- Linux-stable-mirror - lists.linaro.org

by Petr Vorel

Hi, maybe you will not like introducing 'static int int_max = INT_MAX;' for this old kernel which EOL in 10 months. Cyril Hrubis (3): sched/rt: Fix sysctl_sched_rr_timeslice intial value sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Disallow writing invalid values to sched_rt_period_us kernel/sched/rt.c | 10 +++++----- kernel/sysctl.c | 5 +++++ 2 files changed, 10 insertions(+), 5 deletions(-) -- 2.35.3

1 year, 6 months

2
16
0 0

[PATCH 6.6 v2 1/1] sched/rt: Disallow writing invalid values to sched_rt_period_us

by Petr Vorel

From: Cyril Hrubis <chrubis(a)suse.cz> [ Upstream commit 079be8fc630943d9fc70a97807feb73d169ee3fc ] The validation of the value written to sched_rt_period_us was broken because: - the sysclt_sched_rt_period is declared as unsigned int - parsed by proc_do_intvec() - the range is asserted after the value parsed by proc_do_intvec() Because of this negative values written to the file were written into a unsigned integer that were later on interpreted as large positive integers which did passed the check: if (sysclt_sched_rt_period <= 0) return EINVAL; This commit fixes the parsing by setting explicit range for both perid_us and runtime_us into the sched_rt_sysctls table and processes the values with proc_dointvec_minmax() instead. Alternatively if we wanted to use full range of unsigned int for the period value we would have to split the proc_handler and use proc_douintvec() for it however even the Documentation/scheduller/sched-rt-group.rst describes the range as 1 to INT_MAX. As far as I can tell the only problem this causes is that the sysctl file allows writing negative values which when read back may confuse userspace. There is also a LTP test being submitted for these sysctl files at: http://patchwork.ozlabs.org/project/ltp/patch/20230901144433.2526-1-chrubis… Signed-off-by: Cyril Hrubis <chrubis(a)suse.cz> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/20231002115553.3007-2-chrubis@suse.cz Signed-off-by: Petr Vorel <pvorel(a)suse.cz> --- kernel/sched/rt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 904dd8534597..4ac36eb4cdee 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -37,6 +37,8 @@ static struct ctl_table sched_rt_sysctls[] = { .maxlen = sizeof(unsigned int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = SYSCTL_ONE, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rt_runtime_us", @@ -44,6 +46,8 @@ static struct ctl_table sched_rt_sysctls[] = { .maxlen = sizeof(int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = SYSCTL_NEG_ONE, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rr_timeslice_ms", @@ -2989,9 +2993,6 @@ static int sched_rt_global_constraints(void) #ifdef CONFIG_SYSCTL static int sched_rt_global_validate(void) { - if (sysctl_sched_rt_period <= 0) - return -EINVAL; - if ((sysctl_sched_rt_runtime != RUNTIME_INF) && ((sysctl_sched_rt_runtime > sysctl_sched_rt_period) || ((u64)sysctl_sched_rt_runtime * @@ -3022,7 +3023,7 @@ static int sched_rt_handler(struct ctl_table *table, int write, void *buffer, old_period = sysctl_sched_rt_period; old_runtime = sysctl_sched_rt_runtime; - ret = proc_dointvec(table, write, buffer, lenp, ppos); + ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (!ret && write) { ret = sched_rt_global_validate(); -- 2.35.3

1 year, 6 months

1
0
0 0

[PATCH 6.1 v2 1/2] sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset

by Petr Vorel

From: Cyril Hrubis <chrubis(a)suse.cz> [ Upstream commit c1fc6484e1fb7cc2481d169bfef129a1b0676abe ] The sched_rr_timeslice can be reset to default by writing value that is <= 0. However after reading from this file we always got the last value written, which is not useful at all. $ echo -1 > /proc/sys/kernel/sched_rr_timeslice_ms $ cat /proc/sys/kernel/sched_rr_timeslice_ms -1 Fix this by setting the variable that holds the sysctl file value to the jiffies_to_msecs(RR_TIMESLICE) in case that <= 0 value was written. Signed-off-by: Cyril Hrubis <chrubis(a)suse.cz> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Petr Vorel <pvorel(a)suse.cz> Acked-by: Mel Gorman <mgorman(a)suse.de> Tested-by: Petr Vorel <pvorel(a)suse.cz> Link: https://lore.kernel.org/r/20230802151906.25258-3-chrubis@suse.cz Signed-off-by: Petr Vorel <pvorel(a)suse.cz> --- kernel/sched/rt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 76bafa8d331a..f79a6f36777a 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -3047,6 +3047,9 @@ static int sched_rr_handler(struct ctl_table *table, int write, void *buffer, sched_rr_timeslice = sysctl_sched_rr_timeslice <= 0 ? RR_TIMESLICE : msecs_to_jiffies(sysctl_sched_rr_timeslice); + + if (sysctl_sched_rr_timeslice <= 0) + sysctl_sched_rr_timeslice = jiffies_to_msecs(RR_TIMESLICE); } mutex_unlock(&mutex); -- 2.35.3

1 year, 6 months

1
1
0 0

[PATCH 5.4 v2 1/3] sched/rt: Fix sysctl_sched_rr_timeslice intial value

by Petr Vorel

From: Cyril Hrubis <chrubis(a)suse.cz> [ Upstream commit c7fcb99877f9f542c918509b2801065adcaf46fa ] There is a 10% rounding error in the intial value of the sysctl_sched_rr_timeslice with CONFIG_HZ_300=y. This was found with LTP test sched_rr_get_interval01: sched_rr_get_interval01.c:57: TPASS: sched_rr_get_interval() passed sched_rr_get_interval01.c:64: TPASS: Time quantum 0s 99999990ns sched_rr_get_interval01.c:72: TFAIL: /proc/sys/kernel/sched_rr_timeslice_ms != 100 got 90 sched_rr_get_interval01.c:57: TPASS: sched_rr_get_interval() passed sched_rr_get_interval01.c:64: TPASS: Time quantum 0s 99999990ns sched_rr_get_interval01.c:72: TFAIL: /proc/sys/kernel/sched_rr_timeslice_ms != 100 got 90 What this test does is to compare the return value from the sched_rr_get_interval() and the sched_rr_timeslice_ms sysctl file and fails if they do not match. The problem it found is the intial sysctl file value which was computed as: static int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; which works fine as long as MSEC_PER_SEC is multiple of HZ, however it introduces 10% rounding error for CONFIG_HZ_300: (MSEC_PER_SEC / HZ) * (100 * HZ / 1000) (1000 / 300) * (100 * 300 / 1000) 3 * 30 = 90 This can be easily fixed by reversing the order of the multiplication and division. After this fix we get: (MSEC_PER_SEC * (100 * HZ / 1000)) / HZ (1000 * (100 * 300 / 1000)) / 300 (1000 * 30) / 300 = 100 Fixes: 975e155ed873 ("sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds") Signed-off-by: Cyril Hrubis <chrubis(a)suse.cz> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Petr Vorel <pvorel(a)suse.cz> Acked-by: Mel Gorman <mgorman(a)suse.de> Tested-by: Petr Vorel <pvorel(a)suse.cz> Link: https://lore.kernel.org/r/20230802151906.25258-2-chrubis@suse.cz [ pvorel: rebased for 5.4 ] Signed-off-by: Petr Vorel <pvorel(a)suse.cz> --- kernel/sched/rt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 186e7d78ded5..e40f32e3ab06 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -8,7 +8,7 @@ #include "pelt.h" int sched_rr_timeslice = RR_TIMESLICE; -int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; +int sysctl_sched_rr_timeslice = (MSEC_PER_SEC * RR_TIMESLICE) / HZ; /* More than 4 hours if BW_SHIFT equals 20. */ static const u64 max_rt_runtime = MAX_BW; -- 2.35.3

1 year, 6 months

1
2
0 0

[PATCH 5.15, 5.10 v2 1/3] sched/rt: Fix sysctl_sched_rr_timeslice intial value

by Petr Vorel

From: Cyril Hrubis <chrubis(a)suse.cz> [ Upstream commit c7fcb99877f9f542c918509b2801065adcaf46fa ] There is a 10% rounding error in the intial value of the sysctl_sched_rr_timeslice with CONFIG_HZ_300=y. This was found with LTP test sched_rr_get_interval01: sched_rr_get_interval01.c:57: TPASS: sched_rr_get_interval() passed sched_rr_get_interval01.c:64: TPASS: Time quantum 0s 99999990ns sched_rr_get_interval01.c:72: TFAIL: /proc/sys/kernel/sched_rr_timeslice_ms != 100 got 90 sched_rr_get_interval01.c:57: TPASS: sched_rr_get_interval() passed sched_rr_get_interval01.c:64: TPASS: Time quantum 0s 99999990ns sched_rr_get_interval01.c:72: TFAIL: /proc/sys/kernel/sched_rr_timeslice_ms != 100 got 90 What this test does is to compare the return value from the sched_rr_get_interval() and the sched_rr_timeslice_ms sysctl file and fails if they do not match. The problem it found is the intial sysctl file value which was computed as: static int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; which works fine as long as MSEC_PER_SEC is multiple of HZ, however it introduces 10% rounding error for CONFIG_HZ_300: (MSEC_PER_SEC / HZ) * (100 * HZ / 1000) (1000 / 300) * (100 * 300 / 1000) 3 * 30 = 90 This can be easily fixed by reversing the order of the multiplication and division. After this fix we get: (MSEC_PER_SEC * (100 * HZ / 1000)) / HZ (1000 * (100 * 300 / 1000)) / 300 (1000 * 30) / 300 = 100 Fixes: 975e155ed873 ("sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds") Signed-off-by: Cyril Hrubis <chrubis(a)suse.cz> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Petr Vorel <pvorel(a)suse.cz> Acked-by: Mel Gorman <mgorman(a)suse.de> Tested-by: Petr Vorel <pvorel(a)suse.cz> Link: https://lore.kernel.org/r/20230802151906.25258-2-chrubis@suse.cz [ pvorel: rebased for 5.15, 5.10 ] Signed-off-by: Petr Vorel <pvorel(a)suse.cz> --- kernel/sched/rt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 7045595aacac..3394b7f923a0 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -8,7 +8,7 @@ #include "pelt.h" int sched_rr_timeslice = RR_TIMESLICE; -int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; +int sysctl_sched_rr_timeslice = (MSEC_PER_SEC * RR_TIMESLICE) / HZ; /* More than 4 hours if BW_SHIFT equals 20. */ static const u64 max_rt_runtime = MAX_BW; -- 2.35.3

1 year, 6 months

1
2
0 0

[PATCH v2] ext4: fix corruption during on-line resize

by Maximilian Heyne

We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by mke2fs. The issue can be reproduced on a smaller file system for convenience by explicitly turning off resize_inode. An on-line resize across an 8 GiB boundary (the size of a meta block group in this setup) then leads to a corruption: dev=/dev/<some_dev> # should be >= 16 GiB mkdir -p /corruption /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15)) mount -t ext4 $dev /corruption dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15)) sha1sum /corruption/test # 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test /sbin/resize2fs $dev $((2*2**21)) # drop page cache to force reload the block from disk echo 1 > /proc/sys/vm/drop_caches sha1sum /corruption/test # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test 2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per block group and 2^6 are the number of block groups that make a meta block group. The last checksum might be different depending on how the file is laid out across the physical blocks. The actual corruption occurs at physical block 63*2^15 = 2064384 which would be the location of the backup of the meta block group's block descriptor. During the on-line resize the file system will be converted to meta_bg starting at s_first_meta_bg which is 2 in the example - meaning all block groups after 16 GiB. However, in ext4_flex_group_add we might add block groups that are not part of the first meta block group yet. In the reproducer we achieved this by substracting the size of a whole block group from the point where the meta block group would start. This must be considered when updating the backup block group descriptors to follow the non-meta_bg layout. The fix is to add a test whether the group to add is already part of the meta block group or not. Fixes: 01f795f9e0d67 ("ext4: add online resizing support for meta_bg and 64-bit file systems") Cc: stable(a)vger.kernel.org Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- fs/ext4/resize.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index 4d4a5a32e310..3c0d12382e06 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -1602,7 +1602,8 @@ static int ext4_flex_group_add(struct super_block *sb, int gdb_num = group / EXT4_DESC_PER_BLOCK(sb); int gdb_num_end = ((group + flex_gd->count - 1) / EXT4_DESC_PER_BLOCK(sb)); - int meta_bg = ext4_has_feature_meta_bg(sb); + int meta_bg = ext4_has_feature_meta_bg(sb) && + gdb_num >= le32_to_cpu(es->s_first_meta_bg); sector_t padding_blocks = meta_bg ? 0 : sbi->s_sbh->b_blocknr - ext4_group_first_block_no(sb, 0); -- 2.40.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879

1 year, 6 months

3
2
0 0

[PATCH 2/2] usb: port: Don't try to peer unused USB ports based on location

by Mathias Nyman

Unused USB ports may have bogus location data in ACPI PLD tables. This causes port peering failures as these unused USB2 and USB3 ports location may match. This is seen on DELL systems where all unused ports return zeroed location data. Don't try to peer or match ports that have connect type set to USB_PORT_NOT_USED. Tested-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/core/port.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index c628c1abc907..4d63496f98b6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -573,7 +573,7 @@ static int match_location(struct usb_device *peer_hdev, void *p) struct usb_hub *peer_hub = usb_hub_to_struct_hub(peer_hdev); struct usb_device *hdev = to_usb_device(port_dev->dev.parent->parent); - if (!peer_hub) + if (!peer_hub || port_dev->connect_type == USB_PORT_NOT_USED) return 0; hcd = bus_to_hcd(hdev->bus); @@ -584,7 +584,8 @@ static int match_location(struct usb_device *peer_hdev, void *p) for (port1 = 1; port1 <= peer_hdev->maxchild; port1++) { peer = peer_hub->ports[port1 - 1]; - if (peer && peer->location == port_dev->location) { + if (peer && peer->connect_type != USB_PORT_NOT_USED && + peer->location == port_dev->location) { link_peers_report(port_dev, peer); return 1; /* done */ } -- 2.25.1

1 year, 6 months

3
3
0 0

[PATCH] virtio_blk: Fix device surprise removal

by Parav Pandit

When the PCI device is surprise removed, requests won't complete from the device. These IOs are never completed and disk deletion hangs indefinitely. Fix it by aborting the IOs which the device will never complete when the VQ is broken. With this fix now fio completes swiftly. An alternative of IO timeout has been considered, however when the driver knows about unresponsive block device, swiftly clearing them enables users and upper layers to react quickly. Verified with multiple device unplug cycles with pending IOs in virtio used ring and some pending with device. In future instead of VQ broken, a more elegant method can be used. At the moment the patch is kept to its minimal changes given its urgency to fix broken kernels. Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") Cc: stable(a)vger.kernel.org Reported-by: lirongqing(a)baidu.com Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… Co-developed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Signed-off-by: Chaitanya Kulkarni <kch(a)nvidia.com> Signed-off-by: Parav Pandit <parav(a)nvidia.com> --- drivers/block/virtio_blk.c | 54 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index 2bf14a0e2815..59b49899b229 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -1562,10 +1562,64 @@ static int virtblk_probe(struct virtio_device *vdev) return err; } +static bool virtblk_cancel_request(struct request *rq, void *data) +{ + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); + + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) + blk_mq_complete_request(rq); + + return true; +} + +static void virtblk_cleanup_reqs(struct virtio_blk *vblk) +{ + struct virtio_blk_vq *blk_vq; + struct request_queue *q; + struct virtqueue *vq; + unsigned long flags; + int i; + + vq = vblk->vqs[0].vq; + if (!virtqueue_is_broken(vq)) + return; + + q = vblk->disk->queue; + /* Block upper layer to not get any new requests */ + blk_mq_quiesce_queue(q); + + for (i = 0; i < vblk->num_vqs; i++) { + blk_vq = &vblk->vqs[i]; + + /* Synchronize with any ongoing virtblk_poll() which may be + * completing the requests to uppper layer which has already + * crossed the broken vq check. + */ + spin_lock_irqsave(&blk_vq->lock, flags); + spin_unlock_irqrestore(&blk_vq->lock, flags); + } + + blk_sync_queue(q); + + /* Complete remaining pending requests with error */ + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_cancel_request, vblk); + blk_mq_tagset_wait_completed_request(&vblk->tag_set); + + /* + * Unblock any pending dispatch I/Os before we destroy device. From + * del_gendisk() -> __blk_mark_disk_dead(disk) will set GD_DEAD flag, + * that will make sure any new I/O from bio_queue_enter() to fail. + */ + blk_mq_unquiesce_queue(q); +} + static void virtblk_remove(struct virtio_device *vdev) { struct virtio_blk *vblk = vdev->priv; + virtblk_cleanup_reqs(vblk); + /* Make sure no work handler is accessing the device. */ flush_work(&vblk->config_work); -- 2.34.1

1 year, 6 months

4
12
0 0

[PATCH AUTOSEL 6.7 01/23] wifi: cfg80211: fix missing interfaces when dumping

by Sasha Levin

From: Michal Kazior <michal(a)plume.com> [ Upstream commit a6e4f85d3820d00694ed10f581f4c650445dbcda ] The nl80211_dump_interface() supports resumption in case nl80211_send_iface() doesn't have the resources to complete its work. The logic would store the progress as iteration offsets for rdev and wdev loops. However the logic did not properly handle resumption for non-last rdev. Assuming a system with 2 rdevs, with 2 wdevs each, this could happen: dump(cb=[0, 0]): if_start=cb[1] (=0) send rdev0.wdev0 -> ok send rdev0.wdev1 -> yield cb[1] = 1 dump(cb=[0, 1]): if_start=cb[1] (=1) send rdev0.wdev1 -> ok // since if_start=1 the rdev0.wdev0 got skipped // through if_idx < if_start send rdev1.wdev1 -> ok The if_start needs to be reset back to 0 upon wdev loop end. The problem is actually hard to hit on a desktop, and even on most routers. The prerequisites for this manifesting was: - more than 1 wiphy - a few handful of interfaces - dump without rdev or wdev filter I was seeing this with 4 wiphys 9 interfaces each. It'd miss 6 interfaces from the last wiphy reported to userspace. Signed-off-by: Michal Kazior <michal(a)plume.com> Link: https://msgid.link/20240116142340.89678-1-kazikcz@gmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 1cbbb11ea503..fbf95b7ff6b4 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4008,6 +4008,7 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback * } wiphy_unlock(&rdev->wiphy); + if_start = 0; wp_idx++; } out: -- 2.43.0

1 year, 6 months

3
24
0 0

[PATCH AUTOSEL 6.1 01/27] PCI: Only override AMD USB controller if required

by Sasha Levin

From: "Guilherme G. Piccoli" <gpiccoli(a)igalia.com> [ Upstream commit e585a37e5061f6d5060517aed1ca4ccb2e56a34c ] By running a Van Gogh device (Steam Deck), the following message was noticed in the kernel log: pci 0000:04:00.3: PCI class overridden (0x0c03fe -> 0x0c03fe) so dwc3 driver can claim this instead of xhci Effectively this means the quirk executed but changed nothing, since the class of this device was already the proper one (likely adjusted by newer firmware versions). Check and perform the override only if necessary. Link: https://lore.kernel.org/r/20231120160531.361552-1-gpiccoli@igalia.com Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: Vicki Pfau <vi(a)endrift.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 8765544bac35..75b297c15cf5 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -607,10 +607,13 @@ static void quirk_amd_dwc_class(struct pci_dev *pdev) { u32 class = pdev->class; - /* Use "USB Device (not host controller)" class */ - pdev->class = PCI_CLASS_SERIAL_USB_DEVICE; - pci_info(pdev, "PCI class overridden (%#08x -> %#08x) so dwc3 driver can claim this instead of xhci\n", - class, pdev->class); + if (class != PCI_CLASS_SERIAL_USB_DEVICE) { + /* Use "USB Device (not host controller)" class */ + pdev->class = PCI_CLASS_SERIAL_USB_DEVICE; + pci_info(pdev, + "PCI class overridden (%#08x -> %#08x) so dwc3 driver can claim this instead of xhci\n", + class, pdev->class); + } } DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_NL_USB, quirk_amd_dwc_class); -- 2.43.0

1 year, 6 months

2
28
0 0

[PATCH AUTOSEL 5.10 1/8] wifi: cfg80211: fix missing interfaces when dumping

by Sasha Levin

From: Michal Kazior <michal(a)plume.com> [ Upstream commit a6e4f85d3820d00694ed10f581f4c650445dbcda ] The nl80211_dump_interface() supports resumption in case nl80211_send_iface() doesn't have the resources to complete its work. The logic would store the progress as iteration offsets for rdev and wdev loops. However the logic did not properly handle resumption for non-last rdev. Assuming a system with 2 rdevs, with 2 wdevs each, this could happen: dump(cb=[0, 0]): if_start=cb[1] (=0) send rdev0.wdev0 -> ok send rdev0.wdev1 -> yield cb[1] = 1 dump(cb=[0, 1]): if_start=cb[1] (=1) send rdev0.wdev1 -> ok // since if_start=1 the rdev0.wdev0 got skipped // through if_idx < if_start send rdev1.wdev1 -> ok The if_start needs to be reset back to 0 upon wdev loop end. The problem is actually hard to hit on a desktop, and even on most routers. The prerequisites for this manifesting was: - more than 1 wiphy - a few handful of interfaces - dump without rdev or wdev filter I was seeing this with 4 wiphys 9 interfaces each. It'd miss 6 interfaces from the last wiphy reported to userspace. Signed-off-by: Michal Kazior <michal(a)plume.com> Link: https://msgid.link/20240116142340.89678-1-kazikcz@gmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 0ac829c8f188..279f4977e2ee 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3595,6 +3595,7 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback * if_idx++; } + if_start = 0; wp_idx++; } out: -- 2.43.0

1 year, 6 months

2
9
0 0

[PATCH AUTOSEL 6.1 01/15] wifi: cfg80211: fix missing interfaces when dumping

by Sasha Levin

From: Michal Kazior <michal(a)plume.com> [ Upstream commit a6e4f85d3820d00694ed10f581f4c650445dbcda ] The nl80211_dump_interface() supports resumption in case nl80211_send_iface() doesn't have the resources to complete its work. The logic would store the progress as iteration offsets for rdev and wdev loops. However the logic did not properly handle resumption for non-last rdev. Assuming a system with 2 rdevs, with 2 wdevs each, this could happen: dump(cb=[0, 0]): if_start=cb[1] (=0) send rdev0.wdev0 -> ok send rdev0.wdev1 -> yield cb[1] = 1 dump(cb=[0, 1]): if_start=cb[1] (=1) send rdev0.wdev1 -> ok // since if_start=1 the rdev0.wdev0 got skipped // through if_idx < if_start send rdev1.wdev1 -> ok The if_start needs to be reset back to 0 upon wdev loop end. The problem is actually hard to hit on a desktop, and even on most routers. The prerequisites for this manifesting was: - more than 1 wiphy - a few handful of interfaces - dump without rdev or wdev filter I was seeing this with 4 wiphys 9 interfaces each. It'd miss 6 interfaces from the last wiphy reported to userspace. Signed-off-by: Michal Kazior <michal(a)plume.com> Link: https://msgid.link/20240116142340.89678-1-kazikcz@gmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 70fb14b8bab0..c259d3227a9e 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3960,6 +3960,7 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback * if_idx++; } + if_start = 0; wp_idx++; } out: -- 2.43.0

1 year, 6 months

2
16
0 0

[PATCH AUTOSEL 6.7 01/44] ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 993bf0f4c393b3667830918f9247438a8f6fdb5b ] Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-6-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index ab023d709f72..a85017a78fc8 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -842,7 +842,7 @@ mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) struct ext4_sb_info *sbi = EXT4_SB(sb); int new_order; - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_free == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) return; new_order = mb_avg_fragment_size_order(sb, -- 2.43.0

1 year, 6 months

2
45
0 0

[PATCH AUTOSEL 5.10 01/16] ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 4530b3660d396a646aad91a787b6ab37cf604b53 ] Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-7-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3babc07ae613..d7724601f42b 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1854,6 +1854,9 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, return err; ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ex.fe_start, ex.fe_len, &ex); if (max > 0) { @@ -1861,6 +1864,7 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); -- 2.43.0

1 year, 6 months

2
18
0 0

[PATCH 5.10 000/379] 5.10.210-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.210 release. There are 379 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.210-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.210-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Fix EEE implementation Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Douglas Anderson <dianders(a)chromium.org> PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> PM: runtime: add devm_pm_runtime_enable helper Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Xiang Yang <xiangyang3(a)huawei.com> Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities Miguel Ojeda <ojeda(a)kernel.org> scripts: decode_stacktrace: demangle Rust symbols Schspa Shi <schspa(a)gmail.com> scripts/decode_stacktrace.sh: support old bash version Stephen Boyd <swboyd(a)chromium.org> scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: 8250_exar: Set missing rs485_supported flag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_exar: Fill in rs485_supported Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: Add rs485_supported to uart_port Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Niklas Cassel <niklas.cassel(a)wdc.com> PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> mwifiex: Select firmware based on strapping Junxiao Bi <junxiao.bi(a)oracle.com> Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Remove i801_set_block_buffer_mode Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_rbtree: skip end interval element from gc Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Wiedmann <jwi(a)linux.ibm.com> net/af_iucv: clean up a try_then_request_module() Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix error handling in dpm_prepare() Alexey Dobriyan <adobriyan(a)gmail.com> uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Eric Dumazet <edumazet(a)google.com> tcp: add sanity checks to rx zerocopy Arjun Roy <arjunroy(a)google.com> net-zerocopy: Refactor frag-is-remappable test. Eric Dumazet <edumazet(a)google.com> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Eric Dumazet <edumazet(a)google.com> ip6_tunnel: use dev_sw_netstats_rx_add() Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Bart Van Assche <bvanassche(a)acm.org> scsi: core: Introduce enum scsi_disposition Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Stephen Rothwell <sfr(a)canb.auug.org.au> drm: using mul_u32_u32() requires linux/math64.h Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Adrian Reber <areber(a)redhat.com> tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com> xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Werner Fischer <devlists(a)wefi.net> watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix write pointers on zoned device after roll forward Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Fix tiled display misalignment Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Refer to correct stream index at loops Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Andrii Staikov <andrii.staikov(a)intel.com> i40e: Fix VF disable behavior to block all traffic Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix possible multiple reject send Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Tobias Waldekranz <tobias(a)waldekranz.com> net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25: Fix the iim compatible string Kees Cook <keescook(a)chromium.org> block/rnbd-srv: Check for unlikely string overflow Shannon Nelson <shannon.nelson(a)amd.com> ionic: pass opcode to devcmd_wait Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hou Tao <houtao1(a)huawei.com> bpf: Set uattr->batch.count as zero before batched update or deletion Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports ching Huang <ching2048(a)areca.com.tw> scsi: arcmsr: Support new PCI device IDs 1883 and 1886 Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Mukesh Ojha <quic_mojha(a)quicinc.com> PM / devfreq: Synchronize devfreq_monitor_[start/stop] Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Andrzej Hajda <andrzej.hajda(a)intel.com> debugobjects: Stop accessing objects after releasing hash bucket lock Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Jun'ichi Nomura <junichi.nomura(a)nec.com> x86/boot: Ignore NMIs during very early boot Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Mark Rutland <mark.rutland(a)arm.com> drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Markus Niebel <Markus.Niebel(a)ew.tq-group.com> drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Omar Sandoval <osandov(a)fb.com> btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted Nikolay Borisov <nborisov(a)suse.com> btrfs: remove err variable from btrfs_delete_subvolume Charan Teja Kalla <quic_charante(a)quicinc.com> mm/sparsemem: fix race in accessing memory_section->usage Rolf Eike Beer <eb(a)emlix.com> mm: use __pfn_to_section() instead of open coding it Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180: fix USB wakeup interrupt types Sandeep Maheswaram <sanm(a)codeaurora.org> arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 Lukas Schauer <lukas(a)schauer.dev> pipe: wakeup wr_wait after setting max_usage Max Kellermann <max.kellermann(a)ionos.com> fs/pipe: move check to pipe_has_watch_queue() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix possible deadlocks in core system-wide PM code Li zeming <zeming(a)nfschina.com> PM: core: Remove unnecessary (void *) conversions Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Avoid calling put_device() under dpm_list_mtx Bjorn Helgaas <bhelgaas(a)google.com> PM: sleep: Use dev_printk() when possible Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix atomic_flush check Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix a memory corruption Bernd Edlinger <bernd.edlinger(a)hotmail.de> exec: Fix error handling in begin_new_exec() Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: fix the udp_tunnel_nic test Jenishkumar Maheshbhai Patel <jpatel2(a)marvell.com> net: mvpp2: clear BM pool before initialization Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Zhengchao Shao <shaozhengchao(a)huawei.com> ipv6: init the accept_queue's spinlocks in inet6_create Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Wait for FLR to complete during probe Zhengchao Shao <shaozhengchao(a)huawei.com> tcp: make sure init the accept_queue's spinlocks once Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Paolo Bonzini <pbonzini(a)redhat.com> KVM: use __vcalloc for very large allocations Paolo Bonzini <pbonzini(a)redhat.com> mm: vmalloc: introduce array allocation functions Kees Cook <keescook(a)chromium.org> smb3: Replace smb2pdu 1-element arrays with flex-arrays Kees Cook <keescook(a)chromium.org> stddef: Introduce DECLARE_FLEX_ARRAY() helper Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Remove special-casing of compound pages Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Mario Limonciello <mario.limonciello(a)amd.com> rtc: Adjust failure return code for cmos_set_alarm() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mmc: mmc_spi: remove custom DMA mapped buffers Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Vegard Nossum <vegard.nossum(a)oracle.com> scripts/get_abi: fix source path leak Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Introduce async_schedule_dev_nocall() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Split async_schedule_node_domain() Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Drop chan lock before queuing buffers Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: fix NULL pointer in channel unregistration function Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Enable internal vref if external vref is not supplied Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Allow users to configure device events Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Set alert bit in config register Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add check for unsupported SPI modes during probe Oleksij Rempel <linux(a)rempel-privat.de> spi: introduce SPI_MODE_X_MASK macro Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: set safe default SPI clock frequency Daniel Lezcano <daniel.lezcano(a)linaro.org> units: add the HZ macros Daniel Lezcano <daniel.lezcano(a)linaro.org> units: change from 'L' to 'UL' qizhong cheng <qizhong.cheng(a)mediatek.com> PCI: mediatek: Clear interrupt status before dispatching handler Frank Li <Frank.Li(a)nxp.com> usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix iso transfer error when mult is not zero Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix uvc failure work since sg support enabled Pawel Laszczak <pawell(a)cadence.com> usb: cdns3: Fixes for sparse warnings ------------- Diffstat: Documentation/ABI/testing/sysfs-class-net-queues | 22 +- .../ABI/testing/sysfs-class-net-statistics | 48 ++-- .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Documentation/filesystems/directory-locking.rst | 29 +-- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 ++ Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/exynos4210-i9100.dts | 8 + arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 ++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++- arch/arm64/boot/dts/qcom/sc7180.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kernel/entry.S | 8 +- arch/arm64/kernel/perf_event.c | 6 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/kernel/elf.c | 6 + arch/mips/mm/init.c | 15 +- arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 3 - arch/powerpc/kernel/traps.c | 2 + arch/powerpc/kvm/book3s_hv_uvmem.c | 2 +- arch/powerpc/lib/sstep.c | 10 + arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/powerpc/mm/kasan/kasan_init_32.c | 1 + arch/s390/crypto/aes_s390.c | 4 +- arch/s390/crypto/paes_s390.c | 4 +- arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/boot/compressed/ident_map_64.c | 5 + arch/x86/boot/compressed/idt_64.c | 1 + arch/x86/boot/compressed/idt_handlers_64.S | 1 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/include/asm/syscall_wrapper.h | 25 +- arch/x86/kernel/cpu/mce/core.c | 16 ++ arch/x86/kvm/mmu/page_track.c | 2 +- arch/x86/kvm/x86.c | 4 +- arch/x86/mm/ident_map.c | 23 +- block/bio.c | 9 +- block/blk-iocost.c | 7 + block/blk-mq.c | 16 ++ crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/acpi/apei/ghes.c | 29 ++- drivers/android/binder.c | 10 + drivers/ata/libata-eh.c | 2 +- drivers/atm/idt77252.c | 2 + drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 251 +++++++++++---------- drivers/base/power/runtime.c | 22 ++ drivers/block/rbd.c | 22 +- drivers/block/rnbd/rnbd-srv.c | 19 +- drivers/bluetooth/hci_qca.c | 1 + drivers/bus/mhi/host/main.c | 4 + drivers/bus/moxtet.c | 7 + drivers/char/hw_random/core.c | 36 +-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/crypto/ccp/sev-dev.c | 10 +- drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/devfreq/devfreq.c | 24 +- drivers/dma/dmaengine.c | 3 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 +-- drivers/dma/ti/k3-udma.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/gpio/gpio-eic-sprd.c | 32 ++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- .../amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 + drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dp/dp_link.c | 12 +- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/tidss/tidss_crtc.c | 10 +- drivers/hid/hid-apple.c | 33 ++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-quirks.c | 1 + drivers/hid/wacom_sys.c | 63 ++++-- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++-- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7091r-base.c | 173 +++++++++++++- drivers/iio/adc/ad7091r-base.h | 8 + drivers/iio/adc/ad7091r5.c | 29 +-- drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 +- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/md.c | 54 ++++- drivers/md/raid5.c | 12 - drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 6 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/mmc/core/block.c | 46 +++- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/mmc_spi.c | 186 +-------------- drivers/net/bonding/bond_alb.c | 3 +- drivers/net/dsa/mv88e6xxx/chip.h | 4 +- drivers/net/dsa/mv88e6xxx/serdes.c | 8 +- drivers/net/dsa/mv88e6xxx/serdes.h | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 +++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 +++++++-------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++++----- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +---- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 ++++++------ drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 ++- .../mellanox/mlx5/core/steering/dr_action.c | 1 + .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 ++++- drivers/net/fjes/fjes_hw.c | 37 ++- drivers/net/hyperv/netvsc.c | 5 +- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 67 +++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 8 + drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 + .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 ++++---- drivers/of/property.c | 2 +- drivers/of/unittest.c | 12 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 2 + drivers/pci/controller/pcie-mediatek.c | 10 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 +- drivers/pci/switch/switchtec.c | 25 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 52 +++-- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/rtc/rtc-cmos.c | 4 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/arcmsr/arcmsr.h | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 + drivers/scsi/device_handler/scsi_dh_alua.c | 4 +- drivers/scsi/device_handler/scsi_dh_emc.c | 4 +- drivers/scsi/device_handler/scsi_dh_rdac.c | 4 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/scsi/scsi_error.c | 73 +++--- drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/scsi_priv.h | 4 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/8250/8250_core.c | 1 + drivers/tty/serial/8250/8250_exar.c | 13 ++ drivers/tty/serial/max310x.c | 21 +- drivers/tty/serial/sc16is7xx.c | 8 +- drivers/tty/tty_ioctl.c | 4 +- drivers/usb/cdns3/ep0.c | 4 +- drivers/usb/cdns3/gadget.c | 152 +++++++++---- drivers/usb/cdns3/gadget.h | 3 + drivers/usb/core/hub.c | 34 +-- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/vhost/vhost.c | 5 +- drivers/watchdog/it87_wdt.c | 14 +- drivers/xen/gntdev-dmabuf.c | 54 ++--- fs/afs/callback.c | 3 +- fs/afs/dir.c | 8 + fs/afs/server.c | 7 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/inode.c | 43 ++-- fs/btrfs/ioctl.c | 12 + fs/btrfs/qgroup.c | 14 ++ fs/btrfs/ref-verify.c | 6 +- fs/btrfs/send.c | 2 +- fs/btrfs/tree-checker.c | 2 +- fs/ceph/caps.c | 12 +- fs/cifs/smb2misc.c | 2 +- fs/cifs/smb2ops.c | 14 +- fs/cifs/smb2pdu.c | 13 +- fs/cifs/smb2pdu.h | 42 ++-- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/exec.c | 3 + fs/ext4/mballoc.c | 26 ++- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 +-- fs/f2fs/recovery.c | 25 +- fs/ioctl.c | 3 +- fs/jfs/jfs_dmap.c | 57 ++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 + fs/namei.c | 60 +++-- fs/nfsd/nfs4state.c | 61 ++--- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/pipe.c | 19 +- fs/pstore/ram.c | 1 + fs/ubifs/dir.c | 2 + include/drm/drm_color_mgmt.h | 1 + include/drm/drm_mipi_dsi.h | 2 + include/linux/async.h | 2 + include/linux/bpf.h | 6 +- include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/linux/lsm_hook_defs.h | 2 + include/linux/mmc/sdio_ids.h | 1 + include/linux/mmzone.h | 18 +- include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/pci_ids.h | 1 + include/linux/pipe_fs_i.h | 16 ++ include/linux/pm_runtime.h | 8 + include/linux/security.h | 9 + include/linux/serial_core.h | 1 + include/linux/spi/spi.h | 1 + include/linux/stddef.h | 13 ++ include/linux/syscalls.h | 1 + include/linux/units.h | 10 +- include/linux/vmalloc.h | 5 + include/net/af_unix.h | 20 +- include/net/inet_connection_sock.h | 8 + include/net/llc_pdu.h | 6 +- include/net/netfilter/nf_tables.h | 4 +- include/scsi/scsi.h | 21 +- include/scsi/scsi_dh.h | 3 +- include/scsi/scsi_eh.h | 2 +- include/uapi/linux/btrfs.h | 3 + include/uapi/linux/netfilter/nf_tables.h | 2 + include/uapi/linux/stddef.h | 23 ++ kernel/async.c | 85 +++++-- kernel/audit.c | 31 ++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/bpf/syscall.c | 6 + kernel/events/core.c | 38 +++- kernel/power/swap.c | 38 ++-- kernel/sched/membarrier.c | 9 + kernel/time/clocksource.c | 25 +- kernel/time/hrtimer.c | 17 +- kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +++---- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- lib/debugobjects.c | 204 +++++++---------- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/sparse.c | 17 +- mm/util.c | 50 ++++ net/8021q/vlan_netlink.c | 4 + net/bluetooth/l2cap_core.c | 3 +- net/can/j1939/j1939-priv.h | 1 + net/can/j1939/socket.c | 22 +- net/core/request_sock.c | 3 - net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/ipv4/af_inet.c | 9 +- net/ipv4/inet_connection_sock.c | 4 + net/ipv4/ip_output.c | 12 +- net/ipv4/ip_tunnel_core.c | 2 +- net/ipv4/tcp.c | 45 +++- net/ipv6/addrconf_core.c | 21 +- net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_tunnel.c | 28 ++- net/iucv/af_iucv.c | 14 +- net/llc/af_llc.c | 26 ++- net/llc/llc_core.c | 7 - net/mac80211/tx.c | 3 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 20 +- net/netfilter/nft_byteorder.c | 5 +- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_compat.c | 23 +- net/netfilter/nft_ct.c | 27 +++ net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_set_pipapo.c | 108 ++++----- net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/netfilter/nft_set_rbtree.c | 6 +- net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 ++-- net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/wireless/scan.c | 4 + scripts/decode_stacktrace.sh | 64 +++++- scripts/get_abi.pl | 2 +- scripts/kernel-doc | 3 +- scripts/link-vmlinux.sh | 9 +- scripts/mod/sumversion.c | 7 +- security/security.c | 32 ++- security/selinux/hooks.c | 28 +++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/hda/hdac_stream.c | 9 +- sound/hda/intel-dsp-config.c | 10 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 18 ++ sound/pci/hda/patch_realtek.c | 3 + sound/soc/codecs/rt5645.c | 1 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/prog_tests/btf.c | 1 + tools/testing/selftests/bpf/progs/pyperf180.c | 22 ++ .../drivers/net/netdevsim/udp_tunnel_nic.sh | 9 + tools/testing/selftests/net/pmtu.sh | 18 +- virt/kvm/kvm_main.c | 4 +- 424 files changed, 4092 insertions(+), 2224 deletions(-)

1 year, 6 months

7
386
0 0

[PATCH net] l2tp: pass correct message length to ip6_append_data

by Tom Parkin

l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. Fixes: 9d4c75800f61 ("ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()") Cc: David Howells <dhowells(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Tom Parkin <tparkin(a)katalix.com> --- This issue was uncovered by Debian build-testing for the golang-github-katalix-go-l2tp package[1]. It seems 9d4c75800f61 has been backported to the linux-6.1.y stable kernel (and possibly others), so I think this fix will also need backporting. The bug is currently seen on at least Debian Bookworm, Ubuntu Jammy, and Debian testing/unstable. Unfortunately tests using "ip l2tp" and which focus on dataplane transport will not uncover this bug: it's necessary to send a packet using an L2TPIP6 socket opened by userspace, and to verify the packet on the wire. The l2tp-ktest[2] test suite has been extended to cover this. [1]. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063746 [2]. https://github.com/katalix/l2tp-ktest --- net/l2tp/l2tp_ip6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index dd3153966173..7bf14cf9ffaa 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c @@ -627,7 +627,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) back_from_confirm: lock_sock(sk); - ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; + ulen = len + (skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0); err = ip6_append_data(sk, ip_generic_getfrag, msg, ulen, transhdrlen, &ipc6, &fl6, (struct rt6_info *)dst, -- 2.34.1

1 year, 6 months

3
2
0 0

[PATCH] drm/ttm: Fix an invalid freeing on already freed page in error path

by Thomas Hellström

If caching mode change fails due to, for example, OOM we free the allocated pages in a two-step process. First the pages for which the caching change has already succeeded. Secondly the pages for which a caching change did not succeed. However the second step was incorrectly freeing the pages already freed in the first step. Fix. Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Fixes: 379989e7cbdc ("drm/ttm/pool: Fix ttm_pool_alloc error path") Cc: Christian König <christian.koenig(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Christian Koenig <christian.koenig(a)amd.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.4+ --- drivers/gpu/drm/ttm/ttm_pool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/ttm_pool.c b/drivers/gpu/drm/ttm/ttm_pool.c index b62f420a9f96..112438d965ff 100644 --- a/drivers/gpu/drm/ttm/ttm_pool.c +++ b/drivers/gpu/drm/ttm/ttm_pool.c @@ -387,7 +387,7 @@ static void ttm_pool_free_range(struct ttm_pool *pool, struct ttm_tt *tt, enum ttm_caching caching, pgoff_t start_page, pgoff_t end_page) { - struct page **pages = tt->pages; + struct page **pages = &tt->pages[start_page]; unsigned int order; pgoff_t i, nr; -- 2.43.0

1 year, 6 months

3
5
0 0

[PATCH] crypto: arm64/neonbs - fix out-of-bounds access on short input

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON glue code will copy inputs shorter than 16 bytes into a temporary buffer, given that this is a rare occurrence and it is not worth the effort to work around this in the asm code. The fallback from the bit-sliced NEON version fails to take this into account, potentially resulting in out-of-bounds accesses. So clone the same workaround, and use a temp buffer for short in/outputs. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+f1ceaa1a09ab891e1934(a)syzkaller.appspotmail.com Tested-by: syzbot+f1ceaa1a09ab891e1934(a)syzkaller.appspotmail.com Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/arm64/crypto/aes-neonbs-glue.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c index bac4cabef607..849dc41320db 100644 --- a/arch/arm64/crypto/aes-neonbs-glue.c +++ b/arch/arm64/crypto/aes-neonbs-glue.c @@ -227,8 +227,19 @@ static int ctr_encrypt(struct skcipher_request *req) src += blocks * AES_BLOCK_SIZE; } if (nbytes && walk.nbytes == walk.total) { + u8 buf[AES_BLOCK_SIZE]; + u8 *d = dst; + + if (unlikely(nbytes < AES_BLOCK_SIZE)) + src = dst = memcpy(buf + sizeof(buf) - nbytes, + src, nbytes); + neon_aes_ctr_encrypt(dst, src, ctx->enc, ctx->key.rounds, nbytes, walk.iv); + + if (unlikely(nbytes < AES_BLOCK_SIZE)) + memcpy(d, buf + sizeof(buf) - nbytes, nbytes); + nbytes = 0; } kernel_neon_end(); -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

4
4
0 0

[PATCH 3/3] drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects'

by Srinivasan Shanmugam

The is_psr_su parameter is a boolean flag indicating whether the Panel Self Refresh Selective Update (PSR SU) feature is enabled which is a power-saving feature that allows only the updated regions of the screen to be refreshed, reducing the amount of data that needs to be sent to the display. Fixes the below with gcc W=1: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:5257: warning: Function parameter or member 'is_psr_su' not described in 'fill_dc_dirty_rects' Fixes: 13d6b0812e58 ("drm/amdgpu: make damage clips support configurable") Cc: stable(a)vger.kernel.org Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index ed4873060da7..379836383ea9 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -5234,6 +5234,10 @@ static inline void fill_dc_dirty_rect(struct drm_plane *plane, * @new_plane_state: New state of @plane * @crtc_state: New state of CRTC connected to the @plane * @flip_addrs: DC flip tracking struct, which also tracts dirty rects + * @is_psr_su: Flag indicating whether Panel Self Refresh Selective Update (PSR SU) is enabled. + * If PSR SU is enabled and damage clips are available, only the regions of the screen + * that have changed will be updated. If PSR SU is not enabled, + * or if damage clips are not available, the entire screen will be updated. * @dirty_regions_changed: dirty regions changed * * For PSR SU, DC informs the DMUB uController of dirty rectangle regions -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH v2] erofs: fix refcount on the metabuf used for inode lookup

by Sandeep Dhavale

In erofs_find_target_block() when erofs_dirnamecmp() returns 0, we do not assign the target metabuf. This causes the caller erofs_namei()'s erofs_put_metabuf() at the end to be not effective leaving the refcount on the page. As the page from metabuf (buf->page) is never put, such page cannot be migrated or reclaimed. Fix it now by putting the metabuf from previous loop and assigning the current metabuf to target before returning so caller erofs_namei() can do the final put as it was intended. Fixes: 500edd095648 ("erofs: use meta buffers for inode lookup") Cc: stable(a)vger.kernel.org Signed-off-by: Sandeep Dhavale <dhavale(a)google.com> --- Changes since v1 - Rearrange the cases as suggested by Gao so there is less duplication of the code and it is more readable fs/erofs/namei.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/fs/erofs/namei.c b/fs/erofs/namei.c index d4f631d39f0f..f0110a78acb2 100644 --- a/fs/erofs/namei.c +++ b/fs/erofs/namei.c @@ -130,24 +130,24 @@ static void *erofs_find_target_block(struct erofs_buf *target, /* string comparison without already matched prefix */ diff = erofs_dirnamecmp(name, &dname, &matched); - if (!diff) { - *_ndirents = 0; - goto out; - } else if (diff > 0) { - head = mid + 1; - startprfx = matched; - - if (!IS_ERR(candidate)) - erofs_put_metabuf(target); - *target = buf; - candidate = de; - *_ndirents = ndirents; - } else { + if (diff < 0) { erofs_put_metabuf(&buf); - back = mid - 1; endprfx = matched; + continue; + } + + if (!IS_ERR(candidate)) + erofs_put_metabuf(target); + *target = buf; + if (!diff) { + *_ndirents = 0; + return de; } + head = mid + 1; + startprfx = matched; + candidate = de; + *_ndirents = ndirents; continue; } out: /* free if the candidate is valid */ -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

4
3
0 0

Investment in your company

by Stephanie Oestreich

1 year, 6 months

1
0
0 0

Re: [PATCH 6.1] Backport the fix for CVE-2024-23851 to v6.1

by Greg KH

On Wed, Feb 21, 2024 at 10:52:41AM -0800, He Gao wrote: > I used "git apply" and it required the change. But "patch" can work > directly so yes the original patch works fine. > > In that case, I believe the original patch will also work for 6.6 and 6.7. Great, all done, thanks! greg k-h

1 year, 6 months

1
0
0 0

[PATCH v2 stable] memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()

by GONG, Ruiqi

commit 1a3e1f40962c445b997151a542314f3c6097f8c3 upstream. NOTE: This is a partial backport since we only need the refcnt between memcg and stock to fix the problem stated below, and in this way multiple versions use the same code and align with each other. --- There was a kernel panic happened on an in-house environment running 3.10, and the same problem was reproduced on 4.19: general protection fault: 0000 [#1] SMP PTI CPU: 1 PID: 2085 Comm: bash Kdump: loaded Tainted: G L 4.19.90+ #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010 drain_all_stock+0xad/0x140 Code: 00 00 4d 85 ff 74 2c 45 85 c9 74 27 4d 39 fc 74 42 41 80 bc 24 28 04 00 00 00 74 17 49 8b 04 24 49 8b 17 48 8b 88 90 02 00 00 <48> 39 8a 90 02 00 00 74 02 eb 86 48 63 88 3c 01 00 00 39 8a 3c 01 RSP: 0018:ffffa7efc5813d70 EFLAGS: 00010202 RAX: ffff8cb185548800 RBX: ffff8cb89f420160 RCX: ffff8cb1867b6000 RDX: babababababababa RSI: 0000000000000001 RDI: 0000000000231876 RBP: 0000000000000000 R08: 0000000000000415 R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8cb186f89040 R13: 0000000000020160 R14: 0000000000000001 R15: ffff8cb186b27040 FS: 00007f4a308d3740(0000) GS:ffff8cb89f440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe4d634a68 CR3: 000000010b022000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mem_cgroup_force_empty_write+0x31/0xb0 cgroup_file_write+0x60/0x140 ? __check_object_size+0x136/0x147 kernfs_fop_write+0x10e/0x190 __vfs_write+0x37/0x1b0 ? selinux_file_permission+0xe8/0x130 ? security_file_permission+0x2e/0xb0 vfs_write+0xb6/0x1a0 ksys_write+0x57/0xd0 do_syscall_64+0x63/0x250 ? async_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 Modules linked in: ... It is found that in case of stock->nr_pages == 0, the memcg on stock->cached could be freed due to its refcnt decreased to 0, which made stock->cached become a dangling pointer. It could cause a UAF problem in drain_all_stock() in the following concurrent scenario. Note that drain_all_stock() doesn't disable irq but only preemption. CPU1 CPU2 ============================================================================== stock->cached = memcgA (freed) drain_all_stock(memcgB) rcu_read_lock() memcg = CPU1's stock->cached (memcgA) (interrupted) refill_stock(memcgC) drain_stock(memcgA) stock->cached = memcgC stock->nr_pages += xxx (> 0) stock->nr_pages > 0 mem_cgroup_is_descendant(memcgA, memcgB) [UAF] rcu_read_unlock() This problem is, unintentionally, fixed at 5.9, where commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") adds memcg refcnt for stock. Therefore affected LTS versions include 4.19 and 5.4. For 4.19, memcg's css offline process doesn't call drain_all_stock(). so it's easier for the released memcg to be left on the stock. For 5.4, although mem_cgroup_css_offline() does call drain_all_stock(), but the flushing could be skipped when stock->nr_pages happens to be 0, and besides the async draining could be delayed and take place after the UAF problem has happened. Fix this problem by adding (and decreasing) memcg's refcnt when memcg is put onto (and removed from) stock, just like how commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") does. After all, "being on the stock" is a kind of reference with regards to memcg. As such, it's guaranteed that a css on stock would not be freed. It's good to mention that refill_stock() is executed in an irq-disabled context, so the drain_stock() patched with css_put() would not actually free memcgA until the end of refill_stock(), since css_put() is an RCU free and it's still in grace period. For CPU2, the access to CPU1's stock->cached is protected by rcu_read_lock(), so in this case it gets either NULL from stock->cached or a memcgA that is still good. Cc: stable(a)vger.kernel.org # 4.19 5.4 Fixes: cdec2e4265df ("memcg: coalesce charging via percpu storage") Signed-off-by: GONG, Ruiqi <gongruiqi1(a)huawei.com> Acked-by: Michal Hocko <mhocko(a)suse.com> --- v2: - Add a statement of this patch being a partial backport - Add a paragraph to mention the grace period in refill_stock() mm/memcontrol.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 5a366cf79821..8c04296df1c7 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -2015,6 +2015,9 @@ static void drain_stock(struct memcg_stock_pcp *stock) { struct mem_cgroup *old = stock->cached; + if (!old) + return; + if (stock->nr_pages) { page_counter_uncharge(&old->memory, stock->nr_pages); if (do_memsw_account()) @@ -2022,6 +2025,8 @@ static void drain_stock(struct memcg_stock_pcp *stock) css_put_many(&old->css, stock->nr_pages); stock->nr_pages = 0; } + + css_put(&old->css); stock->cached = NULL; } @@ -2057,6 +2062,7 @@ static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages) stock = this_cpu_ptr(&memcg_stock); if (stock->cached != memcg) { /* reset if necessary */ drain_stock(stock); + css_get(&memcg->css); stock->cached = memcg; } stock->nr_pages += nr_pages; -- 2.25.1

1 year, 6 months

1
0
0 0

[PATCH stable] memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()

by GONG, Ruiqi

commit 1a3e1f40962c445b997151a542314f3c6097f8c3 upstream. There was a kernel panic happened on an in-house environment running 3.10, and the same problem was reproduced on 4.19: general protection fault: 0000 [#1] SMP PTI CPU: 1 PID: 2085 Comm: bash Kdump: loaded Tainted: G L 4.19.90+ #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010 drain_all_stock+0xad/0x140 Code: 00 00 4d 85 ff 74 2c 45 85 c9 74 27 4d 39 fc 74 42 41 80 bc 24 28 04 00 00 00 74 17 49 8b 04 24 49 8b 17 48 8b 88 90 02 00 00 <48> 39 8a 90 02 00 00 74 02 eb 86 48 63 88 3c 01 00 00 39 8a 3c 01 RSP: 0018:ffffa7efc5813d70 EFLAGS: 00010202 RAX: ffff8cb185548800 RBX: ffff8cb89f420160 RCX: ffff8cb1867b6000 RDX: babababababababa RSI: 0000000000000001 RDI: 0000000000231876 RBP: 0000000000000000 R08: 0000000000000415 R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8cb186f89040 R13: 0000000000020160 R14: 0000000000000001 R15: ffff8cb186b27040 FS: 00007f4a308d3740(0000) GS:ffff8cb89f440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe4d634a68 CR3: 000000010b022000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mem_cgroup_force_empty_write+0x31/0xb0 cgroup_file_write+0x60/0x140 ? __check_object_size+0x136/0x147 kernfs_fop_write+0x10e/0x190 __vfs_write+0x37/0x1b0 ? selinux_file_permission+0xe8/0x130 ? security_file_permission+0x2e/0xb0 vfs_write+0xb6/0x1a0 ksys_write+0x57/0xd0 do_syscall_64+0x63/0x250 ? async_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 Modules linked in: ... It is found that in case of stock->nr_pages == 0, the memcg on stock->cached could be freed due to its refcnt decreased to 0, which made stock->cached become a dangling pointer. It could cause a UAF problem in drain_all_stock() in the following concurrent scenario. Note that drain_all_stock() doesn't disable irq but only preemption. CPU1 CPU2 ============================================================================== stock->cached = memcgA (freed) drain_all_stock(memcgB) rcu_read_lock() memcg = CPU1's stock->cached (memcgA) (interrupted) refill_stock(memcgC) drain_stock(memcgA) stock->cached = memcgC stock->nr_pages += xxx (> 0) stock->nr_pages > 0 mem_cgroup_is_descendant(memcgA, memcgB) [UAF] rcu_read_unlock() This problem is, unintenionally, fixed at 5.9, where commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") adds memcg refcnt for stock. Therefore affected LTS versions include 4.19 and 5.4. For 4.19, memcg's css offline process doesn't call drain_all_stock(). so it's easier for the released memcg to be left on the stock. For 5.4, although mem_cgroup_css_offline() does call drain_all_stock(), but the flushing could be skipped when stock->nr_pages happens to be 0, and besides the async draining could be delayed and take place after the UAF problem has happened. Fix this problem by adding (and decreasing) memcg's refcnt when memcg is put onto (and removed from) stock, just like how commit 1a3e1f40962c ("mm: memcontrol: decouple reference counting from page accounting") does. After all, "being on the stock" is a kind of reference with regards to memcg. As such, it's guaranteed that a css on stock would not be freed. Cc: stable(a)vger.kernel.org # 4.19 5.4 Fixes: cdec2e4265df ("memcg: coalesce charging via percpu storage") Signed-off-by: GONG, Ruiqi <gongruiqi1(a)huawei.com> --- mm/memcontrol.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 5a366cf79821..8c04296df1c7 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -2015,6 +2015,9 @@ static void drain_stock(struct memcg_stock_pcp *stock) { struct mem_cgroup *old = stock->cached; + if (!old) + return; + if (stock->nr_pages) { page_counter_uncharge(&old->memory, stock->nr_pages); if (do_memsw_account()) @@ -2022,6 +2025,8 @@ static void drain_stock(struct memcg_stock_pcp *stock) css_put_many(&old->css, stock->nr_pages); stock->nr_pages = 0; } + + css_put(&old->css); stock->cached = NULL; } @@ -2057,6 +2062,7 @@ static void refill_stock(struct mem_cgroup *memcg, unsigned int nr_pages) stock = this_cpu_ptr(&memcg_stock); if (stock->cached != memcg) { /* reset if necessary */ drain_stock(stock); + css_get(&memcg->css); stock->cached = memcg; } stock->nr_pages += nr_pages; -- 2.25.1

1 year, 6 months

4
9
0 0

[merged mm-stable] kasan-test-avoid-gcc-warning-for-intentional-overflow.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan/test: avoid gcc warning for intentional overflow has been removed from the -mm tree. Its filename was kasan-test-avoid-gcc-warning-for-intentional-overflow.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kasan/test: avoid gcc warning for intentional overflow Date: Mon, 12 Feb 2024 12:15:52 +0100 The out-of-bounds test allocates an object that is three bytes too short in order to validate the bounds checking. Starting with gcc-14, this causes a compile-time warning as gcc has grown smart enough to understand the sizeof() logic: mm/kasan/kasan_test.c: In function 'kmalloc_oob_16': mm/kasan/kasan_test.c:443:14: error: allocation of insufficient size '13' for type 'struct <anonymous>' with size '16' [-Werror=alloc-size] 443 | ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL); | ^ Hide the actual computation behind a RELOC_HIDE() that ensures the compiler misses the intentional bug. Link: https://lkml.kernel.org/r/20240212111609.869266-1-arnd@kernel.org Fixes: 3f15801cdc23 ("lib: add kasan test module") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/kasan/kasan_test.c~kasan-test-avoid-gcc-warning-for-intentional-overflow +++ a/mm/kasan/kasan_test.c @@ -440,7 +440,8 @@ static void kmalloc_oob_16(struct kunit /* This test is specifically crafted for the generic mode. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); - ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL); + /* RELOC_HIDE to prevent gcc from warning about short alloc */ + ptr1 = RELOC_HIDE(kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL), 0); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL); _ Patches currently in -mm which might be from arnd(a)arndb.de are mm-mmu_gather-add-tlb_remove_tlb_entries-fix.patch

1 year, 6 months

1
0
0 0

[PATCH ver.2] gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ? die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10 genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ? __pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ? genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ? __pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ? security_capable+0x9d/0xe0 Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/net/gtp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index b1919278e931f4..2129ae42c70304 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -1907,20 +1907,20 @@ static int __init gtp_init(void) if (err < 0) goto error_out; - err = genl_register_family(&gtp_genl_family); + err = register_pernet_subsys(&gtp_net_ops); if (err < 0) goto unreg_rtnl_link; - err = register_pernet_subsys(&gtp_net_ops); + err = genl_register_family(&gtp_genl_family); if (err < 0) - goto unreg_genl_family; + goto unreg_pernet_subsys; pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", sizeof(struct pdp_ctx)); return 0; -unreg_genl_family: - genl_unregister_family(&gtp_genl_family); +unreg_pernet_subsys: + unregister_pernet_subsys(&gtp_net_ops); unreg_rtnl_link: rtnl_link_unregister(&gtp_link_ops); error_out: -- 2.33.8

1 year, 6 months

4
9
0 0

[PATCH 6.6.y] riscv/efistub: Ensure GP-relative addressing is not used

by Jan Kiszka

From: Jan Kiszka <jan.kiszka(a)siemens.com> commit afb2a4fb84555ef9e61061f6ea63ed7087b295d5 upstream. The cflags for the RISC-V efistub were missing -mno-relax, thus were under the risk that the compiler could use GP-relative addressing. That happened for _edata with binutils-2.41 and kernel 6.1, causing the relocation to fail due to an invalid kernel_size in handle_kernel_image. It was not yet observed with newer versions, but that may just be luck. Cc: <stable(a)vger.kernel.org> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/efi/libstub/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index a1157c2a7170..f54715672d52 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \ -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \ -DEFI_HAVE_STRCMP -fno-builtin -fpic \ $(call cc-option,-mno-single-pic-base) -cflags-$(CONFIG_RISCV) += -fpic +cflags-$(CONFIG_RISCV) += -fpic -mno-relax cflags-$(CONFIG_LOONGARCH) += -fpie cflags-$(CONFIG_EFI_PARAMS_FROM_FDT) += -I$(srctree)/scripts/dtc/libfdt -- 2.35.3 -- Siemens AG, Technology Linux Expert Center

1 year, 6 months

1
0
0 0

[PATCH] pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name

by Krzysztof Kozlowski

Use proper model name in SM8650 LPASS pin controller Kconfig entry. Cc: <stable(a)vger.kernel.org> Fixes: c4e47673853f ("pinctrl: qcom: sm8650-lpass-lpi: add SM8650 LPASS") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/pinctrl/qcom/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/qcom/Kconfig b/drivers/pinctrl/qcom/Kconfig index e0f2829c15d6..24619e80b2cc 100644 --- a/drivers/pinctrl/qcom/Kconfig +++ b/drivers/pinctrl/qcom/Kconfig @@ -125,7 +125,7 @@ config PINCTRL_SM8550_LPASS_LPI platform. config PINCTRL_SM8650_LPASS_LPI - tristate "Qualcomm Technologies Inc SM8550 LPASS LPI pin controller driver" + tristate "Qualcomm Technologies Inc SM8650 LPASS LPI pin controller driver" depends on ARM64 || COMPILE_TEST depends on PINCTRL_LPASS_LPI help -- 2.34.1

1 year, 6 months

3
2
0 0

+ mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Date: Wed, 21 Feb 2024 12:43:58 +0100 Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/gfp.h | 9 +++++++++ mm/compaction.c | 7 +------ mm/page_alloc.c | 10 ++++++---- mm/vmscan.c | 5 ++++- 4 files changed, 20 insertions(+), 11 deletions(-) --- a/include/linux/gfp.h~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t g return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC --- a/mm/compaction.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); --- a/mm/page_alloc.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ restart: * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ retry: /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ retry: * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) --- a/mm/vmscan.c~mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations +++ a/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(stru { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0)) _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch mm-document-memalloc_noreclaim_save-and-memalloc_pin_save.patch mm-document-memalloc_noreclaim_save-and-memalloc_pin_save-v2.patch

1 year, 6 months

1
0
0 0

[PATCH 1/3] irqchip/gic-v3-its: Do not assume vPE tables are preallocated

by Oliver Upton

We go through quite a bit of trouble to make sure we pick up any preallocated LPI tables on the redistributors, as enabling LPIs is a one-way switch. There is no such restriction for vLPIs, and for GICv4.1 we expect to allocate a new vPE table at boot. This works as intended when initializing an ITS, however when setting up a redistributor in its_cpu_init_lpis() the early return for preallocated RD tables skips straight past GICv4 setup. This all comes to a head when trying to kexec into a new kernel, as the new kernel silently fails to set up GICv4, leading to a complete loss of SGIs and LPIs for KVM VMs (ouch). Slap a band-aid on the problem by ensuring its_cpu_init_lpis() always initializes GICv4 on the way out, even if the other RD tables were preallocated. Cc: stable(a)vger.kernel.org Fixes: 6479450f72c1 ("irqchip/gic-v4: Fix occasional VLPI drop") Reported-by: George Cherian <gcherian(a)marvell.com> Co-developed-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- I debated a bit on the fixes tag between the blamed commit and commit 5e5168461c22 ("irqchip/gic-v4.1: VPE table (aka GICR_VPROPBASER) allocation"), although it would appear GICv4 could be left in an unknown state after kexec too. drivers/irqchip/irq-gic-v3-its.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index d097001c1e3e..0022852ce494 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -3172,6 +3172,7 @@ static void its_cpu_init_lpis(void) val |= GICR_CTLR_ENABLE_LPIS; writel_relaxed(val, rbase + GICR_CTLR); +out: if (gic_rdists->has_vlpis && !gic_rdists->has_rvpeid) { void __iomem *vlpi_base = gic_data_rdist_vlpi_base(); @@ -3207,7 +3208,6 @@ static void its_cpu_init_lpis(void) /* Make sure the GIC has seen the above */ dsb(sy); -out: gic_data_rdist()->flags |= RD_LOCAL_LPI_ENABLED; pr_info("GICv3: CPU%d: using %s LPI pending table @%pa\n", smp_processor_id(), -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

2
1
0 0

[PATCH 0/2] RISC-V: Fix CONFIG_AS_HAS_OPTION_ARCH with tip of tree LLVM

by Nathan Chancellor

Hi all, Eric reported that builds of LLVM with [1] (close to tip of tree) have CONFIG_AS_HAS_OPTION_ARCH=n because the test for expected failure on invalid input has started succeeding. This Kconfig test was added because '.option arch' only causes an assembler warning when it is unsupported, rather than a hard error, which is what users of as-instr expect when something is unsupported. This can be resolved by turning assembler warnings into errors with '-Wa,--fatal-warnings' like we do with the compiler with '-Werror', which is what the first patch does. The second patch removes the invalid test, as the valid test is good enough with fatal warnings. I have diffed several configurations for the different architectures that use as-instr and I have found no issues. I think this could go in through either the kbuild or RISC-V tree with sufficient acks but I will let them fight over who takes it :) [1]: https://github.com/llvm/llvm-project/commit/3ac9fe69f70a2b3541266daedbaaa7d… --- Nathan Chancellor (2): kbuild: Add -Wa,--fatal-warnings to as-instr invocation RISC-V: Drop invalid test from CONFIG_AS_HAS_OPTION_ARCH arch/riscv/Kconfig | 1 - scripts/Kconfig.include | 2 +- scripts/Makefile.compiler | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) --- base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d change-id: 20240124-fix-riscv-option-arch-llvm-18-3cbe7b09a216 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 6 months

6
7
0 0

[PATCH AUTOSEL 6.1 01/28] fs/ntfs3: Modified fix directory element type detection

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 22457c047ed971f2f2e33be593ddfabd9639a409 ] Unfortunately reparse attribute is used for many purposes (several dozens). It is not possible here to know is this name symlink or not. To get exactly the type of name we should to open inode (read mft). getattr for opened file (fstat) correctly returns symlink. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/dir.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c index d4d9f4ffb6d9..c2fb76bb28f4 100644 --- a/fs/ntfs3/dir.c +++ b/fs/ntfs3/dir.c @@ -309,11 +309,31 @@ static inline int ntfs_filldir(struct ntfs_sb_info *sbi, struct ntfs_inode *ni, return 0; } - /* NTFS: symlinks are "dir + reparse" or "file + reparse" */ - if (fname->dup.fa & FILE_ATTRIBUTE_REPARSE_POINT) - dt_type = DT_LNK; - else - dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG; + /* + * NTFS: symlinks are "dir + reparse" or "file + reparse" + * Unfortunately reparse attribute is used for many purposes (several dozens). + * It is not possible here to know is this name symlink or not. + * To get exactly the type of name we should to open inode (read mft). + * getattr for opened file (fstat) correctly returns symlink. + */ + dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG; + + /* + * It is not reliable to detect the type of name using duplicated information + * stored in parent directory. + * The only correct way to get the type of name - read MFT record and find ATTR_STD. + * The code below is not good idea. + * It does additional locks/reads just to get the type of name. + * Should we use additional mount option to enable branch below? + */ + if ((fname->dup.fa & FILE_ATTRIBUTE_REPARSE_POINT) && + ino != ni->mi.rno) { + struct inode *inode = ntfs_iget5(sbi->sb, &e->ref, NULL); + if (!IS_ERR_OR_NULL(inode)) { + dt_type = fs_umode_to_dtype(inode->i_mode); + iput(inode); + } + } return !dir_emit(ctx, (s8 *)name, name_len, ino, dt_type); } -- 2.43.0

1 year, 6 months

3
31
0 0

[PATCH v1] drivers/i915/intel_bios: Fix parsing backlight BDB data

by Karthikeyan Ramasubramanian

Starting BDB version 239, hdr_dpcd_refresh_timeout is introduced to backlight BDB data. Commit 700034566d68 ("drm/i915/bios: Define more BDB contents") updated the backlight BDB data accordingly. This broke the parsing of backlight BDB data in VBT for versions 236 - 238 (both inclusive) and hence the backlight controls are not responding on units with the concerned BDB version. backlight_control information has been present in backlight BDB data from at least BDB version 191 onwards, if not before. Hence this patch extracts the backlight_control information if the block size of backlight BDB is >= version 191 backlight BDB block size. Tested on Chromebooks using Jasperlake SoC (reports bdb->version = 236). Tested on Chromebooks using Raptorlake SoC (reports bdb->version = 251). Fixes: 700034566d68 ("drm/i915/bios: Define more BDB contents") Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- drivers/gpu/drm/i915/display/intel_bios.c | 22 +++++-------------- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 2 -- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index aa169b0055e97..4ec50903b9e64 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1041,23 +1041,13 @@ parse_lfp_backlight(struct drm_i915_private *i915, panel->vbt.backlight.type = INTEL_BACKLIGHT_DISPLAY_DDI; panel->vbt.backlight.controller = 0; - if (i915->display.vbt.version >= 191) { - size_t exp_size; + if (i915->display.vbt.version >= 191 && + get_blocksize(backlight_data) >= EXP_BDB_LFP_BL_DATA_SIZE_REV_191) { + const struct lfp_backlight_control_method *method; - if (i915->display.vbt.version >= 236) - exp_size = sizeof(struct bdb_lfp_backlight_data); - else if (i915->display.vbt.version >= 234) - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_234; - else - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_191; - - if (get_blocksize(backlight_data) >= exp_size) { - const struct lfp_backlight_control_method *method; - - method = &backlight_data->backlight_control[panel_type]; - panel->vbt.backlight.type = method->type; - panel->vbt.backlight.controller = method->controller; - } + method = &backlight_data->backlight_control[panel_type]; + panel->vbt.backlight.type = method->type; + panel->vbt.backlight.controller = method->controller; } panel->vbt.backlight.pwm_freq_hz = entry->pwm_freq_hz; diff --git a/drivers/gpu/drm/i915/display/intel_vbt_defs.h b/drivers/gpu/drm/i915/display/intel_vbt_defs.h index a9f44abfc9fc2..aeea5635a37ff 100644 --- a/drivers/gpu/drm/i915/display/intel_vbt_defs.h +++ b/drivers/gpu/drm/i915/display/intel_vbt_defs.h @@ -899,8 +899,6 @@ struct lfp_brightness_level { #define EXP_BDB_LFP_BL_DATA_SIZE_REV_191 \ offsetof(struct bdb_lfp_backlight_data, brightness_level) -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_234 \ - offsetof(struct bdb_lfp_backlight_data, brightness_precision_bits) struct bdb_lfp_backlight_data { u8 entry_size; -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

2
1
0 0

[PATCH v2] ata: libata-core: Do not call ata_dev_power_set_standby() twice

by Niklas Cassel

From: Damien Le Moal <dlemoal(a)kernel.org> For regular system shutdown, ata_dev_power_set_standby() will be executed twice: once the scsi device is removed and another when ata_pci_shutdown_one() executes and EH completes unloading the devices. Make the second call to ata_dev_power_set_standby() do nothing by using ata_dev_power_is_active() and return if the device is already in standby. Fixes: 2da4c5e24e86 ("ata: libata-core: Improve ata_dev_power_set_active()") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since V1: Move the function instead of using a forward declaration. drivers/ata/libata-core.c | 59 ++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index d9f80f4f70f5..be3412cdb22e 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -2001,6 +2001,33 @@ bool ata_dev_power_init_tf(struct ata_device *dev, struct ata_taskfile *tf, return true; } +static bool ata_dev_power_is_active(struct ata_device *dev) +{ + struct ata_taskfile tf; + unsigned int err_mask; + + ata_tf_init(dev, &tf); + tf.flags |= ATA_TFLAG_DEVICE | ATA_TFLAG_ISADDR; + tf.protocol = ATA_PROT_NODATA; + tf.command = ATA_CMD_CHK_POWER; + + err_mask = ata_exec_internal(dev, &tf, NULL, DMA_NONE, NULL, 0, 0); + if (err_mask) { + ata_dev_err(dev, "Check power mode failed (err_mask=0x%x)\n", + err_mask); + /* + * Assume we are in standby mode so that we always force a + * spinup in ata_dev_power_set_active(). + */ + return false; + } + + ata_dev_dbg(dev, "Power mode: 0x%02x\n", tf.nsect); + + /* Active or idle */ + return tf.nsect == 0xff; +} + /** * ata_dev_power_set_standby - Set a device power mode to standby * @dev: target device @@ -2017,8 +2044,9 @@ void ata_dev_power_set_standby(struct ata_device *dev) struct ata_taskfile tf; unsigned int err_mask; - /* If the device is already sleeping, do nothing. */ - if (dev->flags & ATA_DFLAG_SLEEPING) + /* If the device is already sleeping or in standby, do nothing. */ + if ((dev->flags & ATA_DFLAG_SLEEPING) || + !ata_dev_power_is_active(dev)) return; /* @@ -2046,33 +2074,6 @@ void ata_dev_power_set_standby(struct ata_device *dev) err_mask); } -static bool ata_dev_power_is_active(struct ata_device *dev) -{ - struct ata_taskfile tf; - unsigned int err_mask; - - ata_tf_init(dev, &tf); - tf.flags |= ATA_TFLAG_DEVICE | ATA_TFLAG_ISADDR; - tf.protocol = ATA_PROT_NODATA; - tf.command = ATA_CMD_CHK_POWER; - - err_mask = ata_exec_internal(dev, &tf, NULL, DMA_NONE, NULL, 0, 0); - if (err_mask) { - ata_dev_err(dev, "Check power mode failed (err_mask=0x%x)\n", - err_mask); - /* - * Assume we are in standby mode so that we always force a - * spinup in ata_dev_power_set_active(). - */ - return false; - } - - ata_dev_dbg(dev, "Power mode: 0x%02x\n", tf.nsect); - - /* Active or idle */ - return tf.nsect == 0xff; -} - /** * ata_dev_power_set_active - Set a device power mode to active * @dev: target device -- 2.43.2

1 year, 6 months

1
1
0 0

[tip: irq/urgent] irqchip/mbigen: Don't use bus_get_dev_root() to find the parent

by tip-bot2 for Chen Jun

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: fb33a46cd75e18773dd5a414744507d84ae90870 Gitweb: https://git.kernel.org/tip/fb33a46cd75e18773dd5a414744507d84ae90870 Author: Chen Jun <chenjun102(a)huawei.com> AuthorDate: Tue, 20 Feb 2024 19:14:29 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 21 Feb 2024 18:40:00 +01:00 irqchip/mbigen: Don't use bus_get_dev_root() to find the parent bus_get_dev_root() returns sp->dev_root which is set in subsys_register(), but subsys_register() is not called by platform_bus_init(). Therefor for the platform_bus_type, bus_get_dev_root() always returns NULL. This makes mbigen_of_create_domain() always return -ENODEV. Don't try to retrieve the parent via bus_get_dev_root() and unconditionally hand a NULL pointer to of_platform_device_create() to fix this. Fixes: fea087fc291b ("irqchip/mbigen: move to use bus_get_dev_root()") Signed-off-by: Chen Jun <chenjun102(a)huawei.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240220111429.110666-1-chenjun102@huawei.com --- drivers/irqchip/irq-mbigen.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c index 5101a3f..58881d3 100644 --- a/drivers/irqchip/irq-mbigen.c +++ b/drivers/irqchip/irq-mbigen.c @@ -235,22 +235,17 @@ static const struct irq_domain_ops mbigen_domain_ops = { static int mbigen_of_create_domain(struct platform_device *pdev, struct mbigen_device *mgn_chip) { - struct device *parent; struct platform_device *child; struct irq_domain *domain; struct device_node *np; u32 num_pins; int ret = 0; - parent = bus_get_dev_root(&platform_bus_type); - if (!parent) - return -ENODEV; - for_each_child_of_node(pdev->dev.of_node, np) { if (!of_property_read_bool(np, "interrupt-controller")) continue; - child = of_platform_device_create(np, NULL, parent); + child = of_platform_device_create(np, NULL, NULL); if (!child) { ret = -ENOMEM; break; @@ -273,7 +268,6 @@ static int mbigen_of_create_domain(struct platform_device *pdev, } } - put_device(parent); if (ret) of_node_put(np);

1 year, 6 months

1
0
0 0

[PATCH] drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects'

by Srinivasan Shanmugam

The is_psr_su parameter is a boolean flag indicating whether the Panel Self Refresh Selective Update (PSR SU) feature is enabled which is a power-saving feature that allows only the updated regions of the screen to be refreshed, reducing the amount of data that needs to be sent to the display. Fixes the below with gcc W=1: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:5257: warning: Function parameter or member 'is_psr_su' not described in 'fill_dc_dirty_rects' Fixes: 13d6b0812e58 ("drm/amdgpu: make damage clips support configurable") Cc: stable(a)vger.kernel.org Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index b9ac3d2f8029..1b51f7fb48ea 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -5234,6 +5234,10 @@ static inline void fill_dc_dirty_rect(struct drm_plane *plane, * @new_plane_state: New state of @plane * @crtc_state: New state of CRTC connected to the @plane * @flip_addrs: DC flip tracking struct, which also tracts dirty rects + * @is_psr_su: Flag indicating whether Panel Self Refresh Selective Update (PSR SU) is enabled. + * If PSR SU is enabled and damage clips are available, only the regions of the screen + * that have changed will be updated. If PSR SU is not enabled, + * or if damage clips are not available, the entire screen will be updated. * @dirty_regions_changed: dirty regions changed * * For PSR SU, DC informs the DMUB uController of dirty rectangle regions -- 2.34.1

1 year, 6 months

2
1
0 0

Patches for v5.15.149-rc

by Allen

Hi Greg, I believe these patches are likely already on your radar. I just wanted to inform you that it would be highly appreciated if we could see their inclusion in the upcoming release. e0526ec5360a 2024-01-30hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove [Jakub Kicinski] We would like to even get: 9cae43da9867 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed included, but the patch is still in netdev and has not made it into Linus's tree. If it does come in, could you please consider including it too. Thanks, - Allen

1 year, 6 months

2
2
0 0

[PATCH 4/4] mtd: rawnand: Clarify conditions to enable continuous reads

by Miquel Raynal

The current logic is probably fine but is a bit convoluted. Plus, we don't want partial pages to be part of the sequential operation just in case the core would optimize the page read with a subpage read (which would break the sequence). This may happen on the first and last page only, so if the start offset or the end offset is not aligned with a page boundary, better avoid them to prevent any risk. Cc: stable(a)vger.kernel.org Fixes: 003fe4b9545b ("mtd: rawnand: Support for sequential cache reads") Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 139fdf3e58c0..bbdcfbe643f3 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -3460,21 +3460,29 @@ static void rawnand_enable_cont_reads(struct nand_chip *chip, unsigned int page, u32 readlen, int col) { struct mtd_info *mtd = nand_to_mtd(chip); + unsigned int end_page, end_col; + + chip->cont_read.ongoing = false; if (!chip->controller->supported_op.cont_read) return; - if ((col && col + readlen < (3 * mtd->writesize)) || - (!col && readlen < (2 * mtd->writesize))) { - chip->cont_read.ongoing = false; - return; - } + end_page = DIV_ROUND_UP(col + readlen, mtd->writesize); + end_col = (col + readlen) % mtd->writesize; - chip->cont_read.ongoing = true; - chip->cont_read.first_page = page; if (col) - chip->cont_read.first_page++; - chip->cont_read.last_page = page + ((readlen >> chip->page_shift) & chip->pagemask); + page++; + + if (end_col && end_page) + end_page--; + + if (page + 1 > end_page) + return; + + chip->cont_read.first_page = page; + chip->cont_read.last_page = end_page; + chip->cont_read.ongoing = true; + rawnand_cap_cont_reads(chip); } -- 2.34.1

1 year, 6 months

2
6
0 0

[PATCH 6.1 000/197] 6.1.79-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.79 release. There are 197 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.79-rc1 Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Jiri Olsa <jolsa(a)kernel.org> bpf: Remove trace_printk_lock Jiri Olsa <jolsa(a)kernel.org> bpf: Do cleanup in bpf_bprintf_cleanup only when needed Jiri Olsa <jolsa(a)kernel.org> bpf: Add struct for bin_args arg in bpf_bprintf_prepare Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB SS wakeup Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Enable blsp_dma by default Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> ARM: dts: imx6q-apalis: add can power-up delay on ixora board Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Jann Horn <jannh(a)google.com> tls: fix NULL deref on tls_sw_splice_eof() with empty record Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Silence warnings triggerable by bad packets Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Use xfrm_state selector for BEET input Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Remove inner/outer modes from input path Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Remove inner/outer modes from output path Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Nathan Chancellor <nathan(a)kernel.org> modpost: Include '.text.*' in TEXT_SECTIONS Masahiro Yamada <masahiroy(a)kernel.org> linux/init: remove __memexit* annotations Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> modpost: Don't let "driver"s reference .exit.* Masahiro Yamada <masahiroy(a)kernel.org> modpost: propagate W=1 build option to modpost Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Paolo Abeni <pabeni(a)redhat.com> mptcp: get rid of msk->subflow Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> powerpc/6xx: set High BAT Enable flag on G2_LE cores Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Jan Kara <jack(a)suse.cz> readahead: avoid multiple marked readahead pages Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Sabrina Dubroca <sd(a)queasysnail.net> tls: extract context alloc/initialization out of tls_set_sw_offload David Howells <dhowells(a)redhat.com> tls/sw: Use splice_eof() to flush Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Sean Christopherson <seanjc(a)google.com> KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Gavin Shan <gshan(a)redhat.com> KVM: selftests: Clear dirty ring states between two modes in dirty_log_test Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 ++--- .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts | 2 + arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 4 - arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/csky/include/asm/jump_label.h | 4 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 ++++++ arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +---- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 ++-- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/bug.h | 2 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/reg.h | 2 + arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 8 +- arch/powerpc/kernel/cpu_setup_6xx.S | 20 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/include/asm/virtext.h | 12 +- arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/mm/ident_map.c | 23 ++- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/bus/moxtet.c | 7 + drivers/crypto/ccp/sev-dev.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 + drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/msm/msm_iommu.c | 32 ++- drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 ++++-- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 5 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/hw/irdma/verbs.c | 7 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-crypt.c | 37 +--- drivers/md/dm-verity-target.c | 26 +-- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 +++ drivers/net/can/dev/netlink.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +++- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 ++- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 ++++++-- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 46 ++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 3 + drivers/net/xen-netback/netback.c | 100 +++++---- drivers/of/property.c | 14 +- drivers/of/unittest.c | 12 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/max310x.c | 53 ++++- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 30 ++- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- fs/btrfs/block-group.c | 49 ++++- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 ++- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 ++- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 ++ fs/btrfs/send.c | 2 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 ++-- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 19 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 37 ++-- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/proc/array.c | 10 +- fs/smb/client/cached_dir.c | 8 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/client/smb2pdu.c | 95 +++++---- fs/smb/client/smb2proto.h | 12 +- fs/smb/server/smb2pdu.c | 8 +- fs/zonefs/file.c | 42 ++-- fs/zonefs/super.c | 66 +++--- include/asm-generic/vmlinux.lds.h | 6 - include/linux/bpf.h | 12 +- include/linux/compiler-gcc.h | 20 ++ include/linux/compiler_types.h | 11 +- include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/init.h | 3 - include/linux/mmc/sdio_ids.h | 1 + include/linux/netfilter/ipset/ip_set.h | 4 + include/net/tls.h | 5 - init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/bpf/helpers.c | 67 +++--- kernel/bpf/verifier.c | 3 +- kernel/time/hrtimer.c | 14 +- kernel/trace/bpf_trace.c | 56 +++-- kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +++---- kernel/trace/trace_events_trigger.c | 6 +- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/readahead.c | 4 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +++-- net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 24 +-- net/mptcp/protocol.h | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +++-- net/tls/tls.h | 1 + net/tls/tls_main.c | 2 + net/tls/tls_sw.c | 226 +++++++++++++-------- net/wireless/core.c | 1 + net/xfrm/xfrm_input.c | 77 +++---- net/xfrm/xfrm_output.c | 33 +-- samples/bpf/asm_goto_workaround.h | 8 +- scripts/Makefile.modpost | 1 + scripts/link-vmlinux.sh | 9 +- scripts/mod/modpost.c | 43 ++-- scripts/mod/sumversion.c | 7 +- security/security.c | 14 +- sound/pci/hda/patch_conexant.c | 18 ++ sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 11 +- sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/wcd938x.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- tools/testing/selftests/kvm/dirty_log_test.c | 77 ++++--- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/vm/ksm_tests.c | 2 +- tools/testing/selftests/vm/va_128TBswitch.sh | 6 + tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 12 +- tools/tracing/rtla/src/utils.h | 2 + 225 files changed, 2020 insertions(+), 1099 deletions(-)

1 year, 6 months

8
210
0 0

[PATCH 6.6 000/331] 6.6.18-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.18 release. There are 331 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 Feb 2024 20:55:45 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.18-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.18-rc1 Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Increase section and file alignment to 4k/512 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Split off PE/COFF .data section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop PE/COFF .reloc section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Construct PE/COFF .text section from assembler Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Derive file size from _edata symbol Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Define setup size in linker script Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Set EFI handover offset directly in header asm Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Grab kernel_info offset from zoffset header directly Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop references to startup_64 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop redundant code setting the root device Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Omit compression buffer from PE/COFF image memory footprint Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Remove the 'bugger off' message Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop alignment flags from PE section headers Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Disregard setup header of loaded image Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop EFI stub .bss from .data section NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep all directory links at 1 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove fsnotify*() functions from lookup() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Restructure eventfs_inode structure to be more condensed Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Warn if an eventfs_inode is freed without is_freed being set Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Get rid of dentry pointers without refcounts Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Clean up dentry ops and add revalidate function Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Remove unused d_parent pointer field Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: dentry lookup crapectomy Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: Avoid using the ei->dentry pointer unnecessarily Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Initialize the tracefs inode properly Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Zero out the tracefs_inode when allocating it Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: remove stale update_gid code Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Save directory inodes in the eventfs_inode structure Erick Archer <erick.archer(a)gmx.com> eventfs: Use kcalloc() instead of kzalloc() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not create dentries nor inodes in iterate_shared Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have the inodes all for files and directories all be the same Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Shortcut eventfs_iterate() by skipping entries already read Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Read ei->entries before ei->children in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do ctx->pos update for all iterations in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs/eventfs: Use root and instance inodes as default ownership Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Stop using dcache_readdir() for getdents() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove "lookup" parameter from create_dir/file_dentry() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix bitwise fields for "is_events" Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Check for dentry->d_inode exists in set_gid() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix file and directory uid and gid ownership Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have event files and directories default to parent uid and gid Beau Belgrave <beaub(a)linux.microsoft.com> eventfs: Fix events beyond NAME_MAX blocking tasks Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Make sure that parent->d_inode is locked in creating files/dirs Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not allow NULL parent to eventfs_start_creating() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Move taking of inode_lock into dcache_dir_open_wrapper() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Use GFP_NOFS for allocation when eventfs_mutex is held Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not invalidate dentry in create_file/dir_dentry() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove expectation that ei->is_freed means ei->dentry == NULL Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Use simple_recursive_removal() to clean up dentries Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove special processing of dput() of events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Delete eventfs_inode when the last dentry is freed Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Hold eventfs_mutex when calling callback functions Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Save ownership and mode Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Test for ei->is_freed when accessing ei->dentry Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have a free_ei() that just frees the eventfs_inode Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove "is_freed" union with rcu head Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix kerneldoc of eventfs_remove_rec() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove extra dget() in eventfs_create_events_dir() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix typo in eventfs_inode union comment Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix WARN_ON() in create_file_dentry() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> tracefs/eventfs: Modify mismatched function name Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Fix failure path in eventfs_create_events_dir() Nathan Chancellor <nathan(a)kernel.org> eventfs: Use ERR_CAST() in eventfs_create_events_dir() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Use eventfs_remove_events_dir() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove eventfs_file and just use eventfs_inode Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Remove "is_freed" union with rcu head" Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Save ownership and mode" Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Delete eventfs_inode when the last dentry is freed" Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Use simple_recursive_removal() to clean up dentries" Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Check for NULL ef in eventfs_set_attr()" Steven Rostedt (Google) <rostedt(a)goodmis.org> Revert "eventfs: Do not allow NULL parent to eventfs_start_creating()" Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Petr Pavlu <petr.pavlu(a)suse.com> tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <o.rempel(a)pengutronix.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_feat.py: fix build error for missing files Jan Kara <jack(a)suse.cz> blk-wbt: Fix detection of dirty-throttled tasks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix earlycon parameter if KASAN enabled Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix clang warning about mount_point var size limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix curr_reactor uninitialized variable Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: add module parameter to tascodec_init() Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: IPC3: fix message bounds on ipc ops Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mark Brown <broonie(a)kernel.org> arm64/signal: Don't assume that TIF_SVE means we saved SVE state Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Fix circular locking dependency Steve French <stfrench(a)microsoft.com> smb: Fix regression in writes when non-standard maximum write size negotiated Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct id, uid and cruid for multiuser automounts Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a crash when we run out of stations Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix double-free bug Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port James Hershaw <james.hershaw(a)corigine.com> nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Herbert Xu <herbert(a)gondor.apana.org.au> crypto: algif_hash - Remove bogus SGL free on zero-length error path Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes Shuming Fan <shumingf(a)realtek.com> ALSA: hda/realtek: add IDs for Dell dual spk platform bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Prasad Pandit <pjp(a)fedoraproject.org> KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: mxs-auart: fix tx Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: core: introduce uart_port_tx_flags() Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Masami Hiramatsu (Google) <mhiramat(a)kernel.org> ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: add hardware offload check for post ct entry Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix failed probe due to unsupported C45 reads Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix MST Null Ptr for RV Thong <thong.thai(a)amd.com> drm/amdgpu/soc21: update VCN 4 max HEVC encoding resolution Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Add align done check Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Sam Protsenko <semen.protsenko(a)linaro.org> iio: pressure: bmp280: Add missing bmp085 to SPI id table Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Tejun Heo <tj(a)kernel.org> Revert "workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to search structure fields correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to set arg size and fmt after setting type from BTF Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to show a parse error for bad type for $comm Thorsten Blum <thorsten.blum(a)toblux.com> tracing/synthetic: Fix trace_string() return value Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Daniel Bristot de Oliveira <bristot(a)kernel.org> tracing/timerlat: Move hrtimer_init to timerlat_fd open() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Mark Brown <broonie(a)kernel.org> usb: typec: tpcm: Fix issues with power being removed during reset Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Masahiro Yamada <masahiroy(a)kernel.org> linux/init: remove __memexit* annotations Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Helge Deller <deller(a)gmx.de> parisc: BTLB: Fix crash when setting up BTLB at CPU bringup Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value of the socket_getpeersec_*() hooks David McFarland <corngood(a)gmail.com> drm/amd: Don't init MEC2 firmware when it fails to load Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Keqi Wang <wangkeqi_chris(a)163.com> connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" Rob Clark <robdclark(a)chromium.org> Revert "drm/msm/gpu: Push gpu lock down past runpm" Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Michael Ellerman <mpe(a)ellerman.id.au> Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add" Paolo Abeni <pabeni(a)redhat.com> mptcp: really cope with fastopen race Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix rcv space initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_kill_wait Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: allow changing subtests prefix Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Arnd Bergmann <arnd(a)arndb.de> kallsyms: ignore ARMv4 thunks along with others Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: only set GPIO_CTRL if pin is unused Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: zero-initialize clock init data Alex Williamson <alex.williamson(a)redhat.com> PCI: Fix active state requirement in PME polling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "kobject: Remove redundant checks for whether ktype is NULL" Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> powerpc/6xx: set High BAT Enable flag on G2_LE cores Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8550: Enable sync_state Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Udipto Goswami <quic_ugoswami(a)quicinc.com> usb: core: Prevent null pointer dereference in update_port_device_state Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: core: handle power lost in workqueue yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: actually free hdev memory after attaching a HID-BPF program Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: remove double fdget() Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Dave Airlie <airlied(a)redhat.com> nouveau: offload fence uevents work to workqueue Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Nico Pache <npache(a)redhat.com> selftests: mm: fix map_hugetlb failure on 64K page size systems Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Jan Kara <jack(a)suse.cz> readahead: avoid multiple marked readahead pages Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: switch to bash from sh Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Sabrina Dubroca <sd(a)queasysnail.net> tls: extract context alloc/initialization out of tls_set_sw_offload Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge locked port test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Suppress grep warnings Ido Schimmel <idosch(a)nvidia.com> selftests: bridge_mdb: Use MDB get instead of dump Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge MDB test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix layer 2 miss test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: net: Fix bridge backup port test flakiness Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_backup_port.sh to run it in unique namespace Hojin Nam <hj96.nam(a)samsung.com> perf: CXL: fix mismatched cpmu event opcode Lukas Bulwahn <lukas.bulwahn(a)gmail.com> ALSA: hda/cs35l56: select intended config FW_CS_DSP Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the consumer of a remote-endpoint property Parav Pandit <parav(a)nvidia.com> devlink: Fix command annotation documentation Magnus Karlsson <magnus.karlsson(a)intel.com> bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY Chuck Lever <chuck.lever(a)oracle.com> net/handshake: Fix handshake_req_destroy_test1 Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix pipeline tear down logic Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Sean Christopherson <seanjc(a)google.com> KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Carlos Song <carlos.song(a)nxp.com> spi: imx: fix the burst length at DMA mode and CPU mode Rob Clark <robdclark(a)chromium.org> drm/msm/gem: Fix double resv lock aquire Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: selftests: Avoid infinite loop in hyperv_features when invtsc is missing Sean Christopherson <seanjc(a)google.com> KVM: selftests: Delete superfluous, unused "stage" variable in AMX test Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix fs_test build with old libc Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 +- Documentation/arch/arm64/silicon-errata.rst | 7 + Documentation/networking/devlink/devlink-port.rst | 2 +- Documentation/sphinx/kernel_feat.py | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 4 +- arch/arm64/kvm/pkvm.c | 27 +- arch/csky/include/asm/jump_label.h | 4 +- arch/loongarch/include/asm/jump_label.h | 4 +- arch/loongarch/mm/kasan_init.c | 3 + arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 + arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 +- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/reg.h | 2 + arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 12 +- arch/powerpc/kernel/cpu_setup_6xx.S | 20 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/hwcap.h | 4 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 ++-- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 +--- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/special_insns.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/ident_map.c | 23 +- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- block/blk-wbt.c | 4 +- crypto/algif_hash.c | 5 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/connector/cn_proc.c | 5 +- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 46 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 + drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 7 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/soc21.c | 4 +- drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- .../display/dc/link/protocols/link_dp_training.c | 5 +- drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/msm/msm_gem_prime.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 11 +- drivers/gpu/drm/msm/msm_iommu.c | 32 +- drivers/gpu/drm/msm/msm_ringbuffer.c | 7 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 26 +- drivers/gpu/drm/nouveau/nouveau_fence.h | 1 + drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 83 +- drivers/hid/bpf/hid_bpf_dispatch.h | 4 +- drivers/hid/bpf/hid_bpf_jmp_table.c | 40 +- drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 6 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad4130.c | 12 +- drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/iio/pressure/bmp280-spi.c | 1 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/interconnect/qcom/sm8550.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 62 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-crypt.c | 38 +- drivers/md/dm-verity-target.c | 26 +- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 + drivers/net/bonding/bond_main.c | 5 +- drivers/net/can/dev/netlink.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 46 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 1 + .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/common.h | 56 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 15 +- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 125 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 136 +- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 4 + drivers/net/xen-netback/netback.c | 100 +- drivers/of/property.c | 61 +- drivers/of/unittest.c | 12 +- drivers/pci/pci.c | 37 +- drivers/perf/cxl_pmu.c | 2 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 15 +- drivers/pmdomain/renesas/r8a77980-sysc.c | 3 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-imx.c | 9 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/thunderbolt/tb_regs.h | 2 +- drivers/thunderbolt/usb4.c | 2 +- drivers/tty/serial/max310x.c | 53 +- drivers/tty/serial/mxs-auart.c | 5 +- drivers/usb/chipidea/ci.h | 2 + drivers/usb/chipidea/core.c | 44 +- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 46 +- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- fs/btrfs/block-group.c | 49 +- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 +- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 + fs/btrfs/send.c | 2 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 +- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 19 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 11 +- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/proc/array.c | 10 +- fs/smb/client/connect.c | 14 +- fs/smb/client/fs_context.c | 11 + fs/smb/client/namespace.c | 16 + fs/smb/client/smb2ops.c | 2 +- fs/smb/server/smb2pdu.c | 8 +- fs/tracefs/event_inode.c | 1310 +++++++++----------- fs/tracefs/inode.c | 276 ++--- fs/tracefs/internal.h | 60 +- fs/zonefs/file.c | 42 +- fs/zonefs/super.c | 66 +- include/asm-generic/vmlinux.lds.h | 6 - include/linux/backing-dev-defs.h | 7 +- include/linux/compiler-gcc.h | 20 + include/linux/compiler_types.h | 11 +- include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/init.h | 3 - include/linux/lsm_hook_defs.h | 4 +- include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/ptrace.h | 4 + include/linux/serial_core.h | 32 +- include/linux/trace_events.h | 2 +- include/linux/tracefs.h | 73 +- include/net/tls.h | 5 - include/sound/tas2781.h | 1 + init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/trace/ftrace.c | 10 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 85 +- kernel/trace/trace.h | 4 +- kernel/trace/trace_btf.c | 4 +- kernel/trace/trace_events.c | 311 +++-- kernel/trace/trace_events_synth.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/trace_osnoise.c | 6 +- kernel/trace/trace_probe.c | 32 +- kernel/trace/trace_probe.h | 3 +- kernel/workqueue.c | 8 +- lib/kobject.c | 24 +- mm/backing-dev.c | 2 +- mm/memory.c | 4 +- mm/page-writeback.c | 4 +- mm/readahead.c | 4 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +- net/handshake/handshake-test.c | 5 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 25 +- net/mptcp/protocol.h | 7 +- net/mptcp/subflow.c | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +- net/tls/tls_sw.c | 217 ++-- net/wireless/core.c | 1 + samples/bpf/asm_goto_workaround.h | 8 +- scripts/link-vmlinux.sh | 9 +- scripts/mksysmap | 13 +- scripts/mod/modpost.c | 18 +- scripts/mod/sumversion.c | 7 +- security/security.c | 45 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_conexant.c | 18 + sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/tas2781-comlib.c | 3 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/codecs/wcd938x.c | 2 +- sound/soc/sof/ipc3-topology.c | 69 +- sound/soc/sof/ipc3.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- tools/testing/selftests/kvm/dirty_log_test.c | 50 +- tools/testing/selftests/kvm/x86_64/amx_test.c | 4 +- .../testing/selftests/kvm/x86_64/hyperv_features.c | 9 +- tools/testing/selftests/landlock/fs_test.c | 11 +- .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/ksm_tests.c | 2 +- tools/testing/selftests/mm/map_hugetlb.c | 7 + tools/testing/selftests/mm/va_high_addr_switch.sh | 6 + tools/testing/selftests/mm/write_hugetlb_memory.sh | 2 +- .../selftests/net/forwarding/bridge_locked_port.sh | 4 +- .../testing/selftests/net/forwarding/bridge_mdb.sh | 192 ++- .../selftests/net/forwarding/tc_flower_l2_miss.sh | 8 +- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 11 +- tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 31 +- .../selftests/net/test_bridge_backup_port.sh | 394 +++--- tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 14 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/rv/Makefile | 7 +- tools/verification/rv/src/in_kernel.c | 2 +- 318 files changed, 4037 insertions(+), 3147 deletions(-)

1 year, 6 months

8
338
0 0

Re: [PATCH v3] x86/coco: Require seeding RNG with RDRAND on CoCo systems

by Jason A. Donenfeld

On Wed, Feb 21, 2024 at 1:33 PM Jason A. Donenfeld <Jason(a)zx2c4.com> wrote: > > There are few uses of CoCo that don't rely on working cryptography and > hence a working RNG. Unfortunately, the CoCo threat model means that the > VM host cannot be trusted and may actively work against guests to > extract secrets or manipulate computation. Since a malicious host can > modify or observe nearly all inputs to guests, the only remaining source > of entropy for CoCo guests is RDRAND. > > If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole > is meant to gracefully continue on gathering entropy from other sources, > but since there aren't other sources on CoCo, this is catastrophic. > This is mostly a concern at boot time when initially seeding the RNG, as > after that the consequences of a broken RDRAND are much more > theoretical. > > So, try at boot to seed the RNG using 256 bits of RDRAND output. If this > fails, panic(). This will also trigger if the system is booted without > RDRAND, as RDRAND is essential for a safe CoCo boot. > > This patch is deliberately written to be "just a CoCo x86 driver > feature" and not part of the RNG itself. Many device drivers and > platforms have some desire to contribute something to the RNG, and > add_device_randomness() is specifically meant for this purpose. Any > driver can call this with seed data of any quality, or even garbage > quality, and it can only possibly make the quality of the RNG better or > have no effect, but can never make it worse. Rather than trying to > build something into the core of the RNG, this patch interprets the > particular CoCo issue as just a CoCo issue, and therefore separates this > all out into driver (well, arch/platform) code. > > Cc: Borislav Petkov <bp(a)alien8.de> > Cc: Daniel P. Berrangé <berrange(a)redhat.com> > Cc: Dave Hansen <dave.hansen(a)linux.intel.com> > Cc: Elena Reshetova <elena.reshetova(a)intel.com> > Cc: H. Peter Anvin <hpa(a)zytor.com> > Cc: Ingo Molnar <mingo(a)redhat.com> > Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> > Cc: Theodore Ts'o <tytso(a)mit.edu> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Also, Cc: stable(a)vger.kernel.org At least, I think that's probably what we want, though I don't know what version range is relevant for CoCo.

1 year, 6 months

1
0
0 0

[PATCH 6.7 000/309] 6.7.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.6 release. There are 309 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 Feb 2024 20:55:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.6-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.6-rc1 NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Mark Brown <broonie(a)kernel.org> usb: typec: tpcm: Fix issues with power being removed during reset Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Petr Pavlu <petr.pavlu(a)suse.com> tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <o.rempel(a)pengutronix.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_feat.py: fix build error for missing files Jan Kara <jack(a)suse.cz> blk-wbt: Fix detection of dirty-throttled tasks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix earlycon parameter if KASAN enabled Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Dave Airlie <airlied(a)redhat.com> nouveau/gsp: use correct size for registry rpc. Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Jan Kiszka <jan.kiszka(a)siemens.com> riscv/efistub: Ensure GP-relative addressing is not used Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: r8a77980-sysc: CR7 must be always on Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: fix wrong DAMOS tried regions update timeout setup Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix clang warning about mount_point var size limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rv: Fix curr_reactor uninitialized variable Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: add module parameter to tascodec_init() Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: IPC3: fix message bounds on ipc ops Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mark Brown <broonie(a)kernel.org> arm64/signal: Don't assume that TIF_SVE means we saved SVE state Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Fix circular locking dependency Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: vsie: fix race during shadow creation Steve French <stfrench(a)microsoft.com> smb: Fix regression in writes when non-standard maximum write size negotiated Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct id, uid and cruid for multiuser automounts Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a crash when we run out of stations Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix double-free bug Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port James Hershaw <james.hershaw(a)corigine.com> nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Herbert Xu <herbert(a)gondor.apana.org.au> crypto: algif_hash - Remove bogus SGL free on zero-length error path Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes Shuming Fan <shumingf(a)realtek.com> ALSA: hda/realtek: add IDs for Dell dual spk platform bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpiod_to_gpio_device() stub for !GPIOLIB Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpiolib: add gpio_device_get_base() stub for !GPIOLIB Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Prasad Pandit <pjp(a)fedoraproject.org> KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: mxs-auart: fix tx Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: core: introduce uart_port_tx_flags() Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Masami Hiramatsu (Google) <mhiramat(a)kernel.org> ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Gui-Dong Han <2045gemini(a)gmail.com> serial: core: Fix atomicity violation in uart_tiocmget Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: add hardware offload check for post ct entry Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix failed probe due to unsupported C45 reads Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Avoid fetching VRAM vendor info Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Roman Li <roman.li(a)amd.com> drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix MST Null Ptr for RV Thong <thong.thai(a)amd.com> drm/amdgpu/soc21: update VCN 4 max HEVC encoding resolution Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Limit SST link rate to <=8.1Gbps Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Add align done check Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Fix alloc_range() error handling code Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix several DMA buffer leaks Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Oleg Nesterov <oleg(a)redhat.com> getrusage: use sig->stats_lock rather than lock_task_sighand() Oleg Nesterov <oleg(a)redhat.com> getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep all directory links at 1 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove fsnotify*() functions from lookup() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Restructure eventfs_inode structure to be more condensed Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Warn if an eventfs_inode is freed without is_freed being set Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Get rid of dentry pointers without refcounts Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Clean up dentry ops and add revalidate function Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Remove unused d_parent pointer field Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: dentry lookup crapectomy Linus Torvalds <torvalds(a)linux-foundation.org> tracefs: Avoid using the ei->dentry pointer unnecessarily Linus Torvalds <torvalds(a)linux-foundation.org> eventfs: Initialize the tracefs inode properly Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Zero out the tracefs_inode when allocating it Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Save directory inodes in the eventfs_inode structure Erick Archer <erick.archer(a)gmx.com> eventfs: Use kcalloc() instead of kzalloc() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not create dentries nor inodes in iterate_shared Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have the inodes all for files and directories all be the same Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Shortcut eventfs_iterate() by skipping entries already read Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Read ei->entries before ei->children in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do ctx->pos update for all iterations in eventfs_iterate() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Stop using dcache_readdir() for getdents() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Remove "lookup" parameter from create_dir/file_dentry() Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Eugen Hristev <eugen.hristev(a)collabora.com> pmdomain: mediatek: fix race conditions with genpd Sam Protsenko <semen.protsenko(a)linaro.org> iio: pressure: bmp280: Add missing bmp085 to SPI id table Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Tejun Heo <tj(a)kernel.org> Revert "workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to search structure fields correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to set arg size and fmt after setting type from BTF Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to show a parse error for bad type for $comm Thorsten Blum <thorsten.blum(a)toblux.com> tracing/synthetic: Fix trace_string() return value Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Daniel Bristot de Oliveira <bristot(a)kernel.org> tracing/timerlat: Move hrtimer_init to timerlat_fd open() Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Helge Deller <deller(a)gmx.de> parisc: BTLB: Fix crash when setting up BTLB at CPU bringup Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix default return value of the socket_getpeersec_*() hooks Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: fix incorrect mpc_combine array size David McFarland <corngood(a)gmail.com> drm/amd: Don't init MEC2 firmware when it fails to load Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Vaishnav Achath <vaishnav.a(a)ti.com> spi: omap2-mcspi: Revert FIFO support without DMA Keqi Wang <wangkeqi_chris(a)163.com> connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" Rob Clark <robdclark(a)chromium.org> Revert "drm/msm/gpu: Push gpu lock down past runpm" Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Michael Ellerman <mpe(a)ellerman.id.au> Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add" Paolo Abeni <pabeni(a)redhat.com> mptcp: really cope with fastopen race Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: fix rcv space initialization Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Geliang Tang <geliang.tang(a)linux.dev> selftests: mptcp: add mptcp_lib_kill_wait Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: allow changing subtests prefix Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Arnd Bergmann <arnd(a)arndb.de> kallsyms: ignore ARMv4 thunks along with others Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: only set GPIO_CTRL if pin is unused Cosmin Tanislav <demonsingur(a)gmail.com> iio: adc: ad4130: zero-initialize clock init data Alex Williamson <alex.williamson(a)redhat.com> PCI: Fix active state requirement in PME polling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "kobject: Remove redundant checks for whether ktype is NULL" Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> powerpc/6xx: set High BAT Enable flag on G2_LE cores Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8550: Enable sync_state Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Udipto Goswami <quic_ugoswami(a)quicinc.com> usb: core: Prevent null pointer dereference in update_port_device_state Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: core: handle power lost in workqueue yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: actually free hdev memory after attaching a HID-BPF program Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: remove double fdget() Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Dave Airlie <airlied(a)redhat.com> nouveau: offload fence uevents work to workqueue Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Nico Pache <npache(a)redhat.com> selftests: mm: fix map_hugetlb failure on 64K page size systems Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Jan Kara <jack(a)suse.cz> readahead: avoid multiple marked readahead pages Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: switch to bash from sh Sidhartha Kumar <sidhartha.kumar(a)oracle.com> fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Ryan Roberts <ryan.roberts(a)arm.com> mm: thp_get_unmapped_area must honour topdown preference Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Manasi Navare <navaremanasi(a)chromium.org> drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge locked port test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Suppress grep warnings Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix bridge MDB test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: forwarding: Fix layer 2 miss test flakiness Ido Schimmel <idosch(a)nvidia.com> selftests: net: Fix bridge backup port test flakiness Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_backup_port.sh to run it in unique namespace Hojin Nam <hj96.nam(a)samsung.com> perf: CXL: fix mismatched cpmu event opcode Lukas Bulwahn <lukas.bulwahn(a)gmail.com> ALSA: hda/cs35l56: select intended config FW_CS_DSP Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the consumer of a remote-endpoint property Parav Pandit <parav(a)nvidia.com> devlink: Fix command annotation documentation Magnus Karlsson <magnus.karlsson(a)intel.com> bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY Chuck Lever <chuck.lever(a)oracle.com> net/handshake: Fix handshake_req_destroy_test1 Jiri Pirko <jiri(a)resnulli.us> net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers Jiri Pirko <jiri(a)resnulli.us> dpll: fix possible deadlock during netlink dump operation Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix pipeline tear down logic Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: clear link_id in time_event Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix dynamic port assignment when TDM is set Carlos Song <carlos.song(a)nxp.com> spi: imx: fix the burst length at DMA mode and CPU mode Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix pci_probe() error path Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix capability for net_test Rob Clark <robdclark(a)chromium.org> drm/msm/gem: Fix double resv lock aquire Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix fs_test build with old libc Hu Yadi <hu.yadi(a)h3c.com> selftests/landlock: Fix net_test build with old libc Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: dt: Stop relying on dirname to improve performance Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: don't refill whole delayed refs block reserve when starting transaction Filipe Manana <fdmanana(a)suse.com> btrfs: add new unused block groups to the list of unused block groups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Yang Shi <yang(a)os.amperecomputing.com> mm: mmap: map MAP_STACK to VM_NOHUGEPAGE Yang Shi <yang(a)os.amperecomputing.com> mm: huge_memory: don't force huge page alignment on 32 bit Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 +- Documentation/arch/arm64/silicon-errata.rst | 7 + Documentation/netlink/specs/dpll.yaml | 4 - Documentation/networking/devlink/devlink-port.rst | 2 +- Documentation/sphinx/kernel_feat.py | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 4 +- arch/arm64/kvm/pkvm.c | 27 +- arch/csky/include/asm/jump_label.h | 4 +- arch/loongarch/include/asm/jump_label.h | 4 +- arch/loongarch/mm/kasan_init.c | 3 + arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 ++ arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 +- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/reg.h | 2 + arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 12 +- arch/powerpc/kernel/cpu_setup_6xx.S | 20 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/iommu.c | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/bitops.h | 8 +- arch/riscv/include/asm/cpufeature.h | 4 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/s390/kvm/vsie.c | 1 - arch/s390/mm/gmap.c | 1 + arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/special_insns.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/ident_map.c | 23 +- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- block/blk-wbt.c | 4 +- crypto/algif_hash.c | 5 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/connector/cn_proc.c | 5 +- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/dpll/dpll_netlink.c | 20 +- drivers/dpll/dpll_nl.c | 4 - drivers/dpll/dpll_nl.h | 2 - drivers/firewire/core-device.c | 7 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 - drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 + drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 7 + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/soc21.c | 4 +- drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 15 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 27 +- drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 + .../display/dc/link/protocols/link_dp_training.c | 5 +- drivers/gpu/drm/drm_buddy.c | 6 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 3 + drivers/gpu/drm/i915/display/intel_vdsc_regs.h | 4 +- drivers/gpu/drm/msm/msm_gem_prime.c | 4 +- drivers/gpu/drm/msm/msm_gpu.c | 11 +- drivers/gpu/drm/msm/msm_iommu.c | 32 +- drivers/gpu/drm/msm/msm_ringbuffer.c | 7 +- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 2 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 26 +- drivers/gpu/drm/nouveau/nouveau_fence.h | 1 + drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 61 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 83 ++- drivers/hid/bpf/hid_bpf_dispatch.h | 4 +- drivers/hid/bpf/hid_bpf_jmp_table.c | 40 +- drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 6 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad4130.c | 12 +- drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/iio/pressure/bmp280-spi.c | 1 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/interconnect/qcom/sm8550.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 62 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-crypt.c | 38 +- drivers/md/dm-verity-target.c | 26 +- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 + drivers/net/bonding/bond_main.c | 5 +- drivers/net/can/dev/netlink.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +- drivers/net/ethernet/mellanox/mlx5/core/dpll.c | 2 +- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 46 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 1 + .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/common.h | 56 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 15 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 15 +- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 125 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 136 ++-- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 ++- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 4 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 3 +- drivers/net/xen-netback/netback.c | 100 ++- drivers/of/property.c | 61 +- drivers/of/unittest.c | 12 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 3 +- drivers/pci/pci.c | 37 +- drivers/perf/cxl_pmu.c | 2 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 15 +- drivers/pmdomain/renesas/r8a77980-sysc.c | 3 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-imx.c | 9 +- drivers/spi/spi-omap2-mcspi.c | 137 +--- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/thunderbolt/tb_regs.h | 2 +- drivers/thunderbolt/usb4.c | 2 +- drivers/tty/serial/max310x.c | 53 +- drivers/tty/serial/mxs-auart.c | 5 +- drivers/tty/serial/serial_core.c | 2 +- drivers/usb/chipidea/ci.h | 2 + drivers/usb/chipidea/core.c | 44 +- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 46 +- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/tcpm/tcpm.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/xen/events/events_base.c | 8 +- fs/btrfs/block-group.c | 80 +- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 +- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 + fs/btrfs/send.c | 2 +- fs/btrfs/transaction.c | 38 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 +- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 21 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 11 +- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/proc/array.c | 66 +- fs/smb/client/connect.c | 14 +- fs/smb/client/fs_context.c | 11 + fs/smb/client/namespace.c | 16 + fs/smb/client/smb2ops.c | 2 +- fs/smb/server/smb2pdu.c | 8 +- fs/tracefs/event_inode.c | 814 ++++++--------------- fs/tracefs/inode.c | 102 +-- fs/tracefs/internal.h | 46 +- fs/zonefs/file.c | 42 +- fs/zonefs/super.c | 66 +- include/linux/backing-dev-defs.h | 7 +- include/linux/compiler-gcc.h | 20 + include/linux/compiler_types.h | 11 +- include/linux/gpio/driver.h | 12 + include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 1 + include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/ptrace.h | 4 + include/linux/serial_core.h | 32 +- include/net/tls.h | 5 - include/sound/tas2781.h | 1 + init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/sys.c | 54 +- kernel/trace/ftrace.c | 10 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +- kernel/trace/trace_btf.c | 4 +- kernel/trace/trace_events_synth.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/trace_osnoise.c | 6 +- kernel/trace/trace_probe.c | 32 +- kernel/trace/trace_probe.h | 3 +- kernel/workqueue.c | 8 +- lib/kobject.c | 24 +- mm/backing-dev.c | 2 +- mm/damon/sysfs-schemes.c | 2 +- mm/huge_memory.c | 14 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 +- mm/mmap.c | 6 +- mm/page-writeback.c | 4 +- mm/readahead.c | 4 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +- net/handshake/handshake-test.c | 5 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 25 +- net/mptcp/protocol.h | 7 +- net/mptcp/subflow.c | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +- net/tls/tls_sw.c | 135 ++-- net/wireless/core.c | 3 +- samples/bpf/asm_goto_workaround.h | 8 +- scripts/link-vmlinux.sh | 9 +- scripts/mksysmap | 13 +- scripts/mod/modpost.c | 3 +- scripts/mod/sumversion.c | 7 +- security/security.c | 45 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_conexant.c | 18 + sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/tas2781-comlib.c | 3 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/codecs/wcd938x.c | 2 +- sound/soc/intel/avs/core.c | 3 + sound/soc/intel/avs/topology.c | 2 +- sound/soc/sof/ipc3-topology.c | 69 +- sound/soc/sof/ipc3.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- .../testing/selftests/dt/test_unprobed_devices.sh | 13 +- tools/testing/selftests/landlock/common.h | 48 +- tools/testing/selftests/landlock/fs_test.c | 11 +- tools/testing/selftests/landlock/net_test.c | 13 +- .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/ksm_tests.c | 2 +- tools/testing/selftests/mm/map_hugetlb.c | 7 + tools/testing/selftests/mm/va_high_addr_switch.sh | 6 + tools/testing/selftests/mm/write_hugetlb_memory.sh | 2 +- .../selftests/net/forwarding/bridge_locked_port.sh | 4 +- .../testing/selftests/net/forwarding/bridge_mdb.sh | 14 +- .../selftests/net/forwarding/tc_flower_l2_miss.sh | 8 +- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 11 +- tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 31 +- .../selftests/net/test_bridge_backup_port.sh | 394 +++++----- tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 14 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/rv/Makefile | 7 +- tools/verification/rv/src/in_kernel.c | 2 +- 340 files changed, 3297 insertions(+), 2530 deletions(-)

1 year, 6 months

11
319
0 0

[PATCH 5.10/5.15 0/1] Bluetooth: Fix deadlock in vhci_send_frame

by Daniil Dulov

Syzkaller reports a potential circular dependency leading to deadlock in 5.10 and 5.15 stable releases since the commit 92d4abd66f70 ("Bluetooth: vhci: Fix race when opening vhci device") that caused this crash was backported to these branches. The problem has been fixed by the following upstream patch that was adapted to 5.10 and 5.15. All of the changes made to the patch in order to adapt it are described at the end of commit message. This patch has already been backported to the following stable branches: v6.6 - https://lore.kernel.org/stable/20231230115814.038261305@linuxfoundation.org/ v6.1 - https://lore.kernel.org/stable/20231230115807.749489379@linuxfoundation.org/ Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

1 year, 6 months

1
1
0 0

[PATCH 6.1 000/206] 6.1.79-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.79 release. There are 206 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.79-rc1 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add null pointer checks Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Saravana Kannan <saravanak(a)google.com> of: property: Add in-ports/out-ports support to of_graph_get_port_parent() Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Peter Zijlstra <peterz(a)infradead.org> kbuild: Drop -Wdeclaration-after-statement Peter Zijlstra <peterz(a)infradead.org> locking: Introduce __cleanup() based infrastructure Peter Zijlstra <peterz(a)infradead.org> apparmor: Free up __cleanup() name Peter Zijlstra <peterz(a)infradead.org> dmaengine: ioat: Free up __cleanup() name Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Jiri Olsa <jolsa(a)kernel.org> bpf: Remove trace_printk_lock Jiri Olsa <jolsa(a)kernel.org> bpf: Do cleanup in bpf_bprintf_cleanup only when needed Jiri Olsa <jolsa(a)kernel.org> bpf: Add struct for bin_args arg in bpf_bprintf_prepare Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Mike Marciniszyn <mike.marciniszyn(a)intel.com> RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Helge Deller <deller(a)gmx.de> parisc: Fix random data corruption from exception handler Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Damien Le Moal <dlemoal(a)kernel.org> block: fix partial zone append completion handling in req_bio_endio() Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB SS wakeup Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Enable blsp_dma by default Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> ARM: dts: imx6q-apalis: add can power-up delay on ixora board Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Audra Mitchell <audra(a)redhat.com> selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Ryan Roberts <ryan.roberts(a)arm.com> selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Jann Horn <jannh(a)google.com> tls: fix NULL deref on tls_sw_splice_eof() with empty record Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Silence warnings triggerable by bad packets Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Use xfrm_state selector for BEET input Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Maxime Jayat <maxime.jayat(a)mobile-devices.fr> can: netlink: Fix TDCO calculation using the old data bittiming Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Oscar Salvador <osalvador(a)suse.de> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Shradha Gupta <shradhagupta(a)linux.microsoft.com> hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Christian Brauner <brauner(a)kernel.org> fs: relax mount_setattr() permission checks Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix Makefile compiler options for clang Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Fix uninitialized bucket/data->bucket_size warning John Kacur <jkacur(a)redhat.com> tools/rtla: Exit with EXIT_SUCCESS when help is invoked limingming3 <limingming890315(a)gmail.com> tools/rtla: Replace setting prio with nice for SCHED_OTHER Daniel Bristot de Oliveira <bristot(a)kernel.org> tools/rtla: Remove unused sched_getattr() function Mario Limonciello <mario.limonciello(a)amd.com> ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Fred Ai <fred.ai(a)bayhubtech.com> mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS Damien Le Moal <dlemoal(a)kernel.org> zonefs: Improve error handling Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix wiphy delayed work queueing Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Eniac Zhang <eniac-xw.zhang(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix multishot accept overflow handling Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Mingwei Zhang <mizhang(a)google.com> KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Andrei Vagin <avagin(a)google.com> x86/fpu: Stop relying on userspace for info to fault in xsave buffer Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: fix accuracy of stolen time David Engraf <david.engraf(a)sysgo.com> powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: prevent infinite while() loop in port startup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Hui Zhou <hui.zhou(a)corigine.com> nfp: flower: fix hardware offload for the transfer layer port Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase frame-larger-than for all display_mode_vba files Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Rob Clark <robdclark(a)chromium.org> drm/msm: Wire up tlb ops Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Remove inner/outer modes from input path Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Remove inner/outer modes from output path Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Randy Dunlap <rdunlap(a)infradead.org> iio: imu: bno055: serdev requires REGMAP Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis: ensure proper DMA alignment Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: ensure proper DMA alignment Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Nuno Sa <nuno.sa(a)analog.com> iio: commom: st_sensors: ensure proper DMA alignment Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Nathan Chancellor <nathan(a)kernel.org> modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS Nathan Chancellor <nathan(a)kernel.org> um: Fix adding '-no-pie' for clang Nathan Chancellor <nathan(a)kernel.org> modpost: Include '.text.*' in TEXT_SECTIONS Masahiro Yamada <masahiroy(a)kernel.org> linux/init: remove __memexit* annotations Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> modpost: Don't let "driver"s reference .exit.* Masahiro Yamada <masahiroy(a)kernel.org> modpost: propagate W=1 build option to modpost Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Esben Haabendal <esben(a)geanix.com> net: stmmac: do not clear TBS enable bit on link up/down Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian José Relvas <josemonsantorelvas(a)gmail.com> ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Sebastian Ott <sebott(a)redhat.com> drm/virtio: Set segment size for virtio_gpu device Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Geliang Tang <geliang(a)kernel.org> mptcp: check addrs list in userspace_pm_get_local_id Paolo Abeni <pabeni(a)redhat.com> mptcp: drop the push_pending field Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: increase timeout to 30 min Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Mangle Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Paolo Abeni <pabeni(a)redhat.com> mptcp: get rid of msk->subflow Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Arnd Bergmann <arnd(a)arndb.de> i2c: pasemi: split driver into two separate modules Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Limit KASAN thread size increase to 32KB Bibo Mao <maobibo(a)loongson.cn> irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Viken Dadhaniya <quic_vdadhani(a)quicinc.com> i2c: qcom-geni: Correct I2C TRE sequence Dan Carpenter <dan.carpenter(a)linaro.org> cifs: fix underflow in parse_server_interfaces() Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve detection of overlapping cycles Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Sean Anderson <sean.anderson(a)seco.com> usb: ulpi: Fix debugfs directory leak Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi: Add missing ppm_lock Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Helge Deller <deller(a)gmx.de> parisc: Prevent hung tasks when printing inventory on serial console Techno Mooney <techno.mooney(a)gmail.com> ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Mikulas Patocka <mpatocka(a)redhat.com> dm-crypt, dm-verity: disable tasklets Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Ivan Vecera <ivecera(a)redhat.com> i40e: Do not allow untrusted VF to remove administratively set MAC Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Arnd Bergmann <arnd(a)arndb.de> nouveau/svm: fix kvcalloc() argument order Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Jakub Kicinski <kuba(a)kernel.org> net: tls: fix returned read length with async decrypt Sabrina Dubroca <sd(a)queasysnail.net> net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski <kuba(a)kernel.org> tls: fix race between async notify and socket close Jakub Kicinski <kuba(a)kernel.org> net: tls: factor out tls_*crypt_async_wait() Sabrina Dubroca <sd(a)queasysnail.net> tls: extract context alloc/initialization out of tls_set_sw_offload David Howells <dhowells(a)redhat.com> tls/sw: Use splice_eof() to flush Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix crash when adding interface under a lag Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Saravana Kannan <saravanak(a)google.com> of: property: Improve finding the supplier of a remote-endpoint property Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Sean Christopherson <seanjc(a)google.com> KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Gavin Shan <gshan(a)redhat.com> KVM: selftests: Clear dirty ring states between two modes in dirty_log_test Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case Saravana Kannan <saravanak(a)google.com> driver core: Fix device_link_flag_is_sync_state_only() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Filipe Manana <fdmanana(a)suse.com> btrfs: reject encoded write if inode has nodatasum flag set Filipe Manana <fdmanana(a)suse.com> btrfs: don't reserve space for checksums when writing to nocow files David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Filipe Manana <fdmanana(a)suse.com> btrfs: do not delete unused block group if it may be used soon Filipe Manana <fdmanana(a)suse.com> btrfs: add and use helper to check if block group is used Linus Torvalds <torvalds(a)linux-foundation.org> update workarounds for gcc "asm goto" issue Linus Torvalds <torvalds(a)linux-foundation.org> work around gcc bugs with 'asm goto' with outputs ------------- Diffstat: .../ABI/testing/sysfs-class-net-statistics | 48 ++--- Documentation/arm64/silicon-errata.rst | 7 + .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Makefile | 10 +- arch/Kconfig | 1 + arch/arc/include/asm/jump_label.h | 4 +- arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts | 2 + arch/arm/include/asm/jump_label.h | 4 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 4 - arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 4 +- arch/arm64/include/asm/alternative-macros.h | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/vdso32/Makefile | 2 - arch/csky/include/asm/jump_label.h | 4 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/include/asm/jump_label.h | 4 +- arch/parisc/Kconfig | 1 - arch/parisc/include/asm/assembly.h | 1 + arch/parisc/include/asm/extable.h | 64 ++++++ arch/parisc/include/asm/jump_label.h | 4 +- arch/parisc/include/asm/special_insns.h | 6 +- arch/parisc/include/asm/uaccess.h | 48 +---- arch/parisc/kernel/drivers.c | 3 + arch/parisc/kernel/unaligned.c | 44 ++-- arch/parisc/mm/fault.c | 11 +- arch/powerpc/include/asm/bug.h | 2 +- arch/powerpc/include/asm/jump_label.h | 4 +- arch/powerpc/include/asm/thread_info.h | 2 +- arch/powerpc/include/asm/uaccess.h | 8 +- arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +- arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/irq_64.c | 2 +- arch/powerpc/mm/kasan/init_32.c | 1 + arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/riscv/include/asm/jump_label.h | 4 +- arch/s390/include/asm/jump_label.h | 4 +- arch/sparc/include/asm/jump_label.h | 4 +- arch/um/Makefile | 4 +- arch/um/include/asm/cpufeature.h | 2 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/jump_label.h | 6 +- arch/x86/include/asm/rmwcc.h | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/include/asm/virtext.h | 12 +- arch/x86/kernel/fpu/signal.c | 13 +- arch/x86/kvm/svm/svm_ops.h | 6 +- arch/x86/kvm/vmx/pmu_intel.c | 2 +- arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/vmx/vmx_ops.h | 6 +- arch/x86/mm/ident_map.c | 23 ++- arch/xtensa/include/asm/jump_label.h | 4 +- block/blk-mq.c | 9 +- drivers/android/binder.c | 10 + drivers/base/core.c | 15 +- drivers/base/power/domain.c | 2 +- drivers/bus/moxtet.c | 7 + drivers/crypto/ccp/sev-dev.c | 10 +- drivers/dma/ioat/dma.c | 12 +- drivers/firewire/core-device.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 + drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +- drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/msm/msm_iommu.c | 32 ++- drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 ++++-- drivers/hid/wacom_wac.c | 9 +- drivers/i2c/busses/Makefile | 6 +- drivers/i2c/busses/i2c-i801.c | 4 +- drivers/i2c/busses/i2c-pasemi-core.c | 5 + drivers/i2c/busses/i2c-qcom-geni.c | 16 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/imu/bno055/Kconfig | 1 + drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/hw/irdma/verbs.c | 7 + drivers/interconnect/qcom/sc8180x.c | 1 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 +- drivers/irqchip/irq-loongson-eiointc.c | 2 +- drivers/md/dm-core.h | 2 + drivers/md/dm-crypt.c | 37 +--- drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/dm-verity-target.c | 26 +-- drivers/md/dm-verity.h | 1 - drivers/md/md.c | 7 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/sdhci-pci-o2micro.c | 30 +++ drivers/net/can/dev/netlink.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +++- .../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 ++- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 82 ++++++-- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 46 ++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 3 + drivers/net/xen-netback/netback.c | 100 +++++---- drivers/of/property.c | 18 +- drivers/of/unittest.c | 12 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/max310x.c | 53 ++++- drivers/usb/common/ulpi.c | 2 +- drivers/usb/core/hub.c | 30 ++- drivers/usb/dwc3/gadget.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/typec/ucsi/ucsi.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- fs/btrfs/block-group.c | 49 ++++- fs/btrfs/block-group.h | 7 + fs/btrfs/delalloc-space.c | 29 ++- fs/btrfs/disk-io.c | 13 +- fs/btrfs/inode.c | 26 ++- fs/btrfs/ioctl.c | 5 + fs/btrfs/qgroup.c | 14 ++ fs/btrfs/send.c | 2 +- fs/ceph/caps.c | 3 +- fs/ext4/mballoc.c | 39 ++-- fs/ext4/move_extent.c | 6 +- fs/hugetlbfs/inode.c | 19 +- fs/namespace.c | 11 +- fs/nfsd/nfs4state.c | 37 ++-- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/ntfs3/fsntfs.c | 16 +- fs/ntfs3/index.c | 3 +- fs/proc/array.c | 10 +- fs/smb/client/cached_dir.c | 8 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/client/smb2pdu.c | 95 +++++---- fs/smb/client/smb2proto.h | 12 +- fs/smb/server/smb2pdu.c | 8 +- fs/zonefs/file.c | 42 ++-- fs/zonefs/super.c | 66 +++--- include/asm-generic/vmlinux.lds.h | 6 - include/linux/bpf.h | 12 +- include/linux/cleanup.h | 171 ++++++++++++++++ include/linux/compiler-clang.h | 9 + include/linux/compiler-gcc.h | 20 ++ include/linux/compiler_attributes.h | 6 + include/linux/compiler_types.h | 11 +- include/linux/device.h | 7 + include/linux/file.h | 6 + include/linux/iio/adc/ad_sigma_delta.h | 4 +- include/linux/iio/common/st_sensors.h | 4 +- include/linux/iio/imu/adis.h | 3 +- include/linux/init.h | 3 - include/linux/irqflags.h | 7 + include/linux/mmc/sdio_ids.h | 1 + include/linux/mutex.h | 4 + include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/percpu.h | 4 + include/linux/preempt.h | 5 + include/linux/rcupdate.h | 3 + include/linux/rwsem.h | 8 + include/linux/sched/task.h | 2 + include/linux/slab.h | 3 + include/linux/spinlock.h | 31 +++ include/linux/srcu.h | 5 + include/net/tls.h | 5 - init/Kconfig | 9 + io_uring/net.c | 5 +- kernel/bpf/helpers.c | 67 +++--- kernel/bpf/verifier.c | 3 +- kernel/sched/membarrier.c | 6 + kernel/time/hrtimer.c | 14 +- kernel/trace/bpf_trace.c | 56 +++-- kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 +++---- kernel/trace/trace_events_trigger.c | 6 +- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/userfaultfd.c | 15 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +++-- net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/mac80211/tx.c | 5 +- net/mptcp/pm_userspace.c | 13 +- net/mptcp/protocol.c | 24 +-- net/mptcp/protocol.h | 4 +- net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nft_set_pipapo_avx2.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +++-- net/tls/tls.h | 1 + net/tls/tls_main.c | 2 + net/tls/tls_sw.c | 226 +++++++++++++-------- net/wireless/core.c | 1 + net/xfrm/xfrm_input.c | 77 +++---- net/xfrm/xfrm_output.c | 33 +-- samples/bpf/asm_goto_workaround.h | 8 +- scripts/Makefile.modpost | 1 + scripts/checkpatch.pl | 2 +- scripts/link-vmlinux.sh | 9 +- scripts/mod/modpost.c | 43 ++-- scripts/mod/sumversion.c | 7 +- security/apparmor/include/lib.h | 6 +- security/security.c | 14 +- sound/pci/hda/patch_conexant.c | 18 ++ sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 11 +- sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/wcd938x.c | 2 +- tools/arch/x86/include/asm/rmwcc.h | 2 +- tools/include/linux/compiler_types.h | 4 +- tools/testing/selftests/kvm/dirty_log_test.c | 77 ++++--- tools/testing/selftests/net/mptcp/config | 3 + tools/testing/selftests/net/mptcp/settings | 2 +- tools/testing/selftests/vm/ksm_tests.c | 2 +- tools/testing/selftests/vm/va_128TBswitch.sh | 6 + tools/tracing/rtla/Makefile | 7 +- tools/tracing/rtla/src/osnoise_hist.c | 9 +- tools/tracing/rtla/src/osnoise_top.c | 6 +- tools/tracing/rtla/src/timerlat_hist.c | 9 +- tools/tracing/rtla/src/timerlat_top.c | 6 +- tools/tracing/rtla/src/utils.c | 12 +- tools/tracing/rtla/src/utils.h | 2 + 252 files changed, 2347 insertions(+), 1137 deletions(-)

1 year, 6 months

1
2
0 0

Re: [PATCH 6.7 000/309] 6.7.6-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 6 months

1
0
0 0

Backport commit fc4992458e0a ("fs/ntfs3: Add null pointer checks")

by Doebel, Bjoern

Hi, please backport commit fc4992458e0a ("fs/ntfs3: Add null pointer checks") to the 5.15 and 6.1 stable branches. Commit message """ Added null pointer checks in function ntfs_security_init. Also added le32_to_cpu in functions ntfs_security_init and indx_read. """ We are able to reproduce below Syzkaller report on these two stable builds. The issue does not reproduce on upstream, older, or newer LTS releases. Above patch fixes the issue. Best regards, Bjoern general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 11283 Comm: syz-executor.7 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:ntfs_security_init+0x561/0xac0 fs/ntfs3/fsntfs.c:1865 Code: 03 ff 41 83 fe 1f 0f 86 f8 03 00 00 e8 b8 5b 03 ff 4c 01 e3 e8 b0 5b 03 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ca RSP: 0018:ffffc90012417a60 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90007b0c000 RDX: 0000000000000000 RSI: ffffffff827961c0 RDI: 0000000000000005 RBP: ffff888024503000 R08: 0000000000000005 R09: 000000000000001f R10: 0000000000000000 R11: 00000000a5aa35ff R12: ffff888020543230 R13: ffff8880182f05d0 R14: 0000000000000000 R15: 00000000000000c8 FS: 00007f6bb914d6c0(0000) GS:ffff88805ab00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7ab932ff80 CR3: 00000000553ee001 CR4: 0000000000772ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> loop6: detected capacity change from 0 to 4096 ntfs3: Unknown parameter 'iE9�ND\��X8+dԧ�*��' ntfs_fill_super+0x1faf/0x22c0 fs/ntfs3/super.c:1238 get_tree_bdev+0x40a/0x700 fs/super.c:1355 vfs_get_tree+0x86/0x2e0 fs/super.c:1562 do_new_mount+0x2d5/0x630 fs/namespace.c:3040 path_mount+0x4c4/0x17e0 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x287/0x310 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f6bb846377e Code: 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6bb914cec8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f6bb914cf60 RCX: 00007f6bb846377e RDX: 000000002001f6c0 RSI: 000000002001f700 RDI: 00007f6bb914cf20 RBP: 000000002001f6c0 R08: 00007f6bb914cf60 R09: 00000000000000c0 R10: 00000000000000c0 R11: 0000000000000202 R12: 000000002001f700 R13: 00007f6bb914cf20 R14: 000000000001f6f9 R15: 0000000020000080 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ntfs_security_init+0x561/0xac0 fs/ntfs3/fsntfs.c:1865 Code: 03 ff 41 83 fe 1f 0f 86 f8 03 00 00 e8 b8 5b 03 ff 4c 01 e3 e8 b0 5b 03 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ca RSP: 0018:ffffc90012417a60 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90007b0c000 RDX: 0000000000000000 RSI: ffffffff827961c0 RDI: 0000000000000005 RBP: ffff888024503000 R08: 0000000000000005 R09: 000000000000001f R10: 0000000000000000 R11: 00000000a5aa35ff R12: ffff888020543230 R13: ffff8880182f05d0 R14: 0000000000000000 R15: 00000000000000c8 FS: 00007f6bb914d6c0(0000) GS:ffff88805ab00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7ab932ff80 CR3: 00000000553ee001 CR4: 0000000000772ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 ---------------- Code disassembly (best guess): 0: 03 ff add %edi,%edi 2: 41 83 fe 1f cmp $0x1f,%r14d 6: 0f 86 f8 03 00 00 jbe 0x404 c: e8 b8 5b 03 ff call 0xff035bc9 11: 4c 01 e3 add %r12,%rbx 14: e8 b0 5b 03 ff call 0xff035bc9 19: 48 89 da mov %rbx,%rdx 1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 23: fc ff df 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction 2e: 48 89 d8 mov %rbx,%rax 31: 83 e0 07 and $0x7,%eax 34: 83 c0 03 add $0x3,%eax 37: 38 d0 cmp %dl,%al 39: 7c 08 jl 0x43 3b: 84 d2 test %dl,%dl 3d: 0f .byte 0xf 3e: 85 ca test %ecx,%edx Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879

1 year, 6 months

2
1
0 0

[PATCH stable 5.4 v3] net: bcmgenet: Fix EEE implementation

by Florian Fainelli

commit a9f31047baca57d47440c879cf259b86f900260c upstream We had a number of short comings: - EEE must be re-evaluated whenever the state machine detects a link change as wight be switching from a link partner with EEE enabled/disabled - tx_lpi_enabled controls whether EEE should be enabled/disabled for the transmit path, which applies to the TBUF block - We do not need to forcibly enable EEE upon system resume, as the PHY state machine will trigger a link event that will do that, too Fixes: 6ef398ea60d9 ("net: bcmgenet: add EEE support") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> Link: https://lore.kernel.org/r/20230606214348.2408018-1-florian.fainelli@broadco… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- Changes in v2: - removed Changed-id .../net/ethernet/broadcom/genet/bcmgenet.c | 22 +++++++------------ .../net/ethernet/broadcom/genet/bcmgenet.h | 3 +++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +++++ 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index eeadeeec17ba..380bf7a328ba 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -1018,7 +1018,8 @@ static void bcmgenet_get_ethtool_stats(struct net_device *dev, } } -static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled) { struct bcmgenet_priv *priv = netdev_priv(dev); u32 off = priv->hw_params->tbuf_offset + TBUF_ENERGY_CTRL; @@ -1038,7 +1039,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) /* Enable EEE and switch to a 27Mhz clock automatically */ reg = bcmgenet_readl(priv->base + off); - if (enable) + if (tx_lpi_enabled) reg |= TBUF_EEE_EN | TBUF_PM_EN; else reg &= ~(TBUF_EEE_EN | TBUF_PM_EN); @@ -1059,6 +1060,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) priv->eee.eee_enabled = enable; priv->eee.eee_active = enable; + priv->eee.tx_lpi_enabled = tx_lpi_enabled; } static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) @@ -1074,6 +1076,7 @@ static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) e->eee_enabled = p->eee_enabled; e->eee_active = p->eee_active; + e->tx_lpi_enabled = p->tx_lpi_enabled; e->tx_lpi_timer = bcmgenet_umac_readl(priv, UMAC_EEE_LPI_TIMER); return phy_ethtool_get_eee(dev->phydev, e); @@ -1083,7 +1086,6 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) { struct bcmgenet_priv *priv = netdev_priv(dev); struct ethtool_eee *p = &priv->eee; - int ret = 0; if (GENET_IS_V1(priv)) return -EOPNOTSUPP; @@ -1094,16 +1096,11 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) p->eee_enabled = e->eee_enabled; if (!p->eee_enabled) { - bcmgenet_eee_enable_set(dev, false); + bcmgenet_eee_enable_set(dev, false, false); } else { - ret = phy_init_eee(dev->phydev, 0); - if (ret) { - netif_err(priv, hw, dev, "EEE initialization failed\n"); - return ret; - } - + p->eee_active = phy_init_eee(dev->phydev, false) >= 0; bcmgenet_umac_writel(priv, e->tx_lpi_timer, UMAC_EEE_LPI_TIMER); - bcmgenet_eee_enable_set(dev, true); + bcmgenet_eee_enable_set(dev, p->eee_active, e->tx_lpi_enabled); } return phy_ethtool_set_eee(dev->phydev, e); @@ -3688,9 +3685,6 @@ static int bcmgenet_resume(struct device *d) if (!device_may_wakeup(d)) phy_resume(dev->phydev); - if (priv->eee.eee_enabled) - bcmgenet_eee_enable_set(dev, true); - bcmgenet_netif_start(dev); netif_device_attach(dev); diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 5b7c2f9241d0..29bf256d13f6 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -736,4 +736,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, enum bcmgenet_power_mode mode); +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled); + #endif /* __BCMGENET_H__ */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 2fbec2acb606..026f00ccaa0c 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -25,6 +25,7 @@ #include "bcmgenet.h" + /* setup netdev link state when PHY link status change and * update UMAC and RGMII block when link up */ @@ -96,6 +97,11 @@ void bcmgenet_mii_setup(struct net_device *dev) CMD_RX_PAUSE_IGNORE | CMD_TX_PAUSE_IGNORE); reg |= cmd_bits; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + + priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0; + bcmgenet_eee_enable_set(dev, + priv->eee.eee_enabled && priv->eee.eee_active, + priv->eee.tx_lpi_enabled); } else { /* done if nothing has changed */ if (!status_changed) -- 2.34.1

1 year, 6 months

3
4
0 0

[regression 5.4.y][RFC][PATCH 0/1] mtd: rawnand: gpmi: busy_timeout_cycles

by max.oss.09＠gmail.com

From: Max Krummenacher <max.krummenacher(a)toradex.com> Hello With the backported commit e09ff743e30b ("mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times") in kernel 5.4.y I see corruption of the NAND content during kernel boot. Reverting said commit on top of current 5.4.y fixes the issue. It seems that the commit relies on commit 71c76f56b97c ("mtd: rawnand: gpmi: Fix setting busy timeout setting"), but its backport got reverted. One should either backport both commits or none, having only one results in potential bugs. I've seen it in 5.4.y, however in 5.10.y and 5.15.y there one of the two backports is also reverted and likely the same regression exists. Any comments? Max Max Krummenacher (1): Revert "Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"" drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.42.0

1 year, 6 months

2
2
0 0

[PATCH 5.15.y] Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack"

by Samasth Norway Ananda

This reverts commit 3eefb2fbf4ec1c1ff239b8b65e6e78aae335e4a6. libbpf support for "tc" progs doesn't exist for the linux-5.15.y tree. This commit was backported too far back in upstream, to a kernel where the libbpf support was not there for the test. Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: tools/testing/selftests/bpf/prog_tests/tailcalls.c conflict was caused due to code overlap with the commit b06bde1c5ed6 ("selftests/bpf: Correct map_fd to data_fd in tailcalls") in the function test_tailcall_bpf2bpf_6(). As this function is removed by the revert conflict is resolved. --- This was identified when we ran bpf selftest. $ cd tools/testing/selftests/bpf $ make test_progs $ ./test_progs --name=ksyms_module #137/1 tailcalls/tailcall_1:OK #137/2 tailcalls/tailcall_2:OK #137/3 tailcalls/tailcall_3:OK #137/4 tailcalls/tailcall_4:OK #137/5 tailcalls/tailcall_5:OK #137/6 tailcalls/tailcall_bpf2bpf_1:OK #137/7 tailcalls/tailcall_bpf2bpf_2:OK #137/8 tailcalls/tailcall_bpf2bpf_3:OK #137/9 tailcalls/tailcall_bpf2bpf_4:OK #137/10 tailcalls/tailcall_bpf2bpf_5:OK libbpf: prog 'classifier_0': missing BPF prog type, check ELF section name 'tc' libbpf: failed to load program 'classifier_0' libbpf: failed to load object 'tailcall_bpf2bpf6' libbpf: failed to load BPF skeleton 'tailcall_bpf2bpf6': -22 test_tailcall_bpf2bpf_6:FAIL:open and load unexpected error: -22 #137/11 tailcalls/tailcall_bpf2bpf_6:FAIL #137 tailcalls:FAIL Summary: 0/10 PASSED, 0 SKIPPED, 2 FAILED --- .../selftests/bpf/prog_tests/tailcalls.c | 55 ------------------- .../selftests/bpf/progs/tailcall_bpf2bpf6.c | 42 -------------- 2 files changed, 97 deletions(-) delete mode 100644 tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c diff --git a/tools/testing/selftests/bpf/prog_tests/tailcalls.c b/tools/testing/selftests/bpf/prog_tests/tailcalls.c index 28e30ad4a30e..2e3e525e8579 100644 --- a/tools/testing/selftests/bpf/prog_tests/tailcalls.c +++ b/tools/testing/selftests/bpf/prog_tests/tailcalls.c @@ -810,59 +810,6 @@ static void test_tailcall_bpf2bpf_4(bool noise) bpf_object__close(obj); } -#include "tailcall_bpf2bpf6.skel.h" - -/* Tail call counting works even when there is data on stack which is - * not aligned to 8 bytes. - */ -static void test_tailcall_bpf2bpf_6(void) -{ - struct tailcall_bpf2bpf6 *obj; - int err, map_fd, prog_fd, main_fd, data_fd, i, val; - LIBBPF_OPTS(bpf_test_run_opts, topts, - .data_in = &pkt_v4, - .data_size_in = sizeof(pkt_v4), - .repeat = 1, - ); - - obj = tailcall_bpf2bpf6__open_and_load(); - if (!ASSERT_OK_PTR(obj, "open and load")) - return; - - main_fd = bpf_program__fd(obj->progs.entry); - if (!ASSERT_GE(main_fd, 0, "entry prog fd")) - goto out; - - map_fd = bpf_map__fd(obj->maps.jmp_table); - if (!ASSERT_GE(map_fd, 0, "jmp_table map fd")) - goto out; - - prog_fd = bpf_program__fd(obj->progs.classifier_0); - if (!ASSERT_GE(prog_fd, 0, "classifier_0 prog fd")) - goto out; - - i = 0; - err = bpf_map_update_elem(map_fd, &i, &prog_fd, BPF_ANY); - if (!ASSERT_OK(err, "jmp_table map update")) - goto out; - - err = bpf_prog_test_run_opts(main_fd, &topts); - ASSERT_OK(err, "entry prog test run"); - ASSERT_EQ(topts.retval, 0, "tailcall retval"); - - data_fd = bpf_map__fd(obj->maps.bss); - if (!ASSERT_GE(data_fd, 0, "bss map fd")) - goto out; - - i = 0; - err = bpf_map_lookup_elem(data_fd, &i, &val); - ASSERT_OK(err, "bss map lookup"); - ASSERT_EQ(val, 1, "done flag is set"); - -out: - tailcall_bpf2bpf6__destroy(obj); -} - void test_tailcalls(void) { if (test__start_subtest("tailcall_1")) @@ -885,6 +832,4 @@ void test_tailcalls(void) test_tailcall_bpf2bpf_4(false); if (test__start_subtest("tailcall_bpf2bpf_5")) test_tailcall_bpf2bpf_4(true); - if (test__start_subtest("tailcall_bpf2bpf_6")) - test_tailcall_bpf2bpf_6(); } diff --git a/tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c b/tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c deleted file mode 100644 index 41ce83da78e8..000000000000 --- a/tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c +++ /dev/null @@ -1,42 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -#include <linux/bpf.h> -#include <bpf/bpf_helpers.h> - -#define __unused __attribute__((unused)) - -struct { - __uint(type, BPF_MAP_TYPE_PROG_ARRAY); - __uint(max_entries, 1); - __uint(key_size, sizeof(__u32)); - __uint(value_size, sizeof(__u32)); -} jmp_table SEC(".maps"); - -int done = 0; - -SEC("tc") -int classifier_0(struct __sk_buff *skb __unused) -{ - done = 1; - return 0; -} - -static __noinline -int subprog_tail(struct __sk_buff *skb) -{ - /* Don't propagate the constant to the caller */ - volatile int ret = 1; - - bpf_tail_call_static(skb, &jmp_table, 0); - return ret; -} - -SEC("tc") -int entry(struct __sk_buff *skb) -{ - /* Have data on stack which size is not a multiple of 8 */ - volatile char arr[1] = {}; - - return subprog_tail(skb); -} - -char __license[] SEC("license") = "GPL"; -- 2.42.0

1 year, 6 months

2
1
0 0

[PATCH 6.6 000/331] 6.6.15-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.15 release. There are 331 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 31 Jan 2024 16:59:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.15-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.15-rc1 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Drop lockdep assertion from thermal_zone_trip_id() Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Dawei Li <dawei.li(a)shingroup.cn> genirq: Initialize resend_node hlist for all interrupt descriptors Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Quanquan Cao <caoqq(a)fujitsu.com> cxl/region：Fix overflow issue in alloc_hpa() Michael Walle <mwalle(a)kernel.org> drm: bridge: samsung-dsim: Don't use FORCE_STOP_STATE Aleksander Jan Bajkowski <olek2(a)wp.pl> MIPS: lantiq: register smp_ops on non-smp platforms David Lechner <dlechner(a)baylibre.com> spi: fix finalize message on error return Shyam Prasad N <sprasad(a)microsoft.com> cifs: fix stray unlock in cifs_chan_skip_or_disable Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> spi: spi-cadence: Reverse the order of interleaved write and read operations Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Fix setting scaling max/min freq values Hsin-Yi Wang <hsinyi(a)chromium.org> drm/bridge: anx7625: Ensure bridge is suspended in disable() Li Lingfeng <lilingfeng3(a)huawei.com> block: Move checking GENHD_FL_NO_PART to bdev_add_partition() Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel-pci: Remove Meteor Lake-S SoC PCI ID from the list Artur Weber <aweber.kernel(a)gmail.com> ARM: dts: exynos4212-tab3: add samsung,invert-vclk flag to fimd Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Use xa_insert() when saving raw queues Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Use xa_insert() to store opps Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Yajun Deng <yajun.deng(a)linux.dev> memblock: fix crash when reserved memory is not added to memory Douglas Anderson <dianders(a)chromium.org> drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case Pin-yen Lin <treapking(a)chromium.org> drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: sii902x: Fix audio codec unregistration Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: sii902x: Fix probing race issue Artur Weber <aweber.kernel(a)gmail.com> drm/panel: samsung-s6d7aa0: drop DRM_BUS_FLAG_DE_HIGH for lsl080al02 Markus Niebel <Markus.Niebel(a)ew.tq-group.com> drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] Douglas Anderson <dianders(a)chromium.org> drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: set UNORD_DISPATCH in compute MQDs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: set UNORD_DISPATCH in compute MQDs Hsin-Yi Wang <hsinyi(a)chromium.org> drm/panel-edp: drm/panel-edp: Fix AUO B116XTN02 name Hsin-Yi Wang <hsinyi(a)chromium.org> drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing Sheng-Liang Pan <sheng-liang.pan(a)quanta.corp-partner.google.com> drm/panel-edp: Add AUO B116XTN02, BOE NT116WHM-N21,836X2, NV116WHM-N49 V8.0 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Only allow PSR in LPSP mode on HSW non-ULT Mika Kahola <mika.kahola(a)intel.com> drm/i915/lnl: Remove watchdog timers for PSR Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: optimize hint byte for zoned allocator Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: factor out prepare_allocation_zoned() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix unconditional activation of THRI interrupt Thomas Gleixner <tglx(a)linutronix.de> serial: sc16is7xx: Use port lock wrappers Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: migrate: fix getting incorrect page mapping during page migration Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: migrate: record the mlocked page status to remove unnecessary lru drain Di Shen <di.shen(a)unisoc.com> thermal: gov_power_allocator: avoid inability to reset a cdev Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Store trip pointer in struct thermal_instance Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Drop redundant trips check from for_each_thermal_trip() Alexander Stein <alexander.stein(a)ew.tq-group.com> media: i2c: imx290: Properly encode registers as little-endian Alexander Stein <alexander.stein(a)ew.tq-group.com> media: v4l2-cci: Add support for little-endian encoded registers Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: cci: Add macros to obtain register width and address Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: cci: Include linux/bits.h Lukas Schauer <lukas(a)schauer.dev> pipe: wakeup wr_wait after setting max_usage Max Kellermann <max.kellermann(a)ionos.com> fs/pipe: move check to pipe_has_watch_queue() Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> thermal: intel: hfi: Add syscore callbacks for system-wide PM Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> thermal: intel: hfi: Disable an HFI instance when all its CPUs go offline Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> thermal: intel: hfi: Refactor enabling code into helper functions Martin KaFai Lau <martin.lau(a)kernel.org> net/bpf: Avoid unused "sin_addr_len" warning when CONFIG_CGROUP_BPF is not set Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the power source flag error Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Align the returned error code with legacy DP Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu: correct the cu count for gfx v11 Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Ivan Lipski <ivlipski(a)amd.com> Revert "drm/amd/display: fix bandwidth validation failure on DCN 2.1" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Disable PSR-SU on Parade 0803 TCON again Melissa Wen <mwen(a)igalia.com> drm/amd/display: fix bandwidth validation failure on DCN 2.1 Javier Martinez Canillas <javierm(a)redhat.com> drm: Allow drivers to indicate the damage helpers to ignore damage clips Javier Martinez Canillas <javierm(a)redhat.com> drm/virtio: Disable damage clipping if FB changed since last page-flip Zack Rusin <zackr(a)vmware.com> drm: Disable the cursor plane on atomic contexts with virtualized drivers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix atomic_flush check Thomas Zimmermann <tzimmermann(a)suse.de> drm: Fix TODO list mentioning non-KMS drivers Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> Revert "drm/i915/dsi: Do display on sequence later on icl+" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Refine computation of P-state for given frequency Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Dave Chinner <dchinner(a)redhat.com> xfs: read only mounts with fsopen mount API are busted Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the null pointer when load rlc firmware Thomas Zimmermann <tzimmermann(a)suse.de> Revert "drivers/firmware: Move sysfb_init() from device_initcall to subsys_initcall_sync" Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Check mailbox/SMT channel for consistency Lin Ma <linma(a)zju.edu.cn> ksmbd: fix global oob in ksmbd_nl_policy Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe Nathan Chancellor <nathan(a)kernel.org> platform/x86: intel-uncore-freq: Fix types in sysfs callbacks Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix a memory corruption Bernd Edlinger <bernd.edlinger(a)hotmail.de> exec: Fix error handling in begin_new_exec() Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Omar Sandoval <osandov(a)fb.com> btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix lock ordering in btrfs_zone_activate() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix XDP_RING_NEED_WAKEUP for empty fill ring Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Remove FCS for XDP data path Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: do not test arp/ns target with mode balance-alb/tlb Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> i40e: update xdp_rxq_info::frag_size for ZC enabled Rx queue Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> i40e: set xdp_rxq_info::frag_size Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: remove redundant xdp_rxq_info registration Tirthendu Sarkar <tirthendu.sarkar(a)intel.com> i40e: handle multi-buffer packets that are shrunk by xdp prog Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: work on pre-XDP prog frag count Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix usage of multi-buffer BPF helpers for ZC XDP Daan De Meyer <daan.j.demeyer(a)gmail.com> bpf: Add bpf_sock_addr_set_sun_path() to allow writing unix sockaddr from bpf Daan De Meyer <daan.j.demeyer(a)gmail.com> bpf: Propagate modified uaddrlen from cgroup sockaddr programs Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: recycle buffer in case Rx queue was full Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: fix the udp_tunnel_nic test Jakub Kicinski <kuba(a)kernel.org> selftests: net: fix rps_default_mask with >32 CPUs Jenishkumar Maheshbhai Patel <jpatel2(a)marvell.com> net: mvpp2: clear BM pool before initialization Bernd Edlinger <bernd.edlinger(a)hotmail.de> net: stmmac: Wait a bit for the reset to take effect Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Florian Westphal <fw(a)strlen.de> netfilter: nft_limit: reject configurations that cause integer overflow Frederic Weisbecker <frederic(a)kernel.org> rcu: Defer RCU kthreads wakeup when CPU is dying Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/mlx5e: fix a potential double-free in fs_any_create_groups Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Ignore IPsec replay window values on sender side Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Allow software parsing when IPsec crypto is enabled Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Can't go to uplink vport on RX rule Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Bridge, fix multicast packets sent to uplink Erez Shitrit <erezsh(a)nvidia.com> net/mlx5: Bridge, Enable mcast in smfs steering mode Yishai Hadas <yishaih(a)nvidia.com> net/mlx5: Fix a WARN upon a callback command failure Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Fix peer flow lists handling Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Ido Schimmel <idosch(a)nvidia.com> net/sched: flower: Fix chain template offload Jakub Kicinski <kuba(a)kernel.org> selftests: fill in some missing configs for net Zhengchao Shao <shaozhengchao(a)huawei.com> ipv6: init the accept_queue's spinlocks in inet6_create Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Kuniyuki Iwashima <kuniyu(a)amazon.com> selftest: Don't reuse port for SO_INCOMING_CPU test. Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Dan Carpenter <dan.carpenter(a)linaro.org> netfs, fscache: Prevent Oops in fscache_put_cache() Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Horatiu Vultur <horatiu.vultur(a)microchip.com> net: micrel: Fix PTP frame parsing for lan8814 Yunjian Wang <wangyunjian(a)huawei.com> tun: add missing rx stats accounting in tun_xdp_act Yunjian Wang <wangyunjian(a)huawei.com> tun: fix missing dropped counter in tun_xdp_act Jakub Kicinski <kuba(a)kernel.org> net: fix removing a namespace with conflicting altnames Eric Dumazet <edumazet(a)google.com> udp: fix busy polling Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Prevent kernel warning when running offline self test Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Wait for FLR to complete during probe Zhengchao Shao <shaozhengchao(a)huawei.com> tcp: make sure init the accept_queue's spinlocks once Benjamin Poirier <bpoirier(a)nvidia.com> selftests: bonding: Increase timeout to 1200s Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix potential sta-link leak Lucas Stach <l.stach(a)pengutronix.de> SUNRPC: use request size to initialize bio_vec in svc_udp_sendto() Shyam Prasad N <sprasad(a)microsoft.com> cifs: after disabling multichannel, mark tcon for reconnect Shyam Prasad N <sprasad(a)microsoft.com> cifs: fix a pending undercount of srv_count Shyam Prasad N <sprasad(a)microsoft.com> cifs: fix lock ordering while disabling multichannel Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd: Enable PCIe PME from D3" Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: check if max number of bpf_loop iterations is tracked Eduard Zingerman <eddyz87(a)gmail.com> bpf: keep track of max number of bpf_loop callback iterations Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test widening for iterating callbacks Eduard Zingerman <eddyz87(a)gmail.com> bpf: widening for callback iterators Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: tests for iterating callbacks Eduard Zingerman <eddyz87(a)gmail.com> bpf: verify callbacks as if they are called unknown number of times Eduard Zingerman <eddyz87(a)gmail.com> bpf: extract setup_func_entry() utility function Eduard Zingerman <eddyz87(a)gmail.com> bpf: extract __check_reg_arg() utility function Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: track string payload offset as scalar in strobemeta Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: track tcp payload offset as scalar in xdp_synproxy Eduard Zingerman <eddyz87(a)gmail.com> bpf: print full verifier states on infinite loop detection Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test if state loops are detected in a tricky case Eduard Zingerman <eddyz87(a)gmail.com> bpf: correct loop detection for iterators convergence Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: tests with delayed read/precision makrs in loop body Eduard Zingerman <eddyz87(a)gmail.com> bpf: exact states comparison for iterator convergence checks Eduard Zingerman <eddyz87(a)gmail.com> bpf: extract same_callsites() as utility function Eduard Zingerman <eddyz87(a)gmail.com> bpf: move explored_state() closer to the beginning of verifier.c Rohan G Thomas <rohan.g.thomas(a)intel.com> dt-bindings: net: snps,dwmac: Tx coe unsupported Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Add missing set_freezable() for freezable kthread Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send lease break notification on FILE_RENAME_INFORMATION Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't increment epoch if current state and request state are same Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential circular locking issue in smb2_set_ea() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease version on lease upgrade Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: Do not hold the port lock when setting rx-during-tx GPIO Charan Teja Kalla <quic_charante(a)quicinc.com> mm: page_alloc: unreserve highatomic page blocks before oom Huacai Chen <chenhuacai(a)kernel.org> LoongArch/smp: Call rcutree_report_cpu_starting() earlier Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: improve do/while loop in sc16is7xx_irq() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove obsolete loop in sc16is7xx_port_irq() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in case of probe error Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: change EFR lock to operate on each channels Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove unused line structure member Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove global regmap from struct sc16is7xx_port Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove wasteful static buffer in sc16is7xx_regmap_name() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: improve regmap debugfs by using one regmap per port Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Charan Teja Kalla <quic_charante(a)quicinc.com> mm/sparsemem: fix race in accessing memory_section->usage Steven Rostedt (Google) <rostedt(a)goodmis.org> mm/rmap: fix misplaced parenthesis of a likely() Donet Tom <donettom(a)linux.vnet.ibm.com> selftests: mm: hugepage-vmemmap fails on 64K page size systems James Gowans <jgowans(a)amazon.com> kexec: do syscore_shutdown() in kernel_kexec Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Ma Wupeng <mawupeng1(a)huawei.com> efi: disable mirror feature during crashkernel Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Mario Limonciello <mario.limonciello(a)amd.com> rtc: Extend timeout for waiting for UIP to clear to 1s Mario Limonciello <mario.limonciello(a)amd.com> rtc: Add support for configuring the UIP timeout for RTC reads Mario Limonciello <mario.limonciello(a)amd.com> rtc: mc146818-lib: Adjust failure return code for mc146818_get_time() Mario Limonciello <mario.limonciello(a)amd.com> rtc: Adjust failure return code for cmos_set_alarm() Mario Limonciello <mario.limonciello(a)amd.com> rtc: cmos: Use ACPI alarm for non-Intel x86 systems too Mark Rutland <mark.rutland(a)arm.com> arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Mark Brown <broonie(a)kernel.org> arm64/sme: Always exit sme_alloc() early with existing storage Rob Herring <robh(a)kernel.org> arm64: errata: Add Cortex-A510 speculative unprivileged load workaround Rob Herring <robh(a)kernel.org> arm64: Rename ARM64_WORKAROUND_2966298 Guo Ren <guoren(a)kernel.org> riscv: mm: Fixup compat mode boot failure Guo Ren <guoren(a)kernel.org> riscv: mm: Fixup compat arch_get_mmap_end Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix timeout schedule error in mtk_jpegdec_worker. Alain Volmat <alain.volmat(a)foss.st.com> media: i2c: st-mipid02: correct format propagation Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mmc: mmc_spi: remove custom DMA mapped buffers Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Michael Grzeschik <m.grzeschik(a)pengutronix.de> media: videobuf2-dma-sg: fix vmap callback Vegard Nossum <vegard.nossum(a)oracle.com> scripts/get_abi: fix source path leak Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_abi.py: fix command injection Jordan Rife <jrife(a)google.com> dlm: use kernel_connect() and kernel_bind() Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm670: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm670: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8180x: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8180x: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: Add missing vio-supply for AW2013 Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7280: fix usb_1 wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8180x: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm670: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180: fix USB wakeup interrupt types Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8939: Make blsp_dma controlled-remotely Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Fix rk3588 USB power-domain clocks Tianling Shen <cnsztl(a)gmail.com> arm64: dts: rockchip: configure eth pad driver strength for orangepi r1 plus lts Cixi Geng <cixi.geng1(a)unisoc.com> arm64: dts: sprd: fix the cpu node for UMS512 Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-crd: fix eDP phy compatible Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> ARM: dts: imx6q-apalis: add can power-up delay on ixora board Helge Deller <deller(a)gmx.de> parisc/power: Fix power soft-off button emulation on qemu Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Bhaumik Bhatt <bbhatt(a)codeaurora.org> bus: mhi: host: Add spinlock to protect WP access when queueing TREs Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Drop chan lock before queuing buffers Krishna chaitanya chundru <quic_krichai(a)quicinc.com> bus: mhi: host: Add alignment check for event ring read pointer Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Eric Dumazet <edumazet(a)google.com> nbd: always initialize struct msghdr completely Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: do not reset queue removed from host config Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: reset queues associated with adapter for queue unbound from driver Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: reset queues filtered from the guest's AP config Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration Tony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: always filter entire AP matrix Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: qmc: Fix rx channel reset Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: qmc: Fix __iomem addresses declaration Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: tsa: Fix __iomem addresses declaration Bingbu Cao <bingbu.cao(a)intel.com> media: ov01a10: Enable runtime PM before registering async sub-device Bingbu Cao <bingbu.cao(a)intel.com> media: ov13b10: Enable runtime PM before registering async sub-device Bingbu Cao <bingbu.cao(a)intel.com> media: ov9734: Enable runtime PM before registering async sub-device Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Bingbu Cao <bingbu.cao(a)intel.com> media: imx355: Enable runtime PM before registering async sub-device Johan Hovold <johan+linaro(a)kernel.org> soc: qcom: pmic_glink_altmode: fix port sanity check Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Clarify conditions to enable continuous reads Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Prevent sequential reads with on-die ECC engines Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix core interference with sequential reads Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Prevent crossing LUN boundaries during sequential reads Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Anthony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: unpin pages on gisc registration failure Herbert Xu <herbert(a)gondor.apana.org.au> crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names Gao Xiang <xiang(a)kernel.org> erofs: fix lz4 inplace decompression Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Disseldorp <ddiss(a)suse.de> btrfs: sysfs: validate scrub_speed_max value Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Pass rounded rate to _set_opp() Josef Bacik <josef(a)toxicpanda.com> arm64: properly install vmlinuz.efi Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix possible deadlocks in core system-wide PM code Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Introduce async_schedule_dev_nocall() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Split async_schedule_node_domain() Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Geoff Levand <geoff(a)infradead.org> powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: update iface_last_update on each query-and-update Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle servers that still advertise multichannel after disabling Shyam Prasad N <sprasad(a)microsoft.com> cifs: reconnect worker should take reference on server struct unconditionally Shyam Prasad N <sprasad(a)microsoft.com> Revert "cifs: reconnect work should have reference on server struct" Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle when server stops supporting multichannel Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle when server starts supporting multichannel Shyam Prasad N <sprasad(a)microsoft.com> cifs: reconnect work should have reference on server struct Shyam Prasad N <sprasad(a)microsoft.com> cifs: handle cases where a channel is closed Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of SMB3.1.1 POSIX create context Geert Uytterhoeven <geert+renesas(a)glider.be> sh: ecovec24: Rename missed backlight field from fbdev to dev Niklas Cassel <cassel(a)kernel.org> scsi: core: Kick the requeue list after inserting when flushing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> riscv: Fix an off-by-one in get_early_cmdline() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() Rex Zhang <rex.zhang(a)intel.com> dmaengine: idxd: Move dma_free_coherent() out of spinlocked context Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: fix NULL pointer in channel unregistration function Frank Li <Frank.Li(a)nxp.com> dmaengine: fsl-edma: fix eDMAv4 channel allocation issue Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Enable internal vref if external vref is not supplied Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Allow users to configure device events Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Set alert bit in config register Romain Gantois <romain.gantois(a)bootlin.com> net: stmmac: Prevent DSA tags from breaking COE Rohan G Thomas <rohan.g.thomas(a)intel.com> net: stmmac: Tx coe sw fallback Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: fix initializing sysfs for same devices on different buses Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: bus: introduce controller_id Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: core: set missing supported flag for RX during TX GPIO Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Simplify uart_get_rs485_mode() Vegard Nossum <vegard.nossum(a)oracle.com> docs: kernel_feat.py: fix potential command injection Min-Hua Chen <minhuadotchen(a)gmail.com> docs: sparse: add sparse.rst to toctree Min-Hua Chen <minhuadotchen(a)gmail.com> docs: sparse: move TW sparse.txt to TW dev-tools ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Documentation/admin-guide/abi-obsolete.rst | 2 +- Documentation/admin-guide/abi-removed.rst | 2 +- Documentation/admin-guide/abi-stable.rst | 2 +- Documentation/admin-guide/abi-testing.rst | 2 +- Documentation/admin-guide/features.rst | 2 +- Documentation/arch/arc/features.rst | 2 +- Documentation/arch/arm/features.rst | 2 +- Documentation/arch/arm64/features.rst | 2 +- Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/arch/loongarch/features.rst | 2 +- Documentation/arch/m68k/features.rst | 2 +- Documentation/arch/mips/features.rst | 2 +- Documentation/arch/nios2/features.rst | 2 +- Documentation/arch/openrisc/features.rst | 2 +- Documentation/arch/parisc/features.rst | 2 +- Documentation/arch/s390/features.rst | 2 +- Documentation/arch/sh/features.rst | 2 +- Documentation/arch/sparc/features.rst | 2 +- Documentation/arch/x86/features.rst | 2 +- Documentation/arch/xtensa/features.rst | 2 +- .../devicetree/bindings/net/snps,dwmac.yaml | 5 + Documentation/filesystems/directory-locking.rst | 29 +- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 + Documentation/gpu/drm-kms.rst | 2 + Documentation/gpu/todo.rst | 7 +- Documentation/powerpc/features.rst | 2 +- Documentation/riscv/features.rst | 2 +- Documentation/sphinx/kernel_abi.py | 56 +- Documentation/sphinx/kernel_feat.py | 55 +- .../translations/zh_CN/arch/loongarch/features.rst | 2 +- .../translations/zh_CN/arch/mips/features.rst | 2 +- .../translations/zh_TW/dev-tools/index.rst | 40 + .../translations/zh_TW/{ => dev-tools}/sparse.txt | 0 Documentation/translations/zh_TW/index.rst | 2 +- Makefile | 4 +- arch/alpha/kernel/rtc.c | 2 +- .../boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts | 2 + arch/arm/boot/dts/qcom/qcom-sdx55.dtsi | 10 +- arch/arm/boot/dts/samsung/exynos4210-i9100.dts | 8 + arch/arm/boot/dts/samsung/exynos4212-tab3.dtsi | 1 + arch/arm64/Kconfig | 18 + .../boot/dts/qcom/msm8916-longcheer-l8150.dts | 1 + .../boot/dts/qcom/msm8916-wingtech-wt88047.dts | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8939.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8953-xiaomi-mido.dts | 1 + arch/arm64/boot/dts/qcom/msm8953-xiaomi-tissot.dts | 1 + arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts | 1 + arch/arm64/boot/dts/qcom/sc7180.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 16 +- arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 2 + arch/arm64/boot/dts/qcom/sdm670.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 16 +- .../dts/rockchip/rk3328-orangepi-r1-plus-lts.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3588s.dtsi | 1 + arch/arm64/boot/dts/sprd/ums512.dtsi | 4 +- arch/arm64/boot/install.sh | 3 +- arch/arm64/kernel/cpu_errata.c | 21 +- arch/arm64/kernel/entry.S | 22 +- arch/arm64/kernel/fpsimd.c | 6 +- arch/arm64/tools/cpucaps | 2 +- arch/loongarch/kernel/smp.c | 3 +- arch/mips/kernel/elf.c | 6 + arch/mips/lantiq/prom.c | 7 +- arch/mips/mm/init.c | 12 +- arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/configs/ps3_defconfig | 1 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/include/asm/processor.h | 2 +- arch/riscv/kernel/pi/cmdline_early.c | 3 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/crypto/paes_s390.c | 4 +- arch/sh/boards/mach-ecovec24/setup.c | 2 +- arch/x86/include/asm/syscall_wrapper.h | 25 +- arch/x86/kernel/hpet.c | 2 +- arch/x86/kernel/rtc.c | 2 +- block/ioctl.c | 2 - block/partitions/core.c | 5 + crypto/algapi.c | 1 + drivers/base/power/main.c | 148 ++-- drivers/base/power/trace.c | 2 +- drivers/block/nbd.c | 6 +- drivers/block/rbd.c | 22 +- drivers/bus/mhi/host/main.c | 29 +- drivers/char/hw_random/core.c | 34 +- drivers/cpufreq/amd-pstate.c | 7 +- drivers/cpufreq/intel_pstate.c | 55 +- drivers/cxl/core/region.c | 4 +- drivers/devfreq/devfreq.c | 57 +- drivers/dma/dmaengine.c | 3 + drivers/dma/fsl-edma-main.c | 8 + drivers/dma/idxd/device.c | 9 +- drivers/firmware/arm_scmi/common.h | 1 + drivers/firmware/arm_scmi/mailbox.c | 14 + drivers/firmware/arm_scmi/perf.c | 23 +- drivers/firmware/arm_scmi/raw_mode.c | 12 +- drivers/firmware/arm_scmi/shmem.c | 6 + drivers/firmware/sysfb.c | 2 +- drivers/gpio/gpio-eic-sprd.c | 32 +- drivers/gpio/gpiolib-acpi.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 17 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 1 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 5 + .../amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 21 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 8 +- .../drm/amd/display/dc/link/protocols/link_dpcd.c | 4 +- .../dc/link/protocols/link_edp_panel_control.c | 11 +- .../drm/amd/display/modules/power/power_helpers.c | 2 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 13 +- drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 + drivers/gpu/drm/bridge/analogix/anx7625.c | 7 +- drivers/gpu/drm/bridge/analogix/anx7625.h | 2 + drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/bridge/parade-ps8640.c | 23 + drivers/gpu/drm/bridge/samsung-dsim.c | 32 +- drivers/gpu/drm/bridge/sii902x.c | 42 +- drivers/gpu/drm/drm_damage_helper.c | 3 +- drivers/gpu/drm/drm_plane.c | 14 + drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_psr.c | 22 +- drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/gpu/drm/panel/panel-edp.c | 7 +- drivers/gpu/drm/panel/panel-samsung-s6d7aa0.c | 2 +- drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/qxl/qxl_drv.c | 2 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 +- drivers/gpu/drm/vboxvideo/vbox_drv.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 2 +- drivers/gpu/drm/virtio/virtgpu_plane.c | 10 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/iio/adc/ad7091r-base.c | 169 ++++ drivers/iio/adc/ad7091r-base.h | 8 + drivers/iio/adc/ad7091r5.c | 28 +- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 10 +- drivers/media/i2c/imx290.c | 42 +- drivers/media/i2c/imx355.c | 12 +- drivers/media/i2c/ov01a10.c | 18 +- drivers/media/i2c/ov13b10.c | 14 +- drivers/media/i2c/ov9734.c | 19 +- drivers/media/i2c/st-mipid02.c | 9 +- .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 12 +- drivers/media/v4l2-core/v4l2-cci.c | 52 +- drivers/mmc/core/block.c | 46 +- drivers/mmc/host/mmc_spi.c | 186 +---- drivers/mtd/maps/vmu-flash.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 87 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 + drivers/net/ethernet/engleder/tsnep_main.c | 17 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 47 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 49 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 +- drivers/net/ethernet/intel/ice/ice_base.c | 37 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 19 +- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 + drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 31 +- drivers/net/ethernet/intel/ice/ice_xsk.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 27 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 5 +- .../mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 +- .../ethernet/mellanox/mlx5/core/esw/bridge_mcast.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c | 2 +- .../mellanox/mlx5/core/steering/dr_action.c | 17 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 43 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 3 + drivers/net/fjes/fjes_hw.c | 37 +- drivers/net/hyperv/netvsc_drv.c | 4 +- drivers/net/phy/micrel.c | 11 + drivers/net/tun.c | 10 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 4 +- drivers/opp/core.c | 6 +- drivers/parisc/power.c | 2 +- .../uncore-frequency/uncore-frequency-common.c | 82 +- .../uncore-frequency/uncore-frequency-common.h | 32 +- drivers/platform/x86/p2sb.c | 180 ++++- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/rtc/rtc-cmos.c | 28 +- drivers/rtc/rtc-mc146818-lib.c | 39 +- drivers/s390/crypto/vfio_ap_ops.c | 269 ++++--- drivers/s390/crypto/vfio_ap_private.h | 3 + drivers/scsi/scsi_error.c | 9 +- drivers/soc/fsl/qe/qmc.c | 35 +- drivers/soc/fsl/qe/tsa.c | 22 +- drivers/soc/qcom/pmic_glink_altmode.c | 4 +- drivers/soundwire/amd_manager.c | 8 + drivers/soundwire/bus.c | 4 + drivers/soundwire/debugfs.c | 2 +- drivers/soundwire/intel_auxdevice.c | 3 + drivers/soundwire/master.c | 2 +- drivers/soundwire/qcom.c | 3 + drivers/soundwire/slave.c | 12 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-cadence.c | 17 +- drivers/spi/spi-intel-pci.c | 1 - drivers/spi/spi.c | 4 + drivers/thermal/gov_bang_bang.c | 23 +- drivers/thermal/gov_fair_share.c | 5 +- drivers/thermal/gov_power_allocator.c | 13 +- drivers/thermal/gov_step_wise.c | 16 +- drivers/thermal/intel/intel_hfi.c | 106 ++- drivers/thermal/thermal_core.c | 15 +- drivers/thermal/thermal_core.h | 4 +- drivers/thermal/thermal_helpers.c | 5 +- drivers/thermal/thermal_sysfs.c | 3 +- drivers/thermal/thermal_trip.c | 16 +- drivers/tty/serial/imx.c | 4 - drivers/tty/serial/sc16is7xx.c | 389 ++++----- drivers/tty/serial/serial_core.c | 58 +- drivers/tty/serial/stm32-usart.c | 8 +- drivers/ufs/core/ufshcd.c | 7 +- fs/afs/dir.c | 8 + fs/btrfs/extent-tree.c | 53 +- fs/btrfs/inode.c | 22 +- fs/btrfs/ioctl.c | 7 + fs/btrfs/ref-verify.c | 6 +- fs/btrfs/scrub.c | 29 +- fs/btrfs/sysfs.c | 4 + fs/btrfs/tree-checker.c | 2 +- fs/btrfs/zoned.c | 8 +- fs/dlm/lowcomms.c | 14 +- fs/erofs/decompressor.c | 31 +- fs/exec.c | 3 + fs/ext4/mballoc.c | 15 +- fs/fscache/cache.c | 3 +- fs/ioctl.c | 3 +- fs/namei.c | 60 +- fs/nfsd/nfs4state.c | 26 +- fs/pipe.c | 19 +- fs/smb/client/cifs_debug.c | 5 + fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 5 +- fs/smb/client/connect.c | 31 +- fs/smb/client/sess.c | 96 ++- fs/smb/client/smb2ops.c | 10 +- fs/smb/client/smb2pdu.c | 162 +++- fs/smb/client/smb2transport.c | 8 +- fs/smb/client/transport.c | 2 +- fs/smb/server/connection.c | 1 + fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/oplock.c | 16 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/transport_ipc.c | 4 +- fs/ubifs/dir.c | 2 + fs/xfs/xfs_super.c | 27 +- include/drm/drm_drv.h | 9 + include/drm/drm_file.h | 12 + include/drm/drm_plane.h | 10 + include/linux/async.h | 2 + include/linux/bpf-cgroup.h | 73 +- include/linux/bpf_verifier.h | 32 + include/linux/filter.h | 1 + include/linux/lsm_hook_defs.h | 2 + include/linux/mc146818rtc.h | 3 +- include/linux/mlx5/fs.h | 2 + include/linux/mlx5/mlx5_ifc.h | 2 +- include/linux/mmzone.h | 14 +- include/linux/mtd/rawnand.h | 2 + include/linux/pipe_fs_i.h | 16 + include/linux/rmap.h | 4 +- include/linux/security.h | 9 + include/linux/serial_core.h | 79 ++ include/linux/skmsg.h | 6 - include/linux/soundwire/sdw.h | 4 +- include/linux/stmmac.h | 1 + include/linux/syscalls.h | 1 + include/media/v4l2-cci.h | 11 + include/net/inet_connection_sock.h | 8 + include/net/inet_sock.h | 5 - include/net/llc_pdu.h | 6 +- include/net/sch_generic.h | 4 + include/net/sock.h | 18 +- include/net/xdp_sock_drv.h | 27 + include/uapi/linux/btrfs.h | 3 + kernel/async.c | 85 +- kernel/bpf/btf.c | 1 + kernel/bpf/cgroup.c | 17 +- kernel/bpf/verifier.c | 875 ++++++++++++++++----- kernel/irq/irqdesc.c | 2 +- kernel/kexec_core.c | 1 + kernel/power/swap.c | 38 +- kernel/rcu/tree.c | 34 +- kernel/rcu/tree_exp.h | 3 +- kernel/time/clocksource.c | 25 +- kernel/time/tick-sched.c | 5 + kernel/trace/tracing_map.c | 7 +- lib/crypto/mpi/ec.c | 3 + mm/memblock.c | 3 + mm/migrate.c | 65 +- mm/mm_init.c | 6 + mm/page_alloc.c | 16 +- mm/sparse.c | 17 +- net/8021q/vlan_netlink.c | 4 + net/core/dev.c | 9 + net/core/dev.h | 3 + net/core/filter.c | 79 +- net/core/request_sock.c | 3 - net/core/sock.c | 11 +- net/ipv4/af_inet.c | 12 +- net/ipv4/inet_connection_sock.c | 4 + net/ipv4/ping.c | 2 +- net/ipv4/tcp.c | 1 + net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/udp.c | 9 +- net/ipv6/af_inet6.c | 12 +- net/ipv6/ping.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- net/ipv6/udp.c | 6 +- net/llc/af_llc.c | 24 +- net/llc/llc_core.c | 7 - net/mac80211/sta_info.c | 5 +- net/netfilter/nf_tables_api.c | 20 +- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_compat.c | 12 + net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_limit.c | 23 +- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/rds/af_rds.c | 2 +- net/sched/cls_api.c | 9 +- net/sched/cls_flower.c | 23 + net/smc/smc_diag.c | 2 +- net/sunrpc/svcsock.c | 4 +- net/xdp/xsk.c | 12 +- net/xdp/xsk_buff_pool.c | 1 + scripts/get_abi.pl | 2 +- security/security.c | 18 + security/selinux/hooks.c | 28 + security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/soc/intel/boards/sof_sdw.c | 4 +- tools/testing/selftests/bpf/prog_tests/verifier.c | 2 + tools/testing/selftests/bpf/progs/cb_refs.c | 1 + tools/testing/selftests/bpf/progs/iters.c | 695 ++++++++++++++++ tools/testing/selftests/bpf/progs/strobemeta.h | 78 +- .../bpf/progs/verifier_iterating_callbacks.c | 242 ++++++ .../bpf/progs/verifier_subprog_precision.c | 86 +- .../selftests/bpf/progs/xdp_synproxy_kern.c | 84 +- .../selftests/drivers/net/bonding/bond_options.sh | 8 +- .../testing/selftests/drivers/net/bonding/settings | 2 +- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 9 + tools/testing/selftests/mm/hugepage-vmemmap.c | 29 +- tools/testing/selftests/net/config | 28 + tools/testing/selftests/net/rps_default_mask.sh | 6 +- tools/testing/selftests/net/so_incoming_cpu.c | 68 +- 366 files changed, 5747 insertions(+), 2192 deletions(-)

1 year, 6 months

16
358
0 0

[PATCH v4.19.y] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

by Ajay Kaher

From: Dan Carpenter <dan.carpenter(a)linaro.org> commit c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 upstream. The problem is in nft_byteorder_eval() where we are iterating through a loop and writing to dst[0], dst[1], dst[2] and so on... On each iteration we are writing 8 bytes. But dst[] is an array of u32 so each element only has space for 4 bytes. That means that every iteration overwrites part of the previous element. I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter: nf_tables: prevent OOB access in nft_byteorder_eval") which is a related issue. I think that the reason we have not detected this bug in testing is that most of time we only write one element. Fixes: ce1e7989d989 ("netfilter: nft_byteorder: provide 64bit le/be conversion") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Ajay: Modified to apply on v4.19.y] Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> --- net/netfilter/nft_byteorder.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_byteorder.c b/net/netfilter/nft_byteorder.c index dba1612..8c4ee49 100644 --- a/net/netfilter/nft_byteorder.c +++ b/net/netfilter/nft_byteorder.c @@ -41,19 +41,20 @@ static void nft_byteorder_eval(const struct nft_expr *expr, switch (priv->size) { case 8: { + u64 *dst64 = (void *)dst; u64 src64; switch (priv->op) { case NFT_BYTEORDER_NTOH: for (i = 0; i < priv->len / 8; i++) { src64 = get_unaligned((u64 *)&src[i]); - put_unaligned_be64(src64, &dst[i]); + put_unaligned_be64(src64, &dst64[i]); } break; case NFT_BYTEORDER_HTON: for (i = 0; i < priv->len / 8; i++) { src64 = get_unaligned_be64(&src[i]); - put_unaligned(src64, (u64 *)&dst[i]); + put_unaligned(src64, &dst64[i]); } break; } -- 2.7.4

1 year, 6 months

2
2
0 0

[PATCH 5.4,4.19] lsm: new security_file_ioctl_compat() hook

by Eric Biggers

From: Alfred Piccioni <alpic(a)google.com> commit f1bb47a31dff6d4b34fb14e99850860ee74bb003 upstream. [Please apply to 5.4-stable and 4.19-stable. The upstream commit failed to apply to these kernels. This patch resolves the conflicts.] Some ioctl commands do not require ioctl permission, but are routed to other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*). However, if a 32-bit process is running on a 64-bit kernel, it emits 32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are being checked erroneously, which leads to these ioctl operations being routed to the ioctl permission, rather than the correct file permissions. This was also noted in a RED-PEN finding from a while back - "/* RED-PEN how should LSM module know it's handling 32bit? */". This patch introduces a new hook, security_file_ioctl_compat(), that is called from the compat ioctl syscall. All current LSMs have been changed to support this hook. Reviewing the three places where we are currently using security_file_ioctl(), it appears that only SELinux needs a dedicated compat change; TOMOYO and SMACK appear to be functional without any change. Cc: stable(a)vger.kernel.org Fixes: 0b24dcb7f2f7 ("Revert "selinux: simplify ioctl checking"") Signed-off-by: Alfred Piccioni <alpic(a)google.com> Reviewed-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject tweak, line length fixes, and alignment corrections] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/compat_ioctl.c | 3 +-- include/linux/lsm_hooks.h | 9 +++++++++ include/linux/security.h | 9 +++++++++ security/security.c | 17 +++++++++++++++++ security/selinux/hooks.c | 28 ++++++++++++++++++++++++++++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + 7 files changed, 66 insertions(+), 2 deletions(-) diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index 8fcc53d83af2d..22f7dc6688dee 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -994,8 +994,7 @@ COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, if (!f.file) goto out; - /* RED-PEN how should LSM module know it's handling 32bit? */ - error = security_file_ioctl(f.file, cmd, arg); + error = security_file_ioctl_compat(f.file, cmd, arg); if (error) goto out_fput; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a21dc5413653e..0f4897e97c70f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -498,6 +498,12 @@ * simple integer value. When @arg represents a user space pointer, it * should never be used by the security module. * Return 0 if permission is granted. + * @file_ioctl_compat: + * @file contains the file structure. + * @cmd contains the operation to perform. + * @arg contains the operational arguments. + * Check permission for a compat ioctl operation on @file. + * Return 0 if permission is granted. * @mmap_addr : * Check permissions for a mmap operation at @addr. * @addr contains virtual address that will be used for the operation. @@ -1602,6 +1608,8 @@ union security_list_options { void (*file_free_security)(struct file *file); int (*file_ioctl)(struct file *file, unsigned int cmd, unsigned long arg); + int (*file_ioctl_compat)(struct file *file, unsigned int cmd, + unsigned long arg); int (*mmap_addr)(unsigned long addr); int (*mmap_file)(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags); @@ -1907,6 +1915,7 @@ struct security_hook_heads { struct hlist_head file_alloc_security; struct hlist_head file_free_security; struct hlist_head file_ioctl; + struct hlist_head file_ioctl_compat; struct hlist_head mmap_addr; struct hlist_head mmap_file; struct hlist_head file_mprotect; diff --git a/include/linux/security.h b/include/linux/security.h index aa5c7141c8d17..1a99958b850b5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -362,6 +362,8 @@ int security_file_permission(struct file *file, int mask); int security_file_alloc(struct file *file); void security_file_free(struct file *file); int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); +int security_file_ioctl_compat(struct file *file, unsigned int cmd, + unsigned long arg); int security_mmap_file(struct file *file, unsigned long prot, unsigned long flags); int security_mmap_addr(unsigned long addr); @@ -907,6 +909,13 @@ static inline int security_file_ioctl(struct file *file, unsigned int cmd, return 0; } +static inline int security_file_ioctl_compat(struct file *file, + unsigned int cmd, + unsigned long arg) +{ + return 0; +} + static inline int security_mmap_file(struct file *file, unsigned long prot, unsigned long flags) { diff --git a/security/security.c b/security/security.c index 460c3826f6401..6c06296548c21 100644 --- a/security/security.c +++ b/security/security.c @@ -1422,6 +1422,23 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) return call_int_hook(file_ioctl, 0, file, cmd, arg); } +/** + * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode + * @file: associated file + * @cmd: ioctl cmd + * @arg: ioctl arguments + * + * Compat version of security_file_ioctl() that correctly handles 32-bit + * processes running on 64-bit kernels. + * + * Return: Returns 0 if permission is granted. + */ +int security_file_ioctl_compat(struct file *file, unsigned int cmd, + unsigned long arg) +{ + return call_int_hook(file_ioctl_compat, 0, file, cmd, arg); +} + static inline unsigned long mmap_prot(struct file *file, unsigned long prot) { /* diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c1bf319b459a9..6fec9fba41a84 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3668,6 +3668,33 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, return error; } +static int selinux_file_ioctl_compat(struct file *file, unsigned int cmd, + unsigned long arg) +{ + /* + * If we are in a 64-bit kernel running 32-bit userspace, we need to + * make sure we don't compare 32-bit flags to 64-bit flags. + */ + switch (cmd) { + case FS_IOC32_GETFLAGS: + cmd = FS_IOC_GETFLAGS; + break; + case FS_IOC32_SETFLAGS: + cmd = FS_IOC_SETFLAGS; + break; + case FS_IOC32_GETVERSION: + cmd = FS_IOC_GETVERSION; + break; + case FS_IOC32_SETVERSION: + cmd = FS_IOC_SETVERSION; + break; + default: + break; + } + + return selinux_file_ioctl(file, cmd, arg); +} + static int default_noexec; static int file_map_prot_check(struct file *file, unsigned long prot, int shared) @@ -6933,6 +6960,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_permission, selinux_file_permission), LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), + LSM_HOOK_INIT(file_ioctl_compat, selinux_file_ioctl_compat), LSM_HOOK_INIT(mmap_file, selinux_mmap_file), LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9e48c8b36b678..6f2613f874fa9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4648,6 +4648,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), + LSM_HOOK_INIT(file_ioctl_compat, smack_file_ioctl), LSM_HOOK_INIT(file_lock, smack_file_lock), LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), LSM_HOOK_INIT(mmap_file, smack_mmap_file), diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 716c92ec941ad..0176612bac967 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -554,6 +554,7 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(path_rename, tomoyo_path_rename), LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), + LSM_HOOK_INIT(file_ioctl_compat, tomoyo_file_ioctl), LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), LSM_HOOK_INIT(path_chown, tomoyo_path_chown), LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), base-commit: f0602893f43a54097fcf22bd8c2f7b8e75ca643e -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH] x86/barrier: Do not serialize MSR accesses on AMD

by Kishon Vijay Abraham I

From: "Borislav Petkov (AMD)" <bp(a)alien8.de> commit 04c3024560d3a14acd18d0a51a1d0a89d29b7eb5 upstream. AMD does not have the requirement for a synchronization barrier when acccessing a certain group of MSRs. Do not incur that unnecessary penalty there. There will be a CPUID bit which explicitly states that a MFENCE is not needed. Once that bit is added to the APM, this will be extended with it. While at it, move to processor.h to avoid include hell. Untangling that file properly is a matter for another day. Some notes on the performance aspect of why this is relevant, courtesy of Kishon VijayAbraham <Kishon.VijayAbraham(a)amd.com>: On a AMD Zen4 system with 96 cores, a modified ipi-bench[1] on a VM shows x2AVIC IPI rate is 3% to 4% lower than AVIC IPI rate. The ipi-bench is modified so that the IPIs are sent between two vCPUs in the same CCX. This also requires to pin the vCPU to a physical core to prevent any latencies. This simulates the use case of pinning vCPUs to the thread of a single CCX to avoid interrupt IPI latency. In order to avoid run-to-run variance (for both x2AVIC and AVIC), the below configurations are done: 1) Disable Power States in BIOS (to prevent the system from going to lower power state) 2) Run the system at fixed frequency 2500MHz (to prevent the system from increasing the frequency when the load is more) With the above configuration: *) Performance measured using ipi-bench for AVIC: Average Latency: 1124.98ns [Time to send IPI from one vCPU to another vCPU] Cumulative throughput: 42.6759M/s [Total number of IPIs sent in a second from 48 vCPUs simultaneously] *) Performance measured using ipi-bench for x2AVIC: Average Latency: 1172.42ns [Time to send IPI from one vCPU to another vCPU] Cumulative throughput: 40.9432M/s [Total number of IPIs sent in a second from 48 vCPUs simultaneously] From above, x2AVIC latency is ~4% more than AVIC. However, the expectation is x2AVIC performance to be better or equivalent to AVIC. Upon analyzing the perf captures, it is observed significant time is spent in weak_wrmsr_fence() invoked by x2apic_send_IPI(). With the fix to skip weak_wrmsr_fence() *) Performance measured using ipi-bench for x2AVIC: Average Latency: 1117.44ns [Time to send IPI from one vCPU to another vCPU] Cumulative throughput: 42.9608M/s [Total number of IPIs sent in a second from 48 vCPUs simultaneously] Comparing the performance of x2AVIC with and without the fix, it can be seen the performance improves by ~4%. Performance captured using an unmodified ipi-bench using the 'mesh-ipi' option with and without weak_wrmsr_fence() on a Zen4 system also showed significant performance improvement without weak_wrmsr_fence(). The 'mesh-ipi' option ignores CCX or CCD and just picks random vCPU. Average throughput (10 iterations) with weak_wrmsr_fence(), Cumulative throughput: 4933374 IPI/s Average throughput (10 iterations) without weak_wrmsr_fence(), Cumulative throughput: 6355156 IPI/s [1] https://github.com/bytedance/kvm-utils/tree/master/microbenchmark/ipi-bench Cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Link: https://lore.kernel.org/r/20230622095212.20940-1-bp@alien8.de Signed-off-by: Kishon Vijay Abraham I <kvijayab(a)amd.com> --- Kindly merge this patch to stable releases (v6.6+) as it's a perf optimization. [It does not apply as is on earlier releases and have to be reworked] arch/x86/include/asm/barrier.h | 18 ------------------ arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/processor.h | 18 ++++++++++++++++++ arch/x86/kernel/cpu/amd.c | 3 +++ arch/x86/kernel/cpu/common.c | 7 +++++++ arch/x86/kernel/cpu/hygon.c | 3 +++ 6 files changed, 32 insertions(+), 19 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 35389b2af88e..0216f63a366b 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -81,22 +81,4 @@ do { \ #include <asm-generic/barrier.h> -/* - * Make previous memory operations globally visible before - * a WRMSR. - * - * MFENCE makes writes visible, but only affects load/store - * instructions. WRMSR is unfortunately not a load/store - * instruction and is unaffected by MFENCE. The LFENCE ensures - * that the WRMSR is not reordered. - * - * Most WRMSRs are full serializing instructions themselves and - * do not require this barrier. This is only required for the - * IA32_TSC_DEADLINE and X2APIC MSRs. - */ -static inline void weak_wrmsr_fence(void) -{ - asm volatile("mfence; lfence" : : : "memory"); -} - #endif /* _ASM_X86_BARRIER_H */ diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 58cb9495e40f..0091f1008314 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -308,10 +308,10 @@ #define X86_FEATURE_SMBA (11*32+21) /* "" Slow Memory Bandwidth Allocation */ #define X86_FEATURE_BMEC (11*32+22) /* "" Bandwidth Monitoring Event Configuration */ #define X86_FEATURE_USER_SHSTK (11*32+23) /* Shadow stack support for user mode applications */ - #define X86_FEATURE_SRSO (11*32+24) /* "" AMD BTB untrain RETs */ #define X86_FEATURE_SRSO_ALIAS (11*32+25) /* "" AMD BTB untrain RETs through aliasing */ #define X86_FEATURE_IBPB_ON_VMEXIT (11*32+26) /* "" Issue an IBPB only on VMEXIT */ +#define X86_FEATURE_APIC_MSRS_FENCE (11*32+27) /* "" IA32_TSC_DEADLINE and X2APIC MSRs need fencing */ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a3669a7774ed..191f1d8f0506 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -734,4 +734,22 @@ bool arch_is_platform_page(u64 paddr); extern bool gds_ucode_mitigated(void); +/* + * Make previous memory operations globally visible before + * a WRMSR. + * + * MFENCE makes writes visible, but only affects load/store + * instructions. WRMSR is unfortunately not a load/store + * instruction and is unaffected by MFENCE. The LFENCE ensures + * that the WRMSR is not reordered. + * + * Most WRMSRs are full serializing instructions themselves and + * do not require this barrier. This is only required for the + * IA32_TSC_DEADLINE and X2APIC MSRs. + */ +static inline void weak_wrmsr_fence(void) +{ + alternative("mfence; lfence", "", ALT_NOT(X86_FEATURE_APIC_MSRS_FENCE)); +} + #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 6e4f23f314ac..bb3efc825bf4 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1157,6 +1157,9 @@ static void init_amd(struct cpuinfo_x86 *c) if (!cpu_has(c, X86_FEATURE_HYPERVISOR) && cpu_has_amd_erratum(c, amd_erratum_1485)) msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT); + + /* AMD CPUs don't need fencing after x2APIC/TSC_DEADLINE MSR writes. */ + clear_cpu_cap(c, X86_FEATURE_APIC_MSRS_FENCE); } #ifdef CONFIG_X86_32 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 4e5ffc8b0e46..d98d023ae497 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1858,6 +1858,13 @@ static void identify_cpu(struct cpuinfo_x86 *c) c->apicid = apic->phys_pkg_id(c->initial_apicid, 0); #endif + + /* + * Set default APIC and TSC_DEADLINE MSR fencing flag. AMD and + * Hygon will clear it in ->c_init() below. + */ + set_cpu_cap(c, X86_FEATURE_APIC_MSRS_FENCE); + /* * Vendor-specific initialization. In this section we * canonicalize the feature flags, meaning if there are diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index a7b3ef4c4de9..6e738759779e 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -348,6 +348,9 @@ static void init_hygon(struct cpuinfo_x86 *c) set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS); check_null_seg_clears_base(c); + + /* Hygon CPUs don't need fencing after x2APIC/TSC_DEADLINE MSR writes. */ + clear_cpu_cap(c, X86_FEATURE_APIC_MSRS_FENCE); } static void cpu_detect_tlb_hygon(struct cpuinfo_x86 *c) -- 2.34.1

1 year, 6 months

2
1
0 0

[PATCH for-5.4.y 0/3] db845c(sdm845) PM runtime fixes

by Amit Pundir

Hi, v5.4.y commit 31b169a8bed7 ("drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks"), which is commit 3d07a411b4fa upstream, broke display on Dragonboard 845c(sdm845). Cherry-picking commit 6ab502bc1cf3 ("drm/msm/dsi: Enable runtime PM") from the original patch series https://patchwork.freedesktop.org/series/119583/ and it's dependent runtime PM helper routines as suggested by Dmitry https://lore.kernel.org/stable/CAA8EJpo7q9qZbgXHWe7SuQFh0EWW0ZxGL5xYX4nckoF… fixes that display regression on DB845c. Dmitry Baryshkov (1): PM: runtime: add devm_pm_runtime_enable helper Douglas Anderson (1): PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Konrad Dybcio (1): drm/msm/dsi: Enable runtime PM drivers/base/power/runtime.c | 22 ++++++++++++++++++++++ drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 ++++ include/linux/pm_runtime.h | 9 +++++++++ 3 files changed, 35 insertions(+) -- 2.25.1

1 year, 6 months

2
8
0 0

[PATCH] ALSA: hda/realtek: fix mute/micmute LED For HP mt645

by Alexandru Gagniuc

From: Eniac Zhang <eniacz(a)gmail.com> The HP mt645 G7 Thin Client uses an ALC236 codec and needs the ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF quirk to make the mute and micmute LEDs work. There are two variants of the USB-C PD chip on this device. Each uses a different BIOS and board ID, hence the two entries. Signed-off-by: Alexandru Gagniuc <mr.nuke.me(a)gmail.com> Signed-off-by: Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> Cc: <stable(a)vger.kernel.org> --- sound/pci/hda/patch_realtek.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 6994c4c5073c..c837470ef5b8 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -9928,6 +9928,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8abb, "HP ZBook Firefly 14 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8ad1, "HP EliteBook 840 14 inch G9 Notebook PC", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8ad2, "HP EliteBook 860 16 inch G9 Notebook PC", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8b0f, "HP Elite mt645 G7 Mobile Thin Client U81", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8b2f, "HP 255 15.6 inch G10 Notebook PC", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2), SND_PCI_QUIRK(0x103c, 0x8b42, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8b43, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), @@ -9935,6 +9936,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8b45, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8b46, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8b47, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8b59, "HP Elite mt645 G7 Mobile Thin Client U89", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8b5d, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8b5e, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8b63, "HP Elite Dragonfly 13.5 inch G4", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED), -- 2.42.0

1 year, 6 months

3
7
0 0

[PATCH] bpf: change WARN ro pr_warn in verifier in 5.10 kernels

by Alexander Ofitserov

Change WARN to pr_warn in check_map_prog_compatibility, because this functionality was added in kernels 6.1 and because fuzzing kernels with syzkaller while kernel was started with parameter panic_on_warn produces false positive crashes. Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- kernel/bpf/verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 45c50ee9b0370..7a7a6e3087ba2 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -10478,7 +10478,7 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env, verbose(env, "trace type programs can only use preallocated hash map\n"); return -EINVAL; } - WARN_ONCE(1, "trace type BPF program uses run-time allocation\n"); + pr_warn_once("trace type BPF program uses run-time allocation\n"); verbose(env, "trace type programs with run-time allocated hash maps are unsafe. Switch to preallocated hash maps.\n"); } -- 2.42.1

1 year, 6 months

1
0
0 0

[PATCH 2/2] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler

by Oliver Upton

It is possible that an LPI mapped in a different ITS gets unmapped while handling the MOVALL command. If that is the case, there is no state that can be migrated to the destination. Silently ignore it and continue migrating other LPIs. Cc: stable(a)vger.kernel.org Fixes: ff9c114394aa ("KVM: arm/arm64: GICv4: Handle MOVALL applied to a vPE") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-its.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 082448de27ed..28a93074eca1 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -1435,6 +1435,8 @@ static int vgic_its_cmd_handle_movall(struct kvm *kvm, struct vgic_its *its, for (i = 0; i < irq_count; i++) { irq = vgic_get_irq(kvm, NULL, intids[i]); + if (!irq) + continue; update_affinity(irq, vcpu2); -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

1
0
0 0

[PATCH 1/2] KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()

by Oliver Upton

vgic_get_irq() may not return a valid descriptor if there is no ITS that holds a valid translation for the specified INTID. If that is the case, it is safe to silently ignore it and continue processing the LPI pending table. Cc: stable(a)vger.kernel.org Fixes: 33d3bc9556a7 ("KVM: arm64: vgic-its: Read initial LPI pending table") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-its.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index e2764d0ffa9f..082448de27ed 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -468,6 +468,9 @@ static int its_sync_lpi_pending_table(struct kvm_vcpu *vcpu) } irq = vgic_get_irq(vcpu->kvm, NULL, intids[i]); + if (!irq) + continue; + raw_spin_lock_irqsave(&irq->irq_lock, flags); irq->pending_latch = pendmask & (1U << bit_nr); vgic_queue_irq_unlock(vcpu->kvm, irq, flags); -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

1
0
0 0

Re: [PATCH] media: cec: core: remove length check of Timer Status

by Hans Verkuil

Dear Nini, Unfortunately I forgot to add a 'Fixes' tag to the patch, if I had, then it would have happened automatically. Please remind me of this once kernel 6.9-rc1 is released since that will contain the fix. Then I can post the same patch to the stable mailinglist for inclusion in older kernels. It has to wait until 6.9-rc1 is release though, patches need to be in mainline first before they can be backported. Regards, Hans On 21/02/2024 07:30, Nini Song (宋宛妮) wrote: > Dear Hans, > > Thank your reply. > Could you also help to marge solution into v5.15? Our customer used v5.15 for MP production, which requires this solution. > > > BR, > Nini Song > On Mon, 2024-02-05 at 13:00 +0100, Hans Verkuil wrote: >> >> >> External email : Please do not click links or open attachments until you have verified the sender or the content. >> >> On 25/01/2024 14:28, nini.song(a)mediatek.com wrote: >> > From: "nini.song" <nini.song(a)mediatek.com> >> > >> > The valid_la is used to check the length requirements, >> > including special cases of Timer Status. If the length is >> > shorter than 5, that means no Duration Available is returned, >> > the message will be forced to be invalid. >> > >> > However, the description of Duration Available in the spec >> > is that this parameter may be returned when these cases, or >> > that it can be optionally return when these cases. The key >> > words in the spec description are flexible choices. >> >> Good catch, the spec indeed says 'may', so dropping the check >> in this patch is the correct thing to do. >> >> It's merged in our staging tree and it will appear in v6.9. >> >> Regards, >> >> Hans >> >> > >> > Remove the special length check of Timer Status to fit the >> > spec which is not compulsory about that. >> > >> > Signed-off-by: Nini Song <nini.song(a)mediatek.com> >> > --- >> > drivers/media/cec/core/cec-adap.c | 14 -------------- >> > 1 file changed, 14 deletions(-) >> > >> > diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c >> > index 5741adf09a2e..559a172ebc6c 100644 >> > --- a/drivers/media/cec/core/cec-adap.c >> > +++ b/drivers/media/cec/core/cec-adap.c >> > @@ -1151,20 +1151,6 @@ void cec_received_msg_ts(struct cec_adapter *adap, >> > if (valid_la && min_len) { >> > /* These messages have special length requirements */ >> > switch (cmd) { >> > -case CEC_MSG_TIMER_STATUS: >> > -if (msg->msg[2] & 0x10) { >> > -switch (msg->msg[2] & 0xf) { >> > -case CEC_OP_PROG_INFO_NOT_ENOUGH_SPACE: >> > -case CEC_OP_PROG_INFO_MIGHT_NOT_BE_ENOUGH_SPACE: >> > -if (msg->len < 5) >> > -valid_la = false; >> > -break; >> > -} >> > -} else if ((msg->msg[2] & 0xf) == CEC_OP_PROG_ERROR_DUPLICATE) { >> > -if (msg->len < 5) >> > -valid_la = false; >> > -} >> > -break; >> > case CEC_MSG_RECORD_ON: >> > switch (msg->msg[2]) { >> > case CEC_OP_RECORD_SRC_OWN: >> >>

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fb091ff394792c018527b3211bbdfae93ea4ac02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-flashing-prescribe-3dcf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: fb091ff39479 ("arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata") 6aeadf7896bf ("Merge tag 'docs-arm64-move' of git://git.lwn.net/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb091ff394792c018527b3211bbdfae93ea4ac02 Mon Sep 17 00:00:00 2001 From: Easwar Hariharan <eahariha(a)linux.microsoft.com> Date: Wed, 14 Feb 2024 17:55:18 +0000 Subject: [PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Add the MIDR value of Microsoft Azure Cobalt 100, which is a Microsoft implemented CPU based on r0p0 of the ARM Neoverse N2 CPU, and therefore suffers from all the same errata. CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: Mark Rutland <mark.rutland(a)arm.com> Acked-by: Marc Zyngier <maz(a)kernel.org> Reviewed-by: Oliver Upton <oliver.upton(a)linux.dev> Link: https://lore.kernel.org/r/20240214175522.2457857-1-eahariha@linux.microsoft… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index e8c2ce1f9df6..45a7f4932fe0 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -243,3 +243,10 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ASR | ASR8601 | #8601001 | N/A | +----------------+-----------------+-----------------+-----------------------------+ ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2139208 | ARM64_ERRATUM_2139208 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2067961 | ARM64_ERRATUM_2067961 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 7c7493cb571f..52f076afeb96 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -61,6 +61,7 @@ #define ARM_CPU_IMP_HISI 0x48 #define ARM_CPU_IMP_APPLE 0x61 #define ARM_CPU_IMP_AMPERE 0xC0 +#define ARM_CPU_IMP_MICROSOFT 0x6D #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 @@ -135,6 +136,8 @@ #define AMPERE_CPU_PART_AMPERE1 0xAC3 +#define MICROSOFT_CPU_PART_AZURE_COBALT_100 0xD49 /* Based on r0p0 of ARM Neoverse N2 */ + #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -193,6 +196,7 @@ #define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX) #define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX) #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1) +#define MIDR_MICROSOFT_AZURE_COBALT_100 MIDR_CPU_MODEL(ARM_CPU_IMP_MICROSOFT, MICROSOFT_CPU_PART_AZURE_COBALT_100) /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */ #define MIDR_FUJITSU_ERRATUM_010001 MIDR_FUJITSU_A64FX diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 967c7c7a4e7d..76b8dd37092a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = { static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2139208 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2119858 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { static const struct midr_range tsb_flush_fail_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2067961 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2054223 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = { static struct midr_range trbe_write_out_of_range_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2253138 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2224489 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

1 year, 6 months

3
2
0 0

[PATCH 6.1] Backport the fix for CVE-2024-23851 to v6.1

by He Gao

This is the fix of CVE-2024-23851 for kernel v6.1. Upstream commit: https://github.com/torvalds/linux/commit/bd504bcfec41a503b32054da5472904b40… Changed argument name "blk_mode_t" back to "fmode_t" for the old version. The argument is not affected by the patch. He Gao (1): dm: limit the number of targets and parameter size area drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

2
2
0 0

[PATCH 4.19 5.4 5.10 5.15 6.1 6.6 6.7] nilfs2: fix potential bug in end_buffer_async_write

by Ryusuke Konishi

commit 5bc09b397cbf1221f8a8aacb1152650c9195b02b upstream. According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please queue this patch to these stable trees instead of the patch that failed to apply to them. This patch is tailored to account for page/folio conversion and can be applied from v4.8 to v6.7. Also, all the builds and tests I did on each stable tree passed. Thanks, Ryusuke Konishi fs/nilfs2/segment.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 55e31cc903d1..0f21dbcd0bfb 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_page != bd_page) { lock_page(bd_page); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_page != fs_page) { nilfs_begin_page_io(fs_page); fs_page = bh->b_page; @@ -1799,7 +1799,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_page != bd_page) { @@ -1808,6 +1807,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_page != fs_page) { nilfs_end_page_io(fs_page, err); fs_page = bh->b_page; @@ -1895,8 +1895,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_page != bd_page) { end_page_writeback(bd_page); bd_page = bh->b_page; @@ -1904,6 +1905,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_page != fs_page) { nilfs_end_page_io(fs_page, 0); fs_page = bh->b_page; -- 2.39.3

1 year, 6 months

2
1
0 0

Re: [PATCH v2 3/3] of: property: Add in-ports/out-ports support to of_graph_get_port_parent()

by Saravana Kannan

On Tue, Feb 6, 2024 at 5:18 PM Saravana Kannan <saravanak(a)google.com> wrote: > > Similar to the existing "ports" node name, coresight device tree bindings > have added "in-ports" and "out-ports" as standard node names for a > collection of ports. > > Add support for these name to of_graph_get_port_parent() so that > remote-endpoint parsing can find the correct parent node for these > coresight ports too. > > Signed-off-by: Saravana Kannan <saravanak(a)google.com> Greg, I saw that you pulled the previous 2 patches in this series to 6.1, 6.6 and 6.7 kernel branches. I really should have added both of those Fixes tag to this patch too. Can you please pull in the patch to those stable branches too? Thanks, Saravana > --- > drivers/of/property.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/of/property.c b/drivers/of/property.c > index 7bb2d8e290de..39a3ee1dfb58 100644 > --- a/drivers/of/property.c > +++ b/drivers/of/property.c > @@ -763,7 +763,9 @@ struct device_node *of_graph_get_port_parent(struct device_node *node) > /* Walk 3 levels up only if there is 'ports' node. */ > for (depth = 3; depth && node; depth--) { > node = of_get_next_parent(node); > - if (depth == 2 && !of_node_name_eq(node, "ports")) > + if (depth == 2 && !of_node_name_eq(node, "ports") && > + !of_node_name_eq(node, "in-ports") && > + !of_node_name_eq(node, "out-ports")) > break; > } > return node; > -- > 2.43.0.594.gd9cf4e227d-goog >

1 year, 6 months

2
2
0 0

[PATCH v1] erofs: fix refcount on the metabuf used for inode lookup

by Sandeep Dhavale

In erofs_find_target_block() when erofs_dirnamecmp() returns 0, we do not assign the target metabuf. This causes the caller erofs_namei()'s erofs_put_metabuf() at the end to be not effective leaving the refcount on the page. As the page from metabuf (buf->page) is never put, such page cannot be migrated or reclaimed. Fix it now by putting the metabuf from previous loop and assigning the current metabuf to target before returning so caller erofs_namei() can do the final put as it was intended. Fixes: 500edd095648 ("erofs: use meta buffers for inode lookup") Cc: stable(a)vger.kernel.org Signed-off-by: Sandeep Dhavale <dhavale(a)google.com> --- fs/erofs/namei.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/erofs/namei.c b/fs/erofs/namei.c index d4f631d39f0f..bfe1c926436b 100644 --- a/fs/erofs/namei.c +++ b/fs/erofs/namei.c @@ -132,7 +132,10 @@ static void *erofs_find_target_block(struct erofs_buf *target, if (!diff) { *_ndirents = 0; - goto out; + if (!IS_ERR(candidate)) + erofs_put_metabuf(target); + *target = buf; + return de; } else if (diff > 0) { head = mid + 1; startprfx = matched; -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

2
2
0 0

[PATCH v3] selftests/mqueue: Set timeout to 180 seconds

by SeongJae Park

While mq_perf_tests runs with the default kselftest timeout limit, which is 45 seconds, the test takes about 60 seconds to complete on i3.metal AWS instances. Hence, the test always times out. Increase the timeout to 180 seconds. Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") Cc: <stable(a)vger.kernel.org> # 5.4.x Signed-off-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> --- Changes from v2 (https://lore.kernel.org/r/20240220000243.162285-1-sj@kernel.org) - Update commit message about the new timeout limit to 180 seconds - Remove wrong Link: line Changes from v1 (https://lore.kernel.org/r/20240208212925.68286-1-sj@kernel.org) - Use 180 seconds timeout instead of 100 seconds tools/testing/selftests/mqueue/setting | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/mqueue/setting diff --git a/tools/testing/selftests/mqueue/setting b/tools/testing/selftests/mqueue/setting new file mode 100644 index 000000000000..a953c96aa16e --- /dev/null +++ b/tools/testing/selftests/mqueue/setting @@ -0,0 +1 @@ +timeout=180 -- 2.39.2

1 year, 6 months

2
1
0 0

[PATCH 5.10] Backport the fix for CVE-2024-23851 to v5.10

by He Gao

This is the fix of CVE-2024-23851 for kernel v5.10. Upstream commit: https://github.com/torvalds/linux/commit/bd504bcfec41a503b32054da5472904b40… Changed code not affected by the patch for the old version. He Gao (1): dm: limit the number of targets and parameter size area drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

1
1
0 0

[PATCH 5.15] Backport the fix for CVE-2024-23851 to v5.15

by He Gao

This is the fix of CVE-2024-23851 for kernel v5.15. Upstream commit: https://github.com/torvalds/linux/commit/bd504bcfec41a503b32054da5472904b40… Changed code not affected by the patch for the old version. He Gao (1): dm: limit the number of targets and parameter size area drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) -- 2.44.0.rc0.258.g7320e95886-goog

1 year, 6 months

1
1
0 0

[merged mm-hotfixes-stable] mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/lru_sort: fix quota status loss due to online tunings has been removed from the -mm tree. Its filename was mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/lru_sort: fix quota status loss due to online tunings Date: Fri, 16 Feb 2024 11:40:25 -0800 For online parameters change, DAMON_LRU_SORT creates new schemes based on latest values of the parameters and replaces the old schemes with the new one. When creating it, the internal status of the quotas of the old schemes is not preserved. As a result, charging of the quota starts from zero after the online tuning. The data that collected to estimate the throughput of the scheme's action is also reset, and therefore the estimation should start from the scratch again. Because the throughput estimation is being used to convert the time quota to the effective size quota, this could result in temporal time quota inaccuracy. It would be recovered over time, though. In short, the quota accuracy could be temporarily degraded after online parameters update. Fix the problem by checking the case and copying the internal fields for the status. Link: https://lkml.kernel.org/r/20240216194025.9207-3-sj@kernel.org Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.0+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/lru_sort.c | 43 +++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) --- a/mm/damon/lru_sort.c~mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings +++ a/mm/damon/lru_sort.c @@ -185,9 +185,21 @@ static struct damos *damon_lru_sort_new_ return damon_lru_sort_new_scheme(&pattern, DAMOS_LRU_DEPRIO); } +static void damon_lru_sort_copy_quota_status(struct damos_quota *dst, + struct damos_quota *src) +{ + dst->total_charged_sz = src->total_charged_sz; + dst->total_charged_ns = src->total_charged_ns; + dst->charged_sz = src->charged_sz; + dst->charged_from = src->charged_from; + dst->charge_target_from = src->charge_target_from; + dst->charge_addr_from = src->charge_addr_from; +} + static int damon_lru_sort_apply_parameters(void) { - struct damos *scheme; + struct damos *scheme, *hot_scheme, *cold_scheme; + struct damos *old_hot_scheme = NULL, *old_cold_scheme = NULL; unsigned int hot_thres, cold_thres; int err = 0; @@ -195,18 +207,35 @@ static int damon_lru_sort_apply_paramete if (err) return err; + damon_for_each_scheme(scheme, ctx) { + if (!old_hot_scheme) { + old_hot_scheme = scheme; + continue; + } + old_cold_scheme = scheme; + } + hot_thres = damon_max_nr_accesses(&damon_lru_sort_mon_attrs) * hot_thres_access_freq / 1000; - scheme = damon_lru_sort_new_hot_scheme(hot_thres); - if (!scheme) + hot_scheme = damon_lru_sort_new_hot_scheme(hot_thres); + if (!hot_scheme) return -ENOMEM; - damon_set_schemes(ctx, &scheme, 1); + if (old_hot_scheme) + damon_lru_sort_copy_quota_status(&hot_scheme->quota, + &old_hot_scheme->quota); cold_thres = cold_min_age / damon_lru_sort_mon_attrs.aggr_interval; - scheme = damon_lru_sort_new_cold_scheme(cold_thres); - if (!scheme) + cold_scheme = damon_lru_sort_new_cold_scheme(cold_thres); + if (!cold_scheme) { + damon_destroy_scheme(hot_scheme); return -ENOMEM; - damon_add_scheme(ctx, scheme); + } + if (old_cold_scheme) + damon_lru_sort_copy_quota_status(&cold_scheme->quota, + &old_cold_scheme->quota); + + damon_set_schemes(ctx, &hot_scheme, 1); + damon_add_scheme(ctx, cold_scheme); return damon_set_region_biggest_system_ram_default(target, &monitor_region_start, _ Patches currently in -mm which might be from sj(a)kernel.org are docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch docs-mm-damon-maintainer-profile-fix-reference-links-for-mm-stable-tree.patch docs-mm-damon-move-the-list-of-damos-actions-to-design-doc.patch docs-mm-damon-move-damon-operation-sets-list-from-the-usage-to-the-design-document.patch docs-mm-damon-move-monitoring-target-regions-setup-detail-from-the-usage-to-the-design-document.patch docs-admin-guide-mm-damon-usage-fix-wrong-quotas-diabling-condition.patch mm-damon-core-set-damos_quota-esz-as-public-field-and-document.patch mm-damon-sysfs-schemes-implement-quota-effective_bytes-file.patch mm-damon-sysfs-implement-a-kdamond-command-for-updating-schemes-effective-quotas.patch docs-abi-damon-document-effective_bytes-sysfs-file.patch docs-admin-guide-mm-damon-usage-document-effective_bytes-file.patch mm-damon-move-comments-and-fields-for-damos-quota-prioritization-to-the-end.patch mm-damon-core-split-out-quota-goal-related-fields-to-a-struct.patch mm-damon-core-add-multiple-goals-per-damos_quota-and-helpers-for-those.patch mm-damon-sysfs-use-only-quota-goals.patch mm-damon-core-remove-goal-field-of-damos_quota.patch mm-damon-core-let-goal-specified-with-only-target-and-current-values.patch mm-damon-core-support-multiple-metrics-for-quota-goal.patch mm-damon-core-implement-psi-metric-damos-quota-goal.patch mm-damon-sysfs-schemes-support-psi-based-quota-auto-tune.patch docs-mm-damon-design-document-quota-goal-self-tuning.patch docs-abi-damon-document-quota-goal-metric-file.patch docs-admin-guide-mm-damon-usage-document-quota-goal-metric-file.patch mm-damon-reclaim-implement-user-feedback-driven-quota-auto-tuning.patch mm-damon-reclaim-implement-memory-psi-driven-quota-self-tuning.patch docs-admin-guide-mm-damon-reclaim-document-auto-tuning-parameters.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/reclaim: fix quota stauts loss due to online tunings has been removed from the -mm tree. Its filename was mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/reclaim: fix quota stauts loss due to online tunings Date: Fri, 16 Feb 2024 11:40:24 -0800 Patch series "mm/damon: fix quota status loss due to online tunings". DAMON_RECLAIM and DAMON_LRU_SORT is not preserving internal quota status when applying new user parameters, and hence could cause temporal quota accuracy degradation. Fix it by preserving the status. This patch (of 2): For online parameters change, DAMON_RECLAIM creates new scheme based on latest values of the parameters and replaces the old scheme with the new one. When creating it, the internal status of the quota of the old scheme is not preserved. As a result, charging of the quota starts from zero after the online tuning. The data that collected to estimate the throughput of the scheme's action is also reset, and therefore the estimation should start from the scratch again. Because the throughput estimation is being used to convert the time quota to the effective size quota, this could result in temporal time quota inaccuracy. It would be recovered over time, though. In short, the quota accuracy could be temporarily degraded after online parameters update. Fix the problem by checking the case and copying the internal fields for the status. Link: https://lkml.kernel.org/r/20240216194025.9207-1-sj@kernel.org Link: https://lkml.kernel.org/r/20240216194025.9207-2-sj@kernel.org Fixes: e035c280f6df ("mm/damon/reclaim: support online inputs update") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [5.19+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/reclaim.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/mm/damon/reclaim.c~mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings +++ a/mm/damon/reclaim.c @@ -150,9 +150,20 @@ static struct damos *damon_reclaim_new_s &damon_reclaim_wmarks); } +static void damon_reclaim_copy_quota_status(struct damos_quota *dst, + struct damos_quota *src) +{ + dst->total_charged_sz = src->total_charged_sz; + dst->total_charged_ns = src->total_charged_ns; + dst->charged_sz = src->charged_sz; + dst->charged_from = src->charged_from; + dst->charge_target_from = src->charge_target_from; + dst->charge_addr_from = src->charge_addr_from; +} + static int damon_reclaim_apply_parameters(void) { - struct damos *scheme; + struct damos *scheme, *old_scheme; struct damos_filter *filter; int err = 0; @@ -164,6 +175,11 @@ static int damon_reclaim_apply_parameter scheme = damon_reclaim_new_scheme(); if (!scheme) return -ENOMEM; + if (!list_empty(&ctx->schemes)) { + damon_for_each_scheme(old_scheme, ctx) + damon_reclaim_copy_quota_status(&scheme->quota, + &old_scheme->quota); + } if (skip_anon) { filter = damos_new_filter(DAMOS_FILTER_TYPE_ANON, true); if (!filter) { _ Patches currently in -mm which might be from sj(a)kernel.org are docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch docs-mm-damon-maintainer-profile-fix-reference-links-for-mm-stable-tree.patch docs-mm-damon-move-the-list-of-damos-actions-to-design-doc.patch docs-mm-damon-move-damon-operation-sets-list-from-the-usage-to-the-design-document.patch docs-mm-damon-move-monitoring-target-regions-setup-detail-from-the-usage-to-the-design-document.patch docs-admin-guide-mm-damon-usage-fix-wrong-quotas-diabling-condition.patch mm-damon-core-set-damos_quota-esz-as-public-field-and-document.patch mm-damon-sysfs-schemes-implement-quota-effective_bytes-file.patch mm-damon-sysfs-implement-a-kdamond-command-for-updating-schemes-effective-quotas.patch docs-abi-damon-document-effective_bytes-sysfs-file.patch docs-admin-guide-mm-damon-usage-document-effective_bytes-file.patch mm-damon-move-comments-and-fields-for-damos-quota-prioritization-to-the-end.patch mm-damon-core-split-out-quota-goal-related-fields-to-a-struct.patch mm-damon-core-add-multiple-goals-per-damos_quota-and-helpers-for-those.patch mm-damon-sysfs-use-only-quota-goals.patch mm-damon-core-remove-goal-field-of-damos_quota.patch mm-damon-core-let-goal-specified-with-only-target-and-current-values.patch mm-damon-core-support-multiple-metrics-for-quota-goal.patch mm-damon-core-implement-psi-metric-damos-quota-goal.patch mm-damon-sysfs-schemes-support-psi-based-quota-auto-tune.patch docs-mm-damon-design-document-quota-goal-self-tuning.patch docs-abi-damon-document-quota-goal-metric-file.patch docs-admin-guide-mm-damon-usage-document-quota-goal-metric-file.patch mm-damon-reclaim-implement-user-feedback-driven-quota-auto-tuning.patch mm-damon-reclaim-implement-memory-psi-driven-quota-self-tuning.patch docs-admin-guide-mm-damon-reclaim-document-auto-tuning-parameters.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memcontrol-clarify-swapaccount=0-deprecation-warning.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memcontrol: clarify swapaccount=0 deprecation warning has been removed from the -mm tree. Its filename was mm-memcontrol-clarify-swapaccount=0-deprecation-warning.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: memcontrol: clarify swapaccount=0 deprecation warning Date: Tue, 13 Feb 2024 03:16:34 -0500 The swapaccount deprecation warning is throwing false positives. Since we deprecated the knob and defaulted to enabling, the only reports we've been getting are from folks that set swapaccount=1. While this is a nice affirmation that always-enabling was the right choice, we certainly don't want to warn when users request the supported mode. Only warn when disabling is requested, and clarify the warning. [colin.i.king(a)gmail.com: spelling: "commdandline" -> "commandline"] Link: https://lkml.kernel.org/r/20240215090544.1649201-1-colin.i.king@gmail.com Link: https://lkml.kernel.org/r/20240213081634.3652326-1-hannes@cmpxchg.org Fixes: b25806dcd3d5 ("mm: memcontrol: deprecate swapaccounting=0 mode") Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com> Reported-by: "Jonas Sch��fer" <jonas(a)wielicki.name> Reported-by: Narcis Garcia <debianlists(a)actiu.net> Suggested-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Shakeel Butt <shakeelb(a)google.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/memcontrol.c~mm-memcontrol-clarify-swapaccount=0-deprecation-warning +++ a/mm/memcontrol.c @@ -7971,9 +7971,13 @@ bool mem_cgroup_swap_full(struct folio * static int __init setup_swap_account(char *s) { - pr_warn_once("The swapaccount= commandline option is deprecated. " - "Please report your usecase to linux-mm(a)kvack.org if you " - "depend on this functionality.\n"); + bool res; + + if (!kstrtobool(s, &res) && !res) + pr_warn_once("The swapaccount=0 commandline option is deprecated " + "in favor of configuring swap control via cgroupfs. " + "Please report your usecase to linux-mm(a)kvack.org if you " + "depend on this functionality.\n"); return 1; } __setup("swapaccount=", setup_swap_account); _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-zswap-rename-zswap_free_entry-to-zswap_entry_free.patch mm-zswap-inline-and-remove-zswap_entry_find_get.patch mm-zswap-move-zswap_invalidate_entry-to-related-functions.patch mm-zswap-warn-when-referencing-a-dead-entry.patch mm-zswap-clean-up-zswap_entry_put.patch mm-zswap-rename-__zswap_load-to-zswap_decompress.patch mm-zswap-break-out-zwap_compress.patch mm-zswap-further-cleanup-zswap_store.patch mm-zswap-simplify-zswap_invalidate.patch mm-zswap-function-ordering-pool-alloc-free.patch mm-zswap-function-ordering-pool-refcounting.patch mm-zswap-function-ordering-zswap_pools.patch mm-zswap-function-ordering-pool-params.patch mm-zswap-function-ordering-public-lru-api.patch mm-zswap-function-ordering-move-entry-sections-out-of-lru-section.patch mm-zswap-function-ordering-move-entry-section-out-of-tree-section.patch mm-zswap-function-ordering-compress-decompress-functions.patch mm-zswap-function-ordering-per-cpu-compression-infra.patch mm-zswap-function-ordering-writeback.patch mm-zswap-function-ordering-shrink_memcg_cb.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memblock-add-memblock_rsrv_noinit-into-flagname-array.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array has been removed from the -mm tree. Its filename was mm-memblock-add-memblock_rsrv_noinit-into-flagname-array.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Anshuman Khandual <anshuman.khandual(a)arm.com> Subject: mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array Date: Fri, 9 Feb 2024 08:39:12 +0530 The commit 77e6c43e137c ("memblock: introduce MEMBLOCK_RSRV_NOINIT flag") skipped adding this newly introduced memblock flag into flagname[] array, thus preventing a correct memblock flags output for applicable memblock regions. Link: https://lkml.kernel.org/r/20240209030912.1382251-1-anshuman.khandual@arm.com Fixes: 77e6c43e137c ("memblock: introduce MEMBLOCK_RSRV_NOINIT flag") Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Mike Rapoport <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memblock.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/memblock.c~mm-memblock-add-memblock_rsrv_noinit-into-flagname-array +++ a/mm/memblock.c @@ -2249,6 +2249,7 @@ static const char * const flagname[] = { [ilog2(MEMBLOCK_MIRROR)] = "MIRROR", [ilog2(MEMBLOCK_NOMAP)] = "NOMAP", [ilog2(MEMBLOCK_DRIVER_MANAGED)] = "DRV_MNG", + [ilog2(MEMBLOCK_RSRV_NOINIT)] = "RSV_NIT", }; static int memblock_debug_show(struct seq_file *m, void *private) _ Patches currently in -mm which might be from anshuman.khandual(a)arm.com are mm-cma-dont-treat-bad-input-arguments-for-cma_alloc-as-its-failure.patch mm-cma-drop-config_cma_debug.patch mm-cma-make-max_cma_areas-=-config_cma_areas.patch mm-cma-add-sysfs-file-release_pages_success.patch mm-hugetlb-move-page-order-check-inside-hugetlb_cma_reserve.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-invalidate-duplicate-entry-when-zswap_enabled.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/zswap: invalidate duplicate entry when !zswap_enabled has been removed from the -mm tree. Its filename was mm-zswap-invalidate-duplicate-entry-when-zswap_enabled.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Chengming Zhou <zhouchengming(a)bytedance.com> Subject: mm/zswap: invalidate duplicate entry when !zswap_enabled Date: Thu, 8 Feb 2024 02:32:54 +0000 We have to invalidate any duplicate entry even when !zswap_enabled since zswap can be disabled anytime. If the folio store success before, then got dirtied again but zswap disabled, we won't invalidate the old duplicate entry in the zswap_store(). So later lru writeback may overwrite the new data in swapfile. Link: https://lkml.kernel.org/r/20240208023254.3873823-1-chengming.zhou@linux.dev Fixes: 42c06a0e8ebe ("mm: kill frontswap") Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/mm/zswap.c~mm-zswap-invalidate-duplicate-entry-when-zswap_enabled +++ a/mm/zswap.c @@ -1518,7 +1518,7 @@ bool zswap_store(struct folio *folio) if (folio_test_large(folio)) return false; - if (!zswap_enabled || !tree) + if (!tree) return false; /* @@ -1533,6 +1533,10 @@ bool zswap_store(struct folio *folio) zswap_invalidate_entry(tree, dupentry); } spin_unlock(&tree->lock); + + if (!zswap_enabled) + return false; + objcg = get_obj_cgroup_from_folio(folio); if (objcg && !obj_cgroup_may_zswap(objcg)) { memcg = get_mem_cgroup_from_objcg(objcg); _ Patches currently in -mm which might be from zhouchengming(a)bytedance.com are mm-zswap-make-sure-each-swapfile-always-have-zswap-rb-tree.patch mm-zswap-split-zswap-rb-tree.patch mm-zswap-fix-race-between-lru-writeback-and-swapoff.patch mm-list_lru-remove-list_lru_putback.patch mm-zswap-add-more-comments-in-shrink_memcg_cb.patch mm-zswap-invalidate-zswap-entry-when-swap-entry-free.patch mm-zswap-stop-lru-list-shrinking-when-encounter-warm-region.patch mm-zswap-remove-duplicate_entry-debug-value.patch mm-zswap-only-support-zswap_exclusive_loads_enabled.patch mm-zswap-zswap-entry-doesnt-need-refcount-anymore.patch mm-zswap-optimize-and-cleanup-the-invalidation-of-duplicate-entry.patch mm-zsmalloc-fix-migrate_write_lock-when-config_compaction.patch mm-zsmalloc-remove-migrate_write_lock_nested.patch mm-zsmalloc-remove-unused-zspage-isolated.patch mm-zswap-global-lru-and-shrinker-shared-by-all-zswap_pools.patch mm-zswap-change-zswap_pool-kref-to-percpu_ref.patch mm-zsmalloc-remove-set_zspage_mapping.patch mm-zsmalloc-remove_zspage-dont-need-fullness-parameter.patch mm-zsmalloc-remove-get_zspage_mapping.patch maintainers-add-chengming-zhou-as-a-zswap-reviewer.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] lib-kconfigdebug-test_iov_iter-depends-on-mmu.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU has been removed from the -mm tree. Its filename was lib-kconfigdebug-test_iov_iter-depends-on-mmu.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Guenter Roeck <linux(a)roeck-us.net> Subject: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Date: Thu, 8 Feb 2024 07:30:10 -0800 Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 # Subtest: iov_iter # module: kunit_iov_iter 1..9 BUG: failure at mm/nommu.c:318/vmap()! Kernel panic - not syncing: BUG! The test calls vmap() directly, but vmap() is not supported on nommu systems, causing the crash. TEST_IOV_ITER therefore needs to depend on MMU. Link: https://lkml.kernel.org/r/20240208153010.1439753-1-linux@roeck-us.net Fixes: 2d71340ff1d4 ("iov_iter: Kunit tests for copying to/from an iterator") Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/Kconfig.debug | 1 + 1 file changed, 1 insertion(+) --- a/lib/Kconfig.debug~lib-kconfigdebug-test_iov_iter-depends-on-mmu +++ a/lib/Kconfig.debug @@ -2235,6 +2235,7 @@ config TEST_DIV64 config TEST_IOV_ITER tristate "Test iov_iter operation" if !KUNIT_ALL_TESTS depends on KUNIT + depends on MMU default KUNIT_ALL_TESTS help Enable this to turn on testing of the operation of the I/O iterator _ Patches currently in -mm which might be from linux(a)roeck-us.net are

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-swap-fix-race-when-skipping-swapcache.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/swap: fix race when skipping swapcache has been removed from the -mm tree. Its filename was mm-swap-fix-race-when-skipping-swapcache.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/swap: fix race when skipping swapcache Date: Wed, 7 Feb 2024 02:25:59 +0800 When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release the pin after PT unlocked. Racers just loop and wait since it's a rare and very short event. A schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU, causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in commit 029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead") Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) [kasong(a)tencent.com: v4] Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20240206182559.32264-1-ryncsn@gmail.com Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous device") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/lkml/87bk92gqpx.fsf_-_@yhuang6-desk2.ccr.corp.intel… Link: https://github.com/ryncsn/emm-test-project/tree/master/swap-stress-race [1] Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Acked-by: Yu Zhao <yuzhao(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swap.h | 5 +++++ mm/memory.c | 20 ++++++++++++++++++++ mm/swap.h | 5 +++++ mm/swapfile.c | 13 +++++++++++++ 4 files changed, 43 insertions(+) --- a/include/linux/swap.h~mm-swap-fix-race-when-skipping-swapcache +++ a/include/linux/swap.h @@ -549,6 +549,11 @@ static inline int swap_duplicate(swp_ent return 0; } +static inline int swapcache_prepare(swp_entry_t swp) +{ + return 0; +} + static inline void swap_free(swp_entry_t swp) { } --- a/mm/memory.c~mm-swap-fix-race-when-skipping-swapcache +++ a/mm/memory.c @@ -3799,6 +3799,7 @@ vm_fault_t do_swap_page(struct vm_fault struct page *page; struct swap_info_struct *si = NULL; rmap_t rmap_flags = RMAP_NONE; + bool need_clear_cache = false; bool exclusive = false; swp_entry_t entry; pte_t pte; @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault if (!folio) { if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && __swap_count(entry) == 1) { + /* + * Prevent parallel swapin from proceeding with + * the cache flag. Otherwise, another thread may + * finish swapin first, free the entry, and swapout + * reusing the same entry. It's undetectable as + * pte_same() returns true due to entry reuse. + */ + if (swapcache_prepare(entry)) { + /* Relax a bit to prevent rapid repeated page faults */ + schedule_timeout_uninterruptible(1); + goto out; + } + need_clear_cache = true; + /* skip swapcache */ folio = vma_alloc_folio(GFP_HIGHUSER_MOVABLE, 0, vma, vmf->address, false); @@ -4117,6 +4132,9 @@ unlock: if (vmf->pte) pte_unmap_unlock(vmf->pte, vmf->ptl); out: + /* Clear the swap cache pin for direct swapin after PTL unlock */ + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; @@ -4131,6 +4149,8 @@ out_release: folio_unlock(swapcache); folio_put(swapcache); } + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; --- a/mm/swapfile.c~mm-swap-fix-race-when-skipping-swapcache +++ a/mm/swapfile.c @@ -3365,6 +3365,19 @@ int swapcache_prepare(swp_entry_t entry) return __swap_duplicate(entry, SWAP_HAS_CACHE); } +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ + struct swap_cluster_info *ci; + unsigned long offset = swp_offset(entry); + unsigned char usage; + + ci = lock_cluster_or_swap_info(si, offset); + usage = __swap_entry_free_locked(si, offset, SWAP_HAS_CACHE); + unlock_cluster_or_swap_info(si, ci); + if (!usage) + free_swap_slot(entry); +} + struct swap_info_struct *swp_swap_info(swp_entry_t entry) { return swap_type_to_swap_info(swp_type(entry)); --- a/mm/swap.h~mm-swap-fix-race-when-skipping-swapcache +++ a/mm/swap.h @@ -41,6 +41,7 @@ void __delete_from_swap_cache(struct fol void delete_from_swap_cache(struct folio *folio); void clear_shadow_from_swap_cache(int type, unsigned long begin, unsigned long end); +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry); struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr); struct folio *filemap_get_incore_folio(struct address_space *mapping, @@ -97,6 +98,10 @@ static inline int swap_writepage(struct return 0; } +static inline void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ +} + static inline struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr) { _ Patches currently in -mm which might be from kasong(a)tencent.com are

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: uffd-unit-test check if huge page size is 0 has been removed from the -mm tree. Its filename was selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Terry Tritton <terry.tritton(a)linaro.org> Subject: selftests/mm: uffd-unit-test check if huge page size is 0 Date: Mon, 5 Feb 2024 14:50:56 +0000 If HUGETLBFS is not enabled then the default_huge_page_size function will return 0 and cause a divide by 0 error. Add a check to see if the huge page size is 0 and skip the hugetlb tests if it is. Link: https://lkml.kernel.org/r/20240205145055.3545806-2-terry.tritton@linaro.org Fixes: 16a45b57cbf2 ("selftests/mm: add framework for uffd-unit-test") Signed-off-by: Terry Tritton <terry.tritton(a)linaro.org> Cc: Peter Griffin <peter.griffin(a)linaro.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-unit-tests.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0 +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1517,6 +1517,12 @@ int main(int argc, char *argv[]) continue; uffd_test_start("%s on %s", test->name, mem_type->name); + if ((mem_type->mem_flag == MEM_HUGETLB || + mem_type->mem_flag == MEM_HUGETLB_PRIVATE) && + (default_huge_page_size() == 0)) { + uffd_test_skip("huge page size is 0, feature missing?"); + continue; + } if (!uffd_feature_supported(test)) { uffd_test_skip("feature missing"); continue; _ Patches currently in -mm which might be from terry.tritton(a)linaro.org are

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: check apply interval in damon_do_apply_schemes() has been removed from the -mm tree. Its filename was mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: check apply interval in damon_do_apply_schemes() Date: Mon, 5 Feb 2024 12:13:06 -0800 kdamond_apply_schemes() checks apply intervals of schemes and avoid further applying any schemes if no scheme passed its apply interval. However, the following schemes applying function, damon_do_apply_schemes() iterates all schemes without the apply interval check. As a result, the shortest apply interval is applied to all schemes. Fix the problem by checking the apply interval in damon_do_apply_schemes(). Link: https://lkml.kernel.org/r/20240205201306.88562-1-sj@kernel.org Fixes: 42f994b71404 ("mm/damon/core: implement scheme-specific apply interval") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.7.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-check-apply-interval-in-damon_do_apply_schemes +++ a/mm/damon/core.c @@ -1026,6 +1026,9 @@ static void damon_do_apply_schemes(struc damon_for_each_scheme(s, c) { struct damos_quota *quota = &s->quota; + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + if (!s->wmarks.activated) continue; @@ -1176,10 +1179,6 @@ static void kdamond_apply_schemes(struct if (c->passed_sample_intervals != s->next_apply_sis) continue; - s->next_apply_sis += - (s->apply_interval_us ? s->apply_interval_us : - c->attrs.aggr_interval) / sample_interval; - if (!s->wmarks.activated) continue; @@ -1195,6 +1194,14 @@ static void kdamond_apply_schemes(struct damon_for_each_region_safe(r, next_r, t) damon_do_apply_schemes(c, t, r); } + + damon_for_each_scheme(s, c) { + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + s->next_apply_sis += + (s->apply_interval_us ? s->apply_interval_us : + c->attrs.aggr_interval) / sample_interval; + } } /* _ Patches currently in -mm which might be from sj(a)kernel.org are docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch docs-mm-damon-maintainer-profile-fix-reference-links-for-mm-stable-tree.patch docs-mm-damon-move-the-list-of-damos-actions-to-design-doc.patch docs-mm-damon-move-damon-operation-sets-list-from-the-usage-to-the-design-document.patch docs-mm-damon-move-monitoring-target-regions-setup-detail-from-the-usage-to-the-design-document.patch docs-admin-guide-mm-damon-usage-fix-wrong-quotas-diabling-condition.patch mm-damon-core-set-damos_quota-esz-as-public-field-and-document.patch mm-damon-sysfs-schemes-implement-quota-effective_bytes-file.patch mm-damon-sysfs-implement-a-kdamond-command-for-updating-schemes-effective-quotas.patch docs-abi-damon-document-effective_bytes-sysfs-file.patch docs-admin-guide-mm-damon-usage-document-effective_bytes-file.patch mm-damon-move-comments-and-fields-for-damos-quota-prioritization-to-the-end.patch mm-damon-core-split-out-quota-goal-related-fields-to-a-struct.patch mm-damon-core-add-multiple-goals-per-damos_quota-and-helpers-for-those.patch mm-damon-sysfs-use-only-quota-goals.patch mm-damon-core-remove-goal-field-of-damos_quota.patch mm-damon-core-let-goal-specified-with-only-target-and-current-values.patch mm-damon-core-support-multiple-metrics-for-quota-goal.patch mm-damon-core-implement-psi-metric-damos-quota-goal.patch mm-damon-sysfs-schemes-support-psi-based-quota-auto-tune.patch docs-mm-damon-design-document-quota-goal-self-tuning.patch docs-abi-damon-document-quota-goal-metric-file.patch docs-admin-guide-mm-damon-usage-document-quota-goal-metric-file.patch mm-damon-reclaim-implement-user-feedback-driven-quota-auto-tuning.patch mm-damon-reclaim-implement-memory-psi-driven-quota-self-tuning.patch docs-admin-guide-mm-damon-reclaim-document-auto-tuning-parameters.patch

1 year, 6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: zswap: fix missing folio cleanup in writeback race path has been removed from the -mm tree. Its filename was mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yosry Ahmed <yosryahmed(a)google.com> Subject: mm: zswap: fix missing folio cleanup in writeback race path Date: Thu, 25 Jan 2024 08:51:27 +0000 In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it was, we delete the folio we just added to the swap cache and exit. However, __read_swap_cache_async() returns the folio locked when it is newly allocated, which is always true for this path, and the folio is ref'd. Make sure to unlock and put the folio before returning. This was discovered by code inspection, probably because this path handles a race condition that should not happen often, and the bug would not crash the system, it will only strand the folio indefinitely. Link: https://lkml.kernel.org/r/20240125085127.1327013-1-yosryahmed@google.com Fixes: 04fc7816089c ("mm: fix zswap writeback race condition") Signed-off-by: Yosry Ahmed <yosryahmed(a)google.com> Reviewed-by: Chengming Zhou <zhouchengming(a)bytedance.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Domenico Cerasuolo <cerasuolodomenico(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/zswap.c~mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path +++ a/mm/zswap.c @@ -1440,6 +1440,8 @@ static int zswap_writeback_entry(struct if (zswap_rb_search(&tree->rbroot, swp_offset(entry->swpentry)) != entry) { spin_unlock(&tree->lock); delete_from_swap_cache(folio); + folio_unlock(folio); + folio_put(folio); return -ENOMEM; } spin_unlock(&tree->lock); _ Patches currently in -mm which might be from yosryahmed(a)google.com are mm-swap-enforce-updating-inuse_pages-at-the-end-of-swap_range_free.patch mm-zswap-remove-unnecessary-trees-cleanups-in-zswap_swapoff.patch mm-zswap-remove-unused-tree-argument-in-zswap_entry_put.patch x86-mm-delete-unused-cpu-argument-to-leave_mm.patch x86-mm-clarify-prev-usage-in-switch_mm_irqs_off.patch

1 year, 6 months

1
0
0 0

FAILED: patch "[PATCH] arch/arm/mm: fix major fault accounting when retrying under" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x e870920bbe68e52335a4c31a059e6af6a9a59dbb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021921-bleak-sputter-5ecf@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: e870920bbe68 ("arch/arm/mm: fix major fault accounting when retrying under per-VMA lock") c16af1212479 ("ARM: 9328/1: mm: try VMA lock-based page fault handling first") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e870920bbe68e52335a4c31a059e6af6a9a59dbb Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan <surenb(a)google.com> Date: Mon, 22 Jan 2024 22:43:05 -0800 Subject: [PATCH] arch/arm/mm: fix major fault accounting when retrying under per-VMA lock The change [1] missed ARM architecture when fixing major fault accounting for page fault retry under per-VMA lock. The user-visible effects is that it restores correct major fault accounting that was broken after [2] was merged in 6.7 kernel. The more detailed description is in [3] and this patch simply adds the same fix to ARM architecture which I missed in [3]. Add missing code to fix ARM architecture fault accounting. [1] 46e714c729c8 ("arch/mm/fault: fix major fault accounting when retrying under per-VMA lock") [2] https://lore.kernel.org/all/20231006195318.4087158-6-willy@infradead.org/ [3] https://lore.kernel.org/all/20231226214610.109282-1-surenb@google.com/ Link: https://lkml.kernel.org/r/20240123064305.2829244-1-surenb@google.com Fixes: 12214eba1992 ("mm: handle read faults under the VMA lock") Reported-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index e96fb40b9cc3..07565b593ed6 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -298,6 +298,8 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) goto done; } count_vm_vma_lock_event(VMA_LOCK_RETRY); + if (fault & VM_FAULT_MAJOR) + flags |= FAULT_FLAG_TRIED; /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) {

1 year, 6 months

3
9
0 0

[PATCH 5.10 0/1] cifs: Fix stack-out-of-bounds in smb2_set_next_command()

by ZhaoLong Wang

Hello, I am sending this patch for inclusion in the stable tree, as it fixes a critical stack-out-of-bounds bug in the cifs module related to the `smb2_set_next_command()` function. Problem Summary: A problem was observed in the `statfs` system call for cifs, where it failed with a "Resource temporarily unavailable" message. Further investigation with KASAN revealed a stack-out-of-bounds error. The root cause was a miscalculation of the size of the `smb2_query_info_req` structure in the `SMB2_query_info_init()` function. This situation arose due to a dependency on a prior commit (`eb3e28c1e89b`) that replaced a 1-element array with a flexible array member in the `smb2_query_info_req` structure. This commit was not backported to the 5.10.y and 5.15.y stable branch, leading to an incorrect size calculation after the backport of commit `33eae65c6f49`. Fix Details: The patch corrects the size calculation to ensure the correct length is used when initializing the `smb2_query_info_req` structure. It has been tested and confirmed to resolve the issue without introducing any regressions. Maybe the prior commit eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays") should be backported to solve this problem directly. The patch does not seem to conflict. Best regards, ZhaoLong Wang ZhaoLong Wang (1): cifs: Fix stack-out-of-bounds in smb2_set_next_command() fs/cifs/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.39.2

1 year, 6 months

3
3
0 0

+ mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Aneesh Kumar K.V (IBM)" <aneesh.kumar(a)kernel.org> Subject: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Date: Mon, 29 Jan 2024 11:30:22 +0530 Architectures like powerpc add debug checks to ensure we find only devmap PUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM. This patch marks the ptes used for PUD advanced test devmap pte entries so that we don't hit on debug checks on architecture like ppc64 as below. WARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138 .... NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138 LR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60 Call Trace: [c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable) [c000000004a2f980] [000d34c100000000] 0xd34c100000000 [c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388 Also kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202! .... NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 Call Trace: [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable) [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388 Link: https://lkml.kernel.org/r/20240129060022.68044-1-aneesh.kumar@kernel.org Fixes: 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") Signed-off-by: Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug_vm_pgtable.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/debug_vm_pgtable.c~mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test +++ a/mm/debug_vm_pgtable.c @@ -362,6 +362,12 @@ static void __init pud_advanced_tests(st vaddr &= HPAGE_PUD_MASK; pud = pfn_pud(args->pud_pfn, args->page_prot); + /* + * Some architectures have debug checks to make sure + * huge pud mapping are only found with devmap entries + * For now test with only devmap entries. + */ + pud = pud_mkdevmap(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); flush_dcache_page(page); pudp_set_wrprotect(args->mm, vaddr, args->pudp); @@ -374,6 +380,7 @@ static void __init pud_advanced_tests(st WARN_ON(!pud_none(pud)); #endif /* __PAGETABLE_PMD_FOLDED */ pud = pfn_pud(args->pud_pfn, args->page_prot); + pud = pud_mkdevmap(pud); pud = pud_wrprotect(pud); pud = pud_mkclean(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); @@ -391,6 +398,7 @@ static void __init pud_advanced_tests(st #endif /* __PAGETABLE_PMD_FOLDED */ pud = pfn_pud(args->pud_pfn, args->page_prot); + pud = pud_mkdevmap(pud); pud = pud_mkyoung(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); flush_dcache_page(page); _ Patches currently in -mm which might be from aneesh.kumar(a)kernel.org are mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test.patch

1 year, 6 months

1
0
0 0

[char-misc-next v2] mei: gsc_proxy: match component when GSC is on different bus

by Tomas Winkler

From: Alexander Usyskin <alexander.usyskin(a)intel.com> On Arrow Lake S systems, MEI is no longer strictly connected to bus 0, while graphics remain exclusively on bus 0. Adapt the component matching logic to accommodate this change: Original behavior: Required both MEI and graphics to be on the same bus 0. New behavior: Only enforces graphics to be on bus 0 (integrated), allowing MEI to reside on any bus. This ensures compatibility with Arrow Lake S and maintains functionality for the legacy systems. Fixes: 1dd924f6885b ("mei: gsc_proxy: add gsc proxy driver") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- V2: Add reference to fixed commit Requires 'mei: me: add arrow lake point S DID' https://lore.kernel.org/lkml/20240211103912.117105-1-tomas.winkler@intel.co… drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c b/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c index be52b113aea937c7c658e06c..89364bdbb1290f5726a34945 100644 --- a/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c +++ b/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c @@ -96,7 +96,8 @@ static const struct component_master_ops mei_component_master_ops = { * * The function checks if the device is pci device and * Intel VGA adapter, the subcomponent is SW Proxy - * and the parent of MEI PCI and the parent of VGA are the same PCH device. + * and the VGA is on the bus 0 reserved for built-in devices + * to reject discrete GFX. * * @dev: master device * @subcomponent: subcomponent to match (I915_COMPONENT_SWPROXY) @@ -123,7 +124,8 @@ static int mei_gsc_proxy_component_match(struct device *dev, int subcomponent, if (subcomponent != I915_COMPONENT_GSC_PROXY) return 0; - return component_compare_dev(dev->parent, ((struct device *)data)->parent); + /* Only built-in GFX */ + return (pdev->bus->number == 0); } static int mei_gsc_proxy_probe(struct mei_cl_device *cldev, @@ -146,7 +148,7 @@ static int mei_gsc_proxy_probe(struct mei_cl_device *cldev, } component_match_add_typed(&cldev->dev, &master_match, - mei_gsc_proxy_component_match, cldev->dev.parent); + mei_gsc_proxy_component_match, NULL); if (IS_ERR_OR_NULL(master_match)) { ret = -ENOMEM; goto err_exit; -- 2.43.0

1 year, 6 months

1
0
0 0

[char-misc-next] mei: gsc_proxy: match component when GSC is on different bus

by Tomas Winkler

From: Alexander Usyskin <alexander.usyskin(a)intel.com> On Arrow Lake S systems, MEI is no longer strictly connected to bus 0, while graphics remain exclusively on bus 0. Adapt the component matching logic to accommodate this change: Original behavior: Required both MEI and graphics to be on the same bus 0. New behavior: Only enforces graphics to be on bus 0 (integrated), allowing MEI to reside on any bus. This ensures compatibility with Arrow Lake S and maintains functionality for the legacy systems. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- Requires 'mei: me: add arrow lake point S DID' https://lore.kernel.org/lkml/20240211103912.117105-1-tomas.winkler@intel.co… drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c b/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c index be52b113aea937c7c658e06c..89364bdbb1290f5726a34945 100644 --- a/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c +++ b/drivers/misc/mei/gsc_proxy/mei_gsc_proxy.c @@ -96,7 +96,8 @@ static const struct component_master_ops mei_component_master_ops = { * * The function checks if the device is pci device and * Intel VGA adapter, the subcomponent is SW Proxy - * and the parent of MEI PCI and the parent of VGA are the same PCH device. + * and the VGA is on the bus 0 reserved for built-in devices + * to reject discrete GFX. * * @dev: master device * @subcomponent: subcomponent to match (I915_COMPONENT_SWPROXY) @@ -123,7 +124,8 @@ static int mei_gsc_proxy_component_match(struct device *dev, int subcomponent, if (subcomponent != I915_COMPONENT_GSC_PROXY) return 0; - return component_compare_dev(dev->parent, ((struct device *)data)->parent); + /* Only built-in GFX */ + return (pdev->bus->number == 0); } static int mei_gsc_proxy_probe(struct mei_cl_device *cldev, @@ -146,7 +148,7 @@ static int mei_gsc_proxy_probe(struct mei_cl_device *cldev, } component_match_add_typed(&cldev->dev, &master_match, - mei_gsc_proxy_component_match, cldev->dev.parent); + mei_gsc_proxy_component_match, NULL); if (IS_ERR_OR_NULL(master_match)) { ret = -ENOMEM; goto err_exit; -- 2.43.0

1 year, 6 months

3
2
0 0

FAILED: patch "[PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fb091ff394792c018527b3211bbdfae93ea4ac02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-naturist-unlovely-367a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fb091ff39479 ("arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata") 6aeadf7896bf ("Merge tag 'docs-arm64-move' of git://git.lwn.net/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb091ff394792c018527b3211bbdfae93ea4ac02 Mon Sep 17 00:00:00 2001 From: Easwar Hariharan <eahariha(a)linux.microsoft.com> Date: Wed, 14 Feb 2024 17:55:18 +0000 Subject: [PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Add the MIDR value of Microsoft Azure Cobalt 100, which is a Microsoft implemented CPU based on r0p0 of the ARM Neoverse N2 CPU, and therefore suffers from all the same errata. CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: Mark Rutland <mark.rutland(a)arm.com> Acked-by: Marc Zyngier <maz(a)kernel.org> Reviewed-by: Oliver Upton <oliver.upton(a)linux.dev> Link: https://lore.kernel.org/r/20240214175522.2457857-1-eahariha@linux.microsoft… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index e8c2ce1f9df6..45a7f4932fe0 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -243,3 +243,10 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | ASR | ASR8601 | #8601001 | N/A | +----------------+-----------------+-----------------+-----------------------------+ ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2139208 | ARM64_ERRATUM_2139208 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2067961 | ARM64_ERRATUM_2067961 | ++----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #2253138 | ARM64_ERRATUM_2253138 | ++----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 7c7493cb571f..52f076afeb96 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -61,6 +61,7 @@ #define ARM_CPU_IMP_HISI 0x48 #define ARM_CPU_IMP_APPLE 0x61 #define ARM_CPU_IMP_AMPERE 0xC0 +#define ARM_CPU_IMP_MICROSOFT 0x6D #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 @@ -135,6 +136,8 @@ #define AMPERE_CPU_PART_AMPERE1 0xAC3 +#define MICROSOFT_CPU_PART_AZURE_COBALT_100 0xD49 /* Based on r0p0 of ARM Neoverse N2 */ + #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -193,6 +196,7 @@ #define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX) #define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX) #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1) +#define MIDR_MICROSOFT_AZURE_COBALT_100 MIDR_CPU_MODEL(ARM_CPU_IMP_MICROSOFT, MICROSOFT_CPU_PART_AZURE_COBALT_100) /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */ #define MIDR_FUJITSU_ERRATUM_010001 MIDR_FUJITSU_A64FX diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 967c7c7a4e7d..76b8dd37092a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = { static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2139208 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2119858 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = { static const struct midr_range tsb_flush_fail_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2067961 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2054223 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), @@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = { static struct midr_range trbe_write_out_of_range_cpus[] = { #ifdef CONFIG_ARM64_ERRATUM_2253138 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), #endif #ifdef CONFIG_ARM64_ERRATUM_2224489 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

1 year, 6 months

2
1
0 0

+ mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: cachestat: fix folio read-after-free in cache walk has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nhat Pham <nphamcs(a)gmail.com> Subject: mm: cachestat: fix folio read-after-free in cache walk Date: Mon, 19 Feb 2024 19:01:21 -0800 In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to the folio before performing these actions, which means the folio can concurrently be released and reused as another folio/page/slab. Get around this altogether by just using xarray's existing machinery for the folio page offsets and dirty/writeback states. This changes behavior for tmpfs files to now always report zeroes in their dirty and writeback counters. This is okay as tmpfs doesn't follow conventional writeback cache behavior: its pages get "cleaned" during swapout, after which they're no longer resident etc. Link: https://lkml.kernel.org/r/20240220153409.GA216065@cmpxchg.org Fixes: cf264e1329fb ("cachestat: implement cachestat syscall") Reported-by: Jann Horn <jannh(a)google.com> Suggested-by: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Nhat Pham <nphamcs(a)gmail.com> Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 51 ++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 25 deletions(-) --- a/mm/filemap.c~mm-cachestat-fix-folio-read-after-free-in-cache-walk +++ a/mm/filemap.c @@ -4111,28 +4111,40 @@ static void filemap_cachestat(struct add rcu_read_lock(); xas_for_each(&xas, folio, last_index) { + int order; unsigned long nr_pages; pgoff_t folio_first_index, folio_last_index; + /* + * Don't deref the folio. It is not pinned, and might + * get freed (and reused) underneath us. + * + * We *could* pin it, but that would be expensive for + * what should be a fast and lightweight syscall. + * + * Instead, derive all information of interest from + * the rcu-protected xarray. + */ + if (xas_retry(&xas, folio)) continue; + order = xa_get_order(xas.xa, xas.xa_index); + nr_pages = 1 << order; + folio_first_index = round_down(xas.xa_index, 1 << order); + folio_last_index = folio_first_index + nr_pages - 1; + + /* Folios might straddle the range boundaries, only count covered pages */ + if (folio_first_index < first_index) + nr_pages -= first_index - folio_first_index; + + if (folio_last_index > last_index) + nr_pages -= folio_last_index - last_index; + if (xa_is_value(folio)) { /* page is evicted */ void *shadow = (void *)folio; bool workingset; /* not used */ - int order = xa_get_order(xas.xa, xas.xa_index); - - nr_pages = 1 << order; - folio_first_index = round_down(xas.xa_index, 1 << order); - folio_last_index = folio_first_index + nr_pages - 1; - - /* Folios might straddle the range boundaries, only count covered pages */ - if (folio_first_index < first_index) - nr_pages -= first_index - folio_first_index; - - if (folio_last_index > last_index) - nr_pages -= folio_last_index - last_index; cs->nr_evicted += nr_pages; @@ -4150,24 +4162,13 @@ static void filemap_cachestat(struct add goto resched; } - nr_pages = folio_nr_pages(folio); - folio_first_index = folio_pgoff(folio); - folio_last_index = folio_first_index + nr_pages - 1; - - /* Folios might straddle the range boundaries, only count covered pages */ - if (folio_first_index < first_index) - nr_pages -= first_index - folio_first_index; - - if (folio_last_index > last_index) - nr_pages -= folio_last_index - last_index; - /* page is in cache */ cs->nr_cache += nr_pages; - if (folio_test_dirty(folio)) + if (xas_get_mark(&xas, PAGECACHE_TAG_DIRTY)) cs->nr_dirty += nr_pages; - if (folio_test_writeback(folio)) + if (xas_get_mark(&xas, PAGECACHE_TAG_WRITEBACK)) cs->nr_writeback += nr_pages; resched: _ Patches currently in -mm which might be from nphamcs(a)gmail.com are mm-swap_state-update-zswap-lrus-protection-range-with-the-folio-locked.patch mm-swap_state-update-zswap-lrus-protection-range-with-the-folio-locked-v2.patch mm-swap_state-update-zswap-lrus-protection-range-with-the-folio-locked-fix.patch mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch selftests-zswap-add-zswap-selftest-file-to-zswap-maintainer-entry.patch selftests-fix-the-zswap-invasive-shrink-test.patch selftests-add-zswapin-and-no-zswap-tests.patch

1 year, 6 months

1
0
0 0

+ mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Byungchul Park <byungchul(a)sk.com> Subject: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Date: Fri, 16 Feb 2024 20:15:02 +0900 With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/migrate.c~mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index +++ a/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_ if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0; _ Patches currently in -mm which might be from byungchul(a)sk.com are mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index.patch mm-vmscan-dont-turn-on-cache_trim_mode-at-the-highest-scan-priority.patch sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes.patch

1 year, 6 months

2
1
0 0

[PATCH net 00/13] mptcp: misc. fixes for v6.8

by Matthieu Baerts (NGI0)

This series includes 4 types of fixes: Patches 1 and 2 force the path-managers not to allocate a new address entry when dealing with the "special" ID 0, reserved to the address of the initial subflow. These patches can be backported up to v5.19 and v5.12 respectively. Patch 3 to 6 fix the in-kernel path-manager not to create duplicated subflows. Patch 6 is the main fix, but patches 3 to 5 are some kind of pre-requisities: they fix some data races that could also lead to the creation of unexpected subflows. These patches can be backported up to v5.7, v5.10, v6.0, and v5.15 respectively. Note that patch 3 modifies the existing ULP API. No better solutions have been found for -net, and there is some similar prior art, see commit 0df48c26d841 ("tcp: add tcpi_bytes_acked to tcp_info"). Please also note that TLS ULP Diag has likely the same issue. Patches 7 to 9 fix issues in the selftests, when executing them on older kernels, e.g. when testing the last version of these kselftests on the v5.15.148 kernel as it is done by LKFT when validating stable kernels. These patches only avoid printing expected errors the console and marking some tests as "OK" while they have been skipped. Patches 7 and 8 can be backported up to v6.6. Patches 10 to 13 make sure all MPTCP selftests subtests have a unique name. It is important to have a unique (sub)test name in TAP, because that's the test identifier. Some CI environments might drop tests with duplicated names. Patches 10 to 12 can be backported up to v6.6. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Geliang Tang (2): mptcp: add needs_id for userspace appending addr mptcp: add needs_id for netlink appending addr Matthieu Baerts (NGI0) (7): selftests: mptcp: pm nl: also list skipped tests selftests: mptcp: pm nl: avoid error msg on older kernels selftests: mptcp: diag: fix bash warnings on older kernels selftests: mptcp: simult flows: fix some subtest names selftests: mptcp: userspace_pm: unique subtest names selftests: mptcp: diag: unique 'in use' subtest names selftests: mptcp: diag: unique 'cestab' subtest names Paolo Abeni (4): mptcp: fix lockless access in subflow ULP diag mptcp: fix data races on local_id mptcp: fix data races on remote_id mptcp: fix duplicate subflow creation include/net/tcp.h | 2 +- net/mptcp/diag.c | 8 ++- net/mptcp/pm_netlink.c | 69 ++++++++++++++--------- net/mptcp/pm_userspace.c | 15 ++--- net/mptcp/protocol.c | 2 +- net/mptcp/protocol.h | 15 ++++- net/mptcp/subflow.c | 15 ++--- net/tls/tls_main.c | 2 +- tools/testing/selftests/net/mptcp/diag.sh | 41 ++++++++------ tools/testing/selftests/net/mptcp/pm_netlink.sh | 8 ++- tools/testing/selftests/net/mptcp/simult_flows.sh | 3 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 4 +- 12 files changed, 116 insertions(+), 68 deletions(-) --- base-commit: c40c0d3a768c78a023a72fb2ceea00743e3a695d change-id: 20240215-upstream-net-20240215-misc-fixes-03815ec14dc6 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 6 months

4
20
0 0

[GIT PULL] bcachefs stable updates for v6.7

by Kent Overstreet

Hi Greg, few stable updates for you - Cheers, Kent The following changes since commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a: Linux 6.7 (2024-01-07 12:18:38 -0800) are available in the Git repository at: https://evilpiepirate.org/git/bcachefs.git tags/bcachefs-for-v6.7-stable-20240208 for you to fetch changes up to f1582f4774ac7c30c5460a8c7a6e5a82b9ce5a6a: bcachefs: time_stats: Check for last_event == 0 when updating freq stats (2024-02-08 15:33:11 -0500) ---------------------------------------------------------------- bcachefs updates for v6.7 stable: locking fixes in subvolume create, destroy paths - Al, Su Yue, Guoyu Ou fix race in thread_with_file - Mathias Krause small rebalance fixes - Daniel, myself workaround for building with old clang (can't take a pointer to memcmp) build fix on parisc minor time_stats fix ---------------------------------------------------------------- Al Viro (2): new helper: user_path_locked_at() bch2_ioctl_subvolume_destroy(): fix locking Christoph Hellwig (1): bcachefs: fix incorrect usage of REQ_OP_FLUSH Daniel Hill (1): bcachefs: rebalance should wakeup on shutdown if disabled Guoyu Ou (1): bcachefs: unlock parent dir if entry is not found in subvolume deletion Helge Deller (1): bcachefs: Fix build on parisc by avoiding __multi3() Kent Overstreet (4): bcachefs: Don't pass memcmp() as a pointer bcachefs: Add missing bch2_moving_ctxt_flush_all() bcachefs: bch2_kthread_io_clock_wait() no longer sleeps until full amount bcachefs: time_stats: Check for last_event == 0 when updating freq stats Mathias Krause (1): bcachefs: install fd later to avoid race with close Su Yue (2): bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bcachefs: grab s_umount only if snapshotting fs/bcachefs/chardev.c | 3 +-- fs/bcachefs/clock.c | 4 ++-- fs/bcachefs/fs-io.c | 2 +- fs/bcachefs/fs-ioctl.c | 42 +++++++++++++++++++++-------------------- fs/bcachefs/journal_io.c | 3 ++- fs/bcachefs/mean_and_variance.h | 2 +- fs/bcachefs/move.c | 2 +- fs/bcachefs/move.h | 1 + fs/bcachefs/rebalance.c | 13 +++++++++++-- fs/bcachefs/replicas.c | 10 ++++++++-- fs/bcachefs/snapshot.c | 2 +- fs/bcachefs/util.c | 5 +++-- fs/namei.c | 16 +++++++++++++--- include/linux/namei.h | 1 + 14 files changed, 68 insertions(+), 38 deletions(-)

1 year, 6 months

2
8
0 0

ORDER-PO#00997923

by Sales02

Dear , Please find the attached copy of our contract for your reference. Confirm the details, sign and return as soon as possible. The shipment cost remains the same. See No 4 highlighted in RED confirm if we can increase as before. Let us know if you need further clarification. Best Regards, Connor Gilchrist Sales Shadow's Ridge inc. The Shipyard, Bath Road, Lymington, Hampshire, SO41 3YL, England Ph. +44 (0)1590 647406.

1 year, 6 months

1
0
0 0

[PATCH] accel/ivpu: Don't enable any tiles by default on VPU40xx

by Jacek Lawrynowicz

From: Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> There is no point in requesting 1 tile on VPU40xx as the FW will probably need more tiles to run workloads, so it will have to reconfigure PLL anyway. Don't enable any tiles and allow the FW to perform initial tile configuration. This improves NPU boot stability as the tiles are always enabled only by the FW from the same initial state. Fixes: 79cdc56c4a54 ("accel/ivpu: Add initial support for VPU 4") Signed-off-by: Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_hw_40xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/accel/ivpu/ivpu_hw_40xx.c b/drivers/accel/ivpu/ivpu_hw_40xx.c index 1c995307c113..a1523d0b1ef3 100644 --- a/drivers/accel/ivpu/ivpu_hw_40xx.c +++ b/drivers/accel/ivpu/ivpu_hw_40xx.c @@ -24,7 +24,7 @@ #define SKU_HW_ID_SHIFT 16u #define SKU_HW_ID_MASK 0xffff0000u -#define PLL_CONFIG_DEFAULT 0x1 +#define PLL_CONFIG_DEFAULT 0x0 #define PLL_CDYN_DEFAULT 0x80 #define PLL_EPP_DEFAULT 0x80 #define PLL_REF_CLK_FREQ (50 * 1000000) -- 2.43.0

1 year, 6 months

3
4
0 0

[PATCH v4] mm/swap: fix race when skipping swapcache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release the pin after PT unlocked. Racers just loop and wait since it's a rare and very short event. A schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU, causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in commit 029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead") Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous device") Link: https://github.com/ryncsn/emm-test-project/tree/master/swap-stress-race [1] Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/lkml/87bk92gqpx.fsf_-_@yhuang6-desk2.ccr.corp.intel… Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: stable(a)vger.kernel.org --- V3: https://lore.kernel.org/all/20240216095105.14502-1-ryncsn@gmail.com/ Update from V3: - Use schedule_timeout_uninterruptible(1) for now instead of schedule() to prevent the busy faulting task holds CPU and livelocks [Huang, Ying] V2: https://lore.kernel.org/all/20240206182559.32264-1-ryncsn@gmail.com/ Update from V2: - Add a schedule() if raced to prevent repeated page faults wasting CPU and add noise to perf statistics. - Use a bool to state the special case instead of reusing existing variables fixing error handling [Minchan Kim]. V1: https://lore.kernel.org/all/20240205110959.4021-1-ryncsn@gmail.com/ Update from V1: - Add some words on ZRAM case, it will discard swap content on swap_free so the race window is a bit different but cure is the same. [Barry Song] - Update comments make it cleaner [Huang, Ying] - Add a function place holder to fix CONFIG_SWAP=n built [SeongJae Park] - Update the commit message and summary, refer to SWP_SYNCHRONOUS_IO instead of "direct swapin path" [Yu Zhao] - Update commit message. - Collect Review and Acks. include/linux/swap.h | 5 +++++ mm/memory.c | 20 ++++++++++++++++++++ mm/swap.h | 5 +++++ mm/swapfile.c | 13 +++++++++++++ 4 files changed, 43 insertions(+) diff --git a/include/linux/swap.h b/include/linux/swap.h index 4db00ddad261..8d28f6091a32 100644 --- a/include/linux/swap.h +++ b/include/linux/swap.h @@ -549,6 +549,11 @@ static inline int swap_duplicate(swp_entry_t swp) return 0; } +static inline int swapcache_prepare(swp_entry_t swp) +{ + return 0; +} + static inline void swap_free(swp_entry_t swp) { } diff --git a/mm/memory.c b/mm/memory.c index 7e1f4849463a..a99f5e7be9a5 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3799,6 +3799,7 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) struct page *page; struct swap_info_struct *si = NULL; rmap_t rmap_flags = RMAP_NONE; + bool need_clear_cache = false; bool exclusive = false; swp_entry_t entry; pte_t pte; @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (!folio) { if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && __swap_count(entry) == 1) { + /* + * Prevent parallel swapin from proceeding with + * the cache flag. Otherwise, another thread may + * finish swapin first, free the entry, and swapout + * reusing the same entry. It's undetectable as + * pte_same() returns true due to entry reuse. + */ + if (swapcache_prepare(entry)) { + /* Relax a bit to prevent rapid repeated page faults */ + schedule_timeout_uninterruptible(1); + goto out; + } + need_clear_cache = true; + /* skip swapcache */ folio = vma_alloc_folio(GFP_HIGHUSER_MOVABLE, 0, vma, vmf->address, false); @@ -4117,6 +4132,9 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) if (vmf->pte) pte_unmap_unlock(vmf->pte, vmf->ptl); out: + /* Clear the swap cache pin for direct swapin after PTL unlock */ + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; @@ -4131,6 +4149,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) folio_unlock(swapcache); folio_put(swapcache); } + if (need_clear_cache) + swapcache_clear(si, entry); if (si) put_swap_device(si); return ret; diff --git a/mm/swap.h b/mm/swap.h index 758c46ca671e..fc2f6ade7f80 100644 --- a/mm/swap.h +++ b/mm/swap.h @@ -41,6 +41,7 @@ void __delete_from_swap_cache(struct folio *folio, void delete_from_swap_cache(struct folio *folio); void clear_shadow_from_swap_cache(int type, unsigned long begin, unsigned long end); +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry); struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr); struct folio *filemap_get_incore_folio(struct address_space *mapping, @@ -97,6 +98,10 @@ static inline int swap_writepage(struct page *p, struct writeback_control *wbc) return 0; } +static inline void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ +} + static inline struct folio *swap_cache_get_folio(swp_entry_t entry, struct vm_area_struct *vma, unsigned long addr) { diff --git a/mm/swapfile.c b/mm/swapfile.c index 556ff7347d5f..746aa9da5302 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -3365,6 +3365,19 @@ int swapcache_prepare(swp_entry_t entry) return __swap_duplicate(entry, SWAP_HAS_CACHE); } +void swapcache_clear(struct swap_info_struct *si, swp_entry_t entry) +{ + struct swap_cluster_info *ci; + unsigned long offset = swp_offset(entry); + unsigned char usage; + + ci = lock_cluster_or_swap_info(si, offset); + usage = __swap_entry_free_locked(si, offset, SWAP_HAS_CACHE); + unlock_cluster_or_swap_info(si, ci); + if (!usage) + free_swap_slot(entry); +} + struct swap_info_struct *swp_swap_info(swp_entry_t entry) { return swap_type_to_swap_info(swp_type(entry)); -- 2.43.0

1 year, 6 months

7
12
0 0

[RFC] efi: Add ACPI_MEMORY_NVS into the linear map

by Boqun Feng

Currently ACPI_MEMORY_NVS is omitted from the linear map, which causes a trouble with the following firmware memory region setup: [..] efi: 0x0000dfd62000-0x0000dfd83fff [ACPI Reclaim|...] [..] efi: 0x0000dfd84000-0x0000dfd87fff [ACPI Mem NVS|...] , on ARM64 with 64k page size, the whole 0x0000dfd80000-0x0000dfd8ffff range will be omitted from the the linear map due to 64k round-up. And a page fault happens when trying to access the ACPI_RECLAIM_MEMORY: [...] Unable to handle kernel paging request at virtual address ffff0000dfd80000 To fix this, add ACPI_MEMORY_NVS into the linear map. Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Cc: stable(a)vger.kernel.org # 5.15+ --- We hit this in an ARM64 Hyper-V VM when using 64k page size, although this issue may also be fixed if the efi memory regions are all 64k aligned, but I don't find this memory region setup is invalid per UEFI spec, also I don't find that spec disallows ACPI_MEMORY_NVS to be mapped in the OS linear map, but if there is any better way or I'm reading the spec incorrectly, please let me know. It's Cced stable since 5.15 because that's when Hyper-V ARM64 support is added, and Hyper-V is the only one that hits the problem so far. drivers/firmware/efi/efi-init.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/efi-init.c b/drivers/firmware/efi/efi-init.c index a00e07b853f2..9a1b9bc66d50 100644 --- a/drivers/firmware/efi/efi-init.c +++ b/drivers/firmware/efi/efi-init.c @@ -139,6 +139,7 @@ static __init int is_usable_memory(efi_memory_desc_t *md) case EFI_LOADER_CODE: case EFI_LOADER_DATA: case EFI_ACPI_RECLAIM_MEMORY: + case EFI_ACPI_MEMORY_NVS: case EFI_BOOT_SERVICES_CODE: case EFI_BOOT_SERVICES_DATA: case EFI_CONVENTIONAL_MEMORY: @@ -202,8 +203,12 @@ static __init void reserve_regions(void) if (!is_usable_memory(md)) memblock_mark_nomap(paddr, size); - /* keep ACPI reclaim memory intact for kexec etc. */ - if (md->type == EFI_ACPI_RECLAIM_MEMORY) + /* + * keep ACPI reclaim and NVS memory and intact for kexec + * etc. + */ + if (md->type == EFI_ACPI_RECLAIM_MEMORY || + md->type == EFI_ACPI_MEMORY_NVS) memblock_reserve(paddr, size); } } -- 2.43.0

1 year, 6 months

3
7
0 0

[PATCH 6.1.y 1/2] smb: client: fix potential OOBs in smb2_parse_contexts()

by Guruswamy Basavaiah

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit af1689a9b7701d9907dfc84d2a4b57c4bc907144 ] Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x1b6/0x1c0 ? asm_exc_page_fault+0x26/0x30 ? smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260 [cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs] cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x780 [cifs] smb3_get_tree+0xd9/0x290 [cifs] vfs_get_tree+0x2c/0x100 ? capable+0x37/0x70 path_mount+0x2d7/0xb80 ? srso_alias_return_thunk+0x5/0xfbef5 ? _raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e Reported-by: Robert Morris <rtm(a)csail.mit.edu> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [Guru: Modified the patch to be applicable to the cached_dir.c file.] Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah(a)broadcom.com> --- fs/smb/client/cached_dir.c | 8 ++-- fs/smb/client/smb2pdu.c | 93 +++++++++++++++++++++++--------------- fs/smb/client/smb2proto.h | 12 +++-- 3 files changed, 68 insertions(+), 45 deletions(-) diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c index 5a132c1e6f6c..6f4d7aa70e5a 100644 --- a/fs/smb/client/cached_dir.c +++ b/fs/smb/client/cached_dir.c @@ -268,10 +268,12 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, if (o_rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) goto oshr_free; - smb2_parse_contexts(server, o_rsp, + rc = smb2_parse_contexts(server, rsp_iov, &oparms.fid->epoch, - oparms.fid->lease_key, &oplock, - NULL, NULL); + oparms.fid->lease_key, + &oplock, NULL, NULL); + if (rc) + goto oshr_free; if (!(oplock & SMB2_LEASE_READ_CACHING_HE)) goto oshr_free; qi_rsp = (struct smb2_query_info_rsp *)rsp_iov[1].iov_base; diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index e65f998ea4cf..d610862ac6a0 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -2145,17 +2145,18 @@ parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info, posix->nlink, posix->mode, posix->reparse_tag); } -void -smb2_parse_contexts(struct TCP_Server_Info *server, - struct smb2_create_rsp *rsp, - unsigned int *epoch, char *lease_key, __u8 *oplock, - struct smb2_file_all_info *buf, - struct create_posix_rsp *posix) +int smb2_parse_contexts(struct TCP_Server_Info *server, + struct kvec *rsp_iov, + unsigned int *epoch, + char *lease_key, __u8 *oplock, + struct smb2_file_all_info *buf, + struct create_posix_rsp *posix) { - char *data_offset; + struct smb2_create_rsp *rsp = rsp_iov->iov_base; struct create_context *cc; - unsigned int next; - unsigned int remaining; + size_t rem, off, len; + size_t doff, dlen; + size_t noff, nlen; char *name; static const char smb3_create_tag_posix[] = { 0x93, 0xAD, 0x25, 0x50, 0x9C, @@ -2164,45 +2165,63 @@ smb2_parse_contexts(struct TCP_Server_Info *server, }; *oplock = 0; - data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset); - remaining = le32_to_cpu(rsp->CreateContextsLength); - cc = (struct create_context *)data_offset; + + off = le32_to_cpu(rsp->CreateContextsOffset); + rem = le32_to_cpu(rsp->CreateContextsLength); + if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len) + return -EINVAL; + cc = (struct create_context *)((u8 *)rsp + off); /* Initialize inode number to 0 in case no valid data in qfid context */ if (buf) buf->IndexNumber = 0; - while (remaining >= sizeof(struct create_context)) { - name = le16_to_cpu(cc->NameOffset) + (char *)cc; - if (le16_to_cpu(cc->NameLength) == 4 && - strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0) - *oplock = server->ops->parse_lease_buf(cc, epoch, - lease_key); - else if (buf && (le16_to_cpu(cc->NameLength) == 4) && - strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0) - parse_query_id_ctxt(cc, buf); - else if ((le16_to_cpu(cc->NameLength) == 16)) { - if (posix && - memcmp(name, smb3_create_tag_posix, 16) == 0) + while (rem >= sizeof(*cc)) { + doff = le16_to_cpu(cc->DataOffset); + dlen = le32_to_cpu(cc->DataLength); + if (check_add_overflow(doff, dlen, &len) || len > rem) + return -EINVAL; + + noff = le16_to_cpu(cc->NameOffset); + nlen = le16_to_cpu(cc->NameLength); + if (noff + nlen >= doff) + return -EINVAL; + + name = (char *)cc + noff; + switch (nlen) { + case 4: + if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { + *oplock = server->ops->parse_lease_buf(cc, epoch, + lease_key); + } else if (buf && + !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) { + parse_query_id_ctxt(cc, buf); + } + break; + case 16: + if (posix && !memcmp(name, smb3_create_tag_posix, 16)) parse_posix_ctxt(cc, buf, posix); + break; + default: + cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n", + __func__, nlen, dlen); + if (IS_ENABLED(CONFIG_CIFS_DEBUG2)) + cifs_dump_mem("context data: ", cc, dlen); + break; } - /* else { - cifs_dbg(FYI, "Context not matched with len %d\n", - le16_to_cpu(cc->NameLength)); - cifs_dump_mem("Cctxt name: ", name, 4); - } */ - - next = le32_to_cpu(cc->Next); - if (!next) + + off = le32_to_cpu(cc->Next); + if (!off) break; - remaining -= next; - cc = (struct create_context *)((char *)cc + next); + if (check_sub_overflow(rem, off, &rem)) + return -EINVAL; + cc = (struct create_context *)((u8 *)cc + off); } if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) *oplock = rsp->OplockLevel; - return; + return 0; } static int @@ -3082,8 +3101,8 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, } - smb2_parse_contexts(server, rsp, &oparms->fid->epoch, - oparms->fid->lease_key, oplock, buf, posix); + rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch, + oparms->fid->lease_key, oplock, buf, posix); creat_exit: SMB2_open_free(&rqst); free_rsp_buf(resp_buftype, rsp); diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index be21b5d26f67..b325fde010ad 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -249,11 +249,13 @@ extern int smb3_validate_negotiate(const unsigned int, struct cifs_tcon *); extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *, enum securityEnum); -extern void smb2_parse_contexts(struct TCP_Server_Info *server, - struct smb2_create_rsp *rsp, - unsigned int *epoch, char *lease_key, - __u8 *oplock, struct smb2_file_all_info *buf, - struct create_posix_rsp *posix); +int smb2_parse_contexts(struct TCP_Server_Info *server, + struct kvec *rsp_iov, + unsigned int *epoch, + char *lease_key, __u8 *oplock, + struct smb2_file_all_info *buf, + struct create_posix_rsp *posix); + extern int smb3_encryption_required(const struct cifs_tcon *tcon); extern int smb2_validate_iov(unsigned int offset, unsigned int buffer_length, struct kvec *iov, unsigned int min_buf_size); -- 2.25.1

1 year, 6 months

2
3
0 0

[PATCH 6.1.y] RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned

by Shiraz Saleem

From: Mike Marciniszyn <mike.marciniszyn(a)intel.com> [ Upstream commit 0a5ec366de7e94192669ba08de6ed336607fd282 ] The SQ is shared for between kernel and used by storing the kernel page pointer and passing that to a kmap_atomic(). This then requires that the alignment is PAGE_SIZE aligned. Fix by adding an iWarp specific alignment check. The patch needed to be reworked because the separate routines present upstream are not there in older irdma drivers. Fixes: e965ef0e7b2c ("RDMA/irdma: Split QP handler into irdma_reg_user_mr_type_qp") Link: https://lore.kernel.org/r/20231129202143.1434-3-shiraz.saleem@intel.com Signed-off-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Shiraz Saleem <shiraz.saleem(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/infiniband/hw/irdma/verbs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c index 447e1bcc82a3..3c437c8070b6 100644 --- a/drivers/infiniband/hw/irdma/verbs.c +++ b/drivers/infiniband/hw/irdma/verbs.c @@ -2845,6 +2845,13 @@ static struct ib_mr *irdma_reg_user_mr(struct ib_pd *pd, u64 start, u64 len, switch (req.reg_type) { case IRDMA_MEMREG_TYPE_QP: + /* iWarp: Catch page not starting on OS page boundary */ + if (!rdma_protocol_roce(&iwdev->ibdev, 1) && + ib_umem_offset(iwmr->region)) { + err = -EINVAL; + goto error; + } + total = req.sq_pages + req.rq_pages + shadow_pgcnt; if (total > iwmr->page_cnt) { err = -EINVAL; -- 1.8.3.1

1 year, 6 months

4
6
0 0

[PATCH 5.10.y v2] Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"

by Xiang Yang

This reverts commit 3f225f29c69c13ce1cbdb1d607a42efeef080056. The shadow call stack for irq now is stored in current task's thread info in irq_stack_entry. There is a possibility that we have some soft irqs pending at the end of hard irq, and when we process softirq with the irq enabled, irq_stack_entry will enter again and overwrite the shadow call stack whitch stored in current task's thread info, leading to the incorrect shadow call stack restoration for the first entry of the hard IRQ, then the system end up with a panic. task A | task A -------------------------------------+------------------------------------ el1_irq //irq1 enter | irq_handler //save scs_sp1 | gic_handle_irq | irq_exit | __do_softirq | | el1_irq //irq2 enter | irq_handler //save scs_sp2 | //overwrite scs_sp1 | ... | irq_stack_exit //restore scs_sp2 irq_stack_exit //restore wrong | //scs_sp2 | So revert this commit to fix it. Fixes: 3f225f29c69c ("arm64: Stash shadow stack pointer in the task struct on interrupt") Signed-off-by: Xiang Yang <xiangyang3(a)huawei.com> --- arch/arm64/kernel/entry.S | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index a94acea770c7..020a455824be 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -431,7 +431,9 @@ SYM_CODE_END(__swpan_exit_el0) .macro irq_stack_entry mov x19, sp // preserve the original sp - scs_save tsk // preserve the original shadow stack +#ifdef CONFIG_SHADOW_CALL_STACK + mov x24, scs_sp // preserve the original shadow stack +#endif /* * Compare sp with the base of the task stack. @@ -465,7 +467,9 @@ SYM_CODE_END(__swpan_exit_el0) */ .macro irq_stack_exit mov sp, x19 - scs_load_current +#ifdef CONFIG_SHADOW_CALL_STACK + mov scs_sp, x24 +#endif .endm /* GPRs used by entry code */ -- 2.34.1

1 year, 6 months

3
2
0 0

[PATCH v3][5.10, 5.15, 6.1][0/1] hrtimer: Ignore slack time for RT tasks

by Felix Moessbauer

Changes since v2: - added signed-off Changes since v1: - added upstream commit id to the commit message This suggests a fix from 6.3 for stable that fixes a nasty bug in the timing behavior of periodic RT tasks w.r.t timerslack_ns. While the documentation clearly states that the slack time is ignored for RT tasks, this is not the case for the hrtimer code. This patch fixes the issue and applies to all stable kernels. Best regards, Felix Moessbauer Siemens AG Davidlohr Bueso (1): hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() kernel/time/hrtimer.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) -- 2.39.2

1 year, 6 months

2
2
0 0

x86 efistub stable backports for v6.6

by Ard Biesheuvel

(cc stakeholders from various distros - apologies if I missed anyone) Please consider the patches below for backporting to the linux-6.6.y stable tree. These are prerequisites for building a signed x86 efistub kernel image that complies with the tightened UEFI boot requirements imposed by MicroSoft, and this is the condition under which it is willing to sign future Linux secure boot shim builds with its 3rd party CA certificate. (Such builds must enforce a strict separation between executable and writable code, among other things) The patches apply cleanly onto 6.6.17 (-rc2), resulting in a defconfig build that boots as expected under OVMF/KVM. 5f51c5d0e905 x86/efi: Drop EFI stub .bss from .data section 7e50262229fa x86/efi: Disregard setup header of loaded image bfab35f552ab x86/efi: Drop alignment flags from PE section headers 768171d7ebbc x86/boot: Remove the 'bugger off' message 8eace5b35556 x86/boot: Omit compression buffer from PE/COFF image memory footprint 7448e8e5d15a x86/boot: Drop redundant code setting the root device b618d31f112b x86/boot: Drop references to startup_64 2e765c02dcbf x86/boot: Grab kernel_info offset from zoffset header directly eac956345f99 x86/boot: Set EFI handover offset directly in header asm 093ab258e3fb x86/boot: Define setup size in linker script aeb92067f6ae x86/boot: Derive file size from _edata symbol efa089e63b56 x86/boot: Construct PE/COFF .text section from assembler fa5750521e0a x86/boot: Drop PE/COFF .reloc section 34951f3c28bd x86/boot: Split off PE/COFF .data section 3e3eabe26dc8 x86/boot: Increase section and file alignment to 4k/512 1ad55cecf22f x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 ++++++++++-------------- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 ++------------------------------ drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 46 +----- 7 files changed, 112 insertions(+), 447 deletions(-)

1 year, 6 months

5
8
0 0

[GIT PULL] NFSD fixes for v6.1.y

by Chuck Lever

The following changes since commit 8b4118fabd6eb75fed19483b04dab3a036886489: Linux 6.1.78 (2024-02-16 19:06:32 +0100) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git nfsd-6.1.y for you to fetch changes up to d432d1006b60bd6b5c38974727bdce78f449eeea: nfsd: don't take fi_lock in nfsd_break_deleg_cb() (2024-02-16 13:58:29 -0500) ---------------------------------------------------------------- NeilBrown (2): nfsd: fix RELEASE_LOCKOWNER nfsd: don't take fi_lock in nfsd_break_deleg_cb() fs/nfsd/nfs4state.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) -- Chuck Lever

1 year, 6 months

4
4
0 0

[v6.6][PATCH 00/57] eventfs: Linus's updates for 6.6

by Steven Rostedt

This is a backport of all the work that lead up to the work that Linus made on eventfs. I trust Linus's version more so than the versions in 6.6 and 6.7. There may be plenty of hidden issues due to the design. This is the update for 6.6. It includes Linus's updates as well as all the patches leading up to them. As the eventfs work went in in two parts, half went in in 6.6 and the other in 6.7, there were 6 backports that were done custom to 6.6 as the bugs found in 6.7 were in 6.6 but implemented differently. This series starts with reverting those 6 backports and then applying the updated patches to get to Linus's simplification. I ran these through my full test suite that I use before sending anything to Linus, although I did not run my "bisect" test that walks through the patches. The tests were just run on the end result. This was created with the following command against v6.6.15, after reverting the 6 patches: git log --reverse --no-merges --pretty=oneline v6.6..origin/master fs/tracefs/ | cut -d' ' -f1 | while read a; do if ! git cherry-pick -x $a; then break; fi ; done Which adds -x to the cherry pick to add the upstream commit SHAs. There was one patch in tracefs that didn't need to be backported and I removed that one. Beau Belgrave (1): eventfs: Fix events beyond NAME_MAX blocking tasks Erick Archer (1): eventfs: Use kcalloc() instead of kzalloc() Jiapeng Chong (1): tracefs/eventfs: Modify mismatched function name Linus Torvalds (7): tracefs: remove stale 'update_gid' code eventfs: Initialize the tracefs inode properly tracefs: Avoid using the ei->dentry pointer unnecessarily tracefs: dentry lookup crapectomy eventfs: Remove unused d_parent pointer field eventfs: Clean up dentry ops and add revalidate function eventfs: Get rid of dentry pointers without refcounts Nathan Chancellor (1): eventfs: Use ERR_CAST() in eventfs_create_events_dir() Steven Rostedt (Google) (46): Revert "eventfs: Do not allow NULL parent to eventfs_start_creating()" Revert "eventfs: Check for NULL ef in eventfs_set_attr()" Revert "eventfs: Use simple_recursive_removal() to clean up dentries" Revert "eventfs: Delete eventfs_inode when the last dentry is freed" Revert "eventfs: Save ownership and mode" Revert "eventfs: Remove "is_freed" union with rcu head" eventfs: Remove eventfs_file and just use eventfs_inode eventfs: Use eventfs_remove_events_dir() eventfs: Fix failure path in eventfs_create_events_dir() eventfs: Fix WARN_ON() in create_file_dentry() eventfs: Fix typo in eventfs_inode union comment eventfs: Remove extra dget() in eventfs_create_events_dir() eventfs: Fix kerneldoc of eventfs_remove_rec() eventfs: Remove "is_freed" union with rcu head eventfs: Have a free_ei() that just frees the eventfs_inode eventfs: Test for ei->is_freed when accessing ei->dentry eventfs: Save ownership and mode eventfs: Hold eventfs_mutex when calling callback functions eventfs: Delete eventfs_inode when the last dentry is freed eventfs: Remove special processing of dput() of events directory eventfs: Use simple_recursive_removal() to clean up dentries eventfs: Remove expectation that ei->is_freed means ei->dentry == NULL eventfs: Do not invalidate dentry in create_file/dir_dentry() eventfs: Use GFP_NOFS for allocation when eventfs_mutex is held eventfs: Move taking of inode_lock into dcache_dir_open_wrapper() eventfs: Do not allow NULL parent to eventfs_start_creating() eventfs: Make sure that parent->d_inode is locked in creating files/dirs eventfs: Have event files and directories default to parent uid and gid eventfs: Fix file and directory uid and gid ownership tracefs: Check for dentry->d_inode exists in set_gid() eventfs: Fix bitwise fields for "is_events" eventfs: Remove "lookup" parameter from create_dir/file_dentry() eventfs: Stop using dcache_readdir() for getdents() tracefs/eventfs: Use root and instance inodes as default ownership eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set eventfs: Do ctx->pos update for all iterations in eventfs_iterate() eventfs: Read ei->entries before ei->children in eventfs_iterate() eventfs: Shortcut eventfs_iterate() by skipping entries already read eventfs: Have the inodes all for files and directories all be the same eventfs: Do not create dentries nor inodes in iterate_shared eventfs: Save directory inodes in the eventfs_inode structure tracefs: Zero out the tracefs_inode when allocating it eventfs: Warn if an eventfs_inode is freed without is_freed being set eventfs: Restructure eventfs_inode structure to be more condensed eventfs: Remove fsnotify*() functions from lookup() eventfs: Keep all directory links at 1 ---- fs/tracefs/event_inode.c | 1250 +++++++++++++++++++----------------------- fs/tracefs/inode.c | 276 +++++----- fs/tracefs/internal.h | 60 +- include/linux/trace_events.h | 2 +- include/linux/tracefs.h | 73 ++- kernel/trace/trace.c | 7 +- kernel/trace/trace.h | 4 +- kernel/trace/trace_events.c | 311 +++++++---- 8 files changed, 1029 insertions(+), 954 deletions(-)

1 year, 6 months

5
61
0 0

[PATCH v2][5.10, 5.15, 6.1][0/1] hrtimer: Ignore slack time for RT tasks

by Felix Moessbauer

Changes since v1: - added upstream commit id to the commit message This suggests a fix from 6.3 for stable that fixes a nasty bug in the timing behavior of periodic RT tasks w.r.t timerslack_ns. While the documentation clearly states that the slack time is ignored for RT tasks, this is not the case for the hrtimer code. This patch fixes the issue and applies to all stable kernels. Best regards, Felix Moessbauer Siemens AG Davidlohr Bueso (1): hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() kernel/time/hrtimer.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) -- 2.39.2

1 year, 6 months

4
4
0 0

FAILED: patch "[PATCH] parisc: Fix random data corruption from exception handler" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8b1d72395635af45410b66cc4c4ab37a12c4a831 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021939-unreached-bacon-95e0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 8b1d72395635 ("parisc: Fix random data corruption from exception handler") a80aeb86542a ("parisc: Mark ex_table entries 32-bit aligned in uaccess.h") 01fef8267390 ("parisc: Allow building uncompressed Linux kernel") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8b1d72395635af45410b66cc4c4ab37a12c4a831 Mon Sep 17 00:00:00 2001 From: Helge Deller <deller(a)gmx.de> Date: Sat, 20 Jan 2024 15:29:27 +0100 Subject: [PATCH] parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction "or %r0,%r0,%reg", where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option any longer. Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: <stable(a)vger.kernel.org> # v6.0+ diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index d14ccc948a29..5c845e8d59d9 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -25,7 +25,6 @@ config PARISC select RTC_DRV_GENERIC select INIT_ALL_POSSIBLE select BUG - select BUILDTIME_TABLE_SORT select HAVE_KERNEL_UNCOMPRESSED select HAVE_PCI select HAVE_PERF_EVENTS diff --git a/arch/parisc/include/asm/assembly.h b/arch/parisc/include/asm/assembly.h index 74d17d7e759d..5937d5edaba1 100644 --- a/arch/parisc/include/asm/assembly.h +++ b/arch/parisc/include/asm/assembly.h @@ -576,6 +576,7 @@ .section __ex_table,"aw" ! \ .align 4 ! \ .word (fault_addr - .), (except_addr - .) ! \ + or %r0,%r0,%r0 ! \ .previous diff --git a/arch/parisc/include/asm/extable.h b/arch/parisc/include/asm/extable.h new file mode 100644 index 000000000000..4ea23e3d79dc --- /dev/null +++ b/arch/parisc/include/asm/extable.h @@ -0,0 +1,64 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __PARISC_EXTABLE_H +#define __PARISC_EXTABLE_H + +#include <asm/ptrace.h> +#include <linux/compiler.h> + +/* + * The exception table consists of three addresses: + * + * - A relative address to the instruction that is allowed to fault. + * - A relative address at which the program should continue (fixup routine) + * - An asm statement which specifies which CPU register will + * receive -EFAULT when an exception happens if the lowest bit in + * the fixup address is set. + * + * Note: The register specified in the err_opcode instruction will be + * modified at runtime if a fault happens. Register %r0 will be ignored. + * + * Since relative addresses are used, 32bit values are sufficient even on + * 64bit kernel. + */ + +struct pt_regs; +int fixup_exception(struct pt_regs *regs); + +#define ARCH_HAS_RELATIVE_EXTABLE +struct exception_table_entry { + int insn; /* relative address of insn that is allowed to fault. */ + int fixup; /* relative address of fixup routine */ + int err_opcode; /* sample opcode with register which holds error code */ +}; + +#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr, opcode )\ + ".section __ex_table,\"aw\"\n" \ + ".align 4\n" \ + ".word (" #fault_addr " - .), (" #except_addr " - .)\n" \ + opcode "\n" \ + ".previous\n" + +/* + * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry + * (with lowest bit set) for which the fault handler in fixup_exception() will + * load -EFAULT on fault into the register specified by the err_opcode instruction, + * and zeroes the target register in case of a read fault in get_user(). + */ +#define ASM_EXCEPTIONTABLE_VAR(__err_var) \ + int __err_var = 0 +#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr, register )\ + ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1, "or %%r0,%%r0," register) + +static inline void swap_ex_entry_fixup(struct exception_table_entry *a, + struct exception_table_entry *b, + struct exception_table_entry tmp, + int delta) +{ + a->fixup = b->fixup + delta; + b->fixup = tmp.fixup - delta; + a->err_opcode = b->err_opcode; + b->err_opcode = tmp.err_opcode; +} +#define swap_ex_entry_fixup swap_ex_entry_fixup + +#endif diff --git a/arch/parisc/include/asm/special_insns.h b/arch/parisc/include/asm/special_insns.h index c822bd0c0e3c..51f40eaf7780 100644 --- a/arch/parisc/include/asm/special_insns.h +++ b/arch/parisc/include/asm/special_insns.h @@ -8,7 +8,8 @@ "copy %%r0,%0\n" \ "8:\tlpa %%r0(%1),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \ + "or %%r0,%%r0,%%r0") \ : "=&r" (pa) \ : "r" (va) \ : "memory" \ @@ -22,7 +23,8 @@ "copy %%r0,%0\n" \ "8:\tlpa %%r0(%%sr3,%1),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \ + "or %%r0,%%r0,%%r0") \ : "=&r" (pa) \ : "r" (va) \ : "memory" \ diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 4165079898d9..88d0ae5769dd 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -7,6 +7,7 @@ */ #include <asm/page.h> #include <asm/cache.h> +#include <asm/extable.h> #include <linux/bug.h> #include <linux/string.h> @@ -26,37 +27,6 @@ #define STD_USER(sr, x, ptr) __put_user_asm(sr, "std", x, ptr) #endif -/* - * The exception table contains two values: the first is the relative offset to - * the address of the instruction that is allowed to fault, and the second is - * the relative offset to the address of the fixup routine. Since relative - * addresses are used, 32bit values are sufficient even on 64bit kernel. - */ - -#define ARCH_HAS_RELATIVE_EXTABLE -struct exception_table_entry { - int insn; /* relative address of insn that is allowed to fault. */ - int fixup; /* relative address of fixup routine */ -}; - -#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\ - ".section __ex_table,\"aw\"\n" \ - ".align 4\n" \ - ".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \ - ".previous\n" - -/* - * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry - * (with lowest bit set) for which the fault handler in fixup_exception() will - * load -EFAULT into %r29 for a read or write fault, and zeroes the target - * register in case of a read fault in get_user(). - */ -#define ASM_EXCEPTIONTABLE_REG 29 -#define ASM_EXCEPTIONTABLE_VAR(__variable) \ - register long __variable __asm__ ("r29") = 0 -#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\ - ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1) - #define __get_user_internal(sr, val, ptr) \ ({ \ ASM_EXCEPTIONTABLE_VAR(__gu_err); \ @@ -83,7 +53,7 @@ struct exception_table_entry { \ __asm__("1: " ldx " 0(%%sr%2,%3),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \ : "=r"(__gu_val), "+r"(__gu_err) \ : "i"(sr), "r"(ptr)); \ \ @@ -115,8 +85,8 @@ struct exception_table_entry { "1: ldw 0(%%sr%2,%3),%0\n" \ "2: ldw 4(%%sr%2,%3),%R0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%1") \ : "=&r"(__gu_tmp.l), "+r"(__gu_err) \ : "i"(sr), "r"(ptr)); \ \ @@ -174,7 +144,7 @@ struct exception_table_entry { __asm__ __volatile__ ( \ "1: " stx " %1,0(%%sr%2,%3)\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \ : "+r"(__pu_err) \ : "r"(x), "i"(sr), "r"(ptr)) @@ -186,15 +156,14 @@ struct exception_table_entry { "1: stw %1,0(%%sr%2,%3)\n" \ "2: stw %R1,4(%%sr%2,%3)\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%0") \ : "+r"(__pu_err) \ : "r"(__val), "i"(sr), "r"(ptr)); \ } while (0) #endif /* !defined(CONFIG_64BIT) */ - /* * Complex access routines -- external declarations */ @@ -216,7 +185,4 @@ unsigned long __must_check raw_copy_from_user(void *dst, const void __user *src, #define INLINE_COPY_TO_USER #define INLINE_COPY_FROM_USER -struct pt_regs; -int fixup_exception(struct pt_regs *regs); - #endif /* __PARISC_UACCESS_H */ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index 0c015487e5db..5552602fcaef 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -854,7 +854,7 @@ SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes, #endif " fic,m %3(%4,%0)\n" "2: sync\n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b, "%1") : "+r" (start), "+r" (error) : "r" (end), "r" (dcache_stride), "i" (SR_USER)); } @@ -869,7 +869,7 @@ SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes, #endif " fdc,m %3(%4,%0)\n" "2: sync\n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b, "%1") : "+r" (start), "+r" (error) : "r" (end), "r" (icache_stride), "i" (SR_USER)); } diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c index ce25acfe4889..c520e551a165 100644 --- a/arch/parisc/kernel/unaligned.c +++ b/arch/parisc/kernel/unaligned.c @@ -120,8 +120,8 @@ static int emulate_ldh(struct pt_regs *regs, int toreg) "2: ldbs 1(%%sr1,%3), %0\n" " depw %2, 23, 24, %0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "+r" (val), "+r" (ret), "=&r" (temp1) : "r" (saddr), "r" (regs->isr) ); @@ -152,8 +152,8 @@ static int emulate_ldw(struct pt_regs *regs, int toreg, int flop) " mtctl %2,11\n" " vshd %0,%3,%0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "+r" (val), "+r" (ret), "=&r" (temp1), "=&r" (temp2) : "r" (saddr), "r" (regs->isr) ); @@ -189,8 +189,8 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop) " mtsar %%r19\n" " shrpd %0,%%r20,%%sar,%0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "=r" (val), "+r" (ret) : "0" (val), "r" (saddr), "r" (regs->isr) : "r19", "r20" ); @@ -209,9 +209,9 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop) " vshd %0,%R0,%0\n" " vshd %R0,%4,%R0\n" "4: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b, "%1") : "+r" (val), "+r" (ret), "+r" (saddr), "=&r" (shift), "=&r" (temp1) : "r" (regs->isr) ); } @@ -244,8 +244,8 @@ static int emulate_sth(struct pt_regs *regs, int frreg) "1: stb %1, 0(%%sr1, %3)\n" "2: stb %2, 1(%%sr1, %3)\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0") : "+r" (ret), "=&r" (temp1) : "r" (val), "r" (regs->ior), "r" (regs->isr) ); @@ -285,8 +285,8 @@ static int emulate_stw(struct pt_regs *regs, int frreg, int flop) " stw %%r20,0(%%sr1,%2)\n" " stw %%r21,4(%%sr1,%2)\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r22", "r1" ); @@ -329,10 +329,10 @@ static int emulate_std(struct pt_regs *regs, int frreg, int flop) "3: std %%r20,0(%%sr1,%2)\n" "4: std %%r21,8(%%sr1,%2)\n" "5: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r22", "r1" ); @@ -357,11 +357,11 @@ static int emulate_std(struct pt_regs *regs, int frreg, int flop) "4: stw %%r1,4(%%sr1,%2)\n" "5: stw %R1,8(%%sr1,%2)\n" "6: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r1" ); diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c index 2fe5b44986e0..c39de84e98b0 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -150,11 +150,16 @@ int fixup_exception(struct pt_regs *regs) * Fix up get_user() and put_user(). * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() sets the least-significant * bit in the relative address of the fixup routine to indicate - * that gr[ASM_EXCEPTIONTABLE_REG] should be loaded with - * -EFAULT to report a userspace access error. + * that the register encoded in the "or %r0,%r0,register" + * opcode should be loaded with -EFAULT to report a userspace + * access error. */ if (fix->fixup & 1) { - regs->gr[ASM_EXCEPTIONTABLE_REG] = -EFAULT; + int fault_error_reg = fix->err_opcode & 0x1f; + if (!WARN_ON(!fault_error_reg)) + regs->gr[fault_error_reg] = -EFAULT; + pr_debug("Unalignment fixup of register %d at %pS\n", + fault_error_reg, (void*)regs->iaoq[0]); /* zero target register for get_user() */ if (parisc_acctyp(0, regs->iir) == VM_READ) {

1 year, 6 months

3
2
0 0

FAILED: patch "[PATCH] netfilter: ipset: fix performance regression in swap" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 97f7cf1cd80eeed3b7c808b7c12463295c751001 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024022011-amber-awning-698f@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 97f7cf1cd80e ("netfilter: ipset: fix performance regression in swap operation") 292a089d78d3 ("treewide: Convert del_timer*() to timer_shutdown*()") 0a1d4434db5f ("Merge tag 'timers-core-2022-12-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97f7cf1cd80eeed3b7c808b7c12463295c751001 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik <kadlec(a)netfilter.org> Date: Mon, 29 Jan 2024 10:57:01 +0100 Subject: [PATCH] netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback. Link: https://lore.kernel.org/lkml/C0829B10-EAA6-4809-874E-E1E9C05A8D84@automatti… Fixes: 28628fa952fe ("netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test") Reported-by: Ale Crismani <ale.crismani(a)automattic.com> Reported-by: David Wang <00107082(a)163.com> Tested-by: David Wang <00107082(a)163.com> Signed-off-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index e8c350a3ade1..e9f4f845d760 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h @@ -186,6 +186,8 @@ struct ip_set_type_variant { /* Return true if "b" set is the same as "a" * according to the create set parameters */ bool (*same_set)(const struct ip_set *a, const struct ip_set *b); + /* Cancel ongoing garbage collectors before destroying the set*/ + void (*cancel_gc)(struct ip_set *set); /* Region-locking is used */ bool region_lock; }; @@ -242,6 +244,8 @@ extern void ip_set_type_unregister(struct ip_set_type *set_type); /* A generic IP set */ struct ip_set { + /* For call_cru in destroy */ + struct rcu_head rcu; /* The name of the set */ char name[IPSET_MAXNAMELEN]; /* Lock protecting the set data */ diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h index 21f7860e8fa1..cb48a2b9cb9f 100644 --- a/net/netfilter/ipset/ip_set_bitmap_gen.h +++ b/net/netfilter/ipset/ip_set_bitmap_gen.h @@ -30,6 +30,7 @@ #define mtype_del IPSET_TOKEN(MTYPE, _del) #define mtype_list IPSET_TOKEN(MTYPE, _list) #define mtype_gc IPSET_TOKEN(MTYPE, _gc) +#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc) #define mtype MTYPE #define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id))) @@ -59,9 +60,6 @@ mtype_destroy(struct ip_set *set) { struct mtype *map = set->data; - if (SET_WITH_TIMEOUT(set)) - del_timer_sync(&map->gc); - if (set->dsize && set->extensions & IPSET_EXT_DESTROY) mtype_ext_cleanup(set); ip_set_free(map->members); @@ -290,6 +288,15 @@ mtype_gc(struct timer_list *t) add_timer(&map->gc); } +static void +mtype_cancel_gc(struct ip_set *set) +{ + struct mtype *map = set->data; + + if (SET_WITH_TIMEOUT(set)) + del_timer_sync(&map->gc); +} + static const struct ip_set_type_variant mtype = { .kadt = mtype_kadt, .uadt = mtype_uadt, @@ -303,6 +310,7 @@ static const struct ip_set_type_variant mtype = { .head = mtype_head, .list = mtype_list, .same_set = mtype_same_set, + .cancel_gc = mtype_cancel_gc, }; #endif /* __IP_SET_BITMAP_IP_GEN_H */ diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 4c133e06be1d..bcaad9c009fe 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1182,6 +1182,14 @@ ip_set_destroy_set(struct ip_set *set) kfree(set); } +static void +ip_set_destroy_set_rcu(struct rcu_head *head) +{ + struct ip_set *set = container_of(head, struct ip_set, rcu); + + ip_set_destroy_set(set); +} + static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const attr[]) { @@ -1193,8 +1201,6 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, if (unlikely(protocol_min_failed(attr))) return -IPSET_ERR_PROTOCOL; - /* Must wait for flush to be really finished in list:set */ - rcu_barrier(); /* Commands are serialized and references are * protected by the ip_set_ref_lock. @@ -1206,8 +1212,10 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, * counter, so if it's already zero, we can proceed * without holding the lock. */ - read_lock_bh(&ip_set_ref_lock); if (!attr[IPSET_ATTR_SETNAME]) { + /* Must wait for flush to be really finished in list:set */ + rcu_barrier(); + read_lock_bh(&ip_set_ref_lock); for (i = 0; i < inst->ip_set_max; i++) { s = ip_set(inst, i); if (s && (s->ref || s->ref_netlink)) { @@ -1221,6 +1229,8 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, s = ip_set(inst, i); if (s) { ip_set(inst, i) = NULL; + /* Must cancel garbage collectors */ + s->variant->cancel_gc(s); ip_set_destroy_set(s); } } @@ -1228,6 +1238,9 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, inst->is_destroyed = false; } else { u32 flags = flag_exist(info->nlh); + u16 features = 0; + + read_lock_bh(&ip_set_ref_lock); s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]), &i); if (!s) { @@ -1238,10 +1251,16 @@ static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info, ret = -IPSET_ERR_BUSY; goto out; } + features = s->type->features; ip_set(inst, i) = NULL; read_unlock_bh(&ip_set_ref_lock); - - ip_set_destroy_set(s); + if (features & IPSET_TYPE_NAME) { + /* Must wait for flush to be really finished */ + rcu_barrier(); + } + /* Must cancel garbage collectors */ + s->variant->cancel_gc(s); + call_rcu(&s->rcu, ip_set_destroy_set_rcu); } return 0; out: @@ -1394,9 +1413,6 @@ static int ip_set_swap(struct sk_buff *skb, const struct nfnl_info *info, ip_set(inst, to_id) = from; write_unlock_bh(&ip_set_ref_lock); - /* Make sure all readers of the old set pointers are completed. */ - synchronize_rcu(); - return 0; } @@ -2409,8 +2425,11 @@ ip_set_fini(void) { nf_unregister_sockopt(&so_set); nfnetlink_subsys_unregister(&ip_set_netlink_subsys); - unregister_pernet_subsys(&ip_set_net_ops); + + /* Wait for call_rcu() in destroy */ + rcu_barrier(); + pr_debug("these are the famous last words\n"); } diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index cbf80da9a01c..1136510521a8 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h @@ -222,6 +222,7 @@ static const union nf_inet_addr zeromask = {}; #undef mtype_gc_do #undef mtype_gc #undef mtype_gc_init +#undef mtype_cancel_gc #undef mtype_variant #undef mtype_data_match @@ -266,6 +267,7 @@ static const union nf_inet_addr zeromask = {}; #define mtype_gc_do IPSET_TOKEN(MTYPE, _gc_do) #define mtype_gc IPSET_TOKEN(MTYPE, _gc) #define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init) +#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc) #define mtype_variant IPSET_TOKEN(MTYPE, _variant) #define mtype_data_match IPSET_TOKEN(MTYPE, _data_match) @@ -450,9 +452,6 @@ mtype_destroy(struct ip_set *set) struct htype *h = set->data; struct list_head *l, *lt; - if (SET_WITH_TIMEOUT(set)) - cancel_delayed_work_sync(&h->gc.dwork); - mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true); list_for_each_safe(l, lt, &h->ad) { list_del(l); @@ -599,6 +598,15 @@ mtype_gc_init(struct htable_gc *gc) queue_delayed_work(system_power_efficient_wq, &gc->dwork, HZ); } +static void +mtype_cancel_gc(struct ip_set *set) +{ + struct htype *h = set->data; + + if (SET_WITH_TIMEOUT(set)) + cancel_delayed_work_sync(&h->gc.dwork); +} + static int mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, struct ip_set_ext *mext, u32 flags); @@ -1441,6 +1449,7 @@ static const struct ip_set_type_variant mtype_variant = { .uref = mtype_uref, .resize = mtype_resize, .same_set = mtype_same_set, + .cancel_gc = mtype_cancel_gc, .region_lock = true, }; diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index e162636525cf..6c3f28bc59b3 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c @@ -426,9 +426,6 @@ list_set_destroy(struct ip_set *set) struct list_set *map = set->data; struct set_elem *e, *n; - if (SET_WITH_TIMEOUT(set)) - timer_shutdown_sync(&map->gc); - list_for_each_entry_safe(e, n, &map->members, list) { list_del(&e->list); ip_set_put_byindex(map->net, e->id); @@ -545,6 +542,15 @@ list_set_same_set(const struct ip_set *a, const struct ip_set *b) a->extensions == b->extensions; } +static void +list_set_cancel_gc(struct ip_set *set) +{ + struct list_set *map = set->data; + + if (SET_WITH_TIMEOUT(set)) + timer_shutdown_sync(&map->gc); +} + static const struct ip_set_type_variant set_variant = { .kadt = list_set_kadt, .uadt = list_set_uadt, @@ -558,6 +564,7 @@ static const struct ip_set_type_variant set_variant = { .head = list_set_head, .list = list_set_list, .same_set = list_set_same_set, + .cancel_gc = list_set_cancel_gc, }; static void

1 year, 6 months

1
0
0 0

[PATCH 5.10/5.15/6.1 0/1] nilfs2: fix WARNING in nilfs_dat_prepare_end()

by Roman Smirnov

Syzkaller reports WARNING in nilfs_dat_prepare_end() in 5.10, 5.15 and 6.1 stable releases. The problem has been fixed in upstream: https://syzkaller.appspot.com/bug?extid=5d5d25f90f195a3cfcb4 The problem can also be fixed in versions 5.10, 5.15 and 6.1 by the following patch. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0 Link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3 Ryusuke Konishi (1): nilfs2: replace WARN_ONs for invalid DAT metadata block requests fs/nilfs2/dat.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) -- 2.34.1

1 year, 6 months

2
3
0 0

[PATCH net] l2tp: pass correct message length to ip6_append_data

by Tom Parkin

l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. Fixes: 9d4c75800f61 ("ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()") Cc: David Howells <dhowells(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Tom Parkin <tparkin(a)katalix.com> --- This issue was uncovered by Debian build-testing for the golang-github-katalix-go-l2tp package[1]. It seems 9d4c75800f61 has been backported to the linux-6.1.y stable kernel (and possibly others), so I think this fix will also need backporting. The bug is currently seen on at least Debian Bookworm, Ubuntu Jammy, and Debian testing/unstable. Unfortunately tests using "ip l2tp" and which focus on dataplane transport will not uncover this bug: it's necessary to send a packet using an L2TPIP6 socket opened by userspace, and to verify the packet on the wire. The l2tp-ktest[2] test suite has been extended to cover this. [1]. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063746 [2]. https://github.com/katalix/l2tp-ktest --- net/l2tp/l2tp_ip6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index dd3153966173..7bf14cf9ffaa 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c @@ -627,7 +627,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) back_from_confirm: lock_sock(sk); - ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; + ulen = len + (skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0); err = ip6_append_data(sk, ip_generic_getfrag, msg, ulen, transhdrlen, &ipc6, &fl6, (struct rt6_info *)dst, -- 2.34.1

1 year, 6 months

1
0
0 0

[PATCH 0/2] Disable automatic load CCS load balancing

by Andi Shyti

Hi, this series does basically two things: 1. Disables automatic load balancing as adviced by the hardware workaround. 2. Forces the sharing of the load submitted to CCS among all the CCS available (as of now only DG2 has more than one CCS). This way the user, when sending a query, will see only one CCS available. Andi Andi Shyti (2): drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Set default CCS mode '1' drivers/gpu/drm/i915/gt/intel_gt.c | 11 +++++++++++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 3 +++ drivers/gpu/drm/i915/gt/intel_workarounds.c | 6 ++++++ drivers/gpu/drm/i915/i915_drv.h | 17 +++++++++++++++++ drivers/gpu/drm/i915/i915_query.c | 5 +++-- 5 files changed, 40 insertions(+), 2 deletions(-) -- 2.43.0

1 year, 6 months

4
13
0 0

[PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()

by Baokun Li

The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks. Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/cachefiles/cache.c | 2 ++ fs/cachefiles/daemon.c | 1 + 2 files changed, 3 insertions(+) diff --git a/fs/cachefiles/cache.c b/fs/cachefiles/cache.c index 7077f72e6f47..f449f7340aad 100644 --- a/fs/cachefiles/cache.c +++ b/fs/cachefiles/cache.c @@ -168,6 +168,8 @@ int cachefiles_add_cache(struct cachefiles_cache *cache) dput(root); error_open_root: cachefiles_end_secure(cache, saved_cred); + put_cred(cache->cache_cred); + cache->cache_cred = NULL; error_getsec: fscache_relinquish_cache(cache_cookie); cache->cache = NULL; diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index 3f24905f4066..6465e2574230 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -816,6 +816,7 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache) cachefiles_put_directory(cache->graveyard); cachefiles_put_directory(cache->store); mntput(cache->mnt); + put_cred(cache->cache_cred); kfree(cache->rootdirname); kfree(cache->secctx); -- 2.31.1

1 year, 6 months

5
4
0 0

[PATCH] drm/radeon: Call mmiowb() at the end of radeon_ring_commit()

by Huacai Chen

Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of mmiowb()") remove all mmiowb() in drivers, but it says: "NOTE: mmiowb() has only ever guaranteed ordering in conjunction with spin_unlock(). However, pairing each mmiowb() removal in this patch with the corresponding call to spin_unlock() is not at all trivial, so there is a small chance that this change may regress any drivers incorrectly relying on mmiowb() to order MMIO writes between CPUs using lock-free synchronisation." The mmio in radeon_ring_commit() is protected by a mutex rather than a spinlock, but in the mutex fastpath it behaves similar to spinlock and need a mmiowb() to make sure the wptr is up-to-date for hardware. Without this, we get such an error when run 'glxgears' on weak ordering architectures such as LoongArch: radeon 0000:04:00.0: ring 0 stalled for more than 10324msec radeon 0000:04:00.0: ring 3 stalled for more than 10240msec radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3) radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) radeon 0000:04:00.0: scheduling IB failed (-35). [drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35) Cc: stable(a)vger.kernel.org Signed-off-by: Tianyang Zhang <zhangtianyang(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/gpu/drm/radeon/radeon_ring.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c index 38048593bb4a..d461dc85d820 100644 --- a/drivers/gpu/drm/radeon/radeon_ring.c +++ b/drivers/gpu/drm/radeon/radeon_ring.c @@ -183,6 +183,7 @@ void radeon_ring_commit(struct radeon_device *rdev, struct radeon_ring *ring, if (hdp_flush && rdev->asic->mmio_hdp_flush) rdev->asic->mmio_hdp_flush(rdev); radeon_ring_set_wptr(rdev, ring); + mmiowb(); /* Make sure wptr is up-to-date for hw */ } /** -- 2.43.0

1 year, 6 months

2
1
0 0

[PATCH 6.7 000/124] 6.7.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.5 release. There are 124 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 15 Feb 2024 17:18:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.5-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.5-rc1 Michael Lass <bevan(a)bi-co.net> net: Fix from address in memcpy_to_iter_csum() Jens Axboe <axboe(a)kernel.dk> io_uring/net: limit inline multishot retries Jens Axboe <axboe(a)kernel.dk> io_uring/poll: add requeue return code from poll multishot handling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ASoC: amd: Add new dmi entries for acp5x platform" Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: time_stats: Check for last_event == 0 when updating freq stats Guoyu Ou <benogy(a)gmail.com> bcachefs: unlock parent dir if entry is not found in subvolume deletion Christoph Hellwig <hch(a)lst.de> bcachefs: fix incorrect usage of REQ_OP_FLUSH Su Yue <glass.su(a)suse.com> bcachefs: grab s_umount only if snapshotting Su Yue <glass.su(a)suse.com> bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: bch2_kthread_io_clock_wait() no longer sleeps until full amount Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Add missing bch2_moving_ctxt_flush_all() Daniel Hill <daniel(a)gluo.nz> bcachefs: rebalance should wakeup on shutdown if disabled Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Don't pass memcmp() as a pointer Al Viro <viro(a)zeniv.linux.org.uk> bch2_ioctl_subvolume_destroy(): fix locking Al Viro <viro(a)zeniv.linux.org.uk> new helper: user_path_locked_at() Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Jens Axboe <axboe(a)kernel.dk> io_uring/rw: ensure poll based multishot read retries appropriately Jens Axboe <axboe(a)kernel.dk> io_uring/net: un-indent mshot retry path in io_recv_finish() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: move poll execution helpers higher up Jens Axboe <axboe(a)kernel.dk> io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: fix a battery life regression Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Arrow Lake-H Michal Pecio <michal.pecio(a)gmail.com> xhci: handle isoc Babble and Buffer Overrun events properly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: process isoc TD properly when there was a transaction error mid TD. Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd/pm: fix the high voltage and temperature issue" Badhri Jagan Sridharan <badhri(a)google.com> Revert "usb: typec: tcpm: fix cc role at port reset" Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Sean Young <sean(a)mess.org> ALSA: usb-audio: add quirk for RODE NT-USB+ Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: core: include linux/close_range.h for CLOSE_RANGE_* macros Maurizio Lombardi <mlombard(a)redhat.com> nvme-host: fix the updating of the firmware version Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: declare overflow_stack as exported from traps.c Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix arch_hugetlb_migration_supported() for NAPOT Xiubo Li <xiubli(a)redhat.com> ceph: always set initial i_blkbits to CEPH_FSCRYPT_BLOCK_SHIFT Xiubo Li <xiubli(a)redhat.com> libceph: just wait for more data to be available on the socket Xiubo Li <xiubli(a)redhat.com> libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Flush the tlb when a page directory is freed Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix set_huge_pte_at() for NAPOT mapping Vincent Chen <vincent.chen(a)sifive.com> riscv: mm: execute local TLB flush after populating vmemmap Alexandre Ghiti <alexghiti(a)rivosinc.com> mm: Introduce flush_cache_vmap_early() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: un-break NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: remove static in nft_pipapo_get() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: narrow down revision to unsigned 8-bits Jakub Kicinski <kuba(a)kernel.org> selftests: cmsg_ipv6: repeat the exact packet Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Jiri Pirko <jiri(a)resnulli.us> devlink: avoid potential loop in devlink_rel_nested_in_notify_work() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: let big_tcp test cope with slow env David Howells <dhowells(a)redhat.com> rxrpc: Fix counting of new acks and nacks David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call David Howells <dhowells(a)redhat.com> rxrpc: Fix delayed ACKs to not set the reference serial number David Howells <dhowells(a)redhat.com> rxrpc: Fix generation of serial numbers to skip zero Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/gvt: Fix uninitialized variable in handle_mmio() Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Fix mapping for zero copy XDP_TX action Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix tcp listener handling in pmtu.sh Yujie Liu <yujie.liu(a)intel.com> selftests/net: change shebang to bash to support "source" Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert pmtu.sh to run it in unique namespace Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert unicast_extensions.sh to run it in unique namespace Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Ivan Vecera <ivecera(a)redhat.com> net: atlantic: Fix DMA mapping for PTP hwts ring Eric Dumazet <edumazet(a)google.com> netdevsim: avoid potential loop in nsim_dev_trap_report_work() Kees Cook <keescook(a)chromium.org> wifi: brcmfmac: Adjust n_channels usage for __counted_by Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: exit eSR only after the FW does Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix waiting for beacons logic Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix unsolicited broadcast probe config Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU use in TDLS fast-xmit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: improve CSA/ECSA connection refusal Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: detect stuck ECSA element in probe resp Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: consume both probe response and beacon IEs Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Give up if memory attribute protocol returns an error Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Shyam Prasad N <sprasad(a)microsoft.com> cifs: failure to add channel on iface should bump up weight Shyam Prasad N <sprasad(a)microsoft.com> cifs: avoid redundant calls to disable multichannel Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV James Clark <james.clark(a)arm.com> perf evlist: Fix evlist__new_default() for > 1 core PMU Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix 'perf script' tests on s390 Ian Rogers <irogers(a)google.com> perf tests: Add perf script test Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Mantas Pucka <mantas(a)8devices.com> phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018 Mantas Pucka <mantas(a)8devices.com> phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Baokun Li <libaokun1(a)huawei.com> ext4: regenerate buddy after block freeing failed if under fc replay ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/cacheflush.h | 1 + arch/arm/include/asm/cacheflush.h | 2 + arch/csky/abiv1/inc/abi/cacheflush.h | 1 + arch/csky/abiv2/inc/abi/cacheflush.h | 1 + arch/m68k/include/asm/cacheflush_mm.h | 1 + arch/mips/include/asm/cacheflush.h | 2 + arch/nios2/include/asm/cacheflush.h | 1 + arch/parisc/include/asm/cacheflush.h | 1 + arch/riscv/include/asm/cacheflush.h | 3 +- arch/riscv/include/asm/hugetlb.h | 3 + arch/riscv/include/asm/stacktrace.h | 5 + arch/riscv/include/asm/tlb.h | 2 +- arch/riscv/include/asm/tlbflush.h | 2 + arch/riscv/mm/hugetlbpage.c | 78 ++++++++++++- arch/riscv/mm/init.c | 4 + arch/riscv/mm/tlbflush.c | 6 + arch/sh/include/asm/cacheflush.h | 1 + arch/sparc/include/asm/cacheflush_32.h | 1 + arch/sparc/include/asm/cacheflush_64.h | 1 + arch/x86/boot/header.S | 14 +-- arch/x86/boot/setup.ld | 6 +- arch/x86/lib/getuser.S | 24 ++-- arch/x86/lib/putuser.S | 20 ++-- arch/xtensa/include/asm/cacheflush.h | 6 +- block/blk-iocost.c | 7 ++ drivers/atm/idt77252.c | 2 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 28 ++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/kaslr.c | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 12 +- drivers/firmware/efi/libstub/x86-stub.c | 25 ++-- drivers/firmware/efi/libstub/x86-stub.h | 4 +- drivers/firmware/efi/libstub/zboot.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 24 ++-- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 2 +- .../drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 63 +++++----- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 33 +----- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 - .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 8 +- drivers/gpu/drm/i915/gvt/handlers.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 5 - drivers/gpu/drm/msm/dp/dp_link.c | 22 ++-- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/hwmon/aspeed-pwm-tacho.c | 7 ++ drivers/hwmon/coretemp.c | 40 ++++--- drivers/input/keyboard/atkbd.c | 13 ++- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 13 +++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 1 + drivers/net/ethernet/engleder/tsnep_main.c | 16 ++- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 ++- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 57 ++++++++- drivers/net/netdevsim/dev.c | 8 +- drivers/net/ppp/ppp_async.c | 4 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/api/debug.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 6 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 9 +- drivers/nvme/host/core.c | 7 +- drivers/pci/bus.c | 49 +++++--- drivers/pci/controller/dwc/pcie-qcom.c | 2 +- drivers/pci/pci.c | 78 ++++++++----- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 13 ++- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 30 ++++- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/scsi/scsi_error.c | 3 +- drivers/scsi/scsi_lib.c | 4 +- drivers/usb/dwc3/dwc3-pci.c | 4 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/host/xhci-ring.c | 80 ++++++++++--- drivers/usb/host/xhci.h | 1 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/tcpm/tcpm.c | 3 +- fs/bcachefs/clock.c | 4 +- fs/bcachefs/fs-io.c | 2 +- fs/bcachefs/fs-ioctl.c | 42 +++---- fs/bcachefs/journal_io.c | 3 +- fs/bcachefs/move.c | 2 +- fs/bcachefs/move.h | 1 + fs/bcachefs/rebalance.c | 13 ++- fs/bcachefs/replicas.c | 10 +- fs/bcachefs/snapshot.c | 2 +- fs/bcachefs/util.c | 5 +- fs/ceph/inode.c | 2 + fs/ext4/mballoc.c | 20 ++++ fs/namei.c | 16 ++- fs/ntfs3/ntfs_fs.h | 2 +- fs/smb/client/sess.c | 2 + fs/smb/client/smb2pdu.c | 2 +- include/asm-generic/cacheflush.h | 6 + include/linux/ceph/messenger.h | 2 +- include/linux/dmaengine.h | 3 +- include/linux/hrtimer.h | 4 +- include/linux/namei.h | 1 + include/linux/pci.h | 5 + include/net/cfg80211.h | 4 + include/net/netfilter/nf_tables.h | 16 ++- include/trace/events/rxrpc.h | 8 +- include/uapi/linux/netfilter/nf_tables.h | 2 + io_uring/io_uring.h | 7 ++ io_uring/net.c | 54 ++++++--- io_uring/poll.c | 49 ++++---- io_uring/poll.h | 9 ++ io_uring/rw.c | 10 +- kernel/time/hrtimer.c | 3 + mm/percpu.c | 8 +- net/ceph/messenger_v1.c | 33 +++--- net/ceph/messenger_v2.c | 4 +- net/ceph/osd_client.c | 9 +- net/core/datagram.c | 2 +- net/devlink/core.c | 12 +- net/ipv4/af_inet.c | 6 +- net/ipv4/ip_tunnel_core.c | 2 +- net/mac80211/cfg.c | 14 +-- net/mac80211/mlme.c | 106 ++++++++++++----- net/mac80211/tx.c | 7 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nfnetlink_queue.c | 13 ++- net/netfilter/nft_compat.c | 17 ++- net/netfilter/nft_ct.c | 3 + net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 128 +++++++++++---------- net/netfilter/nft_set_pipapo.h | 18 ++- net/netfilter/nft_set_pipapo_avx2.c | 17 ++- net/netfilter/nft_set_rbtree.c | 11 +- net/rxrpc/ar-internal.h | 37 ++++-- net/rxrpc/call_event.c | 12 +- net/rxrpc/call_object.c | 1 + net/rxrpc/conn_event.c | 10 +- net/rxrpc/input.c | 115 +++++++++++++++--- net/rxrpc/output.c | 8 +- net/rxrpc/proc.c | 2 +- net/rxrpc/rxkad.c | 4 +- net/tipc/bearer.c | 6 + net/unix/garbage.c | 11 ++ net/wireless/scan.c | 63 +++++++++- sound/soc/amd/acp-config.c | 15 +-- sound/usb/quirks.c | 6 + tools/perf/tests/shell/script.sh | 73 ++++++++++++ tools/perf/util/evlist.c | 9 +- tools/testing/selftests/core/close_range_test.c | 1 + tools/testing/selftests/net/big_tcp.sh | 4 +- tools/testing/selftests/net/cmsg_ipv6.sh | 4 +- tools/testing/selftests/net/pmtu.sh | 52 +++++---- tools/testing/selftests/net/udpgro_fwd.sh | 14 ++- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/net/unicast_extensions.sh | 93 +++++++-------- 160 files changed, 1538 insertions(+), 715 deletions(-)

1 year, 6 months

14
144
0 0

[PATCH 5/7] ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()

by Baokun Li

We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Therefore it is not allowed to set s_mb_group_prealloc to a value greater than s_clusters_per_group via sysfs, and to avoid returning an order from mb_avg_fragment_size_order() that is greater than MB_NUM_ORDERS(sb). Fixes: 7e170922f06b ("ext4: Add allocation criteria 1.5 (CR1_5)") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/mballoc.c | 2 ++ fs/ext4/sysfs.c | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index f44f668e407f..1ea6491b6b00 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -832,6 +832,8 @@ static int mb_avg_fragment_size_order(struct super_block *sb, ext4_grpblk_t len) return 0; if (order == MB_NUM_ORDERS(sb)) order--; + if (WARN_ON_ONCE(order > MB_NUM_ORDERS(sb))) + order = MB_NUM_ORDERS(sb) - 1; return order; } diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 6f9f96e00f2f..60ca7b2797b2 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -29,6 +29,7 @@ typedef enum { attr_trigger_test_error, attr_first_error_time, attr_last_error_time, + attr_group_prealloc, attr_feature, attr_pointer_pi, attr_pointer_ui, @@ -211,13 +212,14 @@ EXT4_ATTR_FUNC(sra_exceeded_retry_limit, 0444); EXT4_ATTR_OFFSET(inode_readahead_blks, 0644, inode_readahead, ext4_sb_info, s_inode_readahead_blks); +EXT4_ATTR_OFFSET(mb_group_prealloc, 0644, group_prealloc, + ext4_sb_info, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(inode_goal, s_inode_goal); EXT4_RW_ATTR_SBI_UI(mb_stats, s_mb_stats); EXT4_RW_ATTR_SBI_UI(mb_max_to_scan, s_mb_max_to_scan); EXT4_RW_ATTR_SBI_UI(mb_min_to_scan, s_mb_min_to_scan); EXT4_RW_ATTR_SBI_UI(mb_order2_req, s_mb_order2_reqs); EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request); -EXT4_RW_ATTR_SBI_PI(mb_group_prealloc, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(mb_max_linear_groups, s_mb_max_linear_groups); EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb); EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error); @@ -380,6 +382,7 @@ static ssize_t ext4_generic_attr_show(struct ext4_attr *a, switch (a->attr_id) { case attr_inode_readahead: + case attr_group_prealloc: case attr_pointer_pi: case attr_pointer_ui: if (a->attr_ptr == ptr_ext4_super_block_offset) @@ -453,6 +456,10 @@ static ssize_t ext4_generic_attr_store(struct ext4_attr *a, return ret; switch (a->attr_id) { + case attr_group_prealloc: + if (t > sbi->s_clusters_per_group) + return -EINVAL; + fallthrough; case attr_pointer_pi: if ((int)t < 0) return -EINVAL; -- 2.31.1

1 year, 6 months

4
4
0 0

Re: [PATCH v4] mm/swap: fix race when skipping swapcache

by Chengming Zhou

On 2024/2/20 13:32, Kairui Song wrote: > On Tue, Feb 20, 2024 at 12:49 PM Chengming Zhou <zhouchengming(a)bytedance.com> > wrote: >> >> On 2024/2/20 06:10, Barry Song wrote: >>> On Mon, Feb 19, 2024 at 9:21 PM Kairui Song <ryncsn(a)gmail.com> wrote: >>>> >>>> From: Kairui Song <kasong(a)tencent.com> >>>> >>>> When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads >>>> swapin the same entry at the same time, they get different pages (A, > B). >>>> Before one thread (T0) finishes the swapin and installs page (A) >>>> to the PTE, another thread (T1) could finish swapin of page (B), >>>> swap_free the entry, then swap out the possibly modified page >>>> reusing the same entry. It breaks the pte_same check in (T0) because >>>> PTE value is unchanged, causing ABA problem. Thread (T0) will >>>> install a stalled page (A) into the PTE and cause data corruption. >>>> >>>> One possible callstack is like this: >>>> >>>> CPU0 CPU1 >>>> ---- ---- >>>> do_swap_page() do_swap_page() with same entry >>>> <direct swapin path> <direct swapin path> >>>> <alloc page A> <alloc page B> >>>> swap_read_folio() <- read to page A swap_read_folio() <- read to page > B >>>> <slow on later locks or interrupt> <finished swapin first> >>>> .. set_pte_at() >>>> swap_free() <- entry is free >>>> <write to page B, now page A > stalled> >>>> <swap out page B to same swap > entry> >>>> pte_same() <- Check pass, PTE seems >>>> unchanged, but page A >>>> is stalled! >>>> swap_free() <- page B content lost! >>>> set_pte_at() <- staled page A installed! >>>> >>>> And besides, for ZRAM, swap_free() allows the swap device to discard >>>> the entry content, so even if page (B) is not modified, if >>>> swap_read_folio() on CPU0 happens later than swap_free() on CPU1, >>>> it may also cause data loss. >>>> >>>> To fix this, reuse swapcache_prepare which will pin the swap entry > using >>>> the cache flag, and allow only one thread to swap it in, also prevent >>>> any parallel code from putting the entry in the cache. Release the pin >>>> after PT unlocked. >>>> >>>> Racers just loop and wait since it's a rare and very short event. >>>> A schedule_timeout_uninterruptible(1) call is added to avoid repeated >>>> page faults wasting too much CPU, causing livelock or adding too much >>>> noise to perf statistics. A similar livelock issue was described in >>>> commit 029c4628b2eb ("mm: swap: get rid of livelock in swapin > readahead") >>>> >>>> Reproducer: >>>> >>>> This race issue can be triggered easily using a well constructed >>>> reproducer and patched brd (with a delay in read path) [1]: >>>> >>>> With latest 6.8 mainline, race caused data loss can be observed easily: >>>> $ gcc -g -lpthread test-thread-swap-race.c && ./a.out >>>> Polulating 32MB of memory region... >>>> Keep swapping out... >>>> Starting round 0... >>>> Spawning 65536 workers... >>>> 32746 workers spawned, wait for done... >>>> Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! >>>> Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! >>>> Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! >>>> Round 0 Failed, 15 data loss! >>>> >>>> This reproducer spawns multiple threads sharing the same memory region >>>> using a small swap device. Every two threads updates mapped pages one > by >>>> one in opposite direction trying to create a race, with one dedicated >>>> thread keep swapping out the data out using madvise. >>>> >>>> The reproducer created a reproduce rate of about once every 5 minutes, >>>> so the race should be totally possible in production. >>>> >>>> After this patch, I ran the reproducer for over a few hundred rounds >>>> and no data loss observed. >>>> >>>> Performance overhead is minimal, microbenchmark swapin 10G from 32G >>>> zram: >>>> >>>> Before: 10934698 us >>>> After: 11157121 us >>>> Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) >>>> >>>> Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of > synchronous device") >>>> Link: > https://github.com/ryncsn/emm-test-project/tree/master/swap-stress-race [1] >>>> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> >>>> Closes: > https://lore.kernel.org/lkml/87bk92gqpx.fsf_-_@yhuang6-desk2.ccr.corp.intel… >>>> Signed-off-by: Kairui Song <kasong(a)tencent.com> >>>> Cc: stable(a)vger.kernel.org >>>> >>>> --- >>>> V3: > https://lore.kernel.org/all/20240216095105.14502-1-ryncsn@gmail.com/ >>>> Update from V3: >>>> - Use schedule_timeout_uninterruptible(1) for now instead of > schedule() to >>>> prevent the busy faulting task holds CPU and livelocks [Huang, Ying] >>>> >>>> V2: > https://lore.kernel.org/all/20240206182559.32264-1-ryncsn@gmail.com/ >>>> Update from V2: >>>> - Add a schedule() if raced to prevent repeated page faults wasting CPU >>>> and add noise to perf statistics. >>>> - Use a bool to state the special case instead of reusing existing >>>> variables fixing error handling [Minchan Kim]. >>>> >>>> V1: https://lore.kernel.org/all/20240205110959.4021-1-ryncsn@gmail.com/ >>>> Update from V1: >>>> - Add some words on ZRAM case, it will discard swap content on > swap_free >>>> so the race window is a bit different but cure is the same. [Barry > Song] >>>> - Update comments make it cleaner [Huang, Ying] >>>> - Add a function place holder to fix CONFIG_SWAP=n built [SeongJae > Park] >>>> - Update the commit message and summary, refer to SWP_SYNCHRONOUS_IO >>>> instead of "direct swapin path" [Yu Zhao] >>>> - Update commit message. >>>> - Collect Review and Acks. >>>> >>>> include/linux/swap.h | 5 +++++ >>>> mm/memory.c | 20 ++++++++++++++++++++ >>>> mm/swap.h | 5 +++++ >>>> mm/swapfile.c | 13 +++++++++++++ >>>> 4 files changed, 43 insertions(+) >>>> >>>> diff --git a/include/linux/swap.h b/include/linux/swap.h >>>> index 4db00ddad261..8d28f6091a32 100644 >>>> --- a/include/linux/swap.h >>>> +++ b/include/linux/swap.h >>>> @@ -549,6 +549,11 @@ static inline int swap_duplicate(swp_entry_t swp) >>>> return 0; >>>> } >>>> >>>> +static inline int swapcache_prepare(swp_entry_t swp) >>>> +{ >>>> + return 0; >>>> +} >>>> + >>>> static inline void swap_free(swp_entry_t swp) >>>> { >>>> } >>>> diff --git a/mm/memory.c b/mm/memory.c >>>> index 7e1f4849463a..a99f5e7be9a5 100644 >>>> --- a/mm/memory.c >>>> +++ b/mm/memory.c >>>> @@ -3799,6 +3799,7 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) >>>> struct page *page; >>>> struct swap_info_struct *si = NULL; >>>> rmap_t rmap_flags = RMAP_NONE; >>>> + bool need_clear_cache = false; >>>> bool exclusive = false; >>>> swp_entry_t entry; >>>> pte_t pte; >>>> @@ -3867,6 +3868,20 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) >>>> if (!folio) { >>>> if (data_race(si->flags & SWP_SYNCHRONOUS_IO) && >>>> __swap_count(entry) == 1) { >>>> + /* >>>> + * Prevent parallel swapin from proceeding with >>>> + * the cache flag. Otherwise, another thread > may >>>> + * finish swapin first, free the entry, and > swapout >>>> + * reusing the same entry. It's undetectable as >>>> + * pte_same() returns true due to entry reuse. >>>> + */ >>>> + if (swapcache_prepare(entry)) { >>>> + /* Relax a bit to prevent rapid > repeated page faults */ >>>> + schedule_timeout_uninterruptible(1); >>> >>> Not a ideal model, imaging two tasks, >>> >>> task A - low priority running on a LITTLE core >>> task B - high priority and have real-time requirements such as audio, >>> graphics running on a big core. >>> >>> The original code will make B win even if it is a bit later than A as > its CPU is >>> much faster to finish swap_read_folio for example from zRAM. task B's >>> swap-in can finish very soon. >>> >>> With the patch, B will wait a tick and its real-time performance will be >>> negatively affected from time to time once low priority and high > priority >>> tasks fault in the same PTE and high priority tasks are a bit later than >>> low priority tasks. This is a kind of priority inversion. >>> >>> When we support large folio swap-in, things can get worse. For example, >>> to swap-in 16 or even more pages in one do_swap_page, the chance for >>> task A and task B located in the same range of 16 PTEs will increase >>> though they are not located in the same PTE. >>> >>> Please consider this is not a blocker for this patch. But I will put > the problem >>> in my list and run some real tests on Android phones later. >> >> Good point. Late for the discussion, I'm wondering why not get an extra > reference >> on the swap entry, instead of swapcache_prepare()? Then the faster thread > will >> succeed, but can't free the swap entry. Later, the slower thread will > find the >> changed pte value and fail, and free the swap entry. Maybe I missed > something? > > Hi, Chengming > > That was my initial purpose. Then found a lot of problems with it. Increase > swap count here, it may race with another swap free and end up increasing > the swap count of a freed entry. > > That can be fixed with audits and new helpers, but there are many other > potential issues too. One major problem is that after count bump, raced > swap threads will fallback to cached swap in. Pages in swapcache can be > swaped out without allocating an entry, making the problem we were trying > to resolve more serious. Thanks for your clarification! Right, there are many issues I just ignored...

1 year, 6 months

1
0
0 0

[PATCH] mm/vmscan: Fix a bug calling wakeup_kswapd() with a wrong zone index

by Byungchul Park

With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Cc: stable(a)vger.kernel.org Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") --- mm/migrate.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/migrate.c b/mm/migrate.c index fbc8586ed735..51ee6865b0f6 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2825,6 +2825,14 @@ static int numamigrate_isolate_folio(pg_data_t *pgdat, struct folio *folio) if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0; -- 2.17.1

1 year, 6 months

4
7
0 0

FAILED: patch "[PATCH] zonefs: Improve error handling" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 14db5f64a971fce3d8ea35de4dfc7f443a3efb92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021944-kettle-upturned-4371@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 14db5f64a971 ("zonefs: Improve error handling") 77af13ba3c7f ("zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space") aa7f243f32e1 ("zonefs: Separate zone information from inode information") 34422914dc00 ("zonefs: Reduce struct zonefs_inode_info size") 46a9c526eef7 ("zonefs: Simplify IO error handling") 4008e2a0b01a ("zonefs: Reorganize code") a608da3bd730 ("zonefs: Detect append writes at invalid locations") db58653ce0c7 ("zonefs: Fix active zone accounting") 7dd12d65ac64 ("zonefs: fix zone report size in __zonefs_io_error()") 8745889a7fd0 ("Merge tag 'iomap-6.0-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14db5f64a971fce3d8ea35de4dfc7f443a3efb92 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Thu, 8 Feb 2024 17:26:59 +0900 Subject: [PATCH] zonefs: Improve error handling Write error handling is racy and can sometime lead to the error recovery path wrongly changing the inode size of a sequential zone file to an incorrect value which results in garbage data being readable at the end of a file. There are 2 problems: 1) zonefs_file_dio_write() updates a zone file write pointer offset after issuing a direct IO with iomap_dio_rw(). This update is done only if the IO succeed for synchronous direct writes. However, for asynchronous direct writes, the update is done without waiting for the IO completion so that the next asynchronous IO can be immediately issued. However, if an asynchronous IO completes with a failure right before the i_truncate_mutex lock protecting the update, the update may change the value of the inode write pointer offset that was corrected by the error path (zonefs_io_error() function). 2) zonefs_io_error() is called when a read or write error occurs. This function executes a report zone operation using the callback function zonefs_io_error_cb(), which does all the error recovery handling based on the current zone condition, write pointer position and according to the mount options being used. However, depending on the zoned device being used, a report zone callback may be executed in a context that is different from the context of __zonefs_io_error(). As a result, zonefs_io_error_cb() may be executed without the inode truncate mutex lock held, which can lead to invalid error processing. Fix both problems as follows: - Problem 1: Perform the inode write pointer offset update before a direct write is issued with iomap_dio_rw(). This is safe to do as partial direct writes are not supported (IOMAP_DIO_PARTIAL is not set) and any failed IO will trigger the execution of zonefs_io_error() which will correct the inode write pointer offset to reflect the current state of the one on the device. - Problem 2: Change zonefs_io_error_cb() into zonefs_handle_io_error() and call this function directly from __zonefs_io_error() after obtaining the zone information using blkdev_report_zones() with a simple callback function that copies to a local stack variable the struct blk_zone obtained from the device. This ensures that error handling is performed holding the inode truncate mutex. This change also simplifies error handling for conventional zone files by bypassing the execution of report zones entirely. This is safe to do because the condition of conventional zones cannot be read-only or offline and conventional zone files are always fully mapped with a constant file size. Reported-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Fixes: 8dcc1a9d90c1 ("fs: New zonefs file system") Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> diff --git a/fs/zonefs/file.c b/fs/zonefs/file.c index 6ab2318a9c8e..dba5dcb62bef 100644 --- a/fs/zonefs/file.c +++ b/fs/zonefs/file.c @@ -348,7 +348,12 @@ static int zonefs_file_write_dio_end_io(struct kiocb *iocb, ssize_t size, struct zonefs_inode_info *zi = ZONEFS_I(inode); if (error) { - zonefs_io_error(inode, true); + /* + * For Sync IOs, error recovery is called from + * zonefs_file_dio_write(). + */ + if (!is_sync_kiocb(iocb)) + zonefs_io_error(inode, true); return error; } @@ -491,6 +496,14 @@ static ssize_t zonefs_file_dio_write(struct kiocb *iocb, struct iov_iter *from) ret = -EINVAL; goto inode_unlock; } + /* + * Advance the zone write pointer offset. This assumes that the + * IO will succeed, which is OK to do because we do not allow + * partial writes (IOMAP_DIO_PARTIAL is not set) and if the IO + * fails, the error path will correct the write pointer offset. + */ + z->z_wpoffset += count; + zonefs_inode_account_active(inode); mutex_unlock(&zi->i_truncate_mutex); } @@ -504,20 +517,19 @@ static ssize_t zonefs_file_dio_write(struct kiocb *iocb, struct iov_iter *from) if (ret == -ENOTBLK) ret = -EBUSY; - if (zonefs_zone_is_seq(z) && - (ret > 0 || ret == -EIOCBQUEUED)) { - if (ret > 0) - count = ret; - - /* - * Update the zone write pointer offset assuming the write - * operation succeeded. If it did not, the error recovery path - * will correct it. Also do active seq file accounting. - */ - mutex_lock(&zi->i_truncate_mutex); - z->z_wpoffset += count; - zonefs_inode_account_active(inode); - mutex_unlock(&zi->i_truncate_mutex); + /* + * For a failed IO or partial completion, trigger error recovery + * to update the zone write pointer offset to a correct value. + * For asynchronous IOs, zonefs_file_write_dio_end_io() may already + * have executed error recovery if the IO already completed when we + * reach here. However, we cannot know that and execute error recovery + * again (that will not change anything). + */ + if (zonefs_zone_is_seq(z)) { + if (ret > 0 && ret != count) + ret = -EIO; + if (ret < 0 && ret != -EIOCBQUEUED) + zonefs_io_error(inode, true); } inode_unlock: diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c index 93971742613a..b6e8e7c96251 100644 --- a/fs/zonefs/super.c +++ b/fs/zonefs/super.c @@ -246,16 +246,18 @@ static void zonefs_inode_update_mode(struct inode *inode) z->z_mode = inode->i_mode; } -struct zonefs_ioerr_data { - struct inode *inode; - bool write; -}; - static int zonefs_io_error_cb(struct blk_zone *zone, unsigned int idx, void *data) { - struct zonefs_ioerr_data *err = data; - struct inode *inode = err->inode; + struct blk_zone *z = data; + + *z = *zone; + return 0; +} + +static void zonefs_handle_io_error(struct inode *inode, struct blk_zone *zone, + bool write) +{ struct zonefs_zone *z = zonefs_inode_zone(inode); struct super_block *sb = inode->i_sb; struct zonefs_sb_info *sbi = ZONEFS_SB(sb); @@ -270,8 +272,8 @@ static int zonefs_io_error_cb(struct blk_zone *zone, unsigned int idx, data_size = zonefs_check_zone_condition(sb, z, zone); isize = i_size_read(inode); if (!(z->z_flags & (ZONEFS_ZONE_READONLY | ZONEFS_ZONE_OFFLINE)) && - !err->write && isize == data_size) - return 0; + !write && isize == data_size) + return; /* * At this point, we detected either a bad zone or an inconsistency @@ -292,7 +294,7 @@ static int zonefs_io_error_cb(struct blk_zone *zone, unsigned int idx, * In all cases, warn about inode size inconsistency and handle the * IO error according to the zone condition and to the mount options. */ - if (zonefs_zone_is_seq(z) && isize != data_size) + if (isize != data_size) zonefs_warn(sb, "inode %lu: invalid size %lld (should be %lld)\n", inode->i_ino, isize, data_size); @@ -352,8 +354,6 @@ static int zonefs_io_error_cb(struct blk_zone *zone, unsigned int idx, zonefs_i_size_write(inode, data_size); z->z_wpoffset = data_size; zonefs_inode_account_active(inode); - - return 0; } /* @@ -367,23 +367,25 @@ void __zonefs_io_error(struct inode *inode, bool write) { struct zonefs_zone *z = zonefs_inode_zone(inode); struct super_block *sb = inode->i_sb; - struct zonefs_sb_info *sbi = ZONEFS_SB(sb); unsigned int noio_flag; - unsigned int nr_zones = 1; - struct zonefs_ioerr_data err = { - .inode = inode, - .write = write, - }; + struct blk_zone zone; int ret; /* - * The only files that have more than one zone are conventional zone - * files with aggregated conventional zones, for which the inode zone - * size is always larger than the device zone size. + * Conventional zone have no write pointer and cannot become read-only + * or offline. So simply fake a report for a single or aggregated zone + * and let zonefs_handle_io_error() correct the zone inode information + * according to the mount options. */ - if (z->z_size > bdev_zone_sectors(sb->s_bdev)) - nr_zones = z->z_size >> - (sbi->s_zone_sectors_shift + SECTOR_SHIFT); + if (!zonefs_zone_is_seq(z)) { + zone.start = z->z_sector; + zone.len = z->z_size >> SECTOR_SHIFT; + zone.wp = zone.start + zone.len; + zone.type = BLK_ZONE_TYPE_CONVENTIONAL; + zone.cond = BLK_ZONE_COND_NOT_WP; + zone.capacity = zone.len; + goto handle_io_error; + } /* * Memory allocations in blkdev_report_zones() can trigger a memory @@ -394,12 +396,20 @@ void __zonefs_io_error(struct inode *inode, bool write) * the GFP_NOIO context avoids both problems. */ noio_flag = memalloc_noio_save(); - ret = blkdev_report_zones(sb->s_bdev, z->z_sector, nr_zones, - zonefs_io_error_cb, &err); - if (ret != nr_zones) + ret = blkdev_report_zones(sb->s_bdev, z->z_sector, 1, + zonefs_io_error_cb, &zone); + memalloc_noio_restore(noio_flag); + + if (ret != 1) { zonefs_err(sb, "Get inode %lu zone information failed %d\n", inode->i_ino, ret); - memalloc_noio_restore(noio_flag); + zonefs_warn(sb, "remounting filesystem read-only\n"); + sb->s_flags |= SB_RDONLY; + return; + } + +handle_io_error: + zonefs_handle_io_error(inode, &zone, write); } static struct kmem_cache *zonefs_inode_cachep;

1 year, 6 months

2
1
0 0

[regression 6.1.y] f2fs: invalid zstd compress level: 6

by Salvatore Bonaccorso

Hi Jaegeuk Kim, Chao Yu, In Debian the following regression was reported after a Dhya updated to 6.1.76: On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote: > Package: src:linux > Version: 6.1.76-1 > Severity: critical > Justification: breaks the whole system > > Dear Maintainer, > > After upgrade to linux-image-6.1.0-18-amd64 6.1.76-1 F2FS filesystem > fails to mount rw. Message in the boot journal: > > kernel: F2FS-fs (nvme0n1p6): invalid zstd compress level: 6 > > There was recently an f2fs patch to the 6.1 kernel tree which might be > related: https://www.spinics.net/lists/stable-commits/msg329957.html > > Was able to recover the system by doing: > > sudo mount -o remount,rw,relatime,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,checkpoint_merge,fsync_mode=posix,compress_algorithm=lz4,compress_log_size=2,compress_mode=fs,atgc,discard_unit=block,memory=normal /dev/nvme0n1p6 / > > under the running bad 6.1.0-18-amd64 kernel, then editing > /etc/default/grub: > > GRUB_DEFAULT="Advanced options for Debian GNU/Linux>Debian GNU/Linux, with Linux 6.1.0-17-amd64" > > and running 'update-grub' and rebooting to boot the 6.1.0-17-amd64 > kernel. The issue is easily reproducible by: # dd if=/dev/zero of=test.img count=100 bs=1M # mkfs.f2fs -f -O compression,extra_attr ./test.img # mount -t f2fs -o compress_algorithm=zstd:6,compress_chksum,atgc,gc_merge,lazytime ./test.img /mnt resulting in [ 60.789982] F2FS-fs (loop0): invalid zstd compress level: 6 A bugzilla report has been submitted in https://bugzilla.kernel.org/show_bug.cgi?id=218471 #regzbot introduced: v6.1.69..v6.1.76 #regzbot link: https://bugs.debian.org/1063422 #regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=218471 Regards, Salvatore

1 year, 6 months

3
4
0 0

+ sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: sched/numa, mm: do not try to migrate memory to memoryless nodes has been added to the -mm mm-hotfixes-unstable branch. Its filename is sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Byungchul Park <byungchul(a)sk.com> Subject: sched/numa, mm: do not try to migrate memory to memoryless nodes Date: Mon, 19 Feb 2024 13:10:47 +0900 With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Fix this by avoiding any attempt to migrate memory to memoryless nodes. Link: https://lkml.kernel.org/r/20240219041920.1183-1-byungchul@sk.com Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Reviewed-by: Phil Auld <pauld(a)redhat.com> Cc: Benjamin Segall <bsegall(a)google.com> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/sched/fair.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/kernel/sched/fair.c~sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes +++ a/kernel/sched/fair.c @@ -1831,6 +1831,12 @@ bool should_numa_migrate_memory(struct t int last_cpupid, this_cpupid; /* + * Cannot migrate to memoryless nodes. + */ + if (!node_state(dst_nid, N_MEMORY)) + return false; + + /* * The pages in slow memory node should be migrated according * to hot/cold instead of private/shared. */ _ Patches currently in -mm which might be from byungchul(a)sk.com are sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes.patch mm-vmscan-dont-turn-on-cache_trim_mode-at-the-highest-scan-priority.patch

1 year, 6 months

1
0
0 0

[PATCH v2] selftests/mqueue: Set timeout to 180 seconds

by SeongJae Park

While mq_perf_tests runs with the default kselftest timeout limit, which is 45 seconds, the test takes about 60 seconds to complete on i3.metal AWS instances. Hence, the test always times out. Increase the timeout to 100 seconds. Link: https://lore.kernel.org/r/20240208212925.68286-1-sj@kernel.org Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") Cc: <stable(a)vger.kernel.org> # 5.4.x Signed-off-by: SeongJae Park <sj(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> --- Changes from v1 (https://lore.kernel.org/r/20240208212925.68286-1-sj@kernel.org) - Use 180 seconds timeout instead of 100 seconds tools/testing/selftests/mqueue/setting | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/mqueue/setting diff --git a/tools/testing/selftests/mqueue/setting b/tools/testing/selftests/mqueue/setting new file mode 100644 index 000000000000..a953c96aa16e --- /dev/null +++ b/tools/testing/selftests/mqueue/setting @@ -0,0 +1 @@ +timeout=180 -- 2.39.2

1 year, 6 months

1
1
0 0

+ mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/lru_sort: fix quota status loss due to online tunings has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/lru_sort: fix quota status loss due to online tunings Date: Fri, 16 Feb 2024 11:40:25 -0800 For online parameters change, DAMON_LRU_SORT creates new schemes based on latest values of the parameters and replaces the old schemes with the new one. When creating it, the internal status of the quotas of the old schemes is not preserved. As a result, charging of the quota starts from zero after the online tuning. The data that collected to estimate the throughput of the scheme's action is also reset, and therefore the estimation should start from the scratch again. Because the throughput estimation is being used to convert the time quota to the effective size quota, this could result in temporal time quota inaccuracy. It would be recovered over time, though. In short, the quota accuracy could be temporarily degraded after online parameters update. Fix the problem by checking the case and copying the internal fields for the status. Link: https://lkml.kernel.org/r/20240216194025.9207-3-sj@kernel.org Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.0+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/lru_sort.c | 43 +++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) --- a/mm/damon/lru_sort.c~mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings +++ a/mm/damon/lru_sort.c @@ -185,9 +185,21 @@ static struct damos *damon_lru_sort_new_ return damon_lru_sort_new_scheme(&pattern, DAMOS_LRU_DEPRIO); } +static void damon_lru_sort_copy_quota_status(struct damos_quota *dst, + struct damos_quota *src) +{ + dst->total_charged_sz = src->total_charged_sz; + dst->total_charged_ns = src->total_charged_ns; + dst->charged_sz = src->charged_sz; + dst->charged_from = src->charged_from; + dst->charge_target_from = src->charge_target_from; + dst->charge_addr_from = src->charge_addr_from; +} + static int damon_lru_sort_apply_parameters(void) { - struct damos *scheme; + struct damos *scheme, *hot_scheme, *cold_scheme; + struct damos *old_hot_scheme = NULL, *old_cold_scheme = NULL; unsigned int hot_thres, cold_thres; int err = 0; @@ -195,18 +207,35 @@ static int damon_lru_sort_apply_paramete if (err) return err; + damon_for_each_scheme(scheme, ctx) { + if (!old_hot_scheme) { + old_hot_scheme = scheme; + continue; + } + old_cold_scheme = scheme; + } + hot_thres = damon_max_nr_accesses(&damon_lru_sort_mon_attrs) * hot_thres_access_freq / 1000; - scheme = damon_lru_sort_new_hot_scheme(hot_thres); - if (!scheme) + hot_scheme = damon_lru_sort_new_hot_scheme(hot_thres); + if (!hot_scheme) return -ENOMEM; - damon_set_schemes(ctx, &scheme, 1); + if (old_hot_scheme) + damon_lru_sort_copy_quota_status(&hot_scheme->quota, + &old_hot_scheme->quota); cold_thres = cold_min_age / damon_lru_sort_mon_attrs.aggr_interval; - scheme = damon_lru_sort_new_cold_scheme(cold_thres); - if (!scheme) + cold_scheme = damon_lru_sort_new_cold_scheme(cold_thres); + if (!cold_scheme) { + damon_destroy_scheme(hot_scheme); return -ENOMEM; - damon_add_scheme(ctx, scheme); + } + if (old_cold_scheme) + damon_lru_sort_copy_quota_status(&cold_scheme->quota, + &old_cold_scheme->quota); + + damon_set_schemes(ctx, &hot_scheme, 1); + damon_add_scheme(ctx, cold_scheme); return damon_set_region_biggest_system_ram_default(target, &monitor_region_start, _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch mm-damon-sysfs-schemes-handle-schemes-sysfs-dir-removal-before-commit_schemes_quota_goals.patch mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch docs-mm-damon-maintainer-profile-fix-reference-links-for-mm-stable-tree.patch docs-mm-damon-move-the-list-of-damos-actions-to-design-doc.patch docs-mm-damon-move-damon-operation-sets-list-from-the-usage-to-the-design-document.patch docs-mm-damon-move-monitoring-target-regions-setup-detail-from-the-usage-to-the-design-document.patch docs-admin-guide-mm-damon-usage-fix-wrong-quotas-diabling-condition.patch mm-damon-core-set-damos_quota-esz-as-public-field-and-document.patch mm-damon-sysfs-schemes-implement-quota-effective_bytes-file.patch mm-damon-sysfs-implement-a-kdamond-command-for-updating-schemes-effective-quotas.patch docs-abi-damon-document-effective_bytes-sysfs-file.patch docs-admin-guide-mm-damon-usage-document-effective_bytes-file.patch mm-damon-move-comments-and-fields-for-damos-quota-prioritization-to-the-end.patch mm-damon-core-split-out-quota-goal-related-fields-to-a-struct.patch mm-damon-core-add-multiple-goals-per-damos_quota-and-helpers-for-those.patch mm-damon-sysfs-use-only-quota-goals.patch mm-damon-core-remove-goal-field-of-damos_quota.patch mm-damon-core-let-goal-specified-with-only-target-and-current-values.patch mm-damon-core-support-multiple-metrics-for-quota-goal.patch mm-damon-core-implement-psi-metric-damos-quota-goal.patch mm-damon-sysfs-schemes-support-psi-based-quota-auto-tune.patch docs-mm-damon-design-document-quota-goal-self-tuning.patch docs-abi-damon-document-quota-goal-metric-file.patch docs-admin-guide-mm-damon-usage-document-quota-goal-metric-file.patch mm-damon-reclaim-implement-user-feedback-driven-quota-auto-tuning.patch mm-damon-reclaim-implement-memory-psi-driven-quota-self-tuning.patch docs-admin-guide-mm-damon-reclaim-document-auto-tuning-parameters.patch

1 year, 6 months

1
0
0 0

+ mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/reclaim: fix quota stauts loss due to online tunings has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/reclaim: fix quota stauts loss due to online tunings Date: Fri, 16 Feb 2024 11:40:24 -0800 Patch series "mm/damon: fix quota status loss due to online tunings". DAMON_RECLAIM and DAMON_LRU_SORT is not preserving internal quota status when applying new user parameters, and hence could cause temporal quota accuracy degradation. Fix it by preserving the status. This patch (of 2): For online parameters change, DAMON_RECLAIM creates new scheme based on latest values of the parameters and replaces the old scheme with the new one. When creating it, the internal status of the quota of the old scheme is not preserved. As a result, charging of the quota starts from zero after the online tuning. The data that collected to estimate the throughput of the scheme's action is also reset, and therefore the estimation should start from the scratch again. Because the throughput estimation is being used to convert the time quota to the effective size quota, this could result in temporal time quota inaccuracy. It would be recovered over time, though. In short, the quota accuracy could be temporarily degraded after online parameters update. Fix the problem by checking the case and copying the internal fields for the status. Link: https://lkml.kernel.org/r/20240216194025.9207-1-sj@kernel.org Link: https://lkml.kernel.org/r/20240216194025.9207-2-sj@kernel.org Fixes: e035c280f6df ("mm/damon/reclaim: support online inputs update") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [5.19+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/reclaim.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/mm/damon/reclaim.c~mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings +++ a/mm/damon/reclaim.c @@ -150,9 +150,20 @@ static struct damos *damon_reclaim_new_s &damon_reclaim_wmarks); } +static void damon_reclaim_copy_quota_status(struct damos_quota *dst, + struct damos_quota *src) +{ + dst->total_charged_sz = src->total_charged_sz; + dst->total_charged_ns = src->total_charged_ns; + dst->charged_sz = src->charged_sz; + dst->charged_from = src->charged_from; + dst->charge_target_from = src->charge_target_from; + dst->charge_addr_from = src->charge_addr_from; +} + static int damon_reclaim_apply_parameters(void) { - struct damos *scheme; + struct damos *scheme, *old_scheme; struct damos_filter *filter; int err = 0; @@ -164,6 +175,11 @@ static int damon_reclaim_apply_parameter scheme = damon_reclaim_new_scheme(); if (!scheme) return -ENOMEM; + if (!list_empty(&ctx->schemes)) { + damon_for_each_scheme(old_scheme, ctx) + damon_reclaim_copy_quota_status(&scheme->quota, + &old_scheme->quota); + } if (skip_anon) { filter = damos_new_filter(DAMOS_FILTER_TYPE_ANON, true); if (!filter) { _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch mm-damon-sysfs-schemes-handle-schemes-sysfs-dir-removal-before-commit_schemes_quota_goals.patch mm-damon-reclaim-fix-quota-stauts-loss-due-to-online-tunings.patch mm-damon-lru_sort-fix-quota-status-loss-due-to-online-tunings.patch docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch docs-mm-damon-maintainer-profile-fix-reference-links-for-mm-stable-tree.patch docs-mm-damon-move-the-list-of-damos-actions-to-design-doc.patch docs-mm-damon-move-damon-operation-sets-list-from-the-usage-to-the-design-document.patch docs-mm-damon-move-monitoring-target-regions-setup-detail-from-the-usage-to-the-design-document.patch docs-admin-guide-mm-damon-usage-fix-wrong-quotas-diabling-condition.patch mm-damon-core-set-damos_quota-esz-as-public-field-and-document.patch mm-damon-sysfs-schemes-implement-quota-effective_bytes-file.patch mm-damon-sysfs-implement-a-kdamond-command-for-updating-schemes-effective-quotas.patch docs-abi-damon-document-effective_bytes-sysfs-file.patch docs-admin-guide-mm-damon-usage-document-effective_bytes-file.patch mm-damon-move-comments-and-fields-for-damos-quota-prioritization-to-the-end.patch mm-damon-core-split-out-quota-goal-related-fields-to-a-struct.patch mm-damon-core-add-multiple-goals-per-damos_quota-and-helpers-for-those.patch mm-damon-sysfs-use-only-quota-goals.patch mm-damon-core-remove-goal-field-of-damos_quota.patch mm-damon-core-let-goal-specified-with-only-target-and-current-values.patch mm-damon-core-support-multiple-metrics-for-quota-goal.patch mm-damon-core-implement-psi-metric-damos-quota-goal.patch mm-damon-sysfs-schemes-support-psi-based-quota-auto-tune.patch docs-mm-damon-design-document-quota-goal-self-tuning.patch docs-abi-damon-document-quota-goal-metric-file.patch docs-admin-guide-mm-damon-usage-document-quota-goal-metric-file.patch mm-damon-reclaim-implement-user-feedback-driven-quota-auto-tuning.patch mm-damon-reclaim-implement-memory-psi-driven-quota-self-tuning.patch docs-admin-guide-mm-damon-reclaim-document-auto-tuning-parameters.patch

1 year, 6 months

1
0
0 0

[PATCH] selftests/mqueue: Set timeout to 100 seconds

by SeongJae Park

While mq_perf_tests runs with the default kselftest timeout limit, which is 45 seconds, the test takes about 60 seconds to complete on i3.metal AWS instances. Hence, the test always times out. Increase the timeout to 100 seconds. Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") Cc: <stable(a)vger.kernel.org> # 5.4.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- tools/testing/selftests/mqueue/setting | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/mqueue/setting diff --git a/tools/testing/selftests/mqueue/setting b/tools/testing/selftests/mqueue/setting new file mode 100644 index 000000000000..54dc12287839 --- /dev/null +++ b/tools/testing/selftests/mqueue/setting @@ -0,0 +1 @@ +timeout=100 -- 2.39.2

1 year, 6 months

3
8
0 0

FAILED: patch "[PATCH] parisc: Fix random data corruption from exception handler" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8b1d72395635af45410b66cc4c4ab37a12c4a831 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-bulgur-flagpole-0aa6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8b1d72395635 ("parisc: Fix random data corruption from exception handler") a80aeb86542a ("parisc: Mark ex_table entries 32-bit aligned in uaccess.h") 01fef8267390 ("parisc: Allow building uncompressed Linux kernel") c6d96328fecd ("parisc: Add cacheflush() syscall") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8b1d72395635af45410b66cc4c4ab37a12c4a831 Mon Sep 17 00:00:00 2001 From: Helge Deller <deller(a)gmx.de> Date: Sat, 20 Jan 2024 15:29:27 +0100 Subject: [PATCH] parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction "or %r0,%r0,%reg", where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option any longer. Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: <stable(a)vger.kernel.org> # v6.0+ diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index d14ccc948a29..5c845e8d59d9 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -25,7 +25,6 @@ config PARISC select RTC_DRV_GENERIC select INIT_ALL_POSSIBLE select BUG - select BUILDTIME_TABLE_SORT select HAVE_KERNEL_UNCOMPRESSED select HAVE_PCI select HAVE_PERF_EVENTS diff --git a/arch/parisc/include/asm/assembly.h b/arch/parisc/include/asm/assembly.h index 74d17d7e759d..5937d5edaba1 100644 --- a/arch/parisc/include/asm/assembly.h +++ b/arch/parisc/include/asm/assembly.h @@ -576,6 +576,7 @@ .section __ex_table,"aw" ! \ .align 4 ! \ .word (fault_addr - .), (except_addr - .) ! \ + or %r0,%r0,%r0 ! \ .previous diff --git a/arch/parisc/include/asm/extable.h b/arch/parisc/include/asm/extable.h new file mode 100644 index 000000000000..4ea23e3d79dc --- /dev/null +++ b/arch/parisc/include/asm/extable.h @@ -0,0 +1,64 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __PARISC_EXTABLE_H +#define __PARISC_EXTABLE_H + +#include <asm/ptrace.h> +#include <linux/compiler.h> + +/* + * The exception table consists of three addresses: + * + * - A relative address to the instruction that is allowed to fault. + * - A relative address at which the program should continue (fixup routine) + * - An asm statement which specifies which CPU register will + * receive -EFAULT when an exception happens if the lowest bit in + * the fixup address is set. + * + * Note: The register specified in the err_opcode instruction will be + * modified at runtime if a fault happens. Register %r0 will be ignored. + * + * Since relative addresses are used, 32bit values are sufficient even on + * 64bit kernel. + */ + +struct pt_regs; +int fixup_exception(struct pt_regs *regs); + +#define ARCH_HAS_RELATIVE_EXTABLE +struct exception_table_entry { + int insn; /* relative address of insn that is allowed to fault. */ + int fixup; /* relative address of fixup routine */ + int err_opcode; /* sample opcode with register which holds error code */ +}; + +#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr, opcode )\ + ".section __ex_table,\"aw\"\n" \ + ".align 4\n" \ + ".word (" #fault_addr " - .), (" #except_addr " - .)\n" \ + opcode "\n" \ + ".previous\n" + +/* + * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry + * (with lowest bit set) for which the fault handler in fixup_exception() will + * load -EFAULT on fault into the register specified by the err_opcode instruction, + * and zeroes the target register in case of a read fault in get_user(). + */ +#define ASM_EXCEPTIONTABLE_VAR(__err_var) \ + int __err_var = 0 +#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr, register )\ + ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1, "or %%r0,%%r0," register) + +static inline void swap_ex_entry_fixup(struct exception_table_entry *a, + struct exception_table_entry *b, + struct exception_table_entry tmp, + int delta) +{ + a->fixup = b->fixup + delta; + b->fixup = tmp.fixup - delta; + a->err_opcode = b->err_opcode; + b->err_opcode = tmp.err_opcode; +} +#define swap_ex_entry_fixup swap_ex_entry_fixup + +#endif diff --git a/arch/parisc/include/asm/special_insns.h b/arch/parisc/include/asm/special_insns.h index c822bd0c0e3c..51f40eaf7780 100644 --- a/arch/parisc/include/asm/special_insns.h +++ b/arch/parisc/include/asm/special_insns.h @@ -8,7 +8,8 @@ "copy %%r0,%0\n" \ "8:\tlpa %%r0(%1),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \ + "or %%r0,%%r0,%%r0") \ : "=&r" (pa) \ : "r" (va) \ : "memory" \ @@ -22,7 +23,8 @@ "copy %%r0,%0\n" \ "8:\tlpa %%r0(%%sr3,%1),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \ + "or %%r0,%%r0,%%r0") \ : "=&r" (pa) \ : "r" (va) \ : "memory" \ diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 4165079898d9..88d0ae5769dd 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -7,6 +7,7 @@ */ #include <asm/page.h> #include <asm/cache.h> +#include <asm/extable.h> #include <linux/bug.h> #include <linux/string.h> @@ -26,37 +27,6 @@ #define STD_USER(sr, x, ptr) __put_user_asm(sr, "std", x, ptr) #endif -/* - * The exception table contains two values: the first is the relative offset to - * the address of the instruction that is allowed to fault, and the second is - * the relative offset to the address of the fixup routine. Since relative - * addresses are used, 32bit values are sufficient even on 64bit kernel. - */ - -#define ARCH_HAS_RELATIVE_EXTABLE -struct exception_table_entry { - int insn; /* relative address of insn that is allowed to fault. */ - int fixup; /* relative address of fixup routine */ -}; - -#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\ - ".section __ex_table,\"aw\"\n" \ - ".align 4\n" \ - ".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \ - ".previous\n" - -/* - * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry - * (with lowest bit set) for which the fault handler in fixup_exception() will - * load -EFAULT into %r29 for a read or write fault, and zeroes the target - * register in case of a read fault in get_user(). - */ -#define ASM_EXCEPTIONTABLE_REG 29 -#define ASM_EXCEPTIONTABLE_VAR(__variable) \ - register long __variable __asm__ ("r29") = 0 -#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\ - ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1) - #define __get_user_internal(sr, val, ptr) \ ({ \ ASM_EXCEPTIONTABLE_VAR(__gu_err); \ @@ -83,7 +53,7 @@ struct exception_table_entry { \ __asm__("1: " ldx " 0(%%sr%2,%3),%0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \ : "=r"(__gu_val), "+r"(__gu_err) \ : "i"(sr), "r"(ptr)); \ \ @@ -115,8 +85,8 @@ struct exception_table_entry { "1: ldw 0(%%sr%2,%3),%0\n" \ "2: ldw 4(%%sr%2,%3),%R0\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%1") \ : "=&r"(__gu_tmp.l), "+r"(__gu_err) \ : "i"(sr), "r"(ptr)); \ \ @@ -174,7 +144,7 @@ struct exception_table_entry { __asm__ __volatile__ ( \ "1: " stx " %1,0(%%sr%2,%3)\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \ : "+r"(__pu_err) \ : "r"(x), "i"(sr), "r"(ptr)) @@ -186,15 +156,14 @@ struct exception_table_entry { "1: stw %1,0(%%sr%2,%3)\n" \ "2: stw %R1,4(%%sr%2,%3)\n" \ "9:\n" \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%0") \ : "+r"(__pu_err) \ : "r"(__val), "i"(sr), "r"(ptr)); \ } while (0) #endif /* !defined(CONFIG_64BIT) */ - /* * Complex access routines -- external declarations */ @@ -216,7 +185,4 @@ unsigned long __must_check raw_copy_from_user(void *dst, const void __user *src, #define INLINE_COPY_TO_USER #define INLINE_COPY_FROM_USER -struct pt_regs; -int fixup_exception(struct pt_regs *regs); - #endif /* __PARISC_UACCESS_H */ diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c index 0c015487e5db..5552602fcaef 100644 --- a/arch/parisc/kernel/cache.c +++ b/arch/parisc/kernel/cache.c @@ -854,7 +854,7 @@ SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes, #endif " fic,m %3(%4,%0)\n" "2: sync\n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b, "%1") : "+r" (start), "+r" (error) : "r" (end), "r" (dcache_stride), "i" (SR_USER)); } @@ -869,7 +869,7 @@ SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes, #endif " fdc,m %3(%4,%0)\n" "2: sync\n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 2b, "%1") : "+r" (start), "+r" (error) : "r" (end), "r" (icache_stride), "i" (SR_USER)); } diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c index ce25acfe4889..c520e551a165 100644 --- a/arch/parisc/kernel/unaligned.c +++ b/arch/parisc/kernel/unaligned.c @@ -120,8 +120,8 @@ static int emulate_ldh(struct pt_regs *regs, int toreg) "2: ldbs 1(%%sr1,%3), %0\n" " depw %2, 23, 24, %0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "+r" (val), "+r" (ret), "=&r" (temp1) : "r" (saddr), "r" (regs->isr) ); @@ -152,8 +152,8 @@ static int emulate_ldw(struct pt_regs *regs, int toreg, int flop) " mtctl %2,11\n" " vshd %0,%3,%0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "+r" (val), "+r" (ret), "=&r" (temp1), "=&r" (temp2) : "r" (saddr), "r" (regs->isr) ); @@ -189,8 +189,8 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop) " mtsar %%r19\n" " shrpd %0,%%r20,%%sar,%0\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1") : "=r" (val), "+r" (ret) : "0" (val), "r" (saddr), "r" (regs->isr) : "r19", "r20" ); @@ -209,9 +209,9 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop) " vshd %0,%R0,%0\n" " vshd %R0,%4,%R0\n" "4: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b, "%1") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b, "%1") : "+r" (val), "+r" (ret), "+r" (saddr), "=&r" (shift), "=&r" (temp1) : "r" (regs->isr) ); } @@ -244,8 +244,8 @@ static int emulate_sth(struct pt_regs *regs, int frreg) "1: stb %1, 0(%%sr1, %3)\n" "2: stb %2, 1(%%sr1, %3)\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0") : "+r" (ret), "=&r" (temp1) : "r" (val), "r" (regs->ior), "r" (regs->isr) ); @@ -285,8 +285,8 @@ static int emulate_stw(struct pt_regs *regs, int frreg, int flop) " stw %%r20,0(%%sr1,%2)\n" " stw %%r21,4(%%sr1,%2)\n" "3: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r22", "r1" ); @@ -329,10 +329,10 @@ static int emulate_std(struct pt_regs *regs, int frreg, int flop) "3: std %%r20,0(%%sr1,%2)\n" "4: std %%r21,8(%%sr1,%2)\n" "5: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r22", "r1" ); @@ -357,11 +357,11 @@ static int emulate_std(struct pt_regs *regs, int frreg, int flop) "4: stw %%r1,4(%%sr1,%2)\n" "5: stw %R1,8(%%sr1,%2)\n" "6: \n" - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b) - ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b) + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b, "%0") + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b, "%0") : "+r" (ret) : "r" (val), "r" (regs->ior), "r" (regs->isr) : "r19", "r20", "r21", "r1" ); diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c index 2fe5b44986e0..c39de84e98b0 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -150,11 +150,16 @@ int fixup_exception(struct pt_regs *regs) * Fix up get_user() and put_user(). * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() sets the least-significant * bit in the relative address of the fixup routine to indicate - * that gr[ASM_EXCEPTIONTABLE_REG] should be loaded with - * -EFAULT to report a userspace access error. + * that the register encoded in the "or %r0,%r0,register" + * opcode should be loaded with -EFAULT to report a userspace + * access error. */ if (fix->fixup & 1) { - regs->gr[ASM_EXCEPTIONTABLE_REG] = -EFAULT; + int fault_error_reg = fix->err_opcode & 0x1f; + if (!WARN_ON(!fault_error_reg)) + regs->gr[fault_error_reg] = -EFAULT; + pr_debug("Unalignment fixup of register %d at %pS\n", + fault_error_reg, (void*)regs->iaoq[0]); /* zero target register for get_user() */ if (parisc_acctyp(0, regs->iir) == VM_READ) {

1 year, 6 months

2
1
0 0

[PATCH] landlock: Fix asymmetric private inodes referring

by Mickaël Salaün

When linking or renaming a file, if only one of the source or destination directory is backed by an S_PRIVATE inode, then the related set of layer masks would be used as uninitialized by is_access_to_paths_allowed(). This would result to indeterministic access for one side instead of always being allowed. This bug could only be triggered with a mounted filesystem containing both S_PRIVATE and !S_PRIVATE inodes, which doesn't seem possible. The collect_domain_accesses() calls return early if is_nouser_or_private() returns false, which means that the directory's superblock has SB_NOUSER or its inode has S_PRIVATE. Because rename or link actions are only allowed on the same mounted filesystem, the superblock is always the same for both source and destination directories. However, it might be possible in theory to have an S_PRIVATE parent source inode with an !S_PRIVATE parent destination inode, or vice versa. To make sure this case is not an issue, explicitly initialized both set of layer masks to 0, which means to allow all actions on the related side. If at least on side has !S_PRIVATE, then collect_domain_accesses() and is_access_to_paths_allowed() check for the required access rights. Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Günther Noack <gnoack(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Shervin Oloumi <enlightened(a)chromium.org> Cc: stable(a)vger.kernel.org Fixes: b91c3e4ea756 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER") Signed-off-by: Mickaël Salaün <mic(a)digikod.net> --- security/landlock/fs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 90f7f6db1e87..f243c6a392ee 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1093,8 +1093,8 @@ static int current_check_refer_path(struct dentry *const old_dentry, bool allow_parent1, allow_parent2; access_mask_t access_request_parent1, access_request_parent2; struct path mnt_dir; - layer_mask_t layer_masks_parent1[LANDLOCK_NUM_ACCESS_FS], - layer_masks_parent2[LANDLOCK_NUM_ACCESS_FS]; + layer_mask_t layer_masks_parent1[LANDLOCK_NUM_ACCESS_FS] = {}, + layer_masks_parent2[LANDLOCK_NUM_ACCESS_FS] = {}; if (!dom) return 0; -- 2.43.0

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs/proc: do_task_stat: use sig->stats_lock to gather the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7601df8031fd67310af891897ef6cc0df4209305 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021919-chrome-doorframe-66ed@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") 60f92acb60a9 ("fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 7904e53ed5a2 ("fs/proc: do_task_stat: use __for_each_thread()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7601df8031fd67310af891897ef6cc0df4209305 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 23 Jan 2024 16:33:57 +0100 Subject: [PATCH] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless. Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/proc/array.c b/fs/proc/array.c index 45ba91863808..34a47fb0c57f 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -477,13 +477,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, int permitted; struct mm_struct *mm; unsigned long long start_time; - unsigned long cmin_flt = 0, cmaj_flt = 0; - unsigned long min_flt = 0, maj_flt = 0; - u64 cutime, cstime, utime, stime; - u64 cgtime, gtime; + unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt; + u64 cutime, cstime, cgtime, utime, stime, gtime; unsigned long rsslim = 0; unsigned long flags; int exit_code = task->exit_code; + struct signal_struct *sig = task->signal; + unsigned int seq = 1; state = *get_task_state(task); vsize = eip = esp = 0; @@ -511,12 +511,8 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = 0; - cgtime = gtime = 0; if (lock_task_sighand(task, &flags)) { - struct signal_struct *sig = task->signal; - if (sig->tty) { struct pid *pgrp = tty_get_pgrp(sig->tty); tty_pgrp = pid_nr_ns(pgrp, ns); @@ -527,27 +523,9 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, num_threads = get_nr_threads(task); collect_sigign_sigcatch(task, &sigign, &sigcatch); - cmin_flt = sig->cmin_flt; - cmaj_flt = sig->cmaj_flt; - cutime = sig->cutime; - cstime = sig->cstime; - cgtime = sig->cgtime; rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); - /* add up live thread stats at the group level */ if (whole) { - struct task_struct *t; - - __for_each_thread(sig, t) { - min_flt += t->min_flt; - maj_flt += t->maj_flt; - gtime += task_gtime(t); - } - - min_flt += sig->min_flt; - maj_flt += sig->maj_flt; - gtime += sig->gtime; - if (sig->flags & (SIGNAL_GROUP_EXIT | SIGNAL_STOP_STOPPED)) exit_code = sig->group_exit_code; } @@ -562,6 +540,34 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, if (permitted && (!whole || num_threads < 2)) wchan = !task_is_running(task); + do { + seq++; /* 2 on the 1st/lockless path, otherwise odd */ + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); + + cmin_flt = sig->cmin_flt; + cmaj_flt = sig->cmaj_flt; + cutime = sig->cutime; + cstime = sig->cstime; + cgtime = sig->cgtime; + + if (whole) { + struct task_struct *t; + + min_flt = sig->min_flt; + maj_flt = sig->maj_flt; + gtime = sig->gtime; + + rcu_read_lock(); + __for_each_thread(sig, t) { + min_flt += t->min_flt; + maj_flt += t->maj_flt; + gtime += task_gtime(t); + } + rcu_read_unlock(); + } + } while (need_seqretry(&sig->stats_lock, seq)); + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); + if (whole) { thread_group_cputime_adjusted(task, &utime, &stime); } else {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs/proc: do_task_stat: use sig->stats_lock to gather the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7601df8031fd67310af891897ef6cc0df4209305 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021918-unmanaged-rarity-ec6e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") 60f92acb60a9 ("fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()") 7904e53ed5a2 ("fs/proc: do_task_stat: use __for_each_thread()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7601df8031fd67310af891897ef6cc0df4209305 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 23 Jan 2024 16:33:57 +0100 Subject: [PATCH] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless. Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/proc/array.c b/fs/proc/array.c index 45ba91863808..34a47fb0c57f 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -477,13 +477,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, int permitted; struct mm_struct *mm; unsigned long long start_time; - unsigned long cmin_flt = 0, cmaj_flt = 0; - unsigned long min_flt = 0, maj_flt = 0; - u64 cutime, cstime, utime, stime; - u64 cgtime, gtime; + unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt; + u64 cutime, cstime, cgtime, utime, stime, gtime; unsigned long rsslim = 0; unsigned long flags; int exit_code = task->exit_code; + struct signal_struct *sig = task->signal; + unsigned int seq = 1; state = *get_task_state(task); vsize = eip = esp = 0; @@ -511,12 +511,8 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = 0; - cgtime = gtime = 0; if (lock_task_sighand(task, &flags)) { - struct signal_struct *sig = task->signal; - if (sig->tty) { struct pid *pgrp = tty_get_pgrp(sig->tty); tty_pgrp = pid_nr_ns(pgrp, ns); @@ -527,27 +523,9 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, num_threads = get_nr_threads(task); collect_sigign_sigcatch(task, &sigign, &sigcatch); - cmin_flt = sig->cmin_flt; - cmaj_flt = sig->cmaj_flt; - cutime = sig->cutime; - cstime = sig->cstime; - cgtime = sig->cgtime; rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); - /* add up live thread stats at the group level */ if (whole) { - struct task_struct *t; - - __for_each_thread(sig, t) { - min_flt += t->min_flt; - maj_flt += t->maj_flt; - gtime += task_gtime(t); - } - - min_flt += sig->min_flt; - maj_flt += sig->maj_flt; - gtime += sig->gtime; - if (sig->flags & (SIGNAL_GROUP_EXIT | SIGNAL_STOP_STOPPED)) exit_code = sig->group_exit_code; } @@ -562,6 +540,34 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, if (permitted && (!whole || num_threads < 2)) wchan = !task_is_running(task); + do { + seq++; /* 2 on the 1st/lockless path, otherwise odd */ + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); + + cmin_flt = sig->cmin_flt; + cmaj_flt = sig->cmaj_flt; + cutime = sig->cutime; + cstime = sig->cstime; + cgtime = sig->cgtime; + + if (whole) { + struct task_struct *t; + + min_flt = sig->min_flt; + maj_flt = sig->maj_flt; + gtime = sig->gtime; + + rcu_read_lock(); + __for_each_thread(sig, t) { + min_flt += t->min_flt; + maj_flt += t->maj_flt; + gtime += task_gtime(t); + } + rcu_read_unlock(); + } + } while (need_seqretry(&sig->stats_lock, seq)); + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); + if (whole) { thread_group_cputime_adjusted(task, &utime, &stime); } else {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021941-jelly-tubular-7919@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") 7108b80a542b ("hwmon/coretemp: Handle large core ID value") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-monsieur-unshipped-a926@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") 7108b80a542b ("hwmon/coretemp: Handle large core ID value") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021939-concierge-eclipse-4ffd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") 7108b80a542b ("hwmon/coretemp: Handle large core ID value") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021939-blunt-uncouple-5a31@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") 7108b80a542b ("hwmon/coretemp: Handle large core ID value") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021938-relieving-boneless-4cca@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021937-revered-agreement-261e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hwmon: (coretemp) Fix out-of-bounds memory access" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 4e440abc894585a34c2904a32cd54af1742311b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021936-mulch-prone-c0a6@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 4e440abc8945 ("hwmon: (coretemp) Fix out-of-bounds memory access") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4e440abc894585a34c2904a32cd54af1742311b3 Mon Sep 17 00:00:00 2001 From: Zhang Rui <rui.zhang(a)intel.com> Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. Fixes: 7108b80a542b ("hwmon/coretemp: Handle large core ID value") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240202092144.71180-2-rui.zhang@intel.com Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c index ba82d1e79c13..e78c76919111 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c @@ -509,18 +509,14 @@ static int create_core_data(struct platform_device *pdev, unsigned int cpu, if (pkg_flag) { attr_no = PKG_SYSFS_ATTR_NO; } else { - index = ida_alloc(&pdata->ida, GFP_KERNEL); + index = ida_alloc_max(&pdata->ida, NUM_REAL_CORES - 1, GFP_KERNEL); if (index < 0) return index; + pdata->cpu_map[index] = topology_core_id(cpu); attr_no = index + BASE_SYSFS_ATTR_NO; } - if (attr_no > MAX_CORE_DATA - 1) { - err = -ERANGE; - goto ida_free; - } - tdata = init_temp_data(cpu, pkg_flag); if (!tdata) { err = -ENOMEM;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021921-why-roamer-871c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") 87797fad6cce ("xen/events: replace evtchn_rwlock with RCU") 58f6259b7a08 ("xen/evtchn: Introduce new IOCTL to bind static evtchn") 04d684875b30 ("xen: xen_debug_interrupt prototype to global header") 073352e951f6 ("genirq: Add and use an irq_data_update_affinity helper") 961343d78226 ("genirq: Refactor accessors to use irq_data_get_affinity_mask") 83f877a09516 ("xen/events: remove redundant initialization of variable irq") 3de218ff39b9 ("xen/events: reset active flag for lateeoi events later") d120198bd5ff ("xen/evtchn: Change irq_info lock to raw_spinlock_t") b6622798bc50 ("xen/events: avoid handling the same event on two cpus at the same time") 25da4618af24 ("xen/events: don't unmask an event channel when an eoi is pending") 06f45fe96fcd ("xen/events: add per-xenbus device event statistics and settings") f2fa0e5e9f31 ("xen/events: link interdomain events to associated xenbus device") 88f0a9d06644 ("xen/events: Implement irq distribution") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021917-krypton-upcountry-d467@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") 87797fad6cce ("xen/events: replace evtchn_rwlock with RCU") 58f6259b7a08 ("xen/evtchn: Introduce new IOCTL to bind static evtchn") 04d684875b30 ("xen: xen_debug_interrupt prototype to global header") 073352e951f6 ("genirq: Add and use an irq_data_update_affinity helper") 961343d78226 ("genirq: Refactor accessors to use irq_data_get_affinity_mask") 83f877a09516 ("xen/events: remove redundant initialization of variable irq") 3de218ff39b9 ("xen/events: reset active flag for lateeoi events later") d120198bd5ff ("xen/evtchn: Change irq_info lock to raw_spinlock_t") b6622798bc50 ("xen/events: avoid handling the same event on two cpus at the same time") 25da4618af24 ("xen/events: don't unmask an event channel when an eoi is pending") 06f45fe96fcd ("xen/events: add per-xenbus device event statistics and settings") f2fa0e5e9f31 ("xen/events: link interdomain events to associated xenbus device") 88f0a9d06644 ("xen/events: Implement irq distribution") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021914-wackiness-diagnoses-52e2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") 87797fad6cce ("xen/events: replace evtchn_rwlock with RCU") 58f6259b7a08 ("xen/evtchn: Introduce new IOCTL to bind static evtchn") 04d684875b30 ("xen: xen_debug_interrupt prototype to global header") 073352e951f6 ("genirq: Add and use an irq_data_update_affinity helper") 961343d78226 ("genirq: Refactor accessors to use irq_data_get_affinity_mask") 83f877a09516 ("xen/events: remove redundant initialization of variable irq") 3de218ff39b9 ("xen/events: reset active flag for lateeoi events later") d120198bd5ff ("xen/evtchn: Change irq_info lock to raw_spinlock_t") b6622798bc50 ("xen/events: avoid handling the same event on two cpus at the same time") 25da4618af24 ("xen/events: don't unmask an event channel when an eoi is pending") 06f45fe96fcd ("xen/events: add per-xenbus device event statistics and settings") f2fa0e5e9f31 ("xen/events: link interdomain events to associated xenbus device") 88f0a9d06644 ("xen/events: Implement irq distribution") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-king-sugar-1024@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") 87797fad6cce ("xen/events: replace evtchn_rwlock with RCU") 58f6259b7a08 ("xen/evtchn: Introduce new IOCTL to bind static evtchn") 04d684875b30 ("xen: xen_debug_interrupt prototype to global header") 073352e951f6 ("genirq: Add and use an irq_data_update_affinity helper") 961343d78226 ("genirq: Refactor accessors to use irq_data_get_affinity_mask") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021908-polymer-backyard-ce35@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") 87797fad6cce ("xen/events: replace evtchn_rwlock with RCU") 58f6259b7a08 ("xen/evtchn: Introduce new IOCTL to bind static evtchn") 04d684875b30 ("xen: xen_debug_interrupt prototype to global header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] xen/events: close evtchn after mapping cleanup" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa765c4b4aed2d64266b694520ecb025c862c5a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021905-anger-exclusion-a2ae@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fa765c4b4aed ("xen/events: close evtchn after mapping cleanup") 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces") 5dd9ad32d775 ("xen/events: drop xen_allocate_irqs_dynamic()") 3bdb0ac350fe ("xen/events: remove some simple helpers from events_base.c") 686464514fbe ("xen/events: reduce externally visible helper functions") e64e7c74b99e ("xen/events: avoid using info_for_irq() in xen_send_IPI_one()") 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ handers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa765c4b4aed2d64266b694520ecb025c862c5a9 Mon Sep 17 00:00:00 2001 From: Maximilian Heyne <mheyne(a)amazon.de> Date: Wed, 24 Jan 2024 16:31:28 +0000 Subject: [PATCH] xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0xf0 ? bind_evtchn_to_cpu+0xc5/0xf0 set_affinity_irq+0xdc/0x1c0 irq_do_set_affinity+0x1d7/0x1f0 irq_setup_affinity+0xd6/0x1a0 irq_startup+0x8a/0xf0 __setup_irq+0x639/0x6d0 ? nvme_suspend+0x150/0x150 request_threaded_irq+0x10c/0x180 ? nvme_suspend+0x150/0x150 pci_request_irq+0xa8/0xf0 ? __blk_mq_free_request+0x74/0xa0 queue_request_irq+0x6f/0x80 nvme_create_queue+0x1af/0x200 nvme_create_io_queues+0xbd/0xf0 nvme_setup_io_queues+0x246/0x320 ? nvme_irq_check+0x30/0x30 nvme_reset_work+0x1c8/0x400 process_one_work+0x1b0/0x350 worker_thread+0x49/0x310 ? process_one_work+0x350/0x350 kthread+0x11b/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x22/0x30 Modules linked in: ---[ end trace a11715de1eee1873 ]--- Fixes: d46a78b05c0e ("xen: implement pirq type event channels") Cc: stable(a)vger.kernel.org Co-debugged-by: Andrew Panyakin <apanyaki(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: Juergen Gross <jgross(a)suse.com> Link: https://lore.kernel.org/r/20240124163130.31324-1-mheyne@amazon.de Signed-off-by: Juergen Gross <jgross(a)suse.com> diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b8cfea7812d6..3b9f080109d7 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -923,8 +923,8 @@ static void shutdown_pirq(struct irq_data *data) return; do_mask(info, EVT_MASK_REASON_EXPLICIT); - xen_evtchn_close(evtchn); xen_irq_info_cleanup(info); + xen_evtchn_close(evtchn); } static void enable_pirq(struct irq_data *data) @@ -956,6 +956,7 @@ EXPORT_SYMBOL_GPL(xen_irq_from_gsi); static void __unbind_from_irq(struct irq_info *info, unsigned int irq) { evtchn_port_t evtchn; + bool close_evtchn = false; if (!info) { xen_irq_free_desc(irq); @@ -975,7 +976,7 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) struct xenbus_device *dev; if (!info->is_static) - xen_evtchn_close(evtchn); + close_evtchn = true; switch (info->type) { case IRQT_VIRQ: @@ -995,6 +996,9 @@ static void __unbind_from_irq(struct irq_info *info, unsigned int irq) } xen_irq_info_cleanup(info); + + if (close_evtchn) + xen_evtchn_close(evtchn); } xen_free_irq(info);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] blk-wbt: Fix detection of dirty-throttled tasks" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021925-onscreen-cancel-9be1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f814bdda774c ("blk-wbt: Fix detection of dirty-throttled tasks") ba91c849fa50 ("blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos") 3963d84df797 ("blk-rq-qos: constify rq_qos_ops") ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful") b494f9c566ba ("blk-rq-qos: move rq_qos_add and rq_qos_del out of line") de185b56e8a6 ("blk-cgroup: pass a gendisk to blkcg_schedule_throttle") 9df3e65139b9 ("blk-iocost: simplify ioc_name") 14a6e2eb7df5 ("block: don't allow the same type rq_qos add more than once") 5cf9c91ba927 ("block: serialize all debugfs operations using q->debugfs_mutex") 8a177a36da6c ("blk-iolatency: Fix inflight count imbalances and IO hangs on offline") c97ab271576d ("blk-cgroup: remove unneeded includes from <linux/blk-cgroup.h>") 7f20ba7c42fd ("blk-cgroup: remove pointless CONFIG_BLOCK ifdefs") bbb1ebe7a909 ("blk-cgroup: replace bio_blkcg with bio_blkcg_css") dec223c92a46 ("blk-cgroup: move struct blkcg to block/blk-cgroup.h") 397c9f46ee4d ("blk-cgroup: move blkcg_{pin,unpin}_online out of line") 216889aad362 ("blk-cgroup: move blk_cgroup_congested out line") d589ae0d4460 ("Merge tag 'for-5.18/block-2022-04-01' of git://git.kernel.dk/linux-block") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Tue, 23 Jan 2024 18:58:26 +0100 Subject: [PATCH] blk-wbt: Fix detection of dirty-throttled tasks The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240123175826.21452-1-jack@suse.cz [axboe: fixup indentation errors] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..2ad261082bba 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] blk-wbt: Fix detection of dirty-throttled tasks" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021924-handcart-displease-1607@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f814bdda774c ("blk-wbt: Fix detection of dirty-throttled tasks") ba91c849fa50 ("blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos") 3963d84df797 ("blk-rq-qos: constify rq_qos_ops") ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful") b494f9c566ba ("blk-rq-qos: move rq_qos_add and rq_qos_del out of line") de185b56e8a6 ("blk-cgroup: pass a gendisk to blkcg_schedule_throttle") 9df3e65139b9 ("blk-iocost: simplify ioc_name") 14a6e2eb7df5 ("block: don't allow the same type rq_qos add more than once") 5cf9c91ba927 ("block: serialize all debugfs operations using q->debugfs_mutex") 8a177a36da6c ("blk-iolatency: Fix inflight count imbalances and IO hangs on offline") c97ab271576d ("blk-cgroup: remove unneeded includes from <linux/blk-cgroup.h>") 7f20ba7c42fd ("blk-cgroup: remove pointless CONFIG_BLOCK ifdefs") bbb1ebe7a909 ("blk-cgroup: replace bio_blkcg with bio_blkcg_css") dec223c92a46 ("blk-cgroup: move struct blkcg to block/blk-cgroup.h") 397c9f46ee4d ("blk-cgroup: move blkcg_{pin,unpin}_online out of line") 216889aad362 ("blk-cgroup: move blk_cgroup_congested out line") d589ae0d4460 ("Merge tag 'for-5.18/block-2022-04-01' of git://git.kernel.dk/linux-block") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Tue, 23 Jan 2024 18:58:26 +0100 Subject: [PATCH] blk-wbt: Fix detection of dirty-throttled tasks The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240123175826.21452-1-jack@suse.cz [axboe: fixup indentation errors] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..2ad261082bba 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] blk-wbt: Fix detection of dirty-throttled tasks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021923-onboard-pork-7d99@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f814bdda774c ("blk-wbt: Fix detection of dirty-throttled tasks") ba91c849fa50 ("blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos") 3963d84df797 ("blk-rq-qos: constify rq_qos_ops") ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful") b494f9c566ba ("blk-rq-qos: move rq_qos_add and rq_qos_del out of line") de185b56e8a6 ("blk-cgroup: pass a gendisk to blkcg_schedule_throttle") 9df3e65139b9 ("blk-iocost: simplify ioc_name") 14a6e2eb7df5 ("block: don't allow the same type rq_qos add more than once") 5cf9c91ba927 ("block: serialize all debugfs operations using q->debugfs_mutex") 8a177a36da6c ("blk-iolatency: Fix inflight count imbalances and IO hangs on offline") c97ab271576d ("blk-cgroup: remove unneeded includes from <linux/blk-cgroup.h>") 7f20ba7c42fd ("blk-cgroup: remove pointless CONFIG_BLOCK ifdefs") bbb1ebe7a909 ("blk-cgroup: replace bio_blkcg with bio_blkcg_css") dec223c92a46 ("blk-cgroup: move struct blkcg to block/blk-cgroup.h") 397c9f46ee4d ("blk-cgroup: move blkcg_{pin,unpin}_online out of line") 216889aad362 ("blk-cgroup: move blk_cgroup_congested out line") d589ae0d4460 ("Merge tag 'for-5.18/block-2022-04-01' of git://git.kernel.dk/linux-block") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Tue, 23 Jan 2024 18:58:26 +0100 Subject: [PATCH] blk-wbt: Fix detection of dirty-throttled tasks The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240123175826.21452-1-jack@suse.cz [axboe: fixup indentation errors] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..2ad261082bba 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] blk-wbt: Fix detection of dirty-throttled tasks" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021921-unspoiled-despite-59cc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f814bdda774c ("blk-wbt: Fix detection of dirty-throttled tasks") ba91c849fa50 ("blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos") 3963d84df797 ("blk-rq-qos: constify rq_qos_ops") ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful") b494f9c566ba ("blk-rq-qos: move rq_qos_add and rq_qos_del out of line") de185b56e8a6 ("blk-cgroup: pass a gendisk to blkcg_schedule_throttle") 9df3e65139b9 ("blk-iocost: simplify ioc_name") 14a6e2eb7df5 ("block: don't allow the same type rq_qos add more than once") 5cf9c91ba927 ("block: serialize all debugfs operations using q->debugfs_mutex") 8a177a36da6c ("blk-iolatency: Fix inflight count imbalances and IO hangs on offline") c97ab271576d ("blk-cgroup: remove unneeded includes from <linux/blk-cgroup.h>") 7f20ba7c42fd ("blk-cgroup: remove pointless CONFIG_BLOCK ifdefs") bbb1ebe7a909 ("blk-cgroup: replace bio_blkcg with bio_blkcg_css") dec223c92a46 ("blk-cgroup: move struct blkcg to block/blk-cgroup.h") 397c9f46ee4d ("blk-cgroup: move blkcg_{pin,unpin}_online out of line") 216889aad362 ("blk-cgroup: move blk_cgroup_congested out line") d589ae0d4460 ("Merge tag 'for-5.18/block-2022-04-01' of git://git.kernel.dk/linux-block") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Tue, 23 Jan 2024 18:58:26 +0100 Subject: [PATCH] blk-wbt: Fix detection of dirty-throttled tasks The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240123175826.21452-1-jack@suse.cz [axboe: fixup indentation errors] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..2ad261082bba 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] blk-wbt: Fix detection of dirty-throttled tasks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021920-latitude-quilt-dfa8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f814bdda774c ("blk-wbt: Fix detection of dirty-throttled tasks") ba91c849fa50 ("blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos") 3963d84df797 ("blk-rq-qos: constify rq_qos_ops") ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful") b494f9c566ba ("blk-rq-qos: move rq_qos_add and rq_qos_del out of line") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f814bdda774c183b0cc15ec8f3b6e7c6f4527ba5 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Tue, 23 Jan 2024 18:58:26 +0100 Subject: [PATCH] blk-wbt: Fix detection of dirty-throttled tasks The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240123175826.21452-1-jack@suse.cz [axboe: fixup indentation errors] Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..2ad261082bba 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs,hugetlb: fix NULL pointer dereference in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 79d72c68c58784a3e1cd2378669d51bfd0cb7498 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-estranged-reopen-bc6e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 79d72c68c587 ("fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super") d00365175e09 ("hugetlbfs: use helper macro SZ_1{K,M}") a25fddced835 ("hugetlbfs: make hugepage size conversion more readable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 79d72c68c58784a3e1cd2378669d51bfd0cb7498 Mon Sep 17 00:00:00 2001 From: Oscar Salvador <osalvador(a)suse.de> Date: Tue, 30 Jan 2024 22:04:18 +0100 Subject: [PATCH] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hc d(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index ee13c2ca8ad2..d746866ae3b6 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1365,6 +1365,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1409,11 +1410,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs,hugetlb: fix NULL pointer dereference in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 79d72c68c58784a3e1cd2378669d51bfd0cb7498 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021936-oblivion-cloud-41d4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 79d72c68c587 ("fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super") d00365175e09 ("hugetlbfs: use helper macro SZ_1{K,M}") a25fddced835 ("hugetlbfs: make hugepage size conversion more readable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 79d72c68c58784a3e1cd2378669d51bfd0cb7498 Mon Sep 17 00:00:00 2001 From: Oscar Salvador <osalvador(a)suse.de> Date: Tue, 30 Jan 2024 22:04:18 +0100 Subject: [PATCH] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hc d(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index ee13c2ca8ad2..d746866ae3b6 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1365,6 +1365,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1409,11 +1410,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs,hugetlb: fix NULL pointer dereference in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 79d72c68c58784a3e1cd2378669d51bfd0cb7498 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021932-embody-commodore-0dec@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 79d72c68c587 ("fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super") d00365175e09 ("hugetlbfs: use helper macro SZ_1{K,M}") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 79d72c68c58784a3e1cd2378669d51bfd0cb7498 Mon Sep 17 00:00:00 2001 From: Oscar Salvador <osalvador(a)suse.de> Date: Tue, 30 Jan 2024 22:04:18 +0100 Subject: [PATCH] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hc d(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index ee13c2ca8ad2..d746866ae3b6 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -1365,6 +1365,7 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1409,11 +1410,12 @@ static int hugetlbfs_parse_param(struct fs_context *fc, struct fs_parameter *par case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021940-unviable-dispersal-2253@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9cae43da9867 ("hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed") c807d6cd089d ("hv_netvsc: Mark VF as slave before exposing it to user-mode") 365e1ececb29 ("hv_netvsc: Fix race between VF offering and VF association message from host") c60882a4566a ("hv_netvsc: use netif_is_bond_master() instead of open code") d0922bf79817 ("hv_netvsc: Add error handling while switching data path") 34b06a2eee44 ("hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove") 8b31f8c982b7 ("hv_netvsc: Wait for completion on request SWITCH_DATA_PATH") 4d18fcc95f50 ("hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening") e8b7db38449a ("Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening") 4907a43da831 ("Merge tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 Mon Sep 17 00:00:00 2001 From: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Date: Thu, 1 Feb 2024 20:40:38 -0800 Subject: [PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdevice) at the end of netvsc_probe. Cc: stable(a)vger.kernel.org Fixes: 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier and VF register") Suggested-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 273bd8a20122..11831a1c9762 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -42,6 +42,10 @@ #define LINKCHANGE_INT (2 * HZ) #define VF_TAKEOVER_INT (HZ / 10) +/* Macros to define the context of vf registration */ +#define VF_REG_IN_PROBE 1 +#define VF_REG_IN_NOTIFIER 2 + static unsigned int ring_size __ro_after_init = 128; module_param(ring_size, uint, 0444); MODULE_PARM_DESC(ring_size, "Ring buffer size (# of 4K pages)"); @@ -2185,7 +2189,7 @@ static rx_handler_result_t netvsc_vf_handle_frame(struct sk_buff **pskb) } static int netvsc_vf_join(struct net_device *vf_netdev, - struct net_device *ndev) + struct net_device *ndev, int context) { struct net_device_context *ndev_ctx = netdev_priv(ndev); int ret; @@ -2208,7 +2212,11 @@ static int netvsc_vf_join(struct net_device *vf_netdev, goto upper_link_failed; } - schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); + /* If this registration is called from probe context vf_takeover + * is taken care of later in probe itself. + */ + if (context == VF_REG_IN_NOTIFIER) + schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); call_netdevice_notifiers(NETDEV_JOIN, vf_netdev); @@ -2346,7 +2354,7 @@ static int netvsc_prepare_bonding(struct net_device *vf_netdev) return NOTIFY_DONE; } -static int netvsc_register_vf(struct net_device *vf_netdev) +static int netvsc_register_vf(struct net_device *vf_netdev, int context) { struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; @@ -2386,7 +2394,7 @@ static int netvsc_register_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF registering: %s\n", vf_netdev->name); - if (netvsc_vf_join(vf_netdev, ndev) != 0) + if (netvsc_vf_join(vf_netdev, ndev, context) != 0) return NOTIFY_DONE; dev_hold(vf_netdev); @@ -2484,10 +2492,31 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) return NOTIFY_OK; } +static int check_dev_is_matching_vf(struct net_device *event_ndev) +{ + /* Skip NetVSC interfaces */ + if (event_ndev->netdev_ops == &device_ops) + return -ENODEV; + + /* Avoid non-Ethernet type devices */ + if (event_ndev->type != ARPHRD_ETHER) + return -ENODEV; + + /* Avoid Vlan dev with same MAC registering as VF */ + if (is_vlan_dev(event_ndev)) + return -ENODEV; + + /* Avoid Bonding master dev with same MAC registering as VF */ + if (netif_is_bond_master(event_ndev)) + return -ENODEV; + + return 0; +} + static int netvsc_probe(struct hv_device *dev, const struct hv_vmbus_device_id *dev_id) { - struct net_device *net = NULL; + struct net_device *net = NULL, *vf_netdev; struct net_device_context *net_device_ctx; struct netvsc_device_info *device_info = NULL; struct netvsc_device *nvdev; @@ -2599,6 +2628,30 @@ static int netvsc_probe(struct hv_device *dev, } list_add(&net_device_ctx->list, &netvsc_dev_list); + + /* When the hv_netvsc driver is unloaded and reloaded, the + * NET_DEVICE_REGISTER for the vf device is replayed before probe + * is complete. This is because register_netdevice_notifier() gets + * registered before vmbus_driver_register() so that callback func + * is set before probe and we don't miss events like NETDEV_POST_INIT + * So, in this section we try to register the matching vf device that + * is present as a netdevice, knowing that its register call is not + * processed in the netvsc_netdev_notifier(as probing is progress and + * get_netvsc_byslot fails). + */ + for_each_netdev(dev_net(net), vf_netdev) { + ret = check_dev_is_matching_vf(vf_netdev); + if (ret != 0) + continue; + + if (net != get_netvsc_byslot(vf_netdev)) + continue; + + netvsc_prepare_bonding(vf_netdev); + netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE); + __netvsc_vf_setup(net, vf_netdev); + break; + } rtnl_unlock(); netvsc_devinfo_put(device_info); @@ -2754,28 +2807,17 @@ static int netvsc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); + int ret = 0; - /* Skip our own events */ - if (event_dev->netdev_ops == &device_ops) - return NOTIFY_DONE; - - /* Avoid non-Ethernet type devices */ - if (event_dev->type != ARPHRD_ETHER) - return NOTIFY_DONE; - - /* Avoid Vlan dev with same MAC registering as VF */ - if (is_vlan_dev(event_dev)) - return NOTIFY_DONE; - - /* Avoid Bonding master dev with same MAC registering as VF */ - if (netif_is_bond_master(event_dev)) + ret = check_dev_is_matching_vf(event_dev); + if (ret != 0) return NOTIFY_DONE; switch (event) { case NETDEV_POST_INIT: return netvsc_prepare_bonding(event_dev); case NETDEV_REGISTER: - return netvsc_register_vf(event_dev); + return netvsc_register_vf(event_dev, VF_REG_IN_NOTIFIER); case NETDEV_UNREGISTER: return netvsc_unregister_vf(event_dev); case NETDEV_UP:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021939-deceiving-skinny-32a6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9cae43da9867 ("hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed") c807d6cd089d ("hv_netvsc: Mark VF as slave before exposing it to user-mode") 365e1ececb29 ("hv_netvsc: Fix race between VF offering and VF association message from host") c60882a4566a ("hv_netvsc: use netif_is_bond_master() instead of open code") d0922bf79817 ("hv_netvsc: Add error handling while switching data path") 34b06a2eee44 ("hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove") 8b31f8c982b7 ("hv_netvsc: Wait for completion on request SWITCH_DATA_PATH") 4d18fcc95f50 ("hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening") e8b7db38449a ("Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening") 4907a43da831 ("Merge tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 Mon Sep 17 00:00:00 2001 From: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Date: Thu, 1 Feb 2024 20:40:38 -0800 Subject: [PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdevice) at the end of netvsc_probe. Cc: stable(a)vger.kernel.org Fixes: 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier and VF register") Suggested-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 273bd8a20122..11831a1c9762 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -42,6 +42,10 @@ #define LINKCHANGE_INT (2 * HZ) #define VF_TAKEOVER_INT (HZ / 10) +/* Macros to define the context of vf registration */ +#define VF_REG_IN_PROBE 1 +#define VF_REG_IN_NOTIFIER 2 + static unsigned int ring_size __ro_after_init = 128; module_param(ring_size, uint, 0444); MODULE_PARM_DESC(ring_size, "Ring buffer size (# of 4K pages)"); @@ -2185,7 +2189,7 @@ static rx_handler_result_t netvsc_vf_handle_frame(struct sk_buff **pskb) } static int netvsc_vf_join(struct net_device *vf_netdev, - struct net_device *ndev) + struct net_device *ndev, int context) { struct net_device_context *ndev_ctx = netdev_priv(ndev); int ret; @@ -2208,7 +2212,11 @@ static int netvsc_vf_join(struct net_device *vf_netdev, goto upper_link_failed; } - schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); + /* If this registration is called from probe context vf_takeover + * is taken care of later in probe itself. + */ + if (context == VF_REG_IN_NOTIFIER) + schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); call_netdevice_notifiers(NETDEV_JOIN, vf_netdev); @@ -2346,7 +2354,7 @@ static int netvsc_prepare_bonding(struct net_device *vf_netdev) return NOTIFY_DONE; } -static int netvsc_register_vf(struct net_device *vf_netdev) +static int netvsc_register_vf(struct net_device *vf_netdev, int context) { struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; @@ -2386,7 +2394,7 @@ static int netvsc_register_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF registering: %s\n", vf_netdev->name); - if (netvsc_vf_join(vf_netdev, ndev) != 0) + if (netvsc_vf_join(vf_netdev, ndev, context) != 0) return NOTIFY_DONE; dev_hold(vf_netdev); @@ -2484,10 +2492,31 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) return NOTIFY_OK; } +static int check_dev_is_matching_vf(struct net_device *event_ndev) +{ + /* Skip NetVSC interfaces */ + if (event_ndev->netdev_ops == &device_ops) + return -ENODEV; + + /* Avoid non-Ethernet type devices */ + if (event_ndev->type != ARPHRD_ETHER) + return -ENODEV; + + /* Avoid Vlan dev with same MAC registering as VF */ + if (is_vlan_dev(event_ndev)) + return -ENODEV; + + /* Avoid Bonding master dev with same MAC registering as VF */ + if (netif_is_bond_master(event_ndev)) + return -ENODEV; + + return 0; +} + static int netvsc_probe(struct hv_device *dev, const struct hv_vmbus_device_id *dev_id) { - struct net_device *net = NULL; + struct net_device *net = NULL, *vf_netdev; struct net_device_context *net_device_ctx; struct netvsc_device_info *device_info = NULL; struct netvsc_device *nvdev; @@ -2599,6 +2628,30 @@ static int netvsc_probe(struct hv_device *dev, } list_add(&net_device_ctx->list, &netvsc_dev_list); + + /* When the hv_netvsc driver is unloaded and reloaded, the + * NET_DEVICE_REGISTER for the vf device is replayed before probe + * is complete. This is because register_netdevice_notifier() gets + * registered before vmbus_driver_register() so that callback func + * is set before probe and we don't miss events like NETDEV_POST_INIT + * So, in this section we try to register the matching vf device that + * is present as a netdevice, knowing that its register call is not + * processed in the netvsc_netdev_notifier(as probing is progress and + * get_netvsc_byslot fails). + */ + for_each_netdev(dev_net(net), vf_netdev) { + ret = check_dev_is_matching_vf(vf_netdev); + if (ret != 0) + continue; + + if (net != get_netvsc_byslot(vf_netdev)) + continue; + + netvsc_prepare_bonding(vf_netdev); + netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE); + __netvsc_vf_setup(net, vf_netdev); + break; + } rtnl_unlock(); netvsc_devinfo_put(device_info); @@ -2754,28 +2807,17 @@ static int netvsc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); + int ret = 0; - /* Skip our own events */ - if (event_dev->netdev_ops == &device_ops) - return NOTIFY_DONE; - - /* Avoid non-Ethernet type devices */ - if (event_dev->type != ARPHRD_ETHER) - return NOTIFY_DONE; - - /* Avoid Vlan dev with same MAC registering as VF */ - if (is_vlan_dev(event_dev)) - return NOTIFY_DONE; - - /* Avoid Bonding master dev with same MAC registering as VF */ - if (netif_is_bond_master(event_dev)) + ret = check_dev_is_matching_vf(event_dev); + if (ret != 0) return NOTIFY_DONE; switch (event) { case NETDEV_POST_INIT: return netvsc_prepare_bonding(event_dev); case NETDEV_REGISTER: - return netvsc_register_vf(event_dev); + return netvsc_register_vf(event_dev, VF_REG_IN_NOTIFIER); case NETDEV_UNREGISTER: return netvsc_unregister_vf(event_dev); case NETDEV_UP:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021938-legislate-polygon-4765@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9cae43da9867 ("hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed") c807d6cd089d ("hv_netvsc: Mark VF as slave before exposing it to user-mode") 365e1ececb29 ("hv_netvsc: Fix race between VF offering and VF association message from host") c60882a4566a ("hv_netvsc: use netif_is_bond_master() instead of open code") d0922bf79817 ("hv_netvsc: Add error handling while switching data path") 34b06a2eee44 ("hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove") 8b31f8c982b7 ("hv_netvsc: Wait for completion on request SWITCH_DATA_PATH") 4d18fcc95f50 ("hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening") e8b7db38449a ("Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 Mon Sep 17 00:00:00 2001 From: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Date: Thu, 1 Feb 2024 20:40:38 -0800 Subject: [PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdevice) at the end of netvsc_probe. Cc: stable(a)vger.kernel.org Fixes: 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier and VF register") Suggested-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 273bd8a20122..11831a1c9762 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -42,6 +42,10 @@ #define LINKCHANGE_INT (2 * HZ) #define VF_TAKEOVER_INT (HZ / 10) +/* Macros to define the context of vf registration */ +#define VF_REG_IN_PROBE 1 +#define VF_REG_IN_NOTIFIER 2 + static unsigned int ring_size __ro_after_init = 128; module_param(ring_size, uint, 0444); MODULE_PARM_DESC(ring_size, "Ring buffer size (# of 4K pages)"); @@ -2185,7 +2189,7 @@ static rx_handler_result_t netvsc_vf_handle_frame(struct sk_buff **pskb) } static int netvsc_vf_join(struct net_device *vf_netdev, - struct net_device *ndev) + struct net_device *ndev, int context) { struct net_device_context *ndev_ctx = netdev_priv(ndev); int ret; @@ -2208,7 +2212,11 @@ static int netvsc_vf_join(struct net_device *vf_netdev, goto upper_link_failed; } - schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); + /* If this registration is called from probe context vf_takeover + * is taken care of later in probe itself. + */ + if (context == VF_REG_IN_NOTIFIER) + schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); call_netdevice_notifiers(NETDEV_JOIN, vf_netdev); @@ -2346,7 +2354,7 @@ static int netvsc_prepare_bonding(struct net_device *vf_netdev) return NOTIFY_DONE; } -static int netvsc_register_vf(struct net_device *vf_netdev) +static int netvsc_register_vf(struct net_device *vf_netdev, int context) { struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; @@ -2386,7 +2394,7 @@ static int netvsc_register_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF registering: %s\n", vf_netdev->name); - if (netvsc_vf_join(vf_netdev, ndev) != 0) + if (netvsc_vf_join(vf_netdev, ndev, context) != 0) return NOTIFY_DONE; dev_hold(vf_netdev); @@ -2484,10 +2492,31 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) return NOTIFY_OK; } +static int check_dev_is_matching_vf(struct net_device *event_ndev) +{ + /* Skip NetVSC interfaces */ + if (event_ndev->netdev_ops == &device_ops) + return -ENODEV; + + /* Avoid non-Ethernet type devices */ + if (event_ndev->type != ARPHRD_ETHER) + return -ENODEV; + + /* Avoid Vlan dev with same MAC registering as VF */ + if (is_vlan_dev(event_ndev)) + return -ENODEV; + + /* Avoid Bonding master dev with same MAC registering as VF */ + if (netif_is_bond_master(event_ndev)) + return -ENODEV; + + return 0; +} + static int netvsc_probe(struct hv_device *dev, const struct hv_vmbus_device_id *dev_id) { - struct net_device *net = NULL; + struct net_device *net = NULL, *vf_netdev; struct net_device_context *net_device_ctx; struct netvsc_device_info *device_info = NULL; struct netvsc_device *nvdev; @@ -2599,6 +2628,30 @@ static int netvsc_probe(struct hv_device *dev, } list_add(&net_device_ctx->list, &netvsc_dev_list); + + /* When the hv_netvsc driver is unloaded and reloaded, the + * NET_DEVICE_REGISTER for the vf device is replayed before probe + * is complete. This is because register_netdevice_notifier() gets + * registered before vmbus_driver_register() so that callback func + * is set before probe and we don't miss events like NETDEV_POST_INIT + * So, in this section we try to register the matching vf device that + * is present as a netdevice, knowing that its register call is not + * processed in the netvsc_netdev_notifier(as probing is progress and + * get_netvsc_byslot fails). + */ + for_each_netdev(dev_net(net), vf_netdev) { + ret = check_dev_is_matching_vf(vf_netdev); + if (ret != 0) + continue; + + if (net != get_netvsc_byslot(vf_netdev)) + continue; + + netvsc_prepare_bonding(vf_netdev); + netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE); + __netvsc_vf_setup(net, vf_netdev); + break; + } rtnl_unlock(); netvsc_devinfo_put(device_info); @@ -2754,28 +2807,17 @@ static int netvsc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); + int ret = 0; - /* Skip our own events */ - if (event_dev->netdev_ops == &device_ops) - return NOTIFY_DONE; - - /* Avoid non-Ethernet type devices */ - if (event_dev->type != ARPHRD_ETHER) - return NOTIFY_DONE; - - /* Avoid Vlan dev with same MAC registering as VF */ - if (is_vlan_dev(event_dev)) - return NOTIFY_DONE; - - /* Avoid Bonding master dev with same MAC registering as VF */ - if (netif_is_bond_master(event_dev)) + ret = check_dev_is_matching_vf(event_dev); + if (ret != 0) return NOTIFY_DONE; switch (event) { case NETDEV_POST_INIT: return netvsc_prepare_bonding(event_dev); case NETDEV_REGISTER: - return netvsc_register_vf(event_dev); + return netvsc_register_vf(event_dev, VF_REG_IN_NOTIFIER); case NETDEV_UNREGISTER: return netvsc_unregister_vf(event_dev); case NETDEV_UP:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021937-trace-hardly-10d8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9cae43da9867 ("hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed") c807d6cd089d ("hv_netvsc: Mark VF as slave before exposing it to user-mode") 365e1ececb29 ("hv_netvsc: Fix race between VF offering and VF association message from host") c60882a4566a ("hv_netvsc: use netif_is_bond_master() instead of open code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 Mon Sep 17 00:00:00 2001 From: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Date: Thu, 1 Feb 2024 20:40:38 -0800 Subject: [PATCH] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdevice) at the end of netvsc_probe. Cc: stable(a)vger.kernel.org Fixes: 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier and VF register") Suggested-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 273bd8a20122..11831a1c9762 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -42,6 +42,10 @@ #define LINKCHANGE_INT (2 * HZ) #define VF_TAKEOVER_INT (HZ / 10) +/* Macros to define the context of vf registration */ +#define VF_REG_IN_PROBE 1 +#define VF_REG_IN_NOTIFIER 2 + static unsigned int ring_size __ro_after_init = 128; module_param(ring_size, uint, 0444); MODULE_PARM_DESC(ring_size, "Ring buffer size (# of 4K pages)"); @@ -2185,7 +2189,7 @@ static rx_handler_result_t netvsc_vf_handle_frame(struct sk_buff **pskb) } static int netvsc_vf_join(struct net_device *vf_netdev, - struct net_device *ndev) + struct net_device *ndev, int context) { struct net_device_context *ndev_ctx = netdev_priv(ndev); int ret; @@ -2208,7 +2212,11 @@ static int netvsc_vf_join(struct net_device *vf_netdev, goto upper_link_failed; } - schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); + /* If this registration is called from probe context vf_takeover + * is taken care of later in probe itself. + */ + if (context == VF_REG_IN_NOTIFIER) + schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); call_netdevice_notifiers(NETDEV_JOIN, vf_netdev); @@ -2346,7 +2354,7 @@ static int netvsc_prepare_bonding(struct net_device *vf_netdev) return NOTIFY_DONE; } -static int netvsc_register_vf(struct net_device *vf_netdev) +static int netvsc_register_vf(struct net_device *vf_netdev, int context) { struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; @@ -2386,7 +2394,7 @@ static int netvsc_register_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF registering: %s\n", vf_netdev->name); - if (netvsc_vf_join(vf_netdev, ndev) != 0) + if (netvsc_vf_join(vf_netdev, ndev, context) != 0) return NOTIFY_DONE; dev_hold(vf_netdev); @@ -2484,10 +2492,31 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) return NOTIFY_OK; } +static int check_dev_is_matching_vf(struct net_device *event_ndev) +{ + /* Skip NetVSC interfaces */ + if (event_ndev->netdev_ops == &device_ops) + return -ENODEV; + + /* Avoid non-Ethernet type devices */ + if (event_ndev->type != ARPHRD_ETHER) + return -ENODEV; + + /* Avoid Vlan dev with same MAC registering as VF */ + if (is_vlan_dev(event_ndev)) + return -ENODEV; + + /* Avoid Bonding master dev with same MAC registering as VF */ + if (netif_is_bond_master(event_ndev)) + return -ENODEV; + + return 0; +} + static int netvsc_probe(struct hv_device *dev, const struct hv_vmbus_device_id *dev_id) { - struct net_device *net = NULL; + struct net_device *net = NULL, *vf_netdev; struct net_device_context *net_device_ctx; struct netvsc_device_info *device_info = NULL; struct netvsc_device *nvdev; @@ -2599,6 +2628,30 @@ static int netvsc_probe(struct hv_device *dev, } list_add(&net_device_ctx->list, &netvsc_dev_list); + + /* When the hv_netvsc driver is unloaded and reloaded, the + * NET_DEVICE_REGISTER for the vf device is replayed before probe + * is complete. This is because register_netdevice_notifier() gets + * registered before vmbus_driver_register() so that callback func + * is set before probe and we don't miss events like NETDEV_POST_INIT + * So, in this section we try to register the matching vf device that + * is present as a netdevice, knowing that its register call is not + * processed in the netvsc_netdev_notifier(as probing is progress and + * get_netvsc_byslot fails). + */ + for_each_netdev(dev_net(net), vf_netdev) { + ret = check_dev_is_matching_vf(vf_netdev); + if (ret != 0) + continue; + + if (net != get_netvsc_byslot(vf_netdev)) + continue; + + netvsc_prepare_bonding(vf_netdev); + netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE); + __netvsc_vf_setup(net, vf_netdev); + break; + } rtnl_unlock(); netvsc_devinfo_put(device_info); @@ -2754,28 +2807,17 @@ static int netvsc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); + int ret = 0; - /* Skip our own events */ - if (event_dev->netdev_ops == &device_ops) - return NOTIFY_DONE; - - /* Avoid non-Ethernet type devices */ - if (event_dev->type != ARPHRD_ETHER) - return NOTIFY_DONE; - - /* Avoid Vlan dev with same MAC registering as VF */ - if (is_vlan_dev(event_dev)) - return NOTIFY_DONE; - - /* Avoid Bonding master dev with same MAC registering as VF */ - if (netif_is_bond_master(event_dev)) + ret = check_dev_is_matching_vf(event_dev); + if (ret != 0) return NOTIFY_DONE; switch (event) { case NETDEV_POST_INIT: return netvsc_prepare_bonding(event_dev); case NETDEV_REGISTER: - return netvsc_register_vf(event_dev); + return netvsc_register_vf(event_dev, VF_REG_IN_NOTIFIER); case NETDEV_UNREGISTER: return netvsc_unregister_vf(event_dev); case NETDEV_UP:

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f0e4a1356466ec1858ae8e5c70bea2ce5e55008b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-carload-deniable-e02d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f0e4a1356466 ("pmdomain: renesas: r8a77980-sysc: CR7 must be always on") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0e4a1356466ec1858ae8e5c70bea2ce5e55008b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Fri, 12 Jan 2024 17:33:55 +0100 Subject: [PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The power domain containing the Cortex-R7 CPU core on the R-Car V3H SoC must always be in power-on state, unlike on other SoCs in the R-Car Gen3 family. See Table 9.4 "Power domains" in the R-Car Series, 3rd Generation Hardware User’s Manual Rev.1.00 and later. Fix this by marking the domain as a CPU domain without control registers, so the driver will not touch it. Fixes: 41d6d8bd8ae9 ("soc: renesas: rcar-sysc: add R8A77980 support") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/fdad9a86132d53ecddf72b734dac406915c4edc0.17050767… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/renesas/r8a77980-sysc.c b/drivers/pmdomain/renesas/r8a77980-sysc.c index 39ca84a67daa..621e411fc999 100644 --- a/drivers/pmdomain/renesas/r8a77980-sysc.c +++ b/drivers/pmdomain/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f0e4a1356466ec1858ae8e5c70bea2ce5e55008b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-dividers-resize-9476@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f0e4a1356466 ("pmdomain: renesas: r8a77980-sysc: CR7 must be always on") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0e4a1356466ec1858ae8e5c70bea2ce5e55008b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Fri, 12 Jan 2024 17:33:55 +0100 Subject: [PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The power domain containing the Cortex-R7 CPU core on the R-Car V3H SoC must always be in power-on state, unlike on other SoCs in the R-Car Gen3 family. See Table 9.4 "Power domains" in the R-Car Series, 3rd Generation Hardware User’s Manual Rev.1.00 and later. Fix this by marking the domain as a CPU domain without control registers, so the driver will not touch it. Fixes: 41d6d8bd8ae9 ("soc: renesas: rcar-sysc: add R8A77980 support") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/fdad9a86132d53ecddf72b734dac406915c4edc0.17050767… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/renesas/r8a77980-sysc.c b/drivers/pmdomain/renesas/r8a77980-sysc.c index 39ca84a67daa..621e411fc999 100644 --- a/drivers/pmdomain/renesas/r8a77980-sysc.c +++ b/drivers/pmdomain/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f0e4a1356466ec1858ae8e5c70bea2ce5e55008b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021946-unfitting-schnapps-e6e2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f0e4a1356466 ("pmdomain: renesas: r8a77980-sysc: CR7 must be always on") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0e4a1356466ec1858ae8e5c70bea2ce5e55008b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Fri, 12 Jan 2024 17:33:55 +0100 Subject: [PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The power domain containing the Cortex-R7 CPU core on the R-Car V3H SoC must always be in power-on state, unlike on other SoCs in the R-Car Gen3 family. See Table 9.4 "Power domains" in the R-Car Series, 3rd Generation Hardware User’s Manual Rev.1.00 and later. Fix this by marking the domain as a CPU domain without control registers, so the driver will not touch it. Fixes: 41d6d8bd8ae9 ("soc: renesas: rcar-sysc: add R8A77980 support") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/fdad9a86132d53ecddf72b734dac406915c4edc0.17050767… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/renesas/r8a77980-sysc.c b/drivers/pmdomain/renesas/r8a77980-sysc.c index 39ca84a67daa..621e411fc999 100644 --- a/drivers/pmdomain/renesas/r8a77980-sysc.c +++ b/drivers/pmdomain/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f0e4a1356466ec1858ae8e5c70bea2ce5e55008b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-deletion-semifinal-2050@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f0e4a1356466 ("pmdomain: renesas: r8a77980-sysc: CR7 must be always on") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0e4a1356466ec1858ae8e5c70bea2ce5e55008b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Fri, 12 Jan 2024 17:33:55 +0100 Subject: [PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The power domain containing the Cortex-R7 CPU core on the R-Car V3H SoC must always be in power-on state, unlike on other SoCs in the R-Car Gen3 family. See Table 9.4 "Power domains" in the R-Car Series, 3rd Generation Hardware User’s Manual Rev.1.00 and later. Fix this by marking the domain as a CPU domain without control registers, so the driver will not touch it. Fixes: 41d6d8bd8ae9 ("soc: renesas: rcar-sysc: add R8A77980 support") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/fdad9a86132d53ecddf72b734dac406915c4edc0.17050767… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/renesas/r8a77980-sysc.c b/drivers/pmdomain/renesas/r8a77980-sysc.c index 39ca84a67daa..621e411fc999 100644 --- a/drivers/pmdomain/renesas/r8a77980-sysc.c +++ b/drivers/pmdomain/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f0e4a1356466ec1858ae8e5c70bea2ce5e55008b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021944-left-dazzling-8e79@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f0e4a1356466 ("pmdomain: renesas: r8a77980-sysc: CR7 must be always on") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0e4a1356466ec1858ae8e5c70bea2ce5e55008b Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Fri, 12 Jan 2024 17:33:55 +0100 Subject: [PATCH] pmdomain: renesas: r8a77980-sysc: CR7 must be always on MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The power domain containing the Cortex-R7 CPU core on the R-Car V3H SoC must always be in power-on state, unlike on other SoCs in the R-Car Gen3 family. See Table 9.4 "Power domains" in the R-Car Series, 3rd Generation Hardware User’s Manual Rev.1.00 and later. Fix this by marking the domain as a CPU domain without control registers, so the driver will not touch it. Fixes: 41d6d8bd8ae9 ("soc: renesas: rcar-sysc: add R8A77980 support") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/fdad9a86132d53ecddf72b734dac406915c4edc0.17050767… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/pmdomain/renesas/r8a77980-sysc.c b/drivers/pmdomain/renesas/r8a77980-sysc.c index 39ca84a67daa..621e411fc999 100644 --- a/drivers/pmdomain/renesas/r8a77980-sysc.c +++ b/drivers/pmdomain/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ static const struct rcar_sysc_area r8a77980_areas[] __initconst = { PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR },

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] s390/qeth: Fix potential loss of L3-IP@ in case of network" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2fe8a236436fe40d8d26a1af8d150fc80f04ee1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021907-craziness-snuggle-7e2b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2fe8a236436f ("s390/qeth: Fix potential loss of L3-IP@ in case of network issues") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2fe8a236436fe40d8d26a1af8d150fc80f04ee1a Mon Sep 17 00:00:00 2001 From: Alexandra Winter <wintera(a)linux.ibm.com> Date: Tue, 6 Feb 2024 09:58:49 +0100 Subject: [PATCH] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Symptom: In case of a bad cable connection (e.g. dirty optics) a fast sequence of network DOWN-UP-DOWN-UP could happen. UP triggers recovery of the qeth interface. In case of a second DOWN while recovery is still ongoing, it can happen that the IP@ of a Layer3 qeth interface is lost and will not be recovered by the second UP. Problem: When registration of IP addresses with Layer 3 qeth devices fails, (e.g. because of bad address format) the respective IP address is deleted from its hash-table in the driver. If registration fails because of a ENETDOWN condition, the address should stay in the hashtable, so a subsequent recovery can restore it. 3caa4af834df ("qeth: keep ip-address after LAN_OFFLINE failure") fixes this for registration failures during normal operation, but not during recovery. Solution: Keep L3-IP address in case of ENETDOWN in qeth_l3_recover_ip(). For consistency with qeth_l3_add_ip() we also keep it in case of EADDRINUSE, i.e. for some reason the card already/still has this address registered. Fixes: 4a71df50047f ("qeth: new qeth device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> Link: https://lore.kernel.org/r/20240206085849.2902775-1-wintera@linux.ibm.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c index b92a32b4b114..04c64ce0a1ca 100644 --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -255,9 +255,10 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -278,9 +279,11 @@ static void qeth_l3_recover_ip(struct qeth_card *card) if (addr->disp_flag == QETH_DISP_ADDR_ADD) { rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] s390/qeth: Fix potential loss of L3-IP@ in case of network" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2fe8a236436fe40d8d26a1af8d150fc80f04ee1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021906-aspirin-starless-d7df@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2fe8a236436f ("s390/qeth: Fix potential loss of L3-IP@ in case of network issues") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2fe8a236436fe40d8d26a1af8d150fc80f04ee1a Mon Sep 17 00:00:00 2001 From: Alexandra Winter <wintera(a)linux.ibm.com> Date: Tue, 6 Feb 2024 09:58:49 +0100 Subject: [PATCH] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Symptom: In case of a bad cable connection (e.g. dirty optics) a fast sequence of network DOWN-UP-DOWN-UP could happen. UP triggers recovery of the qeth interface. In case of a second DOWN while recovery is still ongoing, it can happen that the IP@ of a Layer3 qeth interface is lost and will not be recovered by the second UP. Problem: When registration of IP addresses with Layer 3 qeth devices fails, (e.g. because of bad address format) the respective IP address is deleted from its hash-table in the driver. If registration fails because of a ENETDOWN condition, the address should stay in the hashtable, so a subsequent recovery can restore it. 3caa4af834df ("qeth: keep ip-address after LAN_OFFLINE failure") fixes this for registration failures during normal operation, but not during recovery. Solution: Keep L3-IP address in case of ENETDOWN in qeth_l3_recover_ip(). For consistency with qeth_l3_add_ip() we also keep it in case of EADDRINUSE, i.e. for some reason the card already/still has this address registered. Fixes: 4a71df50047f ("qeth: new qeth device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> Link: https://lore.kernel.org/r/20240206085849.2902775-1-wintera@linux.ibm.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c index b92a32b4b114..04c64ce0a1ca 100644 --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -255,9 +255,10 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -278,9 +279,11 @@ static void qeth_l3_recover_ip(struct qeth_card *card) if (addr->disp_flag == QETH_DISP_ADDR_ADD) { rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] fs: relax mount_setattr() permission checks" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46f5ab762d048dad224436978315cbc2fa79c630 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021922-repugnant-crafter-ce03@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 46f5ab762d04 ("fs: relax mount_setattr() permission checks") 87bb5b60019c ("fs: clean up mount_setattr control flow") a26f788b6e7a ("fs: add mnt_allow_writers() and simplify mount_setattr_prepare()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f5ab762d048dad224436978315cbc2fa79c630 Mon Sep 17 00:00:00 2001 From: Christian Brauner <brauner(a)kernel.org> Date: Tue, 6 Feb 2024 11:22:09 +0100 Subject: [PATCH] fs: relax mount_setattr() permission checks When we added mount_setattr() I added additional checks compared to the legacy do_reconfigure_mnt() and do_change_type() helpers used by regular mount(2). If that mount had a parent then verify that the caller and the mount namespace the mount is attached to match and if not make sure that it's an anonymous mount. The real rootfs falls into neither category. It is neither an anoymous mount because it is obviously attached to the initial mount namespace but it also obviously doesn't have a parent mount. So that means legacy mount(2) allows changing mount properties on the real rootfs but mount_setattr(2) blocks this. I never thought much about this but of course someone on this planet of earth changes properties on the real rootfs as can be seen in [1]. Since util-linux finally switched to the new mount api in 2.39 not so long ago it also relies on mount_setattr() and that surfaced this issue when Fedora 39 finally switched to it. Fix this. Link: https://bugzilla.redhat.com/show_bug.cgi?id=2256843 Link: https://lore.kernel.org/r/20240206-vfs-mount-rootfs-v1-1-19b335eee133@kerne… Reviewed-by: Jan Kara <jack(a)suse.cz> Reported-by: Karel Zak <kzak(a)redhat.com> Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/namespace.c b/fs/namespace.c index 437f60e96d40..5a51315c6678 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4472,10 +4472,15 @@ static int do_mount_setattr(struct path *path, struct mount_kattr *kattr) /* * If this is an attached mount make sure it's located in the callers * mount namespace. If it's not don't let the caller interact with it. - * If this is a detached mount make sure it has an anonymous mount - * namespace attached to it, i.e. we've created it via OPEN_TREE_CLONE. + * + * If this mount doesn't have a parent it's most often simply a + * detached mount with an anonymous mount namespace. IOW, something + * that's simply not attached yet. But there are apparently also users + * that do change mount properties on the rootfs itself. That obviously + * neither has a parent nor is it a detached mount so we cannot + * unconditionally check for detached mounts. */ - if (!(mnt_has_parent(mnt) ? check_mnt(mnt) : is_anon_ns(mnt->mnt_ns))) + if ((mnt_has_parent(mnt) || !is_anon_ns(mnt->mnt_ns)) && !check_mnt(mnt)) goto out; /*

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: SOF: IPC3: fix message bounds on ipc ops" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fcbe4873089c84da641df75cda9cac2e9addbb4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021912-plastic-bannister-f6dc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fcbe4873089c ("ASoC: SOF: IPC3: fix message bounds on ipc ops") 12c41c779fad ("ASoC: SOF: Refactor rx function for fuzzing") 989a3e447917 ("ASoC: SOF: ipc3: Check for upper size limit for the received message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fcbe4873089c84da641df75cda9cac2e9addbb4b Mon Sep 17 00:00:00 2001 From: Curtis Malainey <cujomalainey(a)chromium.org> Date: Tue, 13 Feb 2024 14:38:34 +0200 Subject: [PATCH] ASoC: SOF: IPC3: fix message bounds on ipc ops MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") introduced a new allocation before the upper bounds check in do_rx_work. As a result A DSP can cause bad allocations if spewing garbage. Fixes: 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") Reported-by: Tim Van Patten <timvp(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Curtis Malainey <cujomalainey(a)chromium.org> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Daniel Baluta <daniel.baluta(a)nxp.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Link: https://msgid.link/r/20240213123834.4827-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c index fb40378ad084..c03dd513fbff 100644 --- a/sound/soc/sof/ipc3.c +++ b/sound/soc/sof/ipc3.c @@ -1067,7 +1067,7 @@ static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev) return; } - if (hdr.size < sizeof(hdr)) { + if (hdr.size < sizeof(hdr) || hdr.size > SOF_IPC_MSG_MAX_SIZE) { dev_err(sdev->dev, "The received message size is invalid\n"); return; }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021908-spooky-conductor-a78c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") 0130337ec45b ("KVM: s390: Cleanup ipte lock access and SIIF facility checks") 73f91b004321 ("KVM: s390: pci: enable host forwarding of Adapter Event Notifications") 98b1d33dac5f ("KVM: s390: pci: do initial setup for AEN interpretation") 6438e30714ab ("KVM: s390: pci: add basic kvm_zdev structure") 062f002485d4 ("s390/pci: externalize the SIC operation controls and routine") d2197485a188 ("s390/airq: pass more TPI info to airq handlers") 61380a7adfce ("KVM: s390: handle_tprot: Honor storage keys") e613d83454d7 ("KVM: s390: Honor storage keys when accessing guest memory") 79e06c4c4950 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021907-crabgrass-chase-b674@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") 0130337ec45b ("KVM: s390: Cleanup ipte lock access and SIIF facility checks") 73f91b004321 ("KVM: s390: pci: enable host forwarding of Adapter Event Notifications") 98b1d33dac5f ("KVM: s390: pci: do initial setup for AEN interpretation") 6438e30714ab ("KVM: s390: pci: add basic kvm_zdev structure") 062f002485d4 ("s390/pci: externalize the SIC operation controls and routine") d2197485a188 ("s390/airq: pass more TPI info to airq handlers") 61380a7adfce ("KVM: s390: handle_tprot: Honor storage keys") e613d83454d7 ("KVM: s390: Honor storage keys when accessing guest memory") 79e06c4c4950 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021906-gains-squeegee-612d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") 0130337ec45b ("KVM: s390: Cleanup ipte lock access and SIIF facility checks") 73f91b004321 ("KVM: s390: pci: enable host forwarding of Adapter Event Notifications") 98b1d33dac5f ("KVM: s390: pci: do initial setup for AEN interpretation") 6438e30714ab ("KVM: s390: pci: add basic kvm_zdev structure") 062f002485d4 ("s390/pci: externalize the SIC operation controls and routine") d2197485a188 ("s390/airq: pass more TPI info to airq handlers") 61380a7adfce ("KVM: s390: handle_tprot: Honor storage keys") e613d83454d7 ("KVM: s390: Honor storage keys when accessing guest memory") 79e06c4c4950 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021905-spyglass-handed-15bd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") 0130337ec45b ("KVM: s390: Cleanup ipte lock access and SIIF facility checks") 73f91b004321 ("KVM: s390: pci: enable host forwarding of Adapter Event Notifications") 98b1d33dac5f ("KVM: s390: pci: do initial setup for AEN interpretation") 6438e30714ab ("KVM: s390: pci: add basic kvm_zdev structure") 062f002485d4 ("s390/pci: externalize the SIC operation controls and routine") d2197485a188 ("s390/airq: pass more TPI info to airq handlers") 61380a7adfce ("KVM: s390: handle_tprot: Honor storage keys") e613d83454d7 ("KVM: s390: Honor storage keys when accessing guest memory") 79e06c4c4950 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021904-gestate-update-2b10@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: s390: vsie: fix race during shadow creation" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fe752331d4b361d43cfd0b89534b4b2176057c32 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021903-knapsack-change-c3a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fe752331d4b3 ("KVM: s390: vsie: fix race during shadow creation") c3235e2dd695 ("KVM: s390: add stat counter for shadow gmap events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe752331d4b361d43cfd0b89534b4b2176057c32 Mon Sep 17 00:00:00 2001 From: Christian Borntraeger <borntraeger(a)linux.ibm.com> Date: Wed, 20 Dec 2023 13:53:17 +0100 Subject: [PATCH] KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable(a)vger.kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Reviewed-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: set correct id, uid and cruid for multiuser" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4508ec17357094e2075f334948393ddedbb75157 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021928-granite-partake-3387@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4508ec173570 ("smb: client: set correct id, uid and cruid for multiuser automounts") 561f82a3a24c ("smb: client: rename cifs_dfs_ref.c to namespace.c") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") b56bce502f55 ("cifs: set DFS root session in cifs_get_smb_ses()") 7ad54b98fc1f ("cifs: use origin fullpath for automounts") a1c0d00572fc ("cifs: share dfs connections and supers") a73a26d97eca ("cifs: split out ses and tcon retrieval from mount_get_conns()") 2301bc103ac4 ("cifs: remove unused smb3_fs_context::mount_options") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4508ec17357094e2075f334948393ddedbb75157 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Sun, 11 Feb 2024 20:19:30 -0300 Subject: [PATCH] smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount. Fixes: 9fd29a5bae6e ("cifs: use fs_context for automounts") Reported-by: Shane Nehring <snehring(a)iastate.edu> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2259257 Cc: stable(a)vger.kernel.org # 6.2+ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/namespace.c b/fs/smb/client/namespace.c index a6968573b775..4a517b280f2b 100644 --- a/fs/smb/client/namespace.c +++ b/fs/smb/client/namespace.c @@ -168,6 +168,21 @@ static char *automount_fullpath(struct dentry *dentry, void *page) return s; } +static void fs_context_set_ids(struct smb3_fs_context *ctx) +{ + kuid_t uid = current_fsuid(); + kgid_t gid = current_fsgid(); + + if (ctx->multiuser) { + if (!ctx->uid_specified) + ctx->linux_uid = uid; + if (!ctx->gid_specified) + ctx->linux_gid = gid; + } + if (!ctx->cruid_specified) + ctx->cred_uid = uid; +} + /* * Create a vfsmount that we can automount */ @@ -205,6 +220,7 @@ static struct vfsmount *cifs_do_automount(struct path *path) tmp.leaf_fullpath = NULL; tmp.UNC = tmp.prepath = NULL; tmp.dfs_root_ses = NULL; + fs_context_set_ids(&tmp); rc = smb3_fs_context_dup(ctx, &tmp); if (rc) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: set correct id, uid and cruid for multiuser" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4508ec17357094e2075f334948393ddedbb75157 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021928-dragster-release-24a1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4508ec173570 ("smb: client: set correct id, uid and cruid for multiuser automounts") 561f82a3a24c ("smb: client: rename cifs_dfs_ref.c to namespace.c") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") b56bce502f55 ("cifs: set DFS root session in cifs_get_smb_ses()") 7ad54b98fc1f ("cifs: use origin fullpath for automounts") a1c0d00572fc ("cifs: share dfs connections and supers") a73a26d97eca ("cifs: split out ses and tcon retrieval from mount_get_conns()") 2301bc103ac4 ("cifs: remove unused smb3_fs_context::mount_options") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4508ec17357094e2075f334948393ddedbb75157 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Sun, 11 Feb 2024 20:19:30 -0300 Subject: [PATCH] smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount. Fixes: 9fd29a5bae6e ("cifs: use fs_context for automounts") Reported-by: Shane Nehring <snehring(a)iastate.edu> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2259257 Cc: stable(a)vger.kernel.org # 6.2+ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/namespace.c b/fs/smb/client/namespace.c index a6968573b775..4a517b280f2b 100644 --- a/fs/smb/client/namespace.c +++ b/fs/smb/client/namespace.c @@ -168,6 +168,21 @@ static char *automount_fullpath(struct dentry *dentry, void *page) return s; } +static void fs_context_set_ids(struct smb3_fs_context *ctx) +{ + kuid_t uid = current_fsuid(); + kgid_t gid = current_fsgid(); + + if (ctx->multiuser) { + if (!ctx->uid_specified) + ctx->linux_uid = uid; + if (!ctx->gid_specified) + ctx->linux_gid = gid; + } + if (!ctx->cruid_specified) + ctx->cred_uid = uid; +} + /* * Create a vfsmount that we can automount */ @@ -205,6 +220,7 @@ static struct vfsmount *cifs_do_automount(struct path *path) tmp.leaf_fullpath = NULL; tmp.UNC = tmp.prepath = NULL; tmp.dfs_root_ses = NULL; + fs_context_set_ids(&tmp); rc = smb3_fs_context_dup(ctx, &tmp); if (rc) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ec4d82f855ce332de26fe080892483de98cc1a19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021902-gecko-caloric-cd8b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ec4d82f855ce ("thunderbolt: Fix setting the CNS bit in ROUTER_CS_5") d49b4f043d63 ("thunderbolt: Add support for enhanced uni-directional TMU mode") bdc6660e553a ("thunderbolt: Do not call CLx functions from TMU code") 12a14f2fca32 ("thunderbolt: Move CLx support functions into clx.c") ef34add89ee4 ("thunderbolt: Check valid TMU configuration in tb_switch_tmu_configure()") 4e7b4955cba1 ("thunderbolt: Move tb_enable_tmu() close to other TMU functions") 20c2fae9dbe3 ("thunderbolt: Move TMU configuration to tb_enable_tmu()") 7d283f4148f1 ("thunderbolt: Get rid of tb_switch_enable_tmu_1st_child()") 701e73a823bb ("thunderbolt: Rework Titan Ridge TMU objection disable function") 826f55d50de9 ("thunderbolt: Drop useless 'unidirectional' parameter from tb_switch_tmu_is_enabled()") c437dcb18310 ("thunderbolt: Fix a couple of style issues in TMU code") 7ce542219b63 ("thunderbolt: Introduce tb_switch_downstream_port()") 3fe95742af29 ("thunderbolt: Do not touch CL state configuration during discovery") d31137619776 ("thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype") d0f1e0c2a699 ("thunderbolt: Add support for receiver lane margining") b12d2955e732 ("thunderbolt: Add helper to check if CL states are enabled on port") 3846d011403b ("thunderbolt: Pass CL state bitmask to tb_port_clx_supported()") 95f8f1cbc87b ("thunderbolt: Move port CL state functions into correct place in switch.c") b60e31bf18a7 ("thunderbolt: Add DP OUT resource when DP tunnel is discovered") 9e2e5ea3b28f ("Merge tag 'usb-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec4d82f855ce332de26fe080892483de98cc1a19 Mon Sep 17 00:00:00 2001 From: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Date: Sat, 27 Jan 2024 11:26:28 +0800 Subject: [PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 The bit 23, CM TBT3 Not Supported (CNS), in ROUTER_CS_5 indicates whether a USB4 Connection Manager is TBT3-Compatible and should be: 0b for TBT3-Compatible 1b for Not TBT3-Compatible Fixes: b04079837b20 ("thunderbolt: Add initial support for USB4") Cc: stable(a)vger.kernel.org Signed-off-by: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> diff --git a/drivers/thunderbolt/tb_regs.h b/drivers/thunderbolt/tb_regs.h index 87e4795275fe..6f798f6a2b84 100644 --- a/drivers/thunderbolt/tb_regs.h +++ b/drivers/thunderbolt/tb_regs.h @@ -203,7 +203,7 @@ struct tb_regs_switch_header { #define ROUTER_CS_5_WOP BIT(1) #define ROUTER_CS_5_WOU BIT(2) #define ROUTER_CS_5_WOD BIT(3) -#define ROUTER_CS_5_C3S BIT(23) +#define ROUTER_CS_5_CNS BIT(23) #define ROUTER_CS_5_PTO BIT(24) #define ROUTER_CS_5_UTO BIT(25) #define ROUTER_CS_5_HCO BIT(26) diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index f8f0d24ff6e4..1515eff8cc3e 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -290,7 +290,7 @@ int usb4_switch_setup(struct tb_switch *sw) } /* TBT3 supported by the CM */ - val |= ROUTER_CS_5_C3S; + val &= ~ROUTER_CS_5_CNS; return tb_sw_write(sw, &val, TB_CFG_SWITCH, ROUTER_CS_5, 1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ec4d82f855ce332de26fe080892483de98cc1a19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021900-paprika-revisit-a716@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ec4d82f855ce ("thunderbolt: Fix setting the CNS bit in ROUTER_CS_5") d49b4f043d63 ("thunderbolt: Add support for enhanced uni-directional TMU mode") bdc6660e553a ("thunderbolt: Do not call CLx functions from TMU code") 12a14f2fca32 ("thunderbolt: Move CLx support functions into clx.c") ef34add89ee4 ("thunderbolt: Check valid TMU configuration in tb_switch_tmu_configure()") 4e7b4955cba1 ("thunderbolt: Move tb_enable_tmu() close to other TMU functions") 20c2fae9dbe3 ("thunderbolt: Move TMU configuration to tb_enable_tmu()") 7d283f4148f1 ("thunderbolt: Get rid of tb_switch_enable_tmu_1st_child()") 701e73a823bb ("thunderbolt: Rework Titan Ridge TMU objection disable function") 826f55d50de9 ("thunderbolt: Drop useless 'unidirectional' parameter from tb_switch_tmu_is_enabled()") c437dcb18310 ("thunderbolt: Fix a couple of style issues in TMU code") 7ce542219b63 ("thunderbolt: Introduce tb_switch_downstream_port()") 3fe95742af29 ("thunderbolt: Do not touch CL state configuration during discovery") d31137619776 ("thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec4d82f855ce332de26fe080892483de98cc1a19 Mon Sep 17 00:00:00 2001 From: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Date: Sat, 27 Jan 2024 11:26:28 +0800 Subject: [PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 The bit 23, CM TBT3 Not Supported (CNS), in ROUTER_CS_5 indicates whether a USB4 Connection Manager is TBT3-Compatible and should be: 0b for TBT3-Compatible 1b for Not TBT3-Compatible Fixes: b04079837b20 ("thunderbolt: Add initial support for USB4") Cc: stable(a)vger.kernel.org Signed-off-by: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> diff --git a/drivers/thunderbolt/tb_regs.h b/drivers/thunderbolt/tb_regs.h index 87e4795275fe..6f798f6a2b84 100644 --- a/drivers/thunderbolt/tb_regs.h +++ b/drivers/thunderbolt/tb_regs.h @@ -203,7 +203,7 @@ struct tb_regs_switch_header { #define ROUTER_CS_5_WOP BIT(1) #define ROUTER_CS_5_WOU BIT(2) #define ROUTER_CS_5_WOD BIT(3) -#define ROUTER_CS_5_C3S BIT(23) +#define ROUTER_CS_5_CNS BIT(23) #define ROUTER_CS_5_PTO BIT(24) #define ROUTER_CS_5_UTO BIT(25) #define ROUTER_CS_5_HCO BIT(26) diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index f8f0d24ff6e4..1515eff8cc3e 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -290,7 +290,7 @@ int usb4_switch_setup(struct tb_switch *sw) } /* TBT3 supported by the CM */ - val |= ROUTER_CS_5_C3S; + val &= ~ROUTER_CS_5_CNS; return tb_sw_write(sw, &val, TB_CFG_SWITCH, ROUTER_CS_5, 1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ec4d82f855ce332de26fe080892483de98cc1a19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021901-java-rejoice-9b51@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ec4d82f855ce ("thunderbolt: Fix setting the CNS bit in ROUTER_CS_5") d49b4f043d63 ("thunderbolt: Add support for enhanced uni-directional TMU mode") bdc6660e553a ("thunderbolt: Do not call CLx functions from TMU code") 12a14f2fca32 ("thunderbolt: Move CLx support functions into clx.c") ef34add89ee4 ("thunderbolt: Check valid TMU configuration in tb_switch_tmu_configure()") 4e7b4955cba1 ("thunderbolt: Move tb_enable_tmu() close to other TMU functions") 20c2fae9dbe3 ("thunderbolt: Move TMU configuration to tb_enable_tmu()") 7d283f4148f1 ("thunderbolt: Get rid of tb_switch_enable_tmu_1st_child()") 701e73a823bb ("thunderbolt: Rework Titan Ridge TMU objection disable function") 826f55d50de9 ("thunderbolt: Drop useless 'unidirectional' parameter from tb_switch_tmu_is_enabled()") c437dcb18310 ("thunderbolt: Fix a couple of style issues in TMU code") 7ce542219b63 ("thunderbolt: Introduce tb_switch_downstream_port()") 3fe95742af29 ("thunderbolt: Do not touch CL state configuration during discovery") d31137619776 ("thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype") d0f1e0c2a699 ("thunderbolt: Add support for receiver lane margining") b12d2955e732 ("thunderbolt: Add helper to check if CL states are enabled on port") 3846d011403b ("thunderbolt: Pass CL state bitmask to tb_port_clx_supported()") 95f8f1cbc87b ("thunderbolt: Move port CL state functions into correct place in switch.c") b60e31bf18a7 ("thunderbolt: Add DP OUT resource when DP tunnel is discovered") 9e2e5ea3b28f ("Merge tag 'usb-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec4d82f855ce332de26fe080892483de98cc1a19 Mon Sep 17 00:00:00 2001 From: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Date: Sat, 27 Jan 2024 11:26:28 +0800 Subject: [PATCH] thunderbolt: Fix setting the CNS bit in ROUTER_CS_5 The bit 23, CM TBT3 Not Supported (CNS), in ROUTER_CS_5 indicates whether a USB4 Connection Manager is TBT3-Compatible and should be: 0b for TBT3-Compatible 1b for Not TBT3-Compatible Fixes: b04079837b20 ("thunderbolt: Add initial support for USB4") Cc: stable(a)vger.kernel.org Signed-off-by: Mohammad Rahimi <rahimi.mhmmd(a)gmail.com> Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> diff --git a/drivers/thunderbolt/tb_regs.h b/drivers/thunderbolt/tb_regs.h index 87e4795275fe..6f798f6a2b84 100644 --- a/drivers/thunderbolt/tb_regs.h +++ b/drivers/thunderbolt/tb_regs.h @@ -203,7 +203,7 @@ struct tb_regs_switch_header { #define ROUTER_CS_5_WOP BIT(1) #define ROUTER_CS_5_WOU BIT(2) #define ROUTER_CS_5_WOD BIT(3) -#define ROUTER_CS_5_C3S BIT(23) +#define ROUTER_CS_5_CNS BIT(23) #define ROUTER_CS_5_PTO BIT(24) #define ROUTER_CS_5_UTO BIT(25) #define ROUTER_CS_5_HCO BIT(26) diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index f8f0d24ff6e4..1515eff8cc3e 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -290,7 +290,7 @@ int usb4_switch_setup(struct tb_switch *sw) } /* TBT3 supported by the CM */ - val |= ROUTER_CS_5_C3S; + val &= ~ROUTER_CS_5_CNS; return tb_sw_write(sw, &val, TB_CFG_SWITCH, ROUTER_CS_5, 1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-penholder-identify-b98c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b5d1b4b46f85 ("PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()") 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") 92af77ca26f7 ("PCI: dwc: Use FIELD_GET/PREP()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Fri, 26 Jan 2024 11:40:37 +0300 Subject: [PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "msg_addr" variable is u64. However, the "aligned_offset" is an unsigned int. This means that when the code does: msg_addr &= ~aligned_offset; it will unintentionally zero out the high 32 bits. Use ALIGN_DOWN() to do the alignment instead. Fixes: 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") Link: https://lore.kernel.org/r/af59c7ad-ab93-40f7-ad4a-7ac0b14d37f5@moroto.mount… Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index 5befed2dc02b..d6b66597101e 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -6,6 +6,7 @@ * Author: Kishon Vijay Abraham I <kishon(a)ti.com> */ +#include <linux/align.h> #include <linux/bitfield.h> #include <linux/of.h> #include <linux/platform_device.h> @@ -551,7 +552,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, } aligned_offset = msg_addr & (epc->mem->window.page_size - 1); - msg_addr &= ~aligned_offset; + msg_addr = ALIGN_DOWN(msg_addr, epc->mem->window.page_size); ret = dw_pcie_ep_map_addr(epc, func_no, 0, ep->msi_mem_phys, msg_addr, epc->mem->window.page_size); if (ret)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021946-sprain-turmoil-2ff2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b5d1b4b46f85 ("PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()") 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") 92af77ca26f7 ("PCI: dwc: Use FIELD_GET/PREP()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Fri, 26 Jan 2024 11:40:37 +0300 Subject: [PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "msg_addr" variable is u64. However, the "aligned_offset" is an unsigned int. This means that when the code does: msg_addr &= ~aligned_offset; it will unintentionally zero out the high 32 bits. Use ALIGN_DOWN() to do the alignment instead. Fixes: 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") Link: https://lore.kernel.org/r/af59c7ad-ab93-40f7-ad4a-7ac0b14d37f5@moroto.mount… Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index 5befed2dc02b..d6b66597101e 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -6,6 +6,7 @@ * Author: Kishon Vijay Abraham I <kishon(a)ti.com> */ +#include <linux/align.h> #include <linux/bitfield.h> #include <linux/of.h> #include <linux/platform_device.h> @@ -551,7 +552,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, } aligned_offset = msg_addr & (epc->mem->window.page_size - 1); - msg_addr &= ~aligned_offset; + msg_addr = ALIGN_DOWN(msg_addr, epc->mem->window.page_size); ret = dw_pcie_ep_map_addr(epc, func_no, 0, ep->msi_mem_phys, msg_addr, epc->mem->window.page_size); if (ret)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-droplet-overbid-1f08@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b5d1b4b46f85 ("PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()") 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") 92af77ca26f7 ("PCI: dwc: Use FIELD_GET/PREP()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b5d1b4b46f856da1473c7ba9a5cdfcb55c9b2478 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Fri, 26 Jan 2024 11:40:37 +0300 Subject: [PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "msg_addr" variable is u64. However, the "aligned_offset" is an unsigned int. This means that when the code does: msg_addr &= ~aligned_offset; it will unintentionally zero out the high 32 bits. Use ALIGN_DOWN() to do the alignment instead. Fixes: 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") Link: https://lore.kernel.org/r/af59c7ad-ab93-40f7-ad4a-7ac0b14d37f5@moroto.mount… Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index 5befed2dc02b..d6b66597101e 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -6,6 +6,7 @@ * Author: Kishon Vijay Abraham I <kishon(a)ti.com> */ +#include <linux/align.h> #include <linux/bitfield.h> #include <linux/of.h> #include <linux/platform_device.h> @@ -551,7 +552,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, } aligned_offset = msg_addr & (epc->mem->window.page_size - 1); - msg_addr &= ~aligned_offset; + msg_addr = ALIGN_DOWN(msg_addr, epc->mem->window.page_size); ret = dw_pcie_ep_map_addr(epc, func_no, 0, ep->msi_mem_phys, msg_addr, epc->mem->window.page_size); if (ret)

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c98d8836b817d11fdff4ca7749cbbe04ff7f0c64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-regally-festival-39c8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c98d8836b817 ("wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()") 23a5f0af6ff4 ("wifi: mac80211: remove cipher scheme support") 6d501764288c ("mac80211: introduce channel switch disconnect function") 71abf71e9e63 ("mac80211: Remove unused assignment statements") 77dfc2bc0bb4 ("mac80211: do not access the IV when it was stripped") 63214f02cff9 ("mac80211: save transmit power envelope element and power constraint") 405fca8a9461 ("ieee80211: add power type definition for 6 GHz") 5d24828d05f3 ("mac80211: always allocate struct ieee802_11_elems") c6e37ed498f9 ("mac80211: move CRC into struct ieee802_11_elems") a5b983c60731 ("mac80211: mesh: clean up rx_bcn_presp API") 65be6aa36ded ("mac80211: add HE 6 GHz capability only if supported") 15fae3410f1d ("mac80211: notify driver on mgd TX completion") 9bd6a83e53a7 ("mac80211: add vendor-specific capabilities to assoc request") bac2fd3d7534 ("mac80211: remove use of ieee80211_get_he_sta_cap()") c74025f47ac8 ("mac80211: rearrange struct txq_info for fewer holes") d8b261548dcf ("mac80211: add to bss_conf if broadcast TWT is supported") bbc6f03ff26e ("mac80211: reset profile_periodicity/ema_ap") bf30ca922a0c ("mac80211: check defrag PN against current frame") 3a11ce08c45b ("mac80211: add fragment cache to sta_info") 270032a2a9c4 ("mac80211: drop A-MSDUs on old ciphers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c98d8836b817d11fdff4ca7749cbbe04ff7f0c64 Mon Sep 17 00:00:00 2001 From: Johannes Berg <johannes.berg(a)intel.com> Date: Wed, 31 Jan 2024 16:49:10 +0100 Subject: [PATCH] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() This pointer can change here since the SKB can change, so we actually later open-coded IEEE80211_SKB_CB() again. Reload the pointer where needed, so the monitor-mode case using it gets fixed, and then use info-> later as well. Cc: stable(a)vger.kernel.org Fixes: 531682159092 ("mac80211: fix VLAN handling with TXQs") Link: https://msgid.link/20240131164910.b54c28d583bc.I29450cec84ea6773cff5d9c16ff… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index e448ab338448..6fbb15b65902 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -5,7 +5,7 @@ * Copyright 2006-2007 Jiri Benc <jbenc(a)suse.cz> * Copyright 2007 Johannes Berg <johannes(a)sipsolutions.net> * Copyright 2013-2014 Intel Mobile Communications GmbH - * Copyright (C) 2018-2022 Intel Corporation + * Copyright (C) 2018-2024 Intel Corporation * * Transmit and frame generation functions. */ @@ -3927,6 +3927,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, goto begin; skb = __skb_dequeue(&tx.skbs); + info = IEEE80211_SKB_CB(skb); if (!skb_queue_empty(&tx.skbs)) { spin_lock_bh(&fq->lock); @@ -3971,7 +3972,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, } encap_out: - IEEE80211_SKB_CB(skb)->control.vif = vif; + info->control.vif = vif; if (tx.sta && wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c98d8836b817d11fdff4ca7749cbbe04ff7f0c64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-unshaven-machine-1e73@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c98d8836b817 ("wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()") 23a5f0af6ff4 ("wifi: mac80211: remove cipher scheme support") 6d501764288c ("mac80211: introduce channel switch disconnect function") 71abf71e9e63 ("mac80211: Remove unused assignment statements") 77dfc2bc0bb4 ("mac80211: do not access the IV when it was stripped") 63214f02cff9 ("mac80211: save transmit power envelope element and power constraint") 405fca8a9461 ("ieee80211: add power type definition for 6 GHz") 5d24828d05f3 ("mac80211: always allocate struct ieee802_11_elems") c6e37ed498f9 ("mac80211: move CRC into struct ieee802_11_elems") a5b983c60731 ("mac80211: mesh: clean up rx_bcn_presp API") 65be6aa36ded ("mac80211: add HE 6 GHz capability only if supported") 15fae3410f1d ("mac80211: notify driver on mgd TX completion") 9bd6a83e53a7 ("mac80211: add vendor-specific capabilities to assoc request") bac2fd3d7534 ("mac80211: remove use of ieee80211_get_he_sta_cap()") c74025f47ac8 ("mac80211: rearrange struct txq_info for fewer holes") d8b261548dcf ("mac80211: add to bss_conf if broadcast TWT is supported") bbc6f03ff26e ("mac80211: reset profile_periodicity/ema_ap") bf30ca922a0c ("mac80211: check defrag PN against current frame") 3a11ce08c45b ("mac80211: add fragment cache to sta_info") 270032a2a9c4 ("mac80211: drop A-MSDUs on old ciphers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c98d8836b817d11fdff4ca7749cbbe04ff7f0c64 Mon Sep 17 00:00:00 2001 From: Johannes Berg <johannes.berg(a)intel.com> Date: Wed, 31 Jan 2024 16:49:10 +0100 Subject: [PATCH] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() This pointer can change here since the SKB can change, so we actually later open-coded IEEE80211_SKB_CB() again. Reload the pointer where needed, so the monitor-mode case using it gets fixed, and then use info-> later as well. Cc: stable(a)vger.kernel.org Fixes: 531682159092 ("mac80211: fix VLAN handling with TXQs") Link: https://msgid.link/20240131164910.b54c28d583bc.I29450cec84ea6773cff5d9c16ff… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index e448ab338448..6fbb15b65902 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -5,7 +5,7 @@ * Copyright 2006-2007 Jiri Benc <jbenc(a)suse.cz> * Copyright 2007 Johannes Berg <johannes(a)sipsolutions.net> * Copyright 2013-2014 Intel Mobile Communications GmbH - * Copyright (C) 2018-2022 Intel Corporation + * Copyright (C) 2018-2024 Intel Corporation * * Transmit and frame generation functions. */ @@ -3927,6 +3927,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, goto begin; skb = __skb_dequeue(&tx.skbs); + info = IEEE80211_SKB_CB(skb); if (!skb_queue_empty(&tx.skbs)) { spin_lock_bh(&fq->lock); @@ -3971,7 +3972,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, } encap_out: - IEEE80211_SKB_CB(skb)->control.vif = vif; + info->control.vif = vif; if (tx.sta && wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021950-voltage-culprit-3dd5@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") 679bd7ebdd31 ("nilfs2: fix buffer corruption due to concurrent device reads") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021948-sacrifice-superior-85e5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") 679bd7ebdd31 ("nilfs2: fix buffer corruption due to concurrent device reads") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021947-stays-preflight-796b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") 679bd7ebdd31 ("nilfs2: fix buffer corruption due to concurrent device reads") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021945-output-concave-3ad1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") 679bd7ebdd31 ("nilfs2: fix buffer corruption due to concurrent device reads") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021944-impolite-substance-4bc0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") 679bd7ebdd31 ("nilfs2: fix buffer corruption due to concurrent device reads") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021942-tabloid-clarinet-50d2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential bug in end_buffer_async_write" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 5bc09b397cbf1221f8a8aacb1152650c9195b02b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021941-aerobics-disliking-5751@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 5bc09b397cbf ("nilfs2: fix potential bug in end_buffer_async_write") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") 3cd36212bf75 ("nilfs2: convert nilfs_segctor_complete_write to use folios") 50196f0081ca ("nilfs2: convert nilfs_abort_logs to use folios") 8f46eaf6fd84 ("nilfs2: add nilfs_end_folio_io()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5bc09b397cbf1221f8a8aacb1152650c9195b02b Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 4 Feb 2024 01:16:45 +0900 Subject: [PATCH] nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 2590a0860eab..2bfb08052d39 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list_head *logs, int err) list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio;

1 year, 7 months

1
0
0 0

[PATCH 6.6 6.7] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

by Ryusuke Konishi

commit 38296afe3c6ee07319e01bb249aa4bb47c07b534 upstream. Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty. Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount, so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait for writeback to finish regardless of the stable write requirement of the backing device. Link: https://lkml.kernel.org/r/20240131145657.4209-1-konishi.ryusuke@gmail.com Fixes: 1d1d1a767206 ("mm: only enforce stable page writes if the backing device requires it") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+ee2ae68da3b22d04cd8d(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000047d819061004ad6c@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please apply this patch to the stable trees indicated by the subject line prefix. These versions do not yet have page-to-folio conversion applied to the target function, so page-based "wait_on_page_writeback()" is used instead of "folio_wait_writeback()" in this patch. This did not apply as-is to v6.5 and earlier versions due to an fs-wide change. So I would like to post a separate patch for earlier stable trees. Thanks, Ryusuke Konishi fs/nilfs2/file.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/nilfs2/file.c b/fs/nilfs2/file.c index 740ce26d1e76..0505feef79f4 100644 --- a/fs/nilfs2/file.c +++ b/fs/nilfs2/file.c @@ -105,7 +105,13 @@ static vm_fault_t nilfs_page_mkwrite(struct vm_fault *vmf) nilfs_transaction_commit(inode->i_sb); mapped: - wait_for_stable_page(page); + /* + * Since checksumming including data blocks is performed to determine + * the validity of the log to be written and used for recovery, it is + * necessary to wait for writeback to finish here, regardless of the + * stable write requirement of the backing device. + */ + wait_on_page_writeback(page); out: sb_end_pagefault(inode->i_sb); return vmf_fs_error(ret); -- 2.39.3

1 year, 7 months

2
1
0 0

FAILED: patch "[PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x ea73179e64131bcd29ba6defd33732abdf8ca14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021900-scorch-tripping-95c2@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: ea73179e6413 ("powerpc/ftrace: Ignore ftrace locations in exit text sections") 2ec36570c358 ("powerpc/ftrace: Fix indentation in ftrace.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea73179e64131bcd29ba6defd33732abdf8ca14b Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Tue, 13 Feb 2024 23:24:10 +0530 Subject: [PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections Michael reported that we are seeing an ftrace bug on bootup when KASAN is enabled and we are using -fpatchable-function-entry: ftrace: allocating 47780 entries in 18 pages ftrace-powerpc: 0xc0000000020b3d5c: No module provided for non-kernel address ------------[ ftrace bug ]------------ ftrace faulted on modifying [<c0000000020b3d5c>] 0xc0000000020b3d5c Initializing ftrace call sites ftrace record flags: 0 (0) expected tramp: c00000000008cef4 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:2180 ftrace_bug+0x3c0/0x424 Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-00120-g0f71dcfb4aef #860 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c0000000003aa81c LR: c0000000003aa818 CTR: 0000000000000000 REGS: c0000000033cfab0 TRAP: 0700 Not tainted (6.5.0-rc3-00120-g0f71dcfb4aef) MSR: 8000000002021033 <SF,VEC,ME,IR,DR,RI,LE> CR: 28028240 XER: 00000000 CFAR: c0000000002781a8 IRQMASK: 3 ... NIP [c0000000003aa81c] ftrace_bug+0x3c0/0x424 LR [c0000000003aa818] ftrace_bug+0x3bc/0x424 Call Trace: ftrace_bug+0x3bc/0x424 (unreliable) ftrace_process_locs+0x5f4/0x8a0 ftrace_init+0xc0/0x1d0 start_kernel+0x1d8/0x484 With CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y and CONFIG_KASAN=y, compiler emits nops in functions that it generates for registering and unregistering global variables (unlike with -pg and -mprofile-kernel where calls to _mcount() are not generated in those functions). Those functions then end up in INIT_TEXT and EXIT_TEXT respectively. We don't expect to see any profiled functions in EXIT_TEXT, so ftrace_init_nop() assumes that all addresses that aren't in the core kernel text belongs to a module. Since these functions do not match that criteria, we see the above bug. Address this by having ftrace ignore all locations in the text exit sections of vmlinux. Fixes: 0f71dcfb4aef ("powerpc/ftrace: Add support for -fpatchable-function-entry") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Reviewed-by: Benjamin Gray <bgray(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240213175410.1091313-1-naveen@kernel.org diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h index 1ebd2ca97f12..107fc5a48456 100644 --- a/arch/powerpc/include/asm/ftrace.h +++ b/arch/powerpc/include/asm/ftrace.h @@ -20,14 +20,6 @@ #ifndef __ASSEMBLY__ extern void _mcount(void); -static inline unsigned long ftrace_call_adjust(unsigned long addr) -{ - if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) - addr += MCOUNT_INSN_SIZE; - - return addr; -} - unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip, unsigned long sp); @@ -142,8 +134,10 @@ static inline u8 this_cpu_get_ftrace_enabled(void) { return 1; } #ifdef CONFIG_FUNCTION_TRACER extern unsigned int ftrace_tramp_text[], ftrace_tramp_init[]; void ftrace_free_init_tramp(void); +unsigned long ftrace_call_adjust(unsigned long addr); #else static inline void ftrace_free_init_tramp(void) { } +static inline unsigned long ftrace_call_adjust(unsigned long addr) { return addr; } #endif #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/include/asm/sections.h b/arch/powerpc/include/asm/sections.h index ea26665f82cf..f43f3a6b0051 100644 --- a/arch/powerpc/include/asm/sections.h +++ b/arch/powerpc/include/asm/sections.h @@ -14,6 +14,7 @@ typedef struct func_desc func_desc_t; extern char __head_end[]; extern char __srwx_boundary[]; +extern char __exittext_begin[], __exittext_end[]; /* Patch sites */ extern s32 patch__call_flush_branch_caches1; diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c index 82010629cf88..d8d6b4fd9a14 100644 --- a/arch/powerpc/kernel/trace/ftrace.c +++ b/arch/powerpc/kernel/trace/ftrace.c @@ -27,10 +27,22 @@ #include <asm/ftrace.h> #include <asm/syscall.h> #include <asm/inst.h> +#include <asm/sections.h> #define NUM_FTRACE_TRAMPS 2 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + if (addr >= (unsigned long)__exittext_begin && addr < (unsigned long)__exittext_end) + return 0; + + if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) + addr += MCOUNT_INSN_SIZE; + + return addr; +} + static ppc_inst_t ftrace_create_branch_inst(unsigned long ip, unsigned long addr, int link) { ppc_inst_t op; diff --git a/arch/powerpc/kernel/trace/ftrace_64_pg.c b/arch/powerpc/kernel/trace/ftrace_64_pg.c index 7b85c3b460a3..12fab1803bcf 100644 --- a/arch/powerpc/kernel/trace/ftrace_64_pg.c +++ b/arch/powerpc/kernel/trace/ftrace_64_pg.c @@ -37,6 +37,11 @@ #define NUM_FTRACE_TRAMPS 8 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + return addr; +} + static ppc_inst_t ftrace_call_replace(unsigned long ip, unsigned long addr, int link) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 1c5970df3233..f420df7888a7 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -281,7 +281,9 @@ SECTIONS * to deal with references from __bug_table */ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { + __exittext_begin = .; EXIT_TEXT + __exittext_end = .; } . = ALIGN(PAGE_SIZE);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/64: Set task pt_regs->link to the LR value on scv" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x aad98efd0b121f63a2e1c221dcb4d4850128c697 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021931-venue-await-dbc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: aad98efd0b12 ("powerpc/64: Set task pt_regs->link to the LR value on scv entry") e754f4d13e39 ("powerpc/64: move interrupt return asm to interrupt_64.S") 59dc5bfca0cb ("powerpc/64s: avoid reloading (H)SRR registers if they are still valid") 1df7d5e4baea ("powerpc/64s: introduce different functions to return from SRR vs HSRR interrupts") ac3d085368b3 ("powerpc/signal32: Remove impossible #ifdef combinations") 69d4d6e5fd9f ("powerpc: Don't use 'struct ppc_inst' to reference instruction location") e90a21ea801d ("powerpc/lib/code-patching: Don't use struct 'ppc_inst' for runnable code in tests.") 6c0d181daabc ("powerpc/lib/code-patching: Make instr_is_branch_to_addr() static") 18c85964b10b ("powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups)") f30becb5e9ec ("powerpc: Replace PPC_INST_NOP by PPC_RAW_NOP()") ef909ba95414 ("powerpc/lib/feature-fixups: Use PPC_RAW_xxx() macros") 5a03e1e9728e ("powerpc/ftrace: Use PPC_RAW_MFLR() and PPC_RAW_NOP()") e73045975601 ("powerpc/security: Use PPC_RAW_BLR() and PPC_RAW_NOP()") 47b04699d070 ("powerpc/modules: Use PPC_RAW_xx() macros") 1c9debbc2eb5 ("powerpc/signal: Use PPC_RAW_xx() macros") 82123a3d1d5a ("powerpc/kprobes: Fix validation of prefixed instructions across page boundary") d72500f99284 ("powerpc/64s/syscall: Fix ptrace syscall info with scv syscalls") 5b48ba2fbd77 ("powerpc/64s: Fix stf mitigation patching w/strict RWX & hash") 49b39ec248af ("powerpc/64s: Fix entry flush patching w/strict RWX & hash") 2c8c89b95831 ("powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aad98efd0b121f63a2e1c221dcb4d4850128c697 Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Fri, 2 Feb 2024 21:13:16 +0530 Subject: [PATCH] powerpc/64: Set task pt_regs->link to the LR value on scv entry Nysal reported that userspace backtraces are missing in offcputime bcc tool. As an example: $ sudo ./bcc/tools/offcputime.py -uU Tracing off-CPU time (us) of user threads by user stack... Hit Ctrl-C to end. ^C write - python (9107) 8 write - sudo (9105) 9 mmap - python (9107) 16 clock_nanosleep - multipathd (697) 3001604 The offcputime bcc tool attaches a bpf program to a kprobe on finish_task_switch(), which is usually hit on a syscall from userspace. With the switch to system call vectored, we started setting pt_regs->link to zero. This is because system call vectored behaves like a function call with LR pointing to the system call return address, and with no modification to SRR0/SRR1. The LR value does indicate our next instruction, so it is being saved as pt_regs->nip, and pt_regs->link is being set to zero. This is not a problem by itself, but BPF uses perf callchain infrastructure for capturing stack traces, and that stores LR as the second entry in the stack trace. perf has code to cope with the second entry being zero, and skips over it. However, generic userspace unwinders assume that a zero entry indicates end of the stack trace, resulting in a truncated userspace stack trace. Rather than fixing all userspace unwinders to ignore/skip past the second entry, store the real LR value in pt_regs->link so that there continues to be a valid, though duplicate entry in the stack trace. With this change: $ sudo ./bcc/tools/offcputime.py -uU Tracing off-CPU time (us) of user threads by user stack... Hit Ctrl-C to end. ^C write write [unknown] [unknown] [unknown] [unknown] [unknown] PyObject_VectorcallMethod [unknown] [unknown] PyObject_CallOneArg PyFile_WriteObject PyFile_WriteString [unknown] [unknown] PyObject_Vectorcall _PyEval_EvalFrameDefault PyEval_EvalCode [unknown] [unknown] [unknown] _PyRun_SimpleFileObject _PyRun_AnyFileObject Py_RunMain [unknown] Py_BytesMain [unknown] __libc_start_main - python (1293) 7 write write [unknown] sudo_ev_loop_v1 sudo_ev_dispatch_v1 [unknown] [unknown] [unknown] [unknown] __libc_start_main - sudo (1291) 7 syscall syscall bpf_open_perf_buffer_opts [unknown] [unknown] [unknown] [unknown] _PyObject_MakeTpCall PyObject_Vectorcall _PyEval_EvalFrameDefault PyEval_EvalCode [unknown] [unknown] [unknown] _PyRun_SimpleFileObject _PyRun_AnyFileObject Py_RunMain [unknown] Py_BytesMain [unknown] __libc_start_main - python (1293) 11 clock_nanosleep clock_nanosleep nanosleep sleep [unknown] [unknown] __clone - multipathd (698) 3001661 Fixes: 7fa95f9adaee ("powerpc/64s: system call support for scv/rfscv instructions") Cc: stable(a)vger.kernel.org Reported-by: "Nysal Jan K.A" <nysal(a)linux.ibm.com> Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240202154316.395276-1-naveen@kernel.org diff --git a/arch/powerpc/kernel/interrupt_64.S b/arch/powerpc/kernel/interrupt_64.S index bd863702d812..1ad059a9e2fe 100644 --- a/arch/powerpc/kernel/interrupt_64.S +++ b/arch/powerpc/kernel/interrupt_64.S @@ -52,7 +52,8 @@ _ASM_NOKPROBE_SYMBOL(system_call_vectored_\name) mr r10,r1 ld r1,PACAKSAVE(r13) std r10,0(r1) - std r11,_NIP(r1) + std r11,_LINK(r1) + std r11,_NIP(r1) /* Saved LR is also the next instruction */ std r12,_MSR(r1) std r0,GPR0(r1) std r10,GPR1(r1) @@ -70,7 +71,6 @@ _ASM_NOKPROBE_SYMBOL(system_call_vectored_\name) std r9,GPR13(r1) SAVE_NVGPRS(r1) std r11,_XER(r1) - std r11,_LINK(r1) std r11,_CTR(r1) li r11,\trapnr

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ea73179e64131bcd29ba6defd33732abdf8ca14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021901-stallion-swaddling-5833@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ea73179e6413 ("powerpc/ftrace: Ignore ftrace locations in exit text sections") 2ec36570c358 ("powerpc/ftrace: Fix indentation in ftrace.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea73179e64131bcd29ba6defd33732abdf8ca14b Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Tue, 13 Feb 2024 23:24:10 +0530 Subject: [PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections Michael reported that we are seeing an ftrace bug on bootup when KASAN is enabled and we are using -fpatchable-function-entry: ftrace: allocating 47780 entries in 18 pages ftrace-powerpc: 0xc0000000020b3d5c: No module provided for non-kernel address ------------[ ftrace bug ]------------ ftrace faulted on modifying [<c0000000020b3d5c>] 0xc0000000020b3d5c Initializing ftrace call sites ftrace record flags: 0 (0) expected tramp: c00000000008cef4 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:2180 ftrace_bug+0x3c0/0x424 Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-00120-g0f71dcfb4aef #860 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c0000000003aa81c LR: c0000000003aa818 CTR: 0000000000000000 REGS: c0000000033cfab0 TRAP: 0700 Not tainted (6.5.0-rc3-00120-g0f71dcfb4aef) MSR: 8000000002021033 <SF,VEC,ME,IR,DR,RI,LE> CR: 28028240 XER: 00000000 CFAR: c0000000002781a8 IRQMASK: 3 ... NIP [c0000000003aa81c] ftrace_bug+0x3c0/0x424 LR [c0000000003aa818] ftrace_bug+0x3bc/0x424 Call Trace: ftrace_bug+0x3bc/0x424 (unreliable) ftrace_process_locs+0x5f4/0x8a0 ftrace_init+0xc0/0x1d0 start_kernel+0x1d8/0x484 With CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y and CONFIG_KASAN=y, compiler emits nops in functions that it generates for registering and unregistering global variables (unlike with -pg and -mprofile-kernel where calls to _mcount() are not generated in those functions). Those functions then end up in INIT_TEXT and EXIT_TEXT respectively. We don't expect to see any profiled functions in EXIT_TEXT, so ftrace_init_nop() assumes that all addresses that aren't in the core kernel text belongs to a module. Since these functions do not match that criteria, we see the above bug. Address this by having ftrace ignore all locations in the text exit sections of vmlinux. Fixes: 0f71dcfb4aef ("powerpc/ftrace: Add support for -fpatchable-function-entry") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Reviewed-by: Benjamin Gray <bgray(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240213175410.1091313-1-naveen@kernel.org diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h index 1ebd2ca97f12..107fc5a48456 100644 --- a/arch/powerpc/include/asm/ftrace.h +++ b/arch/powerpc/include/asm/ftrace.h @@ -20,14 +20,6 @@ #ifndef __ASSEMBLY__ extern void _mcount(void); -static inline unsigned long ftrace_call_adjust(unsigned long addr) -{ - if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) - addr += MCOUNT_INSN_SIZE; - - return addr; -} - unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip, unsigned long sp); @@ -142,8 +134,10 @@ static inline u8 this_cpu_get_ftrace_enabled(void) { return 1; } #ifdef CONFIG_FUNCTION_TRACER extern unsigned int ftrace_tramp_text[], ftrace_tramp_init[]; void ftrace_free_init_tramp(void); +unsigned long ftrace_call_adjust(unsigned long addr); #else static inline void ftrace_free_init_tramp(void) { } +static inline unsigned long ftrace_call_adjust(unsigned long addr) { return addr; } #endif #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/include/asm/sections.h b/arch/powerpc/include/asm/sections.h index ea26665f82cf..f43f3a6b0051 100644 --- a/arch/powerpc/include/asm/sections.h +++ b/arch/powerpc/include/asm/sections.h @@ -14,6 +14,7 @@ typedef struct func_desc func_desc_t; extern char __head_end[]; extern char __srwx_boundary[]; +extern char __exittext_begin[], __exittext_end[]; /* Patch sites */ extern s32 patch__call_flush_branch_caches1; diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c index 82010629cf88..d8d6b4fd9a14 100644 --- a/arch/powerpc/kernel/trace/ftrace.c +++ b/arch/powerpc/kernel/trace/ftrace.c @@ -27,10 +27,22 @@ #include <asm/ftrace.h> #include <asm/syscall.h> #include <asm/inst.h> +#include <asm/sections.h> #define NUM_FTRACE_TRAMPS 2 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + if (addr >= (unsigned long)__exittext_begin && addr < (unsigned long)__exittext_end) + return 0; + + if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) + addr += MCOUNT_INSN_SIZE; + + return addr; +} + static ppc_inst_t ftrace_create_branch_inst(unsigned long ip, unsigned long addr, int link) { ppc_inst_t op; diff --git a/arch/powerpc/kernel/trace/ftrace_64_pg.c b/arch/powerpc/kernel/trace/ftrace_64_pg.c index 7b85c3b460a3..12fab1803bcf 100644 --- a/arch/powerpc/kernel/trace/ftrace_64_pg.c +++ b/arch/powerpc/kernel/trace/ftrace_64_pg.c @@ -37,6 +37,11 @@ #define NUM_FTRACE_TRAMPS 8 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + return addr; +} + static ppc_inst_t ftrace_call_replace(unsigned long ip, unsigned long addr, int link) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 1c5970df3233..f420df7888a7 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -281,7 +281,9 @@ SECTIONS * to deal with references from __bug_table */ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { + __exittext_begin = .; EXIT_TEXT + __exittext_end = .; } . = ALIGN(PAGE_SIZE);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x ea73179e64131bcd29ba6defd33732abdf8ca14b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021900-amusement-national-c29f@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: ea73179e6413 ("powerpc/ftrace: Ignore ftrace locations in exit text sections") 2ec36570c358 ("powerpc/ftrace: Fix indentation in ftrace.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea73179e64131bcd29ba6defd33732abdf8ca14b Mon Sep 17 00:00:00 2001 From: Naveen N Rao <naveen(a)kernel.org> Date: Tue, 13 Feb 2024 23:24:10 +0530 Subject: [PATCH] powerpc/ftrace: Ignore ftrace locations in exit text sections Michael reported that we are seeing an ftrace bug on bootup when KASAN is enabled and we are using -fpatchable-function-entry: ftrace: allocating 47780 entries in 18 pages ftrace-powerpc: 0xc0000000020b3d5c: No module provided for non-kernel address ------------[ ftrace bug ]------------ ftrace faulted on modifying [<c0000000020b3d5c>] 0xc0000000020b3d5c Initializing ftrace call sites ftrace record flags: 0 (0) expected tramp: c00000000008cef4 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:2180 ftrace_bug+0x3c0/0x424 Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-00120-g0f71dcfb4aef #860 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c0000000003aa81c LR: c0000000003aa818 CTR: 0000000000000000 REGS: c0000000033cfab0 TRAP: 0700 Not tainted (6.5.0-rc3-00120-g0f71dcfb4aef) MSR: 8000000002021033 <SF,VEC,ME,IR,DR,RI,LE> CR: 28028240 XER: 00000000 CFAR: c0000000002781a8 IRQMASK: 3 ... NIP [c0000000003aa81c] ftrace_bug+0x3c0/0x424 LR [c0000000003aa818] ftrace_bug+0x3bc/0x424 Call Trace: ftrace_bug+0x3bc/0x424 (unreliable) ftrace_process_locs+0x5f4/0x8a0 ftrace_init+0xc0/0x1d0 start_kernel+0x1d8/0x484 With CONFIG_FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY=y and CONFIG_KASAN=y, compiler emits nops in functions that it generates for registering and unregistering global variables (unlike with -pg and -mprofile-kernel where calls to _mcount() are not generated in those functions). Those functions then end up in INIT_TEXT and EXIT_TEXT respectively. We don't expect to see any profiled functions in EXIT_TEXT, so ftrace_init_nop() assumes that all addresses that aren't in the core kernel text belongs to a module. Since these functions do not match that criteria, we see the above bug. Address this by having ftrace ignore all locations in the text exit sections of vmlinux. Fixes: 0f71dcfb4aef ("powerpc/ftrace: Add support for -fpatchable-function-entry") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Naveen N Rao <naveen(a)kernel.org> Reviewed-by: Benjamin Gray <bgray(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240213175410.1091313-1-naveen@kernel.org diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h index 1ebd2ca97f12..107fc5a48456 100644 --- a/arch/powerpc/include/asm/ftrace.h +++ b/arch/powerpc/include/asm/ftrace.h @@ -20,14 +20,6 @@ #ifndef __ASSEMBLY__ extern void _mcount(void); -static inline unsigned long ftrace_call_adjust(unsigned long addr) -{ - if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) - addr += MCOUNT_INSN_SIZE; - - return addr; -} - unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip, unsigned long sp); @@ -142,8 +134,10 @@ static inline u8 this_cpu_get_ftrace_enabled(void) { return 1; } #ifdef CONFIG_FUNCTION_TRACER extern unsigned int ftrace_tramp_text[], ftrace_tramp_init[]; void ftrace_free_init_tramp(void); +unsigned long ftrace_call_adjust(unsigned long addr); #else static inline void ftrace_free_init_tramp(void) { } +static inline unsigned long ftrace_call_adjust(unsigned long addr) { return addr; } #endif #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/include/asm/sections.h b/arch/powerpc/include/asm/sections.h index ea26665f82cf..f43f3a6b0051 100644 --- a/arch/powerpc/include/asm/sections.h +++ b/arch/powerpc/include/asm/sections.h @@ -14,6 +14,7 @@ typedef struct func_desc func_desc_t; extern char __head_end[]; extern char __srwx_boundary[]; +extern char __exittext_begin[], __exittext_end[]; /* Patch sites */ extern s32 patch__call_flush_branch_caches1; diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c index 82010629cf88..d8d6b4fd9a14 100644 --- a/arch/powerpc/kernel/trace/ftrace.c +++ b/arch/powerpc/kernel/trace/ftrace.c @@ -27,10 +27,22 @@ #include <asm/ftrace.h> #include <asm/syscall.h> #include <asm/inst.h> +#include <asm/sections.h> #define NUM_FTRACE_TRAMPS 2 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + if (addr >= (unsigned long)__exittext_begin && addr < (unsigned long)__exittext_end) + return 0; + + if (IS_ENABLED(CONFIG_ARCH_USING_PATCHABLE_FUNCTION_ENTRY)) + addr += MCOUNT_INSN_SIZE; + + return addr; +} + static ppc_inst_t ftrace_create_branch_inst(unsigned long ip, unsigned long addr, int link) { ppc_inst_t op; diff --git a/arch/powerpc/kernel/trace/ftrace_64_pg.c b/arch/powerpc/kernel/trace/ftrace_64_pg.c index 7b85c3b460a3..12fab1803bcf 100644 --- a/arch/powerpc/kernel/trace/ftrace_64_pg.c +++ b/arch/powerpc/kernel/trace/ftrace_64_pg.c @@ -37,6 +37,11 @@ #define NUM_FTRACE_TRAMPS 8 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS]; +unsigned long ftrace_call_adjust(unsigned long addr) +{ + return addr; +} + static ppc_inst_t ftrace_call_replace(unsigned long ip, unsigned long addr, int link) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 1c5970df3233..f420df7888a7 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -281,7 +281,9 @@ SECTIONS * to deal with references from __bug_table */ .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { + __exittext_begin = .; EXIT_TEXT + __exittext_end = .; } . = ALIGN(PAGE_SIZE);

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: prevent infinite while() loop in port" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b35f8dbbce818b02c730dc85133dc7754266e084 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021931-frisbee-commence-08ec@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b35f8dbbce81 ("serial: max310x: prevent infinite while() loop in port startup") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") 6ef281daf020 ("serial: max310x: use a separate regmap for each port") 285e76fc049c ("serial: max310x: use regmap methods for SPI batch operations") c808fab604ca ("serial: max310x: Make use of device properties") b7382c73b2d7 ("tty: max310x: Don't pass stacked buffers to SPI") 3a10e3dd52e8 ("serial: max310x: Fix to avoid potential NULL pointer dereference") f233ea4327d7 ("serial: max310x: Correction of the initial setting of the MODE1 bits for various supported ICs.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b35f8dbbce818b02c730dc85133dc7754266e084 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:01 -0500 Subject: [PATCH] serial: max310x: prevent infinite while() loop in port startup If there is a problem after resetting a port, the do/while() loop that checks the default value of DIVLSB register may run forever and spam the I2C bus. Add a delay before each read of DIVLSB, and a maximum number of tries to prevent that situation from happening. Also fail probe if port reset is unsuccessful. Fixes: 10d8b34a4217 ("serial: max310x: Driver rework") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-5-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index 552e153a24e0..10bf6d75bf9e 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -237,6 +237,10 @@ #define MAX310x_REV_MASK (0xf8) #define MAX310X_WRITE_BIT 0x80 +/* Port startup definitions */ +#define MAX310X_PORT_STARTUP_WAIT_RETRIES 20 /* Number of retries */ +#define MAX310X_PORT_STARTUP_WAIT_DELAY_MS 10 /* Delay between retries */ + /* Crystal-related definitions */ #define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */ #define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */ @@ -1346,6 +1350,9 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty goto out_clk; for (i = 0; i < devtype->nr; i++) { + bool started = false; + unsigned int try = 0, val = 0; + /* Reset port */ regmap_write(regmaps[i], MAX310X_MODE2_REG, MAX310X_MODE2_RST_BIT); @@ -1354,8 +1361,17 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty /* Wait for port startup */ do { - regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &ret); - } while (ret != 0x01); + msleep(MAX310X_PORT_STARTUP_WAIT_DELAY_MS); + regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &val); + + if (val == 0x01) + started = true; + } while (!started && (++try < MAX310X_PORT_STARTUP_WAIT_RETRIES)); + + if (!started) { + ret = dev_err_probe(dev, -EAGAIN, "port reset failed\n"); + goto out_uart; + } regmap_write(regmaps[i], MAX310X_MODE1_REG, devtype->mode1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: prevent infinite while() loop in port" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b35f8dbbce818b02c730dc85133dc7754266e084 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021930-subprime-fondue-f8d3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b35f8dbbce81 ("serial: max310x: prevent infinite while() loop in port startup") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") 6ef281daf020 ("serial: max310x: use a separate regmap for each port") 285e76fc049c ("serial: max310x: use regmap methods for SPI batch operations") c808fab604ca ("serial: max310x: Make use of device properties") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b35f8dbbce818b02c730dc85133dc7754266e084 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:01 -0500 Subject: [PATCH] serial: max310x: prevent infinite while() loop in port startup If there is a problem after resetting a port, the do/while() loop that checks the default value of DIVLSB register may run forever and spam the I2C bus. Add a delay before each read of DIVLSB, and a maximum number of tries to prevent that situation from happening. Also fail probe if port reset is unsuccessful. Fixes: 10d8b34a4217 ("serial: max310x: Driver rework") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-5-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index 552e153a24e0..10bf6d75bf9e 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -237,6 +237,10 @@ #define MAX310x_REV_MASK (0xf8) #define MAX310X_WRITE_BIT 0x80 +/* Port startup definitions */ +#define MAX310X_PORT_STARTUP_WAIT_RETRIES 20 /* Number of retries */ +#define MAX310X_PORT_STARTUP_WAIT_DELAY_MS 10 /* Delay between retries */ + /* Crystal-related definitions */ #define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */ #define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */ @@ -1346,6 +1350,9 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty goto out_clk; for (i = 0; i < devtype->nr; i++) { + bool started = false; + unsigned int try = 0, val = 0; + /* Reset port */ regmap_write(regmaps[i], MAX310X_MODE2_REG, MAX310X_MODE2_RST_BIT); @@ -1354,8 +1361,17 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty /* Wait for port startup */ do { - regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &ret); - } while (ret != 0x01); + msleep(MAX310X_PORT_STARTUP_WAIT_DELAY_MS); + regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &val); + + if (val == 0x01) + started = true; + } while (!started && (++try < MAX310X_PORT_STARTUP_WAIT_RETRIES)); + + if (!started) { + ret = dev_err_probe(dev, -EAGAIN, "port reset failed\n"); + goto out_uart; + } regmap_write(regmaps[i], MAX310X_MODE1_REG, devtype->mode1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: prevent infinite while() loop in port" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b35f8dbbce818b02c730dc85133dc7754266e084 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021929-cosponsor-flick-22e3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b35f8dbbce81 ("serial: max310x: prevent infinite while() loop in port startup") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") 6ef281daf020 ("serial: max310x: use a separate regmap for each port") 285e76fc049c ("serial: max310x: use regmap methods for SPI batch operations") c808fab604ca ("serial: max310x: Make use of device properties") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b35f8dbbce818b02c730dc85133dc7754266e084 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:01 -0500 Subject: [PATCH] serial: max310x: prevent infinite while() loop in port startup If there is a problem after resetting a port, the do/while() loop that checks the default value of DIVLSB register may run forever and spam the I2C bus. Add a delay before each read of DIVLSB, and a maximum number of tries to prevent that situation from happening. Also fail probe if port reset is unsuccessful. Fixes: 10d8b34a4217 ("serial: max310x: Driver rework") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-5-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index 552e153a24e0..10bf6d75bf9e 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -237,6 +237,10 @@ #define MAX310x_REV_MASK (0xf8) #define MAX310X_WRITE_BIT 0x80 +/* Port startup definitions */ +#define MAX310X_PORT_STARTUP_WAIT_RETRIES 20 /* Number of retries */ +#define MAX310X_PORT_STARTUP_WAIT_DELAY_MS 10 /* Delay between retries */ + /* Crystal-related definitions */ #define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */ #define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */ @@ -1346,6 +1350,9 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty goto out_clk; for (i = 0; i < devtype->nr; i++) { + bool started = false; + unsigned int try = 0, val = 0; + /* Reset port */ regmap_write(regmaps[i], MAX310X_MODE2_REG, MAX310X_MODE2_RST_BIT); @@ -1354,8 +1361,17 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty /* Wait for port startup */ do { - regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &ret); - } while (ret != 0x01); + msleep(MAX310X_PORT_STARTUP_WAIT_DELAY_MS); + regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &val); + + if (val == 0x01) + started = true; + } while (!started && (++try < MAX310X_PORT_STARTUP_WAIT_RETRIES)); + + if (!started) { + ret = dev_err_probe(dev, -EAGAIN, "port reset failed\n"); + goto out_uart; + } regmap_write(regmaps[i], MAX310X_MODE1_REG, devtype->mode1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: prevent infinite while() loop in port" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b35f8dbbce818b02c730dc85133dc7754266e084 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021928-flanked-outboard-6a4c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b35f8dbbce81 ("serial: max310x: prevent infinite while() loop in port startup") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") 6ef281daf020 ("serial: max310x: use a separate regmap for each port") 285e76fc049c ("serial: max310x: use regmap methods for SPI batch operations") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b35f8dbbce818b02c730dc85133dc7754266e084 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:01 -0500 Subject: [PATCH] serial: max310x: prevent infinite while() loop in port startup If there is a problem after resetting a port, the do/while() loop that checks the default value of DIVLSB register may run forever and spam the I2C bus. Add a delay before each read of DIVLSB, and a maximum number of tries to prevent that situation from happening. Also fail probe if port reset is unsuccessful. Fixes: 10d8b34a4217 ("serial: max310x: Driver rework") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-5-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index 552e153a24e0..10bf6d75bf9e 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -237,6 +237,10 @@ #define MAX310x_REV_MASK (0xf8) #define MAX310X_WRITE_BIT 0x80 +/* Port startup definitions */ +#define MAX310X_PORT_STARTUP_WAIT_RETRIES 20 /* Number of retries */ +#define MAX310X_PORT_STARTUP_WAIT_DELAY_MS 10 /* Delay between retries */ + /* Crystal-related definitions */ #define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */ #define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */ @@ -1346,6 +1350,9 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty goto out_clk; for (i = 0; i < devtype->nr; i++) { + bool started = false; + unsigned int try = 0, val = 0; + /* Reset port */ regmap_write(regmaps[i], MAX310X_MODE2_REG, MAX310X_MODE2_RST_BIT); @@ -1354,8 +1361,17 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty /* Wait for port startup */ do { - regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &ret); - } while (ret != 0x01); + msleep(MAX310X_PORT_STARTUP_WAIT_DELAY_MS); + regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &val); + + if (val == 0x01) + started = true; + } while (!started && (++try < MAX310X_PORT_STARTUP_WAIT_RETRIES)); + + if (!started) { + ret = dev_err_probe(dev, -EAGAIN, "port reset failed\n"); + goto out_uart; + } regmap_write(regmaps[i], MAX310X_MODE1_REG, devtype->mode1); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: fail probe if clock crystal is unstable" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8afa6c6decea37e7cb473d2c60473f37f46cea35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021913-outmatch-nuclear-240b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8afa6c6decea ("serial: max310x: fail probe if clock crystal is unstable") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") d4d6f03c4fb3 ("serial: max310x: Try to get crystal clock rate from property") 974e454d6f96 ("serial: max310x: Use devm_clk_get_optional() to get the input clock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8afa6c6decea37e7cb473d2c60473f37f46cea35 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:00 -0500 Subject: [PATCH] serial: max310x: fail probe if clock crystal is unstable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A stable clock is really required in order to use this UART, so log an error message and bail out if the chip reports that the clock is not stable. Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness") Cc: stable(a)vger.kernel.org Suggested-by: Jan Kundrát <jan.kundrat(a)cesnet.cz> Link: https://www.spinics.net/lists/linux-serial/msg35773.html Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-4-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index c0eb0615d945..552e153a24e0 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -587,7 +587,7 @@ static int max310x_update_best_err(unsigned long f, long *besterr) return 1; } -static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, +static s32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, unsigned long freq, bool xtal) { unsigned int div, clksrc, pllcfg = 0; @@ -657,7 +657,8 @@ static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, } while (!stable && (++try < MAX310X_XTAL_WAIT_RETRIES)); if (!stable) - dev_warn(dev, "clock is not stable yet\n"); + return dev_err_probe(dev, -EAGAIN, + "clock is not stable\n"); } return bestfreq; @@ -1282,7 +1283,7 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty { int i, ret, fmin, fmax, freq; struct max310x_port *s; - u32 uartclk = 0; + s32 uartclk = 0; bool xtal; for (i = 0; i < devtype->nr; i++) @@ -1360,6 +1361,11 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty } uartclk = max310x_set_ref_clk(dev, s, freq, xtal); + if (uartclk < 0) { + ret = uartclk; + goto out_uart; + } + dev_dbg(dev, "Reference clock set to %i Hz\n", uartclk); for (i = 0; i < devtype->nr; i++) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: fail probe if clock crystal is unstable" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8afa6c6decea37e7cb473d2c60473f37f46cea35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021912-contend-garter-a81d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8afa6c6decea ("serial: max310x: fail probe if clock crystal is unstable") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") d4d6f03c4fb3 ("serial: max310x: Try to get crystal clock rate from property") 974e454d6f96 ("serial: max310x: Use devm_clk_get_optional() to get the input clock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8afa6c6decea37e7cb473d2c60473f37f46cea35 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:00 -0500 Subject: [PATCH] serial: max310x: fail probe if clock crystal is unstable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A stable clock is really required in order to use this UART, so log an error message and bail out if the chip reports that the clock is not stable. Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness") Cc: stable(a)vger.kernel.org Suggested-by: Jan Kundrát <jan.kundrat(a)cesnet.cz> Link: https://www.spinics.net/lists/linux-serial/msg35773.html Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-4-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index c0eb0615d945..552e153a24e0 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -587,7 +587,7 @@ static int max310x_update_best_err(unsigned long f, long *besterr) return 1; } -static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, +static s32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, unsigned long freq, bool xtal) { unsigned int div, clksrc, pllcfg = 0; @@ -657,7 +657,8 @@ static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, } while (!stable && (++try < MAX310X_XTAL_WAIT_RETRIES)); if (!stable) - dev_warn(dev, "clock is not stable yet\n"); + return dev_err_probe(dev, -EAGAIN, + "clock is not stable\n"); } return bestfreq; @@ -1282,7 +1283,7 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty { int i, ret, fmin, fmax, freq; struct max310x_port *s; - u32 uartclk = 0; + s32 uartclk = 0; bool xtal; for (i = 0; i < devtype->nr; i++) @@ -1360,6 +1361,11 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty } uartclk = max310x_set_ref_clk(dev, s, freq, xtal); + if (uartclk < 0) { + ret = uartclk; + goto out_uart; + } + dev_dbg(dev, "Reference clock set to %i Hz\n", uartclk); for (i = 0; i < devtype->nr; i++) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: max310x: fail probe if clock crystal is unstable" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8afa6c6decea37e7cb473d2c60473f37f46cea35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021911-shininess-bucket-c9fd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8afa6c6decea ("serial: max310x: fail probe if clock crystal is unstable") 93cd256ab224 ("serial: max310x: improve crystal stable clock detection") 0419373333c2 ("serial: max310x: set default value when reading clock ready bit") d4d6f03c4fb3 ("serial: max310x: Try to get crystal clock rate from property") 974e454d6f96 ("serial: max310x: Use devm_clk_get_optional() to get the input clock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8afa6c6decea37e7cb473d2c60473f37f46cea35 Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 16 Jan 2024 16:30:00 -0500 Subject: [PATCH] serial: max310x: fail probe if clock crystal is unstable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A stable clock is really required in order to use this UART, so log an error message and bail out if the chip reports that the clock is not stable. Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness") Cc: stable(a)vger.kernel.org Suggested-by: Jan Kundrát <jan.kundrat(a)cesnet.cz> Link: https://www.spinics.net/lists/linux-serial/msg35773.html Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://lore.kernel.org/r/20240116213001.3691629-4-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index c0eb0615d945..552e153a24e0 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -587,7 +587,7 @@ static int max310x_update_best_err(unsigned long f, long *besterr) return 1; } -static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, +static s32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, unsigned long freq, bool xtal) { unsigned int div, clksrc, pllcfg = 0; @@ -657,7 +657,8 @@ static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s, } while (!stable && (++try < MAX310X_XTAL_WAIT_RETRIES)); if (!stable) - dev_warn(dev, "clock is not stable yet\n"); + return dev_err_probe(dev, -EAGAIN, + "clock is not stable\n"); } return bestfreq; @@ -1282,7 +1283,7 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty { int i, ret, fmin, fmax, freq; struct max310x_port *s; - u32 uartclk = 0; + s32 uartclk = 0; bool xtal; for (i = 0; i < devtype->nr; i++) @@ -1360,6 +1361,11 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty } uartclk = max310x_set_ref_clk(dev, s, freq, xtal); + if (uartclk < 0) { + ret = uartclk; + goto out_uart; + } + dev_dbg(dev, "Reference clock set to %i Hz\n", uartclk); for (i = 0; i < devtype->nr; i++) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021931-chop-dumping-2981@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") 51e45fba14bf ("serial: core: lock port for start_rx() in uart_resume_port()") abcb0cf1f5b2 ("serial: core: lock port for stop_rx() in uart_suspend_port()") d5b3d02d0b10 ("serial: Make uart_remove_one_port() return void") 63f4c3456171 ("serial: core: Disable uart_start() on uart_remove_one_port()") 826736a6c7c8 ("serial: Rename uart_change_speed() to uart_change_line_settings()") 8e90cf29aef7 ("serial: Move uart_change_speed() earlier") b300fb26c59a ("tty: Convert ->carrier_raised() and callchains to bool") 515be7baeddb ("tty: Cleanup tty_port_set_initialized() bool parameter") 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in driver-specific way") a12c68920918 ("Merge 7e2cd21e02b3 ("Merge tag 'tty-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") into tty-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021929-blooming-drainer-0214@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") 51e45fba14bf ("serial: core: lock port for start_rx() in uart_resume_port()") abcb0cf1f5b2 ("serial: core: lock port for stop_rx() in uart_suspend_port()") d5b3d02d0b10 ("serial: Make uart_remove_one_port() return void") 63f4c3456171 ("serial: core: Disable uart_start() on uart_remove_one_port()") 826736a6c7c8 ("serial: Rename uart_change_speed() to uart_change_line_settings()") 8e90cf29aef7 ("serial: Move uart_change_speed() earlier") b300fb26c59a ("tty: Convert ->carrier_raised() and callchains to bool") 515be7baeddb ("tty: Cleanup tty_port_set_initialized() bool parameter") 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in driver-specific way") a12c68920918 ("Merge 7e2cd21e02b3 ("Merge tag 'tty-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") into tty-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021928-karma-varsity-4f37@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") 51e45fba14bf ("serial: core: lock port for start_rx() in uart_resume_port()") abcb0cf1f5b2 ("serial: core: lock port for stop_rx() in uart_suspend_port()") d5b3d02d0b10 ("serial: Make uart_remove_one_port() return void") 63f4c3456171 ("serial: core: Disable uart_start() on uart_remove_one_port()") 826736a6c7c8 ("serial: Rename uart_change_speed() to uart_change_line_settings()") 8e90cf29aef7 ("serial: Move uart_change_speed() earlier") b300fb26c59a ("tty: Convert ->carrier_raised() and callchains to bool") 515be7baeddb ("tty: Cleanup tty_port_set_initialized() bool parameter") 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in driver-specific way") a12c68920918 ("Merge 7e2cd21e02b3 ("Merge tag 'tty-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") into tty-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021926-frayed-faculty-a92b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") 51e45fba14bf ("serial: core: lock port for start_rx() in uart_resume_port()") abcb0cf1f5b2 ("serial: core: lock port for stop_rx() in uart_suspend_port()") d5b3d02d0b10 ("serial: Make uart_remove_one_port() return void") 63f4c3456171 ("serial: core: Disable uart_start() on uart_remove_one_port()") 826736a6c7c8 ("serial: Rename uart_change_speed() to uart_change_line_settings()") 8e90cf29aef7 ("serial: Move uart_change_speed() earlier") b300fb26c59a ("tty: Convert ->carrier_raised() and callchains to bool") 515be7baeddb ("tty: Cleanup tty_port_set_initialized() bool parameter") 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in driver-specific way") a12c68920918 ("Merge 7e2cd21e02b3 ("Merge tag 'tty-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") into tty-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021924-immerse-spur-af58@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") 51e45fba14bf ("serial: core: lock port for start_rx() in uart_resume_port()") abcb0cf1f5b2 ("serial: core: lock port for stop_rx() in uart_suspend_port()") d5b3d02d0b10 ("serial: Make uart_remove_one_port() return void") 63f4c3456171 ("serial: core: Disable uart_start() on uart_remove_one_port()") 826736a6c7c8 ("serial: Rename uart_change_speed() to uart_change_line_settings()") 8e90cf29aef7 ("serial: Move uart_change_speed() earlier") b300fb26c59a ("tty: Convert ->carrier_raised() and callchains to bool") 515be7baeddb ("tty: Cleanup tty_port_set_initialized() bool parameter") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] serial: core: Fix atomicity violation in uart_tiocmget" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 30926783a46841c2d1bbf3f74067ba85d304fd0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021922-tribute-surround-40c2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 30926783a468 ("serial: core: Fix atomicity violation in uart_tiocmget") 559c7ff4e324 ("serial: core: Use port lock wrappers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30926783a46841c2d1bbf3f74067ba85d304fd0d Mon Sep 17 00:00:00 2001 From: Gui-Dong Han <2045gemini(a)gmail.com> Date: Fri, 12 Jan 2024 19:36:24 +0800 Subject: [PATCH] serial: core: Fix atomicity violation in uart_tiocmget In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> Link: https://lore.kernel.org/r/20240112113624.17048-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index b56ed8c376b2..d6a58a9e072a 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1084,8 +1084,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); }

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nfp: flower: add hardware offload check for post ct entry" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cefa98e806fd4e2a5e2047457a11ae5f17b8f621 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021957-battering-gallows-35b2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cefa98e806fd ("nfp: flower: add hardware offload check for post ct entry") 3e44d19934b9 ("nfp: flower: add goto_chain_index for ct entry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cefa98e806fd4e2a5e2047457a11ae5f17b8f621 Mon Sep 17 00:00:00 2001 From: Hui Zhou <hui.zhou(a)corigine.com> Date: Wed, 24 Jan 2024 17:19:08 +0200 Subject: [PATCH] nfp: flower: add hardware offload check for post ct entry The nfp offload flow pay will not allocate a mask id when the out port is openvswitch internal port. This is because these flows are used to configure the pre_tun table and are never actually send to the firmware as an add-flow message. When a tc rule which action contains ct and the post ct entry's out port is openvswitch internal port, the merge offload flow pay with the wrong mask id of 0 will be send to the firmware. Actually, the nfp can not support hardware offload for this situation, so return EOPNOTSUPP. Fixes: bd0fe7f96a3c ("nfp: flower-ct: add zone table entry when handling pre/post_ct flows") CC: stable(a)vger.kernel.org # 5.14+ Signed-off-by: Hui Zhou <hui.zhou(a)corigine.com> Signed-off-by: Louis Peens <louis.peens(a)corigine.com> Link: https://lore.kernel.org/r/20240124151909.31603-2-louis.peens@corigine.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c index 2967bab72505..726d8cdf0b9c 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c +++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c @@ -1864,10 +1864,30 @@ int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv, { struct flow_rule *rule = flow_cls_offload_flow_rule(flow); struct nfp_fl_ct_flow_entry *ct_entry; + struct flow_action_entry *ct_goto; struct nfp_fl_ct_zone_entry *zt; + struct flow_action_entry *act; bool wildcarded = false; struct flow_match_ct ct; - struct flow_action_entry *ct_goto; + int i; + + flow_action_for_each(i, act, &rule->action) { + switch (act->id) { + case FLOW_ACTION_REDIRECT: + case FLOW_ACTION_REDIRECT_INGRESS: + case FLOW_ACTION_MIRRED: + case FLOW_ACTION_MIRRED_INGRESS: + if (act->dev->rtnl_link_ops && + !strcmp(act->dev->rtnl_link_ops->kind, "openvswitch")) { + NL_SET_ERR_MSG_MOD(extack, + "unsupported offload: out port is openvswitch internal port"); + return -EOPNOTSUPP; + } + break; + default: + break; + } + } flow_rule_match_ct(rule, &ct); if (!ct.mask->ct_zone) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] nfp: flower: add hardware offload check for post ct entry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cefa98e806fd4e2a5e2047457a11ae5f17b8f621 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021956-product-barstool-9b9c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cefa98e806fd ("nfp: flower: add hardware offload check for post ct entry") 3e44d19934b9 ("nfp: flower: add goto_chain_index for ct entry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cefa98e806fd4e2a5e2047457a11ae5f17b8f621 Mon Sep 17 00:00:00 2001 From: Hui Zhou <hui.zhou(a)corigine.com> Date: Wed, 24 Jan 2024 17:19:08 +0200 Subject: [PATCH] nfp: flower: add hardware offload check for post ct entry The nfp offload flow pay will not allocate a mask id when the out port is openvswitch internal port. This is because these flows are used to configure the pre_tun table and are never actually send to the firmware as an add-flow message. When a tc rule which action contains ct and the post ct entry's out port is openvswitch internal port, the merge offload flow pay with the wrong mask id of 0 will be send to the firmware. Actually, the nfp can not support hardware offload for this situation, so return EOPNOTSUPP. Fixes: bd0fe7f96a3c ("nfp: flower-ct: add zone table entry when handling pre/post_ct flows") CC: stable(a)vger.kernel.org # 5.14+ Signed-off-by: Hui Zhou <hui.zhou(a)corigine.com> Signed-off-by: Louis Peens <louis.peens(a)corigine.com> Link: https://lore.kernel.org/r/20240124151909.31603-2-louis.peens@corigine.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c index 2967bab72505..726d8cdf0b9c 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c +++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c @@ -1864,10 +1864,30 @@ int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv, { struct flow_rule *rule = flow_cls_offload_flow_rule(flow); struct nfp_fl_ct_flow_entry *ct_entry; + struct flow_action_entry *ct_goto; struct nfp_fl_ct_zone_entry *zt; + struct flow_action_entry *act; bool wildcarded = false; struct flow_match_ct ct; - struct flow_action_entry *ct_goto; + int i; + + flow_action_for_each(i, act, &rule->action) { + switch (act->id) { + case FLOW_ACTION_REDIRECT: + case FLOW_ACTION_REDIRECT_INGRESS: + case FLOW_ACTION_MIRRED: + case FLOW_ACTION_MIRRED_INGRESS: + if (act->dev->rtnl_link_ops && + !strcmp(act->dev->rtnl_link_ops->kind, "openvswitch")) { + NL_SET_ERR_MSG_MOD(extack, + "unsupported offload: out port is openvswitch internal port"); + return -EOPNOTSUPP; + } + break; + default: + break; + } + } flow_rule_match_ct(rule, &ct); if (!ct.mask->ct_zone) {

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: make damage clips support configurable" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x d16df040c8dad25c962b4404d2d534bfea327c6a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021917-retract-untaken-e83c@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: d16df040c8da ("drm/amdgpu: make damage clips support configurable") b8b39de64627 ("drm/amd/pm: setup the framework to support Wifi RFI mitigation feature") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d16df040c8dad25c962b4404d2d534bfea327c6a Mon Sep 17 00:00:00 2001 From: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Date: Thu, 8 Feb 2024 16:23:29 -0500 Subject: [PATCH] drm/amdgpu: make damage clips support configurable We have observed that there are quite a number of PSR-SU panels on the market that are unable to keep up with what user space throws at them, resulting in hangs and random black screens. So, make damage clips support configurable and disable it by default for PSR-SU displays. Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 6dce81a061ab..517117a0796f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -200,6 +200,7 @@ extern uint amdgpu_dc_debug_mask; extern uint amdgpu_dc_visual_confirm; extern uint amdgpu_dm_abm_level; extern int amdgpu_backlight; +extern int amdgpu_damage_clips; extern struct amdgpu_mgpu_info mgpu_info; extern int amdgpu_ras_enable; extern uint amdgpu_ras_mask; diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 211501ea9169..586f4d03039d 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -211,6 +211,7 @@ int amdgpu_seamless = -1; /* auto */ uint amdgpu_debug_mask; int amdgpu_agp = -1; /* auto */ int amdgpu_wbrf = -1; +int amdgpu_damage_clips = -1; /* auto */ static void amdgpu_drv_delayed_reset_work_handler(struct work_struct *work); @@ -859,6 +860,18 @@ int amdgpu_backlight = -1; MODULE_PARM_DESC(backlight, "Backlight control (0 = pwm, 1 = aux, -1 auto (default))"); module_param_named(backlight, amdgpu_backlight, bint, 0444); +/** + * DOC: damageclips (int) + * Enable or disable damage clips support. If damage clips support is disabled, + * we will force full frame updates, irrespective of what user space sends to + * us. + * + * Defaults to -1 (where it is enabled unless a PSR-SU display is detected). + */ +MODULE_PARM_DESC(damageclips, + "Damage clips support (0 = disable, 1 = enable, -1 auto (default))"); +module_param_named(damageclips, amdgpu_damage_clips, int, 0444); + /** * DOC: tmz (int) * Trusted Memory Zone (TMZ) is a method to protect data being written diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 59d2eee72a32..d5ef07af9906 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -5219,6 +5219,7 @@ static void fill_dc_dirty_rects(struct drm_plane *plane, struct drm_plane_state *new_plane_state, struct drm_crtc_state *crtc_state, struct dc_flip_addrs *flip_addrs, + bool is_psr_su, bool *dirty_regions_changed) { struct dm_crtc_state *dm_crtc_state = to_dm_crtc_state(crtc_state); @@ -5243,6 +5244,10 @@ static void fill_dc_dirty_rects(struct drm_plane *plane, num_clips = drm_plane_get_damage_clips_count(new_plane_state); clips = drm_plane_get_damage_clips(new_plane_state); + if (num_clips && (!amdgpu_damage_clips || (amdgpu_damage_clips < 0 && + is_psr_su))) + goto ffu; + if (!dm_crtc_state->mpo_requested) { if (!num_clips || num_clips > DC_MAX_DIRTY_RECTS) goto ffu; @@ -8298,6 +8303,8 @@ static void amdgpu_dm_commit_planes(struct drm_atomic_state *state, fill_dc_dirty_rects(plane, old_plane_state, new_plane_state, new_crtc_state, &bundle->flip_addrs[planes_count], + acrtc_state->stream->link->psr_settings.psr_version == + DC_PSR_VERSION_SU_1, &dirty_rects_changed); /*

1 year, 7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: make damage clips support configurable" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d16df040c8dad25c962b4404d2d534bfea327c6a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024021917-swarm-federal-1cdf@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d16df040c8da ("drm/amdgpu: make damage clips support configurable") b8b39de64627 ("drm/amd/pm: setup the framework to support Wifi RFI mitigation feature") 2e9b152325f6 ("drm/amdgpu: optimize RLC powerdown notification on Vangogh") 6ba5b613837c ("drm/amdgpu: add a module parameter to control the AGP aperture") 564ca1b53ece ("drm/amdgpu/gmc11: fix logic typo in AGP check") 56d3de7da67a ("drm/amdgpu: add power up/down UMSCH ppt callback") fe6cd9152464 ("drm/amd/swsmu: add smu14 ip support") 67318cb84341 ("drm/amdgpu/gmc11: set gart placement GC11") 917f91d8d8e8 ("drm/amdgpu/gmc: add a way to force a particular placement for GART") d07f1c20dd7c ("drm/amd/pm: add xgmi plpd mode selecting interface for smu v13.0.6") 10d9ee96ce05 ("drm/amd/pm: add plpd_mode in smu_context to indicate current mode") b2e1cbe6281f ("drm/amdgpu/gmc11: disable AGP on GC 11.5") de59b69932e6 ("drm/amdgpu/gmc: set a default disable value for AGP") 29495d81457a ("drm/amdgpu/gmc6-8: properly disable the AGP aperture") 25396684b57f ("drm/amd/pm: add smu_13_0_6 mca dump support") bcd8dc49c0b9 ("drm/amd/pm: update smu_v13_0_6 ppsmc header") cad2fb19bbfa ("drm/amd/pm: Fix clock reporting for SMUv13.0.6") 4e8303cf2c4d ("drm/amdgpu: Use function for IP version check") 887db1e49a73 ("drm/amdgpu: Merge debug module parameters") df38fe12a22c ("drm/amd/pm: enable smu_v13_0_6 mca debug mode when UMC RAS feature is enabled") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d16df040c8dad25c962b4404d2d534bfea327c6a Mon Sep 17 00:00:00 2001 From: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Date: Thu, 8 Feb 2024 16:23:29 -0500 Subject: [PATCH] drm/amdgpu: make damage clips support configurable We have observed that there are quite a number of PSR-SU panels on the market that are unable to keep up with what user space throws at them, resulting in hangs and random black screens. So, make damage clips support configurable and disable it by default for PSR-SU displays. Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 6dce81a061ab..517117a0796f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -200,6 +200,7 @@ extern uint amdgpu_dc_debug_mask; extern uint amdgpu_dc_visual_confirm; extern uint amdgpu_dm_abm_level; extern int amdgpu_backlight; +extern int amdgpu_damage_clips; extern struct amdgpu_mgpu_info mgpu_info; extern int amdgpu_ras_enable; extern uint amdgpu_ras_mask; diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 211501ea9169..586f4d03039d 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -211,6 +211,7 @@ int amdgpu_seamless = -1; /* auto */ uint amdgpu_debug_mask; int amdgpu_agp = -1; /* auto */ int amdgpu_wbrf = -1; +int amdgpu_damage_clips = -1; /* auto */ static void amdgpu_drv_delayed_reset_work_handler(struct work_struct *work); @@ -859,6 +860,18 @@ int amdgpu_backlight = -1; MODULE_PARM_DESC(backlight, "Backlight control (0 = pwm, 1 = aux, -1 auto (default))"); module_param_named(backlight, amdgpu_backlight, bint, 0444); +/** + * DOC: damageclips (int) + * Enable or disable damage clips support. If damage clips support is disabled, + * we will force full frame updates, irrespective of what user space sends to + * us. + * + * Defaults to -1 (where it is enabled unless a PSR-SU display is detected). + */ +MODULE_PARM_DESC(damageclips, + "Damage clips support (0 = disable, 1 = enable, -1 auto (default))"); +module_param_named(damageclips, amdgpu_damage_clips, int, 0444); + /** * DOC: tmz (int) * Trusted Memory Zone (TMZ) is a method to protect data being written diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 59d2eee72a32..d5ef07af9906 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -5219,6 +5219,7 @@ static void fill_dc_dirty_rects(struct drm_plane *plane, struct drm_plane_state *new_plane_state, struct drm_crtc_state *crtc_state, struct dc_flip_addrs *flip_addrs, + bool is_psr_su, bool *dirty_regions_changed) { struct dm_crtc_state *dm_crtc_state = to_dm_crtc_state(crtc_state); @@ -5243,6 +5244,10 @@ static void fill_dc_dirty_rects(struct drm_plane *plane, num_clips = drm_plane_get_damage_clips_count(new_plane_state); clips = drm_plane_get_damage_clips(new_plane_state); + if (num_clips && (!amdgpu_damage_clips || (amdgpu_damage_clips < 0 && + is_psr_su))) + goto ffu; + if (!dm_crtc_state->mpo_requested) { if (!num_clips || num_clips > DC_MAX_DIRTY_RECTS) goto ffu; @@ -8298,6 +8303,8 @@ static void amdgpu_dm_commit_planes(struct drm_atomic_state *state, fill_dc_dirty_rects(plane, old_plane_state, new_plane_state, new_crtc_state, &bundle->flip_addrs[planes_count], + acrtc_state->stream->link->psr_settings.psr_version == + DC_PSR_VERSION_SU_1, &dirty_rects_changed); /*

1 year, 7 months

1
0
0 0