel Holland

The value of the [ms]envcfg CSR is lost when entering a nonretentive idle state, so the CSR must be rewritten when resuming the CPU. Cc: <stable(a)vger.kernel.org> # v6.7+ Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- Changes in v4: - Check for Xlinuxenvcfg instead of Zicboz Changes in v3: - Check for Zicboz instead of the privileged ISA version Changes in v2: - Check for privileged ISA v1.12 instead of the specific CSR - Use riscv_has_extension_likely() instead of new ALTERNATIVE()s arch/riscv/include/asm/suspend.h | 1 + arch/riscv/kernel/suspend.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/riscv/include/asm/suspend.h b/arch/riscv/include/asm/suspend.h index 02f87867389a..491296a335d0 100644 --- a/arch/riscv/include/asm/suspend.h +++ b/arch/riscv/include/asm/suspend.h @@ -14,6 +14,7 @@ struct suspend_context { struct pt_regs regs; /* Saved and restored by high-level functions */ unsigned long scratch; + unsigned long envcfg; unsigned long tvec; unsigned long ie; #ifdef CONFIG_MMU diff --git a/arch/riscv/kernel/suspend.c b/arch/riscv/kernel/suspend.c index 239509367e42..299795341e8a 100644 --- a/arch/riscv/kernel/suspend.c +++ b/arch/riscv/kernel/suspend.c @@ -15,6 +15,8 @@ void suspend_save_csrs(struct suspend_context *context) { context->scratch = csr_read(CSR_SCRATCH); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) + context->envcfg = csr_read(CSR_ENVCFG); context->tvec = csr_read(CSR_TVEC); context->ie = csr_read(CSR_IE); @@ -36,6 +38,8 @@ void suspend_save_csrs(struct suspend_context *context) void suspend_restore_csrs(struct suspend_context *context) { csr_write(CSR_SCRATCH, context->scratch); + if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) + csr_write(CSR_ENVCFG, context->envcfg); csr_write(CSR_TVEC, context->tvec); csr_write(CSR_IE, context->ie); -- 2.43.1

1 year, 6 months

3
2
0 0

[PATCH v3 0/5] scsi: ufs: qcom: fix UFSDHCD support on MSM8996 platform

by Dmitry Baryshkov

First several patches target fixing the UFS support on the Qualcomm MSM8996 / APQ8096 platforms, broken by the commit b4e13e1ae95e ("scsi: ufs: qcom: Add multiple frequency support for MAX_CORE_CLK_1US_CYCLES"). Last two patches clean up the UFS DT device on that platform to follow the bindings on other MSM8969 platforms. If such breaking change is unacceptable, they can be simply ignored, merging fixes only. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v3: - dropped the patch conflicting with Yassine's patch that got accepted - Cc stable on the UFS change (Manivannan) - Fixed typos in the commit message (Manivannan) - Link to v2: https://lore.kernel.org/r/20240213-msm8996-fix-ufs-v2-0-650758c26458@linaro… Changes in v2: - Dropped patches adding RX_SYMBOL_1_CLK, MSM8996 uses single lane (Krzysztof). - Link to v1: https://lore.kernel.org/r/20240209-msm8996-fix-ufs-v1-0-107b52e57420@linaro… --- Dmitry Baryshkov (5): scsi: ufs: qcom: provide default cycles_in_1us value arm64: dts: qcom: msm8996: specify UFS core_clk frequencies arm64: dts: qcom: msm8996: set GCC_UFS_ICE_CORE_CLK freq directly dt-bindings: ufs: qcom,ufs: drop source clock entries arm64: dts: qcom: msm8996: drop source clock entries from the UFS node Documentation/devicetree/bindings/ufs/qcom,ufs.yaml | 12 +++++------- arch/arm64/boot/dts/qcom/msm8996.dtsi | 8 +------- drivers/ufs/host/ufs-qcom.c | 6 ++++-- 3 files changed, 10 insertions(+), 16 deletions(-) --- base-commit: 0035c3918a74a83f94158fbbd667e163bfd4a0d0 change-id: 20240209-msm8996-fix-ufs-f80ae6d4d8cf Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

1 year, 6 months

2
3
0 0

[PATCH v2] usb: gadget: ncm: Fix handling of zero block length packets

by Krishna Kurapati

While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 valid datagrams present. According to the NCM spec: "If wBlockLength = 0x0000, the block is terminated by a short packet. In this case, the USB transfer must still be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent, and the size is a multiple of wMaxPacketSize for the given pipe, then no ZLP shall be sent. wBlockLength= 0x0000 must be used with extreme care, because of the possibility that the host and device may get out of sync, and because of test issues. wBlockLength = 0x0000 allows the sender to reduce latency by starting to send a very large NTB, and then shortening it when the sender discovers that there’s not sufficient data to justify sending a large NTB" However, there is a potential issue with the current implementation, as it checks for the occurrence of multiple NTBs in a single giveback by verifying if the leftover bytes to be processed is zero or not. If the block length reads zero, we would process the same NTB infintely because the leftover bytes is never zero and it leads to a crash. Fix this by bailing out if block length reads zero. Cc: <stable(a)vger.kernel.org> Fixes: 427694cfaafa ("usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- Changes in v2: Removed goto label Link to v1: https://lore.kernel.org/all/20240226112815.2616719-1-quic_kriskura@quicinc.… drivers/usb/gadget/function/f_ncm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index e2a059cfda2c..28f4e6552e84 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1346,7 +1346,7 @@ static int ncm_unwrap_ntb(struct gether *port, if (to_process == 1 && (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) { to_process--; - } else if (to_process > 0) { + } else if ((to_process > 0) && (block_len != 0)) { ntb_ptr = (unsigned char *)(ntb_ptr + block_len); goto parse_ntb; } -- 2.34.1

1 year, 6 months

2
1
0 0

FAILED: patch "[PATCH] memcg: fix use-after-free in uncharge_batch" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f1796544a0ca0f14386a679d3d05fbc69235015e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022759-crave-busily-bef7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f1796544a0ca ("memcg: fix use-after-free in uncharge_batch") 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") 8d22a9351035 ("mm/memcg: fix refcount error while moving and swapping") d9eb1ea2bf87 ("mm: memcontrol: delete unused lrucare handling") 4c6355b25e8b ("mm: memcontrol: charge swapin pages on instantiation") f0e45fb4da29 ("mm: memcontrol: drop unused try/commit/cancel charge API") 9d82c69438d0 ("mm: memcontrol: convert anon and file-thp to new mem_cgroup_charge() API") 468c398233da ("mm: memcontrol: switch to native NR_ANON_THPS counter") be5d0a74c62d ("mm: memcontrol: switch to native NR_ANON_MAPPED counter") 0d1c20722ab3 ("mm: memcontrol: switch to native NR_FILE_PAGES and NR_SHMEM counters") 49e50d277ba2 ("mm: memcontrol: prepare move_account for removal of private page type counters") 9f762dbe19b9 ("mm: memcontrol: prepare uncharging for removal of private page type counters") 3fea5a499d57 ("mm: memcontrol: convert page cache to a new mem_cgroup_charge() API") 6caa6a0703e0 ("mm: memcontrol: move out cgroup swaprate throttling") 14235ab36019 ("mm: shmem: remove rare optimization when swapin races with hole punching") 3fba69a56e16 ("mm: memcontrol: drop @compound parameter from memcg charging API") abb242f57196 ("mm: memcontrol: fix stat-corrupting race in charge moving") f4129ea3591a ("mm: fix NUMA node file count error in replace_page_cache()") ffe945e633b5 ("khugepaged: do not stop collapse if less than half PTEs are referenced") 396bcc5299c2 ("mm: remove CONFIG_TRANSPARENT_HUGE_PAGECACHE") 85b9f46e8ea4 ("mm, thp: track fallbacks due to failed memcg charges separately") dcdf11ee1441 ("mm, shmem: add vmstat for hugepage fallback") 9c315e4d7d8c ("mm: memcg/slab: cache page number in memcg_(un)charge_slab()") 92d0510c3585 ("mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg()") f4b00eab5004 ("mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page()") 50591183fa86 ("mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments") 10eaec2f63b6 ("mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments") 47e29d32afba ("mm/gup: page->hpage_pinned_refcount: exact pin counts for huge pages") 3faa52c03f44 ("mm/gup: track FOLL_PIN pages") 3b78d8347d31 ("mm/gup: pass gup flags to two more routines") c23a0c99793f ("mm/migrate: clean up some minor coding style") 92855270ff08 ("mm/memcontrol.c: cleanup some useless code") f1f6a7dd9b53 ("mm, tree-wide: rename put_user_page*() to unpin_user_page*()") aa4b87fe9ea3 ("powerpc: book3s64: convert to pin_user_pages() and put_user_page()") 19fed0dae94d ("vfio, mm: pin_user_pages (FOLL_PIN) and put_user_page() conversion") 1f815afcfca7 ("media/v4l2-core: pin_user_pages (FOLL_PIN) and put_user_page() conversion") 803e4572d7c5 ("mm/process_vm_access: set FOLL_PIN via pin_user_pages_remote()") 57459435cff5 ("goldish_pipe: convert to pin_user_pages() and put_user_page()") eddb1c228f79 ("mm/gup: introduce pin_user_pages*() and FOLL_PIN") 3c7470b6f684 ("media/v4l2-core: set pages dirty upon releasing DMA buffers") f4000fdf435b ("mm/gup: allow FOLL_FORCE for get_user_pages_fast()") 3567813eae5e ("vfio: fix FOLL_LONGTERM use, simplify get_user_pages_remote() call") c4237f8b1f4f ("mm: fix get_user_pages_remote()'s handling of FOLL_LONGTERM") a707cdd55f0f ("mm/gup: move try_get_compound_head() to top, fix minor issues") a43e982082c2 ("mm/gup: factor out duplicate code from four routines") fac0516b5534 ("mm: thp: don't need care deferred split queue in memcg charge move path") f1fe80d4ae33 ("mm, thp: do not queue fully unmapped pages for deferred split") acbfb087e3b1 ("mm/hugetlb: avoid looping to the same hugepage if !pages and !vmas") 867e5e1de14b ("mm: clean up and clarify lruvec lookup procedure") 242c37b459ce ("include/linux/memcontrol.h: fix comments based on per-node memcg") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f1796544a0ca0f14386a679d3d05fbc69235015e Mon Sep 17 00:00:00 2001 From: Michal Hocko <mhocko(a)suse.com> Date: Fri, 4 Sep 2020 16:35:24 -0700 Subject: [PATCH] memcg: fix use-after-free in uncharge_batch syzbot has reported an use-after-free in the uncharge_batch path BUG: KASAN: use-after-free in instrument_atomic_write include/linux/instrumented.h:71 [inline] BUG: KASAN: use-after-free in atomic64_sub_return include/asm-generic/atomic-instrumented.h:970 [inline] BUG: KASAN: use-after-free in atomic_long_sub_return include/asm-generic/atomic-long.h:113 [inline] BUG: KASAN: use-after-free in page_counter_cancel mm/page_counter.c:54 [inline] BUG: KASAN: use-after-free in page_counter_uncharge+0x3d/0xc0 mm/page_counter.c:155 Write of size 8 at addr ffff8880371c0148 by task syz-executor.0/9304 CPU: 0 PID: 9304 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1f0/0x31e lib/dump_stack.c:118 print_address_description+0x66/0x620 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report+0x132/0x1d0 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:183 [inline] check_memory_region+0x2b5/0x2f0 mm/kasan/generic.c:192 instrument_atomic_write include/linux/instrumented.h:71 [inline] atomic64_sub_return include/asm-generic/atomic-instrumented.h:970 [inline] atomic_long_sub_return include/asm-generic/atomic-long.h:113 [inline] page_counter_cancel mm/page_counter.c:54 [inline] page_counter_uncharge+0x3d/0xc0 mm/page_counter.c:155 uncharge_batch+0x6c/0x350 mm/memcontrol.c:6764 uncharge_page+0x115/0x430 mm/memcontrol.c:6796 uncharge_list mm/memcontrol.c:6835 [inline] mem_cgroup_uncharge_list+0x70/0xe0 mm/memcontrol.c:6877 release_pages+0x13a2/0x1550 mm/swap.c:911 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:242 [inline] tlb_flush_mmu+0x780/0x910 mm/mmu_gather.c:249 tlb_finish_mmu+0xcb/0x200 mm/mmu_gather.c:328 exit_mmap+0x296/0x550 mm/mmap.c:3185 __mmput+0x113/0x370 kernel/fork.c:1076 exit_mm+0x4cd/0x550 kernel/exit.c:483 do_exit+0x576/0x1f20 kernel/exit.c:793 do_group_exit+0x161/0x2d0 kernel/exit.c:903 get_signal+0x139b/0x1d30 kernel/signal.c:2743 arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x8d/0x1b0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x5e/0x1a0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") reworked the memcg lifetime to be bound the the struct page rather than charges. It also removed the css_put_many from uncharge_batch and that is causing the above splat. uncharge_batch() is supposed to uncharge accumulated charges for all pages freed from the same memcg. The queuing is done by uncharge_page which however drops the memcg reference after it adds charges to the batch. If the current page happens to be the last one holding the reference for its memcg then the memcg is OK to go and the next page to be freed will trigger batched uncharge which needs to access the memcg which is gone already. Fix the issue by taking a reference for the memcg in the current batch. Fixes: 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") Reported-by: syzbot+b305848212deec86eabe(a)syzkaller.appspotmail.com Reported-by: syzbot+b5ea6fb6f139c8b9482b(a)syzkaller.appspotmail.com Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: Hugh Dickins <hughd(a)google.com> Link: https://lkml.kernel.org/r/20200820090341.GC5033@dhcp22.suse.cz Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memcontrol.c b/mm/memcontrol.c index b807952b4d43..cfa6cbad21d5 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -6774,6 +6774,9 @@ static void uncharge_batch(const struct uncharge_gather *ug) __this_cpu_add(ug->memcg->vmstats_percpu->nr_page_events, ug->nr_pages); memcg_check_events(ug->memcg, ug->dummy_page); local_irq_restore(flags); + + /* drop reference from uncharge_page */ + css_put(&ug->memcg->css); } static void uncharge_page(struct page *page, struct uncharge_gather *ug) @@ -6797,6 +6800,9 @@ static void uncharge_page(struct page *page, struct uncharge_gather *ug) uncharge_gather_clear(ug); } ug->memcg = page->mem_cgroup; + + /* pairs with css_put in uncharge_batch */ + css_get(&ug->memcg->css); } nr_pages = compound_nr(page);

1 year, 6 months

3
4
0 0

[PATCH v1] net: sfp: add quirks for ODI DFP-34X-2C2

by Shengyu Qu

ODI DFP-34X-2C2 is capable of 2500base-X, but incorrectly report its capabilities in the EEPROM. So use sfp_quirk_2500basex for this module to allow 2500Base-X mode. Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> --- drivers/net/phy/sfp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c index f75c9eb3958e..2021cb4ff2f6 100644 --- a/drivers/net/phy/sfp.c +++ b/drivers/net/phy/sfp.c @@ -495,6 +495,13 @@ static const struct sfp_quirk sfp_quirks[] = { // 2500MBd NRZ in their EEPROM SFP_QUIRK_M("Lantech", "8330-262D-E", sfp_quirk_2500basex), + // ODI DFP-34X-2C2 can operate at 2500base-X, but incorrectly report 1300MBd + // NRZ in the EEPROM. + // Besides, In early batches, vendor id is set to OEM, but that is fixed in + // newer batches. + SFP_QUIRK_M("ODI", "DFP-34X-2C2", sfp_quirk_2500basex), + SFP_QUIRK_M("OEM", "DFP-34X-2C2", sfp_quirk_2500basex), + SFP_QUIRK_M("UBNT", "UF-INSTANT", sfp_quirk_ubnt_uf_instant), // Walsun HXSX-ATR[CI]-1 don't identify as copper, and use the -- 2.39.2

1 year, 6 months

4
14
0 0

[PATCH -fixes v4 1/3] riscv: Fix enabling cbo.zero when running in M-mode

by Samuel Holland

When the kernel is running in M-mode, the CBZE bit must be set in the menvcfg CSR, not in senvcfg. Cc: <stable(a)vger.kernel.org> Fixes: 43c16d51a19b ("RISC-V: Enable cbo.zero in usermode") Reviewed-by: Andrew Jones <ajones(a)ventanamicro.com> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- (no changes since v1) arch/riscv/include/asm/csr.h | 2 ++ arch/riscv/kernel/cpufeature.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h index 510014051f5d..2468c55933cd 100644 --- a/arch/riscv/include/asm/csr.h +++ b/arch/riscv/include/asm/csr.h @@ -424,6 +424,7 @@ # define CSR_STATUS CSR_MSTATUS # define CSR_IE CSR_MIE # define CSR_TVEC CSR_MTVEC +# define CSR_ENVCFG CSR_MENVCFG # define CSR_SCRATCH CSR_MSCRATCH # define CSR_EPC CSR_MEPC # define CSR_CAUSE CSR_MCAUSE @@ -448,6 +449,7 @@ # define CSR_STATUS CSR_SSTATUS # define CSR_IE CSR_SIE # define CSR_TVEC CSR_STVEC +# define CSR_ENVCFG CSR_SENVCFG # define CSR_SCRATCH CSR_SSCRATCH # define CSR_EPC CSR_SEPC # define CSR_CAUSE CSR_SCAUSE diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c index 89920f84d0a3..c5b13f7dd482 100644 --- a/arch/riscv/kernel/cpufeature.c +++ b/arch/riscv/kernel/cpufeature.c @@ -950,7 +950,7 @@ arch_initcall(check_unaligned_access_all_cpus); void riscv_user_isa_enable(void) { if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_ZICBOZ)) - csr_set(CSR_SENVCFG, ENVCFG_CBZE); + csr_set(CSR_ENVCFG, ENVCFG_CBZE); } #ifdef CONFIG_RISCV_ALTERNATIVE -- 2.43.1

1 year, 6 months

2
1
0 0

[PATCH] Bluetooth: Add device 0bda:4853 to blacklist/quirk table

by WangYuli

This new device is part of a Realtek RTW8852BE chip. Without this change the device utilizes an obsolete version of the firmware that is encoded in it rather than the updated Realtek firmware and config files from the firmware directory. The latter files implement many new features. The device table is as follows: T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4853 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Link: https://lore.kernel.org/all/20230810144507.9599-1-Larry.Finger@lwfinger.net/ Cc: stable(a)vger.kernel.org Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index edfb49bbaa28..5225a6075626 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { /* Realtek 8852BE Bluetooth devices */ { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | -- 2.43.0

1 year, 6 months

1
0
0 0