- Linux-stable-mirror - lists.linaro.org

[PATCH] kernel: fix insecure config of eBPF generated by Kconfig

by liboti

In stable linux (4.19~5.15), if “CONFIG_BPF_SYSCALL=y” is set， the .config generated by Kconfig does not set “CONFIG_BPF_JIT_ALWAYS_ON” and “CONFIG_BPF_UNPRIV_DEFAULT_OFF”. If the kernel is compiled with such .config, a normal user without any capabilities at all can load eBPF programs (SOCKET_FILTER type), and uses the interpreter. Due to the threat of side-channel attacks and inextirpable mistakes in the verifier, this is considered insecure. We have report this issue to maintainers of architectures. RISCV and s390 maintainers have confirmed and advise us to patch the Kconfig so that all architectures can be fixed. So this patch add "default y" to these config entries. On the other hand, we found that such configs facilitate kernel bug exploitation. Specifically, an attacker can leverage existing CVEs to corrupt eBPF prog-array map, hijacking a bpf_prog pointer (ptrs[xx]) to point to a forged BPF program. In this way, arbitrary bytecode execution can be achieved, we have proved this concept with various CVEs(e.g. CVE-2018-18445). Such an attack enhances the exploitability of CVEs, and is more dangerous than side-channel threats. Signed-off-by: liboti <hoshimi10mang(a)163.com> --- kernel/bpf/Kconfig | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 kernel/bpf/Kconfig diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig new file mode 100644 index 0000000..8abdc0d --- /dev/null +++ b/kernel/bpf/Kconfig @@ -0,0 +1,91 @@ +# SPDX-License-Identifier: GPL-2.0-only + +# BPF interpreter that, for example, classic socket filters depend on. +config BPF + bool + +# Used by archs to tell that they support BPF JIT compiler plus which +# flavour. Only one of the two can be selected for a specific arch since +# eBPF JIT supersedes the cBPF JIT. + +# Classic BPF JIT (cBPF) +config HAVE_CBPF_JIT + bool + +# Extended BPF JIT (eBPF) +config HAVE_EBPF_JIT + bool + +# Used by archs to tell that they want the BPF JIT compiler enabled by +# default for kernels that were compiled with BPF JIT support. +config ARCH_WANT_DEFAULT_BPF_JIT + bool + +menu "BPF subsystem" + +config BPF_SYSCALL + bool "Enable bpf() system call" + select BPF + select IRQ_WORK + select TASKS_TRACE_RCU + select BINARY_PRINTF + select NET_SOCK_MSG if NET + default n + help + Enable the bpf() system call that allows to manipulate BPF programs + and maps via file descriptors. + +config BPF_JIT + bool "Enable BPF Just In Time compiler" + depends on BPF + depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT + depends on MODULES + help + BPF programs are normally handled by a BPF interpreter. This option + allows the kernel to generate native code when a program is loaded + into the kernel. This will significantly speed-up processing of BPF + programs. + + Note, an admin should enable this feature changing: + /proc/sys/net/core/bpf_jit_enable + /proc/sys/net/core/bpf_jit_harden (optional) + /proc/sys/net/core/bpf_jit_kallsyms (optional) + +config BPF_JIT_ALWAYS_ON + bool "Permanently enable BPF JIT and remove BPF interpreter" + depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT + default y + help + Enables BPF JIT and removes BPF interpreter to avoid speculative + execution of BPF instructions by the interpreter. + +config BPF_JIT_DEFAULT_ON + def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON + depends on HAVE_EBPF_JIT && BPF_JIT + +config BPF_UNPRIV_DEFAULT_OFF + bool "Disable unprivileged BPF by default" + depends on BPF_SYSCALL + default y + help + Disables unprivileged BPF by default by setting the corresponding + /proc/sys/kernel/unprivileged_bpf_disabled knob to 2. An admin can + still reenable it by setting it to 0 later on, or permanently + disable it by setting it to 1 (from which no other transition to + 0 is possible anymore). + +source "kernel/bpf/preload/Kconfig" + +config BPF_LSM + bool "Enable BPF LSM Instrumentation" + depends on BPF_EVENTS + depends on BPF_SYSCALL + depends on SECURITY + depends on BPF_JIT + help + Enables instrumentation of the security hooks with BPF programs for + implementing dynamic MAC and Audit Policies. + + If you are unsure how to answer this question, answer N. + +endmenu # "BPF subsystem" -- 2.34.1

1 year, 8 months

3
2
0 0

Order#32393

by dybctjib54＠gmail.com

The placement of your order has been completed successfully Listed Dispatched Update on the status of your order Pleased

1 year, 8 months

1
0
0 0

[PATCH 1/7] ASoC: qcom: sc8280xp: limit speaker volumes

by Johan Hovold

The current UCM configuration sets the speaker PA volume to 15 dB when enabling the speakers but this does not prevent the user from increasing the volume further. Limit the PA volume to 15 dB in the machine driver to reduce the risk of speaker damage until we have active speaker protection in place. Note that this will probably need to be generalised using machine-specific limits, but a common limit should do for now. Cc: stable(a)vger.kernel.org # 6.5 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- sound/soc/qcom/sc8280xp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sound/soc/qcom/sc8280xp.c b/sound/soc/qcom/sc8280xp.c index ed4bb551bfbb..aa43903421f5 100644 --- a/sound/soc/qcom/sc8280xp.c +++ b/sound/soc/qcom/sc8280xp.c @@ -32,12 +32,14 @@ static int sc8280xp_snd_init(struct snd_soc_pcm_runtime *rtd) case WSA_CODEC_DMA_RX_0: case WSA_CODEC_DMA_RX_1: /* - * set limit of 0dB on Digital Volume for Speakers, - * this can prevent damage of speakers to some extent without - * active speaker protection + * Set limit of 0 dB on Digital Volume and 15 dB on PA Volume + * to reduce the risk of speaker damage until we have active + * speaker protection in place. */ snd_soc_limit_volume(card, "WSA_RX0 Digital Volume", 84); snd_soc_limit_volume(card, "WSA_RX1 Digital Volume", 84); + snd_soc_limit_volume(card, "SpkrLeft PA Volume", 12); + snd_soc_limit_volume(card, "SpkrRight PA Volume", 12); break; default: break; -- 2.41.0

1 year, 8 months

3
2
0 0

[PATCH AUTOSEL 6.1 01/14] asm-generic: make sparse happy with odd-sized put_unaligned_*()

by Sasha Levin

From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [ Upstream commit 1ab33c03145d0f6c345823fc2da935d9a1a9e9fc ] __put_unaligned_be24() and friends use implicit casts to convert larger-sized data to bytes, which trips sparse truncation warnings when the argument is a constant: CC [M] drivers/input/touchscreen/hynitron_cstxxx.o CHECK drivers/input/touchscreen/hynitron_cstxxx.c drivers/input/touchscreen/hynitron_cstxxx.c: note: in included file (through arch/x86/include/generated/asm/unaligned.h): include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (aa01a0 becomes a0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (aa01 becomes 1) include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (ab00d0 becomes d0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (ab00 becomes 0) To avoid this let's mask off upper bits explicitly, the resulting code should be exactly the same, but it will keep sparse happy. Reported-by: kernel test robot <lkp(a)intel.com> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Closes: https://lore.kernel.org/oe-kbuild-all/202401070147.gqwVulOn-lkp@intel.com/ Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/asm-generic/unaligned.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/asm-generic/unaligned.h b/include/asm-generic/unaligned.h index 699650f81970..a84c64e5f11e 100644 --- a/include/asm-generic/unaligned.h +++ b/include/asm-generic/unaligned.h @@ -104,9 +104,9 @@ static inline u32 get_unaligned_le24(const void *p) static inline void __put_unaligned_be24(const u32 val, u8 *p) { - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be24(const u32 val, void *p) @@ -116,9 +116,9 @@ static inline void put_unaligned_be24(const u32 val, void *p) static inline void __put_unaligned_le24(const u32 val, u8 *p) { - *p++ = val; - *p++ = val >> 8; - *p++ = val >> 16; + *p++ = val & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = (val >> 16) & 0xff; } static inline void put_unaligned_le24(const u32 val, void *p) @@ -128,12 +128,12 @@ static inline void put_unaligned_le24(const u32 val, void *p) static inline void __put_unaligned_be48(const u64 val, u8 *p) { - *p++ = val >> 40; - *p++ = val >> 32; - *p++ = val >> 24; - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 40) & 0xff; + *p++ = (val >> 32) & 0xff; + *p++ = (val >> 24) & 0xff; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be48(const u64 val, void *p) -- 2.43.0

1 year, 8 months

2
15
0 0

[PATCH AUTOSEL 5.4 1/7] regulator: core: Only increment use_count when enable_count changes

by Sasha Levin

From: Rui Zhang <zr.zhang(a)vivo.com> [ Upstream commit 7993d3a9c34f609c02171e115fd12c10e2105ff4 ] The use_count of a regulator should only be incremented when the enable_count changes from 0 to 1. Similarly, the use_count should only be decremented when the enable_count changes from 1 to 0. In the previous implementation, use_count was sometimes decremented to 0 when some consumer called unbalanced disable, leading to unexpected disable even the regulator is enabled by other consumers. With this change, the use_count accurately reflects the number of users which the regulator is enabled. This should make things more robust in the case where a consumer does leak references. Signed-off-by: Rui Zhang <zr.zhang(a)vivo.com> Link: https://lore.kernel.org/r/20231103074231.8031-1-zr.zhang@vivo.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/core.c | 56 +++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 87d0cd6f49ca..894915892eaf 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -2658,7 +2658,8 @@ static int _regulator_enable(struct regulator *regulator) /* Fallthrough on positive return values - already enabled */ } - rdev->use_count++; + if (regulator->enable_count == 1) + rdev->use_count++; return 0; @@ -2736,37 +2737,40 @@ static int _regulator_disable(struct regulator *regulator) lockdep_assert_held_once(&rdev->mutex.base); - if (WARN(rdev->use_count <= 0, + if (WARN(regulator->enable_count == 0, "unbalanced disables for %s\n", rdev_get_name(rdev))) return -EIO; - /* are we the last user and permitted to disable ? */ - if (rdev->use_count == 1 && - (rdev->constraints && !rdev->constraints->always_on)) { - - /* we are last user */ - if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { - ret = _notifier_call_chain(rdev, - REGULATOR_EVENT_PRE_DISABLE, - NULL); - if (ret & NOTIFY_STOP_MASK) - return -EINVAL; - - ret = _regulator_do_disable(rdev); - if (ret < 0) { - rdev_err(rdev, "failed to disable\n"); - _notifier_call_chain(rdev, - REGULATOR_EVENT_ABORT_DISABLE, + if (regulator->enable_count == 1) { + /* disabling last enable_count from this regulator */ + /* are we the last user and permitted to disable ? */ + if (rdev->use_count == 1 && + (rdev->constraints && !rdev->constraints->always_on)) { + + /* we are last user */ + if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { + ret = _notifier_call_chain(rdev, + REGULATOR_EVENT_PRE_DISABLE, + NULL); + if (ret & NOTIFY_STOP_MASK) + return -EINVAL; + + ret = _regulator_do_disable(rdev); + if (ret < 0) { + rdev_err(rdev, "failed to disable\n"); + _notifier_call_chain(rdev, + REGULATOR_EVENT_ABORT_DISABLE, + NULL); + return ret; + } + _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, NULL); - return ret; } - _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, - NULL); - } - rdev->use_count = 0; - } else if (rdev->use_count > 1) { - rdev->use_count--; + rdev->use_count = 0; + } else if (rdev->use_count > 1) { + rdev->use_count--; + } } if (ret == 0) -- 2.43.0

1 year, 8 months

2
8
0 0

[PATCH AUTOSEL 4.19 1/5] audit: Send netlink ACK before setting connection in auditd_set

by Sasha Levin

From: Chris Riches <chris.riches(a)nutanix.com> [ Upstream commit 022732e3d846e197539712e51ecada90ded0572a ] When auditd_set sets the auditd_conn pointer, audit messages can immediately be put on the socket by other kernel threads. If the backlog is large or the rate is high, this can immediately fill the socket buffer. If the audit daemon requested an ACK for this operation, a full socket buffer causes the ACK to get dropped, also setting ENOBUFS on the socket. To avoid this race and ensure ACKs get through, fast-track the ACK in this specific case to ensure it is sent before auditd_conn is set. Signed-off-by: Chris Riches <chris.riches(a)nutanix.com> [PM: fix some tab vs space damage] Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/audit.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 471d3ad910aa..5fb87eccb8c2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -498,15 +498,19 @@ static void auditd_conn_free(struct rcu_head *rcu) * @pid: auditd PID * @portid: auditd netlink portid * @net: auditd network namespace pointer + * @skb: the netlink command from the audit daemon + * @ack: netlink ack flag, cleared if ack'd here * * Description: * This function will obtain and drop network namespace references as * necessary. Returns zero on success, negative values on failure. */ -static int auditd_set(struct pid *pid, u32 portid, struct net *net) +static int auditd_set(struct pid *pid, u32 portid, struct net *net, + struct sk_buff *skb, bool *ack) { unsigned long flags; struct auditd_connection *ac_old, *ac_new; + struct nlmsghdr *nlh; if (!pid || !net) return -EINVAL; @@ -518,6 +522,13 @@ static int auditd_set(struct pid *pid, u32 portid, struct net *net) ac_new->portid = portid; ac_new->net = get_net(net); + /* send the ack now to avoid a race with the queue backlog */ + if (*ack) { + nlh = nlmsg_hdr(skb); + netlink_ack(skb, nlh, 0, NULL); + *ack = false; + } + spin_lock_irqsave(&auditd_conn_lock, flags); ac_old = rcu_dereference_protected(auditd_conn, lockdep_is_held(&auditd_conn_lock)); @@ -1204,7 +1215,8 @@ static int audit_replace(struct pid *pid) return auditd_send_unicast_skb(skb); } -static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) +static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh, + bool *ack) { u32 seq; void *data; @@ -1296,7 +1308,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) /* register a new auditd connection */ err = auditd_set(req_pid, NETLINK_CB(skb).portid, - sock_net(NETLINK_CB(skb).sk)); + sock_net(NETLINK_CB(skb).sk), + skb, ack); if (audit_enabled != AUDIT_OFF) audit_log_config_change("audit_pid", new_pid, @@ -1529,9 +1542,10 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) * Parse the provided skb and deal with any messages that may be present, * malformed skbs are discarded. */ -static void audit_receive(struct sk_buff *skb) +static void audit_receive(struct sk_buff *skb) { struct nlmsghdr *nlh; + bool ack; /* * len MUST be signed for nlmsg_next to be able to dec it below 0 * if the nlmsg_len was not aligned @@ -1544,9 +1558,12 @@ static void audit_receive(struct sk_buff *skb) audit_ctl_lock(); while (nlmsg_ok(nlh, len)) { - err = audit_receive_msg(skb, nlh); - /* if err or if this message says it wants a response */ - if (err || (nlh->nlmsg_flags & NLM_F_ACK)) + ack = nlh->nlmsg_flags & NLM_F_ACK; + err = audit_receive_msg(skb, nlh, &ack); + + /* send an ack if the user asked for one and audit_receive_msg + * didn't already do it, or if there was an error. */ + if (ack || err) netlink_ack(skb, nlh, err, NULL); nlh = nlmsg_next(nlh, &len); -- 2.43.0

1 year, 8 months

2
5
0 0

[PATCH AUTOSEL 4.14 1/6] clk: rockchip: rk3128: Fix HCLK_OTG gate register

by Sasha Levin

From: Weihao Li <cn.liweihao(a)gmail.com> [ Upstream commit c6c5a5580dcb6631aa6369dabe12ef3ce784d1d2 ] The HCLK_OTG gate control is in CRU_CLKGATE5_CON, not CRU_CLKGATE3_CON. Signed-off-by: Weihao Li <cn.liweihao(a)gmail.com> Link: https://lore.kernel.org/r/20231031111816.8777-1-cn.liweihao@gmail.com Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/clk/rockchip/clk-rk3128.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/rockchip/clk-rk3128.c b/drivers/clk/rockchip/clk-rk3128.c index 5970a50671b9a..83c7eb18321f4 100644 --- a/drivers/clk/rockchip/clk-rk3128.c +++ b/drivers/clk/rockchip/clk-rk3128.c @@ -497,7 +497,7 @@ static struct rockchip_clk_branch common_clk_branches[] __initdata = { GATE(HCLK_I2S_2CH, "hclk_i2s_2ch", "hclk_peri", 0, RK2928_CLKGATE_CON(7), 2, GFLAGS), GATE(0, "hclk_usb_peri", "hclk_peri", CLK_IGNORE_UNUSED, RK2928_CLKGATE_CON(9), 13, GFLAGS), GATE(HCLK_HOST2, "hclk_host2", "hclk_peri", 0, RK2928_CLKGATE_CON(7), 3, GFLAGS), - GATE(HCLK_OTG, "hclk_otg", "hclk_peri", 0, RK2928_CLKGATE_CON(3), 13, GFLAGS), + GATE(HCLK_OTG, "hclk_otg", "hclk_peri", 0, RK2928_CLKGATE_CON(5), 13, GFLAGS), GATE(0, "hclk_peri_ahb", "hclk_peri", CLK_IGNORE_UNUSED, RK2928_CLKGATE_CON(9), 14, GFLAGS), GATE(HCLK_SPDIF, "hclk_spdif", "hclk_peri", 0, RK2928_CLKGATE_CON(10), 9, GFLAGS), GATE(HCLK_TSP, "hclk_tsp", "hclk_peri", 0, RK2928_CLKGATE_CON(10), 12, GFLAGS), -- 2.43.0

1 year, 8 months

3
8
0 0

[PATCH v3 2/2] usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK

by Prashanth K

Upstream commit bac1ec551434 ("usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK") introduced a new quirk in XHCI which fixes XHC timeout, which was seen on synopsys XHCs while using SG buffers. Currently this quirk can only be set using xhci private data. But there are some drivers like dwc3/host.c which adds adds quirks using software node for xhci device. Hence set this xhci quirk by iterating over device properties. Cc: <stable(a)vger.kernel.org> # 5.11 Fixes: bac1ec551434 ("usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- drivers/usb/host/xhci-plat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index f04fde19f551..3d071b875308 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -253,6 +253,9 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s if (device_property_read_bool(tmpdev, "quirk-broken-port-ped")) xhci->quirks |= XHCI_BROKEN_PORT_PED; + if (device_property_read_bool(tmpdev, "xhci-sg-trb-cache-size-quirk")) + xhci->quirks |= XHCI_SG_TRB_CACHE_SIZE_QUIRK; + device_property_read_u32(tmpdev, "imod-interval-ns", &xhci->imod_interval); } -- 2.25.1

1 year, 8 months

3
2
0 0

[PATCH 1/2] drm/amdgpu: Reset IH OVERFLOW_CLEAR bit after writing rptr

by Friedrich Vock

Allows us to detect subsequent IH ring buffer overflows as well. Cc: Joshua Ashton <joshua(a)froggi.es> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Friedrich Vock <friedrich.vock(a)gmx.de> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h | 2 ++ drivers/gpu/drm/amd/amdgpu/cik_ih.c | 13 +++++++++++++ drivers/gpu/drm/amd/amdgpu/cz_ih.c | 14 +++++++++++++- drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 14 +++++++++++++- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 13 +++++++++++++ drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 13 +++++++++++++ drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 12 ++++++++++++ drivers/gpu/drm/amd/amdgpu/si_ih.c | 12 ++++++++++++ drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 13 +++++++++++++ drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 12 ++++++++++++ drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 12 ++++++++++++ 11 files changed, 128 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h index 508f02eb0cf8..6041ec727f06 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h @@ -69,6 +69,8 @@ struct amdgpu_ih_ring { unsigned rptr; struct amdgpu_ih_regs ih_regs; + bool overflow; + /* For waiting on IH processing at checkpoint. */ wait_queue_head_t wait_process; uint64_t processed_timestamp; diff --git a/drivers/gpu/drm/amd/amdgpu/cik_ih.c b/drivers/gpu/drm/amd/amdgpu/cik_ih.c index 6f7c031dd197..807cc30c9e33 100644 --- a/drivers/gpu/drm/amd/amdgpu/cik_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/cik_ih.c @@ -204,6 +204,7 @@ static u32 cik_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32(mmIH_RB_CNTL); tmp |= IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = true; } return (wptr & ih->ptr_mask); } @@ -274,7 +275,19 @@ static void cik_ih_decode_iv(struct amdgpu_device *adev, static void cik_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; + WREG32(mmIH_RB_RPTR, ih->rptr); + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32(mmIH_RB_CNTL); + tmp &= ~IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; + WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = false; + } } static int cik_ih_early_init(void *handle) diff --git a/drivers/gpu/drm/amd/amdgpu/cz_ih.c b/drivers/gpu/drm/amd/amdgpu/cz_ih.c index b8c47e0cf37a..076559668573 100644 --- a/drivers/gpu/drm/amd/amdgpu/cz_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/cz_ih.c @@ -215,7 +215,7 @@ static u32 cz_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32(mmIH_RB_CNTL); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32(mmIH_RB_CNTL, tmp); - + ih->overflow = true; out: return (wptr & ih->ptr_mask); @@ -266,7 +266,19 @@ static void cz_ih_decode_iv(struct amdgpu_device *adev, static void cz_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; + WREG32(mmIH_RB_RPTR, ih->rptr); + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32(mmIH_RB_CNTL); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = false; + } } static int cz_ih_early_init(void *handle) diff --git a/drivers/gpu/drm/amd/amdgpu/iceland_ih.c b/drivers/gpu/drm/amd/amdgpu/iceland_ih.c index aecad530b10a..1a5e668643d1 100644 --- a/drivers/gpu/drm/amd/amdgpu/iceland_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/iceland_ih.c @@ -214,7 +214,7 @@ static u32 iceland_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32(mmIH_RB_CNTL); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32(mmIH_RB_CNTL, tmp); - + ih->overflow = true; out: return (wptr & ih->ptr_mask); @@ -265,7 +265,19 @@ static void iceland_ih_decode_iv(struct amdgpu_device *adev, static void iceland_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; + WREG32(mmIH_RB_RPTR, ih->rptr); + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32(mmIH_RB_CNTL); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = false; + } } static int iceland_ih_early_init(void *handle) diff --git a/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c b/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c index d9ed7332d805..ce8f7feec713 100644 --- a/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c @@ -418,6 +418,8 @@ static u32 ih_v6_0_get_wptr(struct amdgpu_device *adev, tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ih->overflow = true; + out: return (wptr & ih->ptr_mask); } @@ -459,6 +461,7 @@ static void ih_v6_0_irq_rearm(struct amdgpu_device *adev, static void ih_v6_0_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; struct amdgpu_ih_regs *ih_regs; if (ih->use_doorbell) { @@ -472,6 +475,16 @@ static void ih_v6_0_set_rptr(struct amdgpu_device *adev, ih_regs = &ih->ih_regs; WREG32(ih_regs->ih_rb_rptr, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl, tmp); + ih->overflow = false; + } } /** diff --git a/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c b/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c index 8fb05eae340a..668788ad34d9 100644 --- a/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c +++ b/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c @@ -418,6 +418,8 @@ static u32 ih_v6_1_get_wptr(struct amdgpu_device *adev, tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ih->overflow = true; + out: return (wptr & ih->ptr_mask); } @@ -459,6 +461,7 @@ static void ih_v6_1_irq_rearm(struct amdgpu_device *adev, static void ih_v6_1_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; struct amdgpu_ih_regs *ih_regs; if (ih->use_doorbell) { @@ -472,6 +475,16 @@ static void ih_v6_1_set_rptr(struct amdgpu_device *adev, ih_regs = &ih->ih_regs; WREG32(ih_regs->ih_rb_rptr, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl, tmp); + ih->overflow = false; + } } /** diff --git a/drivers/gpu/drm/amd/amdgpu/navi10_ih.c b/drivers/gpu/drm/amd/amdgpu/navi10_ih.c index e64b33115848..0bdac923cb4d 100644 --- a/drivers/gpu/drm/amd/amdgpu/navi10_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/navi10_ih.c @@ -442,6 +442,7 @@ static u32 navi10_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ih->overflow = true; out: return (wptr & ih->ptr_mask); } @@ -483,6 +484,7 @@ static void navi10_ih_irq_rearm(struct amdgpu_device *adev, static void navi10_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; struct amdgpu_ih_regs *ih_regs; if (ih == &adev->irq.ih_soft) @@ -499,6 +501,16 @@ static void navi10_ih_set_rptr(struct amdgpu_device *adev, ih_regs = &ih->ih_regs; WREG32(ih_regs->ih_rb_rptr, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl, tmp); + ih->overflow = false; + } } /** diff --git a/drivers/gpu/drm/amd/amdgpu/si_ih.c b/drivers/gpu/drm/amd/amdgpu/si_ih.c index 9a24f17a5750..ff35056d2b54 100644 --- a/drivers/gpu/drm/amd/amdgpu/si_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/si_ih.c @@ -119,6 +119,7 @@ static u32 si_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32(IH_RB_CNTL); tmp |= IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; WREG32(IH_RB_CNTL, tmp); + ih->overflow = true; } return (wptr & ih->ptr_mask); } @@ -147,7 +148,18 @@ static void si_ih_decode_iv(struct amdgpu_device *adev, static void si_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; + WREG32(IH_RB_RPTR, ih->rptr); + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32(IH_RB_CNTL); + tmp &= ~IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; + WREG32(IH_RB_CNTL, tmp); + } } static int si_ih_early_init(void *handle) diff --git a/drivers/gpu/drm/amd/amdgpu/tonga_ih.c b/drivers/gpu/drm/amd/amdgpu/tonga_ih.c index 917707bba7f3..6f5090d3db48 100644 --- a/drivers/gpu/drm/amd/amdgpu/tonga_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/tonga_ih.c @@ -218,6 +218,7 @@ static u32 tonga_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32(mmIH_RB_CNTL); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = true; out: return (wptr & ih->ptr_mask); @@ -268,6 +269,8 @@ static void tonga_ih_decode_iv(struct amdgpu_device *adev, static void tonga_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; + if (ih->use_doorbell) { /* XXX check if swapping is necessary on BE */ *ih->rptr_cpu = ih->rptr; @@ -275,6 +278,16 @@ static void tonga_ih_set_rptr(struct amdgpu_device *adev, } else { WREG32(mmIH_RB_RPTR, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32(mmIH_RB_CNTL); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32(mmIH_RB_CNTL, tmp); + ih->overflow = false; + } } static int tonga_ih_early_init(void *handle) diff --git a/drivers/gpu/drm/amd/amdgpu/vega10_ih.c b/drivers/gpu/drm/amd/amdgpu/vega10_ih.c index d364c6dd152c..bb005924f194 100644 --- a/drivers/gpu/drm/amd/amdgpu/vega10_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/vega10_ih.c @@ -372,6 +372,7 @@ static u32 vega10_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ih->overflow = true; out: return (wptr & ih->ptr_mask); @@ -413,6 +414,7 @@ static void vega10_ih_irq_rearm(struct amdgpu_device *adev, static void vega10_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; struct amdgpu_ih_regs *ih_regs; if (ih == &adev->irq.ih_soft) @@ -429,6 +431,16 @@ static void vega10_ih_set_rptr(struct amdgpu_device *adev, ih_regs = &ih->ih_regs; WREG32(ih_regs->ih_rb_rptr, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl, tmp); + ih->overflow = false; + } } /** diff --git a/drivers/gpu/drm/amd/amdgpu/vega20_ih.c b/drivers/gpu/drm/amd/amdgpu/vega20_ih.c index ddfc6941f9d5..bb725a970697 100644 --- a/drivers/gpu/drm/amd/amdgpu/vega20_ih.c +++ b/drivers/gpu/drm/amd/amdgpu/vega20_ih.c @@ -420,6 +420,7 @@ static u32 vega20_ih_get_wptr(struct amdgpu_device *adev, tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ih->overflow = true; out: return (wptr & ih->ptr_mask); @@ -462,6 +463,7 @@ static void vega20_ih_irq_rearm(struct amdgpu_device *adev, static void vega20_ih_set_rptr(struct amdgpu_device *adev, struct amdgpu_ih_ring *ih) { + u32 tmp; struct amdgpu_ih_regs *ih_regs; if (ih == &adev->irq.ih_soft) @@ -478,6 +480,16 @@ static void vega20_ih_set_rptr(struct amdgpu_device *adev, ih_regs = &ih->ih_regs; WREG32(ih_regs->ih_rb_rptr, ih->rptr); } + + /* If we overflowed previously (and thus set the OVERFLOW_CLEAR bit), + * reset it here to detect more overflows if they occur. + */ + if (ih->overflow) { + tmp = RREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); + WREG32_NO_KIQ(ih->ih_regs.ih_rb_cntl, tmp); + ih->overflow = false; + } } /** -- 2.43.0

1 year, 8 months

2
4
0 0

[PATCH v2 1/2] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK

by Prashanth K

Upstream commit bac1ec551434 ("usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK") introduced a new quirk in XHCI which fixes XHC timeout, which was seen on synopsys XHCs while using SG buffers. But the support for this quirk isn't present in the DWC3 layer. We will encounter this XHCI timeout/hung issue if we run iperf loopback tests using RTL8156 ethernet adaptor on DWC3 targets with scatter-gather enabled. This gets resolved after enabling the XHCI_SG_TRB_CACHE_SIZE_QUIRK. This patch enables it using the xhci device property since its needed for DWC3 controller. In Synopsys DWC3 databook, Table 9-3: xHCI Debug Capability Limitations Chained TRBs greater than TRB cache size: The debug capability driver must not create a multi-TRB TD that describes smaller than a 1K packet that spreads across 8 or more TRBs on either the IN TR or the OUT TR. Cc: <stable(a)vger.kernel.org> Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- drivers/usb/dwc3/host.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 61f57fe5bb78..31a496233d87 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -89,6 +89,8 @@ int dwc3_host_init(struct dwc3 *dwc) memset(props, 0, sizeof(struct property_entry) * ARRAY_SIZE(props)); + props[prop_idx++] = PROPERTY_ENTRY_BOOL("xhci-sg-trb-cache-size-quirk"); + if (dwc->usb3_lpm_capable) props[prop_idx++] = PROPERTY_ENTRY_BOOL("usb3-lpm-capable"); -- 2.25.1

1 year, 8 months

4
8
0 0

[PATCH v2] fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling

by Sidhartha Kumar

has_extra_refcount() makes the assumption that the page cache adds a ref count of 1 and subtracts this in the extra_pins case. Commit a08c7193e4f1 (mm/filemap: remove hugetlb special casing in filemap.c) modifies __filemap_add_folio() by calling folio_ref_add(folio, nr); for all cases (including hugtetlb) where nr is the number of pages in the folio. We should adjust the number of references coming from the page cache by subtracing the number of pages rather than 1. In hugetlbfs_read_iter(), folio_test_has_hwpoisoned() is testing the wrong flag as, in the hugetlb case, memory-failure code calls folio_test_set_hwpoison() to indicate poison. folio_test_hwpoison() is the correct function to test for that flag. After these fixes, the hugetlb hwpoison read selftest passes all cases. Fixes: a08c7193e4f1 ("mm/filemap: remove hugetlb special casing in filemap.c") Closes: https://lore.kernel.org/linux-mm/20230713001833.3778937-1-jiaqiyan@google.c… Cc: <stable(a)vger.kernel.org> # 6.7+ Signed-off-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- v1 -> v2: move ref_count adjustment to if(extra_pins) block as that represents ref counts from the page cache per Miaohe Lin. fs/hugetlbfs/inode.c | 2 +- mm/memory-failure.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 36132c9125f9..3a248e4f7e93 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -340,7 +340,7 @@ static ssize_t hugetlbfs_read_iter(struct kiocb *iocb, struct iov_iter *to) } else { folio_unlock(folio); - if (!folio_test_has_hwpoisoned(folio)) + if (!folio_test_hwpoison(folio)) want = nr; else { /* diff --git a/mm/memory-failure.c b/mm/memory-failure.c index d8c853b35dbb..ef7ae73b65bd 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -976,7 +976,7 @@ static bool has_extra_refcount(struct page_state *ps, struct page *p, int count = page_count(p) - 1; if (extra_pins) - count -= 1; + count -= folio_nr_pages(page_folio(p)); if (count > 0) { pr_err("%#lx: %s still referenced by %d users\n", -- 2.31.1

1 year, 8 months

5
5
0 0

[PATCH AUTOSEL 4.19 1/8] Hexagon: Make pfn accessors statics inlines

by Sasha Levin

From: Linus Walleij <linus.walleij(a)linaro.org> [ Upstream commit d6e81532b10d8deb2bc30f7b44f09534876893e3 ] Making virt_to_pfn() a static inline taking a strongly typed (const void *) makes the contract of a passing a pointer of that type to the function explicit and exposes any misuse of the macro virt_to_pfn() acting polymorphic and accepting many types such as (void *), (unitptr_t) or (unsigned long) as arguments without warnings. For symmetry do the same with pfn_to_virt(). For compiletime resolution of __pa() we need PAGE_OFFSET which was not available to __pa() and resolved by the preprocessor wherever __pa() was used. Fix this by explicitly including <asm/mem-layout.h> where required, following the pattern of the architectures page.h file. Acked-by: Brian Cain <bcain(a)quicinc.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/hexagon/include/asm/page.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/hexagon/include/asm/page.h b/arch/hexagon/include/asm/page.h index 93f5669b4aa1..a12ba19e6460 100644 --- a/arch/hexagon/include/asm/page.h +++ b/arch/hexagon/include/asm/page.h @@ -91,6 +91,9 @@ typedef struct page *pgtable_t; #define __pgd(x) ((pgd_t) { (x) }) #define __pgprot(x) ((pgprot_t) { (x) }) +/* Needed for PAGE_OFFSET used in the macro right below */ +#include <asm/mem-layout.h> + /* * We need a __pa and a __va routine for kernel space. * MIPS says they're only used during mem_init. @@ -140,8 +143,16 @@ static inline void clear_page(void *page) */ #define page_to_phys(page) (page_to_pfn(page) << PAGE_SHIFT) -#define virt_to_pfn(kaddr) (__pa(kaddr) >> PAGE_SHIFT) -#define pfn_to_virt(pfn) __va((pfn) << PAGE_SHIFT) +static inline unsigned long virt_to_pfn(const void *kaddr) +{ + return __pa(kaddr) >> PAGE_SHIFT; +} + +static inline void *pfn_to_virt(unsigned long pfn) +{ + return (void *)((unsigned long)__va(pfn) << PAGE_SHIFT); +} + #define page_to_virt(page) __va(page_to_phys(page)) -- 2.43.0

1 year, 8 months

1
7
0 0

[PATCH AUTOSEL 5.4 1/9] Hexagon: Make pfn accessors statics inlines

by Sasha Levin

From: Linus Walleij <linus.walleij(a)linaro.org> [ Upstream commit d6e81532b10d8deb2bc30f7b44f09534876893e3 ] Making virt_to_pfn() a static inline taking a strongly typed (const void *) makes the contract of a passing a pointer of that type to the function explicit and exposes any misuse of the macro virt_to_pfn() acting polymorphic and accepting many types such as (void *), (unitptr_t) or (unsigned long) as arguments without warnings. For symmetry do the same with pfn_to_virt(). For compiletime resolution of __pa() we need PAGE_OFFSET which was not available to __pa() and resolved by the preprocessor wherever __pa() was used. Fix this by explicitly including <asm/mem-layout.h> where required, following the pattern of the architectures page.h file. Acked-by: Brian Cain <bcain(a)quicinc.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/hexagon/include/asm/page.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/hexagon/include/asm/page.h b/arch/hexagon/include/asm/page.h index ee31f36f48f3..62976e38a963 100644 --- a/arch/hexagon/include/asm/page.h +++ b/arch/hexagon/include/asm/page.h @@ -78,6 +78,9 @@ typedef struct page *pgtable_t; #define __pgd(x) ((pgd_t) { (x) }) #define __pgprot(x) ((pgprot_t) { (x) }) +/* Needed for PAGE_OFFSET used in the macro right below */ +#include <asm/mem-layout.h> + /* * We need a __pa and a __va routine for kernel space. * MIPS says they're only used during mem_init. @@ -127,8 +130,16 @@ static inline void clear_page(void *page) */ #define page_to_phys(page) (page_to_pfn(page) << PAGE_SHIFT) -#define virt_to_pfn(kaddr) (__pa(kaddr) >> PAGE_SHIFT) -#define pfn_to_virt(pfn) __va((pfn) << PAGE_SHIFT) +static inline unsigned long virt_to_pfn(const void *kaddr) +{ + return __pa(kaddr) >> PAGE_SHIFT; +} + +static inline void *pfn_to_virt(unsigned long pfn) +{ + return (void *)((unsigned long)__va(pfn) << PAGE_SHIFT); +} + #define page_to_virt(page) __va(page_to_phys(page)) -- 2.43.0

1 year, 8 months

1
8
0 0

[PATCH AUTOSEL 5.10 1/9] Hexagon: Make pfn accessors statics inlines

by Sasha Levin

From: Linus Walleij <linus.walleij(a)linaro.org> [ Upstream commit d6e81532b10d8deb2bc30f7b44f09534876893e3 ] Making virt_to_pfn() a static inline taking a strongly typed (const void *) makes the contract of a passing a pointer of that type to the function explicit and exposes any misuse of the macro virt_to_pfn() acting polymorphic and accepting many types such as (void *), (unitptr_t) or (unsigned long) as arguments without warnings. For symmetry do the same with pfn_to_virt(). For compiletime resolution of __pa() we need PAGE_OFFSET which was not available to __pa() and resolved by the preprocessor wherever __pa() was used. Fix this by explicitly including <asm/mem-layout.h> where required, following the pattern of the architectures page.h file. Acked-by: Brian Cain <bcain(a)quicinc.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/hexagon/include/asm/page.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/hexagon/include/asm/page.h b/arch/hexagon/include/asm/page.h index 7cbf719c578e..2d8c681c3469 100644 --- a/arch/hexagon/include/asm/page.h +++ b/arch/hexagon/include/asm/page.h @@ -78,6 +78,9 @@ typedef struct page *pgtable_t; #define __pgd(x) ((pgd_t) { (x) }) #define __pgprot(x) ((pgprot_t) { (x) }) +/* Needed for PAGE_OFFSET used in the macro right below */ +#include <asm/mem-layout.h> + /* * We need a __pa and a __va routine for kernel space. * MIPS says they're only used during mem_init. @@ -126,8 +129,16 @@ static inline void clear_page(void *page) */ #define page_to_phys(page) (page_to_pfn(page) << PAGE_SHIFT) -#define virt_to_pfn(kaddr) (__pa(kaddr) >> PAGE_SHIFT) -#define pfn_to_virt(pfn) __va((pfn) << PAGE_SHIFT) +static inline unsigned long virt_to_pfn(const void *kaddr) +{ + return __pa(kaddr) >> PAGE_SHIFT; +} + +static inline void *pfn_to_virt(unsigned long pfn) +{ + return (void *)((unsigned long)__va(pfn) << PAGE_SHIFT); +} + #define page_to_virt(page) __va(page_to_phys(page)) -- 2.43.0

1 year, 8 months

1
8
0 0

[PATCH AUTOSEL 6.6 01/19] s390/boot: always align vmalloc area on segment boundary

by Sasha Levin

From: Alexander Gordeev <agordeev(a)linux.ibm.com> [ Upstream commit 65f8780e2d70257200547b5a7654974aa7c37ce1 ] The size of vmalloc area depends from various factors on boot and could be set to: 1. Default size as determined by VMALLOC_DEFAULT_SIZE macro; 2. One half of the virtual address space not occupied by modules and fixed mappings; 3. The size provided by user with vmalloc= kernel command line parameter; In cases [1] and [2] the vmalloc area base address is aligned on Region3 table type boundary, while in case [3] in might get aligned on page boundary. Limit the waste of page tables and always align vmalloc area size and base address on segment boundary. Acked-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/boot/ipl_parm.c | 2 +- arch/s390/boot/startup.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/s390/boot/ipl_parm.c b/arch/s390/boot/ipl_parm.c index 7b7521762633..4230144645bc 100644 --- a/arch/s390/boot/ipl_parm.c +++ b/arch/s390/boot/ipl_parm.c @@ -272,7 +272,7 @@ void parse_boot_command_line(void) memory_limit = round_down(memparse(val, NULL), PAGE_SIZE); if (!strcmp(param, "vmalloc") && val) { - vmalloc_size = round_up(memparse(val, NULL), PAGE_SIZE); + vmalloc_size = round_up(memparse(val, NULL), _SEGMENT_SIZE); vmalloc_size_set = 1; } diff --git a/arch/s390/boot/startup.c b/arch/s390/boot/startup.c index d3e48bd9c394..d08db5df6091 100644 --- a/arch/s390/boot/startup.c +++ b/arch/s390/boot/startup.c @@ -212,7 +212,8 @@ static unsigned long setup_kernel_memory_layout(void) VMALLOC_END = MODULES_VADDR; /* allow vmalloc area to occupy up to about 1/2 of the rest virtual space left */ - vmalloc_size = min(vmalloc_size, round_down(VMALLOC_END / 2, _REGION3_SIZE)); + vsize = round_down(VMALLOC_END / 2, _SEGMENT_SIZE); + vmalloc_size = min(vmalloc_size, vsize); VMALLOC_START = VMALLOC_END - vmalloc_size; /* split remaining virtual space between 1:1 mapping & vmemmap array */ -- 2.43.0

1 year, 8 months

1
18
0 0

[PATCH AUTOSEL 6.7 01/21] s390/boot: always align vmalloc area on segment boundary

by Sasha Levin

From: Alexander Gordeev <agordeev(a)linux.ibm.com> [ Upstream commit 65f8780e2d70257200547b5a7654974aa7c37ce1 ] The size of vmalloc area depends from various factors on boot and could be set to: 1. Default size as determined by VMALLOC_DEFAULT_SIZE macro; 2. One half of the virtual address space not occupied by modules and fixed mappings; 3. The size provided by user with vmalloc= kernel command line parameter; In cases [1] and [2] the vmalloc area base address is aligned on Region3 table type boundary, while in case [3] in might get aligned on page boundary. Limit the waste of page tables and always align vmalloc area size and base address on segment boundary. Acked-by: Heiko Carstens <hca(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/boot/ipl_parm.c | 2 +- arch/s390/boot/startup.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/s390/boot/ipl_parm.c b/arch/s390/boot/ipl_parm.c index 2ab4872fbee1..b24de9aabf7d 100644 --- a/arch/s390/boot/ipl_parm.c +++ b/arch/s390/boot/ipl_parm.c @@ -274,7 +274,7 @@ void parse_boot_command_line(void) memory_limit = round_down(memparse(val, NULL), PAGE_SIZE); if (!strcmp(param, "vmalloc") && val) { - vmalloc_size = round_up(memparse(val, NULL), PAGE_SIZE); + vmalloc_size = round_up(memparse(val, NULL), _SEGMENT_SIZE); vmalloc_size_set = 1; } diff --git a/arch/s390/boot/startup.c b/arch/s390/boot/startup.c index 8104e0e3d188..9cc76e631759 100644 --- a/arch/s390/boot/startup.c +++ b/arch/s390/boot/startup.c @@ -255,7 +255,8 @@ static unsigned long setup_kernel_memory_layout(void) VMALLOC_END = MODULES_VADDR; /* allow vmalloc area to occupy up to about 1/2 of the rest virtual space left */ - vmalloc_size = min(vmalloc_size, round_down(VMALLOC_END / 2, _REGION3_SIZE)); + vsize = round_down(VMALLOC_END / 2, _SEGMENT_SIZE); + vmalloc_size = min(vmalloc_size, vsize); VMALLOC_START = VMALLOC_END - vmalloc_size; /* split remaining virtual space between 1:1 mapping & vmemmap array */ -- 2.43.0

1 year, 8 months

1
20
0 0

[PATCH AUTOSEL 5.4 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index ea330ce921b1..e8c1f3738c39 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2935,6 +2935,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
11
0 0

[PATCH AUTOSEL 5.10 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 72eb5ed54c2a..985beb1c654d 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2935,6 +2935,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
11
0 0

[PATCH AUTOSEL 5.15 01/13] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 5b01026fff9b..bd2bb5724cc1 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2939,6 +2939,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
12
0 0

[PATCH AUTOSEL 6.1 01/14] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 4d56f6081a5d..34e230b2110b 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2871,6 +2871,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
13
0 0

[PATCH AUTOSEL 6.6 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 11c77757ead9..d55f0dd8d754 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2871,6 +2871,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
18
0 0

[PATCH AUTOSEL 6.7 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

by Sasha Levin

From: Osama Muhammad <osmtendev(a)gmail.com> [ Upstream commit 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 ] Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. Reported-by: syzbot+39ba34a099ac2e9bd3cb(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb Signed-off-by: Osama Muhammad <osmtendev(a)gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/jfs/jfs_dmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 11c77757ead9..d55f0dd8d754 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -2871,6 +2871,9 @@ static void dbAdjTree(dmtree_t * tp, int leafno, int newval) /* is the current value the same as the old value ? if so, * there is nothing to do. */ + if (WARN_ON_ONCE(lp >= CTLTREESIZE)) + return; + if (tp->dmt_stree[lp] == newval) return; -- 2.43.0

1 year, 8 months

1
18
0 0

[PATCH AUTOSEL 5.15 1/8] regulator: core: Only increment use_count when enable_count changes

by Sasha Levin

From: Rui Zhang <zr.zhang(a)vivo.com> [ Upstream commit 7993d3a9c34f609c02171e115fd12c10e2105ff4 ] The use_count of a regulator should only be incremented when the enable_count changes from 0 to 1. Similarly, the use_count should only be decremented when the enable_count changes from 1 to 0. In the previous implementation, use_count was sometimes decremented to 0 when some consumer called unbalanced disable, leading to unexpected disable even the regulator is enabled by other consumers. With this change, the use_count accurately reflects the number of users which the regulator is enabled. This should make things more robust in the case where a consumer does leak references. Signed-off-by: Rui Zhang <zr.zhang(a)vivo.com> Link: https://lore.kernel.org/r/20231103074231.8031-1-zr.zhang@vivo.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/core.c | 56 +++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 8ad50dc8fb35..9b1f27f87c95 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -2881,7 +2881,8 @@ static int _regulator_enable(struct regulator *regulator) /* Fallthrough on positive return values - already enabled */ } - rdev->use_count++; + if (regulator->enable_count == 1) + rdev->use_count++; return 0; @@ -2956,37 +2957,40 @@ static int _regulator_disable(struct regulator *regulator) lockdep_assert_held_once(&rdev->mutex.base); - if (WARN(rdev->use_count <= 0, + if (WARN(regulator->enable_count == 0, "unbalanced disables for %s\n", rdev_get_name(rdev))) return -EIO; - /* are we the last user and permitted to disable ? */ - if (rdev->use_count == 1 && - (rdev->constraints && !rdev->constraints->always_on)) { - - /* we are last user */ - if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { - ret = _notifier_call_chain(rdev, - REGULATOR_EVENT_PRE_DISABLE, - NULL); - if (ret & NOTIFY_STOP_MASK) - return -EINVAL; - - ret = _regulator_do_disable(rdev); - if (ret < 0) { - rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); - _notifier_call_chain(rdev, - REGULATOR_EVENT_ABORT_DISABLE, + if (regulator->enable_count == 1) { + /* disabling last enable_count from this regulator */ + /* are we the last user and permitted to disable ? */ + if (rdev->use_count == 1 && + (rdev->constraints && !rdev->constraints->always_on)) { + + /* we are last user */ + if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { + ret = _notifier_call_chain(rdev, + REGULATOR_EVENT_PRE_DISABLE, + NULL); + if (ret & NOTIFY_STOP_MASK) + return -EINVAL; + + ret = _regulator_do_disable(rdev); + if (ret < 0) { + rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); + _notifier_call_chain(rdev, + REGULATOR_EVENT_ABORT_DISABLE, + NULL); + return ret; + } + _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, NULL); - return ret; } - _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, - NULL); - } - rdev->use_count = 0; - } else if (rdev->use_count > 1) { - rdev->use_count--; + rdev->use_count = 0; + } else if (rdev->use_count > 1) { + rdev->use_count--; + } } if (ret == 0) -- 2.43.0

1 year, 8 months

1
7
0 0

[PATCH AUTOSEL 6.1 1/9] regulator: core: Only increment use_count when enable_count changes

by Sasha Levin

From: Rui Zhang <zr.zhang(a)vivo.com> [ Upstream commit 7993d3a9c34f609c02171e115fd12c10e2105ff4 ] The use_count of a regulator should only be incremented when the enable_count changes from 0 to 1. Similarly, the use_count should only be decremented when the enable_count changes from 1 to 0. In the previous implementation, use_count was sometimes decremented to 0 when some consumer called unbalanced disable, leading to unexpected disable even the regulator is enabled by other consumers. With this change, the use_count accurately reflects the number of users which the regulator is enabled. This should make things more robust in the case where a consumer does leak references. Signed-off-by: Rui Zhang <zr.zhang(a)vivo.com> Link: https://lore.kernel.org/r/20231103074231.8031-1-zr.zhang@vivo.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/core.c | 56 +++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 34d3d8281906..c8702011b761 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -2925,7 +2925,8 @@ static int _regulator_enable(struct regulator *regulator) /* Fallthrough on positive return values - already enabled */ } - rdev->use_count++; + if (regulator->enable_count == 1) + rdev->use_count++; return 0; @@ -3000,37 +3001,40 @@ static int _regulator_disable(struct regulator *regulator) lockdep_assert_held_once(&rdev->mutex.base); - if (WARN(rdev->use_count <= 0, + if (WARN(regulator->enable_count == 0, "unbalanced disables for %s\n", rdev_get_name(rdev))) return -EIO; - /* are we the last user and permitted to disable ? */ - if (rdev->use_count == 1 && - (rdev->constraints && !rdev->constraints->always_on)) { - - /* we are last user */ - if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { - ret = _notifier_call_chain(rdev, - REGULATOR_EVENT_PRE_DISABLE, - NULL); - if (ret & NOTIFY_STOP_MASK) - return -EINVAL; - - ret = _regulator_do_disable(rdev); - if (ret < 0) { - rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); - _notifier_call_chain(rdev, - REGULATOR_EVENT_ABORT_DISABLE, + if (regulator->enable_count == 1) { + /* disabling last enable_count from this regulator */ + /* are we the last user and permitted to disable ? */ + if (rdev->use_count == 1 && + (rdev->constraints && !rdev->constraints->always_on)) { + + /* we are last user */ + if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { + ret = _notifier_call_chain(rdev, + REGULATOR_EVENT_PRE_DISABLE, + NULL); + if (ret & NOTIFY_STOP_MASK) + return -EINVAL; + + ret = _regulator_do_disable(rdev); + if (ret < 0) { + rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); + _notifier_call_chain(rdev, + REGULATOR_EVENT_ABORT_DISABLE, + NULL); + return ret; + } + _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, NULL); - return ret; } - _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, - NULL); - } - rdev->use_count = 0; - } else if (rdev->use_count > 1) { - rdev->use_count--; + rdev->use_count = 0; + } else if (rdev->use_count > 1) { + rdev->use_count--; + } } if (ret == 0) -- 2.43.0

1 year, 8 months

1
8
0 0

[PATCH AUTOSEL 6.6 01/14] regulator: core: Only increment use_count when enable_count changes

by Sasha Levin

From: Rui Zhang <zr.zhang(a)vivo.com> [ Upstream commit 7993d3a9c34f609c02171e115fd12c10e2105ff4 ] The use_count of a regulator should only be incremented when the enable_count changes from 0 to 1. Similarly, the use_count should only be decremented when the enable_count changes from 1 to 0. In the previous implementation, use_count was sometimes decremented to 0 when some consumer called unbalanced disable, leading to unexpected disable even the regulator is enabled by other consumers. With this change, the use_count accurately reflects the number of users which the regulator is enabled. This should make things more robust in the case where a consumer does leak references. Signed-off-by: Rui Zhang <zr.zhang(a)vivo.com> Link: https://lore.kernel.org/r/20231103074231.8031-1-zr.zhang@vivo.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/core.c | 56 +++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 3137e40fcd3e..a7b3e548ea5a 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -2918,7 +2918,8 @@ static int _regulator_enable(struct regulator *regulator) /* Fallthrough on positive return values - already enabled */ } - rdev->use_count++; + if (regulator->enable_count == 1) + rdev->use_count++; return 0; @@ -2993,37 +2994,40 @@ static int _regulator_disable(struct regulator *regulator) lockdep_assert_held_once(&rdev->mutex.base); - if (WARN(rdev->use_count <= 0, + if (WARN(regulator->enable_count == 0, "unbalanced disables for %s\n", rdev_get_name(rdev))) return -EIO; - /* are we the last user and permitted to disable ? */ - if (rdev->use_count == 1 && - (rdev->constraints && !rdev->constraints->always_on)) { - - /* we are last user */ - if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { - ret = _notifier_call_chain(rdev, - REGULATOR_EVENT_PRE_DISABLE, - NULL); - if (ret & NOTIFY_STOP_MASK) - return -EINVAL; - - ret = _regulator_do_disable(rdev); - if (ret < 0) { - rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); - _notifier_call_chain(rdev, - REGULATOR_EVENT_ABORT_DISABLE, + if (regulator->enable_count == 1) { + /* disabling last enable_count from this regulator */ + /* are we the last user and permitted to disable ? */ + if (rdev->use_count == 1 && + (rdev->constraints && !rdev->constraints->always_on)) { + + /* we are last user */ + if (regulator_ops_is_valid(rdev, REGULATOR_CHANGE_STATUS)) { + ret = _notifier_call_chain(rdev, + REGULATOR_EVENT_PRE_DISABLE, + NULL); + if (ret & NOTIFY_STOP_MASK) + return -EINVAL; + + ret = _regulator_do_disable(rdev); + if (ret < 0) { + rdev_err(rdev, "failed to disable: %pe\n", ERR_PTR(ret)); + _notifier_call_chain(rdev, + REGULATOR_EVENT_ABORT_DISABLE, + NULL); + return ret; + } + _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, NULL); - return ret; } - _notifier_call_chain(rdev, REGULATOR_EVENT_DISABLE, - NULL); - } - rdev->use_count = 0; - } else if (rdev->use_count > 1) { - rdev->use_count--; + rdev->use_count = 0; + } else if (rdev->use_count > 1) { + rdev->use_count--; + } } if (ret == 0) -- 2.43.0

1 year, 8 months

1
13
0 0

[PATCH AUTOSEL 5.4] perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file

by Sasha Levin

From: Greg KH <gregkh(a)linuxfoundation.org> [ Upstream commit 652ffc2104ec1f69dd4a46313888c33527145ccf ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/2023061204-decal-flyable-6090@gregkh Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/core.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 1e62a567b0d7..3ec29a27d877 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -10080,9 +10080,32 @@ static DEVICE_ATTR_RW(perf_event_mux_interval_ms); static struct attribute *pmu_dev_attrs[] = { &dev_attr_type.attr, &dev_attr_perf_event_mux_interval_ms.attr, + &dev_attr_nr_addr_filters.attr, + NULL, +}; + +static umode_t pmu_dev_is_visible(struct kobject *kobj, struct attribute *a, int n) +{ + struct device *dev = kobj_to_dev(kobj); + struct pmu *pmu = dev_get_drvdata(dev); + + if (!pmu->nr_addr_filters) + return 0; + + return a->mode; + + return 0; +} + +static struct attribute_group pmu_dev_attr_group = { + .is_visible = pmu_dev_is_visible, + .attrs = pmu_dev_attrs, +}; + +static const struct attribute_group *pmu_dev_groups[] = { + &pmu_dev_attr_group, NULL, }; -ATTRIBUTE_GROUPS(pmu_dev); static int pmu_bus_running; static struct bus_type pmu_bus = { @@ -10118,18 +10141,11 @@ static int pmu_dev_alloc(struct pmu *pmu) if (ret) goto free_dev; - /* For PMUs with address filters, throw in an extra attribute: */ - if (pmu->nr_addr_filters) - ret = device_create_file(pmu->dev, &dev_attr_nr_addr_filters); - - if (ret) - goto del_dev; - - if (pmu->attr_update) + if (pmu->attr_update) { ret = sysfs_update_groups(&pmu->dev->kobj, pmu->attr_update); - - if (ret) - goto del_dev; + if (ret) + goto del_dev; + } out: return ret; -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH AUTOSEL 5.10 1/2] perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file

by Sasha Levin

From: Greg KH <gregkh(a)linuxfoundation.org> [ Upstream commit 652ffc2104ec1f69dd4a46313888c33527145ccf ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/2023061204-decal-flyable-6090@gregkh Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/core.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index afedd008e0af..ab5b75f3b886 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -10855,9 +10855,32 @@ static DEVICE_ATTR_RW(perf_event_mux_interval_ms); static struct attribute *pmu_dev_attrs[] = { &dev_attr_type.attr, &dev_attr_perf_event_mux_interval_ms.attr, + &dev_attr_nr_addr_filters.attr, + NULL, +}; + +static umode_t pmu_dev_is_visible(struct kobject *kobj, struct attribute *a, int n) +{ + struct device *dev = kobj_to_dev(kobj); + struct pmu *pmu = dev_get_drvdata(dev); + + if (!pmu->nr_addr_filters) + return 0; + + return a->mode; + + return 0; +} + +static struct attribute_group pmu_dev_attr_group = { + .is_visible = pmu_dev_is_visible, + .attrs = pmu_dev_attrs, +}; + +static const struct attribute_group *pmu_dev_groups[] = { + &pmu_dev_attr_group, NULL, }; -ATTRIBUTE_GROUPS(pmu_dev); static int pmu_bus_running; static struct bus_type pmu_bus = { @@ -10893,18 +10916,11 @@ static int pmu_dev_alloc(struct pmu *pmu) if (ret) goto free_dev; - /* For PMUs with address filters, throw in an extra attribute: */ - if (pmu->nr_addr_filters) - ret = device_create_file(pmu->dev, &dev_attr_nr_addr_filters); - - if (ret) - goto del_dev; - - if (pmu->attr_update) + if (pmu->attr_update) { ret = sysfs_update_groups(&pmu->dev->kobj, pmu->attr_update); - - if (ret) - goto del_dev; + if (ret) + goto del_dev; + } out: return ret; -- 2.43.0

1 year, 8 months

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file

by Sasha Levin

From: Greg KH <gregkh(a)linuxfoundation.org> [ Upstream commit 652ffc2104ec1f69dd4a46313888c33527145ccf ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/2023061204-decal-flyable-6090@gregkh Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/core.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index ada7ef0eb639..0e03afd82348 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11220,9 +11220,32 @@ static DEVICE_ATTR_RW(perf_event_mux_interval_ms); static struct attribute *pmu_dev_attrs[] = { &dev_attr_type.attr, &dev_attr_perf_event_mux_interval_ms.attr, + &dev_attr_nr_addr_filters.attr, + NULL, +}; + +static umode_t pmu_dev_is_visible(struct kobject *kobj, struct attribute *a, int n) +{ + struct device *dev = kobj_to_dev(kobj); + struct pmu *pmu = dev_get_drvdata(dev); + + if (!pmu->nr_addr_filters) + return 0; + + return a->mode; + + return 0; +} + +static struct attribute_group pmu_dev_attr_group = { + .is_visible = pmu_dev_is_visible, + .attrs = pmu_dev_attrs, +}; + +static const struct attribute_group *pmu_dev_groups[] = { + &pmu_dev_attr_group, NULL, }; -ATTRIBUTE_GROUPS(pmu_dev); static int pmu_bus_running; static struct bus_type pmu_bus = { @@ -11258,18 +11281,11 @@ static int pmu_dev_alloc(struct pmu *pmu) if (ret) goto free_dev; - /* For PMUs with address filters, throw in an extra attribute: */ - if (pmu->nr_addr_filters) - ret = device_create_file(pmu->dev, &dev_attr_nr_addr_filters); - - if (ret) - goto del_dev; - - if (pmu->attr_update) + if (pmu->attr_update) { ret = sysfs_update_groups(&pmu->dev->kobj, pmu->attr_update); - - if (ret) - goto del_dev; + if (ret) + goto del_dev; + } out: return ret; -- 2.43.0

1 year, 8 months

1
1
0 0

[PATCH AUTOSEL 6.1 1/2] perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file

by Sasha Levin

From: Greg KH <gregkh(a)linuxfoundation.org> [ Upstream commit 652ffc2104ec1f69dd4a46313888c33527145ccf ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/2023061204-decal-flyable-6090@gregkh Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/core.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 8c7d2f4f5fba..1e4841ebc22e 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11223,9 +11223,32 @@ static DEVICE_ATTR_RW(perf_event_mux_interval_ms); static struct attribute *pmu_dev_attrs[] = { &dev_attr_type.attr, &dev_attr_perf_event_mux_interval_ms.attr, + &dev_attr_nr_addr_filters.attr, + NULL, +}; + +static umode_t pmu_dev_is_visible(struct kobject *kobj, struct attribute *a, int n) +{ + struct device *dev = kobj_to_dev(kobj); + struct pmu *pmu = dev_get_drvdata(dev); + + if (!pmu->nr_addr_filters) + return 0; + + return a->mode; + + return 0; +} + +static struct attribute_group pmu_dev_attr_group = { + .is_visible = pmu_dev_is_visible, + .attrs = pmu_dev_attrs, +}; + +static const struct attribute_group *pmu_dev_groups[] = { + &pmu_dev_attr_group, NULL, }; -ATTRIBUTE_GROUPS(pmu_dev); static int pmu_bus_running; static struct bus_type pmu_bus = { @@ -11261,18 +11284,11 @@ static int pmu_dev_alloc(struct pmu *pmu) if (ret) goto free_dev; - /* For PMUs with address filters, throw in an extra attribute: */ - if (pmu->nr_addr_filters) - ret = device_create_file(pmu->dev, &dev_attr_nr_addr_filters); - - if (ret) - goto del_dev; - - if (pmu->attr_update) + if (pmu->attr_update) { ret = sysfs_update_groups(&pmu->dev->kobj, pmu->attr_update); - - if (ret) - goto del_dev; + if (ret) + goto del_dev; + } out: return ret; -- 2.43.0

1 year, 8 months

1
1
0 0

[PATCH AUTOSEL 6.6 1/6] perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file

by Sasha Levin

From: Greg KH <gregkh(a)linuxfoundation.org> [ Upstream commit 652ffc2104ec1f69dd4a46313888c33527145ccf ] Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Link: https://lkml.kernel.org/r/2023061204-decal-flyable-6090@gregkh Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/events/core.c | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 58ecb1c24387..f22c540350a1 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -11413,9 +11413,32 @@ static DEVICE_ATTR_RW(perf_event_mux_interval_ms); static struct attribute *pmu_dev_attrs[] = { &dev_attr_type.attr, &dev_attr_perf_event_mux_interval_ms.attr, + &dev_attr_nr_addr_filters.attr, + NULL, +}; + +static umode_t pmu_dev_is_visible(struct kobject *kobj, struct attribute *a, int n) +{ + struct device *dev = kobj_to_dev(kobj); + struct pmu *pmu = dev_get_drvdata(dev); + + if (!pmu->nr_addr_filters) + return 0; + + return a->mode; + + return 0; +} + +static struct attribute_group pmu_dev_attr_group = { + .is_visible = pmu_dev_is_visible, + .attrs = pmu_dev_attrs, +}; + +static const struct attribute_group *pmu_dev_groups[] = { + &pmu_dev_attr_group, NULL, }; -ATTRIBUTE_GROUPS(pmu_dev); static int pmu_bus_running; static struct bus_type pmu_bus = { @@ -11452,18 +11475,11 @@ static int pmu_dev_alloc(struct pmu *pmu) if (ret) goto free_dev; - /* For PMUs with address filters, throw in an extra attribute: */ - if (pmu->nr_addr_filters) - ret = device_create_file(pmu->dev, &dev_attr_nr_addr_filters); - - if (ret) - goto del_dev; - - if (pmu->attr_update) + if (pmu->attr_update) { ret = sysfs_update_groups(&pmu->dev->kobj, pmu->attr_update); - - if (ret) - goto del_dev; + if (ret) + goto del_dev; + } out: return ret; -- 2.43.0

1 year, 8 months

1
5
0 0

[PATCH AUTOSEL 6.7 1/8] sched/numa: Fix mm numa_scan_seq based unconditional scan

by Sasha Levin

From: Raghavendra K T <raghavendra.kt(a)amd.com> [ Upstream commit 84db47ca7146d7bd00eb5cf2b93989a971c84650 ] Since commit fc137c0ddab2 ("sched/numa: enhance vma scanning logic") NUMA Balancing allows updating PTEs to trap NUMA hinting faults if the task had previously accessed VMA. However unconditional scan of VMAs are allowed during initial phase of VMA creation until process's mm numa_scan_seq reaches 2 even though current task had not accessed VMA. Rationale: - Without initial scan subsequent PTE update may never happen. - Give fair opportunity to all the VMAs to be scanned and subsequently understand the access pattern of all the VMAs. But it has a corner case where, if a VMA is created after some time, process's mm numa_scan_seq could be already greater than 2. For e.g., values of mm numa_scan_seq when VMAs are created by running mmtest autonuma benchmark briefly looks like: start_seq=0 : 459 start_seq=2 : 138 start_seq=3 : 144 start_seq=4 : 8 start_seq=8 : 1 start_seq=9 : 1 This results in no unconditional PTE updates for those VMAs created after some time. Fix: - Note down the initial value of mm numa_scan_seq in per VMA start_seq. - Allow unconditional scan till start_seq + 2. Result: SUT: AMD EPYC Milan with 2 NUMA nodes 256 cpus. base kernel: upstream 6.6-rc6 with Mels patches [1] applied. kernbench ========== base patched %gain Amean elsp-128 165.09 ( 0.00%) 164.78 * 0.19%* Duration User 41404.28 41375.08 Duration System 9862.22 9768.48 Duration Elapsed 519.87 518.72 Ops NUMA PTE updates 1041416.00 831536.00 Ops NUMA hint faults 263296.00 220966.00 Ops NUMA pages migrated 258021.00 212769.00 Ops AutoNUMA cost 1328.67 1114.69 autonumabench NUMA01_THREADLOCAL ================== Amean elsp-NUMA01_THREADLOCAL 81.79 (0.00%) 67.74 * 17.18%* Duration User 54832.73 47379.67 Duration System 75.00 185.75 Duration Elapsed 576.72 476.09 Ops NUMA PTE updates 394429.00 11121044.00 Ops NUMA hint faults 1001.00 8906404.00 Ops NUMA pages migrated 288.00 2998694.00 Ops AutoNUMA cost 7.77 44666.84 Signed-off-by: Raghavendra K T <raghavendra.kt(a)amd.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Mel Gorman <mgorman(a)suse.de> Link: https://lore.kernel.org/r/2ea7cbce80ac7c62e90cbfb9653a7972f902439f.16978166… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/linux/mm_types.h | 3 +++ kernel/sched/fair.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index 957ce38768b2..950df415d7de 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -600,6 +600,9 @@ struct vma_numab_state { */ unsigned long pids_active[2]; + /* MM scan sequence ID when scan first started after VMA creation */ + int start_scan_seq; + /* * MM scan sequence ID when the VMA was last completely scanned. * A VMA is not eligible for scanning if prev_scan_seq == numa_scan_seq diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index d7a3c63a2171..44b5262b6657 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -3164,7 +3164,7 @@ static bool vma_is_accessed(struct mm_struct *mm, struct vm_area_struct *vma) * This is also done to avoid any side effect of task scanning * amplifying the unfairness of disjoint set of VMAs' access. */ - if (READ_ONCE(current->mm->numa_scan_seq) < 2) + if ((READ_ONCE(current->mm->numa_scan_seq) - vma->numab_state->start_scan_seq) < 2) return true; pids = vma->numab_state->pids_active[0] | vma->numab_state->pids_active[1]; @@ -3307,6 +3307,8 @@ static void task_numa_work(struct callback_head *work) if (!vma->numab_state) continue; + vma->numab_state->start_scan_seq = mm->numa_scan_seq; + vma->numab_state->next_scan = now + msecs_to_jiffies(sysctl_numa_balancing_scan_delay); -- 2.43.0

1 year, 8 months

1
7
0 0

[PATCH AUTOSEL 4.19 1/4] powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

by Sasha Levin

From: Kunwu Chan <chentao(a)kylinos.cn> [ Upstream commit f46c8a75263f97bda13c739ba1c90aced0d3b071 ] kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. Suggested-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Kunwu Chan <chentao(a)kylinos.cn> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20231204023223.2447523-1-chentao@kylinos.cn Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/powerpc/mm/init-common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c index 2b656e67f2ea..927703af49be 100644 --- a/arch/powerpc/mm/init-common.c +++ b/arch/powerpc/mm/init-common.c @@ -65,7 +65,7 @@ void pgtable_cache_add(unsigned shift, void (*ctor)(void *)) * as to leave enough 0 bits in the address to contain it. */ unsigned long minalign = max(MAX_PGTABLE_INDEX_SIZE + 1, HUGEPD_SHIFT_MASK + 1); - struct kmem_cache *new; + struct kmem_cache *new = NULL; /* It would be nice if this was a BUILD_BUG_ON(), but at the * moment, gcc doesn't seem to recognize is_power_of_2 as a @@ -78,7 +78,8 @@ void pgtable_cache_add(unsigned shift, void (*ctor)(void *)) align = max_t(unsigned long, align, minalign); name = kasprintf(GFP_KERNEL, "pgtable-2^%d", shift); - new = kmem_cache_create(name, table_size, align, 0, ctor); + if (name) + new = kmem_cache_create(name, table_size, align, 0, ctor); if (!new) panic("Could not allocate pgtable cache for order %d", shift); -- 2.43.0

1 year, 8 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/7] powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

by Sasha Levin

From: Kunwu Chan <chentao(a)kylinos.cn> [ Upstream commit f46c8a75263f97bda13c739ba1c90aced0d3b071 ] kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. Suggested-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Kunwu Chan <chentao(a)kylinos.cn> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20231204023223.2447523-1-chentao@kylinos.cn Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/powerpc/mm/init-common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c index a84da92920f7..e7b9cc90fd9e 100644 --- a/arch/powerpc/mm/init-common.c +++ b/arch/powerpc/mm/init-common.c @@ -104,7 +104,7 @@ void pgtable_cache_add(unsigned int shift) * as to leave enough 0 bits in the address to contain it. */ unsigned long minalign = max(MAX_PGTABLE_INDEX_SIZE + 1, HUGEPD_SHIFT_MASK + 1); - struct kmem_cache *new; + struct kmem_cache *new = NULL; /* It would be nice if this was a BUILD_BUG_ON(), but at the * moment, gcc doesn't seem to recognize is_power_of_2 as a @@ -117,7 +117,8 @@ void pgtable_cache_add(unsigned int shift) align = max_t(unsigned long, align, minalign); name = kasprintf(GFP_KERNEL, "pgtable-2^%d", shift); - new = kmem_cache_create(name, table_size, align, 0, ctor(shift)); + if (name) + new = kmem_cache_create(name, table_size, align, 0, ctor(shift)); if (!new) panic("Could not allocate pgtable cache for order %d", shift); -- 2.43.0

1 year, 8 months

1
6
0 0

[PATCH AUTOSEL 6.6 01/14] asm-generic: make sparse happy with odd-sized put_unaligned_*()

by Sasha Levin

From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [ Upstream commit 1ab33c03145d0f6c345823fc2da935d9a1a9e9fc ] __put_unaligned_be24() and friends use implicit casts to convert larger-sized data to bytes, which trips sparse truncation warnings when the argument is a constant: CC [M] drivers/input/touchscreen/hynitron_cstxxx.o CHECK drivers/input/touchscreen/hynitron_cstxxx.c drivers/input/touchscreen/hynitron_cstxxx.c: note: in included file (through arch/x86/include/generated/asm/unaligned.h): include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (aa01a0 becomes a0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (aa01 becomes 1) include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (ab00d0 becomes d0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (ab00 becomes 0) To avoid this let's mask off upper bits explicitly, the resulting code should be exactly the same, but it will keep sparse happy. Reported-by: kernel test robot <lkp(a)intel.com> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Closes: https://lore.kernel.org/oe-kbuild-all/202401070147.gqwVulOn-lkp@intel.com/ Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/asm-generic/unaligned.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/asm-generic/unaligned.h b/include/asm-generic/unaligned.h index 699650f81970..a84c64e5f11e 100644 --- a/include/asm-generic/unaligned.h +++ b/include/asm-generic/unaligned.h @@ -104,9 +104,9 @@ static inline u32 get_unaligned_le24(const void *p) static inline void __put_unaligned_be24(const u32 val, u8 *p) { - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be24(const u32 val, void *p) @@ -116,9 +116,9 @@ static inline void put_unaligned_be24(const u32 val, void *p) static inline void __put_unaligned_le24(const u32 val, u8 *p) { - *p++ = val; - *p++ = val >> 8; - *p++ = val >> 16; + *p++ = val & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = (val >> 16) & 0xff; } static inline void put_unaligned_le24(const u32 val, void *p) @@ -128,12 +128,12 @@ static inline void put_unaligned_le24(const u32 val, void *p) static inline void __put_unaligned_be48(const u64 val, u8 *p) { - *p++ = val >> 40; - *p++ = val >> 32; - *p++ = val >> 24; - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 40) & 0xff; + *p++ = (val >> 32) & 0xff; + *p++ = (val >> 24) & 0xff; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be48(const u64 val, void *p) -- 2.43.0

1 year, 8 months

1
13
0 0

[PATCH AUTOSEL 6.7 01/14] asm-generic: make sparse happy with odd-sized put_unaligned_*()

by Sasha Levin

From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [ Upstream commit 1ab33c03145d0f6c345823fc2da935d9a1a9e9fc ] __put_unaligned_be24() and friends use implicit casts to convert larger-sized data to bytes, which trips sparse truncation warnings when the argument is a constant: CC [M] drivers/input/touchscreen/hynitron_cstxxx.o CHECK drivers/input/touchscreen/hynitron_cstxxx.c drivers/input/touchscreen/hynitron_cstxxx.c: note: in included file (through arch/x86/include/generated/asm/unaligned.h): include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (aa01a0 becomes a0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (aa01 becomes 1) include/asm-generic/unaligned.h:119:16: warning: cast truncates bits from constant value (ab00d0 becomes d0) include/asm-generic/unaligned.h:120:20: warning: cast truncates bits from constant value (ab00 becomes 0) To avoid this let's mask off upper bits explicitly, the resulting code should be exactly the same, but it will keep sparse happy. Reported-by: kernel test robot <lkp(a)intel.com> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Closes: https://lore.kernel.org/oe-kbuild-all/202401070147.gqwVulOn-lkp@intel.com/ Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/asm-generic/unaligned.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/asm-generic/unaligned.h b/include/asm-generic/unaligned.h index 699650f81970..a84c64e5f11e 100644 --- a/include/asm-generic/unaligned.h +++ b/include/asm-generic/unaligned.h @@ -104,9 +104,9 @@ static inline u32 get_unaligned_le24(const void *p) static inline void __put_unaligned_be24(const u32 val, u8 *p) { - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be24(const u32 val, void *p) @@ -116,9 +116,9 @@ static inline void put_unaligned_be24(const u32 val, void *p) static inline void __put_unaligned_le24(const u32 val, u8 *p) { - *p++ = val; - *p++ = val >> 8; - *p++ = val >> 16; + *p++ = val & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = (val >> 16) & 0xff; } static inline void put_unaligned_le24(const u32 val, void *p) @@ -128,12 +128,12 @@ static inline void put_unaligned_le24(const u32 val, void *p) static inline void __put_unaligned_be48(const u64 val, u8 *p) { - *p++ = val >> 40; - *p++ = val >> 32; - *p++ = val >> 24; - *p++ = val >> 16; - *p++ = val >> 8; - *p++ = val; + *p++ = (val >> 40) & 0xff; + *p++ = (val >> 32) & 0xff; + *p++ = (val >> 24) & 0xff; + *p++ = (val >> 16) & 0xff; + *p++ = (val >> 8) & 0xff; + *p++ = val & 0xff; } static inline void put_unaligned_be48(const u64 val, void *p) -- 2.43.0

1 year, 8 months

1
13
0 0

[PATCH] drm/amd/display: Drop 'acrtc' and add 'new_crtc_state' NULL check for writeback requests.

by Srinivasan Shanmugam

Return value of 'to_amdgpu_crtc' which is container_of(...) can't be null, so it's null check 'acrtc' is dropped. Fixing the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:9302 amdgpu_dm_atomic_commit_tail() error: we previously assumed 'acrtc' could be null (see line 9299) Add 'new_crtc_state'NULL check for function 'drm_atomic_get_new_crtc_state' that retrieves the new state for a CRTC, while enabling writeback requests. Cc: stable(a)vger.kernel.org Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 95ff3800fc87..8eb381d5f6b8 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -9294,10 +9294,10 @@ static void amdgpu_dm_atomic_commit_tail(struct drm_atomic_state *state) if (!new_con_state->writeback_job) continue; - new_crtc_state = NULL; + new_crtc_state = drm_atomic_get_new_crtc_state(state, &acrtc->base); - if (acrtc) - new_crtc_state = drm_atomic_get_new_crtc_state(state, &acrtc->base); + if (!new_crtc_state) + continue; if (acrtc->wb_enabled) continue; -- 2.34.1

1 year, 8 months

2
1
0 0

[PATCH 5.10 00/43] 5.10.208-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.208 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.208-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.208-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()" Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Disable ATS for specific Intel IPU E2000 devices Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Extract ATS disabling to a helper function Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Reject tables of unsupported family Wander Lairson Costa <wander(a)redhat.com> drm/qxl: fix UAF on handle creation Jon Maxwell <jmaxwell37(a)gmail.com> ipv6: remove max_size check inline with ipv4 John Fastabend <john.fastabend(a)gmail.com> net: tls, update curr on splice as well Aditya Gupta <adityag(a)linux.ibm.com> powerpc: update ppc_save_regs to save current r1 in pt_regs Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix eMMC init failure after hw reset Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Ziyang Huang <hzyitc(a)outlook.com> mmc: meson-mx-sdhc: Fix initialization frozen issue Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Fix atomic xfer check for non-preempt config Jinghao Jia <jinghao7(a)illinois.edu> x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Thomas Lange <thomas(a)corelatus.se> net: Implement missing SO_TIMESTAMPING_NEW cmsg support Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: switch from 'pci_' to 'dma_' API Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Fix event generation Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Validate written enum values Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Validate written enum values Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_immediate: drop chain reference counter on error Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nftables: add loop check helper function Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Zhipeng Lu <alexious(a)zju.edu.cn> sfc: fix a double-free bug in efx_probe_filters Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Jörn-Thorben Hinz <jthinz(a)mailbox.tu-berlin.de> net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix marking couple of structure as __packed Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Siddhesh Dharme <siddheshdharme18(a)gmail.com> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Edward Adam Davis <eadavis(a)qq.com> keys, dns: Fix missing size check of V1 server-list header ------------- Diffstat: Makefile | 4 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- arch/powerpc/kernel/ppc_save_regs.S | 6 +- arch/x86/kernel/kprobes/core.c | 3 +- drivers/firewire/ohci.c | 51 ++++++ drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/gpu/drm/qxl/qxl_drv.h | 2 +- drivers/gpu/drm/qxl/qxl_dumb.c | 5 +- drivers/gpu/drm/qxl/qxl_gem.c | 25 ++- drivers/gpu/drm/qxl/qxl_ioctl.c | 6 +- drivers/i2c/i2c-core.h | 4 +- drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 +-- drivers/mmc/host/sdhci-sprd.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 +- drivers/net/ethernet/qlogic/qla3xxx.c | 198 +++++++++------------ drivers/net/ethernet/sfc/rx_common.c | 4 +- drivers/net/usb/ax88172a.c | 4 +- drivers/nvme/host/trace.h | 2 +- drivers/pci/quirks.c | 28 ++- fs/block_dev.c | 21 ++- include/net/dst_ops.h | 2 +- mm/memory-failure.c | 6 +- mm/memory.c | 4 +- net/core/dst.c | 8 +- net/core/sock.c | 12 +- net/dns_resolver/dns_key.c | 19 +- net/ipv6/route.c | 13 +- net/netfilter/nf_tables_api.c | 57 +++++- net/netfilter/nft_immediate.c | 2 +- net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 +- net/socket.c | 2 + net/tls/tls_sw.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/g12a-toacodec.c | 5 +- sound/soc/meson/g12a-tohdmitx.c | 8 +- 43 files changed, 429 insertions(+), 228 deletions(-)

1 year, 8 months

9
52
0 0

[PATCH 5.15 00/59] 5.15.147-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.147 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.147-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.147-rc1 Justin Chen <justinpopo6(a)gmail.com> net: usb: ax88179_178a: move priv to driver_priv Justin Chen <justinpopo6(a)gmail.com> net: usb: ax88179_178a: remove redundant init code Andrii Nakryiko <andrii(a)kernel.org> tracing/kprobes: Fix symbol counting logic by looking at modules as well Jiri Olsa <jolsa(a)kernel.org> kallsyms: Make module_kallsyms_on_each_symbol generally available Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Reject tables of unsupported family Adrian Hunter <adrian.hunter(a)intel.com> perf inject: Fix GEN_ELF_TEXT_OFFSET for jit Jon Maxwell <jmaxwell37(a)gmail.com> ipv6: remove max_size check inline with ipv4 John Fastabend <john.fastabend(a)gmail.com> net: tls, update curr on splice as well Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix eMMC init failure after hw reset Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Ziyang Huang <hzyitc(a)outlook.com> mmc: meson-mx-sdhc: Fix initialization frozen issue Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Fix atomic xfer check for non-preempt config Jinghao Jia <jinghao7(a)illinois.edu> x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: secretmem: floor the memory size to the multiple of page_size Thomas Lange <thomas(a)corelatus.se> net: Implement missing SO_TIMESTAMPING_NEW cmsg support Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Re-enable MAC TX in otx2_stop processing Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Always configure NIX TX link credits based on max frame size Sunil Goutham <sgoutham(a)marvell.com> octeontx2-af: Set NIX link credits based on max LMAC Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Don't enable Pause frames by default Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Rodrigo Cataldo <rodrigo.cadore(a)l-acoustics.com> igc: Fix hicredit calculation Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Fix event generation Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Validate written enum values Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Validate written enum values Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_immediate: drop chain reference counter on error Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Zhipeng Lu <alexious(a)zju.edu.cn> sfc: fix a double-free bug in efx_probe_filters Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Vadim Fedorenko <vadfed(a)meta.com> net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Marc Kleine-Budde <mkl(a)pengutronix.de> can: raw: add support for SO_MARK Marc Kleine-Budde <mkl(a)pengutronix.de> can: raw: add support for SO_TXTIME/SCM_TXTIME Jörn-Thorben Hinz <jthinz(a)mailbox.tu-berlin.de> net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Fix PCI error on system resume Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() David Thompson <davthompson(a)nvidia.com> mlxbf_gige: fix receive packet race condition Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN EtherType mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN TCI mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Report VLAN EtherType matching back to user Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix marking couple of structure as __packed Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Douglas Anderson <dianders(a)chromium.org> drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Siddhesh Dharme <siddheshdharme18(a)gmail.com> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Edward Adam Davis <eadavis(a)qq.com> keys, dns: Fix missing size check of V1 server-list header ------------- Diffstat: Makefile | 4 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- arch/x86/kernel/kprobes/core.c | 3 +- block/fops.c | 21 ++- drivers/firewire/ohci.c | 51 +++++++ drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/i2c/i2c-core.h | 4 +- drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 +--- drivers/mmc/host/sdhci-sprd.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 ++++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 +++++- drivers/net/ethernet/intel/igc/igc_tsn.c | 2 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 68 ++++++---- .../ethernet/marvell/octeontx2/af/lmac_common.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 77 ++++++----- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 3 +- .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 33 +++++ .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 146 ++++----------------- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 1 + .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 15 ++- .../net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 12 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 +- drivers/net/ethernet/qlogic/qla3xxx.c | 2 + drivers/net/ethernet/realtek/r8169_main.c | 2 +- drivers/net/ethernet/sfc/rx_common.c | 4 +- drivers/net/usb/ax88172a.c | 4 +- drivers/net/usb/ax88179_178a.c | 115 ++++------------ drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 +-- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 2 + drivers/pci/pcie/aspm.c | 19 +++ include/linux/module.h | 9 ++ include/net/dst_ops.h | 2 +- kernel/module.c | 2 - kernel/trace/trace_kprobe.c | 2 + mm/memory-failure.c | 6 +- mm/memory.c | 4 +- net/can/raw.c | 12 +- net/core/dst.c | 8 +- net/core/sock.c | 12 +- net/dns_resolver/dns_key.c | 19 ++- net/ipv4/ip_output.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/route.c | 13 +- net/netfilter/nf_tables_api.c | 27 ++++ net/netfilter/nft_immediate.c | 2 +- net/nfc/llcp_core.c | 39 +++++- net/sched/em_text.c | 4 +- net/socket.c | 2 + net/tls/tls_sw.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl_rpmsg.c | 10 +- sound/soc/meson/g12a-toacodec.c | 5 +- sound/soc/meson/g12a-tohdmitx.c | 8 +- tools/perf/util/genelf.h | 4 +- tools/testing/selftests/vm/memfd_secret.c | 3 + 68 files changed, 588 insertions(+), 403 deletions(-)

1 year, 8 months

9
67
0 0

[PATCH 6.1 0/4] 6.1.73-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.73 release. There are 4 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.73-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.73-rc1 Jon Maxwell <jmaxwell37(a)gmail.com> ipv6: remove max_size check inline with ipv4 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "nfsd: separate nfsd_last_thread() from nfsd_put()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "nfsd: call nfsd_last_thread() before final nfsd_put()" Steve French <stfrench(a)microsoft.com> cifs: fix flushing folio regression for 6.1 backport ------------- Diffstat: Makefile | 4 ++-- fs/nfsd/nfsctl.c | 9 ++------- fs/nfsd/nfsd.h | 8 +------- fs/nfsd/nfssvc.c | 52 ++++++++++++++++++++++++++++++++------------------ fs/smb/client/cifsfs.c | 2 +- include/net/dst_ops.h | 2 +- net/core/dst.c | 8 ++------ net/ipv6/route.c | 13 +++++-------- 8 files changed, 47 insertions(+), 51 deletions(-)

1 year, 8 months

12
18
0 0

[PATCH 6.6 0/1] 6.6.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.12 release. There are 1 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.12-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.12-rc1 Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper ------------- Diffstat: Makefile | 4 ++-- fs/nfsd/nfsctl.c | 31 +++++++++++++++++-------------- fs/nfsd/nfsd.h | 7 ------- 3 files changed, 19 insertions(+), 23 deletions(-)

1 year, 8 months

14
14
0 0

[PATCH 5.4 00/38] 5.4.267-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.267 release. There are 38 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.267-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.267-rc1 Jon Maxwell <jmaxwell37(a)gmail.com> ipv6: remove max_size check inline with ipv4 Eric Dumazet <edumazet(a)google.com> ipv6: make ip6_rt_gc_expire an atomic_t Eric Dumazet <edumazet(a)google.com> net/dst: use a smaller percpu_counter batch for dst entries accounting Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Disable ATS for specific Intel IPU E2000 devices Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Extract ATS disabling to a helper function Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Reject tables of unsupported family John Fastabend <john.fastabend(a)gmail.com> net: tls, update curr on splice as well Douglas Anderson <dianders(a)chromium.org> ath10k: Get rid of "per_ce_irq" hw param Douglas Anderson <dianders(a)chromium.org> ath10k: Keep track of which interrupts fired, don't poll them Rakesh Pillai <pillair(a)codeaurora.org> ath10k: Add interrupt summary based CE processing Douglas Anderson <dianders(a)chromium.org> ath10k: Wait until copy complete is actually done before completing Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix eMMC init failure after hw reset Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Fix atomic xfer check for non-preempt config Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Thomas Lange <thomas(a)corelatus.se> net: Implement missing SO_TIMESTAMPING_NEW cmsg support Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: switch from 'pci_' to 'dma_' API Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Validate written enum values Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: g12a: extract codec-to-codec utils Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Vadim Fedorenko <vadfed(a)meta.com> net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Marc Kleine-Budde <mkl(a)pengutronix.de> can: raw: add support for SO_MARK Marc Kleine-Budde <mkl(a)pengutronix.de> can: raw: add support for SO_TXTIME/SCM_TXTIME Jörn-Thorben Hinz <jthinz(a)mailbox.tu-berlin.de> net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ------------- Diffstat: Makefile | 4 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- drivers/firewire/ohci.c | 51 +++++ drivers/i2c/i2c-core.h | 4 +- drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/mmc/host/sdhci-sprd.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 ++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/qlogic/qla3xxx.c | 198 ++++++++---------- drivers/net/usb/ax88172a.c | 4 +- drivers/net/wireless/ath/ath10k/ce.c | 79 +++---- drivers/net/wireless/ath/ath10k/ce.h | 15 +- drivers/net/wireless/ath/ath10k/core.c | 13 -- drivers/net/wireless/ath/ath10k/hw.h | 3 - drivers/net/wireless/ath/ath10k/snoc.c | 19 +- drivers/net/wireless/ath/ath10k/snoc.h | 1 + drivers/pci/quirks.c | 28 ++- include/net/dst_ops.h | 6 +- include/net/netns/ipv6.h | 4 +- mm/memory-failure.c | 6 +- mm/memory.c | 4 +- net/can/raw.c | 12 +- net/core/dst.c | 12 +- net/core/sock.c | 12 +- net/ipv4/ip_output.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/route.c | 25 +-- net/netfilter/nf_tables_api.c | 27 +++ net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 +- net/socket.c | 2 + net/tls/tls_sw.c | 2 + sound/soc/meson/Kconfig | 4 + sound/soc/meson/Makefile | 2 + sound/soc/meson/g12a-tohdmitx.c | 227 +++++---------------- sound/soc/meson/meson-codec-glue.c | 149 ++++++++++++++ sound/soc/meson/meson-codec-glue.h | 32 +++ 41 files changed, 658 insertions(+), 412 deletions(-)

1 year, 8 months

6
43
0 0

[PATCH v4 6/6] s390/vfio-ap: do not reset queue removed from host config

by Tony Krowiak

From: Tony Krowiak <akrowiak(a)linux.ibm.com> When a queue is unbound from the vfio_ap device driver, it is reset to ensure its crypto data is not leaked when it is bound to another device driver. If the queue is unbound due to the fact that the adapter or domain was removed from the host's AP configuration, then attempting to reset it will fail with response code 01 (APID not valid) getting returned from the reset command. Let's ensure that the queue is assigned to the host's configuration before resetting it. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Reviewed-by: Jason J. Herne <jjherne(a)linux.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: eeb386aeb5b7 ("s390/vfio-ap: handle config changed and scan complete notification") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 550c936c413d..983b3b16196c 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2215,10 +2215,10 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) q = dev_get_drvdata(&apdev->device); get_update_locks_for_queue(q); matrix_mdev = q->matrix_mdev; + apid = AP_QID_CARD(q->apqn); + apqi = AP_QID_QUEUE(q->apqn); if (matrix_mdev) { - apid = AP_QID_CARD(q->apqn); - apqi = AP_QID_QUEUE(q->apqn); /* If the queue is assigned to the guest's AP configuration */ if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm) && test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) { @@ -2234,8 +2234,16 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) } } - vfio_ap_mdev_reset_queue(q); - flush_work(&q->reset_work); + /* + * If the queue is not in the host's AP configuration, then resetting + * it will fail with response code 01, (APQN not valid); so, let's make + * sure it is in the host's config. + */ + if (test_bit_inv(apid, (unsigned long *)matrix_dev->info.apm) && + test_bit_inv(apqi, (unsigned long *)matrix_dev->info.aqm)) { + vfio_ap_mdev_reset_queue(q); + flush_work(&q->reset_work); + } done: if (matrix_mdev) -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v4 5/6] s390/vfio-ap: reset queues associated with adapter for queue unbound from driver

by Tony Krowiak

From: Tony Krowiak <akrowiak(a)linux.ibm.com> When a queue is unbound from the vfio_ap device driver, if that queue is assigned to a guest's AP configuration, its associated adapter is removed because queues are defined to a guest via a matrix of adapters and domains; so, it is not possible to remove a single queue. If an adapter is removed from the guest's AP configuration, all associated queues must be reset to prevent leaking crypto data should any of them be assigned to a different guest or device driver. The one caveat is that if the queue is being removed because the adapter or domain has been removed from the host's AP configuration, then an attempt to reset the queue will fail with response code 01, AP-queue number not valid; so resetting these queues should be skipped. Acked-by: Halil Pasic <pasic(a)linux.ibm.com> Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Fixes: 09d31ff78793 ("s390/vfio-ap: hot plug/unplug of AP devices when probed/removed") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 76 +++++++++++++++++-------------- 1 file changed, 41 insertions(+), 35 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 44cd29aace8e..550c936c413d 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -939,45 +939,45 @@ static void vfio_ap_mdev_link_adapter(struct ap_matrix_mdev *matrix_mdev, AP_MKQID(apid, apqi)); } +static void collect_queues_to_reset(struct ap_matrix_mdev *matrix_mdev, + unsigned long apid, + struct list_head *qlist) +{ + struct vfio_ap_queue *q; + unsigned long apqi; + + for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, AP_DOMAINS) { + q = vfio_ap_mdev_get_queue(matrix_mdev, AP_MKQID(apid, apqi)); + if (q) + list_add_tail(&q->reset_qnode, qlist); + } +} + +static void reset_queues_for_apid(struct ap_matrix_mdev *matrix_mdev, + unsigned long apid) +{ + struct list_head qlist; + + INIT_LIST_HEAD(&qlist); + collect_queues_to_reset(matrix_mdev, apid, &qlist); + vfio_ap_mdev_reset_qlist(&qlist); +} + static int reset_queues_for_apids(struct ap_matrix_mdev *matrix_mdev, unsigned long *apm_reset) { - struct vfio_ap_queue *q, *tmpq; struct list_head qlist; - unsigned long apid, apqi; - int apqn, ret = 0; + unsigned long apid; if (bitmap_empty(apm_reset, AP_DEVICES)) return 0; INIT_LIST_HEAD(&qlist); - for_each_set_bit_inv(apid, apm_reset, AP_DEVICES) { - for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, - AP_DOMAINS) { - /* - * If the domain is not in the host's AP configuration, - * then resetting it will fail with response code 01 - * (APQN not valid). - */ - if (!test_bit_inv(apqi, - (unsigned long *)matrix_dev->info.aqm)) - continue; - - apqn = AP_MKQID(apid, apqi); - q = vfio_ap_mdev_get_queue(matrix_mdev, apqn); - - if (q) - list_add_tail(&q->reset_qnode, &qlist); - } - } + for_each_set_bit_inv(apid, apm_reset, AP_DEVICES) + collect_queues_to_reset(matrix_mdev, apid, &qlist); - ret = vfio_ap_mdev_reset_qlist(&qlist); - - list_for_each_entry_safe(q, tmpq, &qlist, reset_qnode) - list_del(&q->reset_qnode); - - return ret; + return vfio_ap_mdev_reset_qlist(&qlist); } /** @@ -2217,24 +2217,30 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) matrix_mdev = q->matrix_mdev; if (matrix_mdev) { - vfio_ap_unlink_queue_fr_mdev(q); - apid = AP_QID_CARD(q->apqn); apqi = AP_QID_QUEUE(q->apqn); - - /* - * If the queue is assigned to the guest's APCB, then remove - * the adapter's APID from the APCB and hot it into the guest. - */ + /* If the queue is assigned to the guest's AP configuration */ if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm) && test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) { + /* + * Since the queues are defined via a matrix of adapters + * and domains, it is not possible to hot unplug a + * single queue; so, let's unplug the adapter. + */ clear_bit_inv(apid, matrix_mdev->shadow_apcb.apm); vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apid(matrix_mdev, apid); + goto done; } } vfio_ap_mdev_reset_queue(q); flush_work(&q->reset_work); + +done: + if (matrix_mdev) + vfio_ap_unlink_queue_fr_mdev(q); + dev_set_drvdata(&apdev->device, NULL); kfree(q); release_update_locks_for_mdev(matrix_mdev); -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v4 2/6] s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration

by Tony Krowiak

From: Tony Krowiak <akrowiak(a)linux.ibm.com> While filtering the mdev matrix, it doesn't make sense - and will have unexpected results - to filter an APID from the matrix if the APID or one of the associated APQIs is not in the host's AP configuration. There are two reasons for this: 1. An adapter or domain that is not in the host's AP configuration can be assigned to the matrix; this is known as over-provisioning. Queue devices, however, are only created for adapters and domains in the host's AP configuration, so there will be no queues associated with an over-provisioned adapter or domain to filter. 2. The adapter or domain may have been externally removed from the host's configuration via an SE or HMC attached to a DPM enabled LPAR. In this case, the vfio_ap device driver would have been notified by the AP bus via the on_config_changed callback and the adapter or domain would have already been filtered. Since the matrix_mdev->shadow_apcb.apm and matrix_mdev->shadow_apcb.aqm are copied from the mdev matrix sans the APIDs and APQIs not in the host's AP configuration, let's loop over those bitmaps instead of those assigned to the matrix. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 1f7a6c106786..e825e13847fe 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -695,8 +695,9 @@ static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) bitmap_and(matrix_mdev->shadow_apcb.aqm, matrix_mdev->matrix.aqm, (unsigned long *)matrix_dev->info.aqm, AP_DOMAINS); - for_each_set_bit_inv(apid, matrix_mdev->matrix.apm, AP_DEVICES) { - for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) { + for_each_set_bit_inv(apid, matrix_mdev->shadow_apcb.apm, AP_DEVICES) { + for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, + AP_DOMAINS) { /* * If the APQN is not bound to the vfio_ap device * driver, then we can't assign it to the guest's -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v4 1/6] s390/vfio-ap: always filter entire AP matrix

by Tony Krowiak

From: Tony Krowiak <akrowiak(a)linux.ibm.com> The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filtering the matrix of adapters and domains assigned to the mdev. When an adapter or domain is assigned, only the APQNs associated with the APID of the new adapter or APQI of the new domain are inspected. If an APQN does not reference a queue device bound to the vfio_ap device driver, then it's APID will be filtered from the mdev's matrix when updating the guest's AP configuration. Inspecting only the APID of the new adapter or APQI of the new domain will result in passing AP queues through to a guest that are not bound to the vfio_ap device driver under certain circumstances. Consider the following: guest's AP configuration (all also assigned to the mdev's matrix): 14.0004 14.0005 14.0006 16.0004 16.0005 16.0006 unassign domain 4 unbind queue 16.0005 assign domain 4 When domain 4 is re-assigned, since only domain 4 will be inspected, the APQNs that will be examined will be: 14.0004 16.0004 Since both of those APQNs reference queue devices that are bound to the vfio_ap device driver, nothing will get filtered from the mdev's matrix when updating the guest's AP configuration. Consequently, queue 16.0005 will get passed through despite not being bound to the driver. This violates the linux device model requirement that a guest shall only be given access to devices bound to the device driver facilitating their pass-through. To resolve this problem, every adapter and domain assigned to the mdev will be inspected when filtering the mdev's matrix. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Acked-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 57 +++++++++---------------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index acb710d3d7bc..1f7a6c106786 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -674,8 +674,7 @@ static bool vfio_ap_mdev_filter_cdoms(struct ap_matrix_mdev *matrix_mdev) * Return: a boolean value indicating whether the KVM guest's APCB was changed * by the filtering or not. */ -static bool vfio_ap_mdev_filter_matrix(unsigned long *apm, unsigned long *aqm, - struct ap_matrix_mdev *matrix_mdev) +static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) { unsigned long apid, apqi, apqn; DECLARE_BITMAP(prev_shadow_apm, AP_DEVICES); @@ -696,8 +695,8 @@ static bool vfio_ap_mdev_filter_matrix(unsigned long *apm, unsigned long *aqm, bitmap_and(matrix_mdev->shadow_apcb.aqm, matrix_mdev->matrix.aqm, (unsigned long *)matrix_dev->info.aqm, AP_DOMAINS); - for_each_set_bit_inv(apid, apm, AP_DEVICES) { - for_each_set_bit_inv(apqi, aqm, AP_DOMAINS) { + for_each_set_bit_inv(apid, matrix_mdev->matrix.apm, AP_DEVICES) { + for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) { /* * If the APQN is not bound to the vfio_ap device * driver, then we can't assign it to the guest's @@ -962,7 +961,6 @@ static ssize_t assign_adapter_store(struct device *dev, { int ret; unsigned long apid; - DECLARE_BITMAP(apm_delta, AP_DEVICES); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -991,11 +989,8 @@ static ssize_t assign_adapter_store(struct device *dev, } vfio_ap_mdev_link_adapter(matrix_mdev, apid); - memset(apm_delta, 0, sizeof(apm_delta)); - set_bit_inv(apid, apm_delta); - if (vfio_ap_mdev_filter_matrix(apm_delta, - matrix_mdev->matrix.aqm, matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); ret = count; @@ -1171,7 +1166,6 @@ static ssize_t assign_domain_store(struct device *dev, { int ret; unsigned long apqi; - DECLARE_BITMAP(aqm_delta, AP_DOMAINS); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -1200,11 +1194,8 @@ static ssize_t assign_domain_store(struct device *dev, } vfio_ap_mdev_link_domain(matrix_mdev, apqi); - memset(aqm_delta, 0, sizeof(aqm_delta)); - set_bit_inv(apqi, aqm_delta); - if (vfio_ap_mdev_filter_matrix(matrix_mdev->matrix.apm, aqm_delta, - matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); ret = count; @@ -2109,9 +2100,7 @@ int vfio_ap_mdev_probe_queue(struct ap_device *apdev) if (matrix_mdev) { vfio_ap_mdev_link_queue(matrix_mdev, q); - if (vfio_ap_mdev_filter_matrix(matrix_mdev->matrix.apm, - matrix_mdev->matrix.aqm, - matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); } dev_set_drvdata(&apdev->device, q); @@ -2461,34 +2450,22 @@ void vfio_ap_on_cfg_changed(struct ap_config_info *cur_cfg_info, static void vfio_ap_mdev_hot_plug_cfg(struct ap_matrix_mdev *matrix_mdev) { - bool do_hotplug = false; - int filter_domains = 0; - int filter_adapters = 0; - DECLARE_BITMAP(apm, AP_DEVICES); - DECLARE_BITMAP(aqm, AP_DOMAINS); + bool filter_domains, filter_adapters, filter_cdoms, do_hotplug = false; mutex_lock(&matrix_mdev->kvm->lock); mutex_lock(&matrix_dev->mdevs_lock); - filter_adapters = bitmap_and(apm, matrix_mdev->matrix.apm, - matrix_mdev->apm_add, AP_DEVICES); - filter_domains = bitmap_and(aqm, matrix_mdev->matrix.aqm, - matrix_mdev->aqm_add, AP_DOMAINS); - - if (filter_adapters && filter_domains) - do_hotplug |= vfio_ap_mdev_filter_matrix(apm, aqm, matrix_mdev); - else if (filter_adapters) - do_hotplug |= - vfio_ap_mdev_filter_matrix(apm, - matrix_mdev->shadow_apcb.aqm, - matrix_mdev); - else - do_hotplug |= - vfio_ap_mdev_filter_matrix(matrix_mdev->shadow_apcb.apm, - aqm, matrix_mdev); + filter_adapters = bitmap_intersects(matrix_mdev->matrix.apm, + matrix_mdev->apm_add, AP_DEVICES); + filter_domains = bitmap_intersects(matrix_mdev->matrix.aqm, + matrix_mdev->aqm_add, AP_DOMAINS); + filter_cdoms = bitmap_intersects(matrix_mdev->matrix.adm, + matrix_mdev->adm_add, AP_DOMAINS); + + if (filter_adapters || filter_domains) + do_hotplug = vfio_ap_mdev_filter_matrix(matrix_mdev); - if (bitmap_intersects(matrix_mdev->matrix.adm, matrix_mdev->adm_add, - AP_DOMAINS)) + if (filter_cdoms) do_hotplug |= vfio_ap_mdev_filter_cdoms(matrix_mdev); if (do_hotplug) -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH] interconnect: qcom: sm8450: Revert "interconnect: qcom: sm8450: Enable sync_state"

by Krzysztof Kozlowski

Revert commit 16862f1b2110 ("interconnect: qcom: sm8450: Enable sync_state"), because it causes serial console to corrupt, later freeze and become either entirely corrupted or only print without accepting any input. Cc: <stable(a)vger.kernel.org> Fixes: 16862f1b2110 ("interconnect: qcom: sm8450: Enable sync_state") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/interconnect/qcom/sm8450.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/interconnect/qcom/sm8450.c b/drivers/interconnect/qcom/sm8450.c index b3cd0087377c..952017940b02 100644 --- a/drivers/interconnect/qcom/sm8450.c +++ b/drivers/interconnect/qcom/sm8450.c @@ -1888,7 +1888,6 @@ static struct platform_driver qnoc_driver = { .driver = { .name = "qnoc-sm8450", .of_match_table = qnoc_of_match, - .sync_state = icc_sync_state, }, }; -- 2.34.1

1 year, 8 months

3
8
0 0

Linux 6.6.12

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.12 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- fs/nfsd/nfsctl.c | 31 +++++++++++++++++-------------- fs/nfsd/nfsd.h | 7 ------- 3 files changed, 18 insertions(+), 22 deletions(-) Greg Kroah-Hartman (1): Linux 6.6.12 Jeff Layton (1): nfsd: drop the nfsd_put helper

1 year, 8 months

1
1
0 0

Linux 6.1.73

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.73 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - fs/nfsd/nfsctl.c | 9 +------- fs/nfsd/nfsd.h | 8 ------- fs/nfsd/nfssvc.c | 52 +++++++++++++++++++++++++++++++------------------ fs/smb/client/cifsfs.c | 2 - include/net/dst_ops.h | 2 - net/core/dst.c | 8 +------ net/ipv6/route.c | 13 ++++-------- 8 files changed, 46 insertions(+), 50 deletions(-) Greg Kroah-Hartman (3): Revert "nfsd: call nfsd_last_thread() before final nfsd_put()" Revert "nfsd: separate nfsd_last_thread() from nfsd_put()" Linux 6.1.73 Jon Maxwell (1): ipv6: remove max_size check inline with ipv4 Steve French (1): cifs: fix flushing folio regression for 6.1 backport

1 year, 8 months

1
1
0 0

Linux 5.15.147

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.147 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-sunxi/mc_smp.c | 4 arch/x86/kernel/kprobes/core.c | 3 block/fops.c | 21 +- drivers/firewire/ohci.c | 51 +++++ drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/i2c/i2c-core.h | 4 drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 -- drivers/mmc/host/sdhci-sprd.c | 10 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 ++++ drivers/net/ethernet/intel/igc/igc_tsn.c | 2 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 68 ++++-- drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 1 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 77 ++++--- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 33 +++ drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 146 ++------------- drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 15 - drivers/net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 12 - drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 drivers/net/ethernet/qlogic/qla3xxx.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 2 drivers/net/ethernet/sfc/rx_common.c | 4 drivers/net/usb/ax88172a.c | 4 drivers/net/usb/ax88179_178a.c | 115 ++--------- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 - drivers/pci/pci.c | 6 drivers/pci/pci.h | 2 drivers/pci/pcie/aspm.c | 19 + include/linux/module.h | 9 include/net/dst_ops.h | 2 kernel/module.c | 2 kernel/trace/trace_kprobe.c | 2 mm/memory-failure.c | 6 mm/memory.c | 4 net/can/raw.c | 12 + net/core/dst.c | 8 net/core/sock.c | 12 + net/dns_resolver/dns_key.c | 19 - net/ipv4/ip_output.c | 2 net/ipv6/ip6_output.c | 2 net/ipv6/route.c | 13 - net/netfilter/nf_tables_api.c | 27 ++ net/netfilter/nft_immediate.c | 2 net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 net/socket.c | 2 net/tls/tls_sw.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl_rpmsg.c | 10 - sound/soc/meson/g12a-toacodec.c | 5 sound/soc/meson/g12a-tohdmitx.c | 8 tools/perf/util/genelf.h | 4 tools/testing/selftests/vm/memfd_secret.c | 3 68 files changed, 587 insertions(+), 402 deletions(-) Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Adrian Hunter (1): perf inject: Fix GEN_ELF_TEXT_OFFSET for jit Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Benjamin Bara (1): i2c: core: Fix atomic xfer check for non-preempt config Bjorn Helgaas (1): Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Chancel Liu (1): ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Chen Ni (1): asix: Add check for usbnet_get_endpoints David Thompson (1): mlxbf_gige: fix receive packet race condition Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer Edward Adam Davis (1): keys, dns: Fix missing size check of V1 server-list header Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman (1): Linux 5.15.147 Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Hariprasad Kelam (1): octeontx2-af: Don't enable Pause frames by default Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug Jinghao Jia (1): x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Jiri Olsa (1): kallsyms: Make module_kallsyms_on_each_symbol generally available Johannes Berg (1): wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ John Fastabend (1): net: tls, update curr on splice as well Jon Maxwell (1): ipv6: remove max_size check inline with ipv4 Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Justin Chen (2): net: usb: ax88179_178a: remove redundant init code net: usb: ax88179_178a: move priv to driver_priv Jörn-Thorben Hinz (1): net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Kai-Heng Feng (1): r8169: Fix PCI error on system resume Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Khaled Almahallawy (1): drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Kurt Kanzenbach (3): igc: Report VLAN EtherType matching back to user igc: Check VLAN TCI mask igc: Check VLAN EtherType mask Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Marc Kleine-Budde (2): can: raw: add support for SO_TXTIME/SCM_TXTIME can: raw: add support for SO_MARK Mark Brown (4): ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Matthew Wilcox (Oracle) (1): mm/memory-failure: check the mapcount of the precise page Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Muhammad Usama Anjum (1): selftests: secretmem: floor the memory size to the multiple of page_size Naveen Mamindlapalli (2): octeontx2-af: Always configure NIX TX link credits based on max frame size octeontx2-af: Re-enable MAC TX in otx2_stop processing Pablo Neira Ayuso (1): netfilter: nft_immediate: drop chain reference counter on error Phil Sutter (1): netfilter: nf_tables: Reject tables of unsupported family Rodrigo Cataldo (1): igc: Fix hicredit calculation Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Siddhesh Dharme (1): ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Suman Ghosh (1): octeontx2-af: Fix marking couple of structure as __packed Sunil Goutham (1): octeontx2-af: Set NIX link credits based on max LMAC Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Thomas Lange (1): net: Implement missing SO_TIMESTAMPING_NEW cmsg support Vadim Fedorenko (1): net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Wenchao Chen (1): mmc: sdhci-sprd: Fix eMMC init failure after hw reset Zhipeng Lu (1): sfc: fix a double-free bug in efx_probe_filters Ziyang Huang (1): mmc: meson-mx-sdhc: Fix initialization frozen issue

1 year, 8 months

1
1
0 0

Linux 5.10.208

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.208 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-sunxi/mc_smp.c | 4 arch/powerpc/kernel/ppc_save_regs.S | 6 arch/x86/kernel/kprobes/core.c | 3 drivers/firewire/ohci.c | 51 +++++ drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/gpu/drm/qxl/qxl_drv.h | 2 drivers/gpu/drm/qxl/qxl_dumb.c | 5 drivers/gpu/drm/qxl/qxl_gem.c | 25 +- drivers/gpu/drm/qxl/qxl_ioctl.c | 6 drivers/i2c/i2c-core.h | 4 drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 -- drivers/mmc/host/sdhci-sprd.c | 10 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 drivers/net/ethernet/qlogic/qla3xxx.c | 198 +++++++++------------ drivers/net/ethernet/sfc/rx_common.c | 4 drivers/net/usb/ax88172a.c | 4 drivers/nvme/host/trace.h | 2 drivers/pci/quirks.c | 28 ++ fs/block_dev.c | 21 +- include/net/dst_ops.h | 2 mm/memory-failure.c | 6 mm/memory.c | 4 net/core/dst.c | 8 net/core/sock.c | 1 net/dns_resolver/dns_key.c | 19 -- net/ipv6/route.c | 13 - net/netfilter/nf_tables_api.c | 57 +++++- net/netfilter/nft_immediate.c | 2 net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 net/socket.c | 2 net/tls/tls_sw.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/meson/g12a-toacodec.c | 5 sound/soc/meson/g12a-tohdmitx.c | 8 43 files changed, 419 insertions(+), 225 deletions(-) Aditya Gupta (1): powerpc: update ppc_save_regs to save current r1 in pt_regs Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices Benjamin Bara (1): i2c: core: Fix atomic xfer check for non-preempt config Chen Ni (1): asix: Add check for usbnet_get_endpoints Christophe JAILLET (1): net/qla3xxx: switch from 'pci_' to 'dma_' API Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Edward Adam Davis (1): keys, dns: Fix missing size check of V1 server-list header Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman (2): Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()" Linux 5.10.208 Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug Jinghao Jia (1): x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect John Fastabend (1): net: tls, update curr on splice as well Jon Maxwell (1): ipv6: remove max_size check inline with ipv4 Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Khaled Almahallawy (1): drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Mark Brown (4): ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Matthew Wilcox (Oracle) (1): mm/memory-failure: check the mapcount of the precise page Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Pablo Neira Ayuso (2): netfilter: nftables: add loop check helper function netfilter: nft_immediate: drop chain reference counter on error Phil Sutter (1): netfilter: nf_tables: Reject tables of unsupported family Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Siddhesh Dharme (1): ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Suman Ghosh (1): octeontx2-af: Fix marking couple of structure as __packed Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Thomas Lange (1): net: Implement missing SO_TIMESTAMPING_NEW cmsg support Wander Lairson Costa (1): drm/qxl: fix UAF on handle creation Wenchao Chen (1): mmc: sdhci-sprd: Fix eMMC init failure after hw reset Zhipeng Lu (1): sfc: fix a double-free bug in efx_probe_filters Ziyang Huang (1): mmc: meson-mx-sdhc: Fix initialization frozen issue

1 year, 8 months

1
1
0 0

Linux 5.4.267

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.267 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-sunxi/mc_smp.c | 4 drivers/firewire/ohci.c | 51 ++++ drivers/i2c/i2c-core.h | 4 drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/mmc/host/sdhci-sprd.c | 10 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 ++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/qlogic/qla3xxx.c | 198 ++++++++---------- drivers/net/usb/ax88172a.c | 4 drivers/net/wireless/ath/ath10k/ce.c | 79 +++---- drivers/net/wireless/ath/ath10k/ce.h | 15 - drivers/net/wireless/ath/ath10k/core.c | 13 - drivers/net/wireless/ath/ath10k/hw.h | 3 drivers/net/wireless/ath/ath10k/snoc.c | 19 + drivers/net/wireless/ath/ath10k/snoc.h | 1 drivers/pci/quirks.c | 28 ++ include/net/dst_ops.h | 6 include/net/netns/ipv6.h | 4 mm/memory-failure.c | 6 mm/memory.c | 4 net/can/raw.c | 12 + net/core/dst.c | 12 - net/core/sock.c | 1 net/ipv4/ip_output.c | 2 net/ipv6/ip6_output.c | 2 net/ipv6/route.c | 25 +- net/netfilter/nf_tables_api.c | 27 ++ net/nfc/llcp_core.c | 39 +++ net/sched/em_text.c | 4 net/socket.c | 2 net/tls/tls_sw.c | 2 sound/soc/meson/Kconfig | 4 sound/soc/meson/Makefile | 2 sound/soc/meson/g12a-tohdmitx.c | 227 ++++----------------- sound/soc/meson/meson-codec-glue.c | 149 +++++++++++++ sound/soc/meson/meson-codec-glue.h | 32 ++ 41 files changed, 648 insertions(+), 409 deletions(-) Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices Benjamin Bara (1): i2c: core: Fix atomic xfer check for non-preempt config Chen Ni (1): asix: Add check for usbnet_get_endpoints Christophe JAILLET (1): net/qla3xxx: switch from 'pci_' to 'dma_' API Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Douglas Anderson (3): ath10k: Wait until copy complete is actually done before completing ath10k: Keep track of which interrupts fired, don't poll them ath10k: Get rid of "per_ce_irq" hw param Eric Dumazet (2): net/dst: use a smaller percpu_counter batch for dst entries accounting ipv6: make ip6_rt_gc_expire an atomic_t Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman (1): Linux 5.4.267 Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Jerome Brunet (2): ASoC: meson: g12a: extract codec-to-codec utils ASoC: meson: codec-glue: fix pcm format cast warning Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug John Fastabend (1): net: tls, update curr on splice as well Jon Maxwell (1): ipv6: remove max_size check inline with ipv4 Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Marc Kleine-Budde (2): can: raw: add support for SO_TXTIME/SCM_TXTIME can: raw: add support for SO_MARK Mark Brown (2): ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Matthew Wilcox (Oracle) (1): mm/memory-failure: check the mapcount of the precise page Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Phil Sutter (1): netfilter: nf_tables: Reject tables of unsupported family Rakesh Pillai (1): ath10k: Add interrupt summary based CE processing Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Thomas Lange (1): net: Implement missing SO_TIMESTAMPING_NEW cmsg support Vadim Fedorenko (1): net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Wenchao Chen (1): mmc: sdhci-sprd: Fix eMMC init failure after hw reset

1 year, 8 months

1
1
0 0

Linux 4.19.305

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.305 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-sunxi/mc_smp.c | 4 drivers/firewire/ohci.c | 51 +++++ drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/qlogic/qla3xxx.c | 198 +++++++++------------ drivers/net/usb/ax88172a.c | 4 drivers/pci/quirks.c | 28 ++ fs/fuse/dir.c | 10 - include/net/dst_ops.h | 6 include/net/netns/ipv6.h | 4 mm/memory-failure.c | 6 mm/memory.c | 4 net/core/dst.c | 8 net/ipv6/route.c | 25 +- net/netfilter/nf_tables_api.c | 27 ++ net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 net/socket.c | 2 24 files changed, 330 insertions(+), 156 deletions(-) Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices Chen Ni (1): asix: Add check for usbnet_get_endpoints Christophe JAILLET (1): net/qla3xxx: switch from 'pci_' to 'dma_' API Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Eric Dumazet (2): net/dst: use a smaller percpu_counter batch for dst entries accounting ipv6: make ip6_rt_gc_expire an atomic_t Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman (1): Linux 4.19.305 Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug Jon Maxwell (1): ipv6: remove max_size check inline with ipv4 Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Matthew Wilcox (Oracle) (1): mm/memory-failure: check the mapcount of the precise page Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Peter Oskolkov (1): net: add a route cache full diagnostic message Phil Sutter (1): netfilter: nf_tables: Reject tables of unsupported family Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards ruanmeisi (1): fuse: nlookup missing decrement in fuse_direntplus_link

1 year, 8 months

1
1
0 0

[PATCH 4.19 00/25] 4.19.305-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.305 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 15 Jan 2024 09:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.305-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.305-rc1 Jon Maxwell <jmaxwell37(a)gmail.com> ipv6: remove max_size check inline with ipv4 Eric Dumazet <edumazet(a)google.com> ipv6: make ip6_rt_gc_expire an atomic_t Eric Dumazet <edumazet(a)google.com> net/dst: use a smaller percpu_counter batch for dst entries accounting Peter Oskolkov <posk(a)google.com> net: add a route cache full diagnostic message Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Disable ATS for specific Intel IPU E2000 devices Bartosz Pawlowski <bartosz.pawlowski(a)intel.com> PCI: Extract ATS disabling to a helper function Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Reject tables of unsupported family ruanmeisi <ruan.meisi(a)zte.com.cn> fuse: nlookup missing decrement in fuse_direntplus_link Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: switch from 'pci_' to 'dma_' API Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ------------- Diffstat: Makefile | 4 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- drivers/firewire/ohci.c | 51 ++++++ drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/qlogic/qla3xxx.c | 198 +++++++++------------ drivers/net/usb/ax88172a.c | 4 +- drivers/pci/quirks.c | 28 ++- fs/fuse/dir.c | 10 +- include/net/dst_ops.h | 6 +- include/net/netns/ipv6.h | 4 +- mm/memory-failure.c | 6 +- mm/memory.c | 4 +- net/core/dst.c | 8 +- net/ipv6/route.c | 25 +-- net/netfilter/nf_tables_api.c | 27 +++ net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 +- net/socket.c | 2 + 24 files changed, 331 insertions(+), 157 deletions(-)

1 year, 8 months

5
29
0 0

[PATCH 1/2] drm/amdgpu: Pass amdgpu_job directly to amdgpu_ring_soft_recovery

by Joshua Ashton

We will need this to change the karma in the future. Signed-off-by: Joshua Ashton <joshua(a)froggi.es> Cc: Friedrich Vock <friedrich.vock(a)gmx.de> Cc: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> Cc: Christian König <christian.koenig(a)amd.com> Cc: André Almeida <andrealmeid(a)igalia.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 9 ++++----- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 3 +-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c index 78476bc75b4e..c1af7ca25912 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c @@ -52,7 +52,7 @@ static enum drm_gpu_sched_stat amdgpu_job_timedout(struct drm_sched_job *s_job) adev->job_hang = true; if (amdgpu_gpu_recovery && - amdgpu_ring_soft_recovery(ring, job->vmid, s_job->s_fence->parent)) { + amdgpu_ring_soft_recovery(ring, job)) { DRM_ERROR("ring %s timeout, but soft recovered\n", s_job->sched->name); goto exit; diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c index 45424ebf9681..25209ce54552 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c @@ -425,14 +425,13 @@ void amdgpu_ring_emit_reg_write_reg_wait_helper(struct amdgpu_ring *ring, * amdgpu_ring_soft_recovery - try to soft recover a ring lockup * * @ring: ring to try the recovery on - * @vmid: VMID we try to get going again - * @fence: timedout fence + * @job: the locked-up job * * Tries to get a ring proceeding again when it is stuck. */ -bool amdgpu_ring_soft_recovery(struct amdgpu_ring *ring, unsigned int vmid, - struct dma_fence *fence) +bool amdgpu_ring_soft_recovery(struct amdgpu_ring *ring, struct amdgpu_job *job) { + struct dma_fence *fence = job->base.s_fence->parent; unsigned long flags; ktime_t deadline; @@ -452,7 +451,7 @@ bool amdgpu_ring_soft_recovery(struct amdgpu_ring *ring, unsigned int vmid, atomic_inc(&ring->adev->gpu_reset_counter); while (!dma_fence_is_signaled(fence) && ktime_to_ns(ktime_sub(deadline, ktime_get())) > 0) - ring->funcs->soft_recovery(ring, vmid); + ring->funcs->soft_recovery(ring, job->vmid); return dma_fence_is_signaled(fence); } diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h index bbb53720a018..734df88f22d4 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h @@ -354,8 +354,7 @@ void amdgpu_ring_fini(struct amdgpu_ring *ring); void amdgpu_ring_emit_reg_write_reg_wait_helper(struct amdgpu_ring *ring, uint32_t reg0, uint32_t val0, uint32_t reg1, uint32_t val1); -bool amdgpu_ring_soft_recovery(struct amdgpu_ring *ring, unsigned int vmid, - struct dma_fence *fence); +bool amdgpu_ring_soft_recovery(struct amdgpu_ring *ring, struct amdgpu_job *job); static inline void amdgpu_ring_set_preempt_cond_exec(struct amdgpu_ring *ring, bool cond_exec) -- 2.43.0

1 year, 8 months

4
10
0 0

Re: kernel BUG on network namespace deletion

by Greg KH

On Mon, Jan 15, 2024 at 12:19:06PM +0500, Марк Коренберг wrote: > Kernel 6.6.9-200.fc39.x86_64 > > The following bash script demonstrates the problem (run under root): > > ``` > #!/bin/bash > > set -e -u -x > > # Some cleanups > ip netns delete myspace || : > ip link del qweqwe1 || : > > # The bug happens only with physical interfaces, not with, say, dummy one > ip link property add dev enp0s20f0u2 altname myname > ip netns add myspace > ip link set enp0s20f0u2 netns myspace > > # add dummy interface + set the same altname as in background namespace. > ip link add name qweqwe1 type dummy > ip link property add dev qweqwe1 altname myname > > # Trigger the bug. The kernel will try to return ethernet interface > back to root namespace, but it can not, because of conflicting > altnames. > ip netns delete myspace > > # now `ip link` will hang forever !!!!! > ``` > > I think, the problem is obvious. Althougn I don't know how to fix. > Remove conflicting altnames for interfaces that returns from killed > namespaces ? As this can only be triggered by root, not much for us to do here, perhaps discuss it on the netdev mailing list for all network developers to work on? > On kernel 6.3.8 (at least) was another bug, that allows dulicate > altnames, and it was fixed mainline somewhere. I have another script > to trigger the bug on these old kernels. I did not bisect. If this is an issue on 6.1.y, that would be good to know so that we can try to fix the issue there if bisection can find it. Care to share the script so that I can test? thanks, greg k-h

1 year, 8 months

2
2
0 0

[PATCH v3] usb: dwc3: pci: add support for the Intel Arrow Lake-H

by Heikki Krogerus

This patch adds the necessary PCI ID for Intel Arrow Lake-H devices. Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- Changed since v2: Including changelog. Changed since v1: CCd stable. --- drivers/usb/dwc3/dwc3-pci.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c index 6604845c397c..39564e17f3b0 100644 --- a/drivers/usb/dwc3/dwc3-pci.c +++ b/drivers/usb/dwc3/dwc3-pci.c @@ -51,6 +51,8 @@ #define PCI_DEVICE_ID_INTEL_MTLP 0x7ec1 #define PCI_DEVICE_ID_INTEL_MTLS 0x7f6f #define PCI_DEVICE_ID_INTEL_MTL 0x7e7e +#define PCI_DEVICE_ID_INTEL_ARLH 0x7ec1 +#define PCI_DEVICE_ID_INTEL_ARLH_PCH 0x777e #define PCI_DEVICE_ID_INTEL_TGL 0x9a15 #define PCI_DEVICE_ID_AMD_MR 0x163a @@ -421,6 +423,8 @@ static const struct pci_device_id dwc3_pci_id_table[] = { { PCI_DEVICE_DATA(INTEL, MTLP, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, MTL, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, MTLS, &dwc3_pci_intel_swnode) }, + { PCI_DEVICE_DATA(INTEL, ARLH, &dwc3_pci_intel_swnode) }, + { PCI_DEVICE_DATA(INTEL, ARLH_PCH, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, TGL, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(AMD, NL_USB, &dwc3_pci_amd_swnode) }, -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH] usb: dwc3: pci: add support for the Intel Arrow Lake-H

by Heikki Krogerus

This patch adds the necessary PCI ID for Intel Arrow Lake-H devices. Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/usb/dwc3/dwc3-pci.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c index 6604845c397c..39564e17f3b0 100644 --- a/drivers/usb/dwc3/dwc3-pci.c +++ b/drivers/usb/dwc3/dwc3-pci.c @@ -51,6 +51,8 @@ #define PCI_DEVICE_ID_INTEL_MTLP 0x7ec1 #define PCI_DEVICE_ID_INTEL_MTLS 0x7f6f #define PCI_DEVICE_ID_INTEL_MTL 0x7e7e +#define PCI_DEVICE_ID_INTEL_ARLH 0x7ec1 +#define PCI_DEVICE_ID_INTEL_ARLH_PCH 0x777e #define PCI_DEVICE_ID_INTEL_TGL 0x9a15 #define PCI_DEVICE_ID_AMD_MR 0x163a @@ -421,6 +423,8 @@ static const struct pci_device_id dwc3_pci_id_table[] = { { PCI_DEVICE_DATA(INTEL, MTLP, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, MTL, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, MTLS, &dwc3_pci_intel_swnode) }, + { PCI_DEVICE_DATA(INTEL, ARLH, &dwc3_pci_intel_swnode) }, + { PCI_DEVICE_DATA(INTEL, ARLH_PCH, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(INTEL, TGL, &dwc3_pci_intel_swnode) }, { PCI_DEVICE_DATA(AMD, NL_USB, &dwc3_pci_amd_swnode) }, -- 2.43.0

1 year, 8 months

2
2
0 0

[PATCH AUTOSEL 4.14 1/6] reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning

by Sasha Levin

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> [ Upstream commit b5ec294472794ed9ecba0cb4b8208372842e7e0d ] 'type' is an enum, thus cast of pointer on 64-bit compile test with W=1 causes: hi6220_reset.c:166:9: error: cast to smaller integer type 'enum hi6220_reset_ctrl_type' from 'const void *' [-Werror,-Wvoid-pointer-to-enum-cast] Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20230810091300.70197-1-krzysztof.kozlowski@linaro… Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/reset/hisilicon/hi6220_reset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c index d5e5229308f22..d77a7ad7e57a7 100644 --- a/drivers/reset/hisilicon/hi6220_reset.c +++ b/drivers/reset/hisilicon/hi6220_reset.c @@ -107,7 +107,7 @@ static int hi6220_reset_probe(struct platform_device *pdev) if (!data) return -ENOMEM; - type = (enum hi6220_reset_ctrl_type)of_device_get_match_data(dev); + type = (uintptr_t)of_device_get_match_data(dev); regmap = syscon_node_to_regmap(np); if (IS_ERR(regmap)) { -- 2.43.0

1 year, 8 months

2
7
0 0

[PATCH AUTOSEL 4.19 1/7] reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning

by Sasha Levin

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> [ Upstream commit b5ec294472794ed9ecba0cb4b8208372842e7e0d ] 'type' is an enum, thus cast of pointer on 64-bit compile test with W=1 causes: hi6220_reset.c:166:9: error: cast to smaller integer type 'enum hi6220_reset_ctrl_type' from 'const void *' [-Werror,-Wvoid-pointer-to-enum-cast] Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20230810091300.70197-1-krzysztof.kozlowski@linaro… Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/reset/hisilicon/hi6220_reset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c index d5e5229308f22..d77a7ad7e57a7 100644 --- a/drivers/reset/hisilicon/hi6220_reset.c +++ b/drivers/reset/hisilicon/hi6220_reset.c @@ -107,7 +107,7 @@ static int hi6220_reset_probe(struct platform_device *pdev) if (!data) return -ENOMEM; - type = (enum hi6220_reset_ctrl_type)of_device_get_match_data(dev); + type = (uintptr_t)of_device_get_match_data(dev); regmap = syscon_node_to_regmap(np); if (IS_ERR(regmap)) { -- 2.43.0

1 year, 8 months

3
9
0 0

[PATCH AUTOSEL 6.1 1/5] virtio_blk: fix snprintf truncation compiler warning

by Sasha Levin

From: Stefan Hajnoczi <stefanha(a)redhat.com> [ Upstream commit b8e0792449928943c15d1af9f63816911d139267 ] Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the following gcc 13 W=1 warnings: drivers/block/virtio_blk.c: In function ‘init_vq’: drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~ drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~ drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination of size 16 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a false positive because the lower bound -2147483648 is incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < 65536. The code mixes int, unsigned short, and unsigned int types in addition to using "%d" for an unsigned value. Use unsigned short and "%u" consistently to solve the compiler warning. Cc: Suwan Kim <suwan.kim027(a)gmail.com> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ Signed-off-by: Stefan Hajnoczi <stefanha(a)redhat.com> Message-Id: <20231204140743.1487843-1-stefanha(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/block/virtio_blk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index efa5535a8e1d8..3124837aa406f 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -609,12 +609,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) static int init_vq(struct virtio_blk *vblk) { int err; - int i; + unsigned short i; vq_callback_t **callbacks; const char **names; struct virtqueue **vqs; unsigned short num_vqs; - unsigned int num_poll_vqs; + unsigned short num_poll_vqs; struct virtio_device *vdev = vblk->vdev; struct irq_affinity desc = { 0, }; @@ -658,13 +658,13 @@ static int init_vq(struct virtio_blk *vblk) for (i = 0; i < num_vqs - num_poll_vqs; i++) { callbacks[i] = virtblk_done; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); names[i] = vblk->vqs[i].name; } for (; i < num_vqs; i++) { callbacks[i] = NULL; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); names[i] = vblk->vqs[i].name; } -- 2.43.0

1 year, 8 months

2
6
0 0

[Regression 6.1.y] From "cifs: Fix flushing, invalidation and file size with copy_file_range()"

by Salvatore Bonaccorso

Hi Looping in as well regressions(a)lists.linux.dev list (and add linux-cifs(a)vger.kernel.org as well here). On Wed, Jan 03, 2024 at 11:40:04PM +0000, Jitindar Singh, Suraj wrote: > Hi, > > When testing the v6.1.69 kernel I bisected an issue to the below commit > which was added in v6.1.68. When running the xfstests[1] on cifs I > observe a null pointer dereference in cifs_flush_folio() because folio > is null and dereferenced in size = folio_size(folio). > > [1] https://github.com/kdave/xfstests > > This can be reproduced using many of the xfstests but reproduces with > generic/001 like below: > > $ ./check -cifs generic/001 > > FSTYP -- cifs > PLATFORM -- Linux/x86_64 ip-172-31-36-150 6.1.69 #2 SMP > PREEMPT_DYNAMIC Wed Jan 3 22:36:43 UTC 2024 > MKFS_OPTIONS -- //172.31.34.66/scratch > MOUNT_OPTIONS -- -ousername=ec2- > user,password=abc123,noperm,mfsymlinks,cifsacl,actimeo=0 -o > context=system_u:object_r:root_t:s0 //172.31.34.66/scratch /mnt/scratch > > generic/001 10s ... > > [ 244.135555] run fstests generic/001 at 2024-01-03 22:44:59 > [ 244.637499] BUG: kernel NULL pointer dereference, address: > 0000000000000000 > [ 244.638204] #PF: supervisor read access in kernel mode > [ 244.638698] #PF: error_code(0x0000) - not-present page > [ 244.639194] PGD 0 P4D 0 > [ 244.639466] Oops: 0000 [#1] PREEMPT SMP NOPTI > [ 244.698047] CPU: 11 PID: 4123 Comm: cp Not tainted 6.1.69 #2 > [ 244.698598] Hardware name: Amazon EC2 m6i.4xlarge/, BIOS 1.0 > 10/16/2017 > [ 244.699228] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] > [ 244.699782] Code: d2 41 54 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c 48 > 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 > <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d > [ 244.799263] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207 > [ 244.888911] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 0000000000000000 > [ 244.898446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > ffff9ed945eac000 > [ 244.899136] RBP: 00000000000003a1 R08: 0000000000000001 R09: > 0000000000000000 > [ 244.997779] R10: 0000000000003e7f R11: 0000000000000000 R12: > ffffc25441ffbd90 > [ 244.998564] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15: > 0000000000000001 > [ 244.999264] FS: 00007f111404d340(0000) GS:ffff9ee7fecc0000(0000) > knlGS:0000000000000000 > [ 245.097782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 245.098345] CR2: 0000000000000000 CR3: 00000001211fc001 CR4: > 00000000007706e0 > [ 245.099122] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 245.099854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 245.198200] PKRU: 55555554 > [ 245.198478] Call Trace: > [ 245.198735] <TASK> > [ 245.198967] ? show_trace_log_lvl+0x1c4/0x2d2 > [ 245.199399] ? show_trace_log_lvl+0x1c4/0x2d2 > [ 245.199830] ? cifs_remap_file_range+0x15d/0x5e0 [cifs] > [ 245.298029] ? __die_body.cold+0x8/0xd > [ 245.298402] ? page_fault_oops+0xac/0x140 > [ 245.298943] ? exc_page_fault+0x62/0x140 > [ 245.299336] ? asm_exc_page_fault+0x22/0x30 > [ 245.299751] ? cifs_flush_folio+0x3f/0x100 [cifs] > [ 245.397858] ? cifs_precopy_set_eof+0x73/0x110 [cifs] > [ 245.398383] cifs_remap_file_range+0x15d/0x5e0 [cifs] > [ 245.398909] do_clone_file_range+0xe7/0x230 > [ 245.399329] vfs_clone_file_range+0x37/0x140 > [ 245.399861] ioctl_file_clone+0x45/0xa0 > [ 245.497918] do_vfs_ioctl+0x79/0x890 > [ 245.498328] __x64_sys_ioctl+0x69/0xc0 > [ 245.498706] do_syscall_64+0x38/0x90 > [ 245.499070] entry_SYSCALL_64_after_hwframe+0x64/0xce > [ 245.499568] RIP: 0033:0x7f1113e3ec6b > [ 245.499929] Code: 73 01 c3 48 8b 0d 9500 f7 d8 64 89 01 48 83 c8 ff > c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 > <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 65 a1 1b 00 f7 d8 64 89 01 48 > [ 245.599410] RSP: 002b:00007fff140ebb88 EFLAGS: 00000246 ORIG_RAX: > 0000000000000010 > [ 245.697930] RAX: ffffffffffffffda RBX: 00007fff140ec3b0 RCX: > 00007f1113e3ec6b > [ 245.698620] RDX: 0000000000000003 RSI: 0000000040049409 RDI: > 0000000000000004 > [ 245.699306] RBP: 0000000000000003 R08: 0000000000000001 R09: > 0000000000000004 > [ 245.797942] R10: 0000000000001000 R11: 0000000000000246 R12: > 00007fff140ed616 > [ 245.798789] R13: 00007fff140ebfa0 R14: 0000000000000000 R15: > 0000000000000002 > [ 245.799485] </TASK> > [ 245.799720] Modules linked in: cmac nls_utf8 cifs cifs_arc4 cifs_md4 > dns_lver mousedev sunrpc nls_ascii nls_cp437 vfat fat psmouse > ghash_clmulni_intel atkbd libps2 vivaldi_fmap aesni_intel ena i8042 > crypto_simd serio cryptd button drm sch_fq_codel fuse i2c_core configfs > drm_panel_orientation_quirks loop backlight dmi_sysfs crc32_pclmul > intel dm_mirror dm_region_hash dm_log dm_mod dax efivarfs > [ 245.998457] CR2: 0000000000000000 > [ 245.998800] ---[ end trace 0000000000000000 ]--- > [ 246.087916] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] > [ 246.088794] Code: d2 41 54 49 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c > 48 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00 > 00 <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d > [ 246.099436] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207 > [ 246.189258] RAX: 0000000000000000 RBX: 0000000000000000 RCX: > 0000000000000000 > [ 246.198724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: > ffff9ed945eac000 > [ 246.199411] RBP: 00000000000003a1 R08: 0000000000000001 R09: > 0000000000000000 > [ 246.298002] R10: 0000000000003e7f R11: 0000000000000000 R12: > ffffc25441ffbd90 > [ 246.298687] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15: > 0000000000000001 > [ 246.299372] FS: 00007f111404d340(0000) GS:ffff9ee7fecc0000(0000) > knlGS:0000000000000000 > [ 246.398006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 246.398569] CR2: 0000000000000000 CR3: 00000001211fc001 CR4: > 00000000007706e0 > [ 246.399254] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 246.399934] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 246.498414] PKRU: 55555554 > [ 246.498698] Kernel panic - not syncing: Fatal exception > [ 246.500042] Kernel Offset: 0x38000000 from 0xffffffff81000000 > (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > [ 246.698094] Rebooting in 5 seconds.. > > Any ideas what is causing this and what the resolution is? This doesn't > occur on the upstream/master kernel. > > Thanks, > Suraj > > On Mon, 2023-12-11 at 13:57 +0100, gregkh(a)linuxfoundation.org wrote: > > > > This is a note to let you know that I've just added the patch titled > > > > cifs: Fix flushing, invalidation and file size with > > copy_file_range() > > > > to the 6.1-stable tree which can be found at: > > > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > > > The filename of the patch is: > > cifs-fix-flushing-invalidation-and-file-size-with- > > copy_file_range.patch > > and it can be found in the queue-6.1 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable > > tree, > > please let <stable(a)vger.kernel.org> know about it. > > > > > > > From 7b2404a886f8b91250c31855d287e632123e1746 Mon Sep 17 00:00:00 > > > 2001 > > From: David Howells <dhowells(a)redhat.com> > > Date: Fri, 1 Dec 2023 00:22:00 +0000 > > Subject: cifs: Fix flushing, invalidation and file size with > > copy_file_range() > > > > From: David Howells <dhowells(a)redhat.com> > > > > commit 7b2404a886f8b91250c31855d287e632123e1746 upstream. > > > > Fix a number of issues in the cifs filesystem implementation of the > > copy_file_range() syscall in cifs_file_copychunk_range(). > > > > Firstly, the invalidation of the destination range is handled > > incorrectly: > > We shouldn't just invalidate the whole file as dirty data in the file > > may > > get lost and we can't just call truncate_inode_pages_range() to > > invalidate > > the destination range as that will erase parts of a partial folio at > > each > > end whilst invalidating and discarding all the folios in the middle. > > We > > need to force all the folios covering the range to be reloaded, but > > we > > mustn't lose dirty data in them that's not in the destination range. > > > > Further, we shouldn't simply round out the range to PAGE_SIZE at each > > end > > as cifs should move to support multipage folios. > > > > Secondly, there's an issue whereby a write may have extended the file > > locally, but not have been written back yet. This can leaves the > > local > > idea of the EOF at a later point than the server's EOF. If a copy > > request > > is issued, this will fail on the server with STATUS_INVALID_VIEW_SIZE > > (which gets translated to -EIO locally) if the copy source extends > > past the > > server's EOF. > > > > Fix this by: > > > > (0) Flush the source region (already done). The flush does nothing > > and > > the EOF isn't moved if the source region has no dirty data. > > > > (1) Move the EOF to the end of the source region if it isn't already > > at > > least at this point. If we can't do this, for instance if the > > server > > doesn't support it, just flush the entire source file. > > > > (2) Find the folio (if present) at each end of the range, flushing > > it and > > increasing the region-to-be-invalidated to cover those in their > > entirety. > > > > (3) Fully discard all the folios covering the range as we want them > > to be > > reloaded. > > > > (4) Then perform the copy. > > > > Thirdly, set i_size after doing the copychunk_range operation as this > > value > > may be used by various things internally. stat() hides the issue > > because > > setting ->time to 0 causes cifs_getatr() to revalidate the > > attributes. > > > > These were causing the generic/075 xfstest to fail. > > > > Fixes: 620d8745b35d ("Introduce cifs_copy_file_range()") > > Cc: stable(a)vger.kernel.org > > Signed-off-by: David Howells <dhowells(a)redhat.com> > > cc: Paulo Alcantara <pc(a)manguebit.com> > > cc: Shyam Prasad N <nspmangalore(a)gmail.com> > > cc: Rohith Surabattula <rohiths.msft(a)gmail.com> > > cc: Matthew Wilcox <willy(a)infradead.org> > > cc: Jeff Layton <jlayton(a)kernel.org> > > cc: linux-cifs(a)vger.kernel.org > > cc: linux-mm(a)kvack.org > > Signed-off-by: David Howells <dhowells(a)redhat.com> > > Signed-off-by: Steve French <stfrench(a)microsoft.com> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > > fs/smb/client/cifsfs.c | 102 > > +++++++++++++++++++++++++++++++++++++++++++++++-- > > 1 file changed, 99 insertions(+), 3 deletions(-) > > > > --- a/fs/smb/client/cifsfs.c > > +++ b/fs/smb/client/cifsfs.c > > @@ -1191,6 +1191,72 @@ const struct inode_operations cifs_symli > > .listxattr = cifs_listxattr, > > }; > > > > +/* > > + * Advance the EOF marker to after the source range. > > + */ > > +static int cifs_precopy_set_eof(struct inode *src_inode, struct > > cifsInodeInfo *src_cifsi, > > + struct cifs_tcon *src_tcon, > > + unsigned int xid, loff_t src_end) > > +{ > > + struct cifsFileInfo *writeable_srcfile; > > + int rc = -EINVAL; > > + > > + writeable_srcfile = find_writable_file(src_cifsi, > > FIND_WR_FSUID_ONLY); > > + if (writeable_srcfile) { > > + if (src_tcon->ses->server->ops->set_file_size) > > + rc = src_tcon->ses->server->ops- > > >set_file_size( > > + xid, src_tcon, writeable_srcfile, > > + src_inode->i_size, true /* no need to > > set sparse */); > > + else > > + rc = -ENOSYS; > > + cifsFileInfo_put(writeable_srcfile); > > + cifs_dbg(FYI, "SetFSize for copychunk rc = %d\n", > > rc); > > + } > > + > > + if (rc < 0) > > + goto set_failed; > > + > > + netfs_resize_file(&src_cifsi->netfs, src_end); > > + fscache_resize_cookie(cifs_inode_cookie(src_inode), src_end); > > + return 0; > > + > > +set_failed: > > + return filemap_write_and_wait(src_inode->i_mapping); > > +} > > + > > +/* > > + * Flush out either the folio that overlaps the beginning of a range > > in which > > + * pos resides or the folio that overlaps the end of a range unless > > that folio > > + * is entirely within the range we're going to invalidate. We > > extend the flush > > + * bounds to encompass the folio. > > + */ > > +static int cifs_flush_folio(struct inode *inode, loff_t pos, loff_t > > *_fstart, loff_t *_fend, > > + bool first) > > +{ > > + struct folio *folio; > > + unsigned long long fpos, fend; > > + pgoff_t index = pos / PAGE_SIZE; > > + size_t size; > > + int rc = 0; > > + > > + folio = filemap_get_folio(inode->i_mapping, index); > > + if (IS_ERR(folio)) > > + return 0; > > + > > + size = folio_size(folio); > > + fpos = folio_pos(folio); > > + fend = fpos + size - 1; > > + *_fstart = min_t(unsigned long long, *_fstart, fpos); > > + *_fend = max_t(unsigned long long, *_fend, fend); > > + if ((first && pos == fpos) || (!first && pos == fend)) > > + goto out; > > + > > + rc = filemap_write_and_wait_range(inode->i_mapping, fpos, > > fend); > > +out: > > + folio_put(folio); > > + return rc; > > +} > > + > > static loff_t cifs_remap_file_range(struct file *src_file, loff_t > > off, > > struct file *dst_file, loff_t destoff, loff_t len, > > unsigned int remap_flags) > > @@ -1260,10 +1326,12 @@ ssize_t cifs_file_copychunk_range(unsign > > { > > struct inode *src_inode = file_inode(src_file); > > struct inode *target_inode = file_inode(dst_file); > > + struct cifsInodeInfo *src_cifsi = CIFS_I(src_inode); > > struct cifsFileInfo *smb_file_src; > > struct cifsFileInfo *smb_file_target; > > struct cifs_tcon *src_tcon; > > struct cifs_tcon *target_tcon; > > + unsigned long long destend, fstart, fend; > > ssize_t rc; > > > > cifs_dbg(FYI, "copychunk range\n"); > > @@ -1303,13 +1371,41 @@ ssize_t cifs_file_copychunk_range(unsign > > if (rc) > > goto unlock; > > > > - /* should we flush first and last page first */ > > - truncate_inode_pages(&target_inode->i_data, 0); > > + /* The server-side copy will fail if the source crosses the > > EOF marker. > > + * Advance the EOF marker after the flush above to the end of > > the range > > + * if it's short of that. > > + */ > > + if (src_cifsi->server_eof < off + len) { > > + rc = cifs_precopy_set_eof(src_inode, src_cifsi, > > src_tcon, xid, off + len); > > + if (rc < 0) > > + goto unlock; > > + } > > + > > + destend = destoff + len - 1; > > + > > + /* Flush the folios at either end of the destination range to > > prevent > > + * accidental loss of dirty data outside of the range. > > + */ > > + fstart = destoff; > > + fend = destend; > > + > > + rc = cifs_flush_folio(target_inode, destoff, &fstart, &fend, > > true); > > + if (rc) > > + goto unlock; > > + rc = cifs_flush_folio(target_inode, destend, &fstart, &fend, > > false); > > + if (rc) > > + goto unlock; > > + > > + /* Discard all the folios that overlap the destination > > region. */ > > + truncate_inode_pages_range(&target_inode->i_data, fstart, > > fend); > > > > rc = file_modified(dst_file); > > - if (!rc) > > + if (!rc) { > > rc = target_tcon->ses->server->ops- > > >copychunk_range(xid, > > smb_file_src, smb_file_target, off, len, > > destoff); > > + if (rc > 0 && destoff + rc > > > i_size_read(target_inode)) > > + truncate_setsize(target_inode, destoff + rc); > > + } > > > > file_accessed(src_file); > > > > > > > > Patches currently in stable-queue which might be from > > dhowells(a)redhat.com are > > > > queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with- > > copy_file_range.patch > > queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with- > > ficlone.patch > > queue-6.1/cifs-fix-non-availability-of-dedup-breaking-generic- > > 304.patch > > > It looks we had as well some reports in Debian about this regression. Copying a file within the same cifs mount seems to trigger the NULL pointer dereference: [ 1640.742300] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1640.742309] #PF: supervisor read access in kernel mode [ 1640.742313] #PF: error_code(0x0000) - not-present page [ 1640.742317] PGD 0 P4D 0 [ 1640.742322] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 1640.742327] CPU: 6 PID: 1972 Comm: cp Not tainted 6.1.0-17-amd64 #1 Debian 6.1.69-1 [ 1640.742333] Hardware name: LENOVO 20XXS1FU00/20XXS1FU00, BIOS N32ET89W (1.65 ) 11/13/2023 [ 1640.742336] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.742412] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b [ 1640.742417] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207 [ 1640.742422] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 1640.742425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000 [ 1640.742428] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1640.742431] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88 [ 1640.742433] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001 [ 1640.742437] FS: 00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000 [ 1640.742441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1640.742444] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0 [ 1640.742448] PKRU: 55555554 [ 1640.742450] Call Trace: [ 1640.742454] <TASK> [ 1640.742459] ? __die_body.cold+0x1a/0x1f [ 1640.742468] ? page_fault_oops+0xd2/0x2b0 [ 1640.742476] ? exc_page_fault+0x70/0x170 [ 1640.742482] ? asm_exc_page_fault+0x22/0x30 [ 1640.742492] ? cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.742558] ? cifs_flush_folio+0x33/0x100 [cifs] [ 1640.742622] ? cifs_precopy_set_eof+0x2b/0x150 [cifs] [ 1640.742688] cifs_remap_file_range+0x16d/0x680 [cifs] [ 1640.742755] do_clone_file_range+0xe6/0x230 [ 1640.742762] vfs_clone_file_range+0x37/0x140 [ 1640.742767] ioctl_file_clone+0x49/0xb0 [ 1640.742774] do_vfs_ioctl+0x77/0x910 [ 1640.742780] __x64_sys_ioctl+0x6e/0xd0 [ 1640.742785] do_syscall_64+0x58/0xc0 [ 1640.742794] entry_SYSCALL_64_after_hwframe+0x64/0xce [ 1640.742801] RIP: 0033:0x7f7dc8900b5b [ 1640.742806] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 1640.742810] RSP: 002b:00007ffe4b899000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1640.742815] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7dc8900b5b [ 1640.742817] RDX: 0000000000000003 RSI: 0000000040049409 RDI: 0000000000000004 [ 1640.742820] RBP: 00007ffe4b899440 R08: 00007ffe4b899600 R09: 0000000000000001 [ 1640.742823] R10: 00007f7dc881a358 R11: 0000000000000246 R12: 0000000000000001 [ 1640.742825] R13: 00007ffe4b899dc3 R14: 0000000000008000 R15: 0000000000000000 [ 1640.742831] </TASK> [ 1640.742832] Modules linked in: nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs ctr ccm rfcomm cmac algif_hash algif_skcipher af_alg snd_seq_dummy snd_hrtimer snd_seq snd_seq_device bnep btusb btrtl btbcm btintel btmtk bluetooth uvcvideo videobuf2_vmalloc videobuf2_memops jitterentropy_rng videobuf2_v4l2 videobuf2_common drbg videodev ansi_cprng mc ecdh_generic ecc qrtr ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_hda_dsp_common binfmt_misc snd_soc_hdac_hdmi ipt_REJECT snd_sof_probes nf_reject_ipv4 xt_LOG nf_log_syslog xt_comment nft_limit xt_limit xt_addrtype snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation joydev soundwire_cadence snd_sof_intel_hda x86_pkg_temp_thermal snd_sof_pci intel_powerclamp snd_sof_xtensa_dsp coretemp snd_sof snd_sof_utils snd_soc_hdac_hda kvm_intel snd_hda_ext_core [ 1640.742921] snd_soc_acpi_intel_match xt_tcpudp snd_soc_acpi kvm snd_soc_core xt_conntrack irqbypass nf_conntrack crc32_pclmul snd_compress nf_defrag_ipv6 soundwire_bus nf_defrag_ipv4 ghash_clmulni_intel iwlmvm nft_compat snd_hda_intel sha512_ssse3 snd_intel_dspcfg nf_tables snd_intel_sdw_acpi sha512_generic mac80211 libcrc32c snd_hda_codec hid_multitouch nfnetlink processor_thermal_device_pci_legacy hid_generic sha256_ssse3 iTCO_wdt snd_hda_core processor_thermal_device sha1_ssse3 intel_pmc_bxt iTCO_vendor_support processor_thermal_rfim libarc4 pmt_telemetry rapl thinkpad_acpi snd_hwdep xhci_pci processor_thermal_mbox mei_hdcp watchdog intel_rapl_msr snd_pcm pmt_class nls_ascii nvram intel_cstate processor_thermal_rapl xhci_hcd ucsi_acpi iwlwifi platform_profile snd_timer nls_cp437 intel_uncore i2c_hid_acpi intel_lpss_pci usbcore typec_ucsi ledtrig_audio think_lmi mei_me i2c_i801 intel_rapl_common snd pcspkr vfat i2c_hid intel_lpss roles cfg80211 firmware_attributes_class mei [ 1640.743007] thunderbolt usb_common soundcore wmi_bmof fat int3403_thermal idma64 i2c_smbus intel_vsec typec intel_soc_dts_iosf hid igen6_edac button battery ac rfkill soc_button_array int340x_thermal_zone int3400_thermal intel_hid intel_pmc_core acpi_thermal_rel acpi_tad acpi_pad sparse_keymap msr parport_pc ppdev lp parport loop fuse efi_pstore configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod i915 i2c_algo_bit drm_buddy nvme drm_display_helper nvme_core crc32c_intel t10_pi drm_kms_helper crc64_rocksoft cec crc64 rc_core crc_t10dif ttm crct10dif_generic aesni_intel crct10dif_pclmul psmouse drm evdev crypto_simd cryptd crct10dif_common serio_raw video wmi [ 1640.743095] CR2: 0000000000000000 [ 1640.743098] ---[ end trace 0000000000000000 ]--- [ 1640.957607] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs] [ 1640.957681] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b [ 1640.957683] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207 [ 1640.957685] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 1640.957686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000 [ 1640.957687] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 1640.957688] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88 [ 1640.957689] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001 [ 1640.957691] FS: 00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000 [ 1640.957692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1640.957693] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0 [ 1640.957695] PKRU: 55555554 [ 1640.957696] note: cp[1972] exited with irqs disabled #regzbot ^introduced 18b02e4343e8f5be6a2f44c7ad9899b385a92730 #regzbot link: https://bugs.debian.org/1060005 #regzbot link: https://bugs.debian.org/1060052 Regards, Salvatore

1 year, 8 months

6
13
0 0

Re: [Regression 6.1.y] From "cifs: Fix flushing, invalidation and file size with copy_file_range()"

by Matthew Wilcox

On Sat, Jan 13, 2024 at 11:08:00AM -0600, Steve French wrote: > I thought that it was "safer" since if it was misapplied to version where > new folio rc behavior it wouldn't regress anything There are only three versions where this patch can be applied: 6.7, 6.6 and 6.1. AIUI it's a backport from 6.7, it's already applied to 6.6, and it misapplies to 6.1. So this kind of belt-and-braces approach is unnecessary.

1 year, 8 months

2
1
0 0

Crash in NVME tracing on 5.10LTS

by John Sperbeck

With 5.10LTS (e.g., 5.10.206), on a machine using an NVME device, the following tracing commands will trigger a crash due to a NULL pointer dereference: KDIR=/sys/kernel/debug/tracing echo 1 > $KDIR/tracing_on echo 1 > $KDIR/events/nvme/enable echo "Waiting for trace events..." cat $KDIR/trace_pipe The backtrace looks something like this: Call Trace: <IRQ> ? __die_body+0x6b/0xb0 ? __die+0x9e/0xb0 ? no_context+0x3eb/0x460 ? ttwu_do_activate+0xf0/0x120 ? __bad_area_nosemaphore+0x157/0x200 ? select_idle_sibling+0x2f/0x410 ? bad_area_nosemaphore+0x13/0x20 ? do_user_addr_fault+0x2ab/0x360 ? exc_page_fault+0x69/0x180 ? asm_exc_page_fault+0x1e/0x30 ? trace_event_raw_event_nvme_complete_rq+0xba/0x170 ? trace_event_raw_event_nvme_complete_rq+0xa3/0x170 nvme_complete_rq+0x168/0x170 nvme_pci_complete_rq+0x16c/0x1f0 nvme_handle_cqe+0xde/0x190 nvme_irq+0x78/0x100 __handle_irq_event_percpu+0x77/0x1e0 handle_irq_event+0x54/0xb0 handle_edge_irq+0xdf/0x230 asm_call_irq_on_stack+0xf/0x20 </IRQ> common_interrupt+0x9e/0x150 asm_common_interrupt+0x1e/0x40 It looks to me like these two upstream commits were backported to 5.10: 679c54f2de67 ("nvme: use command_id instead of req->tag in trace_nvme_complete_rq()") e7006de6c238 ("nvme: code command_id with a genctr for use-after-free validation") But they depend on this upstream commit to initialize the 'cmd' field in some cases: f4b9e6c90c57 ("nvme: use driver pdu command for passthrough") Does it sound like I'm on the right track? The 5.15LTS and later seems to be okay.

1 year, 8 months

3
5
0 0

[REGRESSION] In v5.15.146 an ax88179_178a USB ethernet adapter causes crashes

by Jeffery Miller

For 5.15 attempting to use an ax88179_178a adapter "0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet" started causing crashes. This did not reproduce in the 6.6 kernel. The crashes were narrowed down to the following two commits brought into v5.15.146: commit d63fafd6cc28 ("net: usb: ax88179_178a: avoid failed operations when device is disconnected") commit f860413aa00c ("net: usb: ax88179_178a: wol optimizations") Those two use an uninitialized pointer `dev->driver_priv`. In later kernels this pointer is initialized in commit 2bcbd3d8a7b4 ("net: usb: ax88179_178a: move priv to driver_priv"). Picking in the two following commits fixed the issue for me on 5.15: commit 9718f9ce5b86 ("net: usb: ax88179_178a: remove redundant init code") commit 2bcbd3d8a7b4 ("net: usb: ax88179_178a: move priv to driver_priv") The commit 9718f9ce5b86 ("net: usb: ax88179_178a: remove redundant init code") was required for the fix to apply cleanly.

1 year, 8 months

3
2
0 0

[PATCH 5.15 0/2] tracing/kprobes: Fix symbol counting logic by looking at modules as well

by Markus Boehme

This backports the fix to the kprobe_events interface allowing to create kprobes on symbols defined in loadable modules again. The backport is simpler than ones for later kernels, since the backport of the commit introducing the bug already brought along much of the code needed to fix it. Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Jiri Olsa (1): kallsyms: Make module_kallsyms_on_each_symbol generally available include/linux/module.h | 9 +++++++++ kernel/module.c | 2 -- kernel/trace/trace_kprobe.c | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) -- 2.40.1

1 year, 8 months

2
3
0 0

[PATCH stable 4.19.x 1/4] net: add a route cache full diagnostic message

by Suraj Jitindar Singh

From: Peter Oskolkov <posk(a)google.com> commit 22c2ad616b74f3de2256b242572ab449d031d941 upstream. In some testing scenarios, dst/route cache can fill up so quickly that even an explicit GC call occasionally fails to clean it up. This leads to sporadically failing calls to dst_alloc and "network unreachable" errors to the user, which is confusing. This patch adds a diagnostic message to make the cause of the failure easier to determine. Signed-off-by: Peter Oskolkov <posk(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> Cc: <stable(a)vger.kernel.org> # 4.19.x --- net/core/dst.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/core/dst.c b/net/core/dst.c index 81ccf20e2826..a263309df115 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -98,8 +98,12 @@ void *dst_alloc(struct dst_ops *ops, struct net_device *dev, struct dst_entry *dst; if (ops->gc && dst_entries_get_fast(ops) > ops->gc_thresh) { - if (ops->gc(ops)) + if (ops->gc(ops)) { + printk_ratelimited(KERN_NOTICE "Route cache is full: " + "consider increasing sysctl " + "net.ipv[4|6].route.max_size.\n"); return NULL; + } } dst = kmem_cache_alloc(ops->kmem_cachep, GFP_ATOMIC); -- 2.34.1

1 year, 8 months

2
4
0 0

[PATCH 5.4.y] netfilter: nf_tables: Reject tables of unsupported family

by Cengiz Can

From: Phil Sutter <phil(a)nwl.cc> commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream. An nftables family is merely a hollow container, its family just a number and such not reliant on compile-time options other than nftables support itself. Add an artificial check so attempts at using a family the kernel can't support fail as early as possible. This helps user space detect kernels which lack e.g. NFPROTO_INET. Signed-off-by: Phil Sutter <phil(a)nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Cengiz Can <cengiz.can(a)canonical.com> --- net/netfilter/nf_tables_api.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 78be121f38ac..915df77161e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1005,6 +1005,30 @@ static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg, return strcmp(obj->key.name, k->name); } +static bool nft_supported_family(u8 family) +{ + return false +#ifdef CONFIG_NF_TABLES_INET + || family == NFPROTO_INET +#endif +#ifdef CONFIG_NF_TABLES_IPV4 + || family == NFPROTO_IPV4 +#endif +#ifdef CONFIG_NF_TABLES_ARP + || family == NFPROTO_ARP +#endif +#ifdef CONFIG_NF_TABLES_NETDEV + || family == NFPROTO_NETDEV +#endif +#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) + || family == NFPROTO_BRIDGE +#endif +#ifdef CONFIG_NF_TABLES_IPV6 + || family == NFPROTO_IPV6 +#endif + ; +} + static int nf_tables_newtable(struct net *net, struct sock *nlsk, struct sk_buff *skb, const struct nlmsghdr *nlh, const struct nlattr * const nla[], @@ -1020,6 +1044,9 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk, struct nft_ctx ctx; int err; + if (!nft_supported_family(family)) + return -EOPNOTSUPP; + lockdep_assert_held(&nft_net->commit_mutex); attr = nla[NFTA_TABLE_NAME]; table = nft_table_lookup(net, attr, family, genmask); -- 2.40.1

1 year, 8 months

2
3
0 0

[PATCH 5.10 0/2] PCI: Disable ATS for specific Intel IPU E2000 devices

by Bartosz Pawlowski

This patch series addresses the problem with A an B steppings of Intel IPU E2000 which expects incorrect endianness in data field of ATS invalidation request TLP by disabling ATS capability for vulnerable devices. Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices drivers/pci/quirks.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) -- 2.43.0

1 year, 8 months

2
3
0 0

[PATCH stable 5.4.x 1/3] net/dst: use a smaller percpu_counter batch for dst entries accounting

by Suraj Jitindar Singh

From: Eric Dumazet <edumazet(a)google.com> commit cf86a086a18095e33e0637cb78cda1fcf5280852 upstream. percpu_counter_add() uses a default batch size which is quite big on platforms with 256 cpus. (2*256 -> 512) This means dst_entries_get_fast() can be off by +/- 2*(nr_cpus^2) (131072 on servers with 256 cpus) Reduce the batch size to something more reasonable, and add logic to ip6_dst_gc() to call dst_entries_get_slow() before calling the _very_ expensive fib6_run_gc() function. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> Cc: <stable(a)vger.kernel.org> # 5.4.x --- include/net/dst_ops.h | 4 +++- net/core/dst.c | 8 ++++---- net/ipv6/route.c | 3 +++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/net/dst_ops.h b/include/net/dst_ops.h index 443863c7b8da..88ff7bb2bb9b 100644 --- a/include/net/dst_ops.h +++ b/include/net/dst_ops.h @@ -53,9 +53,11 @@ static inline int dst_entries_get_slow(struct dst_ops *dst) return percpu_counter_sum_positive(&dst->pcpuc_entries); } +#define DST_PERCPU_COUNTER_BATCH 32 static inline void dst_entries_add(struct dst_ops *dst, int val) { - percpu_counter_add(&dst->pcpuc_entries, val); + percpu_counter_add_batch(&dst->pcpuc_entries, val, + DST_PERCPU_COUNTER_BATCH); } static inline int dst_entries_init(struct dst_ops *dst) diff --git a/net/core/dst.c b/net/core/dst.c index 193af526e908..d6b6ced0d451 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -81,11 +81,11 @@ void *dst_alloc(struct dst_ops *ops, struct net_device *dev, { struct dst_entry *dst; - if (ops->gc && dst_entries_get_fast(ops) > ops->gc_thresh) { + if (ops->gc && + !(flags & DST_NOCOUNT) && + dst_entries_get_fast(ops) > ops->gc_thresh) { if (ops->gc(ops)) { - printk_ratelimited(KERN_NOTICE "Route cache is full: " - "consider increasing sysctl " - "net.ipv[4|6].route.max_size.\n"); + pr_notice_ratelimited("Route cache is full: consider increasing sysctl net.ipv6.route.max_size.\n"); return NULL; } } diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 209d52ebbd19..c38e421ca783 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -3218,6 +3218,9 @@ static int ip6_dst_gc(struct dst_ops *ops) int entries; entries = dst_entries_get_fast(ops); + if (entries > rt_max_size) + entries = dst_entries_get_slow(ops); + if (time_after(rt_last_gc + rt_min_interval, jiffies) && entries <= rt_max_size) goto out; -- 2.34.1

1 year, 8 months

1
2
0 0

[merged mm-hotfixes-stable] selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests: mm: hugepage-vmemmap fails on 64K page size systems has been removed from the -mm tree. Its filename was selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Donet Tom <donettom(a)linux.vnet.ibm.com> Subject: selftests: mm: hugepage-vmemmap fails on 64K page size systems Date: Wed, 10 Jan 2024 14:03:35 +0530 The kernel sefltest mm/hugepage-vmemmap fails on architectures which has different page size other than 4K. In hugepage-vmemmap page size used is 4k so the pfn calculation will go wrong on systems which has different page size .The length of MAP_HUGETLB memory must be hugepage aligned but in hugepage-vmemmap map length is 2M so this will not get aligned if the system has differnet hugepage size. Added psize() to get the page size and default_huge_page_size() to get the default hugepage size at run time, hugepage-vmemmap test pass on powerpc with 64K page size and x86 with 4K page size. Result on powerpc without patch (page size 64K) *# ./hugepage-vmemmap Returned address is 0x7effff000000 whose pfn is 0 Head page flags (100000000) is invalid check_page_flags: Invalid argument *# Result on powerpc with patch (page size 64K) *# ./hugepage-vmemmap Returned address is 0x7effff000000 whose pfn is 600 *# Result on x86 with patch (page size 4K) *# ./hugepage-vmemmap Returned address is 0x7fc7c2c00000 whose pfn is 1dac00 *# Link: https://lkml.kernel.org/r/3b3a3ae37ba21218481c482a872bbf7526031600.17048657… Fixes: b147c89cd429 ("selftests: vm: add a hugetlb test case") Signed-off-by: Donet Tom <donettom(a)linux.vnet.ibm.com> Reported-by: Geetika Moolchandani <geetika(a)linux.ibm.com> Tested-by: Geetika Moolchandani <geetika(a)linux.ibm.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugepage-vmemmap.c | 29 +++++++++------- 1 file changed, 18 insertions(+), 11 deletions(-) --- a/tools/testing/selftests/mm/hugepage-vmemmap.c~selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems +++ a/tools/testing/selftests/mm/hugepage-vmemmap.c @@ -10,10 +10,7 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> - -#define MAP_LENGTH (2UL * 1024 * 1024) - -#define PAGE_SIZE 4096 +#include "vm_util.h" #define PAGE_COMPOUND_HEAD (1UL << 15) #define PAGE_COMPOUND_TAIL (1UL << 16) @@ -39,6 +36,9 @@ #define MAP_FLAGS (MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB) #endif +static size_t pagesize; +static size_t maplength; + static void write_bytes(char *addr, size_t length) { unsigned long i; @@ -56,7 +56,7 @@ static unsigned long virt_to_pfn(void *a if (fd < 0) return -1UL; - lseek(fd, (unsigned long)addr / PAGE_SIZE * sizeof(pagemap), SEEK_SET); + lseek(fd, (unsigned long)addr / pagesize * sizeof(pagemap), SEEK_SET); read(fd, &pagemap, sizeof(pagemap)); close(fd); @@ -86,7 +86,7 @@ static int check_page_flags(unsigned lon * this also verifies kernel has correctly set the fake page_head to tail * while hugetlb_free_vmemmap is enabled. */ - for (i = 1; i < MAP_LENGTH / PAGE_SIZE; i++) { + for (i = 1; i < maplength / pagesize; i++) { read(fd, &pageflags, sizeof(pageflags)); if ((pageflags & TAIL_PAGE_FLAGS) != TAIL_PAGE_FLAGS || (pageflags & HEAD_PAGE_FLAGS) == HEAD_PAGE_FLAGS) { @@ -106,18 +106,25 @@ int main(int argc, char **argv) void *addr; unsigned long pfn; - addr = mmap(MAP_ADDR, MAP_LENGTH, PROT_READ | PROT_WRITE, MAP_FLAGS, -1, 0); + pagesize = psize(); + maplength = default_huge_page_size(); + if (!maplength) { + printf("Unable to determine huge page size\n"); + exit(1); + } + + addr = mmap(MAP_ADDR, maplength, PROT_READ | PROT_WRITE, MAP_FLAGS, -1, 0); if (addr == MAP_FAILED) { perror("mmap"); exit(1); } /* Trigger allocation of HugeTLB page. */ - write_bytes(addr, MAP_LENGTH); + write_bytes(addr, maplength); pfn = virt_to_pfn(addr); if (pfn == -1UL) { - munmap(addr, MAP_LENGTH); + munmap(addr, maplength); perror("virt_to_pfn"); exit(1); } @@ -125,13 +132,13 @@ int main(int argc, char **argv) printf("Returned address is %p whose pfn is %lx\n", addr, pfn); if (check_page_flags(pfn) < 0) { - munmap(addr, MAP_LENGTH); + munmap(addr, maplength); perror("check_page_flags"); exit(1); } /* munmap() length of MAP_HUGETLB memory must be hugepage aligned */ - if (munmap(addr, MAP_LENGTH)) { + if (munmap(addr, maplength)) { perror("munmap"); exit(1); } _ Patches currently in -mm which might be from donettom(a)linux.vnet.ibm.com are

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval has been removed from the -mm tree. Its filename was mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval Date: Wed, 10 Jan 2024 15:01:27 +0100 set_memmap_mode() stores the kernel parameter memmap mode as an integer. However, the get_memmap_mode() function utilizes param_get_bool() to fetch the value as a boolean, leading to potential endianness issue. On Big-endian architectures, the memmap_on_memory is consistently displayed as 'N' regardless of its actual status. To address this endianness problem, the solution involves obtaining the mode as an integer. This adjustment ensures the proper display of the memmap_on_memory parameter, presenting it as one of the following options: Force, Y, or N. Link: https://lkml.kernel.org/r/20240110140127.241451-1-sumanthk@linux.ibm.com Fixes: 2d1f649c7c08 ("mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks") Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Suggested-by: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/mm/memory_hotplug.c~mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval +++ a/mm/memory_hotplug.c @@ -101,9 +101,11 @@ static int set_memmap_mode(const char *v static int get_memmap_mode(char *buffer, const struct kernel_param *kp) { - if (*((int *)kp->arg) == MEMMAP_ON_MEMORY_FORCE) - return sprintf(buffer, "force\n"); - return param_get_bool(buffer, kp); + int mode = *((int *)kp->arg); + + if (mode == MEMMAP_ON_MEMORY_FORCE) + return sprintf(buffer, "force\n"); + return sprintf(buffer, "%c\n", mode ? 'Y' : 'N'); } static const struct kernel_param_ops memmap_mode_ops = { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are mm-memory_hotplug-introduce-mem_prepare_online-mem_finish_offline-notifiers.patch s390-mm-allocate-vmemmap-pages-from-self-contained-memory-range.patch s390-sclp-remove-unhandled-memory-notifier-type.patch s390-mm-implement-mem_prepare_online-mem_finish_offline-notifiers.patch s390-enable-mhp_memmap_on_memory.patch

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] efi-disable-mirror-feature-during-crashkernel.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: efi: disable mirror feature during crashkernel has been removed from the -mm tree. Its filename was efi-disable-mirror-feature-during-crashkernel.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: efi: disable mirror feature during crashkernel Date: Tue, 9 Jan 2024 12:15:36 +0800 If the system has no mirrored memory or uses crashkernel.high while kernelcore=mirror is enabled on the command line then during crashkernel, there will be limited mirrored memory and this usually leads to OOM. To solve this problem, disable the mirror feature during crashkernel. Link: https://lkml.kernel.org/r/20240109041536.3903042-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mm_init.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/mm/mm_init.c~efi-disable-mirror-feature-during-crashkernel +++ a/mm/mm_init.c @@ -26,6 +26,7 @@ #include <linux/pgtable.h> #include <linux/swap.h> #include <linux/cma.h> +#include <linux/crash_dump.h> #include "internal.h" #include "slab.h" #include "shuffle.h" @@ -381,6 +382,11 @@ static void __init find_zone_movable_pfn goto out; } + if (is_kdump_kernel()) { + pr_warn("The system is under kdump, ignore kernelcore=mirror.\n"); + goto out; + } + for_each_mem_region(r) { if (memblock_is_mirror(r)) continue; _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] kexec-do-syscore_shutdown-in-kernel_kexec.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kexec: do syscore_shutdown() in kernel_kexec has been removed from the -mm tree. Its filename was kexec-do-syscore_shutdown-in-kernel_kexec.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: James Gowans <jgowans(a)amazon.com> Subject: kexec: do syscore_shutdown() in kernel_kexec Date: Wed, 13 Dec 2023 08:40:04 +0200 syscore_shutdown() runs driver and module callbacks to get the system into a state where it can be correctly shut down. In commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") syscore_shutdown() was removed from kernel_restart_prepare() and hence got (incorrectly?) removed from the kexec flow. This was innocuous until commit 6735150b6997 ("KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown") changed the way that KVM registered its shutdown callbacks, switching from reboot notifiers to syscore_ops.shutdown. As syscore_shutdown() is missing from kexec, KVM's shutdown hook is not run and virtualisation is left enabled on the boot CPU which results in triple faults when switching to the new kernel on Intel x86 VT-x with VMXE enabled. Fix this by adding syscore_shutdown() to the kexec sequence. In terms of where to add it, it is being added after migrating the kexec task to the boot CPU, but before APs are shut down. It is not totally clear if this is the best place: in commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") it is stated that "syscore_ops operations should be carried with one CPU on-line and interrupts disabled." APs are only offlined later in machine_shutdown(), so this syscore_shutdown() is being run while APs are still online. This seems to be the correct place as it matches where syscore_shutdown() is run in the reboot and halt flows - they also run it before APs are shut down. The assumption is that the commit message in commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") is no longer valid. KVM has been discussed here as it is what broke loudly by not having syscore_shutdown() in kexec, but this change impacts more than just KVM; all drivers/modules which register a syscore_ops.shutdown callback will now be invoked in the kexec flow. Looking at some of them like x86 MCE it is probably more correct to also shut these down during kexec. Maintainers of all drivers which use syscore_ops.shutdown are added on CC for visibility. They are: arch/powerpc/platforms/cell/spu_base.c .shutdown = spu_shutdown, arch/x86/kernel/cpu/mce/core.c .shutdown = mce_syscore_shutdown, arch/x86/kernel/i8259.c .shutdown = i8259A_shutdown, drivers/irqchip/irq-i8259.c .shutdown = i8259A_shutdown, drivers/irqchip/irq-sun6i-r.c .shutdown = sun6i_r_intc_shutdown, drivers/leds/trigger/ledtrig-cpu.c .shutdown = ledtrig_cpu_syscore_shutdown, drivers/power/reset/sc27xx-poweroff.c .shutdown = sc27xx_poweroff_shutdown, kernel/irq/generic-chip.c .shutdown = irq_gc_shutdown, virt/kvm/kvm_main.c .shutdown = kvm_shutdown, This has been tested by doing a kexec on x86_64 and aarch64. Link: https://lkml.kernel.org/r/20231213064004.2419447-1-jgowans@amazon.com Fixes: 6735150b6997 ("KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown") Signed-off-by: James Gowans <jgowans(a)amazon.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Chen-Yu Tsai <wens(a)csie.org> Cc: Jernej Skrabec <jernej.skrabec(a)gmail.com> Cc: Samuel Holland <samuel(a)sholland.org> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Sebastian Reichel <sre(a)kernel.org> Cc: Orson Zhai <orsonzhai(a)gmail.com> Cc: Alexander Graf <graf(a)amazon.de> Cc: Jan H. Schoenherr <jschoenh(a)amazon.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kexec_core.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/kexec_core.c~kexec-do-syscore_shutdown-in-kernel_kexec +++ a/kernel/kexec_core.c @@ -1257,6 +1257,7 @@ int kernel_kexec(void) kexec_in_progress = true; kernel_restart_prepare("kexec reboot"); migrate_to_reboot_cpu(); + syscore_shutdown(); /* * migrate_to_reboot_cpu() disables CPU hotplug assuming that _ Patches currently in -mm which might be from jgowans(a)amazon.com are

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/task_mmu: move mmu notification mechanism inside mm lock has been removed from the -mm tree. Its filename was fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Subject: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Date: Tue, 9 Jan 2024 16:24:42 +0500 Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending upon the number of iterations, different memory ranges would be invalidated. The following warning would be removed by this patch: WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 There is no behavioural and performance change with this patch when there is no component registered with the mmu notifier. [akpm(a)linux-foundation.org: narrow the scope of `range', per Sean] Link: https://lkml.kernel.org/r/20240109112445.590736-1-usama.anjum@collabora.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reported-by: syzbot+81227d2bd69e9dedb802(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000f6d051060c6785bc@google.com/ Reviewed-by: Sean Christopherson <seanjc(a)google.com> Cc: Andrei Vagin <avagin(a)google.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Micha�� Miros��aw <mirq-linux(a)rere.qmqm.pl> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Stephen Rothwell <sfr(a)canb.auug.org.au> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock +++ a/fs/proc/task_mmu.c @@ -2432,7 +2432,6 @@ static long pagemap_scan_flush_buffer(st static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) { - struct mmu_notifier_range range; struct pagemap_scan_private p = {0}; unsigned long walk_start; size_t n_ranges_out = 0; @@ -2448,15 +2447,9 @@ static long do_pagemap_scan(struct mm_st if (ret) return ret; - /* Protection change for the range is going to happen. */ - if (p.arg.flags & PM_SCAN_WP_MATCHING) { - mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, - mm, p.arg.start, p.arg.end); - mmu_notifier_invalidate_range_start(&range); - } - for (walk_start = p.arg.start; walk_start < p.arg.end; walk_start = p.arg.walk_end) { + struct mmu_notifier_range range; long n_out; if (fatal_signal_pending(current)) { @@ -2467,8 +2460,20 @@ static long do_pagemap_scan(struct mm_st ret = mmap_read_lock_killable(mm); if (ret) break; + + /* Protection change for the range is going to happen. */ + if (p.arg.flags & PM_SCAN_WP_MATCHING) { + mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, + mm, walk_start, p.arg.end); + mmu_notifier_invalidate_range_start(&range); + } + ret = walk_page_range(mm, walk_start, p.arg.end, &pagemap_scan_ops, &p); + + if (p.arg.flags & PM_SCAN_WP_MATCHING) + mmu_notifier_invalidate_range_end(&range); + mmap_read_unlock(mm); n_out = pagemap_scan_flush_buffer(&p); @@ -2494,9 +2499,6 @@ static long do_pagemap_scan(struct mm_st if (pagemap_scan_writeback_args(&p.arg, uarg)) ret = -EFAULT; - if (p.arg.flags & PM_SCAN_WP_MATCHING) - mmu_notifier_invalidate_range_end(&range); - kfree(p.vec_buf); return ret; } _ Patches currently in -mm which might be from usama.anjum(a)collabora.com are selftests-mm-mremap_test-fix-build-warning.patch selftests-mm-hugepage-shm-conform-test-to-tap-format-output.patch selftests-mm-hugepage-vmemmap-conform-test-to-tap-format-output.patch selftests-mm-hugetlb-madvise-conform-test-to-tap-format-output.patch selftests-mm-khugepaged-conform-test-to-tap-format-output.patch selftests-mm-hugetlb-read-hwpoison-conform-test-to-tap-format-output.patch selftests-mm-ksm_tests-conform-test-to-tap-format-output.patch selftests-mm-config-add-missing-configs.patch

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] scripts-decode_stacktracesh-optionally-use-llvm-utilities.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/decode_stacktrace.sh: optionally use LLVM utilities has been removed from the -mm tree. Its filename was scripts-decode_stacktracesh-optionally-use-llvm-utilities.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Carlos Llamas <cmllamas(a)google.com> Subject: scripts/decode_stacktrace.sh: optionally use LLVM utilities Date: Fri, 29 Sep 2023 03:48:17 +0000 GNU's addr2line can have problems parsing a vmlinux built with LLVM, particularly when LTO was used. In order to decode the traces correctly this patch adds the ability to switch to LLVM's utilities readelf and addr2line. The same approach is followed by Will in [1]. Before: $ scripts/decode_stacktrace.sh vmlinux < kernel.log [17716.240635] Call trace: [17716.240646] skb_cow_data (??:?) [17716.240654] esp6_input (ld-temp.o:?) [17716.240666] xfrm_input (ld-temp.o:?) [17716.240674] xfrm6_rcv (??:?) [...] After: $ LLVM=1 scripts/decode_stacktrace.sh vmlinux < kernel.log [17716.240635] Call trace: [17716.240646] skb_cow_data (include/linux/skbuff.h:2172 net/core/skbuff.c:4503) [17716.240654] esp6_input (net/ipv6/esp6.c:977) [17716.240666] xfrm_input (net/xfrm/xfrm_input.c:659) [17716.240674] xfrm6_rcv (net/ipv6/xfrm6_input.c:172) [...] Note that one could set CROSS_COMPILE=llvm- instead to hack around this issue. However, doing so can break the decodecode routine as it will force the selection of other LLVM utilities down the line e.g. llvm-as. [1] https://lore.kernel.org/all/20230914131225.13415-3-will@kernel.org/ Link: https://lkml.kernel.org/r/20230929034836.403735-1-cmllamas@google.com Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Nick Desaulniers <ndesaulniers(a)google.com> Reviewed-by: Elliot Berman <quic_eberman(a)quicinc.com> Tested-by: Justin Stitt <justinstitt(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: John Stultz <jstultz(a)google.com> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Tom Rix <trix(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/decode_stacktrace.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) --- a/scripts/decode_stacktrace.sh~scripts-decode_stacktracesh-optionally-use-llvm-utilities +++ a/scripts/decode_stacktrace.sh @@ -16,6 +16,21 @@ elif type c++filt >/dev/null 2>&1 ; then cppfilt_opts=-i fi +UTIL_SUFFIX= +if [[ -z ${LLVM:-} ]]; then + UTIL_PREFIX=${CROSS_COMPILE:-} +else + UTIL_PREFIX=llvm- + if [[ ${LLVM} == */ ]]; then + UTIL_PREFIX=${LLVM}${UTIL_PREFIX} + elif [[ ${LLVM} == -* ]]; then + UTIL_SUFFIX=${LLVM} + fi +fi + +READELF=${UTIL_PREFIX}readelf${UTIL_SUFFIX} +ADDR2LINE=${UTIL_PREFIX}addr2line${UTIL_SUFFIX} + if [[ $1 == "-r" ]] ; then vmlinux="" basepath="auto" @@ -75,7 +90,7 @@ find_module() { if [[ "$modpath" != "" ]] ; then for fn in $(find "$modpath" -name "${module//_/[-_]}.ko*") ; do - if readelf -WS "$fn" | grep -qwF .debug_line ; then + if ${READELF} -WS "$fn" | grep -qwF .debug_line ; then echo $fn return fi @@ -169,7 +184,7 @@ parse_symbol() { if [[ $aarray_support == true && "${cache[$module,$address]+isset}" == "isset" ]]; then local code=${cache[$module,$address]} else - local code=$(${CROSS_COMPILE}addr2line -i -e "$objfile" "$address" 2>/dev/null) + local code=$(${ADDR2LINE} -i -e "$objfile" "$address" 2>/dev/null) if [[ $aarray_support == true ]]; then cache[$module,$address]=$code fi _ Patches currently in -mm which might be from cmllamas(a)google.com are

1 year, 8 months

1
0
0 0

[merged mm-hotfixes-stable] kdump-defer-the-insertion-of-crashkernel-resources.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kdump: defer the insertion of crashkernel resources has been removed from the -mm tree. Its filename was kdump-defer-the-insertion-of-crashkernel-resources.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Huacai Chen <chenhuacai(a)loongson.cn> Subject: kdump: defer the insertion of crashkernel resources Date: Fri, 29 Dec 2023 16:02:13 +0800 In /proc/iomem, sub-regions should be inserted after their parent, otherwise the insertion of parent resource fails. But after generic crashkernel reservation applied, in both RISC-V and ARM64 (LoongArch will also use generic reservation later on), crashkernel resources are inserted before their parent, which causes the parent disappear in /proc/iomem. So we defer the insertion of crashkernel resources to an early_initcall(). 1, Without 'crashkernel' parameter: 100d0100-100d01ff : LOON0001:00 100d0100-100d01ff : LOON0001:00 LOON0001:00 100e0000-100e0bff : LOON0002:00 100e0000-100e0bff : LOON0002:00 LOON0002:00 1fe001e0-1fe001e7 : serial 90400000-fa17ffff : System RAM f6220000-f622ffff : Reserved f9ee0000-f9ee3fff : Reserved fa120000-fa17ffff : Reserved fa190000-fe0bffff : System RAM fa190000-fa1bffff : Reserved fe4e0000-47fffffff : System RAM 43c000000-441ffffff : Reserved 47ff98000-47ffa3fff : Reserved 47ffa4000-47ffa7fff : Reserved 47ffa8000-47ffabfff : Reserved 47ffac000-47ffaffff : Reserved 47ffb0000-47ffb3fff : Reserved 2, With 'crashkernel' parameter, before this patch: 100d0100-100d01ff : LOON0001:00 100d0100-100d01ff : LOON0001:00 LOON0001:00 100e0000-100e0bff : LOON0002:00 100e0000-100e0bff : LOON0002:00 LOON0002:00 1fe001e0-1fe001e7 : serial e6200000-f61fffff : Crash kernel fa190000-fe0bffff : System RAM fa190000-fa1bffff : Reserved fe4e0000-47fffffff : System RAM 43c000000-441ffffff : Reserved 47ff98000-47ffa3fff : Reserved 47ffa4000-47ffa7fff : Reserved 47ffa8000-47ffabfff : Reserved 47ffac000-47ffaffff : Reserved 47ffb0000-47ffb3fff : Reserved 3, With 'crashkernel' parameter, after this patch: 100d0100-100d01ff : LOON0001:00 100d0100-100d01ff : LOON0001:00 LOON0001:00 100e0000-100e0bff : LOON0002:00 100e0000-100e0bff : LOON0002:00 LOON0002:00 1fe001e0-1fe001e7 : serial 90400000-fa17ffff : System RAM e6200000-f61fffff : Crash kernel f6220000-f622ffff : Reserved f9ee0000-f9ee3fff : Reserved fa120000-fa17ffff : Reserved fa190000-fe0bffff : System RAM fa190000-fa1bffff : Reserved fe4e0000-47fffffff : System RAM 43c000000-441ffffff : Reserved 47ff98000-47ffa3fff : Reserved 47ffa4000-47ffa7fff : Reserved 47ffa8000-47ffabfff : Reserved 47ffac000-47ffaffff : Reserved 47ffb0000-47ffb3fff : Reserved Link: https://lkml.kernel.org/r/20231229080213.2622204-1-chenhuacai@loongson.cn Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Fixes: 0ab97169aa05 ("crash_core: add generic function to do reservation") Cc: Baoquan He <bhe(a)redhat.com> Cc: Zhen Lei <thunder.leizhen(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/kernel/crash_core.c~kdump-defer-the-insertion-of-crashkernel-resources +++ a/kernel/crash_core.c @@ -376,7 +376,6 @@ static int __init reserve_crashkernel_lo crashk_low_res.start = low_base; crashk_low_res.end = low_base + low_size - 1; - insert_resource(&iomem_resource, &crashk_low_res); #endif return 0; } @@ -458,8 +457,19 @@ retry: crashk_res.start = crash_base; crashk_res.end = crash_base + crash_size - 1; - insert_resource(&iomem_resource, &crashk_res); } + +static __init int insert_crashkernel_resources(void) +{ + if (crashk_res.start < crashk_res.end) + insert_resource(&iomem_resource, &crashk_res); + + if (crashk_low_res.start < crashk_low_res.end) + insert_resource(&iomem_resource, &crashk_low_res); + + return 0; +} +early_initcall(insert_crashkernel_resources); #endif int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map, _ Patches currently in -mm which might be from chenhuacai(a)loongson.cn are

1 year, 8 months

1
0
0 0

FAILED: patch "[PATCH] nfsd: drop the nfsd_put helper" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 64e6304169f1e1f078e7f0798033f80a7fb0ea46 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024011244-clavicle-disfigure-47f6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 64e6304169f1 ("nfsd: drop the nfsd_put helper") 2a501f55cd64 ("nfsd: call nfsd_last_thread() before final nfsd_put()") 9f28a971ee9f ("nfsd: separate nfsd_last_thread() from nfsd_put()") c034203b6a9d ("nfsd: fix double fget() bug in __write_ports_addfd()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64e6304169f1e1f078e7f0798033f80a7fb0ea46 Mon Sep 17 00:00:00 2001 From: Jeff Layton <jlayton(a)kernel.org> Date: Wed, 3 Jan 2024 08:36:52 -0500 Subject: [PATCH] nfsd: drop the nfsd_put helper It's not safe to call nfsd_put once nfsd_last_thread has been called, as that function will zero out the nn->nfsd_serv pointer. Drop the nfsd_put helper altogether and open-code the svc_put in its callers instead. That allows us to not be reliant on the value of that pointer when handling an error. Fixes: 2a501f55cd64 ("nfsd: call nfsd_last_thread() before final nfsd_put()") Reported-by: Zhi Li <yieli(a)redhat.com> Cc: NeilBrown <neilb(a)suse.de> Signed-off-by: Jeffrey Layton <jlayton(a)redhat.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 05b55db33424..25b5863bf3c8 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -693,6 +693,7 @@ static ssize_t __write_ports_addfd(char *buf, struct net *net, const struct cred char *mesg = buf; int fd, err; struct nfsd_net *nn = net_generic(net, nfsd_net_id); + struct svc_serv *serv; err = get_int(&mesg, &fd); if (err != 0 || fd < 0) @@ -703,15 +704,15 @@ static ssize_t __write_ports_addfd(char *buf, struct net *net, const struct cred if (err != 0) return err; - err = svc_addsock(nn->nfsd_serv, net, fd, buf, SIMPLE_TRANSACTION_LIMIT, cred); + serv = nn->nfsd_serv; + err = svc_addsock(serv, net, fd, buf, SIMPLE_TRANSACTION_LIMIT, cred); - if (err < 0 && !nn->nfsd_serv->sv_nrthreads && !nn->keep_active) + if (err < 0 && !serv->sv_nrthreads && !nn->keep_active) nfsd_last_thread(net); - else if (err >= 0 && - !nn->nfsd_serv->sv_nrthreads && !xchg(&nn->keep_active, 1)) - svc_get(nn->nfsd_serv); + else if (err >= 0 && !serv->sv_nrthreads && !xchg(&nn->keep_active, 1)) + svc_get(serv); - nfsd_put(net); + svc_put(serv); return err; } @@ -725,6 +726,7 @@ static ssize_t __write_ports_addxprt(char *buf, struct net *net, const struct cr struct svc_xprt *xprt; int port, err; struct nfsd_net *nn = net_generic(net, nfsd_net_id); + struct svc_serv *serv; if (sscanf(buf, "%15s %5u", transport, &port) != 2) return -EINVAL; @@ -737,32 +739,33 @@ static ssize_t __write_ports_addxprt(char *buf, struct net *net, const struct cr if (err != 0) return err; - err = svc_xprt_create(nn->nfsd_serv, transport, net, + serv = nn->nfsd_serv; + err = svc_xprt_create(serv, transport, net, PF_INET, port, SVC_SOCK_ANONYMOUS, cred); if (err < 0) goto out_err; - err = svc_xprt_create(nn->nfsd_serv, transport, net, + err = svc_xprt_create(serv, transport, net, PF_INET6, port, SVC_SOCK_ANONYMOUS, cred); if (err < 0 && err != -EAFNOSUPPORT) goto out_close; - if (!nn->nfsd_serv->sv_nrthreads && !xchg(&nn->keep_active, 1)) - svc_get(nn->nfsd_serv); + if (!serv->sv_nrthreads && !xchg(&nn->keep_active, 1)) + svc_get(serv); - nfsd_put(net); + svc_put(serv); return 0; out_close: - xprt = svc_find_xprt(nn->nfsd_serv, transport, net, PF_INET, port); + xprt = svc_find_xprt(serv, transport, net, PF_INET, port); if (xprt != NULL) { svc_xprt_close(xprt); svc_xprt_put(xprt); } out_err: - if (!nn->nfsd_serv->sv_nrthreads && !nn->keep_active) + if (!serv->sv_nrthreads && !nn->keep_active) nfsd_last_thread(net); - nfsd_put(net); + svc_put(serv); return err; } diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h index 3286ffacbc56..9ed0e08d16c2 100644 --- a/fs/nfsd/nfsd.h +++ b/fs/nfsd/nfsd.h @@ -113,13 +113,6 @@ int nfsd_pool_stats_open(struct inode *, struct file *); int nfsd_pool_stats_release(struct inode *, struct file *); void nfsd_shutdown_threads(struct net *net); -static inline void nfsd_put(struct net *net) -{ - struct nfsd_net *nn = net_generic(net, nfsd_net_id); - - svc_put(nn->nfsd_serv); -} - bool i_am_nfsd(void); struct nfsdfs_client {

1 year, 8 months

1
0
0 0

Linux 5.10.207

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.207 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/scsi/scsi.c | 2 +- drivers/scsi/scsi_error.c | 34 +++++++++++++++++++--------------- drivers/scsi/scsi_lib.c | 38 +++++++++++++------------------------- drivers/scsi/scsi_logging.c | 18 ++++++++---------- drivers/scsi/scsi_priv.h | 1 - include/scsi/scsi_cmnd.h | 29 +++-------------------------- include/scsi/scsi_device.h | 16 +++++++--------- 8 files changed, 52 insertions(+), 88 deletions(-) Alexander Atanasov (1): scsi: core: Always send batch on reset or error handling command Greg Kroah-Hartman (7): Revert "scsi: core: Always send batch on reset or error handling command" Revert "scsi: core: Use a structure member to track the SCSI command submitter" Revert "scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request" Revert "scsi: core: Make scsi_get_lba() return the LBA" Revert "scsi: core: Introduce scsi_get_sector()" Revert "scsi: core: Add scsi_prot_ref_tag() helper" Linux 5.10.207

1 year, 8 months

1
1
0 0

+ fs-hugetlbfs-inodec-mm-memory-failurec-fix-hugetlbfs-hwpoison-handling.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-hugetlbfs-inodec-mm-memory-failurec-fix-hugetlbfs-hwpoison-handling.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Subject: fs/hugetlbfs/inode.c: mm/memory-failure.c: fix hugetlbfs hwpoison handling Date: Fri, 12 Jan 2024 10:08:40 -0800 has_extra_refcount() makes the assumption that the page cache adds a ref count of 1 and subtracts this in the extra_pins case. Commit a08c7193e4f1 (mm/filemap: remove hugetlb special casing in filemap.c) modifies __filemap_add_folio() by calling folio_ref_add(folio, nr); for all cases (including hugtetlb) where nr is the number of pages in the folio. We should adjust the number of references coming from the page cache by subtracing the number of pages rather than 1. In hugetlbfs_read_iter(), folio_test_has_hwpoisoned() is testing the wrong flag as, in the hugetlb case, memory-failure code calls folio_test_set_hwpoison() to indicate poison. folio_test_hwpoison() is the correct function to test for that flag. After these fixes, the hugetlb hwpoison read selftest passes all cases. Link: https://lkml.kernel.org/r/20240112180840.367006-1-sidhartha.kumar@oracle.com Fixes: a08c7193e4f1 ("mm/filemap: remove hugetlb special casing in filemap.c") Signed-off-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Closes: https://lore.kernel.org/linux-mm/20230713001833.3778937-1-jiaqiyan@google.c… Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: James Houghton <jthoughton(a)google.com> Cc: Jiaqi Yan <jiaqiyan(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: <stable(a)vger.kernel.org> [6.7+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 2 +- mm/memory-failure.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/fs/hugetlbfs/inode.c~fs-hugetlbfs-inodec-mm-memory-failurec-fix-hugetlbfs-hwpoison-handling +++ a/fs/hugetlbfs/inode.c @@ -340,7 +340,7 @@ static ssize_t hugetlbfs_read_iter(struc } else { folio_unlock(folio); - if (!folio_test_has_hwpoisoned(folio)) + if (!folio_test_hwpoison(folio)) want = nr; else { /* --- a/mm/memory-failure.c~fs-hugetlbfs-inodec-mm-memory-failurec-fix-hugetlbfs-hwpoison-handling +++ a/mm/memory-failure.c @@ -982,7 +982,7 @@ static bool has_extra_refcount(struct pa int count = page_count(p) - 1; if (extra_pins) - count -= 1; + count -= folio_nr_pages(page_folio(p)); if (count > 0) { pr_err("%#lx: %s still referenced by %d users\n", _ Patches currently in -mm which might be from sidhartha.kumar(a)oracle.com are fs-hugetlbfs-inodec-mm-memory-failurec-fix-hugetlbfs-hwpoison-handling.patch maple_tree-fix-comment-describing-mas_node_count_gfp.patch

1 year, 8 months

1
0
0 0

[PATCH] serial: core: Fix double fetch in uart_throttle/uart_unthrottle

by Gui-Dong Han

In uart_throttle() and uart_unthrottle(): if (port->status & mask) { port->ops->throttle/unthrottle(port); mask &= ~port->status; } // Code segment utilizing the mask value to determine UART behavior In uart_change_line_settings(): uart_port_lock_irq(uport); // Code segment responsible for updating uport->status uart_port_unlock_irq(uport); In the uart_throttle() and uart_unthrottle() functions, there is a double fetch issue due to concurrent execution with uart_change_line_settings(). In uart_throttle() and uart_unthrottle(), the check if (port->status & mask) is made, followed by mask &= ~port->status, where the relevant bits are cleared. However, port->status may be modified in uart_change_line_settings(). The current implementation does not ensure atomicity in the access and modification of port->status and mask. This can result in mask being updated based on a modified port->status value, leading to improper UART actions. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this double fetch, it is suggested to add a uart_port_lock pair in uart_throttle() and uart_unthrottle(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: 391f93f2ec9f ("serial: core: Rework hw-assisted flow control support") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- drivers/tty/serial/serial_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 80085b151b34..9d905fdf2843 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -723,11 +723,13 @@ static void uart_throttle(struct tty_struct *tty) mask |= UPSTAT_AUTOXOFF; if (C_CRTSCTS(tty)) mask |= UPSTAT_AUTORTS; - + + uart_port_lock_irq(port); if (port->status & mask) { port->ops->throttle(port); mask &= ~port->status; } + uart_port_unlock_irq(port); if (mask & UPSTAT_AUTORTS) uart_clear_mctrl(port, TIOCM_RTS); @@ -753,10 +755,12 @@ static void uart_unthrottle(struct tty_struct *tty) if (C_CRTSCTS(tty)) mask |= UPSTAT_AUTORTS; + uart_port_lock_irq(port); if (port->status & mask) { port->ops->unthrottle(port); mask &= ~port->status; } + uart_port_unlock_irq(port); if (mask & UPSTAT_AUTORTS) uart_set_mctrl(port, TIOCM_RTS); -- 2.34.1

1 year, 8 months

4
4
0 0

[PATCH 5.10 0/7] 5.10.207-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.207 release. There are 7 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Jan 2024 09:46:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.207-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.207-rc1 Alexander Atanasov <alexander.atanasov(a)virtuozzo.com> scsi: core: Always send batch on reset or error handling command Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Add scsi_prot_ref_tag() helper" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Introduce scsi_get_sector()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Make scsi_get_lba() return the LBA" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Use a structure member to track the SCSI command submitter" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Always send batch on reset or error handling command" ------------- Diffstat: Makefile | 4 ++-- drivers/scsi/scsi.c | 2 +- drivers/scsi/scsi_error.c | 34 +++++++++++++++++++--------------- drivers/scsi/scsi_lib.c | 38 +++++++++++++------------------------- drivers/scsi/scsi_logging.c | 18 ++++++++---------- drivers/scsi/scsi_priv.h | 1 - include/scsi/scsi_cmnd.h | 29 +++-------------------------- include/scsi/scsi_device.h | 16 +++++++--------- 8 files changed, 53 insertions(+), 89 deletions(-)

1 year, 8 months

7
13
0 0

[PATCH 5.4 0/2] PCI: Disable ATS for specific Intel IPU E2000 devices

by Bartosz Pawlowski

This patch series addresses the problem with A an B steppings of Intel IPU E2000 which expects incorrect endianness in data field of ATS invalidation request TLP by disabling ATS capability for vulnerable devices. Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices drivers/pci/quirks.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) -- 2.43.0

1 year, 8 months

1
2
0 0

[PATCH 4.19 0/2] PCI: Disable ATS for specific Intel IPU E2000 devices

by Bartosz Pawlowski

This patch series addresses the problem with A an B steppings of Intel IPU E2000 which expects incorrect endianness in data field of ATS invalidation request TLP by disabling ATS capability for vulnerable devices. Bartosz Pawlowski (2): PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices drivers/pci/quirks.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) -- 2.43.0

1 year, 8 months

1
2
0 0

[PATCH 5.10 0/2] mm/truncate: fix issue in ext4_set_page_dirty()

by Roman Smirnov

Syzkaller reports warning in ext4_set_page_dirty() in 5.10 stable releases. The problem can be fixed by the following patches which can be cleanly applied to the 5.10 branch. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: https://syzkaller.appspot.com/bug?extid=02f21431b65c214aa1d6 Matthew Wilcox (Oracle) (2): mm/truncate: Inline invalidate_complete_page() into its one caller mm/truncate: Replace page_mapped() call in invalidate_inode_page() kernel/futex/core.c | 2 +- mm/truncate.c | 34 +++++++--------------------------- 2 files changed, 8 insertions(+), 28 deletions(-) -- 2.34.1

1 year, 8 months

2
4
0 0

[PATCH v2] serial: core: Fix atomicity violation in uart_tiocmget

by Gui-Dong Han

In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... port->ops->set_mctrl(port, port->mctrl); ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: c5f4644e6c8b ("[PATCH] Serial: Adjust serial locking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * In this patch v2, we've updated the right Fixes. Thank John Ogness for helpful advice. --- drivers/tty/serial/serial_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 80085b151b34..a9e39416d877 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1085,8 +1085,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); } -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH] serial: core: Fix atomicity violation in uart_tiocmget

by Gui-Dong Han

In uart_tiocmget(): result = uport->mctrl; uart_port_lock_irq(uport); result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); ... return result; In uart_update_mctrl(): uart_port_lock_irqsave(port, &flags); ... port->mctrl = (old & ~clear) | set; ... uart_port_unlock_irqrestore(port, flags); An atomicity violation is identified due to the concurrent execution of uart_tiocmget() and uart_update_mctrl(). After assigning result = uport->mctrl, the mctrl value may change in uart_update_mctrl(), leading to a mismatch between the value returned by uport->ops->get_mctrl(uport) and the mctrl value previously read. This can result in uart_tiocmget() returning an incorrect value. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To address this issue, it is suggested to move the line result = uport->mctrl inside the uart_port_lock block to ensure atomicity and prevent the mctrl value from being altered during the execution of uart_tiocmget(). With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: 559c7ff4e324 ("serial: core: Use port lock wrappers") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- drivers/tty/serial/serial_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 80085b151b34..a9e39416d877 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1085,8 +1085,8 @@ static int uart_tiocmget(struct tty_struct *tty) goto out; if (!tty_io_error(tty)) { - result = uport->mctrl; uart_port_lock_irq(uport); + result = uport->mctrl; result |= uport->ops->get_mctrl(uport); uart_port_unlock_irq(uport); } -- 2.34.1

1 year, 8 months

3
4
0 0

[PATCH] Input: fix atomicity violation in gameport_run_poll_handler

by Gui-Dong Han

In gameport_run_poll_handler(): ... if (gameport->poll_cnt) mod_timer(&gameport->poll_timer, jiffies + ...)); In gameport_stop_polling(): spin_lock(&gameport->timer_lock); if (!--gameport->poll_cnt) del_timer(&gameport->poll_timer); spin_unlock(&gameport->timer_lock); An atomicity violation occurs due to the concurrent execution of gameport_run_poll_handler() and gameport_stop_polling(). The current check for gameport->poll_cnt in gameport_run_poll_handler() is not effective because poll_cnt can be decremented to 0 and del_timer can be called in gameport_stop_polling() before mod_timer is called in gameport_run_poll_handler(). This situation leads to the risk of calling mod_timer for a timer that has already been deleted in gameport_stop_polling(). Since calling mod_timer on a deleted timer reactivates it, this atomicity violation could result in the timer being activated while the poll_cnt value is 0. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to add a spinlock pair in gameport_run_poll_handler() to ensure atomicity. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the absence of the requisite hardware, we are unable to conduct runtime testing of the patch. Therefore, our verification is solely based on code logic analysis. [1] https://sites.google.com/view/basscheck/ Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- drivers/input/gameport/gameport.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index 34f416a3ebcb..12af46d3c059 100644 --- a/drivers/input/gameport/gameport.c +++ b/drivers/input/gameport/gameport.c @@ -202,8 +202,13 @@ static void gameport_run_poll_handler(struct timer_list *t) struct gameport *gameport = from_timer(gameport, t, poll_timer); gameport->poll_handler(gameport); + + spin_lock(&gameport->timer_lock); + if (gameport->poll_cnt) mod_timer(&gameport->poll_timer, jiffies + msecs_to_jiffies(gameport->poll_interval)); + + spin_unlock(&gameport->timer_lock); } /* -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH] fix hugetlbfs hwpoison handling

by Sidhartha Kumar

has_extra_refcount() makes the assumption that a ref count of 1 means the page is not referenced by other users. Commit a08c7193e4f1 (mm/filemap: remove hugetlb special casing in filemap.c) modifies __filemap_add_folio() by calling folio_ref_add(folio, nr); for all cases (including hugtetlb) where nr is the number of pages in the folio. We should check if the page is not referenced by other users by checking the page count against the number of pages rather than 1. In hugetlbfs_read_iter(), folio_test_has_hwpoisoned() is testing the wrong flag as, in the hugetlb case, memory-failure code calls folio_test_set_hwpoison() to indicate poison. folio_test_hwpoison() is the correct function to test for that flag. After these fixes, the hugetlb hwpoison read selftest passes all cases. Fixes: a08c7193e4f1 ("mm/filemap: remove hugetlb special casing in filemap.c") Closes: https://lore.kernel.org/linux-mm/20230713001833.3778937-1-jiaqiyan@google.c… Cc: <stable(a)vger.kernel.org> # 6.7+ Signed-off-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- fs/hugetlbfs/inode.c | 2 +- mm/memory-failure.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 36132c9125f9..3a248e4f7e93 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -340,7 +340,7 @@ static ssize_t hugetlbfs_read_iter(struct kiocb *iocb, struct iov_iter *to) } else { folio_unlock(folio); - if (!folio_test_has_hwpoisoned(folio)) + if (!folio_test_hwpoison(folio)) want = nr; else { /* diff --git a/mm/memory-failure.c b/mm/memory-failure.c index d8c853b35dbb..87f6bf7d8bc1 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -973,7 +973,7 @@ struct page_state { static bool has_extra_refcount(struct page_state *ps, struct page *p, bool extra_pins) { - int count = page_count(p) - 1; + int count = page_count(p) - folio_nr_pages(page_folio(p)); if (extra_pins) count -= 1; -- 2.31.1

1 year, 8 months

2
2
0 0

Linux 5.10.206

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.206 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/nvmem/mxs-ocotp.yaml | 10 Makefile | 2 arch/arm/boot/dts/am33xx.dtsi | 1 arch/arm/mach-omap2/id.c | 5 arch/mips/Kconfig | 2 arch/mips/include/asm/mach-loongson64/boot_param.h | 3 arch/mips/loongson64/env.c | 10 arch/s390/include/asm/fpu/api.h | 2 arch/x86/kernel/alternative.c | 2 drivers/bus/ti-sysc.c | 18 + drivers/i2c/busses/i2c-aspeed.c | 48 ++-- drivers/iio/adc/ti_am335x_adc.c | 4 drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 drivers/input/keyboard/ipaq-micro-keys.c | 3 drivers/input/misc/soc_button_array.c | 5 drivers/interconnect/core.c | 3 drivers/md/dm-integrity.c | 11 - drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 10 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/micrel/ks8851.h | 3 drivers/net/ethernet/micrel/ks8851_common.c | 20 - drivers/net/ethernet/micrel/ks8851_spi.c | 42 ++- drivers/pinctrl/pinctrl-at91-pio4.c | 8 drivers/reset/core.c | 3 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 drivers/scsi/scsi.c | 2 drivers/scsi/scsi_error.c | 34 +-- drivers/scsi/scsi_lib.c | 38 ++- drivers/scsi/scsi_logging.c | 18 - drivers/scsi/scsi_priv.h | 1 drivers/spi/spi-atmel.c | 133 +++--------- drivers/usb/host/fotg210-hcd.c | 3 drivers/usb/serial/ftdi_sio.c | 6 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 5 fs/afs/cell.c | 6 fs/afs/dynroot.c | 31 +- fs/btrfs/ioctl.c | 9 fs/cifs/misc.c | 4 fs/cifs/smb2misc.c | 26 -- fs/cifs/smb2ops.c | 26 +- fs/cifs/smb2pdu.c | 29 ++ fs/cifs/smb2pdu.h | 2 include/linux/key-type.h | 1 include/net/bluetooth/hci_core.h | 5 include/net/bluetooth/mgmt.h | 2 include/scsi/scsi_cmnd.h | 29 ++ include/scsi/scsi_device.h | 16 - kernel/trace/ring_buffer.c | 12 - kernel/trace/synth_event_gen_test.c | 11 + kernel/trace/trace.c | 20 + lib/vsprintf.c | 11 - net/8021q/vlan_core.c | 9 net/9p/client.c | 7 net/9p/protocol.c | 17 + net/bluetooth/af_bluetooth.c | 7 net/bluetooth/hci_event.c | 3 net/bluetooth/l2cap_core.c | 21 + net/bluetooth/mgmt.c | 35 ++- net/bluetooth/smp.c | 161 ++++++++------- net/bluetooth/smp.h | 6 net/core/dev.c | 8 net/dns_resolver/dns_key.c | 10 net/ife/ife.c | 1 net/mac80211/mesh_plink.c | 10 net/netfilter/nf_tables_api.c | 2 net/rfkill/rfkill-gpio.c | 8 net/rose/af_rose.c | 39 +++ net/wireless/certs/wens.hex | 87 ++++++++ security/keys/gc.c | 31 +- security/keys/internal.h | 11 - security/keys/key.c | 15 - security/keys/proc.c | 2 sound/pci/hda/patch_hdmi.c | 2 78 files changed, 778 insertions(+), 443 deletions(-) Alexander Atanasov (1): scsi: core: Always send batch on reset or error handling command Alexis Lothoré (1): pinctrl: at91-pio4: use dedicated lock class for IRQ Alper Ak (1): USB: serial: option: add Quectel EG912Y module support Archie Pusaka (1): Bluetooth: use inclusive language in SMP Bart Van Assche (3): scsi: core: Introduce scsi_get_sector() scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Use a structure member to track the SCSI command submitter Chen-Yu Tsai (1): wifi: cfg80211: Add my certificate Christoffer Sandberg (1): Input: soc_button_array - add mapping for airplane mode button Dan Carpenter (1): usb: fotg210-hcd: delete an incorrect bounds test Dan Sneddon (2): spi: atmel: Switch to transfer_one transfer method spi: atmel: Fix CS and initialization bug David Howells (4): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry afs: Fix overwriting of result of DNS query Eric Dumazet (3): net: sched: ife: fix potential use-after-free net/rose: fix races in rose_kill_by_device() net: check dev->gso_max_size in gso_features_check() Fabio Estevam (1): dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp Fedor Pchelkin (1): net: 9p: avoid freeing uninit memory in p9pdu_vreadf Frédéric Danis (1): Bluetooth: L2CAP: Send reject on command corrupted request Geert Uytterhoeven (1): reset: Fix crash when freeing non-existent optional resets Greg Kroah-Hartman (2): Revert "MIPS: Loongson64: Enable DMA noncoherent support" Linux 5.10.206 Hangyu Hua (1): 9p/net: fix possible memory leak in p9_check_errors() Haoran Liu (1): Input: ipaq-micro-keys - add error handling for devm_kmemdup Heiko Carstens (1): s390/vx: fix save/restore of fpu kernel context Heiner Kallweit (1): net: warn if gso_type isn't set for a GSO SKB Herve Codina (1): lib/vsprintf: Fix %pfwf when current node refcount == 0 Hyunwoo Kim (1): Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg Javier Carrasco (1): iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Johannes Berg (2): wifi: mac80211: mesh_plink: fix matches_local logic wifi: cfg80211: fix certs build to not depend on file order Josef Bacik (1): btrfs: do not allow non subvolume root targets for snapshot Kai Vehmanen (2): ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Kunwu Chan (1): ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Liu Jian (1): net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Luiz Augusto von Dentz (3): Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled Mark Glover (1): USB: serial: ftdi_sio: update Actisense PIDs constant names Martin K. Petersen (2): scsi: core: Add scsi_prot_ref_tag() helper scsi: core: Make scsi_get_lba() return the LBA Mike Tipton (1): interconnect: Treat xlate() returning NULL node as an error Mikulas Patocka (1): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Moshe Shemesh (1): net/mlx5: Fix fw tracer first block check Namjae Jeon (1): ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Pablo Neira Ayuso (1): netfilter: nf_tables: skip set commit for deleted/destroyed sets Paulo Alcantara (4): smb: client: fix OOB in smb2_query_reparse_point() smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in SMB2_query_info_init() smb: client: fix OOB in smbCalcSize() Quan Nguyen (1): i2c: aspeed: Handle the coalesced stop conditions with the start conditions. Rahul Rameshbabu (1): net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Reinhard Speyerer (1): USB: serial: option: add Quectel RM500Q R13 firmware support Ronald Wahl (1): net: ks8851: Fix TX stall caused by TX buffer overrun Rouven Czerwinski (1): net: rfkill: gpio: set GPIO direction Shifeng Li (1): net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() Slark Xiao (1): USB: serial: option: add Foxconn T99W265 with new baseline Steven Rostedt (Google) (3): tracing / synthetic: Disable events after testing in synth_event_gen_test_init() ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer Su Hui (1): iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Thomas Gleixner (1): x86/alternatives: Sync core before enabling interrupts Tony Lindgren (2): bus: ti-sysc: Flush posted write only after srst_udelay ARM: dts: Fix occasional boot hang for am3 usb Ville Baillie (1): spi: atmel: Fix PDC transfer setup bug Vlad Buslov (1): Revert "net/mlx5e: fix double free of encap_header" Wadim Egorov (1): iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Wei Yongjun (1): scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Xiao Yao (1): Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE Zhipeng Lu (1): ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

1 year, 8 months

3
6
0 0

[PATCH mm-unstable v1 1/4] mm/mglru: fix underprotected page cache

by Yu Zhao

Unmapped folios accessed through file descriptors can be underprotected. Those folios are added to the oldest generation based on: 1. The fact that they are less costly to reclaim (no need to walk the rmap and flush the TLB) and have less impact on performance (don't cause major PFs and can be non-blocking if needed again). 2. The observation that they are likely to be single-use. E.g., for client use cases like Android, its apps parse configuration files and store the data in heap (anon); for server use cases like MySQL, it reads from InnoDB files and holds the cached data for tables in buffer pools (anon). However, the oldest generation can be very short lived, and if so, it doesn't provide the PID controller with enough time to respond to a surge of refaults. (Note that the PID controller uses weighted refaults and those from evicted generations only take a half of the whole weight.) In other words, for a short lived generation, the moving average smooths out the spike quickly. To fix the problem: 1. For folios that are already on LRU, if they can be beyond the tracking range of tiers, i.e., five accesses through file descriptors, move them to the second oldest generation to give them more time to age. (Note that tiers are used by the PID controller to statistically determine whether folios accessed multiple times through file descriptors are worth protecting.) 2. When adding unmapped folios to LRU, adjust the placement of them so that they are not too close to the tail. The effect of this is similar to the above. On Android, launching 55 apps sequentially: Before After Change workingset_refault_anon 25641024 25598972 0% workingset_refault_file 115016834 106178438 -8% Fixes: ac35a4902374 ("mm: multi-gen LRU: minimal implementation") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: Charan Teja Kalla <quic_charante(a)quicinc.com> Tested-by: Kalesh Singh <kaleshsingh(a)google.com> Cc: stable(a)vger.kernel.org --- include/linux/mm_inline.h | 23 ++++++++++++++--------- mm/vmscan.c | 2 +- mm/workingset.c | 6 +++--- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/include/linux/mm_inline.h b/include/linux/mm_inline.h index 9ae7def16cb2..f4fe593c1400 100644 --- a/include/linux/mm_inline.h +++ b/include/linux/mm_inline.h @@ -232,22 +232,27 @@ static inline bool lru_gen_add_folio(struct lruvec *lruvec, struct folio *folio, if (folio_test_unevictable(folio) || !lrugen->enabled) return false; /* - * There are three common cases for this page: - * 1. If it's hot, e.g., freshly faulted in or previously hot and - * migrated, add it to the youngest generation. - * 2. If it's cold but can't be evicted immediately, i.e., an anon page - * not in swapcache or a dirty page pending writeback, add it to the - * second oldest generation. - * 3. Everything else (clean, cold) is added to the oldest generation. + * There are four common cases for this page: + * 1. If it's hot, i.e., freshly faulted in, add it to the youngest + * generation, and it's protected over the rest below. + * 2. If it can't be evicted immediately, i.e., a dirty page pending + * writeback, add it to the second youngest generation. + * 3. If it should be evicted first, e.g., cold and clean from + * folio_rotate_reclaimable(), add it to the oldest generation. + * 4. Everything else falls between 2 & 3 above and is added to the + * second oldest generation if it's considered inactive, or the + * oldest generation otherwise. See lru_gen_is_active(). */ if (folio_test_active(folio)) seq = lrugen->max_seq; else if ((type == LRU_GEN_ANON && !folio_test_swapcache(folio)) || (folio_test_reclaim(folio) && (folio_test_dirty(folio) || folio_test_writeback(folio)))) - seq = lrugen->min_seq[type] + 1; - else + seq = lrugen->max_seq - 1; + else if (reclaiming || lrugen->min_seq[type] + MIN_NR_GENS >= lrugen->max_seq) seq = lrugen->min_seq[type]; + else + seq = lrugen->min_seq[type] + 1; gen = lru_gen_from_seq(seq); flags = (gen + 1UL) << LRU_GEN_PGOFF; diff --git a/mm/vmscan.c b/mm/vmscan.c index 4e3b835c6b4a..e67631c60ac0 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -4260,7 +4260,7 @@ static bool sort_folio(struct lruvec *lruvec, struct folio *folio, struct scan_c } /* protected */ - if (tier > tier_idx) { + if (tier > tier_idx || refs == BIT(LRU_REFS_WIDTH)) { int hist = lru_hist_from_seq(lrugen->min_seq[type]); gen = folio_inc_gen(lruvec, folio, false); diff --git a/mm/workingset.c b/mm/workingset.c index 7d3dacab8451..2a2a34234df9 100644 --- a/mm/workingset.c +++ b/mm/workingset.c @@ -313,10 +313,10 @@ static void lru_gen_refault(struct folio *folio, void *shadow) * 1. For pages accessed through page tables, hotter pages pushed out * hot pages which refaulted immediately. * 2. For pages accessed multiple times through file descriptors, - * numbers of accesses might have been out of the range. + * they would have been protected by sort_folio(). */ - if (lru_gen_in_fault() || refs == BIT(LRU_REFS_WIDTH)) { - folio_set_workingset(folio); + if (lru_gen_in_fault() || refs >= BIT(LRU_REFS_WIDTH) - 1) { + set_mask_bits(&folio->flags, 0, LRU_REFS_MASK | BIT(PG_workingset)); mod_lruvec_state(lruvec, WORKINGSET_RESTORE_BASE + type, delta); } unlock: -- 2.43.0.472.g3155946c3a-goog

1 year, 8 months

3
30
0 0

+ selftests-mm-mremap_test-fix-build-warning.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: mremap_test: fix build warning has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-mremap_test-fix-build-warning.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Subject: selftests/mm: mremap_test: fix build warning Date: Thu, 11 Jan 2024 13:20:38 +0500 Fix following build warning: warning: format `%d' expects argument of type `int', but argument 2 has type `long long unsigned int' Link: https://lkml.kernel.org/r/20240111082039.3398848-1-usama.anjum@collabora.com Fixes: a4cb3b243343 ("selftests: mm: add a test for remapping to area immediately after existing mapping") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Joel Fernandes (Google) <joel(a)joelfernandes.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/mremap_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/mremap_test.c~selftests-mm-mremap_test-fix-build-warning +++ a/tools/testing/selftests/mm/mremap_test.c @@ -457,7 +457,7 @@ static long long remap_region(struct con char c = (char) rand(); if (((char *) dest_preamble_addr)[i] != c) { - ksft_print_msg("Preamble data after remap doesn't match at offset %d\n", + ksft_print_msg("Preamble data after remap doesn't match at offset %llu\n", i); ksft_print_msg("Expected: %#x\t Got: %#x\n", c & 0xff, ((char *) dest_preamble_addr)[i] & 0xff); _ Patches currently in -mm which might be from usama.anjum(a)collabora.com are fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch selftests-mm-mremap_test-fix-build-warning.patch

1 year, 8 months

1
0
0 0

+ fix-hugetlbfs-hwpoison-handling.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/hugetlbfs/inode.c: mm/memory-failure.c has been added to the -mm mm-hotfixes-unstable branch. Its filename is fix-hugetlbfs-hwpoison-handling.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Subject: fs/hugetlbfs/inode.c: mm/memory-failure.c fix hugetlbfs hwpoison handling Date: Thu, 11 Jan 2024 11:16:55 -0800 has_extra_refcount() makes the assumption that a ref count of 1 means the page is not referenced by other users. Commit a08c7193e4f1 (mm/filemap: remove hugetlb special casing in filemap.c) modifies __filemap_add_folio() by calling folio_ref_add(folio, nr); for all cases (including hugtetlb) where nr is the number of pages in the folio. We should check if the page is not referenced by other users by checking the page count against the number of pages rather than 1. In hugetlbfs_read_iter(), folio_test_has_hwpoisoned() is testing the wrong flag as, in the hugetlb case, memory-failure code calls folio_test_set_hwpoison() to indicate poison. folio_test_hwpoison() is the correct function to test for that flag. After these fixes, the hugetlb hwpoison read selftest passes all cases. Link: https://lkml.kernel.org/r/20240111191655.295530-1-sidhartha.kumar@oracle.com Signed-off-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Fixes: a08c7193e4f1 ("mm/filemap: remove hugetlb special casing in filemap.c") Closes: https://lore.kernel.org/linux-mm/20230713001833.3778937-1-jiaqiyan@google.c… Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: James Houghton <jthoughton(a)google.com> Cc: Jiaqi Yan <jiaqiyan(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> [6.7+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 2 +- mm/memory-failure.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/fs/hugetlbfs/inode.c~fix-hugetlbfs-hwpoison-handling +++ a/fs/hugetlbfs/inode.c @@ -340,7 +340,7 @@ static ssize_t hugetlbfs_read_iter(struc } else { folio_unlock(folio); - if (!folio_test_has_hwpoisoned(folio)) + if (!folio_test_hwpoison(folio)) want = nr; else { /* --- a/mm/memory-failure.c~fix-hugetlbfs-hwpoison-handling +++ a/mm/memory-failure.c @@ -979,7 +979,7 @@ struct page_state { static bool has_extra_refcount(struct page_state *ps, struct page *p, bool extra_pins) { - int count = page_count(p) - 1; + int count = page_count(p) - folio_nr_pages(page_folio(p)); if (extra_pins) count -= 1; _ Patches currently in -mm which might be from sidhartha.kumar(a)oracle.com are fix-hugetlbfs-hwpoison-handling.patch maple_tree-fix-comment-describing-mas_node_count_gfp.patch

1 year, 8 months

1
0
0 0

[PATCH v2] drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'

by Srinivasan Shanmugam

In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) Cc: stable(a)vger.kernel.org Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Wenjing Liu <wenjing.liu(a)amd.com> Cc: Qingqing Zhuo <qingqing.zhuo(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> --- v2: - Corrected the logic when !pipe_ctx->stream->timing.flags.DSC is true, still skipping the !dsc NULL check drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/link/link_dpms.c b/drivers/gpu/drm/amd/display/dc/link/link_dpms.c index 3de148004c06..d084ac0d30b2 100644 --- a/drivers/gpu/drm/amd/display/dc/link/link_dpms.c +++ b/drivers/gpu/drm/amd/display/dc/link/link_dpms.c @@ -900,11 +900,15 @@ bool link_set_dsc_pps_packet(struct pipe_ctx *pipe_ctx, bool enable, bool immedi { struct display_stream_compressor *dsc = pipe_ctx->stream_res.dsc; struct dc_stream_state *stream = pipe_ctx->stream; - DC_LOGGER_INIT(dsc->ctx->logger); - if (!pipe_ctx->stream->timing.flags.DSC || !dsc) + if (!pipe_ctx->stream->timing.flags.DSC) + return false; + + if(!dsc) return false; + DC_LOGGER_INIT(dsc->ctx->logger); + if (enable) { struct dsc_config dsc_cfg; uint8_t dsc_packed_pps[128]; -- 2.34.1

1 year, 8 months

2
1
0 0

EXT4-fs: Intermitent segfault with memory corruption

by Allen

Hello Ext4 Developers, I hope this email finds you well. We are reaching out to report a persistent issue that we have been facing on Windows Subsystem for Linux (WSL)[1] with various kernel versions. We have encountered the problem on kernel versions v5.15, v6.1, v6.6 stable kernels, and also the current upstream kernel. While the issue takes longer to reproduce on v5.15, it is consistently observable across these versions. Issue Description: Intermittent segfault with memory corruption. The time of segfault and output can vary, though one of the notable failures manifests as a segfault with the following error message: EXT4-fs error (device sdc): ext4_find_dest_de:2092: inode #32168: block 2334198: comm dpkg: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=4084 fake=0 and EXT4-fs warning (device sdc): dx_probe:890: inode #27771: comm dpkg: dx entry: limit 0 != root limit 508 EXT4-fs warning (device sdc): dx_probe:964: inode #27771: comm dpkg: Corrupt directory, running e2fsck is recommended EXT4-fs error (device sdc): ext4_empty_dir:3098: inode #27753: block 133944722: comm dpkg: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=4096 fake=0 or we see a segfault message where the source can change depending on which command we're testing with (dpkg, apt, gcc..): dpkg[135]: segfault at 0 ip 00007f9209eb6a19 sp 00007ffd8a6a0b08 error 4 in libc-2.31.so[7f9209d6e000+159000] likely on CPU 1 (core 0, socket 0) Reproduction Steps: The steps to reproduce the issue are seemingly straightforward: Run an install or upgrade. The larger the change the better. Installing Gimp has been a go to for testing, though we have reproduced the failure with: - apt upgrade - apt install - dpkg install - gcc building source files Observations: The issue occurs consistently across multiple kernel versions. Reproduction is faster on more recent kernels. Longer intervals are required for v5.15. When adding more debugging options that increases processing time, segfault seems to be harder to hit. When DX_DEBUG is enabled, during the installation process(dpkg install), we observed instances where both rlen and de->name_len values become 0. We wanted to bring this to your attention and seek guidance on how we could proceed with debugging and resolving this issue. Your insights and assistance would be greatly appreciated. Thank you for your time and consideration. [1] What is Windows Subsystem for Linux: https://learn.microsoft.com/en-us/windows/wsl/about -- - Allen

1 year, 8 months

2
1
0 0

[PATCH v4] net: stmmac: Prevent DSA tags from breaking COE

by Romain Gantois

Some DSA tagging protocols change the EtherType field in the MAC header e.g. DSA_TAG_PROTO_(DSA/EDSA/BRCM/MTK/RTL4C_A/SJA1105). On TX these tagged frames are ignored by the checksum offload engine and IP header checker of some stmmac cores. On RX, the stmmac driver wrongly assumes that checksums have been computed for these tagged packets, and sets CHECKSUM_UNNECESSARY. Add an additional check in the stmmac TX and RX hotpaths so that COE is deactivated for packets with ethertypes that will not trigger the COE and IP header checks. Fixes: 6b2c6e4a938f ("net: stmmac: propagate feature flags to vlan") Cc: <stable(a)vger.kernel.org> Reported-by: Richard Tresidder <rtresidd(a)electromag.com.au> Link: https://lore.kernel.org/netdev/e5c6c75f-2dfa-4e50-a1fb-6bf4cdb617c2@electro… Reported-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://lore.kernel.org/netdev/c57283ed-6b9b-b0e6-ee12-5655c1c54495@bootlin… Reviewed-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> --- Hello everyone, This is the fourth version of my proposed fix for the stmmac checksum offloading issue that has recently been reported. significant changes in v4: - Removed "inline" from declaration of stmmac_has_ip_ethertype significant changes in v3: - Use __vlan_get_protocol to make sure that 8021Q-encapsulated traffic is checked correctly. significant changes in v2: - Replaced the stmmac_link_up-based fix with an ethertype check in the TX and RX hotpaths. The Checksum Offloading Engine of some stmmac cores (e.g. DWMAC1000) computes an incorrect checksum when presented with DSA-tagged packets. This causes all TCP/UDP transfers to break when the stmmac device is connected to the CPU port of a DSA switch. I ran some tests using different tagging protocols with DSA_LOOP, and all of the protocols that set a custom ethertype field in the MAC header caused the checksum offload engine to ignore the tagged packets. On TX, this caused packets to egress with incorrect checksums. On RX, these packets were similarly ignored by the COE, yet the stmmac driver set CHECKSUM_UNNECESSARY, wrongly assuming that their checksums had been verified in hardware. Version 2 of this patch series fixes this issue by checking ethertype fields in both the TX and RX hotpaths of the stmmac driver. On TX, if a non-IP ethertype is detected, the packet is checksummed in software. On RX, the same condition causes stmmac to avoid setting CHECKSUM_UNNECESSARY. To measure the performance degradation to the TX/RX hotpaths, I did some iperf3 runs with 512-byte unfragmented UDP packets. measured degradation on TX: -466 pps (-0.2%) on RX: -338 pps (-1.2%) original performances on TX: 22kpps on RX: 27kpps The performance hit on the RX path can be partly explained by the fact that the stmmac driver doesn't set CHECKSUM_UNNECESSARY anymore. The TX performance degradation observed in v2 seems to have improved. It's not entirely clear to me why that is. Best Regards, Romain Romain Gantois (1): net: stmmac: Prevent DSA tags from breaking COE .../net/ethernet/stmicro/stmmac/stmmac_main.c | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) -- 2.43.0 --- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 ++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c index 37e64283f910..b30dba06dbd1 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c @@ -4371,6 +4371,25 @@ static netdev_tx_t stmmac_tso_xmit(struct sk_buff *skb, struct net_device *dev) return NETDEV_TX_OK; } +/** + * stmmac_has_ip_ethertype() - Check if packet has IP ethertype + * @skb: socket buffer to check + * + * Check if a packet has an ethertype that will trigger the IP header checks + * and IP/TCP checksum engine of the stmmac core. + * + * Return: true if the ethertype can trigger the checksum engine, false otherwise + */ +static bool stmmac_has_ip_ethertype(struct sk_buff *skb) +{ + int depth = 0; + __be16 proto; + + proto = __vlan_get_protocol(skb, eth_header_parse_protocol(skb), &depth); + + return (depth <= ETH_HLEN) && (proto == htons(ETH_P_IP) || proto == htons(ETH_P_IPV6)); +} + /** * stmmac_xmit - Tx entry point of the driver * @skb : the socket buffer @@ -4435,9 +4454,13 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) /* DWMAC IPs can be synthesized to support tx coe only for a few tx * queues. In that case, checksum offloading for those queues that don't * support tx coe needs to fallback to software checksum calculation. + * + * Packets that won't trigger the COE e.g. most DSA-tagged packets will + * also have to be checksummed in software. */ if (csum_insertion && - priv->plat->tx_queues_cfg[queue].coe_unsupported) { + (priv->plat->tx_queues_cfg[queue].coe_unsupported || + !stmmac_has_ip_ethertype(skb))) { if (unlikely(skb_checksum_help(skb))) goto dma_map_err; csum_insertion = !csum_insertion; @@ -4997,7 +5020,7 @@ static void stmmac_dispatch_skb_zc(struct stmmac_priv *priv, u32 queue, stmmac_rx_vlan(priv->dev, skb); skb->protocol = eth_type_trans(skb, priv->dev); - if (unlikely(!coe)) + if (unlikely(!coe) || !stmmac_has_ip_ethertype(skb)) skb_checksum_none_assert(skb); else skb->ip_summed = CHECKSUM_UNNECESSARY; @@ -5513,7 +5536,7 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue) stmmac_rx_vlan(priv->dev, skb); skb->protocol = eth_type_trans(skb, priv->dev); - if (unlikely(!coe)) + if (unlikely(!coe) || !stmmac_has_ip_ethertype(skb)) skb_checksum_none_assert(skb); else skb->ip_summed = CHECKSUM_UNNECESSARY; --- base-commit: ac631873c9e7a50d2a8de457cfc4b9f86666403e change-id: 20240108-prevent_dsa_tags-7bb0def0db81 Best regards, -- Romain Gantois <romain.gantois(a)bootlin.com>

1 year, 8 months

3
3
0 0

[PATCH v3 6/6] s390/vfio-ap: do not reset queue removed from host config

by Tony Krowiak

When a queue is unbound from the vfio_ap device driver, it is reset to ensure its crypto data is not leaked when it is bound to another device driver. If the queue is unbound due to the fact that the adapter or domain was removed from the host's AP configuration, then attempting to reset it will fail with response code 01 (APID not valid) getting returned from the reset command. Let's ensure that the queue is assigned to the host's configuration before resetting it. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Reviewed-by: Jason J. Herne <jjherne(a)linux.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: eeb386aeb5b7 ("s390/vfio-ap: handle config changed and scan complete notification") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index e014108067dc..84decb0d5c97 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2197,6 +2197,8 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) q = dev_get_drvdata(&apdev->device); get_update_locks_for_queue(q); matrix_mdev = q->matrix_mdev; + apid = AP_QID_CARD(q->apqn); + apqi = AP_QID_QUEUE(q->apqn); if (matrix_mdev) { /* If the queue is assigned to the guest's AP configuration */ @@ -2214,8 +2216,16 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) } } - vfio_ap_mdev_reset_queue(q); - flush_work(&q->reset_work); + /* + * If the queue is not in the host's AP configuration, then resetting + * it will fail with response code 01, (APQN not valid); so, let's make + * sure it is in the host's config. + */ + if (test_bit_inv(apid, (unsigned long *)matrix_dev->info.apm) && + test_bit_inv(apqi, (unsigned long *)matrix_dev->info.aqm)) { + vfio_ap_mdev_reset_queue(q); + flush_work(&q->reset_work); + } done: if (matrix_mdev) -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v3 5/6] s390/vfio-ap: reset queues associated with adapter for queue unbound from driver

by Tony Krowiak

When a queue is unbound from the vfio_ap device driver, if that queue is assigned to a guest's AP configuration, its associated adapter is removed because queues are defined to a guest via a matrix of adapters and domains; so, it is not possible to remove a single queue. If an adapter is removed from the guest's AP configuration, all associated queues must be reset to prevent leaking crypto data should any of them be assigned to a different guest or device driver. The one caveat is that if the queue is being removed because the adapter or domain has been removed from the host's AP configuration, then an attempt to reset the queue will fail with response code 01, AP-queue number not valid; so resetting these queues should be skipped. Acked-by: Halil Pasic <pasic(a)linux.ibm.com> Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Fixes: 09d31ff78793 ("s390/vfio-ap: hot plug/unplug of AP devices when probed/removed") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 78 ++++++++++++++++--------------- 1 file changed, 41 insertions(+), 37 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 11f8f0bcc7ed..e014108067dc 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -935,45 +935,45 @@ static void vfio_ap_mdev_link_adapter(struct ap_matrix_mdev *matrix_mdev, AP_MKQID(apid, apqi)); } +static void collect_queues_to_reset(struct ap_matrix_mdev *matrix_mdev, + unsigned long apid, + struct list_head *qlist) +{ + struct vfio_ap_queue *q; + unsigned long apqi; + + for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, AP_DOMAINS) { + q = vfio_ap_mdev_get_queue(matrix_mdev, AP_MKQID(apid, apqi)); + if (q) + list_add_tail(&q->reset_qnode, qlist); + } +} + +static void reset_queues_for_apid(struct ap_matrix_mdev *matrix_mdev, + unsigned long apid) +{ + struct list_head qlist; + + INIT_LIST_HEAD(&qlist); + collect_queues_to_reset(matrix_mdev, apid, &qlist); + vfio_ap_mdev_reset_qlist(&qlist); +} + static int reset_queues_for_apids(struct ap_matrix_mdev *matrix_mdev, unsigned long *apm_reset) { - struct vfio_ap_queue *q, *tmpq; struct list_head qlist; - unsigned long apid, apqi; - int apqn, ret = 0; + unsigned long apid; if (bitmap_empty(apm_reset, AP_DEVICES)) return 0; INIT_LIST_HEAD(&qlist); - for_each_set_bit_inv(apid, apm_reset, AP_DEVICES) { - for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, - AP_DOMAINS) { - /* - * If the domain is not in the host's AP configuration, - * then resetting it will fail with response code 01 - * (APQN not valid). - */ - if (!test_bit_inv(apqi, - (unsigned long *)matrix_dev->info.aqm)) - continue; - - apqn = AP_MKQID(apid, apqi); - q = vfio_ap_mdev_get_queue(matrix_mdev, apqn); - - if (q) - list_add_tail(&q->reset_qnode, &qlist); - } - } + for_each_set_bit_inv(apid, apm_reset, AP_DEVICES) + collect_queues_to_reset(matrix_mdev, apid, &qlist); - ret = vfio_ap_mdev_reset_qlist(&qlist); - - list_for_each_entry_safe(q, tmpq, &qlist, reset_qnode) - list_del(&q->reset_qnode); - - return ret; + return vfio_ap_mdev_reset_qlist(&qlist); } /** @@ -2199,24 +2199,28 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) matrix_mdev = q->matrix_mdev; if (matrix_mdev) { - vfio_ap_unlink_queue_fr_mdev(q); - - apid = AP_QID_CARD(q->apqn); - apqi = AP_QID_QUEUE(q->apqn); - - /* - * If the queue is assigned to the guest's APCB, then remove - * the adapter's APID from the APCB and hot it into the guest. - */ + /* If the queue is assigned to the guest's AP configuration */ if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm) && test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) { + /* + * Since the queues are defined via a matrix of adapters + * and domains, it is not possible to hot unplug a + * single queue; so, let's unplug the adapter. + */ clear_bit_inv(apid, matrix_mdev->shadow_apcb.apm); vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apid(matrix_mdev, apid); + goto done; } } vfio_ap_mdev_reset_queue(q); flush_work(&q->reset_work); + +done: + if (matrix_mdev) + vfio_ap_unlink_queue_fr_mdev(q); + dev_set_drvdata(&apdev->device, NULL); kfree(q); release_update_locks_for_mdev(matrix_mdev); -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v3 4/6] s390/vfio-ap: reset queues filtered from the guest's AP config

by Tony Krowiak

When filtering the adapters from the configuration profile for a guest to create or update a guest's AP configuration, if the APID of an adapter and the APQI of a domain identify a queue device that is not bound to the vfio_ap device driver, the APID of the adapter will be filtered because an individual APQN can not be filtered due to the fact the APQNs are assigned to an AP configuration as a matrix of APIDs and APQIs. Consequently, a guest will not have access to all of the queues associated with the filtered adapter. If the queues are subsequently made available again to the guest, they should re-appear in a reset state; so, let's make sure all queues associated with an adapter unplugged from the guest are reset. In order to identify the set of queues that need to be reset, let's allow a vfio_ap_queue object to be simultaneously stored in both a hashtable and a list: A hashtable used to store all of the queues assigned to a matrix mdev; and/or, a list used to store a subset of the queues that need to be reset. For example, when an adapter is hot unplugged from a guest, all guest queues associated with that adapter must be reset. Since that may be a subset of those assigned to the matrix mdev, they can be stored in a list that can be passed to the vfio_ap_mdev_reset_queues function. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Acked-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 171 +++++++++++++++++++------- drivers/s390/crypto/vfio_ap_private.h | 11 +- 2 files changed, 133 insertions(+), 49 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 26bd4aca497a..11f8f0bcc7ed 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -32,7 +32,8 @@ #define AP_RESET_INTERVAL 20 /* Reset sleep interval (20ms) */ -static int vfio_ap_mdev_reset_queues(struct ap_queue_table *qtable); +static int vfio_ap_mdev_reset_queues(struct ap_matrix_mdev *matrix_mdev); +static int vfio_ap_mdev_reset_qlist(struct list_head *qlist); static struct vfio_ap_queue *vfio_ap_find_queue(int apqn); static const struct vfio_device_ops vfio_ap_matrix_dev_ops; static void vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q); @@ -661,16 +662,23 @@ static bool vfio_ap_mdev_filter_cdoms(struct ap_matrix_mdev *matrix_mdev) * device driver. * * @matrix_mdev: the matrix mdev whose matrix is to be filtered. + * @apm_filtered: a 256-bit bitmap for storing the APIDs filtered from the + * guest's AP configuration that are still in the host's AP + * configuration. * * Note: If an APQN referencing a queue device that is not bound to the vfio_ap * driver, its APID will be filtered from the guest's APCB. The matrix * structure precludes filtering an individual APQN, so its APID will be - * filtered. + * filtered. Consequently, all queues associated with the adapter that + * are in the host's AP configuration must be reset. If queues are + * subsequently made available again to the guest, they should re-appear + * in a reset state * * Return: a boolean value indicating whether the KVM guest's APCB was changed * by the filtering or not. */ -static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) +static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev, + unsigned long *apm_filtered) { unsigned long apid, apqi, apqn; DECLARE_BITMAP(prev_shadow_apm, AP_DEVICES); @@ -680,6 +688,7 @@ static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) bitmap_copy(prev_shadow_apm, matrix_mdev->shadow_apcb.apm, AP_DEVICES); bitmap_copy(prev_shadow_aqm, matrix_mdev->shadow_apcb.aqm, AP_DOMAINS); vfio_ap_matrix_init(&matrix_dev->info, &matrix_mdev->shadow_apcb); + bitmap_clear(apm_filtered, 0, AP_DEVICES); /* * Copy the adapters, domains and control domains to the shadow_apcb @@ -705,8 +714,16 @@ static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) apqn = AP_MKQID(apid, apqi); q = vfio_ap_mdev_get_queue(matrix_mdev, apqn); if (!q || q->reset_status.response_code) { - clear_bit_inv(apid, - matrix_mdev->shadow_apcb.apm); + clear_bit_inv(apid, matrix_mdev->shadow_apcb.apm); + + /* + * If the adapter was previously plugged into + * the guest, let's let the caller know that + * the APID was filtered. + */ + if (test_bit_inv(apid, prev_shadow_apm)) + set_bit_inv(apid, apm_filtered); + break; } } @@ -808,7 +825,7 @@ static void vfio_ap_mdev_remove(struct mdev_device *mdev) mutex_lock(&matrix_dev->guests_lock); mutex_lock(&matrix_dev->mdevs_lock); - vfio_ap_mdev_reset_queues(&matrix_mdev->qtable); + vfio_ap_mdev_reset_queues(matrix_mdev); vfio_ap_mdev_unlink_fr_queues(matrix_mdev); list_del(&matrix_mdev->node); mutex_unlock(&matrix_dev->mdevs_lock); @@ -918,6 +935,47 @@ static void vfio_ap_mdev_link_adapter(struct ap_matrix_mdev *matrix_mdev, AP_MKQID(apid, apqi)); } +static int reset_queues_for_apids(struct ap_matrix_mdev *matrix_mdev, + unsigned long *apm_reset) +{ + struct vfio_ap_queue *q, *tmpq; + struct list_head qlist; + unsigned long apid, apqi; + int apqn, ret = 0; + + if (bitmap_empty(apm_reset, AP_DEVICES)) + return 0; + + INIT_LIST_HEAD(&qlist); + + for_each_set_bit_inv(apid, apm_reset, AP_DEVICES) { + for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, + AP_DOMAINS) { + /* + * If the domain is not in the host's AP configuration, + * then resetting it will fail with response code 01 + * (APQN not valid). + */ + if (!test_bit_inv(apqi, + (unsigned long *)matrix_dev->info.aqm)) + continue; + + apqn = AP_MKQID(apid, apqi); + q = vfio_ap_mdev_get_queue(matrix_mdev, apqn); + + if (q) + list_add_tail(&q->reset_qnode, &qlist); + } + } + + ret = vfio_ap_mdev_reset_qlist(&qlist); + + list_for_each_entry_safe(q, tmpq, &qlist, reset_qnode) + list_del(&q->reset_qnode); + + return ret; +} + /** * assign_adapter_store - parses the APID from @buf and sets the * corresponding bit in the mediated matrix device's APM @@ -958,6 +1016,7 @@ static ssize_t assign_adapter_store(struct device *dev, { int ret; unsigned long apid; + DECLARE_BITMAP(apm_filtered, AP_DEVICES); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -987,8 +1046,10 @@ static ssize_t assign_adapter_store(struct device *dev, vfio_ap_mdev_link_adapter(matrix_mdev, apid); - if (vfio_ap_mdev_filter_matrix(matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev, apm_filtered)) { vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apids(matrix_mdev, apm_filtered); + } ret = count; done: @@ -1019,11 +1080,12 @@ static struct vfio_ap_queue * adapter was assigned. * @matrix_mdev: the matrix mediated device to which the adapter was assigned. * @apid: the APID of the unassigned adapter. - * @qtable: table for storing queues associated with unassigned adapter. + * @qlist: list for storing queues associated with unassigned adapter that + * need to be reset. */ static void vfio_ap_mdev_unlink_adapter(struct ap_matrix_mdev *matrix_mdev, unsigned long apid, - struct ap_queue_table *qtable) + struct list_head *qlist) { unsigned long apqi; struct vfio_ap_queue *q; @@ -1031,11 +1093,10 @@ static void vfio_ap_mdev_unlink_adapter(struct ap_matrix_mdev *matrix_mdev, for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) { q = vfio_ap_unlink_apqn_fr_mdev(matrix_mdev, apid, apqi); - if (q && qtable) { + if (q && qlist) { if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm) && test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) - hash_add(qtable->queues, &q->mdev_qnode, - q->apqn); + list_add_tail(&q->reset_qnode, qlist); } } } @@ -1043,26 +1104,23 @@ static void vfio_ap_mdev_unlink_adapter(struct ap_matrix_mdev *matrix_mdev, static void vfio_ap_mdev_hot_unplug_adapter(struct ap_matrix_mdev *matrix_mdev, unsigned long apid) { - int loop_cursor; - struct vfio_ap_queue *q; - struct ap_queue_table *qtable = kzalloc(sizeof(*qtable), GFP_KERNEL); + struct vfio_ap_queue *q, *tmpq; + struct list_head qlist; - hash_init(qtable->queues); - vfio_ap_mdev_unlink_adapter(matrix_mdev, apid, qtable); + INIT_LIST_HEAD(&qlist); + vfio_ap_mdev_unlink_adapter(matrix_mdev, apid, &qlist); if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm)) { clear_bit_inv(apid, matrix_mdev->shadow_apcb.apm); vfio_ap_mdev_update_guest_apcb(matrix_mdev); } - vfio_ap_mdev_reset_queues(qtable); + vfio_ap_mdev_reset_qlist(&qlist); - hash_for_each(qtable->queues, loop_cursor, q, mdev_qnode) { + list_for_each_entry_safe(q, tmpq, &qlist, reset_qnode) { vfio_ap_unlink_mdev_fr_queue(q); - hash_del(&q->mdev_qnode); + list_del(&q->reset_qnode); } - - kfree(qtable); } /** @@ -1163,6 +1221,7 @@ static ssize_t assign_domain_store(struct device *dev, { int ret; unsigned long apqi; + DECLARE_BITMAP(apm_filtered, AP_DEVICES); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -1192,8 +1251,10 @@ static ssize_t assign_domain_store(struct device *dev, vfio_ap_mdev_link_domain(matrix_mdev, apqi); - if (vfio_ap_mdev_filter_matrix(matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev, apm_filtered)) { vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apids(matrix_mdev, apm_filtered); + } ret = count; done: @@ -1206,7 +1267,7 @@ static DEVICE_ATTR_WO(assign_domain); static void vfio_ap_mdev_unlink_domain(struct ap_matrix_mdev *matrix_mdev, unsigned long apqi, - struct ap_queue_table *qtable) + struct list_head *qlist) { unsigned long apid; struct vfio_ap_queue *q; @@ -1214,11 +1275,10 @@ static void vfio_ap_mdev_unlink_domain(struct ap_matrix_mdev *matrix_mdev, for_each_set_bit_inv(apid, matrix_mdev->matrix.apm, AP_DEVICES) { q = vfio_ap_unlink_apqn_fr_mdev(matrix_mdev, apid, apqi); - if (q && qtable) { + if (q && qlist) { if (test_bit_inv(apid, matrix_mdev->shadow_apcb.apm) && test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) - hash_add(qtable->queues, &q->mdev_qnode, - q->apqn); + list_add_tail(&q->reset_qnode, qlist); } } } @@ -1226,26 +1286,23 @@ static void vfio_ap_mdev_unlink_domain(struct ap_matrix_mdev *matrix_mdev, static void vfio_ap_mdev_hot_unplug_domain(struct ap_matrix_mdev *matrix_mdev, unsigned long apqi) { - int loop_cursor; - struct vfio_ap_queue *q; - struct ap_queue_table *qtable = kzalloc(sizeof(*qtable), GFP_KERNEL); + struct vfio_ap_queue *q, *tmpq; + struct list_head qlist; - hash_init(qtable->queues); - vfio_ap_mdev_unlink_domain(matrix_mdev, apqi, qtable); + INIT_LIST_HEAD(&qlist); + vfio_ap_mdev_unlink_domain(matrix_mdev, apqi, &qlist); if (test_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm)) { clear_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm); vfio_ap_mdev_update_guest_apcb(matrix_mdev); } - vfio_ap_mdev_reset_queues(qtable); + vfio_ap_mdev_reset_qlist(&qlist); - hash_for_each(qtable->queues, loop_cursor, q, mdev_qnode) { + list_for_each_entry_safe(q, tmpq, &qlist, reset_qnode) { vfio_ap_unlink_mdev_fr_queue(q); - hash_del(&q->mdev_qnode); + list_del(&q->reset_qnode); } - - kfree(qtable); } /** @@ -1600,7 +1657,7 @@ static void vfio_ap_mdev_unset_kvm(struct ap_matrix_mdev *matrix_mdev) get_update_locks_for_kvm(kvm); kvm_arch_crypto_clear_masks(kvm); - vfio_ap_mdev_reset_queues(&matrix_mdev->qtable); + vfio_ap_mdev_reset_queues(matrix_mdev); kvm_put_kvm(kvm); matrix_mdev->kvm = NULL; @@ -1736,15 +1793,33 @@ static void vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q) } } -static int vfio_ap_mdev_reset_queues(struct ap_queue_table *qtable) +static int vfio_ap_mdev_reset_queues(struct ap_matrix_mdev *matrix_mdev) { int ret = 0, loop_cursor; struct vfio_ap_queue *q; - hash_for_each(qtable->queues, loop_cursor, q, mdev_qnode) + hash_for_each(matrix_mdev->qtable.queues, loop_cursor, q, mdev_qnode) vfio_ap_mdev_reset_queue(q); - hash_for_each(qtable->queues, loop_cursor, q, mdev_qnode) { + hash_for_each(matrix_mdev->qtable.queues, loop_cursor, q, mdev_qnode) { + flush_work(&q->reset_work); + + if (q->reset_status.response_code) + ret = -EIO; + } + + return ret; +} + +static int vfio_ap_mdev_reset_qlist(struct list_head *qlist) +{ + int ret = 0; + struct vfio_ap_queue *q; + + list_for_each_entry(q, qlist, reset_qnode) + vfio_ap_mdev_reset_queue(q); + + list_for_each_entry(q, qlist, reset_qnode) { flush_work(&q->reset_work); if (q->reset_status.response_code) @@ -1930,7 +2005,7 @@ static ssize_t vfio_ap_mdev_ioctl(struct vfio_device *vdev, ret = vfio_ap_mdev_get_device_info(arg); break; case VFIO_DEVICE_RESET: - ret = vfio_ap_mdev_reset_queues(&matrix_mdev->qtable); + ret = vfio_ap_mdev_reset_queues(matrix_mdev); break; case VFIO_DEVICE_GET_IRQ_INFO: ret = vfio_ap_get_irq_info(arg); @@ -2062,6 +2137,7 @@ int vfio_ap_mdev_probe_queue(struct ap_device *apdev) { int ret; struct vfio_ap_queue *q; + DECLARE_BITMAP(apm_filtered, AP_DEVICES); struct ap_matrix_mdev *matrix_mdev; ret = sysfs_create_group(&apdev->device.kobj, &vfio_queue_attr_group); @@ -2094,15 +2170,17 @@ int vfio_ap_mdev_probe_queue(struct ap_device *apdev) !bitmap_empty(matrix_mdev->aqm_add, AP_DOMAINS)) goto done; - if (vfio_ap_mdev_filter_matrix(matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev, apm_filtered)) { vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apids(matrix_mdev, apm_filtered); + } } done: dev_set_drvdata(&apdev->device, q); release_update_locks_for_mdev(matrix_mdev); - return 0; + return ret; err_remove_group: sysfs_remove_group(&apdev->device.kobj, &vfio_queue_attr_group); @@ -2446,6 +2524,7 @@ void vfio_ap_on_cfg_changed(struct ap_config_info *cur_cfg_info, static void vfio_ap_mdev_hot_plug_cfg(struct ap_matrix_mdev *matrix_mdev) { + DECLARE_BITMAP(apm_filtered, AP_DEVICES); bool filter_domains, filter_adapters, filter_cdoms, do_hotplug = false; mutex_lock(&matrix_mdev->kvm->lock); @@ -2459,7 +2538,7 @@ static void vfio_ap_mdev_hot_plug_cfg(struct ap_matrix_mdev *matrix_mdev) matrix_mdev->adm_add, AP_DOMAINS); if (filter_adapters || filter_domains) - do_hotplug = vfio_ap_mdev_filter_matrix(matrix_mdev); + do_hotplug = vfio_ap_mdev_filter_matrix(matrix_mdev, apm_filtered); if (filter_cdoms) do_hotplug |= vfio_ap_mdev_filter_cdoms(matrix_mdev); @@ -2467,6 +2546,8 @@ static void vfio_ap_mdev_hot_plug_cfg(struct ap_matrix_mdev *matrix_mdev) if (do_hotplug) vfio_ap_mdev_update_guest_apcb(matrix_mdev); + reset_queues_for_apids(matrix_mdev, apm_filtered); + mutex_unlock(&matrix_dev->mdevs_lock); mutex_unlock(&matrix_mdev->kvm->lock); } diff --git a/drivers/s390/crypto/vfio_ap_private.h b/drivers/s390/crypto/vfio_ap_private.h index 88aff8b81f2f..20eac8b0f0b9 100644 --- a/drivers/s390/crypto/vfio_ap_private.h +++ b/drivers/s390/crypto/vfio_ap_private.h @@ -83,10 +83,10 @@ struct ap_matrix { }; /** - * struct ap_queue_table - a table of queue objects. - * - * @queues: a hashtable of queues (struct vfio_ap_queue). - */ + * struct ap_queue_table - a table of queue objects. + * + * @queues: a hashtable of queues (struct vfio_ap_queue). + */ struct ap_queue_table { DECLARE_HASHTABLE(queues, 8); }; @@ -133,6 +133,8 @@ struct ap_matrix_mdev { * @apqn: the APQN of the AP queue device * @saved_isc: the guest ISC registered with the GIB interface * @mdev_qnode: allows the vfio_ap_queue struct to be added to a hashtable + * @reset_qnode: allows the vfio_ap_queue struct to be added to a list of queues + * that need to be reset * @reset_status: the status from the last reset of the queue * @reset_work: work to wait for queue reset to complete */ @@ -143,6 +145,7 @@ struct vfio_ap_queue { #define VFIO_AP_ISC_INVALID 0xff unsigned char saved_isc; struct hlist_node mdev_qnode; + struct list_head reset_qnode; struct ap_queue_status reset_status; struct work_struct reset_work; }; -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v3 2/6] s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration

by Tony Krowiak

While filtering the mdev matrix, it doesn't make sense - and will have unexpected results - to filter an APID from the matrix if the APID or one of the associated APQIs is not in the host's AP configuration. There are two reasons for this: 1. An adapter or domain that is not in the host's AP configuration can be assigned to the matrix; this is known as over-provisioning. Queue devices, however, are only created for adapters and domains in the host's AP configuration, so there will be no queues associated with an over-provisioned adapter or domain to filter. 2. The adapter or domain may have been externally removed from the host's configuration via an SE or HMC attached to a DPM enabled LPAR. In this case, the vfio_ap device driver would have been notified by the AP bus via the on_config_changed callback and the adapter or domain would have already been filtered. Since the matrix_mdev->shadow_apcb.apm and matrix_mdev->shadow_apcb.aqm are copied from the mdev matrix sans the APIDs and APQIs not in the host's AP configuration, let's loop over those bitmaps instead of those assigned to the matrix. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 9382b32e5bd1..47232e19a50e 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -691,8 +691,9 @@ static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) bitmap_and(matrix_mdev->shadow_apcb.aqm, matrix_mdev->matrix.aqm, (unsigned long *)matrix_dev->info.aqm, AP_DOMAINS); - for_each_set_bit_inv(apid, matrix_mdev->matrix.apm, AP_DEVICES) { - for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) { + for_each_set_bit_inv(apid, matrix_mdev->shadow_apcb.apm, AP_DEVICES) { + for_each_set_bit_inv(apqi, matrix_mdev->shadow_apcb.aqm, + AP_DOMAINS) { /* * If the APQN is not bound to the vfio_ap device * driver, then we can't assign it to the guest's -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v3 1/6] s390/vfio-ap: always filter entire AP matrix

by Tony Krowiak

The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filtering the matrix of adapters and domains assigned to the mdev. When an adapter or domain is assigned, only the APQNs associated with the APID of the new adapter or APQI of the new domain are inspected. If an APQN does not reference a queue device bound to the vfio_ap device driver, then it's APID will be filtered from the mdev's matrix when updating the guest's AP configuration. Inspecting only the APID of the new adapter or APQI of the new domain will result in passing AP queues through to a guest that are not bound to the vfio_ap device driver under certain circumstances. Consider the following: guest's AP configuration (all also assigned to the mdev's matrix): 14.0004 14.0005 14.0006 16.0004 16.0005 16.0006 unassign domain 4 unbind queue 16.0005 assign domain 4 When domain 4 is re-assigned, since only domain 4 will be inspected, the APQNs that will be examined will be: 14.0004 16.0004 Since both of those APQNs reference queue devices that are bound to the vfio_ap device driver, nothing will get filtered from the mdev's matrix when updating the guest's AP configuration. Consequently, queue 16.0005 will get passed through despite not being bound to the driver. This violates the linux device model requirement that a guest shall only be given access to devices bound to the device driver facilitating their pass-through. To resolve this problem, every adapter and domain assigned to the mdev will be inspected when filtering the mdev's matrix. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Acked-by: Halil Pasic <pasic(a)linux.ibm.com> Fixes: 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 57 +++++++++---------------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index 4db538a55192..9382b32e5bd1 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -670,8 +670,7 @@ static bool vfio_ap_mdev_filter_cdoms(struct ap_matrix_mdev *matrix_mdev) * Return: a boolean value indicating whether the KVM guest's APCB was changed * by the filtering or not. */ -static bool vfio_ap_mdev_filter_matrix(unsigned long *apm, unsigned long *aqm, - struct ap_matrix_mdev *matrix_mdev) +static bool vfio_ap_mdev_filter_matrix(struct ap_matrix_mdev *matrix_mdev) { unsigned long apid, apqi, apqn; DECLARE_BITMAP(prev_shadow_apm, AP_DEVICES); @@ -692,8 +691,8 @@ static bool vfio_ap_mdev_filter_matrix(unsigned long *apm, unsigned long *aqm, bitmap_and(matrix_mdev->shadow_apcb.aqm, matrix_mdev->matrix.aqm, (unsigned long *)matrix_dev->info.aqm, AP_DOMAINS); - for_each_set_bit_inv(apid, apm, AP_DEVICES) { - for_each_set_bit_inv(apqi, aqm, AP_DOMAINS) { + for_each_set_bit_inv(apid, matrix_mdev->matrix.apm, AP_DEVICES) { + for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) { /* * If the APQN is not bound to the vfio_ap device * driver, then we can't assign it to the guest's @@ -958,7 +957,6 @@ static ssize_t assign_adapter_store(struct device *dev, { int ret; unsigned long apid; - DECLARE_BITMAP(apm_delta, AP_DEVICES); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -987,11 +985,8 @@ static ssize_t assign_adapter_store(struct device *dev, } vfio_ap_mdev_link_adapter(matrix_mdev, apid); - memset(apm_delta, 0, sizeof(apm_delta)); - set_bit_inv(apid, apm_delta); - if (vfio_ap_mdev_filter_matrix(apm_delta, - matrix_mdev->matrix.aqm, matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); ret = count; @@ -1167,7 +1162,6 @@ static ssize_t assign_domain_store(struct device *dev, { int ret; unsigned long apqi; - DECLARE_BITMAP(aqm_delta, AP_DOMAINS); struct ap_matrix_mdev *matrix_mdev = dev_get_drvdata(dev); mutex_lock(&ap_perms_mutex); @@ -1196,11 +1190,8 @@ static ssize_t assign_domain_store(struct device *dev, } vfio_ap_mdev_link_domain(matrix_mdev, apqi); - memset(aqm_delta, 0, sizeof(aqm_delta)); - set_bit_inv(apqi, aqm_delta); - if (vfio_ap_mdev_filter_matrix(matrix_mdev->matrix.apm, aqm_delta, - matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); ret = count; @@ -2091,9 +2082,7 @@ int vfio_ap_mdev_probe_queue(struct ap_device *apdev) if (matrix_mdev) { vfio_ap_mdev_link_queue(matrix_mdev, q); - if (vfio_ap_mdev_filter_matrix(matrix_mdev->matrix.apm, - matrix_mdev->matrix.aqm, - matrix_mdev)) + if (vfio_ap_mdev_filter_matrix(matrix_mdev)) vfio_ap_mdev_update_guest_apcb(matrix_mdev); } dev_set_drvdata(&apdev->device, q); @@ -2443,34 +2432,22 @@ void vfio_ap_on_cfg_changed(struct ap_config_info *cur_cfg_info, static void vfio_ap_mdev_hot_plug_cfg(struct ap_matrix_mdev *matrix_mdev) { - bool do_hotplug = false; - int filter_domains = 0; - int filter_adapters = 0; - DECLARE_BITMAP(apm, AP_DEVICES); - DECLARE_BITMAP(aqm, AP_DOMAINS); + bool filter_domains, filter_adapters, filter_cdoms, do_hotplug = false; mutex_lock(&matrix_mdev->kvm->lock); mutex_lock(&matrix_dev->mdevs_lock); - filter_adapters = bitmap_and(apm, matrix_mdev->matrix.apm, - matrix_mdev->apm_add, AP_DEVICES); - filter_domains = bitmap_and(aqm, matrix_mdev->matrix.aqm, - matrix_mdev->aqm_add, AP_DOMAINS); - - if (filter_adapters && filter_domains) - do_hotplug |= vfio_ap_mdev_filter_matrix(apm, aqm, matrix_mdev); - else if (filter_adapters) - do_hotplug |= - vfio_ap_mdev_filter_matrix(apm, - matrix_mdev->shadow_apcb.aqm, - matrix_mdev); - else - do_hotplug |= - vfio_ap_mdev_filter_matrix(matrix_mdev->shadow_apcb.apm, - aqm, matrix_mdev); + filter_adapters = bitmap_intersects(matrix_mdev->matrix.apm, + matrix_mdev->apm_add, AP_DEVICES); + filter_domains = bitmap_intersects(matrix_mdev->matrix.aqm, + matrix_mdev->aqm_add, AP_DOMAINS); + filter_cdoms = bitmap_intersects(matrix_mdev->matrix.adm, + matrix_mdev->adm_add, AP_DOMAINS); + + if (filter_adapters || filter_domains) + do_hotplug = vfio_ap_mdev_filter_matrix(matrix_mdev); - if (bitmap_intersects(matrix_mdev->matrix.adm, matrix_mdev->adm_add, - AP_DOMAINS)) + if (filter_cdoms) do_hotplug |= vfio_ap_mdev_filter_cdoms(matrix_mdev); if (do_hotplug) -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v2 6/6] s390/vfio-ap: do not reset queue removed from host config

by Tony Krowiak

When a queue is unbound from the vfio_ap device driver, it is reset to ensure its crypto data is not leaked when it is bound to another device driver. If the queue is unbound due to the fact that the adapter or domain was removed from the host's AP configuration, then attempting to reset it will fail with response code 01 (APID not valid) getting returned from the reset command. Let's ensure that the queue is assigned to the host's configuration before resetting it. Signed-off-by: Tony Krowiak <akrowiak(a)linux.ibm.com> Fixes: eeb386aeb5b7 ("s390/vfio-ap: handle config changed and scan complete notification") Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index e014108067dc..84decb0d5c97 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2197,6 +2197,8 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) q = dev_get_drvdata(&apdev->device); get_update_locks_for_queue(q); matrix_mdev = q->matrix_mdev; + apid = AP_QID_CARD(q->apqn); + apqi = AP_QID_QUEUE(q->apqn); if (matrix_mdev) { /* If the queue is assigned to the guest's AP configuration */ @@ -2214,8 +2216,16 @@ void vfio_ap_mdev_remove_queue(struct ap_device *apdev) } } - vfio_ap_mdev_reset_queue(q); - flush_work(&q->reset_work); + /* + * If the queue is not in the host's AP configuration, then resetting + * it will fail with response code 01, (APQN not valid); so, let's make + * sure it is in the host's config. + */ + if (test_bit_inv(apid, (unsigned long *)matrix_dev->info.apm) && + test_bit_inv(apqi, (unsigned long *)matrix_dev->info.aqm)) { + vfio_ap_mdev_reset_queue(q); + flush_work(&q->reset_work); + } done: if (matrix_mdev) -- 2.43.0

1 year, 8 months

3
2
0 0

[PATCH v2] wifi: iwlwifi: fix a memory corruption

by Miri Korenblit

From: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer. Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218233 Fixes: cf29c5b66b9f ("iwlwifi: dbg_ini: implement time point handling") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- v2: Change 'Link' to 'Closes' drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c index b658cf228fbe..9160d81a871e 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2018-2023 Intel Corporation + * Copyright (C) 2018-2024 Intel Corporation */ #include <linux/firmware.h> #include "iwl-drv.h" @@ -1096,7 +1096,7 @@ static int iwl_dbg_tlv_override_trig_node(struct iwl_fw_runtime *fwrt, node_trig = (void *)node_tlv->data; } - memcpy(node_trig->data + offset, trig->data, trig_data_len); + memcpy((u8 *)node_trig->data + offset, trig->data, trig_data_len); node_tlv->length = cpu_to_le32(size); if (policy & IWL_FW_INI_APPLY_POLICY_OVERRIDE_CFG) { -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH] wifi: iwlwifi: fix a memory corruption

by Miri Korenblit

From: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer. Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=218233 Fixes: cf29c5b66b9f ("iwlwifi: dbg_ini: implement time point handling") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c index b658cf228fbe..9160d81a871e 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2018-2023 Intel Corporation + * Copyright (C) 2018-2024 Intel Corporation */ #include <linux/firmware.h> #include "iwl-drv.h" @@ -1096,7 +1096,7 @@ static int iwl_dbg_tlv_override_trig_node(struct iwl_fw_runtime *fwrt, node_trig = (void *)node_tlv->data; } - memcpy(node_trig->data + offset, trig->data, trig_data_len); + memcpy((u8 *)node_trig->data + offset, trig->data, trig_data_len); node_tlv->length = cpu_to_le32(size); if (policy & IWL_FW_INI_APPLY_POLICY_OVERRIDE_CFG) { -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH RESEND v2] hwspinlock: qcom: Remove IPQ6018 SOC specific compatible

by Vignesh Viswanathan

IPQ6018 has 32 tcsr_mutex hwlock registers with stride 0x1000. The compatible string qcom,ipq6018-tcsr-mutex is mapped to of_msm8226_tcsr_mutex which has 32 locks configured with stride of 0x80 and doesn't match the HW present in IPQ6018. Remove IPQ6018 specific compatible string so that it fallsback to of_tcsr_mutex data which maps to the correct configuration for IPQ6018. Cc: stable(a)vger.kernel.org Fixes: 5d4753f741d8 ("hwspinlock: qcom: add support for MMIO on older SoCs") Signed-off-by: Vignesh Viswanathan <quic_viswanat(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> --- This patch was already posted [2] and applied [3], but missing in the linux-next TIP. Resending with r-b tags so that it can be picked up again. [2] https://lore.kernel.org/all/20230905095535.1263113-3-quic_viswanat@quicinc.… [3] https://lore.kernel.org/all/169522934567.2501390.1112201061322984444.b4-ty@… Changes in v2: - Updated commit message - Added Fixes and stable tags drivers/hwspinlock/qcom_hwspinlock.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/hwspinlock/qcom_hwspinlock.c b/drivers/hwspinlock/qcom_hwspinlock.c index a0fd67fd2934..814dfe8697bf 100644 --- a/drivers/hwspinlock/qcom_hwspinlock.c +++ b/drivers/hwspinlock/qcom_hwspinlock.c @@ -115,7 +115,6 @@ static const struct of_device_id qcom_hwspinlock_of_match[] = { { .compatible = "qcom,sfpb-mutex", .data = &of_sfpb_mutex }, { .compatible = "qcom,tcsr-mutex", .data = &of_tcsr_mutex }, { .compatible = "qcom,apq8084-tcsr-mutex", .data = &of_msm8226_tcsr_mutex }, - { .compatible = "qcom,ipq6018-tcsr-mutex", .data = &of_msm8226_tcsr_mutex }, { .compatible = "qcom,msm8226-tcsr-mutex", .data = &of_msm8226_tcsr_mutex }, { .compatible = "qcom,msm8974-tcsr-mutex", .data = &of_msm8226_tcsr_mutex }, { .compatible = "qcom,msm8994-tcsr-mutex", .data = &of_msm8226_tcsr_mutex }, -- 2.41.0

1 year, 8 months

1
0
0 0

FAILED: patch "[PATCH] fuse: nlookup missing decrement in fuse_direntplus_link" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b8bd342d50cbf606666488488f9fea374aceb2d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023091601-spotted-untie-0ba4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b8bd342d50cb ("fuse: nlookup missing decrement in fuse_direntplus_link") d123d8e1833c ("fuse: split out readdir.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b8bd342d50cbf606666488488f9fea374aceb2d5 Mon Sep 17 00:00:00 2001 From: ruanmeisi <ruan.meisi(a)zte.com.cn> Date: Tue, 25 Apr 2023 19:13:54 +0800 Subject: [PATCH] fuse: nlookup missing decrement in fuse_direntplus_link During our debugging of glusterfs, we found an Assertion failed error: inode_lookup >= nlookup, which was caused by the nlookup value in the kernel being greater than that in the FUSE file system. The issue was introduced by fuse_direntplus_link, where in the function, fuse_iget increments nlookup, and if d_splice_alias returns failure, fuse_direntplus_link returns failure without decrementing nlookup https://github.com/gluster/glusterfs/pull/4081 Signed-off-by: ruanmeisi <ruan.meisi(a)zte.com.cn> Fixes: 0b05b18381ee ("fuse: implement NFS-like readdirplus support") Cc: <stable(a)vger.kernel.org> # v3.9 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/readdir.c b/fs/fuse/readdir.c index dc603479b30e..b3d498163f97 100644 --- a/fs/fuse/readdir.c +++ b/fs/fuse/readdir.c @@ -243,8 +243,16 @@ static int fuse_direntplus_link(struct file *file, dput(dentry); dentry = alias; } - if (IS_ERR(dentry)) + if (IS_ERR(dentry)) { + if (!IS_ERR(inode)) { + struct fuse_inode *fi = get_fuse_inode(inode); + + spin_lock(&fi->lock); + fi->nlookup--; + spin_unlock(&fi->lock); + } return PTR_ERR(dentry); + } } if (fc->readdirplus_auto) set_bit(FUSE_I_INIT_RDPLUS, &get_fuse_inode(inode)->state);

1 year, 8 months

3
2
0 0

[PATCH 5.10 0/1] drm/qxl: fix UAF on handle creation

by Fedor Pchelkin

The bug `KASAN: slab-use-after-free in qxl_mode_dumb_create` is reproduced on 5.10 stable branch. The problem has been fixed by the following patch which can be cleanly applied to 5.10. The fix is already included in all stable branches starting from 5.15. Link to the "failed to apply to 5.10" report [1]. [1]: https://lore.kernel.org/stable/2023082121-mumps-residency-9108@gregkh/

1 year, 8 months

2
2
0 0

[PATCH 5.15 00/67] 5.15.142-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.142 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Dec 2023 03:14:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.142-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.142-rc1 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix deadlock on RTL8125 in jumbo mtu mode Heiner Kallweit <hkallweit1(a)gmail.com> r8169: disable ASPM in case of tx timeout Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled Heiner Kallweit <hkallweit1(a)gmail.com> mmc: core: add helpers mmc_regulator_enable/disable_vqmmc Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Make context clearing consistent with context mapping Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Omit devTLB invalidation requests when TES=0 Christoph Niedermaier <cniedermaier(a)dh-electronics.com> cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily Christoph Niedermaier <cniedermaier(a)dh-electronics.com> cpufreq: imx6q: don't warn for disabling a non-existing frequency Steve French <stfrench(a)microsoft.com> smb3: fix caching of ctime on setxattr Jeff Layton <jlayton(a)kernel.org> fs: add ctime accessors infrastructure Helge Deller <deller(a)gmx.de> fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Mark Hasemeyer <markhas(a)chromium.org> ASoC: SOF: sof-pci-dev: Fix community key quirk detection Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: sof-pci-dev: add parameter to override topology filename Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: sof-pci-dev: use community key on all Up boards Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header Steve French <stfrench(a)microsoft.com> smb3: fix touch -h of symlink Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Move _GNU_SOURCE define into Makefile Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> selftests/resctrl: Add missing SPDX license to Makefile Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix async branch flags Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Stop DMA in case of failures on ravb_open() Phil Edworthy <phil.edworthy(a)renesas.com> ravb: Support separate Line0 (Desc), Line1 (Err) and Line2 (Mgmt) irqs Phil Edworthy <phil.edworthy(a)renesas.com> ravb: Separate handling of irq enable/disable regs into feature Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Start TX queues after HW initialization succeeded Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Use pm_runtime_resume_and_get() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Check return value of reset_control_deassert() Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> ravb: Fix races between ravb_tx_timeout_work() and net related ops Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prevent potential deadlock in rtl8169_close Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> Revert "workqueue: remove unused cancel_work()" Geetha sowjanya <gakula(a)marvell.com> octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64 Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: Disable FPE MMC interrupts Elena Salomatkina <elena.salomatkina.cmc(a)gmail.com> octeontx2-af: Fix possible buffer overflow Willem de Bruijn <willemb(a)google.com> selftests/net: ipsec: fix constant out of range Dmitry Antipov <dmantipov(a)yandex.ru> uapi: propagate __struct_group() attributes to the container union Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: increase the needed headroom to account for alignment Zhengchao Shao <shaozhengchao(a)huawei.com> ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: config: fix iteration issue in 'usb_get_bos_descriptor()' Alan Stern <stern(a)rowland.harvard.edu> USB: core: Change configuration warnings to notices Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: fix race of netvsc and VF register_netdevice Patrick Wang <patrick.wang.shcn(a)gmail.com> rcu: Avoid tracing a few functions executed in stop machine Xin Long <lucien.xin(a)gmail.com> vlan: move dev_put into vlan_dev_uninit Xin Long <lucien.xin(a)gmail.com> vlan: introduce vlan_dev_free_egress_priority Max Nguyen <maxwell.nguyen(a)hp.com> Input: xpad - add HyperX Clutch Gladiate Support Filipe Manana <fdmanana(a)suse.com> btrfs: make error messages more clear when getting a chunk map Jann Horn <jannh(a)google.com> btrfs: send: ensure send_fd is writable Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one when checking chunk map includes logical address Bragatheswaran Manickavel <bragathemanick0908(a)gmail.com> btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() Qu Wenruo <wqu(a)suse.com> btrfs: add dmesg output for first mount and last unmount of a filesystem Helge Deller <deller(a)gmx.de> parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes Timothy Pearson <tpearson(a)raptorengineering.com> powerpc: Don't clobber f0/vs0 during fp|altivec register save Abdul Halim, Mohd Syazwan <mohd.syazwan.abdul.halim(a)intel.com> iommu/vt-d: Add MTL to quirk list to skip TE disabling Markus Weippert <markus(a)gekmihesg.de> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR Wu Bo <bo.wu(a)vivo.com> dm verity: don't perform FEC for failed readahead IO Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: align struct dm_verity_fec_io properly Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add supported ALC257 for ChromeOS Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Headset Mic VREF to 100% Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable power-save on KONTRON SinglePC Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Be sure to wait while busy in CQE error recovery Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Do not lose cache flush during CQE error recovery Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Retry commands in CQE error recovery Adrian Hunter <adrian.hunter(a)intel.com> mmc: cqhci: Fix task clearing in CQE error recovery Adrian Hunter <adrian.hunter(a)intel.com> mmc: cqhci: Warn of halt or task clear failure Adrian Hunter <adrian.hunter(a)intel.com> mmc: cqhci: Increase recovery halt timeout Yang Yingliang <yangyingliang(a)huawei.com> firewire: core: fix possible memory leak in create_units() Maria Yu <quic_aiquny(a)quicinc.com> pinctrl: avoid reload of p state in list iteration Adrian Hunter <adrian.hunter(a)intel.com> perf inject: Fix GEN_ELF_TEXT_OFFSET for jit ------------- Diffstat: Makefile | 4 +- arch/parisc/include/uapi/asm/errno.h | 2 - arch/powerpc/kernel/fpu.S | 13 ++++ arch/powerpc/kernel/vector.S | 2 + arch/powerpc/platforms/pseries/iommu.c | 8 +- drivers/cpufreq/imx6q-cpufreq.c | 32 ++++---- drivers/firewire/core-device.c | 11 +-- drivers/input/joystick/xpad.c | 2 + drivers/iommu/intel/dmar.c | 18 +++++ drivers/iommu/intel/iommu.c | 6 +- drivers/md/bcache/btree.c | 2 +- drivers/md/dm-verity-fec.c | 3 +- drivers/md/dm-verity-target.c | 4 +- drivers/md/dm-verity.h | 6 -- drivers/mmc/core/block.c | 2 + drivers/mmc/core/core.c | 9 ++- drivers/mmc/core/regulator.c | 41 ++++++++++ drivers/mmc/host/cqhci-core.c | 44 +++++------ drivers/mmc/host/sdhci-sprd.c | 25 ++++++ drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 8 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 7 +- drivers/net/ethernet/realtek/r8169_main.c | 23 +++++- drivers/net/ethernet/renesas/ravb.h | 4 + drivers/net/ethernet/renesas/ravb_main.c | 91 ++++++++++++++++++---- drivers/net/ethernet/renesas/ravb_ptp.c | 6 +- drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 + drivers/net/hyperv/netvsc_drv.c | 25 +++--- drivers/pinctrl/core.c | 6 +- drivers/usb/core/config.c | 85 ++++++++++---------- drivers/video/fbdev/sticore.h | 2 +- fs/btrfs/disk-io.c | 1 + fs/btrfs/ref-verify.c | 2 + fs/btrfs/send.c | 2 +- fs/btrfs/super.c | 5 +- fs/btrfs/volumes.c | 9 ++- fs/cifs/cifsfs.c | 1 + fs/cifs/xattr.c | 5 +- fs/inode.c | 16 ++++ include/linux/fs.h | 45 ++++++++++- include/linux/mmc/host.h | 3 + include/linux/platform_data/x86/soc.h | 65 ++++++++++++++++ include/linux/workqueue.h | 1 + include/uapi/linux/stddef.h | 2 +- kernel/rcu/tree_plugin.h | 8 +- kernel/workqueue.c | 9 +++ lib/errname.c | 6 -- net/8021q/vlan.h | 2 +- net/8021q/vlan_dev.c | 15 +++- net/8021q/vlan_netlink.c | 7 +- net/ipv4/igmp.c | 6 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/intel/common/soc-intel-quirks.h | 51 +----------- sound/soc/sof/sof-pci-dev.c | 62 +++++++++++---- tools/arch/parisc/include/uapi/asm/errno.h | 2 - tools/perf/util/genelf.h | 4 +- tools/perf/util/intel-pt.c | 2 + tools/testing/selftests/net/ipsec.c | 4 +- tools/testing/selftests/resctrl/Makefile | 4 +- tools/testing/selftests/resctrl/resctrl.h | 1 - 62 files changed, 606 insertions(+), 249 deletions(-)

1 year, 8 months

12
86
0 0

[PATCH] net: tls, update curr on splice as well

by John Fastabend

commit c5a595000e2677e865a39f249c056bc05d6e55fd upstream. Backport of upstream fix for tls on 5.x kernels. The curr pointer must also be updated on the splice similar to how we do this for other copy types. Cc: stable(a)vger.kernel.org # 5.15.x Cc: stable(a)vger.kernel.org # 5.10.x Cc: stable(a)vger.kernel.org # 5.4.x Reported-by: Jann Horn <jannh(a)google.com> Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") Signed-off-by: John Fastabend <john.fastabend(a)gmail.com> --- net/tls/tls_sw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 101d231c1b61..9ff3e4df2d6c 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1216,6 +1216,8 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, } sk_msg_page_add(msg_pl, page, copy, offset); + msg_pl->sg.copybreak = 0; + msg_pl->sg.curr = msg_pl->sg.end; sk_mem_charge(sk, copy); offset += copy; -- 2.33.0

1 year, 8 months

2
1
0 0

[PATCH v2] Bluetooth: Fix atomicity violation in {min,max}_key_size_set

by Gui-Dong Han

In min_key_size_set(): if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) return -EINVAL; hci_dev_lock(hdev); hdev->le_min_key_size = val; hci_dev_unlock(hdev); In max_key_size_set(): if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) return -EINVAL; hci_dev_lock(hdev); hdev->le_max_key_size = val; hci_dev_unlock(hdev); The atomicity violation occurs due to concurrent execution of set_min and set_max funcs.Consider a scenario where setmin writes a new, valid 'min' value, and concurrently, setmax writes a value that is greater than the old 'min' but smaller than the new 'min'. In this case, setmax might check against the old 'min' value (before acquiring the lock) but write its value after the 'min' has been updated by setmin. This leads to a situation where the 'max' value ends up being smaller than the 'min' value, which is an inconsistency. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 5.17. To resolve this issue, it is suggested to encompass the validity checks within the locked sections in both set_min and set_max funcs. The modification ensures that the validation of 'val' against the current min/max values is atomic, thus maintaining the integrity of the settings. With this patch applied, our tool no longer reports the bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 18f81241b74f ("Bluetooth: Move {min,max}_key_size debugfs ...") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * Adjust the format to pass the CI. --- net/bluetooth/hci_debugfs.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c index 6b7741f6e95b..3ffbf3f25363 100644 --- a/net/bluetooth/hci_debugfs.c +++ b/net/bluetooth/hci_debugfs.c @@ -1045,11 +1045,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get, static int min_key_size_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) + + hci_dev_lock(hdev); + if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_min_key_size = val; hci_dev_unlock(hdev); @@ -1073,11 +1075,13 @@ DEFINE_DEBUGFS_ATTRIBUTE(min_key_size_fops, min_key_size_get, static int max_key_size_set(void *data, u64 val) { struct hci_dev *hdev = data; - - if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) + + hci_dev_lock(hdev); + if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) { + hci_dev_unlock(hdev); return -EINVAL; + } - hci_dev_lock(hdev); hdev->le_max_key_size = val; hci_dev_unlock(hdev); -- 2.34.1

1 year, 8 months

1
1
0 0

[PATCH] drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

by Zack Rusin

vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null pointer or an error value. The invalid dereferences were only possible with malformed userspace apps which never properly initialized the rendering contexts. Check the results of vmw_context_cotable to fix the invalid derefs. Thanks: ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab who was the first person to discover it. Niels De Graef who reported it and helped to track down the poc. Fixes: 9c079b8ce8bf ("drm/vmwgfx: Adapt execbuf to the new validation api") Cc: <stable(a)vger.kernel.org> # v4.20+ Reported-by: Niels De Graef <ndegraef(a)redhat.com> Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Cc: Martin Krastev <martin.krastev(a)broadcom.com> Cc: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Cc: Ian Forbes <ian.forbes(a)broadcom.com> Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org --- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c index 272141b6164c..4f09959d27ba 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c @@ -447,7 +447,7 @@ static int vmw_resource_context_res_add(struct vmw_private *dev_priv, vmw_res_type(ctx) == vmw_res_dx_context) { for (i = 0; i < cotable_max; ++i) { res = vmw_context_cotable(ctx, i); - if (IS_ERR(res)) + if (IS_ERR_OR_NULL(res)) continue; ret = vmw_execbuf_res_val_add(sw_context, res, @@ -1266,6 +1266,8 @@ static int vmw_cmd_dx_define_query(struct vmw_private *dev_priv, return -EINVAL; cotable_res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_DXQUERY); + if (IS_ERR_OR_NULL(cotable_res)) + return cotable_res ? PTR_ERR(cotable_res) : -EINVAL; ret = vmw_cotable_notify(cotable_res, cmd->body.queryId); return ret; @@ -2484,6 +2486,8 @@ static int vmw_cmd_dx_view_define(struct vmw_private *dev_priv, return ret; res = vmw_context_cotable(ctx_node->ctx, vmw_view_cotables[view_type]); + if (IS_ERR_OR_NULL(res)) + return res ? PTR_ERR(res) : -EINVAL; ret = vmw_cotable_notify(res, cmd->defined_id); if (unlikely(ret != 0)) return ret; @@ -2569,8 +2573,8 @@ static int vmw_cmd_dx_so_define(struct vmw_private *dev_priv, so_type = vmw_so_cmd_to_type(header->id); res = vmw_context_cotable(ctx_node->ctx, vmw_so_cotables[so_type]); - if (IS_ERR(res)) - return PTR_ERR(res); + if (IS_ERR_OR_NULL(res)) + return res ? PTR_ERR(res) : -EINVAL; cmd = container_of(header, typeof(*cmd), header); ret = vmw_cotable_notify(res, cmd->defined_id); @@ -2689,6 +2693,8 @@ static int vmw_cmd_dx_define_shader(struct vmw_private *dev_priv, return -EINVAL; res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_DXSHADER); + if (IS_ERR_OR_NULL(res)) + return res ? PTR_ERR(res) : -EINVAL; ret = vmw_cotable_notify(res, cmd->body.shaderId); if (ret) return ret; @@ -3010,6 +3016,8 @@ static int vmw_cmd_dx_define_streamoutput(struct vmw_private *dev_priv, } res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_STREAMOUTPUT); + if (IS_ERR_OR_NULL(res)) + return res ? PTR_ERR(res) : -EINVAL; ret = vmw_cotable_notify(res, cmd->body.soid); if (ret) return ret; -- 2.40.1

1 year, 8 months

3
2
0 0

[PATCH v2] [media] xc4000: Fix atomicity violation in xc4000_get_frequency

by Gui-Dong Han

In xc4000_get_frequency(): *freq = priv->freq_hz + priv->freq_offset; The code accesses priv->freq_hz and priv->freq_offset without holding any lock. In xc4000_set_params(): // Code that updates priv->freq_hz and priv->freq_offset ... xc4000_get_frequency() and xc4000_set_params() may execute concurrently, risking inconsistent reads of priv->freq_hz and priv->freq_offset. Since these related data may update during reading, it can result in incorrect frequency calculation, leading to atomicity violations. This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 6.2. To address this issue, it is proposed to add a mutex lock pair in xc4000_get_frequency() to ensure atomicity. With this patch applied, our tool no longer reports the possible bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: 4c07e32884ab6 ("[media] xc4000: Fix get_frequency()") Cc: stable(a)vger.kernel.org Reported-by: BassCheck <bass(a)buaa.edu.cn> Signed-off-by: Gui-Dong Han <2045gemini(a)gmail.com> --- v2: * In this patch v2, we've added some information of the static analysis tool used, as per the researcher guidelines. Also, we've added a cc in the signed-off-by area, according to the stable-kernel-rules. Thank Greg KH for helpful advice. --- drivers/media/tuners/xc4000.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/tuners/xc4000.c b/drivers/media/tuners/xc4000.c index 57ded9ff3f04..29bc63021c5a 100644 --- a/drivers/media/tuners/xc4000.c +++ b/drivers/media/tuners/xc4000.c @@ -1515,10 +1515,10 @@ static int xc4000_get_frequency(struct dvb_frontend *fe, u32 *freq) { struct xc4000_priv *priv = fe->tuner_priv; + mutex_lock(&priv->lock); *freq = priv->freq_hz + priv->freq_offset; if (debug) { - mutex_lock(&priv->lock); if ((priv->cur_fw.type & (BASE | FM | DTV6 | DTV7 | DTV78 | DTV8)) == BASE) { u16 snr = 0; @@ -1529,8 +1529,8 @@ static int xc4000_get_frequency(struct dvb_frontend *fe, u32 *freq) return 0; } } - mutex_unlock(&priv->lock); } + mutex_unlock(&priv->lock); dprintk(1, "%s()\n", __func__); -- 2.34.1

1 year, 8 months

1
1
0 0

[PATCH 18/19] drm/amd/display: Align the returned error code with legacy DP

by Alex Hung

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why] For usb4 connector, AUX transaction is handled by dmub utilizing a differnt code path comparing to legacy DP connector. If the usb4 DP connector is disconnected, AUX access will report EBUSY and cause igt@kms_dp_aux_dev fail. [How] Align the error code with the one reported by legacy DP as EIO. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index d3966ce3dc91..e3915c4f8566 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -978,6 +978,11 @@ int dm_helper_dmub_aux_transfer_sync( struct aux_payload *payload, enum aux_return_code_type *operation_result) { + if (!link->hpd_status) { + *operation_result = AUX_RET_ERROR_HPD_DISCON; + return -1; + } + return amdgpu_dm_process_dmub_aux_transfer_sync(ctx, link->link_index, payload, operation_result); } -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 08/19] drm/amd/display: Fix DML2 watermark calculation

by Alex Hung

From: Ovidiu Bunea <ovidiu.bunea(a)amd.com> [Why] core_mode_programming in DML2 should output watermark calculations to locals, but it incorrectly uses mode_lib [How] update code to match HW DML2 Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ovidiu Bunea <ovidiu.bunea(a)amd.com> --- .../drm/amd/display/dc/dml2/display_mode_core.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c b/drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c index a6b938a12de1..9be5ebf3a8c0 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c @@ -9446,13 +9446,13 @@ void dml_core_mode_programming(struct display_mode_lib_st *mode_lib, const struc CalculateWatermarks_params->CompressedBufferSizeInkByte = locals->CompressedBufferSizeInkByte; // Output - CalculateWatermarks_params->Watermark = &s->dummy_watermark; // Watermarks *Watermark - CalculateWatermarks_params->DRAMClockChangeSupport = &mode_lib->ms.support.DRAMClockChangeSupport[0]; - CalculateWatermarks_params->MaxActiveDRAMClockChangeLatencySupported = &s->dummy_single_array[0][0]; // dml_float_t *MaxActiveDRAMClockChangeLatencySupported[] - CalculateWatermarks_params->SubViewportLinesNeededInMALL = &mode_lib->ms.SubViewportLinesNeededInMALL[j]; // dml_uint_t SubViewportLinesNeededInMALL[] - CalculateWatermarks_params->FCLKChangeSupport = &mode_lib->ms.support.FCLKChangeSupport[0]; - CalculateWatermarks_params->MaxActiveFCLKChangeLatencySupported = &s->dummy_single[0]; // dml_float_t *MaxActiveFCLKChangeLatencySupported - CalculateWatermarks_params->USRRetrainingSupport = &mode_lib->ms.support.USRRetrainingSupport[0]; + CalculateWatermarks_params->Watermark = &locals->Watermark; // Watermarks *Watermark + CalculateWatermarks_params->DRAMClockChangeSupport = &locals->DRAMClockChangeSupport; + CalculateWatermarks_params->MaxActiveDRAMClockChangeLatencySupported = locals->MaxActiveDRAMClockChangeLatencySupported; // dml_float_t *MaxActiveDRAMClockChangeLatencySupported[] + CalculateWatermarks_params->SubViewportLinesNeededInMALL = locals->SubViewportLinesNeededInMALL; // dml_uint_t SubViewportLinesNeededInMALL[] + CalculateWatermarks_params->FCLKChangeSupport = &locals->FCLKChangeSupport; + CalculateWatermarks_params->MaxActiveFCLKChangeLatencySupported = &locals->MaxActiveFCLKChangeLatencySupported; // dml_float_t *MaxActiveFCLKChangeLatencySupported + CalculateWatermarks_params->USRRetrainingSupport = &locals->USRRetrainingSupport; CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport( &mode_lib->scratch, -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 07/19] drm/amd/display: Clear OPTC mem select on disable

by Alex Hung

From: Ilya Bakoulin <ilya.bakoulin(a)amd.com> [Why] Not clearing the memory select bits prior to OPTC disable can cause DSC corruption issues when attempting to reuse a memory instance for another OPTC that enables ODM. [How] Clear the memory select bits prior to disabling an OPTC. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ilya Bakoulin <ilya.bakoulin(a)amd.com> --- drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 +++ drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c index 1788eb29474b..823493543325 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c @@ -173,6 +173,9 @@ static bool optc32_disable_crtc(struct timing_generator *optc) OPTC_SEG3_SRC_SEL, 0xf, OPTC_NUM_OF_INPUT_SEGMENT, 0); + REG_UPDATE(OPTC_MEMORY_CONFIG, + OPTC_MEM_SEL, 0); + /* disable otg request until end of the first line * in the vertical blank region */ diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c index 3d6c1b2c2b4d..5b1547508850 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn35/dcn35_optc.c @@ -145,6 +145,9 @@ static bool optc35_disable_crtc(struct timing_generator *optc) OPTC_SEG3_SRC_SEL, 0xf, OPTC_NUM_OF_INPUT_SEGMENT, 0); + REG_UPDATE(OPTC_MEMORY_CONFIG, + OPTC_MEM_SEL, 0); + /* disable otg request until end of the first line * in the vertical blank region */ -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 05/19] drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [Why] We can experience DENTIST hangs during optimize_bandwidth or TDRs if FIFO is toggled and hangs. [How] Port the DCN35 fixes to DCN314. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> --- .../dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c index 878c0e7b78ab..a84f1e376dee 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c @@ -145,30 +145,27 @@ static int dcn314_get_active_display_cnt_wa( return display_count; } -static void dcn314_disable_otg_wa(struct clk_mgr *clk_mgr_base, struct dc_state *context, bool disable) +static void dcn314_disable_otg_wa(struct clk_mgr *clk_mgr_base, struct dc_state *context, + bool safe_to_lower, bool disable) { struct dc *dc = clk_mgr_base->ctx->dc; int i; for (i = 0; i < dc->res_pool->pipe_count; ++i) { - struct pipe_ctx *pipe = &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe = safe_to_lower + ? &context->res_ctx.pipe_ctx[i] + : &dc->current_state->res_ctx.pipe_ctx[i]; if (pipe->top_pipe || pipe->prev_odm_pipe) continue; if (pipe->stream && (pipe->stream->dpms_off || dc_is_virtual_signal(pipe->stream->signal))) { - struct stream_encoder *stream_enc = pipe->stream_res.stream_enc; - if (disable) { - if (stream_enc && stream_enc->funcs->disable_fifo) - pipe->stream_res.stream_enc->funcs->disable_fifo(stream_enc); + if (pipe->stream_res.tg && pipe->stream_res.tg->funcs->immediate_disable_crtc) + pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg); - pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg); reset_sync_context_for_pipe(dc, context, i); } else { pipe->stream_res.tg->funcs->enable_crtc(pipe->stream_res.tg); - - if (stream_enc && stream_enc->funcs->enable_fifo) - pipe->stream_res.stream_enc->funcs->enable_fifo(stream_enc); } } } @@ -297,11 +294,11 @@ void dcn314_update_clocks(struct clk_mgr *clk_mgr_base, } if (should_set_clock(safe_to_lower, new_clocks->dispclk_khz, clk_mgr_base->clks.dispclk_khz)) { - dcn314_disable_otg_wa(clk_mgr_base, context, true); + dcn314_disable_otg_wa(clk_mgr_base, context, safe_to_lower, true); clk_mgr_base->clks.dispclk_khz = new_clocks->dispclk_khz; dcn314_smu_set_dispclk(clk_mgr, clk_mgr_base->clks.dispclk_khz); - dcn314_disable_otg_wa(clk_mgr_base, context, false); + dcn314_disable_otg_wa(clk_mgr_base, context, safe_to_lower, false); update_dispclk = true; } -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 04/19] drm/amd/display: Add logging resource checks

by Alex Hung

From: Charlene Liu <charlene.liu(a)amd.com> [Why] When mapping resources, resources could be unavailable. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Sung joon Kim <sungjoon.kim(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Charlene Liu <charlene.liu(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 +++- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 4 ++++ drivers/gpu/drm/amd/display/dc/core/dc_state.c | 5 +++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 69e726630241..aa7c02ba948e 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3522,7 +3522,7 @@ static void commit_planes_for_stream(struct dc *dc, top_pipe_to_program = resource_get_otg_master_for_stream( &context->res_ctx, stream); - + ASSERT(top_pipe_to_program != NULL); for (i = 0; i < dc->res_pool->pipe_count; i++) { struct pipe_ctx *old_pipe = &dc->current_state->res_ctx.pipe_ctx[i]; @@ -4345,6 +4345,8 @@ static bool should_commit_minimal_transition_for_windowed_mpo_odm(struct dc *dc, cur_pipe = resource_get_otg_master_for_stream(&dc->current_state->res_ctx, stream); new_pipe = resource_get_otg_master_for_stream(&context->res_ctx, stream); + if (!cur_pipe || !new_pipe) + return false; cur_is_odm_in_use = resource_get_odm_slice_count(cur_pipe) > 1; new_is_odm_in_use = resource_get_odm_slice_count(new_pipe) > 1; if (cur_is_odm_in_use == new_is_odm_in_use) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index f2abc1096ffb..9fbdb09697fd 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -2194,6 +2194,10 @@ void resource_log_pipe_topology_update(struct dc *dc, struct dc_state *state) for (stream_idx = 0; stream_idx < state->stream_count; stream_idx++) { otg_master = resource_get_otg_master_for_stream( &state->res_ctx, state->streams[stream_idx]); + if (!otg_master || otg_master->stream_res.tg == NULL) { + DC_LOG_DC("topology update: otg_master NULL stream_idx %d!\n", stream_idx); + return; + } slice_count = resource_get_opp_heads_for_otg_master(otg_master, &state->res_ctx, opp_heads); for (slice_idx = 0; slice_idx < slice_count; slice_idx++) { diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index 56feee0ff01b..88c6436b28b6 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -434,8 +434,9 @@ bool dc_state_add_plane( otg_master_pipe = resource_get_otg_master_for_stream( &state->res_ctx, stream); - added = resource_append_dpp_pipes_for_plane_composition(state, - dc->current_state, pool, otg_master_pipe, plane_state); + if (otg_master_pipe) + added = resource_append_dpp_pipes_for_plane_composition(state, + dc->current_state, pool, otg_master_pipe, plane_state); if (added) { stream_status->plane_states[stream_status->plane_count] = -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH 02/19] drm/amd/display: Init link enc resources in dc_state only if res_pool presents

by Alex Hung

From: Dillon Varone <dillon.varone(a)amd.com> [Why & How] res_pool is not initialized in all situations such as virtual environments, and therefore link encoder resources should not be initialized if res_pool is NULL. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Martin Leung <martin.leung(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index 460a8010c79f..56feee0ff01b 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -267,7 +267,8 @@ void dc_state_construct(struct dc *dc, struct dc_state *state) state->clk_mgr = dc->clk_mgr; /* Initialise DIG link encoder resource tracking variables. */ - link_enc_cfg_init(dc, state); + if (dc->res_pool) + link_enc_cfg_init(dc, state); } void dc_state_destruct(struct dc_state *state) -- 2.34.1

1 year, 8 months

1
0
0 0

Linux 6.6.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.11 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-sunxi/mc_smp.c | 4 arch/powerpc/platforms/pseries/vas.c | 51 +- arch/powerpc/platforms/pseries/vas.h | 2 arch/riscv/kernel/cpufeature.c | 4 arch/riscv/kvm/aia_imsic.c | 13 arch/s390/kvm/vsie.c | 4 arch/x86/events/intel/core.c | 7 arch/x86/kernel/kprobes/core.c | 3 crypto/xts.c | 23 drivers/accel/qaic/mhi_controller.c | 15 drivers/accel/qaic/qaic_data.c | 6 drivers/acpi/thermal.c | 4 drivers/clk/clk-si521xx.c | 4 drivers/clk/rockchip/clk-rk3128.c | 22 drivers/crypto/hisilicon/qm.c | 105 +--- drivers/crypto/intel/qat/qat_common/adf_aer.c | 3 drivers/cxl/core/hdm.c | 9 drivers/cxl/core/mbox.c | 2 drivers/cxl/core/memdev.c | 31 + drivers/cxl/core/pmu.c | 2 drivers/cxl/core/port.c | 7 drivers/cxl/core/region.c | 5 drivers/cxl/cxl.h | 1 drivers/dma/fsl-edma-main.c | 12 drivers/dma/idxd/submit.c | 14 drivers/dma/ti/k3-psil-am62.c | 12 drivers/dma/ti/k3-psil-am62a.c | 12 drivers/firewire/ohci.c | 51 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 11 drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 drivers/gpu/drm/amd/display/dc/dml/dc_features.h | 2 drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 110 ++++ drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c | 13 drivers/gpu/drm/bridge/parade-ps8640.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 drivers/gpu/drm/i915/display/intel_display.c | 3 drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/gpu/drm/i915/i915_perf.c | 39 + drivers/gpu/drm/mgag200/mgag200_drv.h | 5 drivers/gpu/drm/mgag200/mgag200_g200er.c | 5 drivers/gpu/drm/mgag200/mgag200_g200ev.c | 5 drivers/gpu/drm/mgag200/mgag200_g200se.c | 5 drivers/gpu/drm/mgag200/mgag200_mode.c | 10 drivers/i2c/i2c-core.h | 4 drivers/iio/imu/adis16475.c | 4 drivers/infiniband/hw/mlx5/mr.c | 2 drivers/iommu/intel/iommu.c | 5 drivers/iommu/intel/iommu.h | 3 drivers/media/platform/qcom/camss/camss-csid-gen2.c | 14 drivers/media/platform/qcom/camss/camss.c | 45 + drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 - drivers/mmc/host/sdhci-sprd.c | 10 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/intel/ice/ice_main.c | 12 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 + drivers/net/ethernet/intel/igc/igc_tsn.c | 2 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 17 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 118 ---- drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 drivers/net/ethernet/qlogic/qla3xxx.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 65 +- drivers/net/ethernet/sfc/rx_common.c | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 82 --- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 drivers/net/usb/ax88172a.c | 4 drivers/net/virtio_net.c | 90 +-- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 drivers/pci/pci.c | 6 drivers/pci/pci.h | 2 drivers/pci/pcie/aspm.c | 19 drivers/phy/mediatek/phy-mtk-mipi-dsi-mt8183.c | 2 drivers/phy/sunplus/phy-sunplus-usb2.c | 2 drivers/phy/ti/phy-gmii-sel.c | 5 fs/dax.c | 24 - fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 7 fs/smb/client/smb2ops.c | 34 - include/linux/dax.h | 10 include/linux/hisi_acc_qm.h | 1 include/net/netfilter/nf_tables_ipv4.h | 2 include/net/sock.h | 4 include/net/tcp.h | 2 include/net/xdp_sock.h | 2 kernel/rcu/rcu.h | 2 kernel/rcu/tasks.h | 32 + kernel/rcu/tree.c | 43 + kernel/resource.c | 4 mm/memory-failure.c | 52 +- mm/memory.c | 4 mm/vmscan.c | 13 net/core/skbuff.c | 3 net/core/sock.c | 12 net/dns_resolver/dns_key.c | 19 net/ipv4/tcp.c | 3 net/ipv4/tcp_output.c | 16 net/mptcp/subflow.c | 13 net/netfilter/nf_nat_ovs.c | 3 net/netfilter/nf_tables_core.c | 2 net/netfilter/nft_immediate.c | 2 net/nfc/llcp_core.c | 39 + net/sched/em_text.c | 4 net/smc/smc_diag.c | 3 net/socket.c | 2 net/xdp/xsk.c | 2 net/xdp/xsk_buff_pool.c | 3 samples/vfio-mdev/mtty.c | 239 ++++++--- security/apparmor/apparmorfs.c | 1 security/apparmor/mount.c | 4 sound/pci/hda/patch_realtek.c | 3 sound/pci/hda/tas2781_hda_i2c.c | 240 +++++----- sound/soc/codecs/tas2781-comlib.c | 4 sound/soc/codecs/tas2781-i2c.c | 2 sound/soc/fsl/fsl_rpmsg.c | 10 sound/soc/mediatek/mt8186/mt8186-dai-adda.c | 2 sound/soc/meson/g12a-toacodec.c | 5 sound/soc/meson/g12a-tohdmitx.c | 8 tools/bpf/bpftool/gen.c | 15 tools/testing/cxl/Kbuild | 1 tools/testing/cxl/cxl_core_exports.c | 7 tools/testing/cxl/test/cxl.c | 5 tools/testing/selftests/drivers/net/bonding/bond-arp-interval-causes-panic.sh | 6 135 files changed, 1442 insertions(+), 837 deletions(-) Aabish Malik (1): ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Alex Bee (1): clk: rockchip: rk3128: Fix SCLK_SDMMC's clock name Alex Deucher (3): drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml drm/amdgpu: skip gpu_info fw loading on navi12 drm/amd/display: add nv12 bounding box Alex Williamson (1): vfio/mtty: Overhaul mtty interrupt handling Alison Schofield (3): cxl/core: Always hold region_rwsem while reading poison lists kernel/resource: Increment by align value in get_free_mem_region() cxl/memdev: Hold region_rwsem during inject and clear poison ops Alvin Lee (1): drm/amd/display: Increase num voltage states to 40 Andrew Davis (1): phy: ti: gmii-sel: Fix register offset when parent is not a syscon node Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook Benjamin Bara (1): i2c: core: Fix atomic xfer check for non-preempt config Bjorn Helgaas (1): Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Brad Cowie (1): netfilter: nf_nat: fix action not being set for all ct states Bryan O'Donoghue (3): media: qcom: camss: Fix V4L2 async notifier error path media: qcom: camss: Fix genpd cleanup media: qcom: camss: Comment CSID dt_id field Chancel Liu (1): ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Chen Ni (1): asix: Add check for usbnet_get_endpoints Claudio Imbrenda (1): KVM: s390: vsie: fix wrong VIR 37 when MSO is used Claudiu Beznea (1): net: ravb: Wait for operating mode to be applied Dan Carpenter (1): ACPI: thermal: Fix acpi_thermal_unregister_thermal_zone() cleanup Dave Jiang (3): cxl: Add cxl_decoders_committed() helper cxl: Add cxl_num_decoders_committed() usage to cxl_test cxl/hdm: Fix a benign lockdep splat David Thompson (1): mlxbf_gige: fix receive packet race condition Denys Zagorui (1): bpftool: Fix -Wcast-qual warning Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Douglas Anderson (3): drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer drm/bridge: ps8640: Fix size mismatch warning w/ len Edward Adam Davis (1): keys, dns: Fix missing size check of V1 server-list header Eric Biggers (1): crypto: xts - use 'spawn' for underlying single-block cipher Eric Dumazet (4): virtio_net: avoid data-races on dev->stats fields tcp: derive delack_max from rto_min net: prevent mss overflow in skb_segment() net: constify sk_dst_get() and __sk_dst_get() argument Eugen Hristev (1): ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset Finley Xiao (1): clk: rockchip: rk3128: Fix aclk_peri_src's parent Frederic Weisbecker (3): rcu: Introduce rcu_cpu_online() rcu/tasks: Handle new PF_IDLE semantics rcu/tasks-trace: Handle new PF_IDLE semantics Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Gergo Koteles (3): ALSA: hda/tas2781: do not use regcache ALSA: hda/tas2781: move set_drv_data outside tasdevice_init ALSA: hda/tas2781: remove sound controls in unbind Greg Kroah-Hartman (1): Linux 6.6.11 Guanjun (1): dmaengine: idxd: Protect int_handle field in hw descriptor Hangbin Liu (1): selftests: bonding: do not set port down when adding to bond Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Haren Myneni (1): powerpc/pseries/vas: Migration suspend waits for no in-progress open windows Ian Rogers (1): bpftool: Align output skeleton ELF code Ira Weiny (1): cxl/pmu: Ensure put_device on pmu devices Jai Luthra (1): dmaengine: ti: k3-psil-am62a: Fix SPI PDMA data Jeffrey Hugo (1): accel/qaic: Implement quirk for SOC_HW_VERSION Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug Jinghao Jia (1): x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Jisheng Zhang (1): riscv: don't probe unaligned access speed if already done Jocelyn Falempe (1): drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE Johannes Berg (1): wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ John Johansen (1): apparmor: Fix move_mount mediation by detecting if source is detached Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Joshua Ashton (1): drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR Jörn-Thorben Hinz (1): net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Kai-Heng Feng (1): r8169: Fix PCI error on system resume Katarzyna Wieczerzycka (1): ice: Fix link_down_on_close message Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Khaled Almahallawy (1): drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Kurt Kanzenbach (3): igc: Report VLAN EtherType matching back to user igc: Check VLAN TCI mask igc: Check VLAN EtherType mask Longfang Liu (1): crypto: hisilicon/qm - fix EQ/AEQ interrupt issue Lu Baolu (1): iommu/vt-d: Support enforce_cache_coherency only for empty domains Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Marek Vasut (1): clk: si521xx: Increase stack based print buffer size in probe Mark Brown (4): ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Matthew Wilcox (Oracle) (2): mm: convert DAX lock/unlock page to lock/unlock folio mm/memory-failure: pass the folio and the page to collect_procs() Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Michael Walle (1): phy: mediatek: mipi: mt8183: fix minimal supported frequency Moshe Shemesh (1): RDMA/mlx5: Fix mkey cache WQ flush Naveen Mamindlapalli (2): octeontx2-af: Always configure NIX TX link credits based on max frame size octeontx2-af: Re-enable MAC TX in otx2_stop processing Ngai-Mint Kwan (1): ice: Shut down VSI with "link-down-on-close" enabled Nuno Sa (1): iio: imu: adis16475: use bit numbers in assign_bit() Pablo Neira Ayuso (2): netfilter: nf_tables: set transport offset from mac header for netdev/egress netfilter: nft_immediate: drop chain reference counter on error Paolo Abeni (1): mptcp: prevent tcp diag from closing listener subflows Paolo Bonzini (1): KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL Peter Zijlstra (1): rcu: Break rcu_node_0 --> &rq->__lock order Pranjal Ramajor Asha Kanojiya (1): accel/qaic: Fix GEM import path code Rodrigo Cataldo (1): igc: Fix hicredit calculation Ronald Wahl (1): dmaengine: ti: k3-psil-am62: Fix SPI PDMA data Shyam Prasad N (2): cifs: cifs_chan_is_iface_active should be called with chan_lock held cifs: do not depend on release_iface for maintaining iface_list Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Siddhesh Dharme (1): ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Su Hui (1): phy: sunplus: return negative error code in sp_usb_phy_probe Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Suman Ghosh (1): octeontx2-af: Fix marking couple of structure as __packed Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Thomas Lange (1): net: Implement missing SO_TIMESTAMPING_NEW cmsg support Tirthendu Sarkar (1): xsk: add multi-buffer support for sockets sharing umem Umesh Nerlige Ramappa (1): drm/i915/perf: Update handling of MMIO triggered reports Ville Syrjälä (1): drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled Wayne Lin (1): drm/amd/display: pbn_div need be updated for hotplug event Wen Gu (1): net/smc: fix invalid link access in dumping SMC-R connections Wenchao Chen (1): mmc: sdhci-sprd: Fix eMMC init failure after hw reset Xiaolei Wang (2): dmaengine: fsl-edma: Do not suspend and resume the masked dma channel when the system is sleeping dmaengine: fsl-edma: Add judgment on enabling round robin arbitration Xuan Zhuo (1): virtio_net: fix missing dma unmap for resize Yang Yingliang (1): dmaengine: fsl-edma: fix wrong pointer check in fsl_edma3_attach_pd() Yong-Xuan Wang (1): RISCV: KVM: update external interrupt atomically for IMSIC swfile Yu Zhao (1): mm/mglru: skip special VMAs in lru_gen_look_around() Zhipeng Lu (1): sfc: fix a double-free bug in efx_probe_filters Ziyang Huang (1): mmc: meson-mx-sdhc: Fix initialization frozen issue duanqiangwen (1): net: libwx: fix memory leak on free page

1 year, 8 months

1
1
0 0

Linux 6.1.72

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.72 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 2 Makefile | 2 arch/Kconfig | 3 arch/arm/mach-sunxi/mc_smp.c | 4 arch/arm64/boot/dts/qcom/sdm845-cheza.dtsi | 24 arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 4 arch/arm64/boot/dts/qcom/sdm845-lg-common.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845-mtp.dts | 6 arch/arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts | 6 arch/arm64/boot/dts/qcom/sdm845-sony-xperia-tama.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845-xiaomi-beryllium.dts | 2 arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 6 arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 2 arch/arm64/boot/dts/qcom/sdm850-samsung-w737.dts | 2 arch/s390/kernel/perf_cpum_cf.c | 35 arch/s390/mm/vmem.c | 8 arch/x86/events/intel/core.c | 7 arch/x86/kernel/kprobes/core.c | 3 arch/x86/net/bpf_jit_comp.c | 150 +-- block/bdev.c | 2 block/blk-mq.c | 75 - block/fops.c | 21 drivers/base/memory.c | 18 drivers/firewire/ohci.c | 51 + drivers/firmware/arm_scmi/perf.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 110 ++ drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 drivers/gpu/drm/i915/display/intel_dp.c | 2 drivers/gpu/drm/mgag200/mgag200_drv.h | 5 drivers/gpu/drm/mgag200/mgag200_g200er.c | 5 drivers/gpu/drm/mgag200/mgag200_g200ev.c | 5 drivers/gpu/drm/mgag200/mgag200_g200se.c | 5 drivers/gpu/drm/mgag200/mgag200_mode.c | 10 drivers/i2c/i2c-core.h | 4 drivers/interconnect/qcom/sm8250.c | 1 drivers/media/platform/qcom/camss/camss-csid-gen2.c | 68 + drivers/media/platform/qcom/camss/camss-csid.c | 44 - drivers/media/platform/qcom/camss/camss-csid.h | 11 drivers/mmc/core/block.c | 7 drivers/mmc/core/host.c | 1 drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 drivers/mmc/host/sdhci-sprd.c | 10 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 7 drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 drivers/net/ethernet/intel/i40e/i40e_main.c | 11 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/intel/ice/ice_main.c | 12 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 drivers/net/ethernet/intel/igc/igc_tsn.c | 2 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 35 drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 6 drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 5 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 11 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 43 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 120 -- drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 4 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.h | 3 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 drivers/net/ethernet/qlogic/qla3xxx.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 65 - drivers/net/ethernet/sfc/rx_common.c | 4 drivers/net/gtp.c | 4 drivers/net/usb/ax88172a.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-prph.h | 4 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 drivers/pci/pci.c | 6 drivers/pci/pci.h | 2 drivers/pci/pcie/aspm.c | 19 drivers/video/fbdev/imsttfb.c | 6 fs/9p/cache.c | 2 fs/afs/internal.h | 2 fs/btrfs/delalloc-space.c | 2 fs/btrfs/file-item.c | 2 fs/btrfs/file.c | 2 fs/btrfs/inode.c | 16 fs/btrfs/ordered-data.c | 7 fs/btrfs/ordered-data.h | 2 fs/btrfs/qgroup.c | 25 fs/btrfs/qgroup.h | 4 fs/cachefiles/namei.c | 2 fs/ceph/cache.c | 2 fs/ext4/move_extent.c | 48 - fs/f2fs/checkpoint.c | 2 fs/f2fs/compress.c | 15 fs/f2fs/data.c | 12 fs/f2fs/dir.c | 2 fs/f2fs/f2fs.h | 35 fs/f2fs/file.c | 11 fs/f2fs/inode.c | 18 fs/f2fs/node.h | 20 fs/f2fs/super.c | 26 fs/f2fs/sysfs.c | 2 fs/inode.c | 2 fs/nfs/fscache.c | 3 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 7 fs/smb/client/fscache.c | 2 fs/smb/client/inode.c | 2 fs/smb/client/smb2file.c | 2 fs/smb/client/smb2misc.c | 2 fs/smb/client/smb2ops.c | 48 - fs/smb/client/smb2pdu.c | 16 fs/smb/client/smb2pdu.h | 2 fs/smb/common/smb2pdu.h | 42 fs/smb/server/smb2ops.c | 8 fs/smb/server/smb2pdu.c | 8 fs/splice.c | 34 include/linux/bpf.h | 13 include/linux/bpf_verifier.h | 1 include/linux/f2fs_fs.h | 9 include/linux/fs.h | 1 include/linux/group_cpus.h | 14 include/linux/net.h | 1 include/linux/pagemap.h | 33 include/linux/skmsg.h | 1 include/linux/socket.h | 3 include/linux/splice.h | 1 include/linux/udp.h | 69 - include/net/af_unix.h | 1 include/net/inet_common.h | 1 include/net/ip.h | 2 include/net/netfilter/nf_conntrack_act_ct.h | 30 include/net/netfilter/nf_flow_table.h | 21 include/net/netfilter/nf_tables_ipv4.h | 6 include/net/sock.h | 23 include/net/tcp.h | 1 include/net/udp.h | 1 include/net/udp_tunnel.h | 9 io_uring/net.c | 2 kernel/bpf/core.c | 25 kernel/bpf/trampoline.c | 4 kernel/bpf/verifier.c | 162 ++- kernel/cpu.c | 42 kernel/irq/affinity.c | 405 --------- kernel/rcu/srcutree.c | 31 kernel/trace/ring_buffer.c | 4 lib/Makefile | 2 lib/group_cpus.c | 438 ++++++++++ mm/filemap.c | 2 mm/huge_memory.c | 3 mm/internal.h | 11 mm/khugepaged.c | 22 mm/memory-failure.c | 9 mm/memory.c | 4 mm/memory_hotplug.c | 15 mm/migrate.c | 3 mm/page-writeback.c | 2 mm/truncate.c | 6 mm/vmscan.c | 8 net/can/j1939/socket.c | 10 net/can/raw.c | 1 net/core/skbuff.c | 10 net/core/skmsg.c | 2 net/core/sock.c | 16 net/core/sock_map.c | 2 net/dns_resolver/dns_key.c | 19 net/ethtool/netlink.c | 2 net/ipv4/af_inet.c | 18 net/ipv4/ip_output.c | 4 net/ipv4/ip_sockglue.c | 2 net/ipv4/tcp.c | 20 net/ipv4/tcp_ipv4.c | 1 net/ipv4/udp.c | 106 -- net/ipv4/udp_offload.c | 4 net/ipv4/udp_tunnel_core.c | 2 net/ipv4/xfrm4_input.c | 4 net/ipv6/af_inet6.c | 1 net/ipv6/ip6_output.c | 4 net/ipv6/ping.c | 2 net/ipv6/raw.c | 2 net/ipv6/tcp_ipv6.c | 1 net/ipv6/udp.c | 38 net/ipv6/xfrm6_input.c | 4 net/l2tp/l2tp_core.c | 6 net/mptcp/subflow.c | 13 net/netfilter/ipvs/ip_vs_xmit.c | 2 net/netfilter/nf_flow_table_core.c | 13 net/netfilter/nf_flow_table_inet.c | 2 net/netfilter/nf_flow_table_ip.c | 4 net/netfilter/nf_flow_table_offload.c | 18 net/netfilter/nf_log_syslog.c | 2 net/netfilter/nf_tables_core.c | 2 net/netfilter/nft_immediate.c | 2 net/netfilter/xt_length.c | 2 net/nfc/llcp_core.c | 39 net/openvswitch/conntrack.c | 2 net/sched/act_ct.c | 165 ++- net/sched/em_text.c | 4 net/smc/smc_diag.c | 3 net/socket.c | 29 net/unix/af_unix.c | 2 net/unix/unix_bpf.c | 5 sound/pci/hda/patch_realtek.c | 4 sound/soc/fsl/fsl_rpmsg.c | 10 sound/soc/mediatek/mt8186/mt8186-dai-adda.c | 2 sound/soc/meson/g12a-toacodec.c | 5 sound/soc/meson/g12a-tohdmitx.c | 8 tools/testing/selftests/bpf/verifier/ld_imm64.c | 8 tools/testing/selftests/drivers/net/bonding/bond-arp-interval-causes-panic.sh | 6 tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 tools/testing/selftests/vm/memfd_secret.c | 3 214 files changed, 2400 insertions(+), 1451 deletions(-) Aabish Malik (1): ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Alex Deucher (2): drm/amdgpu: skip gpu_info fw loading on navi12 drm/amd/display: add nv12 bounding box Amit Pundir (1): Revert "interconnect: qcom: sm8250: Enable sync_state" Andrii Nakryiko (6): bpf: decouple prune and jump points bpf: remove unnecessary prune and jump points bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() bpf: clean up visit_insn()'s instruction processing bpf: handle ldimm64 properly in check_cfg() bpf: fix precision backtracking instruction iteration Andrii Staikov (1): i40e: Restore VF MSI-X state during PCI reset Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook Benjamin Bara (1): i2c: core: Fix atomic xfer check for non-preempt config Bjorn Helgaas (1): Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Boris Burkov (1): btrfs: fix qgroup_free_reserved_data int overflow Bryan O'Donoghue (2): media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 media: qcom: camss: Comment CSID dt_id field Chancel Liu (1): ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Chao Yu (2): f2fs: clean up i_compress_flag and i_compress_level usage f2fs: compress: fix to assign compress_level for lz4 correctly Chen Ni (1): asix: Add check for usbnet_get_endpoints Christoph Hellwig (4): blk-mq: make sure active queue usage is held for bio_integrity_prep() filemap: add a per-mapping stable writes flag block: update the stable_writes flag in bdev_add btrfs: mark the len field in struct btrfs_ordered_sum as unsigned Claudiu Beznea (1): net: ravb: Wait for operating mode to be applied Dan Carpenter (1): fbdev: imsttfb: fix double free in probe() David Heidelberg (1): arm64: dts: qcom: sdm845: Fix PSCI power domain names David Howells (6): net: Declare MSG_SPLICE_PAGES internal sendmsg() flag udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES splice, net: Add a splice_eof op to file-ops and socket-ops ipv4, ipv6: Use splice_eof() to flush mm: merge folio_has_private()/filemap_release_folio() call pairs mm, netfs, fscache: stop read optimisation when folio removed from pagecache David Thompson (1): mlxbf_gige: fix receive packet race condition Dinghao Liu (1): net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer Edward Adam Davis (1): keys, dns: Fix missing size check of V1 server-list header Eric Dumazet (9): net: annotate data-races around sk->sk_tsflags net: annotate data-races around sk->sk_bind_phc udp: introduce udp->udp_flags udp: move udp->no_check6_tx to udp->udp_flags udp: move udp->no_check6_rx to udp->udp_flags udp: move udp->gro_enabled to udp->udp_flags udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO udp: annotate data-races around udp->encap_type Eugen Hristev (1): ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset Frederic Weisbecker (1): srcu: Fix callbacks acceleration mishandling Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Geliang Tang (1): selftests: mptcp: set FAILING_LINKS in run_tests Greg Kroah-Hartman (1): Linux 6.1.72 Hangbin Liu (1): selftests: bonding: do not set port down when adding to bond Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Hariprasad Kelam (1): octeontx2-af: Fix pause frame configuration Heiko Carstens (1): s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() Helge Deller (1): fbdev: imsttfb: Release framebuffer and dealloc cmap on error path Ingo Molnar (1): genirq/affinity: Only build SMP-only helper functions on SMP kernels Ioana Ciornei (2): net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats dpaa2-eth: recycle the RX buffer only after all processing done Jaegeuk Kim (2): f2fs: assign default compression level f2fs: set the default compress_level on ioctl Jakub Kicinski (1): ethtool: don't propagate EOPNOTSUPP from dumps Jiajun Xie (1): mm: fix unmap_mapping_range high bits shift bug Jinghao Jia (1): x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Jocelyn Falempe (1): drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE Johannes Berg (1): wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ John Fastabend (2): bpf, sockmap: af_unix stream sockets need to hold ref for pair sock bpf: syzkaller found null ptr deref in unix_bpf proto add Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Jörn-Thorben Hinz (1): net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Kai-Heng Feng (1): r8169: Fix PCI error on system resume Katarzyna Wieczerzycka (1): ice: Fix link_down_on_close message Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Kees Cook (1): smb3: Replace smb2pdu 1-element arrays with flex-arrays Khaled Almahallawy (1): drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Krzysztof Kozlowski (1): arm64: dts: qcom: sdm845: align RPMh regulator nodes with bindings Kurt Kanzenbach (3): igc: Report VLAN EtherType matching back to user igc: Check VLAN TCI mask igc: Check VLAN EtherType mask Leon Hwang (1): bpf, x64: Fix tailcall infinite loop Marc Dionne (1): net: Save and restore msg_namelen in sock_sendmsg Marc Kleine-Budde (1): can: raw: add support for SO_MARK Mark Brown (4): ASoC: meson: g12a-toacodec: Validate written enum values ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a-toacodec: Fix event generation ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mathieu Desnoyers (1): ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg() Menglong Dong (1): bpf, x86: save/restore regs with BPF_DW size Michael Chan (1): bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Michael Ellerman (1): cpu/SMT: Create topology_smt_thread_allowed() Milen Mitkov (1): media: camss: sm8250: Virtual channels for CSID Ming Lei (6): genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks genirq/affinity: Don't pass irq_affinity_desc array to irq_build_affinity_masks genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly genirq/affinity: Move group_cpus_evenly() into lib/ lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly Muhammad Usama Anjum (1): selftests: secretmem: floor the memory size to the multiple of page_size Naveen Mamindlapalli (2): octeontx2-af: Always configure NIX TX link credits based on max frame size octeontx2-af: Re-enable MAC TX in otx2_stop processing Ngai-Mint Kwan (1): ice: Shut down VSI with "link-down-on-close" enabled Pablo Neira Ayuso (3): netfilter: nf_tables: set transport offset from mac header for netdev/egress netfilter: nft_immediate: drop chain reference counter on error netfilter: flowtable: GC pushes back packets to classic path Paolo Abeni (2): mptcp: prevent tcp diag from closing listener subflows selftests: mptcp: fix fastclose with csum failure Paolo Bonzini (1): KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL Paul Blakey (1): net/sched: act_ct: Fix promotion of offloaded unreplied tuple Paulo Alcantara (1): smb: client: fix missing mode bits for SMB symlinks Pu Lehui (1): bpf, x86: Simplify the parsing logic of structure parameters Rahul Rameshbabu (1): net/mlx5: Increase size of irq name buffer Rakesh Babu Saladi (1): octeontx2-af: Support variable number of lmacs Rodrigo Cataldo (1): igc: Fix hicredit calculation Rotem Saado (1): wifi: iwlwifi: yoyo: swap cdb and jacket bits values Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Shyam Prasad N (2): cifs: cifs_chan_is_iface_active should be called with chan_lock held cifs: do not depend on release_iface for maintaining iface_list Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Siddhesh Dharme (1): ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Stefan Wahren (1): ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Sudeep Holla (1): firmware: arm_scmi: Fix frequency truncation by promoting multiplier type Sudheer Mogilappagari (1): i40e: Fix filter input checks to prevent config with invalid values Suman Ghosh (1): octeontx2-af: Fix marking couple of structure as __packed Sumanth Korikkar (2): mm/memory_hotplug: add missing mem_hotplug_lock mm/memory_hotplug: fix error handling in add_memory_resource() Takashi Iwai (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Thomas Gleixner (1): cpu/SMT: Make SMT control more robust against enumeration failures Thomas Lange (1): net: Implement missing SO_TIMESTAMPING_NEW cmsg support Thomas Richter (1): s390/cpumf: support user space events for counting Vadim Fedorenko (1): net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Vishal Moola (Oracle) (3): ext4: convert move_extent_per_page() to use folios khugepage: replace try_to_release_page() with filemap_release_folio() memory-failure: convert truncate_error_page() to use folio Vlad Buslov (6): netfilter: flowtable: allow unidirectional rules netfilter: flowtable: cache info of last offload net/sched: act_ct: offload UDP NEW connections net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table net/sched: act_ct: additional checks for outdated flows net/sched: act_ct: Always fill offloading tuple iifidx Wen Gu (1): net/smc: fix invalid link access in dumping SMC-R connections Wenchao Chen (1): mmc: sdhci-sprd: Fix eMMC init failure after hw reset Xin Long (2): netfilter: use skb_ip_totlen and iph_totlen net: sched: call tcf_ct_params_free to free params in tcf_ct_init Yangtao Li (1): f2fs: convert to use bitmap API Yonghong Song (2): bpf: Support new 32bit offset jmp instruction bpf: Fix a verifier bug due to incorrect branch offset comparison with cpu=v4 Zhipeng Lu (1): sfc: fix a double-free bug in efx_probe_filters Ziyang Huang (1): mmc: meson-mx-sdhc: Fix initialization frozen issue

1 year, 8 months

1
1
0 0

+ selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests: mm: hugepage-vmemmap fails on 64K page size systems. has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Donet Tom <donettom(a)linux.vnet.ibm.com> Subject: selftests: mm: hugepage-vmemmap fails on 64K page size systems. Date: Wed, 10 Jan 2024 14:03:35 +0530 The kernel sefltest mm/hugepage-vmemmap fails on architectures which has different page size other than 4K. In hugepage-vmemmap page size used is 4k so the pfn calculation will go wrong on systems which has different page size .The length of MAP_HUGETLB memory must be hugepage aligned but in hugepage-vmemmap map length is 2M so this will not get aligned if the system has differnet hugepage size. Added psize() to get the page size and default_huge_page_size() to get the default hugepage size at run time, hugepage-vmemmap test pass on powerpc with 64K page size and x86 with 4K page size. Result on powerpc without patch (page size 64K) *# ./hugepage-vmemmap Returned address is 0x7effff000000 whose pfn is 0 Head page flags (100000000) is invalid check_page_flags: Invalid argument *# Result on powerpc with patch (page size 64K) *# ./hugepage-vmemmap Returned address is 0x7effff000000 whose pfn is 600 *# Result on x86 with patch (page size 4K) *# ./hugepage-vmemmap Returned address is 0x7fc7c2c00000 whose pfn is 1dac00 *# Link: https://lkml.kernel.org/r/3b3a3ae37ba21218481c482a872bbf7526031600.17048657… Fixes: b147c89cd429 ("selftests: vm: add a hugetlb test case") Signed-off-by: Donet Tom <donettom(a)linux.vnet.ibm.com> Reported-by: Geetika Moolchandani (geetika(a)linux.ibm.com) Tested-by: Geetika Moolchandani (geetika(a)linux.ibm.com) Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugepage-vmemmap.c | 29 +++++++++------- 1 file changed, 18 insertions(+), 11 deletions(-) --- a/tools/testing/selftests/mm/hugepage-vmemmap.c~selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems +++ a/tools/testing/selftests/mm/hugepage-vmemmap.c @@ -10,10 +10,7 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> - -#define MAP_LENGTH (2UL * 1024 * 1024) - -#define PAGE_SIZE 4096 +#include "vm_util.h" #define PAGE_COMPOUND_HEAD (1UL << 15) #define PAGE_COMPOUND_TAIL (1UL << 16) @@ -39,6 +36,9 @@ #define MAP_FLAGS (MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB) #endif +static size_t pagesize; +static size_t maplength; + static void write_bytes(char *addr, size_t length) { unsigned long i; @@ -56,7 +56,7 @@ static unsigned long virt_to_pfn(void *a if (fd < 0) return -1UL; - lseek(fd, (unsigned long)addr / PAGE_SIZE * sizeof(pagemap), SEEK_SET); + lseek(fd, (unsigned long)addr / pagesize * sizeof(pagemap), SEEK_SET); read(fd, &pagemap, sizeof(pagemap)); close(fd); @@ -86,7 +86,7 @@ static int check_page_flags(unsigned lon * this also verifies kernel has correctly set the fake page_head to tail * while hugetlb_free_vmemmap is enabled. */ - for (i = 1; i < MAP_LENGTH / PAGE_SIZE; i++) { + for (i = 1; i < maplength / pagesize; i++) { read(fd, &pageflags, sizeof(pageflags)); if ((pageflags & TAIL_PAGE_FLAGS) != TAIL_PAGE_FLAGS || (pageflags & HEAD_PAGE_FLAGS) == HEAD_PAGE_FLAGS) { @@ -106,18 +106,25 @@ int main(int argc, char **argv) void *addr; unsigned long pfn; - addr = mmap(MAP_ADDR, MAP_LENGTH, PROT_READ | PROT_WRITE, MAP_FLAGS, -1, 0); + pagesize = psize(); + maplength = default_huge_page_size(); + if (!maplength) { + printf("Unable to determine huge page size\n"); + exit(1); + } + + addr = mmap(MAP_ADDR, maplength, PROT_READ | PROT_WRITE, MAP_FLAGS, -1, 0); if (addr == MAP_FAILED) { perror("mmap"); exit(1); } /* Trigger allocation of HugeTLB page. */ - write_bytes(addr, MAP_LENGTH); + write_bytes(addr, maplength); pfn = virt_to_pfn(addr); if (pfn == -1UL) { - munmap(addr, MAP_LENGTH); + munmap(addr, maplength); perror("virt_to_pfn"); exit(1); } @@ -125,13 +132,13 @@ int main(int argc, char **argv) printf("Returned address is %p whose pfn is %lx\n", addr, pfn); if (check_page_flags(pfn) < 0) { - munmap(addr, MAP_LENGTH); + munmap(addr, maplength); perror("check_page_flags"); exit(1); } /* munmap() length of MAP_HUGETLB memory must be hugepage aligned */ - if (munmap(addr, MAP_LENGTH)) { + if (munmap(addr, maplength)) { perror("munmap"); exit(1); } _ Patches currently in -mm which might be from donettom(a)linux.vnet.ibm.com are selftests-mm-hugepage-vmemmap-fails-on-64k-page-size-systems.patch

1 year, 8 months

1
0
0 0

[PATCH] drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'

by Srinivasan Shanmugam

In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) Cc: stable(a)vger.kernel.org Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Cc: Wenjing Liu <wenjing.liu(a)amd.com> Cc: Qingqing Zhuo <qingqing.zhuo(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> --- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/link/link_dpms.c b/drivers/gpu/drm/amd/display/dc/link/link_dpms.c index 3de148004c06..562eb79bfbc8 100644 --- a/drivers/gpu/drm/amd/display/dc/link/link_dpms.c +++ b/drivers/gpu/drm/amd/display/dc/link/link_dpms.c @@ -900,11 +900,12 @@ bool link_set_dsc_pps_packet(struct pipe_ctx *pipe_ctx, bool enable, bool immedi { struct display_stream_compressor *dsc = pipe_ctx->stream_res.dsc; struct dc_stream_state *stream = pipe_ctx->stream; - DC_LOGGER_INIT(dsc->ctx->logger); if (!pipe_ctx->stream->timing.flags.DSC || !dsc) return false; + DC_LOGGER_INIT(dsc->ctx->logger); + if (enable) { struct dsc_config dsc_cfg; uint8_t dsc_packed_pps[128]; -- 2.34.1

1 year, 8 months

1
0
0 0

[PATCH] btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args

by Qu Wenruo

Add extra sanity check for btrfs_ioctl_defrag_range_args::flags. This is not really to enhance fuzzing tests, but as a preparation for future expansion on btrfs_ioctl_defrag_range_args. In the future we're adding new members, allowing more fine tuning for btrfs defrag. Without the -ENONOTSUPP error, there would be no way to detect if the kernel supports those new defrag features. cc: stable(a)vger.kernel.org #4.14+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/ioctl.c | 4 ++++ include/uapi/linux/btrfs.h | 2 ++ 2 files changed, 6 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index a1743904202b..3a846b983b28 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2608,6 +2608,10 @@ static int btrfs_ioctl_defrag(struct file *file, void __user *argp) ret = -EFAULT; goto out; } + if (range.flags & ~BTRFS_DEFRAG_RANGE_FLAGS_SUPP) { + ret = -EOPNOTSUPP; + goto out; + } /* compression requires us to start the IO */ if ((range.flags & BTRFS_DEFRAG_RANGE_COMPRESS)) { range.flags |= BTRFS_DEFRAG_RANGE_START_IO; diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h index 7c29d82db9ee..48e9b7ffecf1 100644 --- a/include/uapi/linux/btrfs.h +++ b/include/uapi/linux/btrfs.h @@ -614,6 +614,8 @@ struct btrfs_ioctl_clone_range_args { */ #define BTRFS_DEFRAG_RANGE_COMPRESS 1 #define BTRFS_DEFRAG_RANGE_START_IO 2 +#define BTRFS_DEFRAG_RANGE_FLAGS_SUPP (BTRFS_DEFRAG_RANGE_COMPRESS |\ + BTRFS_DEFRAG_RANGE_START_IO) struct btrfs_ioctl_defrag_range_args { /* start of the defrag operation */ __u64 start; -- 2.43.0

1 year, 8 months

3
4
0 0

+ xfs-disable-large-folio-support-in-xfile_create.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: xfs: disable large folio support in xfile_create has been added to the -mm mm-hotfixes-unstable branch. Its filename is xfs-disable-large-folio-support-in-xfile_create.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Christoph Hellwig <hch(a)lst.de> Subject: xfs: disable large folio support in xfile_create Date: Wed, 10 Jan 2024 10:21:09 +0100 The xfarray code will crash if large folios are force enabled using: echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled Fixing this will require a bit of an API change, and prefeably sorting out the hwpoison story for pages vs folio and where it is placed in the shmem API. For now use this one liner to disable large folios. Link: https://lkml.kernel.org/r/20240110092109.1950011-3-hch@lst.de Reported-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Cc: Chandan Babu R <chandan.babu(a)oracle.com> Cc: Christian K��nig <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/xfs/scrub/xfile.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/fs/xfs/scrub/xfile.c~xfs-disable-large-folio-support-in-xfile_create +++ a/fs/xfs/scrub/xfile.c @@ -94,6 +94,11 @@ xfile_create( lockdep_set_class(&inode->i_rwsem, &xfile_i_mutex_key); + /* + * We're not quite ready for large folios yet. + */ + mapping_clear_large_folios(inode->i_mapping); + trace_xfile_create(xf); *xfilep = xf; _ Patches currently in -mm which might be from hch(a)lst.de are mm-add-a-mapping_clear_large_folios-helper.patch xfs-disable-large-folio-support-in-xfile_create.patch

1 year, 8 months

1
0
0 0

+ mm-add-a-mapping_clear_large_folios-helper.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: add a mapping_clear_large_folios helper has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-add-a-mapping_clear_large_folios-helper.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Christoph Hellwig <hch(a)lst.de> Subject: mm: add a mapping_clear_large_folios helper Date: Wed, 10 Jan 2024 10:21:08 +0100 Patch series "disable large folios for shmem file used by xfs xfile". Darrick reported that the fairly new XFS xfile code blows up when force enabling large folio for shmem. This series fixes this quickly by disabling large folios for this particular shmem file for now until it can be fixed properly, which will be a lot more invasive. This patch (of 2): Users of shmem_kernel_file_setup might not be able to deal with large folios (yet). Give them a way to disable large folio support on their mapping. Link: https://lkml.kernel.org/r/20240110092109.1950011-1-hch@lst.de Link: https://lkml.kernel.org/r/20240110092109.1950011-2-hch@lst.de Fixes: 137db333b2918 ("xfs: teach xfile to pass back direct-map pages to caller") Signed-off-by: Christoph Hellwig <hch(a)lst.de> Cc: Chandan Babu R <chandan.babu(a)oracle.com> Cc: Christian K��nig <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pagemap.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/include/linux/pagemap.h~mm-add-a-mapping_clear_large_folios-helper +++ a/include/linux/pagemap.h @@ -343,6 +343,20 @@ static inline void mapping_set_large_fol __set_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); } +/** + * mapping_clear_large_folios() - Disable large folio support for a mapping + * @mapping: The mapping. + * + * This can be called to undo the effect of mapping_set_large_folios(). + * + * Context: This should not be called while the inode is active as it + * is non-atomic. + */ +static inline void mapping_clear_large_folios(struct address_space *mapping) +{ + __clear_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); +} + /* * Large folio support currently depends on THP. These dependencies are * being worked on but are not yet fixed. _ Patches currently in -mm which might be from hch(a)lst.de are mm-add-a-mapping_clear_large_folios-helper.patch xfs-disable-large-folio-support-in-xfile_create.patch

1 year, 8 months

1
0
0 0

[PATCH v5] usb: core: Prevent null pointer dereference in update_port_device_state

by Udipto Goswami

Currently, the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. Fixes: 83cb2604f641 ("usb: core: add sysfs entry for usb device state") Cc: stable(a)vger.kernel.org Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> --- v5: Addressed nit picks in commit and the comment. v4: Fixed minor mistakes in the comment. v3: Re-wrote the comment for better context. v2: Introduced comment for the if check & CC'ed stable. drivers/usb/core/hub.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index ffd7c99e24a3..48409d51ea43 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2053,9 +2053,19 @@ static void update_port_device_state(struct usb_device *udev) if (udev->parent) { hub = usb_hub_to_struct_hub(udev->parent); - port_dev = hub->ports[udev->portnum - 1]; - WRITE_ONCE(port_dev->state, udev->state); - sysfs_notify_dirent(port_dev->state_kn); + + /* + * The Link Layer Validation System Driver (lvstest) + * has a test step to unbind the hub before running the + * rest of the procedure. This triggers hub_disconnect + * which will set the hub's maxchild to 0, further + * resulting in usb_hub_to_struct_hub returning NULL. + */ + if (hub) { + port_dev = hub->ports[udev->portnum - 1]; + WRITE_ONCE(port_dev->state, udev->state); + sysfs_notify_dirent(port_dev->state_kn); + } } } -- 2.17.1

1 year, 8 months

2
1
0 0

+ mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval Date: Wed, 10 Jan 2024 15:01:27 +0100 set_memmap_mode() stores the kernel parameter memmap mode as an integer. However, the get_memmap_mode() function utilizes param_get_bool() to fetch the value as a boolean, leading to potential endianness issue. On Big-endian architectures, the memmap_on_memory is consistently displayed as 'N' regardless of its actual status. To address this endianness problem, the solution involves obtaining the mode as an integer. This adjustment ensures the proper display of the memmap_on_memory parameter, presenting it as one of the following options: Force, Y, or N. Link: https://lkml.kernel.org/r/20240110140127.241451-1-sumanthk@linux.ibm.com Fixes: 2d1f649c7c08 ("mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks") Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Suggested-by: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/mm/memory_hotplug.c~mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval +++ a/mm/memory_hotplug.c @@ -101,9 +101,11 @@ static int set_memmap_mode(const char *v static int get_memmap_mode(char *buffer, const struct kernel_param *kp) { - if (*((int *)kp->arg) == MEMMAP_ON_MEMORY_FORCE) - return sprintf(buffer, "force\n"); - return param_get_bool(buffer, kp); + int mode = *((int *)kp->arg); + + if (mode == MEMMAP_ON_MEMORY_FORCE) + return sprintf(buffer, "force\n"); + return sprintf(buffer, "%c\n", mode ? 'Y' : 'N'); } static const struct kernel_param_ops memmap_mode_ops = { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are mm-memory_hotplug-fix-memmap_on_memory-sysfs-value-retrieval.patch mm-memory_hotplug-introduce-mem_prepare_online-mem_finish_offline-notifiers.patch s390-mm-allocate-vmemmap-pages-from-self-contained-memory-range.patch s390-sclp-remove-unhandled-memory-notifier-type.patch s390-mm-implement-mem_prepare_online-mem_finish_offline-notifiers.patch s390-enable-mhp_memmap_on_memory.patch

1 year, 8 months

1
0
0 0

[PATCH] serial: max310x: fix syntax error in IRQ error message

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Replace g with q. Helpfull when grepping thru source code or logs for "request" keyword. Fixes: f65444187a66 ("serial: New serial driver MAX310X") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/tty/serial/max310x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c index f3a99daebdaa..3951876affc4 100644 --- a/drivers/tty/serial/max310x.c +++ b/drivers/tty/serial/max310x.c @@ -1428,7 +1428,7 @@ static int max310x_probe(struct device *dev, const struct max310x_devtype *devty if (!ret) return 0; - dev_err(dev, "Unable to reguest IRQ %i\n", irq); + dev_err(dev, "Unable to request IRQ %i\n", irq); out_uart: for (i = 0; i < devtype->nr; i++) { base-commit: 0c84bea0cabc4e2b98a3de88eeb4ff798931f056 -- 2.39.2

1 year, 8 months

2
2
0 0

Linux 4.14.336

by Greg Kroah-Hartman

I'm announcing the release of the 4.14.336 kernel. This is the LAST 4.14.y kernel to be released. It is now officially end-of-life. Do NOT use this kernel version anymore, please move to a newer one, as shown on the kernel.org releases page. All users of the 4.14 kernel series must upgrade. But then, move to a newer release. If you are stuck at this version due to a vendor requiring it, go get support from that vendor for this obsolete kernel tree, as that is what you are paying them for :) The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/firewire/ohci.c | 51 +++++++++++++++++++++++++ drivers/mmc/core/block.c | 7 +-- drivers/mmc/core/host.c | 1 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 + drivers/net/ethernet/intel/i40e/i40e_main.c | 8 +++ net/nfc/llcp_core.c | 39 +++++++++++++++++-- net/sched/em_text.c | 4 + 8 files changed, 106 insertions(+), 10 deletions(-) Adrian Cinal (1): net: bcmgenet: Fix FCS generation for fragmented skbuffs Geert Uytterhoeven (1): mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman (1): Linux 4.14.336 Hangyu Hua (1): net: sched: em_text: fix possible memory leak in em_text_destroy() Jorge Ramirez-Ortiz (1): mmc: rpmb: fixes pause retune on all RPMB partitions. Ke Xiao (1): i40e: fix use-after-free in i40e_aqc_add_filters() Siddh Raman Pant (1): nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Takashi Sakamoto (1): firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards

1 year, 8 months

1
1
0 0

[PATCH 4.14 0/7] 4.14.336-rc1 review

by Greg Kroah-Hartman

------------------------------- NOTE, this is the LAST 4.14.y-rc release cycle that is going to happen. After this release, this branch will be end-of-life. You all should have moved to the 4.19.y branch at the very least by now, as this is it, time to stop using this one. ------------------------------- This is the start of the stable review cycle for the 4.14.336 release. There are 7 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Jan 2024 14:18:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.336-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.336-rc1 Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ------------- Diffstat: Makefile | 4 +- drivers/firewire/ohci.c | 51 ++++++++++++++++++++++++++ drivers/mmc/core/block.c | 7 ++-- drivers/mmc/core/host.c | 1 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 8 +++- net/nfc/llcp_core.c | 39 ++++++++++++++++++-- net/sched/em_text.c | 4 +- 8 files changed, 107 insertions(+), 11 deletions(-)

1 year, 8 months

5
11
0 0

Re: School Districts Contacts 2024

by Amelia Turner

Hi there, We are excited to offer you a comprehensive email list of school districts that includes key contact information such as phone numbers, email addresses, mailing addresses, company revenue, size, and web addresses. Our databases also cover related industries such as: * K-12 schools * Universities * Vocational schools and training programs * Performing arts schools * Fitness centers and gyms * Child care services and providers * Educational publishers and suppliers If you're interested, we would be happy to provide you with relevant counts and a test file based on your specific requirements. Thank you for your time and consideration, and please let us know if you have any questions or concerns. Thanks, Amelia Turner To remove from this mailing reply with the subject line " LEAVE US".

1 year, 8 months

1
0
0 0

Advice on where to seek advice

by tony Hamilton

This is a request for guidance on where is the most appropriate I should ask for advice on how to do problem source identification on a problem with a Linux PC which looks like it might be kernel-related. I an providing the minimal amount of problem symptom information here that will help responders. Simple problem statement: My PC (Gigabyte GA-H81M-S2H based) will not start the OS (Linux MX 23.2, Debian 12, Kernel 6.2) if my PCIE GPU card (ZOTAC nVidia GTX-1050) is installed. The start-up process hangs after Grub is processed but before the Login screen is presented. Start-up completes normally when the PCIE card is not installed. Further detail: The ZOTAC card works without issue in another PC with a different brand motherboard. This PC works without issue, with the ZOTAC card installed, with a different kernel/distribution (e.g. Mint 21.2, Ubuntu 22.04, Kernel 5.15/5.19 or Windows 10). With any Linux version installed in this PC, which uses a Via chip, operation is subject to the issue which prevents USB 3 operation on back plane ports, unless ‘iommu=off’ is set in grub. This might be an entirely different problem to that associated with the presence of the PCIE card. Who should I be seeking help/advice problem resolution from ?

1 year, 8 months

1
0
0 0

[PATCH 6.6 000/124] 6.6.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.11 release. There are 124 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Jan 2024 15:05:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.11-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.11-rc1 Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Comment CSID dt_id field Alison Schofield <alison.schofield(a)intel.com> cxl/memdev: Hold region_rwsem during inject and clear poison ops Dave Jiang <dave.jiang(a)intel.com> cxl/hdm: Fix a benign lockdep splat Dave Jiang <dave.jiang(a)intel.com> cxl: Add cxl_num_decoders_committed() usage to cxl_test Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix eMMC init failure after hw reset Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Ziyang Huang <hzyitc(a)outlook.com> mmc: meson-mx-sdhc: Fix initialization frozen issue Joshua Ashton <joshua(a)froggi.es> drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: add nv12 bounding box Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: skip gpu_info fw loading on navi12 Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Fix atomic xfer check for non-preempt config Jinghao Jia <jinghao7(a)illinois.edu> x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Yu Zhao <yuzhao(a)google.com> mm/mglru: skip special VMAs in lru_gen_look_around() Eric Dumazet <edumazet(a)google.com> net: constify sk_dst_get() and __sk_dst_get() argument duanqiangwen <duanqiangwen(a)net-swift.com> net: libwx: fix memory leak on free page Ira Weiny <ira.weiny(a)intel.com> cxl/pmu: Ensure put_device on pmu devices Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries/vas: Migration suspend waits for no in-progress open windows Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISCV: KVM: update external interrupt atomically for IMSIC swfile Yang Yingliang <yangyingliang(a)huawei.com> dmaengine: fsl-edma: fix wrong pointer check in fsl_edma3_attach_pd() Guanjun <guanjun(a)linux.alibaba.com> dmaengine: idxd: Protect int_handle field in hw descriptor Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Alison Schofield <alison.schofield(a)intel.com> kernel/resource: Increment by align value in get_free_mem_region() Alison Schofield <alison.schofield(a)intel.com> cxl/core: Always hold region_rwsem while reading poison lists Dave Jiang <dave.jiang(a)intel.com> cxl: Add cxl_decoders_committed() helper Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Increase num voltage states to 40 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled Alex Bee <knaerzche(a)gmail.com> clk: rockchip: rk3128: Fix SCLK_SDMMC's clock name Finley Xiao <finley.xiao(a)rock-chips.com> clk: rockchip: rk3128: Fix aclk_peri_src's parent Su Hui <suhui(a)nfschina.com> phy: sunplus: return negative error code in sp_usb_phy_probe Michael Walle <mwalle(a)kernel.org> phy: mediatek: mipi: mt8183: fix minimal supported frequency Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Support enforce_cache_coherency only for empty domains Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis16475: use bit numbers in assign_bit() Xiaolei Wang <xiaolei.wang(a)windriver.com> dmaengine: fsl-edma: Add judgment on enabling round robin arbitration Xiaolei Wang <xiaolei.wang(a)windriver.com> dmaengine: fsl-edma: Do not suspend and resume the masked dma channel when the system is sleeping Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-psil-am62a: Fix SPI PDMA data Ronald Wahl <rwahl(a)gmx.de> dmaengine: ti: k3-psil-am62: Fix SPI PDMA data Andrew Davis <afd(a)ti.com> phy: ti: gmii-sel: Fix register offset when parent is not a syscon node Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: vsie: fix wrong VIR 37 when MSO is used Jisheng Zhang <jszhang(a)kernel.org> riscv: don't probe unaligned access speed if already done Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks-trace: Handle new PF_IDLE semantics Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Handle new PF_IDLE semantics Frederic Weisbecker <frederic(a)kernel.org> rcu: Introduce rcu_cpu_online() Peter Zijlstra <peterz(a)infradead.org> rcu: Break rcu_node_0 --> &rq->__lock order Dan Carpenter <dan.carpenter(a)linaro.org> ACPI: thermal: Fix acpi_thermal_unregister_thermal_zone() cleanup Moshe Shemesh <moshe(a)nvidia.com> RDMA/mlx5: Fix mkey cache WQ flush Marek Vasut <marex(a)denx.de> clk: si521xx: Increase stack based print buffer size in probe Alex Williamson <alex.williamson(a)redhat.com> vfio/mtty: Overhaul mtty interrupt handling Longfang Liu <liulongfang(a)huawei.com> crypto: hisilicon/qm - fix EQ/AEQ interrupt issue Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Eric Biggers <ebiggers(a)google.com> crypto: xts - use 'spawn' for underlying single-block cipher Ian Rogers <irogers(a)google.com> bpftool: Align output skeleton ELF code Denys Zagorui <dzagorui(a)cisco.com> bpftool: Fix -Wcast-qual warning Eric Dumazet <edumazet(a)google.com> tcp: derive delack_max from rto_min Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix genpd cleanup Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix V4L2 async notifier error path Tirthendu Sarkar <tirthendu.sarkar(a)intel.com> xsk: add multi-buffer support for sockets sharing umem Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: pass the folio and the page to collect_procs() Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: convert DAX lock/unlock page to lock/unlock folio Thomas Lange <thomas(a)corelatus.se> net: Implement missing SO_TIMESTAMPING_NEW cmsg support Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Wait for operating mode to be applied Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Re-enable MAC TX in otx2_stop processing Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Always configure NIX TX link credits based on max frame size Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix invalid link access in dumping SMC-R connections Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_net: fix missing dma unmap for resize Eric Dumazet <edumazet(a)google.com> virtio_net: avoid data-races on dev->stats fields John Johansen <john.johansen(a)canonical.com> apparmor: Fix move_mount mediation by detecting if source is detached Rodrigo Cataldo <rodrigo.cadore(a)l-acoustics.com> igc: Fix hicredit calculation Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Fix event generation Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Validate written enum values Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Validate written enum values Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_immediate: drop chain reference counter on error Brad Cowie <brad(a)faucet.nz> netfilter: nf_nat: fix action not being set for all ct states Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Zhipeng Lu <alexious(a)zju.edu.cn> sfc: fix a double-free bug in efx_probe_filters Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: do not set port down when adding to bond Jörn-Thorben Hinz <jthinz(a)mailbox.tu-berlin.de> net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Fix PCI error on system resume Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() David Thompson <davthompson(a)nvidia.com> mlxbf_gige: fix receive packet race condition Eugen Hristev <eugen.hristev(a)collabora.com> ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN EtherType mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN TCI mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Report VLAN EtherType matching back to user Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Ngai-Mint Kwan <ngai-mint.kwan(a)intel.com> ice: Shut down VSI with "link-down-on-close" enabled Katarzyna Wieczerzycka <katarzyna.wieczerzycka(a)intel.com> ice: Fix link_down_on_close message Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915/perf: Update handling of MMIO triggered reports Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix marking couple of structure as __packed Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: set transport offset from mac header for netdev/egress Douglas Anderson <dianders(a)chromium.org> drm/bridge: ps8640: Fix size mismatch warning w/ len Douglas Anderson <dianders(a)chromium.org> drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer Douglas Anderson <dianders(a)chromium.org> drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Implement quirk for SOC_HW_VERSION Pranjal Ramajor Asha Kanojiya <quic_pkanojiy(a)quicinc.com> accel/qaic: Fix GEM import path code Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not depend on release_iface for maintaining iface_list Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_chan_is_iface_active should be called with chan_lock held Jocelyn Falempe <jfalempe(a)redhat.com> drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent tcp diag from closing listener subflows Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: pbn_div need be updated for hotplug event Siddhesh Dharme <siddheshdharme18(a)gmail.com> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook Aabish Malik <aabishmalik3337(a)gmail.com> ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove sound controls in unbind Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: move set_drv_data outside tasdevice_init Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: do not use regcache Edward Adam Davis <eadavis(a)qq.com> keys, dns: Fix missing size check of V1 server-list header ------------- Diffstat: Makefile | 4 +- arch/arm/mach-sunxi/mc_smp.c | 4 +- arch/powerpc/platforms/pseries/vas.c | 51 ++++- arch/powerpc/platforms/pseries/vas.h | 2 + arch/riscv/kernel/cpufeature.c | 4 + arch/riscv/kvm/aia_imsic.c | 13 ++ arch/s390/kvm/vsie.c | 4 - arch/x86/events/intel/core.c | 7 +- arch/x86/kernel/kprobes/core.c | 3 +- crypto/xts.c | 23 +- drivers/accel/qaic/mhi_controller.c | 15 +- drivers/accel/qaic/qaic_data.c | 6 +- drivers/acpi/thermal.c | 4 +- drivers/clk/clk-si521xx.c | 4 +- drivers/clk/rockchip/clk-rk3128.c | 22 +- drivers/crypto/hisilicon/qm.c | 117 ++++------ drivers/crypto/intel/qat/qat_common/adf_aer.c | 3 +- drivers/cxl/core/hdm.c | 9 +- drivers/cxl/core/mbox.c | 2 +- drivers/cxl/core/memdev.c | 31 ++- drivers/cxl/core/pmu.c | 2 +- drivers/cxl/core/port.c | 7 + drivers/cxl/core/region.c | 5 - drivers/cxl/cxl.h | 1 + drivers/dma/fsl-edma-main.c | 12 +- drivers/dma/idxd/submit.c | 14 +- drivers/dma/ti/k3-psil-am62.c | 12 +- drivers/dma/ti/k3-psil-am62a.c | 12 +- drivers/firewire/ohci.c | 51 +++++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 11 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 4 + drivers/gpu/drm/amd/display/dc/dml/dc_features.h | 2 +- .../gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 110 +++++++++- .../amd/display/modules/info_packet/info_packet.c | 13 +- drivers/gpu/drm/bridge/parade-ps8640.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +- drivers/gpu/drm/i915/display/intel_display.c | 3 +- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 39 +++- drivers/gpu/drm/mgag200/mgag200_drv.h | 5 + drivers/gpu/drm/mgag200/mgag200_g200er.c | 5 + drivers/gpu/drm/mgag200/mgag200_g200ev.c | 5 + drivers/gpu/drm/mgag200/mgag200_g200se.c | 5 + drivers/gpu/drm/mgag200/mgag200_mode.c | 10 +- drivers/i2c/i2c-core.h | 4 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/mlx5/mr.c | 2 + drivers/iommu/intel/iommu.c | 5 +- drivers/iommu/intel/iommu.h | 3 + .../media/platform/qcom/camss/camss-csid-gen2.c | 14 +- drivers/media/platform/qcom/camss/camss.c | 45 ++-- drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 +-- drivers/mmc/host/sdhci-sprd.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 ++- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 12 +- drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 +++- drivers/net/ethernet/intel/igc/igc_tsn.c | 2 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 17 ++ .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 118 +--------- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 +- drivers/net/ethernet/qlogic/qla3xxx.c | 2 + drivers/net/ethernet/realtek/r8169_main.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 65 ++++-- drivers/net/ethernet/sfc/rx_common.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 82 +------ drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 - drivers/net/usb/ax88172a.c | 4 +- drivers/net/virtio_net.c | 90 ++++---- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 +- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 2 + drivers/pci/pcie/aspm.c | 19 ++ drivers/phy/mediatek/phy-mtk-mipi-dsi-mt8183.c | 2 +- drivers/phy/sunplus/phy-sunplus-usb2.c | 2 +- drivers/phy/ti/phy-gmii-sel.c | 5 +- fs/dax.c | 24 +-- fs/smb/client/cifsglob.h | 1 - fs/smb/client/connect.c | 9 +- fs/smb/client/smb2ops.c | 34 ++- include/linux/dax.h | 10 +- include/linux/hisi_acc_qm.h | 1 + include/net/netfilter/nf_tables_ipv4.h | 2 +- include/net/sock.h | 4 +- include/net/tcp.h | 2 + include/net/xdp_sock.h | 2 + kernel/rcu/rcu.h | 2 + kernel/rcu/tasks.h | 32 ++- kernel/rcu/tree.c | 43 +++- kernel/resource.c | 4 +- mm/memory-failure.c | 52 ++--- mm/memory.c | 4 +- mm/vmscan.c | 13 +- net/core/skbuff.c | 3 +- net/core/sock.c | 12 +- net/dns_resolver/dns_key.c | 19 +- net/ipv4/tcp.c | 3 +- net/ipv4/tcp_output.c | 16 +- net/mptcp/subflow.c | 13 ++ net/netfilter/nf_nat_ovs.c | 3 +- net/netfilter/nf_tables_core.c | 2 +- net/netfilter/nft_immediate.c | 2 +- net/nfc/llcp_core.c | 39 +++- net/sched/em_text.c | 4 +- net/smc/smc_diag.c | 3 +- net/socket.c | 2 + net/xdp/xsk.c | 2 +- net/xdp/xsk_buff_pool.c | 3 + samples/vfio-mdev/mtty.c | 237 +++++++++++++------- security/apparmor/apparmorfs.c | 1 + security/apparmor/mount.c | 4 + sound/pci/hda/patch_realtek.c | 3 + sound/pci/hda/tas2781_hda_i2c.c | 240 +++++++++++---------- sound/soc/codecs/tas2781-comlib.c | 4 +- sound/soc/codecs/tas2781-i2c.c | 2 + sound/soc/fsl/fsl_rpmsg.c | 10 +- sound/soc/mediatek/mt8186/mt8186-dai-adda.c | 2 +- sound/soc/meson/g12a-toacodec.c | 5 +- sound/soc/meson/g12a-tohdmitx.c | 8 +- tools/bpf/bpftool/gen.c | 15 +- tools/testing/cxl/Kbuild | 1 + tools/testing/cxl/cxl_core_exports.c | 7 + tools/testing/cxl/test/cxl.c | 5 +- .../net/bonding/bond-arp-interval-causes-panic.sh | 6 +- 135 files changed, 1449 insertions(+), 844 deletions(-)

1 year, 8 months

16
139
0 0

[PATCH 6.1 000/150] 6.1.72-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.72 release. There are 150 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Jan 2024 15:34:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.72-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.72-rc1 Amit Pundir <amit.pundir(a)linaro.org> Revert "interconnect: qcom: sm8250: Enable sync_state" Kees Cook <keescook(a)chromium.org> smb3: Replace smb2pdu 1-element arrays with flex-arrays Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Comment CSID dt_id field John Fastabend <john.fastabend(a)gmail.com> bpf: syzkaller found null ptr deref in unix_bpf proto add Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix a verifier bug due to incorrect branch offset comparison with cpu=v4 Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: Always fill offloading tuple iifidx Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: additional checks for outdated flows Chao Yu <chao(a)kernel.org> f2fs: compress: fix to assign compress_level for lz4 correctly Ingo Molnar <mingo(a)kernel.org> genirq/affinity: Only build SMP-only helper functions on SMP kernels Wenchao Chen <wenchao.chen(a)unisoc.com> mmc: sdhci-sprd: Fix eMMC init failure after hw reset Geert Uytterhoeven <geert+renesas(a)glider.be> mmc: core: Cancel delayed work before releasing host Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: rpmb: fixes pause retune on all RPMB partitions. Ziyang Huang <hzyitc(a)outlook.com> mmc: meson-mx-sdhc: Fix initialization frozen issue Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: add nv12 bounding box Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: skip gpu_info fw loading on navi12 Jiajun Xie <jiajun.xie.sh(a)gmail.com> mm: fix unmap_mapping_range high bits shift bug Benjamin Bara <benjamin.bara(a)skidata.com> i2c: core: Fix atomic xfer check for non-preempt config Jinghao Jia <jinghao7(a)illinois.edu> x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg() Christoph Hellwig <hch(a)lst.de> btrfs: mark the len field in struct btrfs_ordered_sum as unsigned Boris Burkov <boris(a)bur.io> btrfs: fix qgroup_free_reserved_data int overflow Rakesh Babu Saladi <rsaladi2(a)marvell.com> octeontx2-af: Support variable number of lmacs Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix pause frame configuration Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: GC pushes back packets to classic path Paul Blakey <paulb(a)nvidia.com> net/sched: act_ct: Fix promotion of offloaded unreplied tuple Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: offload UDP NEW connections Vlad Buslov <vladbu(a)nvidia.com> netfilter: flowtable: cache info of last offload Vlad Buslov <vladbu(a)nvidia.com> netfilter: flowtable: allow unidirectional rules Xin Long <lucien.xin(a)gmail.com> net: sched: call tcf_ct_params_free to free params in tcf_ct_init Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/memory_hotplug: fix error handling in add_memory_resource() Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/memory_hotplug: add missing mem_hotplug_lock Ming Lei <ming.lei(a)redhat.com> lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly Ming Lei <ming.lei(a)redhat.com> genirq/affinity: Move group_cpus_evenly() into lib/ Ming Lei <ming.lei(a)redhat.com> genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly Ming Lei <ming.lei(a)redhat.com> genirq/affinity: Don't pass irq_affinity_desc array to irq_build_affinity_masks Ming Lei <ming.lei(a)redhat.com> genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks Ming Lei <ming.lei(a)redhat.com> genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: Fix frequency truncation by promoting multiplier type John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: af_unix stream sockets need to hold ref for pair sock Jakub Kicinski <kuba(a)kernel.org> ethtool: don't propagate EOPNOTSUPP from dumps Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: recycle the RX buffer only after all processing done Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Paulo Alcantara <pc(a)manguebit.com> smb: client: fix missing mode bits for SMB symlinks Christoph Hellwig <hch(a)lst.de> block: update the stable_writes flag in bdev_add Christoph Hellwig <hch(a)lst.de> filemap: add a per-mapping stable writes flag David Howells <dhowells(a)redhat.com> mm, netfs, fscache: stop read optimisation when folio removed from pagecache David Howells <dhowells(a)redhat.com> mm: merge folio_has_private()/filemap_release_folio() call pairs Vishal Moola (Oracle) <vishal.moola(a)gmail.com> memory-failure: convert truncate_error_page() to use folio Vishal Moola (Oracle) <vishal.moola(a)gmail.com> khugepage: replace try_to_release_page() with filemap_release_folio() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> ext4: convert move_extent_per_page() to use folios Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 Milen Mitkov <quic_mmitkov(a)quicinc.com> media: camss: sm8250: Virtual channels for CSID Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: set FAILING_LINKS in run_tests Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: fix fastclose with csum failure Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: set the default compress_level on ioctl Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: assign default compression level Yangtao Li <frank.li(a)vivo.com> f2fs: convert to use bitmap API Chao Yu <chao(a)kernel.org> f2fs: clean up i_compress_flag and i_compress_level usage Thomas Richter <tmricht(a)linux.ibm.com> s390/cpumf: support user space events for counting Heiko Carstens <hca(a)linux.ibm.com> s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5: Increase size of irq name buffer Christoph Hellwig <hch(a)infradead.org> blk-mq: make sure active queue usage is held for bio_integrity_prep() Andrii Nakryiko <andrii(a)kernel.org> bpf: fix precision backtracking instruction iteration Andrii Nakryiko <andrii(a)kernel.org> bpf: handle ldimm64 properly in check_cfg() Yonghong Song <yonghong.song(a)linux.dev> bpf: Support new 32bit offset jmp instruction Andrii Nakryiko <andrii(a)kernel.org> bpf: clean up visit_insn()'s instruction processing Andrii Nakryiko <andrii(a)kernel.org> bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() Andrii Nakryiko <andrii(a)kernel.org> bpf: remove unnecessary prune and jump points Andrii Nakryiko <andrii(a)kernel.org> bpf: decouple prune and jump points Dan Carpenter <dan.carpenter(a)linaro.org> fbdev: imsttfb: fix double free in probe() Helge Deller <deller(a)gmx.de> fbdev: imsttfb: Release framebuffer and dealloc cmap on error path David Heidelberg <david(a)ixit.cz> arm64: dts: qcom: sdm845: Fix PSCI power domain names Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm845: align RPMh regulator nodes with bindings Rotem Saado <rotem.saado(a)intel.com> wifi: iwlwifi: yoyo: swap cdb and jacket bits values Eric Dumazet <edumazet(a)google.com> udp: annotate data-races around udp->encap_type Eric Dumazet <edumazet(a)google.com> udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO Eric Dumazet <edumazet(a)google.com> udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags Eric Dumazet <edumazet(a)google.com> udp: move udp->gro_enabled to udp->udp_flags Eric Dumazet <edumazet(a)google.com> udp: move udp->no_check6_rx to udp->udp_flags Eric Dumazet <edumazet(a)google.com> udp: move udp->no_check6_tx to udp->udp_flags Eric Dumazet <edumazet(a)google.com> udp: introduce udp->udp_flags David Howells <dhowells(a)redhat.com> ipv4, ipv6: Use splice_eof() to flush David Howells <dhowells(a)redhat.com> splice, net: Add a splice_eof op to file-ops and socket-ops David Howells <dhowells(a)redhat.com> udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES David Howells <dhowells(a)redhat.com> net: Declare MSG_SPLICE_PAGES internal sendmsg() flag Menglong Dong <imagedong(a)tencent.com> bpf, x86: save/restore regs with BPF_DW size Pu Lehui <pulehui(a)huawei.com> bpf, x86: Simplify the parsing logic of structure parameters Leon Hwang <hffilwlqm(a)gmail.com> bpf, x64: Fix tailcall infinite loop Frederic Weisbecker <frederic(a)kernel.org> srcu: Fix callbacks acceleration mishandling Thomas Gleixner <tglx(a)linutronix.de> cpu/SMT: Make SMT control more robust against enumeration failures Michael Ellerman <mpe(a)ellerman.id.au> cpu/SMT: Create topology_smt_thread_allowed() Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: secretmem: floor the memory size to the multiple of page_size Thomas Lange <thomas(a)corelatus.se> net: Implement missing SO_TIMESTAMPING_NEW cmsg support Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Wait for operating mode to be applied Chen Ni <nichen(a)iscas.ac.cn> asix: Add check for usbnet_get_endpoints Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Re-enable MAC TX in otx2_stop processing Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Always configure NIX TX link credits based on max frame size Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix invalid link access in dumping SMC-R connections Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Rodrigo Cataldo <rodrigo.cadore(a)l-acoustics.com> igc: Fix hicredit calculation Andrii Staikov <andrii.staikov(a)intel.com> i40e: Restore VF MSI-X state during PCI reset Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Fix event generation Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-tohdmitx: Validate written enum values Mark Brown <broonie(a)kernel.org> ASoC: meson: g12a-toacodec: Validate written enum values Ke Xiao <xiaoke(a)sangfor.com.cn> i40e: fix use-after-free in i40e_aqc_add_filters() Marc Dionne <marc.dionne(a)auristor.com> net: Save and restore msg_namelen in sock_sendmsg Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_immediate: drop chain reference counter on error Adrian Cinal <adriancinal(a)gmail.com> net: bcmgenet: Fix FCS generation for fragmented skbuffs Zhipeng Lu <alexious(a)zju.edu.cn> sfc: fix a double-free bug in efx_probe_filters Stefan Wahren <wahrenst(a)gmx.net> ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: do not set port down when adding to bond Jörn-Thorben Hinz <jthinz(a)mailbox.tu-berlin.de> net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_bind_phc Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_tsflags Vadim Fedorenko <vadfed(a)meta.com> net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps Marc Kleine-Budde <mkl(a)pengutronix.de> can: raw: add support for SO_MARK Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Fix PCI error on system resume Hangyu Hua <hbh25y(a)gmail.com> net: sched: em_text: fix possible memory leak in em_text_destroy() David Thompson <davthompson(a)nvidia.com> mlxbf_gige: fix receive packet race condition Eugen Hristev <eugen.hristev(a)collabora.com> ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN EtherType mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Check VLAN TCI mask Kurt Kanzenbach <kurt(a)linutronix.de> igc: Report VLAN EtherType matching back to user Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> i40e: Fix filter input checks to prevent config with invalid values Ngai-Mint Kwan <ngai-mint.kwan(a)intel.com> ice: Shut down VSI with "link-down-on-close" enabled Katarzyna Wieczerzycka <katarzyna.wieczerzycka(a)intel.com> ice: Fix link_down_on_close message Khaled Almahallawy <khaled.almahallawy(a)intel.com> drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix marking couple of structure as __packed Siddh Raman Pant <code(a)siddh.me> nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: set transport offset from mac header for netdev/egress Xin Long <lucien.xin(a)gmail.com> netfilter: use skb_ip_totlen and iph_totlen Douglas Anderson <dianders(a)chromium.org> drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not depend on release_iface for maintaining iface_list Shyam Prasad N <sprasad(a)microsoft.com> cifs: cifs_chan_is_iface_active should be called with chan_lock held Jocelyn Falempe <jfalempe(a)redhat.com> drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent tcp diag from closing listener subflows Siddhesh Dharme <siddheshdharme18(a)gmail.com> ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook Aabish Malik <aabishmalik3337(a)gmail.com> ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Edward Adam Davis <eadavis(a)qq.com> keys, dns: Fix missing size check of V1 server-list header ------------- Diffstat: MAINTAINERS | 2 + Makefile | 4 +- arch/Kconfig | 3 + arch/arm/mach-sunxi/mc_smp.c | 4 +- arch/arm64/boot/dts/qcom/sdm845-cheza.dtsi | 24 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 4 +- arch/arm64/boot/dts/qcom/sdm845-lg-common.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdm845-mtp.dts | 6 +- .../arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts | 6 +- .../boot/dts/qcom/sdm845-sony-xperia-tama.dtsi | 6 +- .../boot/dts/qcom/sdm845-xiaomi-beryllium.dts | 2 +- arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 6 +- .../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 2 +- arch/arm64/boot/dts/qcom/sdm850-samsung-w737.dts | 2 +- arch/s390/kernel/perf_cpum_cf.c | 35 +- arch/s390/mm/vmem.c | 8 +- arch/x86/events/intel/core.c | 7 +- arch/x86/kernel/kprobes/core.c | 3 +- arch/x86/net/bpf_jit_comp.c | 150 ++++--- block/bdev.c | 2 + block/blk-mq.c | 75 ++-- block/fops.c | 21 +- drivers/base/memory.c | 18 +- drivers/firewire/ohci.c | 51 +++ drivers/firmware/arm_scmi/perf.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 +- .../gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 110 +++++- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/gpu/drm/mgag200/mgag200_drv.h | 5 + drivers/gpu/drm/mgag200/mgag200_g200er.c | 5 + drivers/gpu/drm/mgag200/mgag200_g200ev.c | 5 + drivers/gpu/drm/mgag200/mgag200_g200se.c | 5 + drivers/gpu/drm/mgag200/mgag200_mode.c | 10 +- drivers/i2c/i2c-core.h | 4 +- drivers/interconnect/qcom/sm8250.c | 1 - .../media/platform/qcom/camss/camss-csid-gen2.c | 68 +++- drivers/media/platform/qcom/camss/camss-csid.c | 44 ++- drivers/media/platform/qcom/camss/camss-csid.h | 11 +- drivers/mmc/core/block.c | 7 +- drivers/mmc/core/host.c | 1 + drivers/mmc/host/meson-mx-sdhc-mmc.c | 26 +- drivers/mmc/host/sdhci-sprd.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 7 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 12 +- drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_ethtool.c | 42 +- drivers/net/ethernet/intel/igc/igc_tsn.c | 2 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 35 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 6 +- .../ethernet/marvell/octeontx2/af/lmac_common.h | 5 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 4 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 11 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 3 +- .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 43 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 120 +----- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.h | 3 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 9 +- drivers/net/ethernet/qlogic/qla3xxx.c | 2 + drivers/net/ethernet/realtek/r8169_main.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 65 +-- drivers/net/ethernet/sfc/rx_common.c | 4 +- drivers/net/gtp.c | 4 +- drivers/net/usb/ax88172a.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-prph.h | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 17 +- drivers/pci/pci.c | 6 + drivers/pci/pci.h | 2 + drivers/pci/pcie/aspm.c | 19 + drivers/video/fbdev/imsttfb.c | 6 +- fs/9p/cache.c | 2 + fs/afs/internal.h | 2 + fs/btrfs/delalloc-space.c | 2 +- fs/btrfs/file-item.c | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 16 +- fs/btrfs/ordered-data.c | 7 +- fs/btrfs/ordered-data.h | 2 +- fs/btrfs/qgroup.c | 25 +- fs/btrfs/qgroup.h | 4 +- fs/cachefiles/namei.c | 2 + fs/ceph/cache.c | 2 + fs/ext4/move_extent.c | 48 ++- fs/f2fs/checkpoint.c | 2 +- fs/f2fs/compress.c | 15 +- fs/f2fs/data.c | 12 +- fs/f2fs/dir.c | 2 +- fs/f2fs/f2fs.h | 35 +- fs/f2fs/file.c | 11 +- fs/f2fs/inode.c | 18 +- fs/f2fs/node.h | 20 +- fs/f2fs/super.c | 26 +- fs/f2fs/sysfs.c | 2 +- fs/inode.c | 2 + fs/nfs/fscache.c | 3 + fs/smb/client/cifsglob.h | 1 - fs/smb/client/connect.c | 9 +- fs/smb/client/fscache.c | 2 + fs/smb/client/inode.c | 2 +- fs/smb/client/smb2file.c | 2 +- fs/smb/client/smb2misc.c | 2 +- fs/smb/client/smb2ops.c | 48 ++- fs/smb/client/smb2pdu.c | 16 +- fs/smb/client/smb2pdu.h | 2 +- fs/smb/common/smb2pdu.h | 42 +- fs/smb/server/smb2ops.c | 8 +- fs/smb/server/smb2pdu.c | 5 +- fs/splice.c | 34 +- include/linux/bpf.h | 13 +- include/linux/bpf_verifier.h | 1 + include/linux/f2fs_fs.h | 9 +- include/linux/fs.h | 1 + include/linux/group_cpus.h | 14 + include/linux/net.h | 1 + include/linux/pagemap.h | 33 ++ include/linux/skmsg.h | 1 + include/linux/socket.h | 3 + include/linux/splice.h | 1 + include/linux/udp.h | 69 ++-- include/net/af_unix.h | 1 + include/net/inet_common.h | 1 + include/net/ip.h | 2 +- include/net/netfilter/nf_conntrack_act_ct.h | 34 +- include/net/netfilter/nf_flow_table.h | 21 +- include/net/netfilter/nf_tables_ipv4.h | 6 +- include/net/sock.h | 23 +- include/net/tcp.h | 1 + include/net/udp.h | 1 + include/net/udp_tunnel.h | 9 +- io_uring/net.c | 2 + kernel/bpf/core.c | 25 +- kernel/bpf/trampoline.c | 4 +- kernel/bpf/verifier.c | 162 +++++--- kernel/cpu.c | 42 +- kernel/irq/affinity.c | 405 +------------------ kernel/rcu/srcutree.c | 31 +- kernel/trace/ring_buffer.c | 4 +- lib/Makefile | 2 + lib/group_cpus.c | 438 +++++++++++++++++++++ mm/filemap.c | 2 + mm/huge_memory.c | 3 +- mm/internal.h | 11 + mm/khugepaged.c | 22 +- mm/memory-failure.c | 9 +- mm/memory.c | 4 +- mm/memory_hotplug.c | 15 +- mm/migrate.c | 3 +- mm/page-writeback.c | 2 +- mm/truncate.c | 6 +- mm/vmscan.c | 8 +- net/can/j1939/socket.c | 10 +- net/can/raw.c | 1 + net/core/skbuff.c | 10 +- net/core/skmsg.c | 2 + net/core/sock.c | 16 +- net/core/sock_map.c | 2 + net/dns_resolver/dns_key.c | 19 +- net/ethtool/netlink.c | 2 +- net/ipv4/af_inet.c | 18 + net/ipv4/ip_output.c | 4 +- net/ipv4/ip_sockglue.c | 2 +- net/ipv4/tcp.c | 20 +- net/ipv4/tcp_ipv4.c | 1 + net/ipv4/udp.c | 110 ++---- net/ipv4/udp_offload.c | 4 +- net/ipv4/udp_tunnel_core.c | 2 +- net/ipv4/xfrm4_input.c | 4 +- net/ipv6/af_inet6.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 2 +- net/ipv6/tcp_ipv6.c | 1 + net/ipv6/udp.c | 38 +- net/ipv6/xfrm6_input.c | 4 +- net/l2tp/l2tp_core.c | 6 +- net/mptcp/subflow.c | 13 + net/netfilter/ipvs/ip_vs_xmit.c | 2 +- net/netfilter/nf_flow_table_core.c | 13 +- net/netfilter/nf_flow_table_inet.c | 2 +- net/netfilter/nf_flow_table_ip.c | 4 +- net/netfilter/nf_flow_table_offload.c | 18 +- net/netfilter/nf_log_syslog.c | 2 +- net/netfilter/nf_tables_core.c | 2 +- net/netfilter/nft_immediate.c | 2 +- net/netfilter/xt_length.c | 2 +- net/nfc/llcp_core.c | 39 +- net/openvswitch/conntrack.c | 2 +- net/sched/act_ct.c | 165 ++++++-- net/sched/em_text.c | 4 +- net/smc/smc_diag.c | 3 +- net/socket.c | 29 +- net/unix/af_unix.c | 2 - net/unix/unix_bpf.c | 5 + sound/pci/hda/patch_realtek.c | 4 + sound/soc/fsl/fsl_rpmsg.c | 10 +- sound/soc/mediatek/mt8186/mt8186-dai-adda.c | 2 +- sound/soc/meson/g12a-toacodec.c | 5 +- sound/soc/meson/g12a-tohdmitx.c | 8 +- tools/testing/selftests/bpf/verifier/ld_imm64.c | 8 +- .../net/bonding/bond-arp-interval-causes-panic.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 +- tools/testing/selftests/vm/memfd_secret.c | 3 + 214 files changed, 2405 insertions(+), 1455 deletions(-)

1 year, 8 months

16
166
0 0

[PATCH v4] usb: core: Prevent null pointer dereference in update_port_device_state

by Udipto Goswami

Currently,the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. Fixes: 83cb2604f641 ("usb: core: add sysfs entry for usb device state") Cc: stable(a)vger.kernel.org Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> --- v4: Fixed minor mistakes in the comment. v3: Re-wrote the comment for better context. v2: Introduced comment for the if check & CC'ed stable. drivers/usb/core/hub.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index ffd7c99e24a3..5ba1875e6bf4 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2053,9 +2053,22 @@ static void update_port_device_state(struct usb_device *udev) if (udev->parent) { hub = usb_hub_to_struct_hub(udev->parent); - port_dev = hub->ports[udev->portnum - 1]; - WRITE_ONCE(port_dev->state, udev->state); - sysfs_notify_dirent(port_dev->state_kn); + + /* + * The Link Layer Validation System Driver (lvstest) + * has step to unbind the hub before running the rest + * of the procedure. This triggers hub_disconnect which + * will set the hub's maxchild to 0, further resulting + * usb_hub_to_struct_hub returning NULL. + * + * Add if check to avoid running into NULL pointer + * de-reference. + */ + if (hub) { + port_dev = hub->ports[udev->portnum - 1]; + WRITE_ONCE(port_dev->state, udev->state); + sysfs_notify_dirent(port_dev->state_kn); + } } } -- 2.17.1

1 year, 8 months

2
2
0 0

Re: Follow Up

by Dyana Collins

Hi, I wanted to check with you if you had a time to go through my previous email, Let me know your thoughts about acquiring this email list Regards, *Dyana * ------------------------------------------------------------------------------------------------------------------------------------ Hi, Would you be interested in acquiring *Physicians Email & Mailing List* for your upcoming campaigns? *Physician Specialties* Anesthesiologist Ophthalmologist Cardiologist Optometrist Dermatologist Pathologist Dentist Pediatrician Emergency Medicine Psychiatrist Family Practitioners Psychologist Gastroenterologist Plastic Surgeon General Practitioners Podiatrist Gynecologist Pulmonologist Hospitalist Radiologist Hematologist Rheumatologist Internal Medicine Urologist Nephrologists Physician Assistants Neurologist Nurse Practitioners Oncologist Registered Nurses etc. Let me know your *target audience* so that I will get back to you with more information along with *pricing*. If you think I should be talking to someone else, please forward this email to the concerned person. Looking forward to hearing from you. Regards, *Dyana Collins **| **Online Marketing Executive* PWe have a responsibility to the environment Before printing this e-mail or any other document, let's ask ourselves whether we need a hard copy To unsubscribe, reply with “leave out” in the subject line.

1 year, 8 months

1
0
0 0

[PATCH v3] usb: core: Prevent null pointer dereference in update_port_device_state

by Udipto Goswami

Currently,the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. Fixes: 83cb2604f641 ("usb: core: add sysfs entry for usb device state") Cc: stable(a)vger.kernel.org Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> --- v3: Re-wrote the comment for better context. v2: Introduced comment for the if check & CC'ed stable. drivers/usb/core/hub.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index ffd7c99e24a3..6b514546e59b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2053,9 +2053,23 @@ static void update_port_device_state(struct usb_device *udev) if (udev->parent) { hub = usb_hub_to_struct_hub(udev->parent); - port_dev = hub->ports[udev->portnum - 1]; - WRITE_ONCE(port_dev->state, udev->state); - sysfs_notify_dirent(port_dev->state_kn); + + /* + * The Link Layer Validation System Driver (lvstest) + * has procedure of unbinding the hub before running + * the rest of the procedure. This triggers + * hub_disconnect will set the hub's maxchild to 0. + * This would result usb_hub_to_struct_hub in this + * function to return NULL. + * + * Add if check to avoid running into NULL pointer + * de-reference. + */ + if (hub) { + port_dev = hub->ports[udev->portnum - 1]; + WRITE_ONCE(port_dev->state, udev->state); + sysfs_notify_dirent(port_dev->state_kn); + } } } -- 2.17.1

1 year, 8 months

2
4
0 0

[PATCH] mtd: spinand: macronix: Correct faulty page size of MX35LF4GE4AD

by Jaime Liao

From: JaimeLiao <jaimeliao(a)mxic.com.tw> Correct page size of MX35LF4GE4AD to 4096. Signed-off-by: JaimeLiao <jaimeliao(a)mxic.com.tw> --- drivers/mtd/nand/spi/macronix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/spi/macronix.c b/drivers/mtd/nand/spi/macronix.c index bbb1d68bce4a..f18c6cfe8ff5 100644 --- a/drivers/mtd/nand/spi/macronix.c +++ b/drivers/mtd/nand/spi/macronix.c @@ -125,7 +125,7 @@ static const struct spinand_info macronix_spinand_table[] = { SPINAND_HAS_QE_BIT, SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, NULL)), SPINAND_INFO("MX35LF4GE4AD", 0x37, - NAND_MEMORG(1, 2048, 128, 64, 2048, 40, 1, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 2048, 40, 1, 1, 1), NAND_ECCREQ(8, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_variants, &write_cache_variants, -- 2.25.1

1 year, 8 months

2
1
0 0

+ readahead-avoid-multiple-marked-readahead-pages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: readahead: avoid multiple marked readahead pages has been added to the -mm mm-hotfixes-unstable branch. Its filename is readahead-avoid-multiple-marked-readahead-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: readahead: avoid multiple marked readahead pages Date: Thu, 4 Jan 2024 09:58:39 +0100 ra_alloc_folio() marks a page that should trigger next round of async readahead. However it rounds up computed index to the order of page being allocated. This can however lead to multiple consecutive pages being marked with readahead flag. Consider situation with index == 1, mark == 1, order == 0. We insert order 0 page at index 1 and mark it. Then we bump order to 1, index to 2, mark (still == 1) is rounded up to 2 so page at index 2 is marked as well. Then we bump order to 2, index is incremented to 4, mark gets rounded to 4 so page at index 4 is marked as well. The fact that multiple pages get marked within a single readahead window confuses the readahead logic and results in readahead window being trimmed back to 1. This situation is triggered in particular when maximum readahead window size is not a power of two (in the observed case it was 768 KB) and as a result sequential read throughput suffers. Fix the problem by rounding 'mark' down instead of up. Because the index is naturally aligned to 'order', we are guaranteed 'rounded mark' == index iff 'mark' is within the page we are allocating at 'index' and thus exactly one page is marked with readahead flag as required by the readahead code and sequential read performance is restored. This effectively reverts part of commit b9ff43dd2743 ("mm/readahead: Fix readahead with large folios"). The commit changed the rounding with the rationale: "... we were setting the readahead flag on the folio which contains the last byte read from the block. This is wrong because we will trigger readahead at the end of the read without waiting to see if a subsequent read is going to use the pages we just read." Although this is true, the fact is this was always the case with read sizes not aligned to folio boundaries and large folios in the page cache just make the situation more obvious (and frequent). Also for sequential read workloads it is better to trigger the readahead earlier rather than later. It is true that the difference in the rounding and thus earlier triggering of the readahead can result in reading more for semi-random workloads. However workloads really suffering from this seem to be rare. In particular I have verified that the workload described in commit b9ff43dd2743 ("mm/readahead: Fix readahead with large folios") of reading random 100k blocks from a file like: [reader] bs=100k rw=randread numjobs=1 size=64g runtime=60s is not impacted by the rounding change and achieves ~70MB/s in both cases. Link: https://lkml.kernel.org/r/20240104085839.21029-1-jack@suse.cz Fixes: b9ff43dd2743 ("mm/readahead: Fix readahead with large folios") Signed-off-by: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Guo Xuenan <guoxuenan(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/readahead.c~readahead-avoid-multiple-marked-readahead-pages +++ a/mm/readahead.c @@ -469,7 +469,7 @@ static inline int ra_alloc_folio(struct if (!folio) return -ENOMEM; - mark = round_up(mark, 1UL << order); + mark = round_down(mark, 1UL << order); if (index == mark) folio_set_readahead(folio); err = filemap_add_folio(ractl->mapping, folio, index, gfp); _ Patches currently in -mm which might be from jack(a)suse.cz are readahead-avoid-multiple-marked-readahead-pages.patch

1 year, 8 months

1
0
0 0

+ efi-disable-mirror-feature-during-crashkernel.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: efi: disable mirror feature during crashkernel has been added to the -mm mm-hotfixes-unstable branch. Its filename is efi-disable-mirror-feature-during-crashkernel.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: efi: disable mirror feature during crashkernel Date: Tue, 9 Jan 2024 12:15:36 +0800 If the system has no mirrored memory or uses crashkernel.high while kernelcore=mirror is enabled on the command line then during crashkernel, there will be limited mirrored memory and this usually leads to OOM. To solve this problem, disable the mirror feature during crashkernel. Link: https://lkml.kernel.org/r/20240109041536.3903042-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mm_init.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/mm/mm_init.c~efi-disable-mirror-feature-during-crashkernel +++ a/mm/mm_init.c @@ -26,6 +26,7 @@ #include <linux/pgtable.h> #include <linux/swap.h> #include <linux/cma.h> +#include <linux/crash_dump.h> #include "internal.h" #include "slab.h" #include "shuffle.h" @@ -381,6 +382,11 @@ static void __init find_zone_movable_pfn goto out; } + if (is_kdump_kernel()) { + pr_warn("The system is under kdump, ignore kernelcore=mirror.\n"); + goto out; + } + for_each_mem_region(r) { if (memblock_is_mirror(r)) continue; _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are efi-disable-mirror-feature-during-crashkernel.patch

1 year, 8 months

1
0
0 0

+ kexec-do-syscore_shutdown-in-kernel_kexec.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kexec: do syscore_shutdown() in kernel_kexec has been added to the -mm mm-hotfixes-unstable branch. Its filename is kexec-do-syscore_shutdown-in-kernel_kexec.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: James Gowans <jgowans(a)amazon.com> Subject: kexec: do syscore_shutdown() in kernel_kexec Date: Wed, 13 Dec 2023 08:40:04 +0200 syscore_shutdown() runs driver and module callbacks to get the system into a state where it can be correctly shut down. In commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") syscore_shutdown() was removed from kernel_restart_prepare() and hence got (incorrectly?) removed from the kexec flow. This was innocuous until commit 6735150b6997 ("KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown") changed the way that KVM registered its shutdown callbacks, switching from reboot notifiers to syscore_ops.shutdown. As syscore_shutdown() is missing from kexec, KVM's shutdown hook is not run and virtualisation is left enabled on the boot CPU which results in triple faults when switching to the new kernel on Intel x86 VT-x with VMXE enabled. Fix this by adding syscore_shutdown() to the kexec sequence. In terms of where to add it, it is being added after migrating the kexec task to the boot CPU, but before APs are shut down. It is not totally clear if this is the best place: in commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") it is stated that "syscore_ops operations should be carried with one CPU on-line and interrupts disabled." APs are only offlined later in machine_shutdown(), so this syscore_shutdown() is being run while APs are still online. This seems to be the correct place as it matches where syscore_shutdown() is run in the reboot and halt flows - they also run it before APs are shut down. The assumption is that the commit message in commit 6f389a8f1dd2 ("PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()") is no longer valid. KVM has been discussed here as it is what broke loudly by not having syscore_shutdown() in kexec, but this change impacts more than just KVM; all drivers/modules which register a syscore_ops.shutdown callback will now be invoked in the kexec flow. Looking at some of them like x86 MCE it is probably more correct to also shut these down during kexec. Maintainers of all drivers which use syscore_ops.shutdown are added on CC for visibility. They are: arch/powerpc/platforms/cell/spu_base.c .shutdown = spu_shutdown, arch/x86/kernel/cpu/mce/core.c .shutdown = mce_syscore_shutdown, arch/x86/kernel/i8259.c .shutdown = i8259A_shutdown, drivers/irqchip/irq-i8259.c .shutdown = i8259A_shutdown, drivers/irqchip/irq-sun6i-r.c .shutdown = sun6i_r_intc_shutdown, drivers/leds/trigger/ledtrig-cpu.c .shutdown = ledtrig_cpu_syscore_shutdown, drivers/power/reset/sc27xx-poweroff.c .shutdown = sc27xx_poweroff_shutdown, kernel/irq/generic-chip.c .shutdown = irq_gc_shutdown, virt/kvm/kvm_main.c .shutdown = kvm_shutdown, This has been tested by doing a kexec on x86_64 and aarch64. Link: https://lkml.kernel.org/r/20231213064004.2419447-1-jgowans@amazon.com Fixes: 6735150b6997 ("KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown") Signed-off-by: James Gowans <jgowans(a)amazon.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Chen-Yu Tsai <wens(a)csie.org> Cc: Jernej Skrabec <jernej.skrabec(a)gmail.com> Cc: Samuel Holland <samuel(a)sholland.org> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Sebastian Reichel <sre(a)kernel.org> Cc: Orson Zhai <orsonzhai(a)gmail.com> Cc: Alexander Graf <graf(a)amazon.de> Cc: Jan H. Schoenherr <jschoenh(a)amazon.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kexec_core.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/kexec_core.c~kexec-do-syscore_shutdown-in-kernel_kexec +++ a/kernel/kexec_core.c @@ -1257,6 +1257,7 @@ int kernel_kexec(void) kexec_in_progress = true; kernel_restart_prepare("kexec reboot"); migrate_to_reboot_cpu(); + syscore_shutdown(); /* * migrate_to_reboot_cpu() disables CPU hotplug assuming that _ Patches currently in -mm which might be from jgowans(a)amazon.com are kexec-do-syscore_shutdown-in-kernel_kexec.patch

1 year, 8 months

1
0
0 0

+ fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: move mmu notification mechanism inside mm lock has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Subject: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Date: Tue, 9 Jan 2024 16:24:42 +0500 Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending upon the number of iterations, different memory ranges would be invalidated. The following warning would be removed by this patch: WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 There is no behavioural and performance change with this patch when there is no component registered with the mmu notifier. Link: https://lkml.kernel.org/r/20240109112445.590736-1-usama.anjum@collabora.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reported-by: syzbot+81227d2bd69e9dedb802(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000f6d051060c6785bc@google.com/ Reviewed-by: Sean Christopherson <seanjc(a)google.com> Cc: Andrei Vagin <avagin(a)google.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Micha�� Miros��aw <mirq-linux(a)rere.qmqm.pl> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Stephen Rothwell <sfr(a)canb.auug.org.au> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock +++ a/fs/proc/task_mmu.c @@ -2448,13 +2448,6 @@ static long do_pagemap_scan(struct mm_st if (ret) return ret; - /* Protection change for the range is going to happen. */ - if (p.arg.flags & PM_SCAN_WP_MATCHING) { - mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, - mm, p.arg.start, p.arg.end); - mmu_notifier_invalidate_range_start(&range); - } - for (walk_start = p.arg.start; walk_start < p.arg.end; walk_start = p.arg.walk_end) { long n_out; @@ -2467,8 +2460,20 @@ static long do_pagemap_scan(struct mm_st ret = mmap_read_lock_killable(mm); if (ret) break; + + /* Protection change for the range is going to happen. */ + if (p.arg.flags & PM_SCAN_WP_MATCHING) { + mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, + mm, walk_start, p.arg.end); + mmu_notifier_invalidate_range_start(&range); + } + ret = walk_page_range(mm, walk_start, p.arg.end, &pagemap_scan_ops, &p); + + if (p.arg.flags & PM_SCAN_WP_MATCHING) + mmu_notifier_invalidate_range_end(&range); + mmap_read_unlock(mm); n_out = pagemap_scan_flush_buffer(&p); @@ -2494,9 +2499,6 @@ static long do_pagemap_scan(struct mm_st if (pagemap_scan_writeback_args(&p.arg, uarg)) ret = -EFAULT; - if (p.arg.flags & PM_SCAN_WP_MATCHING) - mmu_notifier_invalidate_range_end(&range); - kfree(p.vec_buf); return ret; } _ Patches currently in -mm which might be from usama.anjum(a)collabora.com are fs-proc-task_mmu-move-mmu-notification-mechanism-inside-mm-lock.patch

1 year, 8 months

1
0
0 0

[PATCH] fs/proc/task_mmu: move mmu notification mechanism inside mm lock

by Muhammad Usama Anjum

Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending upon the number of iterations, different memory ranges would be invalidated. The following warning would be removed by this patch: WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 There is no behavioural and performance change with this patch when there is no component registered with the mmu notifier. Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Reported-by: syzbot+81227d2bd69e9dedb802(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000f6d051060c6785bc@google.com/ Cc: Sean Christopherson <seanjc(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- fs/proc/task_mmu.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 62b16f42d5d2..56c2e7357494 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -2448,13 +2448,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) if (ret) return ret; - /* Protection change for the range is going to happen. */ - if (p.arg.flags & PM_SCAN_WP_MATCHING) { - mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, - mm, p.arg.start, p.arg.end); - mmu_notifier_invalidate_range_start(&range); - } - for (walk_start = p.arg.start; walk_start < p.arg.end; walk_start = p.arg.walk_end) { long n_out; @@ -2467,8 +2460,20 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) ret = mmap_read_lock_killable(mm); if (ret) break; + + /* Protection change for the range is going to happen. */ + if (p.arg.flags & PM_SCAN_WP_MATCHING) { + mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_VMA, 0, + mm, walk_start, p.arg.end); + mmu_notifier_invalidate_range_start(&range); + } + ret = walk_page_range(mm, walk_start, p.arg.end, &pagemap_scan_ops, &p); + + if (p.arg.flags & PM_SCAN_WP_MATCHING) + mmu_notifier_invalidate_range_end(&range); + mmap_read_unlock(mm); n_out = pagemap_scan_flush_buffer(&p); @@ -2494,9 +2499,6 @@ static long do_pagemap_scan(struct mm_struct *mm, unsigned long uarg) if (pagemap_scan_writeback_args(&p.arg, uarg)) ret = -EFAULT; - if (p.arg.flags & PM_SCAN_WP_MATCHING) - mmu_notifier_invalidate_range_end(&range); - kfree(p.vec_buf); return ret; } -- 2.42.0

1 year, 8 months

3
2
0 0

+ scripts-decode_stacktracesh-optionally-use-llvm-utilities.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/decode_stacktrace.sh: optionally use LLVM utilities has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-decode_stacktracesh-optionally-use-llvm-utilities.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Carlos Llamas <cmllamas(a)google.com> Subject: scripts/decode_stacktrace.sh: optionally use LLVM utilities Date: Fri, 29 Sep 2023 03:48:17 +0000 GNU's addr2line can have problems parsing a vmlinux built with LLVM, particularly when LTO was used. In order to decode the traces correctly this patch adds the ability to switch to LLVM's utilities readelf and addr2line. The same approach is followed by Will in [1]. Before: $ scripts/decode_stacktrace.sh vmlinux < kernel.log [17716.240635] Call trace: [17716.240646] skb_cow_data (??:?) [17716.240654] esp6_input (ld-temp.o:?) [17716.240666] xfrm_input (ld-temp.o:?) [17716.240674] xfrm6_rcv (??:?) [...] After: $ LLVM=1 scripts/decode_stacktrace.sh vmlinux < kernel.log [17716.240635] Call trace: [17716.240646] skb_cow_data (include/linux/skbuff.h:2172 net/core/skbuff.c:4503) [17716.240654] esp6_input (net/ipv6/esp6.c:977) [17716.240666] xfrm_input (net/xfrm/xfrm_input.c:659) [17716.240674] xfrm6_rcv (net/ipv6/xfrm6_input.c:172) [...] Note that one could set CROSS_COMPILE=llvm- instead to hack around this issue. However, doing so can break the decodecode routine as it will force the selection of other LLVM utilities down the line e.g. llvm-as. [1] https://lore.kernel.org/all/20230914131225.13415-3-will@kernel.org/ Link: https://lkml.kernel.org/r/20230929034836.403735-1-cmllamas@google.com Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Nick Desaulniers <ndesaulniers(a)google.com> Reviewed-by: Elliot Berman <quic_eberman(a)quicinc.com> Tested-by: Justin Stitt <justinstitt(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: John Stultz <jstultz(a)google.com> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Tom Rix <trix(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/decode_stacktrace.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) --- a/scripts/decode_stacktrace.sh~scripts-decode_stacktracesh-optionally-use-llvm-utilities +++ a/scripts/decode_stacktrace.sh @@ -16,6 +16,21 @@ elif type c++filt >/dev/null 2>&1 ; then cppfilt_opts=-i fi +UTIL_SUFFIX= +if [[ -z ${LLVM:-} ]]; then + UTIL_PREFIX=${CROSS_COMPILE:-} +else + UTIL_PREFIX=llvm- + if [[ ${LLVM} == */ ]]; then + UTIL_PREFIX=${LLVM}${UTIL_PREFIX} + elif [[ ${LLVM} == -* ]]; then + UTIL_SUFFIX=${LLVM} + fi +fi + +READELF=${UTIL_PREFIX}readelf${UTIL_SUFFIX} +ADDR2LINE=${UTIL_PREFIX}addr2line${UTIL_SUFFIX} + if [[ $1 == "-r" ]] ; then vmlinux="" basepath="auto" @@ -75,7 +90,7 @@ find_module() { if [[ "$modpath" != "" ]] ; then for fn in $(find "$modpath" -name "${module//_/[-_]}.ko*") ; do - if readelf -WS "$fn" | grep -qwF .debug_line ; then + if ${READELF} -WS "$fn" | grep -qwF .debug_line ; then echo $fn return fi @@ -169,7 +184,7 @@ parse_symbol() { if [[ $aarray_support == true && "${cache[$module,$address]+isset}" == "isset" ]]; then local code=${cache[$module,$address]} else - local code=$(${CROSS_COMPILE}addr2line -i -e "$objfile" "$address" 2>/dev/null) + local code=$(${ADDR2LINE} -i -e "$objfile" "$address" 2>/dev/null) if [[ $aarray_support == true ]]; then cache[$module,$address]=$code fi _ Patches currently in -mm which might be from cmllamas(a)google.com are scripts-decode_stacktracesh-optionally-use-llvm-utilities.patch

1 year, 8 months

1
0
0 0

+ bounds-support-non-power-of-two-config_nr_cpus.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: bounds: support non-power-of-two CONFIG_NR_CPUS has been added to the -mm mm-nonmm-unstable branch. Its filename is bounds-support-non-power-of-two-config_nr_cpus.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: support non-power-of-two CONFIG_NR_CPUS Date: Tue, 10 Oct 2023 15:55:49 +0100 ilog2() rounds down, so for example when PowerPC 85xx sets CONFIG_NR_CPUS to 24, we will only allocate 4 bits to store the number of CPUs instead of 5. Use bits_per() instead, which rounds up. Found by code inspection. The effect of this would probably be a misaccounting when doing NUMA balancing, so to a user, it would only be a performance penalty. The effects may be more wide-spread; it's hard to tell. Link: https://lkml.kernel.org/r/20231010145549.1244748-1-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 90572890d202 ("mm: numa: Change page last {nid,pid} into {cpu,pid}") Reviewed-by: Rik van Riel <riel(a)surriel.com> Acked-by: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-support-non-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, ilog2(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are bounds-support-non-power-of-two-config_nr_cpus.patch

1 year, 8 months

1
0
0 0

[PATCH v1 1/1] Bluetooth: hci_event: Fix wakeup BD_ADDR are wrongly recorded

by Zijun Hu

hci_store_wake_reason() wrongly parses event HCI_Connection_Request as HCI_Connection_Complete and HCI_Connection_Complete as HCI_Connection_Request, so causes recording wakeup BD_ADDR error and stability issue, it is fixed by this change. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- net/bluetooth/hci_event.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index ef8c3bed7361..22b22c264c2a 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -7420,10 +7420,10 @@ static void hci_store_wake_reason(struct hci_dev *hdev, u8 event, * keep track of the bdaddr of the connection event that woke us up. */ if (event == HCI_EV_CONN_REQUEST) { - bacpy(&hdev->wake_addr, &conn_complete->bdaddr); + bacpy(&hdev->wake_addr, &conn_request->bdaddr); hdev->wake_addr_type = BDADDR_BREDR; } else if (event == HCI_EV_CONN_COMPLETE) { - bacpy(&hdev->wake_addr, &conn_request->bdaddr); + bacpy(&hdev->wake_addr, &conn_complete->bdaddr); hdev->wake_addr_type = BDADDR_BREDR; } else if (event == HCI_EV_LE_META) { struct hci_ev_le_meta *le_ev = (void *)skb->data; -- 2.7.4

1 year, 8 months

5
4
0 0

riscv: clang-nightly-allmodconfig: failed on stable-rc 6.6 and 6.1

by Naresh Kamboju

The clang nightly build failures are noticed on stable-rc 6.6 and 6.1 for riscv allmodconfig builds. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Logs: ===== arch/riscv/kernel -I ./arch/riscv/kernel -dwarf-version=4 -mrelocation-model static -target-abi lp64 -mllvm -riscv-add-build-attributes -o arch/riscv/kernel/kexec_relocate.o /tmp/kexec_relocate-28089a.s #0 0x00007f5039e1667a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0xd6d67a) #1 0x00007f5039e146a4 llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0xd6b6a4) #2 0x00007f5039e16d3b (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0xd6dd3b) #3 0x00007f5038ba8510 (/lib/x86_64-linux-gnu/libc.so.6+0x3c510) #4 0x00007f503c8f50c8 (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x384c0c8) #5 0x00007f503b492cf5 (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23e9cf5) #6 0x00007f503b492607 (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23e9607) #7 0x00007f503b492300 llvm::MCExpr::evaluateAsRelocatableImpl(llvm::MCValue&, llvm::MCAssembler const*, llvm::MCAsmLayout const*, llvm::MCFixup const*, llvm::DenseMap<llvm::MCSection const*, unsigned long, llvm::DenseMapInfo<llvm::MCSection const*, void>, llvm::detail::DenseMapPair<llvm::MCSection const*, unsigned long>> const*, bool) const (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23e9300) #8 0x00007f503b492536 llvm::MCExpr::evaluateAsRelocatable(llvm::MCValue&, llvm::MCAsmLayout const*, llvm::MCFixup const*) const (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23e9536) #9 0x00007f503b46d51a llvm::MCAssembler::evaluateFixup(llvm::MCAsmLayout const&, llvm::MCFixup const&, llvm::MCFragment const*, llvm::MCValue&, llvm::MCSubtargetInfo const*, unsigned long&, bool&) const (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23c451a) #10 0x00007f503b46f8d2 llvm::MCAssembler::layout(llvm::MCAsmLayout&) (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23c68d2) #11 0x00007f503b46fbeb llvm::MCAssembler::Finish() (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23c6beb) #12 0x00007f503b48e43c llvm::MCELFStreamer::finishImpl() (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x23e543c) #13 0x00007f503b4ec410 (/lib/x86_64-linux-gnu/libLLVM-18.so.1+0x2443410) #14 0x000055b46ddce675 cc1as_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/lib/llvm-18/bin/clang+0x18675) #15 0x000055b46ddc6285 (/usr/lib/llvm-18/bin/clang+0x10285) #16 0x000055b46ddc53a8 clang_main(int, char**, llvm::ToolContext const&) (/usr/lib/llvm-18/bin/clang+0xf3a8) #17 0x000055b46ddd3016 main (/usr/lib/llvm-18/bin/clang+0x1d016) #18 0x00007f5038b936ca (/lib/x86_64-linux-gnu/libc.so.6+0x276ca) #19 0x00007f5038b93785 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27785) #20 0x000055b46ddc2b11 _start (/usr/lib/llvm-18/bin/clang+0xcb11) clang: error: unable to execute command: Segmentation fault (core dumped) clang: error: clang integrated assembler command failed due to signal (use -v to see invocation) Debian clang version 18.0.0 (++20240107111313+2835be82db20-1~exp1~20240107111423.1804) Target: riscv64-unknown-linux-gnu Thread model: posix InstalledDir: /usr/local/bin clang: note: diagnostic msg: ******************** PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT: Preprocessed source(s) and associated run script(s) are located at: clang: note: diagnostic msg: /tmp/kexec_relocate-53192a.S clang: note: diagnostic msg: /tmp/kexec_relocate-53192a.sh clang: note: diagnostic msg: ******************** make[4]: *** [scripts/Makefile.build:382: arch/riscv/kernel/kexec_relocate.o] Error 1 Links: - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.6.y/build/v6.6.1… - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.7… Test history link: - https://qa-reports.linaro.org/_/comparetest/?project=1597&project=1971&suit… -- Linaro LKFT https://lkft.linaro.org

1 year, 8 months

2
1
0 0

[PATCH net v3 1/1] net: stmmac: Prevent DSA tags from breaking COE

by Romain Gantois

Some DSA tagging protocols change the EtherType field in the MAC header e.g. DSA_TAG_PROTO_(DSA/EDSA/BRCM/MTK/RTL4C_A/SJA1105). On TX these tagged frames are ignored by the checksum offload engine and IP header checker of some stmmac cores. On RX, the stmmac driver wrongly assumes that checksums have been computed for these tagged packets, and sets CHECKSUM_UNNECESSARY. Add an additional check in the stmmac TX and RX hotpaths so that COE is deactivated for packets with ethertypes that will not trigger the COE and IP header checks. Fixes: 6b2c6e4a938f ("net: stmmac: propagate feature flags to vlan") Cc: stable(a)vger.kernel.org Reported-by: Richard Tresidder <rtresidd(a)electromag.com.au> Link: https://lore.kernel.org/netdev/e5c6c75f-2dfa-4e50-a1fb-6bf4cdb617c2@electro… Reported-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://lore.kernel.org/netdev/c57283ed-6b9b-b0e6-ee12-5655c1c54495@bootlin… Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> --- .../net/ethernet/stmicro/stmmac/stmmac_main.c | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c index a9b6b383e863..6797c944a2ac 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c @@ -4371,6 +4371,19 @@ static netdev_tx_t stmmac_tso_xmit(struct sk_buff *skb, struct net_device *dev) return NETDEV_TX_OK; } +/* Check if ethertype will trigger IP + * header checks/COE in hardware + */ +static inline bool stmmac_has_ip_ethertype(struct sk_buff *skb) +{ + int depth = 0; + __be16 proto; + + proto = __vlan_get_protocol(skb, eth_header_parse_protocol(skb), &depth); + + return depth <= ETH_HLEN && (proto == htons(ETH_P_IP) || proto == htons(ETH_P_IPV6)); +} + /** * stmmac_xmit - Tx entry point of the driver * @skb : the socket buffer @@ -4435,9 +4448,13 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) /* DWMAC IPs can be synthesized to support tx coe only for a few tx * queues. In that case, checksum offloading for those queues that don't * support tx coe needs to fallback to software checksum calculation. + * + * Packets that won't trigger the COE e.g. most DSA-tagged packets will + * also have to be checksummed in software. */ if (csum_insertion && - priv->plat->tx_queues_cfg[queue].coe_unsupported) { + (priv->plat->tx_queues_cfg[queue].coe_unsupported || + !stmmac_has_ip_ethertype(skb))) { if (unlikely(skb_checksum_help(skb))) goto dma_map_err; csum_insertion = !csum_insertion; @@ -4997,7 +5014,7 @@ static void stmmac_dispatch_skb_zc(struct stmmac_priv *priv, u32 queue, stmmac_rx_vlan(priv->dev, skb); skb->protocol = eth_type_trans(skb, priv->dev); - if (unlikely(!coe)) + if (unlikely(!coe) || !stmmac_has_ip_ethertype(skb)) skb_checksum_none_assert(skb); else skb->ip_summed = CHECKSUM_UNNECESSARY; @@ -5513,7 +5530,7 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue) stmmac_rx_vlan(priv->dev, skb); skb->protocol = eth_type_trans(skb, priv->dev); - if (unlikely(!coe)) + if (unlikely(!coe) || !stmmac_has_ip_ethertype(skb)) skb_checksum_none_assert(skb); else skb->ip_summed = CHECKSUM_UNNECESSARY; -- 2.43.0

1 year, 8 months

3
5
0 0

[PATCH AUTOSEL 6.1 01/24] Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1

by Sasha Levin

From: José Pekkarinen <jose.pekkarinen(a)foxhound.fi> [ Upstream commit c1f342f35f820b33390571293498c3e2e9bc77ec ] Observed on dmesg of my laptop I see the following output: [ 19.898700] psmouse serio1: synaptics: queried max coordinates: x [..5678], y [..4694] [ 19.936057] psmouse serio1: synaptics: queried min coordinates: x [1266..], y [1162..] [ 19.936076] psmouse serio1: synaptics: Your touchpad (PNP: LEN0411 PNP0f13) says it can support a different bus. If i2c-hid and hid-rmi are not used, you might want to try setting psmouse.synaptics_intertouch to 1 and report this to linux-input(a)vger.kernel.org. [ 20.008901] psmouse serio1: synaptics: Touchpad model: 1, fw: 10.32, id: 0x1e2a1, caps: 0xf014a3/0x940300/0x12e800/0x500000, board id: 3471, fw id: 2909640 [ 20.008925] psmouse serio1: synaptics: serio: Synaptics pass-through port at isa0060/serio1/input0 [ 20.053344] input: SynPS/2 Synaptics TouchPad as /devices/platform/i8042/serio1/input/input7 [ 20.397608] mousedev: PS/2 mouse device common for all mice This patch will add its pnp id to the smbus list to produce the setup of intertouch for the device. Signed-off-by: José Pekkarinen <jose.pekkarinen(a)foxhound.fi> Link: https://lore.kernel.org/r/20231114063607.71772-1-jose.pekkarinen@foxhound.fi Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/synaptics.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c index e43e93ac2798a..b6749af462620 100644 --- a/drivers/input/mouse/synaptics.c +++ b/drivers/input/mouse/synaptics.c @@ -183,6 +183,7 @@ static const char * const smbus_pnp_ids[] = { "LEN009b", /* T580 */ "LEN0402", /* X1 Extreme Gen 2 / P1 Gen 2 */ "LEN040f", /* P1 Gen 3 */ + "LEN0411", /* L14 Gen 1 */ "LEN200f", /* T450s */ "LEN2044", /* L470 */ "LEN2054", /* E480 */ -- 2.43.0

1 year, 8 months

2
24
0 0

[PATCH 6.1.y ] smb3: Replace smb2pdu 1-element arrays with flex-arrays

by Namjae Jeon

From: Kees Cook <keescook(a)chromium.org> commit eb3e28c1e89b4984308777231887e41aa8a0151f upstream. The kernel is globally removing the ambiguous 0-length and 1-element arrays in favor of flexible arrays, so that we can gain both compile-time and run-time array bounds checking[1]. Replace the trailing 1-element array with a flexible array in the following structures: struct smb2_err_rsp struct smb2_tree_connect_req struct smb2_negotiate_rsp struct smb2_sess_setup_req struct smb2_sess_setup_rsp struct smb2_read_req struct smb2_read_rsp struct smb2_write_req struct smb2_write_rsp struct smb2_query_directory_req struct smb2_query_directory_rsp struct smb2_set_info_req struct smb2_change_notify_rsp struct smb2_create_rsp struct smb2_query_info_req struct smb2_query_info_rsp Replace the trailing 1-element array with a flexible array, but leave the existing structure padding: struct smb2_file_all_info struct smb2_lock_req Adjust all related size calculations to match the changes to sizeof(). No machine code output or .data section differences are produced after these changes. [1] For lots of details, see both: https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element… https://people.kernel.org/kees/bounded-flexible-arrays-in-c Cc: Steve French <sfrench(a)samba.org> Cc: Paulo Alcantara <pc(a)cjr.nz> Cc: Ronnie Sahlberg <lsahlber(a)redhat.com> Cc: Shyam Prasad N <sprasad(a)microsoft.com> Cc: Tom Talpey <tom(a)talpey.com> Cc: Namjae Jeon <linkinjeon(a)kernel.org> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: linux-cifs(a)vger.kernel.org Cc: samba-technical(a)lists.samba.org Reviewed-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> --- fs/smb/client/smb2file.c | 2 +- fs/smb/client/smb2misc.c | 2 +- fs/smb/client/smb2ops.c | 14 +++++++------- fs/smb/client/smb2pdu.c | 16 +++++++-------- fs/smb/client/smb2pdu.h | 2 +- fs/smb/common/smb2pdu.h | 42 +++++++++++++++++++++++----------------- fs/smb/server/smb2ops.c | 8 ++++---- fs/smb/server/smb2pdu.c | 8 +++----- 8 files changed, 48 insertions(+), 46 deletions(-) diff --git a/fs/smb/client/smb2file.c b/fs/smb/client/smb2file.c index ba6cc50af390..a7475bc05cac 100644 --- a/fs/smb/client/smb2file.c +++ b/fs/smb/client/smb2file.c @@ -34,7 +34,7 @@ static struct smb2_symlink_err_rsp *symlink_data(const struct kvec *iov) len = (u32)err->ErrorContextCount * (offsetof(struct smb2_error_context_rsp, ErrorContextData) + sizeof(struct smb2_symlink_err_rsp)); - if (le32_to_cpu(err->ByteCount) < len || iov->iov_len < len + sizeof(*err)) + if (le32_to_cpu(err->ByteCount) < len || iov->iov_len < len + sizeof(*err) + 1) return ERR_PTR(-EINVAL); p = (struct smb2_error_context_rsp *)err->ErrorData; diff --git a/fs/smb/client/smb2misc.c b/fs/smb/client/smb2misc.c index 88942b1fb431..fdf7a7f188c5 100644 --- a/fs/smb/client/smb2misc.c +++ b/fs/smb/client/smb2misc.c @@ -113,7 +113,7 @@ static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len, } else if (nc_offset + 1 == non_ctxlen) { cifs_dbg(FYI, "no SPNEGO security blob in negprot rsp\n"); size_of_pad_before_neg_ctxts = 0; - } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE) + } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE + 1) /* has padding, but no SPNEGO blob */ size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen + 1; else diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index 285d360eb59a..4596d2dfdec3 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -5764,7 +5764,7 @@ struct smb_version_values smb20_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5786,7 +5786,7 @@ struct smb_version_values smb21_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5807,7 +5807,7 @@ struct smb_version_values smb3any_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5828,7 +5828,7 @@ struct smb_version_values smbdefault_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5849,7 +5849,7 @@ struct smb_version_values smb30_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5870,7 +5870,7 @@ struct smb_version_values smb302_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -5891,7 +5891,7 @@ struct smb_version_values smb311_values = { .header_size = sizeof(struct smb2_hdr), .header_preamble_size = 0, .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 05ff8a457a3d..2dfbf1b23cfa 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -1386,7 +1386,7 @@ SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data) /* Testing shows that buffer offset must be at location of Buffer[0] */ req->SecurityBufferOffset = - cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 1 /* pad */); + cpu_to_le16(sizeof(struct smb2_sess_setup_req)); req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len); memset(&rqst, 0, sizeof(struct smb_rqst)); @@ -1905,8 +1905,7 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, iov[0].iov_len = total_len - 1; /* Testing shows that buffer offset must be at location of Buffer[0] */ - req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) - - 1 /* pad */); + req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)); req->PathLength = cpu_to_le16(unc_path_len - 2); iov[1].iov_base = unc_path; iov[1].iov_len = unc_path_len; @@ -3796,7 +3795,7 @@ SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon, ses->Suid, (u8)watch_tree, completion_filter); /* validate that notify information is plausible */ if ((rsp_iov.iov_base == NULL) || - (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp))) + (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1)) goto cnotify_exit; smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base; @@ -5009,7 +5008,7 @@ int SMB2_query_directory_init(const unsigned int xid, memcpy(bufptr, &asteriks, len); req->FileNameOffset = - cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1); + cpu_to_le16(sizeof(struct smb2_query_directory_req)); req->FileNameLength = cpu_to_le16(len); /* * BB could be 30 bytes or so longer if we used SMB2 specific @@ -5205,8 +5204,7 @@ SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, req->VolatileFileId = volatile_fid; req->AdditionalInformation = cpu_to_le32(additional_info); - req->BufferOffset = - cpu_to_le16(sizeof(struct smb2_set_info_req) - 1); + req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req)); req->BufferLength = cpu_to_le32(*size); memcpy(req->Buffer, *data, *size); @@ -5440,9 +5438,9 @@ build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, req->VolatileFileId = volatile_fid; /* 1 for pad */ req->InputBufferOffset = - cpu_to_le16(sizeof(struct smb2_query_info_req) - 1); + cpu_to_le16(sizeof(struct smb2_query_info_req)); req->OutputBufferLength = cpu_to_le32( - outbuf_len + sizeof(struct smb2_query_info_rsp) - 1); + outbuf_len + sizeof(struct smb2_query_info_rsp)); iov->iov_base = (char *)req; iov->iov_len = total_len; diff --git a/fs/smb/client/smb2pdu.h b/fs/smb/client/smb2pdu.h index 1237bb86e93a..a5773a06aba8 100644 --- a/fs/smb/client/smb2pdu.h +++ b/fs/smb/client/smb2pdu.h @@ -57,7 +57,7 @@ struct smb2_rdma_crypto_transform { #define COMPOUND_FID 0xFFFFFFFFFFFFFFFFULL #define SMB2_SYMLINK_STRUCT_SIZE \ - (sizeof(struct smb2_err_rsp) - 1 + sizeof(struct smb2_symlink_err_rsp)) + (sizeof(struct smb2_err_rsp) + sizeof(struct smb2_symlink_err_rsp)) #define SYMLINK_ERROR_TAG 0x4c4d5953 diff --git a/fs/smb/common/smb2pdu.h b/fs/smb/common/smb2pdu.h index 07549957b309..5593bb49954c 100644 --- a/fs/smb/common/smb2pdu.h +++ b/fs/smb/common/smb2pdu.h @@ -189,7 +189,7 @@ struct smb2_err_rsp { __u8 ErrorContextCount; __u8 Reserved; __le32 ByteCount; /* even if zero, at least one byte follows */ - __u8 ErrorData[1]; /* variable length */ + __u8 ErrorData[]; /* variable length */ } __packed; #define SMB3_AES_CCM_NONCE 11 @@ -330,7 +330,7 @@ struct smb2_tree_connect_req { __le16 Flags; /* Flags in SMB3.1.1 */ __le16 PathOffset; __le16 PathLength; - __u8 Buffer[1]; /* variable length */ + __u8 Buffer[]; /* variable length */ } __packed; /* Possible ShareType values */ @@ -617,7 +617,7 @@ struct smb2_negotiate_rsp { __le16 SecurityBufferOffset; __le16 SecurityBufferLength; __le32 NegotiateContextOffset; /* Pre:SMB3.1.1 was reserved/ignored */ - __u8 Buffer[1]; /* variable length GSS security buffer */ + __u8 Buffer[]; /* variable length GSS security buffer */ } __packed; @@ -638,7 +638,7 @@ struct smb2_sess_setup_req { __le16 SecurityBufferOffset; __le16 SecurityBufferLength; __le64 PreviousSessionId; - __u8 Buffer[1]; /* variable length GSS security buffer */ + __u8 Buffer[]; /* variable length GSS security buffer */ } __packed; /* Currently defined SessionFlags */ @@ -655,7 +655,7 @@ struct smb2_sess_setup_rsp { __le16 SessionFlags; __le16 SecurityBufferOffset; __le16 SecurityBufferLength; - __u8 Buffer[1]; /* variable length GSS security buffer */ + __u8 Buffer[]; /* variable length GSS security buffer */ } __packed; @@ -737,7 +737,7 @@ struct smb2_read_req { __le32 RemainingBytes; __le16 ReadChannelInfoOffset; __le16 ReadChannelInfoLength; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; /* Read flags */ @@ -752,7 +752,7 @@ struct smb2_read_rsp { __le32 DataLength; __le32 DataRemaining; __le32 Flags; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; @@ -776,7 +776,7 @@ struct smb2_write_req { __le16 WriteChannelInfoOffset; __le16 WriteChannelInfoLength; __le32 Flags; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; struct smb2_write_rsp { @@ -787,7 +787,7 @@ struct smb2_write_rsp { __le32 DataLength; __le32 DataRemaining; __u32 Reserved2; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; @@ -834,7 +834,10 @@ struct smb2_lock_req { __u64 PersistentFileId; __u64 VolatileFileId; /* Followed by at least one */ - struct smb2_lock_element locks[1]; + union { + struct smb2_lock_element lock; + DECLARE_FLEX_ARRAY(struct smb2_lock_element, locks); + }; } __packed; struct smb2_lock_rsp { @@ -888,7 +891,7 @@ struct smb2_query_directory_req { __le16 FileNameOffset; __le16 FileNameLength; __le32 OutputBufferLength; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; struct smb2_query_directory_rsp { @@ -896,7 +899,7 @@ struct smb2_query_directory_rsp { __le16 StructureSize; /* Must be 9 */ __le16 OutputBufferOffset; __le32 OutputBufferLength; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; /* @@ -919,7 +922,7 @@ struct smb2_set_info_req { __le32 AdditionalInformation; __u64 PersistentFileId; __u64 VolatileFileId; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; struct smb2_set_info_rsp { @@ -974,7 +977,7 @@ struct smb2_change_notify_rsp { __le16 StructureSize; /* Must be 9 */ __le16 OutputBufferOffset; __le32 OutputBufferLength; - __u8 Buffer[1]; /* array of file notify structs */ + __u8 Buffer[]; /* array of file notify structs */ } __packed; @@ -1180,7 +1183,7 @@ struct smb2_create_rsp { __u64 VolatileFileId; __le32 CreateContextsOffset; __le32 CreateContextsLength; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; struct create_posix { @@ -1524,7 +1527,7 @@ struct smb2_query_info_req { __le32 Flags; __u64 PersistentFileId; __u64 VolatileFileId; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; struct smb2_query_info_rsp { @@ -1532,7 +1535,7 @@ struct smb2_query_info_rsp { __le16 StructureSize; /* Must be 9 */ __le16 OutputBufferOffset; __le32 OutputBufferLength; - __u8 Buffer[1]; + __u8 Buffer[]; } __packed; /* @@ -1593,7 +1596,10 @@ struct smb2_file_all_info { /* data block encoding of response to level 18 */ __le32 Mode; __le32 AlignmentRequirement; __le32 FileNameLength; - char FileName[1]; + union { + char __pad; /* Legacy structure padding */ + DECLARE_FLEX_ARRAY(char, FileName); + }; } __packed; /* level 18 Query */ struct smb2_file_eof_info { /* encoding of request for level 10 */ diff --git a/fs/smb/server/smb2ops.c b/fs/smb/server/smb2ops.c index 535402629655..27a9dce3e03a 100644 --- a/fs/smb/server/smb2ops.c +++ b/fs/smb/server/smb2ops.c @@ -26,7 +26,7 @@ static struct smb_version_values smb21_server_values = { .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, .header_size = sizeof(struct smb2_hdr), .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -52,7 +52,7 @@ static struct smb_version_values smb30_server_values = { .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, .header_size = sizeof(struct smb2_hdr), .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -79,7 +79,7 @@ static struct smb_version_values smb302_server_values = { .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, .header_size = sizeof(struct smb2_hdr), .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, @@ -106,7 +106,7 @@ static struct smb_version_values smb311_server_values = { .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, .header_size = sizeof(struct smb2_hdr), .max_header_size = MAX_SMB2_HDR_SIZE, - .read_rsp_size = sizeof(struct smb2_read_rsp) - 1, + .read_rsp_size = sizeof(struct smb2_read_rsp), .lock_cmd = SMB2_LOCK, .cap_unix = 0, .cap_nt_find = SMB2_NT_FIND, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index ea48dd06d4da..6e5ed0ac578a 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -294,8 +294,7 @@ int init_smb2_neg_rsp(struct ksmbd_work *work) if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE; err = ksmbd_iov_pin_rsp(work, rsp, - sizeof(struct smb2_negotiate_rsp) - - sizeof(rsp->Buffer) + AUTH_GSS_LENGTH); + sizeof(struct smb2_negotiate_rsp) + AUTH_GSS_LENGTH); if (err) return err; conn->use_spnego = true; @@ -1263,9 +1262,8 @@ int smb2_handle_negotiate(struct ksmbd_work *work) if (!rc) rc = ksmbd_iov_pin_rsp(work, rsp, - sizeof(struct smb2_negotiate_rsp) - - sizeof(rsp->Buffer) + - AUTH_GSS_LENGTH + neg_ctxt_len); + sizeof(struct smb2_negotiate_rsp) + + AUTH_GSS_LENGTH + neg_ctxt_len); if (rc < 0) smb2_set_err_rsp(work); return rc; -- 2.34.1

1 year, 8 months

2
1
0 0

[PATCH 6.4 000/165] 6.4.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.4.10 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.4.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.4.10-rc1 Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable the CCS_FLUSH bit in the pipe control and in the CS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Support aux invalidation on all engines Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/i915/gt: Poll aux invalidation register bit on invalidation Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Rename flags with bit_group_X according to the datasheet Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/gt: Add workaround 14016712196 Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/i915/gt: Ensure memory quiesced before invalidation Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915: Add the gen12_needs_ccs_aux_inv helper Xu Yang <xu.yang_2(a)nxp.com> ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Sean Christopherson <seanjc(a)google.com> selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use apt name for FW reserved region Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/altmap: Fix altmap boundary check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() Arnd Bergmann <arnd(a)arndb.de> mtd: spi-nor: avoid holes in struct spi_mem_op Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: mt8183: Add back SSPM related clocks Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts Johan Jonker <jbx6244(a)gmail.com> mtd: rawnand: rockchip: fix oobfree offset and description Roger Quadros <rogerq(a)kernel.org> mtd: rawnand: omap_elm: Fix incorrect type in assignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring: annotate offset timeout races Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on direct node in truncate_dnode() Filipe Manana <fdmanana(a)suse.com> btrfs: remove BUG_ON()'s in add_new_free_space() Jan Kara <jack(a)suse.cz> ext2: Drop fragment support Jason Gunthorpe <jgg(a)ziepe.ca> mm/gup: do not return 0 from pin_user_pages_fast() for bad args Jan Kara <jack(a)suse.cz> fs: Protect reconfiguration of sb read-write from racing writes Alan Stern <stern(a)rowland.harvard.edu> net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> debugobjects: Recheck debug_objects_enabled before reporting Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Prince Kumar Maurya <princekumarmaurya06(a)gmail.com> fs/sysv: Null check to prevent null-ptr-deref bug Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> kasan,kmsan: remove __GFP_KSWAPD_RECLAIM usage from kasan/kmsan Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() Roman Gushchin <roman.gushchin(a)linux.dev> mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() Linus Torvalds <torvalds(a)linux-foundation.org> file: reinstate f_pos locking optimization for regular files Geert Uytterhoeven <geert+renesas(a)glider.be> clk: imx93: Propagate correct error in imx93_clocks_probe() Stephen Rothwell <sfr(a)canb.auug.org.au> sunvnet: fix sparc64 build error after gso code split Mike Kravetz <mike.kravetz(a)oracle.com> Revert "page cache: fix page_cache_next/prev_miss off by one" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Cleanup aux invalidation registers Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Fix premature release of request's reusable memory Guchun Chen <guchun.chen(a)amd.com> drm/ttm: check null pointer before accessing when swapping Aleksa Sarai <cyphar(a)cyphar.com> open: make RESOLVE_CACHED correctly test for O_TMPFILE Mark Brown <broonie(a)kernel.org> arm64/ptrace: Don't enable SVE when setting streaming SVE Mark Brown <broonie(a)kernel.org> arm64/ptrace: Flush FP state when setting ZT0 Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Clear SME state in the target task when setting the VL Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE Mike Rapoport (IBM) <rppt(a)kernel.org> parisc/mm: preallocate fixmap page tables at init Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Paulo Alcantara <pc(a)manguebit.com> smb: client: fix dfs link mount against w2k8 Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_event_output Ilya Dryomov <idryomov(a)gmail.com> rbd: prevent busy loop when requesting exclusive lock Michael Kelley <mikelley(a)microsoft.com> x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction Paul Fertser <fercerpav(a)gmail.com> wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) Laszlo Ersek <lersek(a)redhat.com> net: tap_open(): set sk_uid from current_fsuid() Laszlo Ersek <lersek(a)redhat.com> net: tun_chr_open(): set sk_uid from current_fsuid() Dinh Nguyen <dinguyen(a)kernel.org> arm64: dts: stratix10: fix incorrect I2C property for SCL signal Jiri Olsa <jolsa(a)kernel.org> bpf: Disable preemption in bpf_perf_event_output Song Shuai <suagrfillet(a)gmail.com> riscv: Export va_kernel_pa_offset in vmcoreinfo Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> mtd: rawnand: meson: fix OOB available bytes for ECC Olivier Maignial <olivier.maignial(a)hotmail.fr> mtd: spinand: winbond: Fix ecc_get_status Olivier Maignial <olivier.maignial(a)hotmail.fr> mtd: spinand: toshiba: Fix ecc_get_status Sungjong Seo <sj1557.seo(a)samsung.com> exfat: release s_lock before calling dir_emit() Namjae Jeon <linkinjeon(a)kernel.org> exfat: check if filename entries exceeds max filename length gaoming <gaoming20(a)hihonor.com> exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: arm_scmi: Drop OF node reference in the transport channel setup Xiubo Li <xiubli(a)redhat.com> ceph: defer stopping mdsc delayed_work Ross Maynard <bids.7405(a)bigpond.com> USB: zaurus: Add ID for A-300/B-500/C-700 Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential hang in ceph_osdc_notify() Song Shuai <suagrfillet(a)gmail.com> Documentation: kdump: Add va_kernel_pa_offset for RISCV64 Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: Defer fc_rport blocking until after ADISC response Boqun Feng <boqun.feng(a)gmail.com> rust: allocator: Prevent mis-aligned allocation Stefano Garzarella <sgarzare(a)redhat.com> test/vsock: remove vsock_perf executable on `make clean` Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_net Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_vals[] Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_lock Eric Dumazet <edumazet(a)google.com> tcp_metrics: annotate data-races around tm->tcpm_stamp Eric Dumazet <edumazet(a)google.com> tcp_metrics: fix addr_same() helper Jonas Gorski <jonas.gorski(a)bisdn.de> prestera: fix fallback to previous version on same major version Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Set proper IPsec source port in L4 selector Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: fs_core: Make find_closest_ft more generic Benjamin Poirier <bpoirier(a)nvidia.com> vxlan: Fix nexthop hash size Yue Haibing <yuehaibing(a)huawei.com> ip6mr: Fix skb_under_panic in ip6mr_cache_report() Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Don't call dev_close/dev_open (DOWN/UP) Lin Ma <linma(a)zju.edu.cn> net: dcb: choose correct policy to parse DCB_ATTR_BCN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix max_mtu setting for multi-buf XDP Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix page pool logic for page size >= 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> selftest: net: Assert on a proper value in so_incoming_cpu.c. Mark Brown <broonie(a)kernel.org> net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: korina: handle clk prepare error in korina_probe() Dan Carpenter <dan.carpenter(a)linaro.org> net: ll_temac: fix error checking of irq_of_parse_and_map() Tomas Glozar <tglozar(a)redhat.com> bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire valis <sec(a)valis.email> net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free valis <sec(a)valis.email> net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Handle skb as well when clean up ptr_ring Hou Tao <houtao1(a)huawei.com> bpf, cpumap: Make sure kthread is running before map update returns Andrii Nakryiko <andrii(a)kernel.org> bpf: Centralize permissions checks for all BPF map types Andrii Nakryiko <andrii(a)kernel.org> bpf: Inline map creation logic in map_create() function Andrii Nakryiko <andrii(a)kernel.org> bpf: Move unprivileged checks into map_create() and bpf_prog_load() Michal Schmidt <mschmidt(a)redhat.com> octeon_ep: initialize mbox mutexes Jakub Kicinski <kuba(a)kernel.org> bnxt: don't handle XDP in netpoll Rafal Rogalski <rafalx.rogalski(a)intel.com> ice: Fix RDMA VSI removal during queue rebuild Duoming Zhou <duoming(a)zju.edu.cn> net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs Kuniyuki Iwashima <kuniyu(a)amazon.com> net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_priority Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotation for sk_ll_usec Eric Dumazet <edumazet(a)google.com> net: add missing data-race annotations around sk->sk_peek_off Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_mark Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_sndbuf) annotation Eric Dumazet <edumazet(a)google.com> net: add missing READ_ONCE(sk->sk_rcvlowat) annotation Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_max_pacing_rate Eric Dumazet <edumazet(a)google.com> net: annotate data-race around sk->sk_txrehash Eric Dumazet <edumazet(a)google.com> net: annotate data-races around sk->sk_reserved_mem Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix misuse of CB in udp socket lookup Eric Dumazet <edumazet(a)google.com> net: move gso declarations and functions to their own files Konstantin Khorenko <khorenko(a)virtuozzo.com> qed: Fix scheduling in a tasklet while getting stats Thierry Reding <treding(a)nvidia.com> net: stmmac: tegra: Properly allocate clock bulk data Chengfeng Ye <dg573847474(a)gmail.com> mISDN: hfcpci: Fix potential deadlock on &hc->lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: cls_u32: Fix match key mis-addressing Georg Müller <georgmueller(a)gmx.net> perf test uprobe_from_different_cu: Skip if there is no gcc Yuanjun Gong <ruc_gongyuanjun(a)163.com> net: dsa: fix value check in bcm_sf2_sw_probe() Lin Ma <linma(a)zju.edu.cn> rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length Lin Ma <linma(a)zju.edu.cn> bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing Shay Drory <shayd(a)nvidia.com> net/mlx5: Unregister devlink params in case interface is down Chris Mi <cmi(a)nvidia.com> net/mlx5: fs_chains: Fix ft prio if ignore_flow_level is not supported Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: kTLS, Fix protection domain in use syndrome when devlink reload Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: xsk: Fix crash on regular rq reactivation Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: xsk: Fix invalid buffer access for legacy rq Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Move representor neigh cleanup to profile cleanup_tx Amir Tzin <amirtz(a)nvidia.com> net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set Chris Mi <cmi(a)nvidia.com> net/mlx5e: Don't hold encap tbl lock if there is no encap action Shay Drory <shayd(a)nvidia.com> net/mlx5: Honor user input for migratable port fn attr Yuanjun Gong <ruc_gongyuanjun(a)163.com> net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: fix potential memory leak in mlx5e_init_rep_rx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix return value in scan logic Haixin Yu <yuhaixin.yhx(a)linux.alibaba.com> perf pmu arm64: Fix reading the PMU cpu slots in sysfs Gao Xiang <xiang(a)kernel.org> erofs: fix wrong primary bvec selection on deduplicated extents Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix sthyi error handling Sven Schnelle <svens(a)linux.ibm.com> s390/vmem: split pages when debug pagealloc is enabled ndesaulniers(a)google.com <ndesaulniers(a)google.com> word-at-a-time: use the same return type for has_zero regardless of endianness Durai Manickam KR <durai.manickamkr(a)microchip.com> ARM: dts: at91: sam9x60: fix the SOC detection Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use generic name for shutdown controller Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use clock-controller name for sckc nodes Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: dts: at91: use clock-controller name for PMC nodes Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix chan_free cleanup on SMC Lucas Stach <l.stach(a)pengutronix.de> soc: imx: imx8mp-blk-ctrl: register HSIO PLL clock as bus_power_dev child Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> ARM: dts: nxp/imx: limit sk-imx53 supported frequencies Yury Norov <yury.norov(a)gmail.com> lib/bitmap: workaround const_eval test build failure Sukrut Bellary <sukrut.bellary(a)linux.com> firmware: arm_scmi: Fix signed error return values handling Punit Agrawal <punit.agrawal(a)bytedance.com> firmware: smccc: Fix use of uninitialised results structure Benjamin Gaignard <benjamin.gaignard(a)collabora.com> arm64: dts: freescale: Fix VPU G2 clock Hugo Villeneuve <hvilleneuve(a)dimonoff.com> arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Correction in gpio-line-names Yashwanth Varakala <y.varakala(a)phytec.de> arm64: dts: phycore-imx8mm: Label typo-fix of VPU Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document nesting-related errata Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Add explicit feature for nesting Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 Jann Horn <jannh(a)google.com> mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock ------------- Diffstat: Documentation/admin-guide/kdump/vmcoreinfo.rst | 6 + Documentation/arm64/silicon-errata.rst | 4 + Makefile | 4 +- arch/arm/boot/dts/at91-qil_a9260.dts | 2 +- arch/arm/boot/dts/at91-sama5d27_som1_ek.dts | 2 +- arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 +- arch/arm/boot/dts/at91-sama5d2_xplained.dts | 2 +- arch/arm/boot/dts/at91rm9200.dtsi | 2 +- arch/arm/boot/dts/at91sam9260.dtsi | 4 +- arch/arm/boot/dts/at91sam9260ek.dts | 2 +- arch/arm/boot/dts/at91sam9261.dtsi | 4 +- arch/arm/boot/dts/at91sam9263.dtsi | 4 +- arch/arm/boot/dts/at91sam9g20.dtsi | 2 +- arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 2 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/at91sam9g35.dtsi | 2 +- arch/arm/boot/dts/at91sam9g45.dtsi | 6 +- arch/arm/boot/dts/at91sam9n12.dtsi | 4 +- arch/arm/boot/dts/at91sam9rl.dtsi | 6 +- arch/arm/boot/dts/at91sam9x25.dtsi | 2 +- arch/arm/boot/dts/at91sam9x35.dtsi | 2 +- arch/arm/boot/dts/at91sam9x5.dtsi | 6 +- arch/arm/boot/dts/imx53-sk-imx53.dts | 10 + arch/arm/boot/dts/imx6sll.dtsi | 2 +- arch/arm/boot/dts/sam9x60.dtsi | 32 +-- arch/arm/boot/dts/sama5d2.dtsi | 6 +- arch/arm/boot/dts/sama5d3.dtsi | 6 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm/boot/dts/sama5d4.dtsi | 6 +- arch/arm/boot/dts/sama7g5.dtsi | 4 +- arch/arm/boot/dts/usb_a9260.dts | 2 +- arch/arm/boot/dts/usb_a9263.dts | 2 +- .../boot/dts/altera/socfpga_stratix10_socdk.dts | 2 +- .../dts/altera/socfpga_stratix10_socdk_nand.dts | 2 +- .../dts/freescale/imx8mm-phyboard-polis-rdk.dts | 2 +- .../boot/dts/freescale/imx8mm-phycore-som.dtsi | 4 +- .../boot/dts/freescale/imx8mm-venice-gw7903.dts | 4 + .../boot/dts/freescale/imx8mm-venice-gw7904.dts | 4 + arch/arm64/boot/dts/freescale/imx8mn-var-som.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mq.dtsi | 2 +- arch/arm64/kernel/fpsimd.c | 9 +- arch/arm64/kernel/ptrace.c | 10 +- arch/parisc/mm/fixmap.c | 3 - arch/parisc/mm/init.c | 34 +++ arch/powerpc/include/asm/word-at-a-time.h | 2 +- arch/powerpc/kernel/trace/ftrace_mprofile.S | 9 +- arch/powerpc/mm/init_64.c | 3 +- arch/riscv/kernel/crash_core.c | 2 + arch/s390/kernel/sthyi.c | 6 +- arch/s390/kvm/intercept.c | 9 +- arch/s390/mm/vmem.c | 2 + arch/x86/hyperv/hv_init.c | 21 ++ drivers/block/rbd.c | 28 ++- drivers/clk/imx/clk-imx93.c | 2 +- drivers/clk/mediatek/clk-mt8183.c | 27 ++ drivers/firmware/arm_scmi/mailbox.c | 4 +- drivers/firmware/arm_scmi/raw_mode.c | 5 +- drivers/firmware/arm_scmi/smc.c | 21 +- drivers/firmware/smccc/soc_id.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 35 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 178 ++++++++++---- drivers/gpu/drm/i915/gt/gen8_engine_cs.h | 21 +- drivers/gpu/drm/i915/gt/intel_gpu_commands.h | 2 + drivers/gpu/drm/i915/gt/intel_gt_regs.h | 16 +- drivers/gpu/drm/i915/gt/intel_lrc.c | 17 +- drivers/gpu/drm/i915/i915_active.c | 99 +++++--- drivers/gpu/drm/i915/i915_request.c | 11 + drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 2 +- drivers/gpu/drm/ttm/ttm_bo.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 50 ++++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 8 + drivers/isdn/hardware/mISDN/hfcpci.c | 10 +- drivers/mtd/nand/raw/fsl_upm.c | 2 +- drivers/mtd/nand/raw/meson_nand.c | 3 +- drivers/mtd/nand/raw/omap_elm.c | 24 +- drivers/mtd/nand/raw/rockchip-nand-controller.c | 45 ++-- drivers/mtd/nand/spi/toshiba.c | 4 +- drivers/mtd/nand/spi/winbond.c | 4 +- drivers/mtd/spi-nor/spansion.c | 4 +- drivers/net/dsa/bcm_sf2.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 85 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.h | 2 +- drivers/net/ethernet/broadcom/tg3.c | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 18 ++ drivers/net/ethernet/korina.c | 3 +- .../ethernet/marvell/octeon_ep/octep_ctrl_mbox.c | 3 + .../net/ethernet/marvell/prestera/prestera_pci.c | 3 +- .../ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 3 - .../net/ethernet/mellanox/mlx5/core/en/xsk/rx.c | 5 +- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 4 +- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 4 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls.c | 8 - .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 29 ++- .../mellanox/mlx5/core/en_accel/macsec_fs.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 20 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 21 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 105 ++++++-- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + .../ethernet/mellanox/mlx5/core/steering/dr_cmd.c | 5 +- drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 1 + drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 16 ++ drivers/net/ethernet/qlogic/qed/qed_fcoe.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_fcoe.h | 17 +- drivers/net/ethernet/qlogic/qed/qed_hw.c | 26 +- drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_iscsi.h | 8 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_l2.h | 24 ++ drivers/net/ethernet/qlogic/qed/qed_main.c | 6 +- drivers/net/ethernet/sfc/siena/tx_common.c | 1 + drivers/net/ethernet/sfc/tx_common.c | 1 + drivers/net/ethernet/socionext/netsec.c | 11 + drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c | 3 +- drivers/net/ethernet/sun/sunvnet_common.c | 1 + drivers/net/ethernet/xilinx/ll_temac_main.c | 12 +- drivers/net/tap.c | 3 +- drivers/net/tun.c | 2 +- drivers/net/usb/cdc_ether.c | 21 ++ drivers/net/usb/lan78xx.c | 7 +- drivers/net/usb/r8152.c | 1 + drivers/net/usb/usbnet.c | 6 + drivers/net/usb/zaurus.c | 21 ++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 1 + drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 6 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 2 - drivers/s390/net/qeth_l2_main.c | 9 +- drivers/s390/net/qeth_l3_main.c | 8 +- drivers/s390/scsi/zfcp_fc.c | 6 +- drivers/scsi/storvsc_drv.c | 4 + drivers/soc/imx/imx8mp-blk-ctrl.c | 2 +- fs/btrfs/block-group.c | 51 ++-- fs/btrfs/block-group.h | 4 +- fs/btrfs/free-space-tree.c | 24 +- fs/ceph/mds_client.c | 4 +- fs/ceph/mds_client.h | 5 + fs/ceph/super.c | 10 + fs/erofs/zdata.c | 7 +- fs/exfat/balloc.c | 6 +- fs/exfat/dir.c | 36 +-- fs/ext2/ext2.h | 12 - fs/ext2/super.c | 23 +- fs/f2fs/f2fs.h | 1 - fs/f2fs/file.c | 5 - fs/f2fs/node.c | 14 +- fs/file.c | 18 +- fs/ntfs3/attrlist.c | 4 +- fs/open.c | 2 +- fs/smb/client/dfs.c | 6 +- fs/super.c | 11 +- fs/sysv/itree.c | 4 + include/asm-generic/word-at-a-time.h | 2 +- include/linux/f2fs_fs.h | 1 + include/linux/netdevice.h | 26 +- include/linux/skbuff.h | 71 ------ include/linux/spi/spi-mem.h | 4 + include/net/gro.h | 44 ++++ include/net/gso.h | 109 ++++++++ include/net/inet_sock.h | 7 +- include/net/ip.h | 2 +- include/net/route.h | 4 +- include/net/udp.h | 1 + include/net/vxlan.h | 4 +- io_uring/timeout.c | 2 +- kernel/bpf/bloom_filter.c | 3 - kernel/bpf/bpf_local_storage.c | 3 - kernel/bpf/bpf_struct_ops.c | 3 - kernel/bpf/cpumap.c | 39 +-- kernel/bpf/devmap.c | 3 - kernel/bpf/hashtab.c | 6 - kernel/bpf/lpm_trie.c | 3 - kernel/bpf/queue_stack_maps.c | 4 - kernel/bpf/reuseport_array.c | 3 - kernel/bpf/stackmap.c | 3 - kernel/bpf/syscall.c | 136 ++++++---- kernel/trace/bpf_trace.c | 17 +- lib/Makefile | 6 + lib/debugobjects.c | 9 + lib/test_bitmap.c | 8 +- mm/filemap.c | 26 +- mm/gup.c | 2 +- mm/kasan/generic.c | 4 +- mm/kasan/tags.c | 2 +- mm/kmsan/core.c | 6 +- mm/kmsan/instrumentation.c | 2 +- mm/memcontrol.c | 19 +- mm/memory.c | 28 ++- net/bluetooth/l2cap_sock.c | 2 + net/can/raw.c | 2 +- net/ceph/osd_client.c | 20 +- net/core/Makefile | 2 +- net/core/bpf_sk_storage.c | 5 +- net/core/dev.c | 70 +----- net/core/gro.c | 59 +---- net/core/gso.c | 273 +++++++++++++++++++++ net/core/rtnetlink.c | 8 +- net/core/skbuff.c | 142 +---------- net/core/sock.c | 45 ++-- net/core/sock_map.c | 6 - net/dcb/dcbnl.c | 2 +- net/dccp/ipv6.c | 4 +- net/ipv4/af_inet.c | 1 + net/ipv4/esp4_offload.c | 1 + net/ipv4/gre_offload.c | 1 + net/ipv4/inet_diag.c | 4 +- net/ipv4/ip_output.c | 9 +- net/ipv4/ip_sockglue.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/route.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/tcp_metrics.c | 70 ++++-- net/ipv4/tcp_offload.c | 1 + net/ipv4/udp.c | 9 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/esp6_offload.c | 1 + net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 1 + net/ipv6/ip6mr.c | 2 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 6 +- net/ipv6/route.c | 7 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/udp.c | 12 +- net/ipv6/udp_offload.c | 8 +- net/l2tp/l2tp_ip6.c | 2 +- net/mac80211/tx.c | 1 + net/mpls/af_mpls.c | 1 + net/mpls/mpls_gso.c | 1 + net/mptcp/sockopt.c | 2 +- net/netfilter/nf_flow_table_ip.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/nft_socket.c | 2 +- net/netfilter/xt_socket.c | 4 +- net/nsh/nsh.c | 1 + net/openvswitch/actions.c | 1 + net/openvswitch/datapath.c | 1 + net/packet/af_packet.c | 12 +- net/sched/act_police.c | 1 + net/sched/cls_fw.c | 1 - net/sched/cls_route.c | 1 - net/sched/cls_u32.c | 57 ++++- net/sched/sch_cake.c | 1 + net/sched/sch_netem.c | 1 + net/sched/sch_taprio.c | 16 +- net/sched/sch_tbf.c | 1 + net/sctp/offload.c | 1 + net/smc/af_smc.c | 2 +- net/unix/af_unix.c | 2 +- net/wireless/scan.c | 2 +- net/xdp/xsk.c | 2 +- net/xdp/xskmap.c | 4 - net/xfrm/xfrm_device.c | 1 + net/xfrm/xfrm_interface_core.c | 1 + net/xfrm/xfrm_output.c | 1 + net/xfrm/xfrm_policy.c | 2 +- rust/bindings/bindings_helper.h | 1 + rust/kernel/allocator.rs | 74 ++++-- tools/perf/arch/arm64/util/pmu.c | 7 +- .../tests/shell/test_uprobe_from_different_cu.sh | 8 +- .../selftests/bpf/prog_tests/unpriv_bpf_disabled.c | 6 +- tools/testing/selftests/net/so_incoming_cpu.c | 2 +- tools/testing/selftests/rseq/rseq.c | 28 ++- .../tc-testing/tc-tests/qdiscs/taprio.json | 25 ++ tools/testing/vsock/Makefile | 2 +- 272 files changed, 2293 insertions(+), 1234 deletions(-)

1 year, 8 months

13
182
0 0

[PATCH v3] media: staging: ipu3-imgu: Set fields before media_entity_pads_init()

by Hidenori Kobayashi

The imgu driver fails to probe with the following message because it does not set the pad's flags before calling media_entity_pads_init(). [ 14.596315] ipu3-imgu 0000:00:05.0: failed initialize subdev media entity (-22) [ 14.596322] ipu3-imgu 0000:00:05.0: failed to register subdev0 ret (-22) [ 14.596327] ipu3-imgu 0000:00:05.0: failed to register pipes (-22) [ 14.596331] ipu3-imgu 0000:00:05.0: failed to create V4L2 devices (-22) Fix the initialization order so that the driver probe succeeds. The ops initialization is also moved together for readability. Fixes: a0ca1627b450 ("media: staging/intel-ipu3: Add v4l2 driver based on media framework") Cc: <stable(a)vger.kernel.org> # 6.7 Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Hidenori Kobayashi <hidenorik(a)chromium.org> --- Changes in v3: - Add error output to commit message (Thanks again Dan!) - Link to v2: https://lore.kernel.org/lkml/20240109041500.2790754-1-hidenorik@chromium.org Changes in v2: - Add Fixes tag and revise commit message (Thanks Dan!) - Link to v1: https://lore.kernel.org/lkml/20231228093926.748001-1-hidenorik@chromium.org --- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/staging/media/ipu3/ipu3-v4l2.c b/drivers/staging/media/ipu3/ipu3-v4l2.c index a66f034380c0..3df58eb3e882 100644 --- a/drivers/staging/media/ipu3/ipu3-v4l2.c +++ b/drivers/staging/media/ipu3/ipu3-v4l2.c @@ -1069,6 +1069,11 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, struct imgu_media_pipe *imgu_pipe = &imgu->imgu_pipe[pipe]; /* Initialize subdev media entity */ + imgu_sd->subdev.entity.ops = &imgu_media_ops; + for (i = 0; i < IMGU_NODE_NUM; i++) { + imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? + MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; + } r = media_entity_pads_init(&imgu_sd->subdev.entity, IMGU_NODE_NUM, imgu_sd->subdev_pads); if (r) { @@ -1076,11 +1081,6 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, "failed initialize subdev media entity (%d)\n", r); return r; } - imgu_sd->subdev.entity.ops = &imgu_media_ops; - for (i = 0; i < IMGU_NODE_NUM; i++) { - imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? - MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; - } /* Initialize subdev */ v4l2_subdev_init(&imgu_sd->subdev, &imgu_subdev_ops); @@ -1177,15 +1177,15 @@ static int imgu_v4l2_node_setup(struct imgu_device *imgu, unsigned int pipe, } /* Initialize media entities */ + node->vdev_pad.flags = node->output ? + MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; + vdev->entity.ops = NULL; r = media_entity_pads_init(&vdev->entity, 1, &node->vdev_pad); if (r) { dev_err(dev, "failed initialize media entity (%d)\n", r); mutex_destroy(&node->lock); return r; } - node->vdev_pad.flags = node->output ? - MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; - vdev->entity.ops = NULL; /* Initialize vbq */ vbq->type = node->vdev_fmt.type; -- 2.43.0.472.g3155946c3a-goog

1 year, 8 months

2
1
0 0

[PATCH v2] media: staging: ipu3-imgu: Set fields before media_entity_pads_init()

by Hidenori Kobayashi

The imgu driver fails to probe because it does not set the pad's flags before calling media_entity_pads_init(). Fix the initialization order so that the driver probe succeeds. The ops initialization is also moved together for readability. Fixes: a0ca1627b450 ("media: staging/intel-ipu3: Add v4l2 driver based on media framework") Cc: <stable(a)vger.kernel.org> # 6.7 Signed-off-by: Hidenori Kobayashi <hidenorik(a)chromium.org> --- Changes in v2: - Add Fixes tag and revise commit message (Thanks Dan!) - Link to v1: https://lore.kernel.org/lkml/20231228093926.748001-1-hidenorik@chromium.org --- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/staging/media/ipu3/ipu3-v4l2.c b/drivers/staging/media/ipu3/ipu3-v4l2.c index a66f034380c0..3df58eb3e882 100644 --- a/drivers/staging/media/ipu3/ipu3-v4l2.c +++ b/drivers/staging/media/ipu3/ipu3-v4l2.c @@ -1069,6 +1069,11 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, struct imgu_media_pipe *imgu_pipe = &imgu->imgu_pipe[pipe]; /* Initialize subdev media entity */ + imgu_sd->subdev.entity.ops = &imgu_media_ops; + for (i = 0; i < IMGU_NODE_NUM; i++) { + imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? + MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; + } r = media_entity_pads_init(&imgu_sd->subdev.entity, IMGU_NODE_NUM, imgu_sd->subdev_pads); if (r) { @@ -1076,11 +1081,6 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, "failed initialize subdev media entity (%d)\n", r); return r; } - imgu_sd->subdev.entity.ops = &imgu_media_ops; - for (i = 0; i < IMGU_NODE_NUM; i++) { - imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ? - MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE; - } /* Initialize subdev */ v4l2_subdev_init(&imgu_sd->subdev, &imgu_subdev_ops); @@ -1177,15 +1177,15 @@ static int imgu_v4l2_node_setup(struct imgu_device *imgu, unsigned int pipe, } /* Initialize media entities */ + node->vdev_pad.flags = node->output ? + MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; + vdev->entity.ops = NULL; r = media_entity_pads_init(&vdev->entity, 1, &node->vdev_pad); if (r) { dev_err(dev, "failed initialize media entity (%d)\n", r); mutex_destroy(&node->lock); return r; } - node->vdev_pad.flags = node->output ? - MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK; - vdev->entity.ops = NULL; /* Initialize vbq */ vbq->type = node->vdev_fmt.type; -- 2.43.0.472.g3155946c3a-goog

1 year, 8 months

2
2
0 0

[PATCH net v4 1/2] Revert "net: rtnetlink: Enslave device before bringing it up"

by Nicolas Dichtel

This reverts commit a4abfa627c3865c37e036bccb681619a50d3d93c. The patch broke: > ip link set dummy0 up > ip link set dummy0 master bond0 down This last command is useful to be able to enslave an interface with only one netlink message. After discussion, there is no good reason to support: > ip link set dummy0 down > ip link set dummy0 master bond0 up because the bond interface already set the slave up when it is up. Cc: stable(a)vger.kernel.org Fixes: a4abfa627c38 ("net: rtnetlink: Enslave device before bringing it up") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- net/core/rtnetlink.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index e8431c6c8490..bf4c3f65ad99 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2905,13 +2905,6 @@ static int do_setlink(const struct sk_buff *skb, call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); } - if (tb[IFLA_MASTER]) { - err = do_set_master(dev, nla_get_u32(tb[IFLA_MASTER]), extack); - if (err) - goto errout; - status |= DO_SETLINK_MODIFIED; - } - if (ifm->ifi_flags || ifm->ifi_change) { err = dev_change_flags(dev, rtnl_dev_combine_flags(dev, ifm), extack); @@ -2919,6 +2912,13 @@ static int do_setlink(const struct sk_buff *skb, goto errout; } + if (tb[IFLA_MASTER]) { + err = do_set_master(dev, nla_get_u32(tb[IFLA_MASTER]), extack); + if (err) + goto errout; + status |= DO_SETLINK_MODIFIED; + } + if (tb[IFLA_CARRIER]) { err = dev_change_carrier(dev, nla_get_u8(tb[IFLA_CARRIER])); if (err) -- 2.39.2

1 year, 8 months

3
2
0 0

[PATCH] fs/ext4: Allow for the last group to be marked as trimmed

by Suraj Jitindar Singh

The ext4 filesystem tracks the trim status of blocks at the group level. When an entire group has been trimmed then it is marked as such and subsequent trim invocations with the same minimum trim size will not be attempted on that group unless it is marked as able to be trimmed again such as when a block is freed. Currently the last group can't be marked as trimmed due to incorrect logic in ext4_last_grp_cluster(). ext4_last_grp_cluster() is supposed to return the zero based index of the last cluster in a group. This is then used by ext4_try_to_trim_range() to determine if the trim operation spans the entire group and as such if the trim status of the group should be recorded. ext4_last_grp_cluster() takes a 0 based group index, thus the valid values for grp are 0..(ext4_get_groups_count - 1). Any group index less than (ext4_get_groups_count - 1) is not the last group and must have EXT4_CLUSTERS_PER_GROUP(sb) clusters. For the last group we need to calculate the number of clusters based on the number of blocks in the group. Finally subtract 1 from the number of clusters as zero based indexing is expected. Rearrange the function slightly to make it clear what we are calculating and returning. Reproducer: // Create file system where the last group has fewer blocks than blocks per group $ mkfs.ext4 -b 4096 -g 8192 /dev/nvme0n1 8191 $ mount /dev/nvme0n1 /mnt Before Patch: $ fstrim -v /mnt /mnt: 25.9 MiB (27156480 bytes) trimmed // Group not marked as trimmed so second invocation still discards blocks $ fstrim -v /mnt /mnt: 25.9 MiB (27156480 bytes) trimmed After Patch: fstrim -v /mnt /mnt: 25.9 MiB (27156480 bytes) trimmed // Group marked as trimmed so second invocation DOESN'T discard any blocks fstrim -v /mnt /mnt: 0 B (0 bytes) trimmed Fixes: 45e4ab320c9b ("ext4: move setting of trimmed bit into ext4_try_to_trim_range()") Cc: stable(a)vger.kernel.org # 4.19+ Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> --- fs/ext4/mballoc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 454d5612641ee..c15d8b6f887dd 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -6731,11 +6731,16 @@ __acquires(bitlock) static ext4_grpblk_t ext4_last_grp_cluster(struct super_block *sb, ext4_group_t grp) { - if (grp < ext4_get_groups_count(sb)) - return EXT4_CLUSTERS_PER_GROUP(sb) - 1; - return (ext4_blocks_count(EXT4_SB(sb)->s_es) - - ext4_group_first_block_no(sb, grp) - 1) >> - EXT4_CLUSTER_BITS(sb); + unsigned long nr_clusters_in_group; + + if (grp < (ext4_get_groups_count(sb) - 1)) + nr_clusters_in_group = EXT4_CLUSTERS_PER_GROUP(sb); + else + nr_clusters_in_group = (ext4_blocks_count(EXT4_SB(sb)->s_es) - + ext4_group_first_block_no(sb, grp)) + >> EXT4_CLUSTER_BITS(sb); + + return nr_clusters_in_group - 1; } static bool ext4_trim_interrupted(void) -- 2.34.1

1 year, 8 months

3
2
0 0

[PATCH] net: tls, update curr on splice as well

by John Fastabend

commit c5a595000e2677e865a39f249c056bc05d6e55fd upstream. Backport of upstream fix for tls on 6.1 and lower kernels. The curr pointer must also be updated on the splice similar to how we do this for other copy types. Cc: stable(a)vger.kernel.org # 6.1.x- Reported-by: Jann Horn <jannh(a)google.com> Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") Signed-off-by: John Fastabend <john.fastabend(a)gmail.com> --- net/tls/tls_sw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2e60bf06adff..0323040d34bc 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1225,6 +1225,8 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, } sk_msg_page_add(msg_pl, page, copy, offset); + msg_pl->sg.copybreak = 0; + msg_pl->sg.curr = msg_pl->sg.end; sk_mem_charge(sk, copy); offset += copy; -- 2.33.0

1 year, 8 months

3
3
0 0

[PATCH 5.10 00/75] 5.10.206-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.206 release. There are 75 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jan 2024 16:47:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.206-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.206-rc1 Ville Baillie <villeb(a)bytesnap.co.uk> spi: atmel: Fix PDC transfer setup bug Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "MIPS: Loongson64: Enable DMA noncoherent support" Francis Laniel <flaniel(a)linux.microsoft.com> tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip set commit for deleted/destroyed sets Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix blocked reader of snapshot buffer Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Alexander Atanasov <alexander.atanasov(a)virtuozzo.com> scsi: core: Always send batch on reset or error handling command Bart Van Assche <bvanassche(a)acm.org> scsi: core: Use a structure member to track the SCSI command submitter Bart Van Assche <bvanassche(a)acm.org> scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Make scsi_get_lba() return the LBA Bart Van Assche <bvanassche(a)acm.org> scsi: core: Introduce scsi_get_sector() Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Add scsi_prot_ref_tag() helper Dan Sneddon <dan.sneddon(a)microchip.com> spi: atmel: Fix CS and initialization bug Dan Sneddon <dan.sneddon(a)microchip.com> spi: atmel: Switch to transfer_one transfer method Hyunwoo Kim <v4bel(a)theori.io> Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smbCalcSize() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in SMB2_query_info_init() Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Xiao Yao <xiaoyao(a)rock-chips.com> Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE Archie Pusaka <apusaka(a)chromium.org> Bluetooth: use inclusive language in SMP Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg Tony Lindgren <tony(a)atomide.com> ARM: dts: Fix occasional boot hang for am3 usb Hangyu Hua <hbh25y(a)gmail.com> 9p/net: fix possible memory leak in p9_check_errors() Thomas Gleixner <tglx(a)linutronix.de> x86/alternatives: Sync core before enabling interrupts Herve Codina <herve.codina(a)bootlin.com> lib/vsprintf: Fix %pfwf when current node refcount == 0 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Flush posted write only after srst_udelay Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing / synthetic: Disable events after testing in synth_event_gen_test_init() Fabio Estevam <festevam(a)denx.de> dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix TX stall caused by TX buffer overrun Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Christoffer Sandberg <cs(a)tuxedo.de> Input: soc_button_array - add mapping for airplane mode button Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Send reject on command corrupted request Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Wadim Egorov <w.egorov(a)phytec.de> iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Wei Yongjun <weiyongjun1(a)huawei.com> scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8250: Enable sync_state Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Treat xlate() returning NULL node as an error Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Quan Nguyen <quan(a)os.amperecomputing.com> i2c: aspeed: Handle the coalesced stop conditions with the start conditions. David Howells <dhowells(a)redhat.com> afs: Fix overwriting of result of DNS query David Howells <dhowells(a)redhat.com> keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry Eric Dumazet <edumazet(a)google.com> net: check dev->gso_max_size in gso_features_check() Heiner Kallweit <hkallweit1(a)gmail.com> net: warn if gso_type isn't set for a GSO SKB David Howells <dhowells(a)redhat.com> afs: Fix dynamic root lookup DNS check David Howells <dhowells(a)redhat.com> afs: Fix the dynamic root's d_delete to always delete unused dentries Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Eric Dumazet <edumazet(a)google.com> net/rose: fix races in rose_kill_by_device() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix fw tracer first block check Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() Vlad Buslov <vladbu(a)nvidia.com> Revert "net/mlx5e: fix double free of encap_header" Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Geert Uytterhoeven <geert+renesas(a)glider.be> reset: Fix crash when freeing non-existent optional resets Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smb2_query_reparse_point() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ------------- Diffstat: .../devicetree/bindings/nvmem/mxs-ocotp.yaml | 10 +- Makefile | 4 +- arch/arm/boot/dts/am33xx.dtsi | 1 + arch/arm/mach-omap2/id.c | 5 + arch/mips/Kconfig | 2 - arch/mips/include/asm/mach-loongson64/boot_param.h | 3 +- arch/mips/loongson64/env.c | 10 +- arch/s390/include/asm/fpu/api.h | 2 +- arch/x86/kernel/alternative.c | 2 +- drivers/bus/ti-sysc.c | 18 ++- drivers/i2c/busses/i2c-aspeed.c | 48 ++++-- drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/input/misc/soc_button_array.c | 5 + drivers/interconnect/core.c | 3 + drivers/interconnect/qcom/sm8250.c | 1 + drivers/md/dm-integrity.c | 11 +- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 +- drivers/net/ethernet/micrel/ks8851.h | 3 + drivers/net/ethernet/micrel/ks8851_common.c | 22 +-- drivers/net/ethernet/micrel/ks8851_spi.c | 42 ++++-- drivers/pinctrl/pinctrl-at91-pio4.c | 8 + drivers/reset/core.c | 3 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 +- drivers/scsi/scsi.c | 2 +- drivers/scsi/scsi_error.c | 34 ++--- drivers/scsi/scsi_lib.c | 38 +++-- drivers/scsi/scsi_logging.c | 18 ++- drivers/scsi/scsi_priv.h | 1 + drivers/spi/spi-atmel.c | 133 +++++------------ drivers/usb/host/fotg210-hcd.c | 3 - drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 + fs/afs/cell.c | 6 +- fs/afs/dynroot.c | 31 ++-- fs/btrfs/ioctl.c | 9 ++ fs/cifs/misc.c | 4 + fs/cifs/smb2misc.c | 26 ++-- fs/cifs/smb2ops.c | 26 ++-- fs/cifs/smb2pdu.c | 29 +++- fs/cifs/smb2pdu.h | 2 +- include/linux/key-type.h | 1 + include/net/bluetooth/hci_core.h | 5 + include/net/bluetooth/mgmt.h | 2 +- include/scsi/scsi_cmnd.h | 29 +++- include/scsi/scsi_device.h | 16 +- kernel/trace/ring_buffer.c | 12 +- kernel/trace/synth_event_gen_test.c | 11 ++ kernel/trace/trace.c | 20 ++- kernel/trace/trace_kprobe.c | 74 ++++++++++ kernel/trace/trace_probe.h | 1 + lib/vsprintf.c | 11 +- net/8021q/vlan_core.c | 9 +- net/9p/client.c | 7 +- net/9p/protocol.c | 17 ++- net/bluetooth/af_bluetooth.c | 7 +- net/bluetooth/hci_event.c | 3 +- net/bluetooth/l2cap_core.c | 21 ++- net/bluetooth/mgmt.c | 35 +++-- net/bluetooth/smp.c | 161 +++++++++++---------- net/bluetooth/smp.h | 6 +- net/core/dev.c | 8 + net/dns_resolver/dns_key.c | 10 +- net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +- net/netfilter/nf_tables_api.c | 2 +- net/rfkill/rfkill-gpio.c | 8 + net/rose/af_rose.c | 41 +++++- net/wireless/certs/wens.hex | 87 +++++++++++ security/keys/gc.c | 31 ++-- security/keys/internal.h | 11 +- security/keys/key.c | 15 +- security/keys/proc.c | 2 +- sound/pci/hda/patch_hdmi.c | 2 + 81 files changed, 857 insertions(+), 446 deletions(-)

1 year, 8 months

10
85
0 0

[PATCH for-5.4.y 0/4] db845c(sdm845) ath10k fixes

by Amit Pundir

Hi, v5.4.y commit 3cf391e4174a ("wifi: ath10k: Don't touch the CE interrupt registers after power up"), which is commit 170c75d43a77 upstream, unleashed multiple DB845c(sdm845) regressions ranging from random RCU stalls to UFS crashes as also reported here https://lore.kernel.org/lkml/20230630151842.1.If764ede23c4e09a43a842771c2dd… Taking a cue from the commit message of 170c75d43a77, I tried backporting upstream commit d66d24ac300c ("ath10k: Keep track of which interrupts fired, don't poll them") and other relevant fixes and that seem to have done the trick. We no longer see any of the above reported regressions with the following patchset. This upstream patchset is just an educated guess and there may be one or more fixes in this series which are not needed at all but I have not tested them individually and marked all of them as Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up") instead. Douglas Anderson (3): ath10k: Wait until copy complete is actually done before completing ath10k: Keep track of which interrupts fired, don't poll them ath10k: Get rid of "per_ce_irq" hw param Rakesh Pillai (1): ath10k: Add interrupt summary based CE processing drivers/net/wireless/ath/ath10k/ce.c | 79 ++++++++++++++------------ drivers/net/wireless/ath/ath10k/ce.h | 15 +++-- drivers/net/wireless/ath/ath10k/core.c | 13 ----- drivers/net/wireless/ath/ath10k/hw.h | 3 - drivers/net/wireless/ath/ath10k/snoc.c | 19 +++++-- drivers/net/wireless/ath/ath10k/snoc.h | 1 + 6 files changed, 64 insertions(+), 66 deletions(-) -- 2.25.1

1 year, 8 months

2
5
0 0

[PATCH v2] usb: core: Prevent null pointer dereference in update_port_device_state

by Udipto Goswami

Currently,the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. Fixes: 83cb2604f641 ("usb: core: add sysfs entry for usb device state") Cc: stable(a)vger.kernel.org Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> --- v2: Introduced comment for the if check & CC'ed stable. drivers/usb/core/hub.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index ffd7c99e24a3..d40b5500f95b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2053,9 +2053,18 @@ static void update_port_device_state(struct usb_device *udev) if (udev->parent) { hub = usb_hub_to_struct_hub(udev->parent); - port_dev = hub->ports[udev->portnum - 1]; - WRITE_ONCE(port_dev->state, udev->state); - sysfs_notify_dirent(port_dev->state_kn); + + /* + * usb_hub_to_struct_hub() if returns NULL can + * potentially cause NULL pointer dereference upon further + * access. + * Avoid this with an if check. + */ + if (hub) { + port_dev = hub->ports[udev->portnum - 1]; + WRITE_ONCE(port_dev->state, udev->state); + sysfs_notify_dirent(port_dev->state_kn); + } } } -- 2.17.1

1 year, 8 months

2
2
0 0

[PATCH for-6.1.y] Revert "interconnect: qcom: sm8250: Enable sync_state"

by Amit Pundir

This reverts commit 3637f6bdfe2ccd53c493836b6e43c9a73e4513b3 which is commit bfc7db1cb94ad664546d70212699f8cc6c539e8c upstream. This resulted in boot regression on RB5 (sm8250), causing the device to hard crash into USB crash dump mode everytime. Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- drivers/interconnect/qcom/sm8250.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/interconnect/qcom/sm8250.c b/drivers/interconnect/qcom/sm8250.c index 9c2dd40d9a55..5cdb058fa095 100644 --- a/drivers/interconnect/qcom/sm8250.c +++ b/drivers/interconnect/qcom/sm8250.c @@ -551,7 +551,6 @@ static struct platform_driver qnoc_driver = { .driver = { .name = "qnoc-sm8250", .of_match_table = qnoc_of_match, - .sync_state = icc_sync_state, }, }; module_platform_driver(qnoc_driver); -- 2.25.1

1 year, 8 months

3
5
0 0

[PATCH v4] PCI: mediatek: Clear interrupt status before dispatching handler

by Jianjun Wang

From: qizhong cheng <qizhong.cheng(a)mediatek.com> We found a failure when used iperf tool for wifi performance testing, there are some MSIs received while clearing the interrupt status, these MSIs cannot be serviced. The interrupt status can be cleared even the MSI status still remaining, as an edge-triggered interrupts, its interrupt status should be cleared before dispatching to the handler of device. Fixes: 43e6409db64d ("PCI: mediatek: Add MSI support for MT2712 and MT7622") Signed-off-by: qizhong cheng <qizhong.cheng(a)mediatek.com> Signed-off-by: Jianjun Wang <jianjun.wang(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org --- v4: - Found that this patch has not been merged, resending it as v4. v3: - Add Fix tag. v2: - Update the subject line. - Improve the commit log and code comments. --- drivers/pci/controller/pcie-mediatek.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-mediatek.c b/drivers/pci/controller/pcie-mediatek.c index 66a8f73296fc..3fb7f08de061 100644 --- a/drivers/pci/controller/pcie-mediatek.c +++ b/drivers/pci/controller/pcie-mediatek.c @@ -617,12 +617,17 @@ static void mtk_pcie_intr_handler(struct irq_desc *desc) if (status & MSI_STATUS){ unsigned long imsi_status; + /* + * The interrupt status can be cleared even the MSI + * status still remaining, hence as an edge-triggered + * interrupts, its interrupt status should be cleared + * before dispatching handler. + */ + writel(MSI_STATUS, port->base + PCIE_INT_STATUS); while ((imsi_status = readl(port->base + PCIE_IMSI_STATUS))) { for_each_set_bit(bit, &imsi_status, MTK_MSI_IRQS_NUM) generic_handle_domain_irq(port->inner_domain, bit); } - /* Clear MSI interrupt status */ - writel(MSI_STATUS, port->base + PCIE_INT_STATUS); } } -- 2.18.0

1 year, 8 months

2
1
0 0

[PATCH 5.10.y] powerpc: update ppc_save_regs to save current r1 in pt_regs

by Aditya Gupta

commit b684c09f09e7a6af3794d4233ef785819e72db79 upstream. ppc_save_regs() skips one stack frame while saving the CPU register states. Instead of saving current R1, it pulls the previous stack frame pointer. When vmcores caused by direct panic call (such as `echo c > /proc/sysrq-trigger`), are debugged with gdb, gdb fails to show the backtrace correctly. On further analysis, it was found that it was because of mismatch between r1 and NIP. GDB uses NIP to get current function symbol and uses corresponding debug info of that function to unwind previous frames, but due to the mismatching r1 and NIP, the unwinding does not work, and it fails to unwind to the 2nd frame and hence does not show the backtrace. GDB backtrace with vmcore of kernel without this patch: --------- (gdb) bt #0 0xc0000000002a53e8 in crash_setup_regs (oldregs=<optimized out>, newregs=0xc000000004f8f8d8) at ./arch/powerpc/include/asm/kexec.h:69 #1 __crash_kexec (regs=<optimized out>) at kernel/kexec_core.c:974 #2 0x0000000000000063 in ?? () #3 0xc000000003579320 in ?? () --------- Further analysis revealed that the mismatch occurred because "ppc_save_regs" was saving the previous stack's SP instead of the current r1. This patch fixes this by storing current r1 in the saved pt_regs. GDB backtrace with vmcore of patched kernel: -------- (gdb) bt #0 0xc0000000002a53e8 in crash_setup_regs (oldregs=0x0, newregs=0xc00000000670b8d8) at ./arch/powerpc/include/asm/kexec.h:69 #1 __crash_kexec (regs=regs@entry=0x0) at kernel/kexec_core.c:974 #2 0xc000000000168918 in panic (fmt=fmt@entry=0xc000000001654a60 "sysrq triggered crash\n") at kernel/panic.c:358 #3 0xc000000000b735f8 in sysrq_handle_crash (key=<optimized out>) at drivers/tty/sysrq.c:155 #4 0xc000000000b742cc in __handle_sysrq (key=key@entry=99, check_mask=check_mask@entry=false) at drivers/tty/sysrq.c:602 #5 0xc000000000b7506c in write_sysrq_trigger (file=<optimized out>, buf=<optimized out>, count=2, ppos=<optimized out>) at drivers/tty/sysrq.c:1163 #6 0xc00000000069a7bc in pde_write (ppos=<optimized out>, count=<optimized out>, buf=<optimized out>, file=<optimized out>, pde=0xc00000000362cb40) at fs/proc/inode.c:340 #7 proc_reg_write (file=<optimized out>, buf=<optimized out>, count=<optimized out>, ppos=<optimized out>) at fs/proc/inode.c:352 #8 0xc0000000005b3bbc in vfs_write (file=file@entry=0xc000000006aa6b00, buf=buf@entry=0x61f498b4f60 <error: Cannot access memory at address 0x61f498b4f60>, count=count@entry=2, pos=pos@entry=0xc00000000670bda0) at fs/read_write.c:582 #9 0xc0000000005b4264 in ksys_write (fd=<optimized out>, buf=0x61f498b4f60 <error: Cannot access memory at address 0x61f498b4f60>, count=2) at fs/read_write.c:637 #10 0xc00000000002ea2c in system_call_exception (regs=0xc00000000670be80, r0=<optimized out>) at arch/powerpc/kernel/syscall.c:171 #11 0xc00000000000c270 in system_call_vectored_common () at arch/powerpc/kernel/interrupt_64.S:192 -------- Nick adds: So this now saves regs as though it was an interrupt taken in the caller, at the instruction after the call to ppc_save_regs, whereas previously the NIP was there, but R1 came from the caller's caller and that mismatch is what causes gdb's dwarf unwinder to go haywire. Signed-off-by: Aditya Gupta <adityag(a)linux.ibm.com> Fixes: d16a58f8854b1 ("powerpc: Improve ppc_save_regs()") Reivewed-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20230615091047.90433-1-adityag@linux.ibm.com Cc: stable(a)vger.kernel.org Signed-off-by: Aditya Gupta <adityag(a)linux.ibm.com> --- This is backport for the upstream commit b684c09f09e7a6af3794d4233ef785819e72db79. This solves a register mismatch issue while saving registers after a kernel crash. With this fixed, gdb can also unwind backtraces correctly for vmcores collected from such kernel crashes. Please let me know if this is not correct format for a backport patch. Thanks. --- --- arch/powerpc/kernel/ppc_save_regs.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/ppc_save_regs.S b/arch/powerpc/kernel/ppc_save_regs.S index 2d4d21bb46a9..5d284f78b0b4 100644 --- a/arch/powerpc/kernel/ppc_save_regs.S +++ b/arch/powerpc/kernel/ppc_save_regs.S @@ -58,10 +58,10 @@ _GLOBAL(ppc_save_regs) lbz r0,PACAIRQSOFTMASK(r13) PPC_STL r0,SOFTE-STACK_FRAME_OVERHEAD(r3) #endif - /* go up one stack frame for SP */ - PPC_LL r4,0(r1) - PPC_STL r4,1*SZL(r3) + /* store current SP */ + PPC_STL r1,1*SZL(r3) /* get caller's LR */ + PPC_LL r4,0(r1) PPC_LL r0,LRSAVE(r4) PPC_STL r0,_LINK-STACK_FRAME_OVERHEAD(r3) mflr r0 -- 2.43.0

1 year, 8 months

2
1
0 0

[PATCH AUTOSEL 4.14] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 5bd6494573942..3b37c1ba93e48 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -803,6 +803,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/2] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 605d7448c3de1..b27bb2e2486c2 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -802,6 +802,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 8 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index aea337d817025..91f5e3a2df8aa 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 8 months

1
1
0 0

[PATCH AUTOSEL 5.10 1/3] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 6e1fba2084930..fd643a1d39bc6 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 8 months

1
2
0 0

[PATCH AUTOSEL 5.15 1/3] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 6e1fba2084930..fd643a1d39bc6 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 8 months

1
2
0 0

[PATCH AUTOSEL 6.6 1/8] virtio_blk: fix snprintf truncation compiler warning

by Sasha Levin

From: Stefan Hajnoczi <stefanha(a)redhat.com> [ Upstream commit b8e0792449928943c15d1af9f63816911d139267 ] Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the following gcc 13 W=1 warnings: drivers/block/virtio_blk.c: In function ‘init_vq’: drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~ drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~ drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination of size 16 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a false positive because the lower bound -2147483648 is incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < 65536. The code mixes int, unsigned short, and unsigned int types in addition to using "%d" for an unsigned value. Use unsigned short and "%u" consistently to solve the compiler warning. Cc: Suwan Kim <suwan.kim027(a)gmail.com> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ Signed-off-by: Stefan Hajnoczi <stefanha(a)redhat.com> Message-Id: <20231204140743.1487843-1-stefanha(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/block/virtio_blk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index 4a4b9bad551e8..225c86c74d4e9 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -1021,12 +1021,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) static int init_vq(struct virtio_blk *vblk) { int err; - int i; + unsigned short i; vq_callback_t **callbacks; const char **names; struct virtqueue **vqs; unsigned short num_vqs; - unsigned int num_poll_vqs; + unsigned short num_poll_vqs; struct virtio_device *vdev = vblk->vdev; struct irq_affinity desc = { 0, }; @@ -1070,13 +1070,13 @@ static int init_vq(struct virtio_blk *vblk) for (i = 0; i < num_vqs - num_poll_vqs; i++) { callbacks[i] = virtblk_done; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); names[i] = vblk->vqs[i].name; } for (; i < num_vqs; i++) { callbacks[i] = NULL; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); names[i] = vblk->vqs[i].name; } -- 2.43.0

1 year, 8 months

1
7
0 0

Linux 5.4.266

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.266 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-omap2/id.c | 5 arch/s390/include/asm/fpu/api.h | 2 arch/x86/kernel/alternative.c | 2 drivers/i2c/busses/i2c-aspeed.c | 48 +++++--- drivers/iio/adc/ti_am335x_adc.c | 4 drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 drivers/input/keyboard/ipaq-micro-keys.c | 3 drivers/interconnect/core.c | 3 drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 drivers/pinctrl/pinctrl-at91-pio4.c | 8 + drivers/reset/core.c | 3 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 - drivers/usb/host/fotg210-hcd.c | 3 drivers/usb/serial/ftdi_sio.c | 6 - drivers/usb/serial/ftdi_sio_ids.h | 6 - drivers/usb/serial/option.c | 5 fs/afs/cell.c | 6 - fs/afs/dynroot.c | 31 ++--- fs/block_dev.c | 9 + fs/btrfs/ioctl.c | 9 + fs/cifs/misc.c | 4 fs/cifs/smb2misc.c | 26 +--- fs/cifs/smb2pdu.h | 2 kernel/trace/ring_buffer.c | 9 + net/8021q/vlan_core.c | 9 + net/9p/protocol.c | 17 ++ net/bluetooth/hci_event.c | 3 net/core/dev.c | 8 + net/ife/ife.c | 1 net/mac80211/mesh_plink.c | 10 - net/rfkill/rfkill-gpio.c | 8 + net/rose/af_rose.c | 39 +++++- net/wireless/certs/wens.hex | 87 +++++++++++++++ sound/pci/hda/patch_hdmi.c | 2 sound/pci/hda/patch_realtek.c | 1 40 files changed, 319 insertions(+), 100 deletions(-) Alexis Lothoré (1): pinctrl: at91-pio4: use dedicated lock class for IRQ Alper Ak (1): USB: serial: option: add Quectel EG912Y module support Bin Li (1): ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 Chen-Yu Tsai (1): wifi: cfg80211: Add my certificate Dan Carpenter (1): usb: fotg210-hcd: delete an incorrect bounds test David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check afs: Fix overwriting of result of DNS query Eric Dumazet (3): net: sched: ife: fix potential use-after-free net/rose: fix races in rose_kill_by_device() net: check dev->gso_max_size in gso_features_check() Fedor Pchelkin (1): net: 9p: avoid freeing uninit memory in p9pdu_vreadf Geert Uytterhoeven (1): reset: Fix crash when freeing non-existent optional resets Greg Kroah-Hartman (1): Linux 5.4.266 Haoran Liu (1): Input: ipaq-micro-keys - add error handling for devm_kmemdup Heiko Carstens (1): s390/vx: fix save/restore of fpu kernel context Heiner Kallweit (1): net: warn if gso_type isn't set for a GSO SKB Hu Haowen (1): net/mlx5: improve some comments Javier Carrasco (1): iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Johannes Berg (2): wifi: mac80211: mesh_plink: fix matches_local logic wifi: cfg80211: fix certs build to not depend on file order Josef Bacik (1): btrfs: do not allow non subvolume root targets for snapshot Kai Vehmanen (2): ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Kunwu Chan (1): ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Liu Jian (1): net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Mark Glover (1): USB: serial: ftdi_sio: update Actisense PIDs constant names Mike Tipton (1): interconnect: Treat xlate() returning NULL node as an error Moshe Shemesh (1): net/mlx5: Fix fw tracer first block check Namjae Jeon (1): ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Paulo Alcantara (2): smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in smbCalcSize() Quan Nguyen (1): i2c: aspeed: Handle the coalesced stop conditions with the start conditions. Rahul Rameshbabu (1): net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Reinhard Speyerer (1): USB: serial: option: add Quectel RM500Q R13 firmware support Rouven Czerwinski (1): net: rfkill: gpio: set GPIO direction Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Slark Xiao (1): USB: serial: option: add Foxconn T99W265 with new baseline Steven Rostedt (Google) (1): ring-buffer: Fix wake ups when buffer_percent is set to 100 Su Hui (1): iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Thomas Gleixner (1): x86/alternatives: Sync core before enabling interrupts Vlad Buslov (1): Revert "net/mlx5e: fix double free of encap_header" Wadim Egorov (1): iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Wei Yongjun (1): scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Zhipeng Lu (1): ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

1 year, 8 months

1
1
0 0

Linux 4.19.304

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.304 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-omap2/id.c | 5 arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 4 arch/s390/include/asm/fpu/api.h | 2 arch/x86/kernel/alternative.c | 2 drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 drivers/input/keyboard/ipaq-micro-keys.c | 3 drivers/md/dm-integrity.c | 11 + drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 4 drivers/pinctrl/pinctrl-at91-pio4.c | 8 + drivers/reset/core.c | 3 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 12 -- drivers/usb/host/fotg210-hcd.c | 3 drivers/usb/musb/musb_core.c | 3 drivers/usb/serial/ftdi_sio.c | 6 - drivers/usb/serial/ftdi_sio_ids.h | 6 - drivers/usb/serial/option.c | 5 fs/afs/dynroot.c | 13 -- fs/block_dev.c | 9 + fs/btrfs/ioctl.c | 9 + fs/cifs/misc.c | 4 fs/cifs/smb2misc.c | 26 +--- fs/cifs/smb2pdu.h | 2 net/8021q/vlan_core.c | 9 + net/9p/protocol.c | 17 ++ net/bluetooth/hci_event.c | 3 net/core/dev.c | 8 + net/ife/ife.c | 1 net/mac80211/mesh_plink.c | 10 - net/rfkill/rfkill-gpio.c | 8 + net/rose/af_rose.c | 39 +++++- net/wireless/certs/wens.hex | 87 +++++++++++++++ sound/pci/hda/patch_realtek.c | 30 +++++ 35 files changed, 283 insertions(+), 84 deletions(-) Alexis Lothoré (1): pinctrl: at91-pio4: use dedicated lock class for IRQ Alper Ak (1): USB: serial: option: add Quectel EG912Y module support AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Bin Li (2): ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 Chen-Yu Tsai (1): wifi: cfg80211: Add my certificate Dan Carpenter (1): usb: fotg210-hcd: delete an incorrect bounds test David Howells (1): afs: Fix the dynamic root's d_delete to always delete unused dentries Edward Pacman (1): ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB Eric Dumazet (3): net: sched: ife: fix potential use-after-free net/rose: fix races in rose_kill_by_device() net: check dev->gso_max_size in gso_features_check() Fedor Pchelkin (1): net: 9p: avoid freeing uninit memory in p9pdu_vreadf Geert Uytterhoeven (1): reset: Fix crash when freeing non-existent optional resets Greg Kroah-Hartman (1): Linux 4.19.304 Haoran Liu (1): Input: ipaq-micro-keys - add error handling for devm_kmemdup Heiko Carstens (1): s390/vx: fix save/restore of fpu kernel context Heiner Kallweit (1): net: warn if gso_type isn't set for a GSO SKB Hu Haowen (1): net/mlx5: improve some comments Javier Carrasco (1): iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Johannes Berg (2): wifi: mac80211: mesh_plink: fix matches_local logic wifi: cfg80211: fix certs build to not depend on file order Josef Bacik (1): btrfs: do not allow non subvolume root targets for snapshot Kunwu Chan (1): ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Liu Jian (1): net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Mark Glover (1): USB: serial: ftdi_sio: update Actisense PIDs constant names Mikulas Patocka (1): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Moshe Shemesh (1): net/mlx5: Fix fw tracer first block check Namjae Jeon (1): ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Paulo Alcantara (2): smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in smbCalcSize() Reinhard Speyerer (1): USB: serial: option: add Quectel RM500Q R13 firmware support Rouven Czerwinski (1): net: rfkill: gpio: set GPIO direction Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Slark Xiao (1): USB: serial: option: add Foxconn T99W265 with new baseline Su Hui (1): iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Thomas Gleixner (1): x86/alternatives: Sync core before enabling interrupts Thomas Petazzoni (1): usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling Wei Yongjun (1): scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() YueHaibing (1): scsi: bnx2fc: Remove set but not used variable 'oxid' Zhipeng Lu (1): ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

1 year, 8 months

1
1
0 0

Linux 4.14.335

by Greg Kroah-Hartman

I'm announcing the release of the 4.14.335 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-omap2/id.c | 5 + arch/s390/include/asm/fpu/api.h | 2 drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 - drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 - drivers/input/keyboard/ipaq-micro-keys.c | 3 drivers/md/dm-integrity.c | 11 +-- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 + drivers/usb/serial/ftdi_sio.c | 6 - drivers/usb/serial/ftdi_sio_ids.h | 6 - drivers/usb/serial/option.c | 5 + fs/block_dev.c | 9 +- net/9p/protocol.c | 17 +++- net/bluetooth/hci_event.c | 3 net/ife/ife.c | 1 net/mac80211/mesh_plink.c | 10 +- net/rfkill/rfkill-gpio.c | 8 ++ net/wireless/certs/wens.hex | 87 ++++++++++++++++++++++++ 18 files changed, 158 insertions(+), 30 deletions(-) Alper Ak (1): USB: serial: option: add Quectel EG912Y module support Chen-Yu Tsai (1): wifi: cfg80211: Add my certificate Eric Dumazet (1): net: sched: ife: fix potential use-after-free Fedor Pchelkin (1): net: 9p: avoid freeing uninit memory in p9pdu_vreadf Greg Kroah-Hartman (1): Linux 4.14.335 Haoran Liu (1): Input: ipaq-micro-keys - add error handling for devm_kmemdup Heiko Carstens (1): s390/vx: fix save/restore of fpu kernel context Javier Carrasco (1): iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Johannes Berg (2): wifi: mac80211: mesh_plink: fix matches_local logic wifi: cfg80211: fix certs build to not depend on file order Kunwu Chan (1): ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Mark Glover (1): USB: serial: ftdi_sio: update Actisense PIDs constant names Mikulas Patocka (1): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Reinhard Speyerer (1): USB: serial: option: add Quectel RM500Q R13 firmware support Rouven Czerwinski (1): net: rfkill: gpio: set GPIO direction Sarthak Kukreti (1): block: Don't invalidate pagecache for invalid falloc modes Slark Xiao (1): USB: serial: option: add Foxconn T99W265 with new baseline Su Hui (1): iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Zhipeng Lu (1): ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

1 year, 8 months

1
1
0 0

[PATCH 5.4 00/45] 5.4.266-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.266 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 08 Jan 2024 08:39:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.266-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.266-rc2 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smbCalcSize() Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Thomas Gleixner <tglx(a)linutronix.de> x86/alternatives: Sync core before enabling interrupts Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Wadim Egorov <w.egorov(a)phytec.de> iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Wei Yongjun <weiyongjun1(a)huawei.com> scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Treat xlate() returning NULL node as an error Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Quan Nguyen <quan(a)os.amperecomputing.com> i2c: aspeed: Handle the coalesced stop conditions with the start conditions. David Howells <dhowells(a)redhat.com> afs: Fix overwriting of result of DNS query Eric Dumazet <edumazet(a)google.com> net: check dev->gso_max_size in gso_features_check() Heiner Kallweit <hkallweit1(a)gmail.com> net: warn if gso_type isn't set for a GSO SKB David Howells <dhowells(a)redhat.com> afs: Fix dynamic root lookup DNS check David Howells <dhowells(a)redhat.com> afs: Fix the dynamic root's d_delete to always delete unused dentries Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Eric Dumazet <edumazet(a)google.com> net/rose: fix races in rose_kill_by_device() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix fw tracer first block check Hu Haowen <xianfengting221(a)163.com> net/mlx5: improve some comments Vlad Buslov <vladbu(a)nvidia.com> Revert "net/mlx5e: fix double free of encap_header" Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Geert Uytterhoeven <geert+renesas(a)glider.be> reset: Fix crash when freeing non-existent optional resets Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Bin Li <bin.li(a)canonical.com> ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/s390/include/asm/fpu/api.h | 2 +- arch/x86/kernel/alternative.c | 2 +- drivers/i2c/busses/i2c-aspeed.c | 48 ++++++++---- drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/interconnect/core.c | 3 + drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 4 +- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 10 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- drivers/pinctrl/pinctrl-at91-pio4.c | 8 ++ drivers/reset/core.c | 3 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 +-- drivers/usb/host/fotg210-hcd.c | 3 - drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/afs/cell.c | 6 +- fs/afs/dynroot.c | 31 ++++---- fs/block_dev.c | 9 ++- fs/btrfs/ioctl.c | 9 +++ fs/cifs/misc.c | 4 + fs/cifs/smb2misc.c | 26 +++---- fs/cifs/smb2pdu.h | 2 +- kernel/trace/ring_buffer.c | 9 ++- net/8021q/vlan_core.c | 9 ++- net/9p/protocol.c | 17 ++++- net/bluetooth/hci_event.c | 3 +- net/core/dev.c | 8 ++ net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 ++ net/rose/af_rose.c | 39 ++++++++-- net/wireless/certs/wens.hex | 87 ++++++++++++++++++++++ sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + 40 files changed, 320 insertions(+), 101 deletions(-)

1 year, 8 months

4
3
0 0

[PATCH 4.19 00/41] 4.19.304-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.304 release. There are 41 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 07 Jan 2024 14:38:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.304-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.304-rc1 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smbCalcSize() Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling Thomas Gleixner <tglx(a)linutronix.de> x86/alternatives: Sync core before enabling interrupts Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Wei Yongjun <weiyongjun1(a)huawei.com> scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() YueHaibing <yuehaibing(a)huawei.com> scsi: bnx2fc: Remove set but not used variable 'oxid' Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Eric Dumazet <edumazet(a)google.com> net: check dev->gso_max_size in gso_features_check() Heiner Kallweit <hkallweit1(a)gmail.com> net: warn if gso_type isn't set for a GSO SKB David Howells <dhowells(a)redhat.com> afs: Fix the dynamic root's d_delete to always delete unused dentries Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Eric Dumazet <edumazet(a)google.com> net/rose: fix races in rose_kill_by_device() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix fw tracer first block check Hu Haowen <xianfengting221(a)163.com> net/mlx5: improve some comments Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Geert Uytterhoeven <geert+renesas(a)glider.be> reset: Fix crash when freeing non-existent optional resets Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Bin Li <bin.li(a)canonical.com> ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 Bin Li <bin.li(a)canonical.com> ALSA: hda/realtek: Enable headset onLenovo M70/M90 Edward Pacman <edward(a)edward-p.xyz> ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 4 +- arch/s390/include/asm/fpu/api.h | 2 +- arch/x86/kernel/alternative.c | 2 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/md/dm-integrity.c | 11 +-- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 4 +- drivers/pinctrl/pinctrl-at91-pio4.c | 8 ++ drivers/reset/core.c | 3 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 12 +-- drivers/usb/host/fotg210-hcd.c | 3 - drivers/usb/musb/musb_core.c | 3 +- drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/afs/dynroot.c | 13 +--- fs/block_dev.c | 9 ++- fs/btrfs/ioctl.c | 9 +++ fs/cifs/misc.c | 4 + fs/cifs/smb2misc.c | 26 +++---- fs/cifs/smb2pdu.h | 2 +- net/8021q/vlan_core.c | 9 ++- net/9p/protocol.c | 17 ++++- net/bluetooth/hci_event.c | 3 +- net/core/dev.c | 8 ++ net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 ++ net/rose/af_rose.c | 41 ++++++++-- net/wireless/certs/wens.hex | 87 ++++++++++++++++++++++ sound/pci/hda/patch_realtek.c | 30 ++++++++ 35 files changed, 285 insertions(+), 86 deletions(-)

1 year, 8 months

6
46
0 0

[PATCH 4.14 00/19] 4.14.335-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.335 release. There are 19 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 09 Jan 2024 12:38:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.335-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.335-rc3 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/s390/include/asm/fpu/api.h | 2 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/md/dm-integrity.c | 11 ++-- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/block_dev.c | 9 ++- net/9p/protocol.c | 17 +++-- net/bluetooth/hci_event.c | 3 +- net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 +++ net/wireless/certs/wens.hex | 87 +++++++++++++++++++++++++ 18 files changed, 159 insertions(+), 31 deletions(-)

1 year, 8 months

4
3
0 0

Re: [PATCH] drm/vmwgfx: Keep a gem reference to user bos in surfaces

by Sverdlin, Alexander

Hello Murray, thanks for looking into this! > > > On Thu, 2023-09-28 at 00:13 -0400, Zack Rusin wrote: > > > > From: Zack Rusin <zackr(a)vmware.com> > > > > > > > > Surfaces can be backed (i.e. stored in) memory objects (mob's) which > > > > are created and managed by the userspace as GEM buffers. Surfaces > > > > grab only a ttm reference which means that the gem object can > > > > be deleted underneath us, especially in cases where prime buffer > > > > export is used. > > > > > > > > Make sure that all userspace surfaces which are backed by gem objects > > > > hold a gem reference to make sure they're not deleted before vmw > > > > surfaces are done with them, which fixes: > > > > ------------[ cut here ]------------ > > > > refcount_t: underflow; use-after-free. > > > > WARNING: CPU: 2 PID: 2632 at lib/refcount.c:28 refcount_warn_saturate+0xfb/0x150 [] > > > > ---[ end trace 0000000000000000 ]--- > > > > > > > > A lot of the analyis on the bug was done by Murray McAllister and > > > > Ian Forbes. > > > > > > > > Reported-by: Murray McAllister <murray.mcallister(a)gmail.com> > > > > Cc: Ian Forbes <iforbes(a)vmware.com> > > > > Signed-off-by: Zack Rusin <zackr(a)vmware.com> > > > > Fixes: a950b989ea29 ("drm/vmwgfx: Do not drop the reference to the handle too soon") > > > > Cc: <stable(a)vger.kernel.org> # v6.2+ > > > > > > Do you remember the particular reason this was marked 6.2+? > > > > That's because that's the kernel release where the commit this one is > > fixing first landed. > > > > > We see this on Debian 6.1.67 (which at least has the mentioned > > > "drm/vmwgfx: Do not drop the reference to the handle too soon"): > > > > The original had to be backported there. I'll ask someone on my team > > to check the branches the original was backported to see if this > > change even applies on those and then we'll see what we can do. In the > > meantime if you know anyone on the Debian kernel team suggesting this > > as a cherry-pick might also be a good idea. > > > > z > > Hi Alexander, > > I think the backport might already be on Debian's radar for your version: > > https://security-tracker.debian.org/tracker/CVE-2023-5633 Sorry, my reference to Debian was irrelevant, the patch-to-be-fixed is actually in the upstream kernel: $ git log --grep "drm/vmwgfx: Do not drop the reference to the handle too soon" v6.1.67 commit 0a127ac972404600c99eb141c8d5b5348e53ee4f Author: Zack Rusin <zackr(a)vmware.com> Date: Sat Feb 11 00:05:14 2023 -0500 drm/vmwgfx: Do not drop the reference to the handle too soon commit a950b989ea29ab3b38ea7f6e3d2540700a3c54e8 upstream. So it was merely a hint for Stable Team to pick the Subject path into v6.1.x. -- Alexander Sverdlin Siemens AG www.siemens.com

1 year, 8 months

1
0
0 0

[PATCH net] net: stmmac: fix ethtool per-queue statistics

by Petr Tesarik

Fix per-queue statistics for devices with more than one queue. The output data pointer is currently reset in each loop iteration, effectively summing all queue statistics in the first four u64 values. The summary values are not even labeled correctly. For example, if eth0 has 2 queues, ethtool -S eth0 shows: q0_tx_pkt_n: 374 (actually tx_pkt_n over all queues) q0_tx_irq_n: 23 (actually tx_normal_irq_n over all queues) q1_tx_pkt_n: 462 (actually rx_pkt_n over all queues) q1_tx_irq_n: 446 (actually rx_normal_irq_n over all queues) q0_rx_pkt_n: 0 q0_rx_irq_n: 0 q1_rx_pkt_n: 0 q1_rx_irq_n: 0 Fixes: 133466c3bbe1 ("net: stmmac: use per-queue 64 bit statistics where necessary") Cc: stable(a)vger.kernel.org Signed-off-by: Petr Tesarik <petr(a)tesarici.cz> --- drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c index f628411ae4ae..112a36a698f1 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c @@ -543,15 +543,12 @@ static void stmmac_get_per_qstats(struct stmmac_priv *priv, u64 *data) u32 rx_cnt = priv->plat->rx_queues_to_use; unsigned int start; int q, stat; - u64 *pos; char *p; - pos = data; for (q = 0; q < tx_cnt; q++) { struct stmmac_txq_stats *txq_stats = &priv->xstats.txq_stats[q]; struct stmmac_txq_stats snapshot; - data = pos; do { start = u64_stats_fetch_begin(&txq_stats->syncp); snapshot = *txq_stats; @@ -559,17 +556,15 @@ static void stmmac_get_per_qstats(struct stmmac_priv *priv, u64 *data) p = (char *)&snapshot + offsetof(struct stmmac_txq_stats, tx_pkt_n); for (stat = 0; stat < STMMAC_TXQ_STATS; stat++) { - *data++ += (*(u64 *)p); + *data++ = (*(u64 *)p); p += sizeof(u64); } } - pos = data; for (q = 0; q < rx_cnt; q++) { struct stmmac_rxq_stats *rxq_stats = &priv->xstats.rxq_stats[q]; struct stmmac_rxq_stats snapshot; - data = pos; do { start = u64_stats_fetch_begin(&rxq_stats->syncp); snapshot = *rxq_stats; @@ -577,7 +572,7 @@ static void stmmac_get_per_qstats(struct stmmac_priv *priv, u64 *data) p = (char *)&snapshot + offsetof(struct stmmac_rxq_stats, rx_pkt_n); for (stat = 0; stat < STMMAC_RXQ_STATS; stat++) { - *data++ += (*(u64 *)p); + *data++ = (*(u64 *)p); p += sizeof(u64); } } -- 2.43.0

1 year, 8 months

4
3
0 0

[PATCH 4.14 00/20] 4.14.335-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.335 release. There are 20 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 08 Jan 2024 08:40:01 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.335-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.335-rc2 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/s390/include/asm/fpu/api.h | 2 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/md/dm-integrity.c | 11 ++-- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/block_dev.c | 9 ++- net/8021q/vlan_core.c | 9 ++- net/9p/protocol.c | 17 +++-- net/bluetooth/hci_event.c | 3 +- net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 +++ net/wireless/certs/wens.hex | 87 +++++++++++++++++++++++++ 19 files changed, 167 insertions(+), 32 deletions(-)

1 year, 8 months

3
3
0 0

[PATCH V4 2/4] riscv: mm: Fixup compat arch_get_mmap_end

by guoren＠kernel.org

From: Guo Ren <guoren(a)linux.alibaba.com> When the task is in COMPAT mode, the arch_get_mmap_end should be 2GB, not TASK_SIZE_64. The TASK_SIZE has contained is_compat_mode() detection, so change the definition of STACK_TOP_MAX to TASK_SIZE directly. Cc: stable(a)vger.kernel.org Fixes: add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57") Reviewed-by: Leonardo Bras <leobras(a)redhat.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Signed-off-by: Guo Ren <guoren(a)linux.alibaba.com> Signed-off-by: Guo Ren <guoren(a)kernel.org> --- arch/riscv/include/asm/processor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h index f19f861cda54..e1944ff0757a 100644 --- a/arch/riscv/include/asm/processor.h +++ b/arch/riscv/include/asm/processor.h @@ -16,7 +16,7 @@ #ifdef CONFIG_64BIT #define DEFAULT_MAP_WINDOW (UL(1) << (MMAP_VA_BITS - 1)) -#define STACK_TOP_MAX TASK_SIZE_64 +#define STACK_TOP_MAX TASK_SIZE #define arch_get_mmap_end(addr, len, flags) \ ({ \ -- 2.40.1

1 year, 8 months

1
0
0 0

[PATCH V4 1/4] riscv: mm: Fixup compat mode boot failure

by guoren＠kernel.org

From: Guo Ren <guoren(a)linux.alibaba.com> In COMPAT mode, the STACK_TOP is DEFAULT_MAP_WINDOW (0x80000000), but the TASK_SIZE is 0x7fff000. When the user stack is upon 0x7fff000, it will cause a user segment fault. Sometimes, it would cause boot failure when the whole rootfs is rv32. Freeing unused kernel image (initmem) memory: 2236K Run /sbin/init as init process Starting init: /sbin/init exists but couldn't execute it (error -14) Run /etc/init as init process ... Increase the TASK_SIZE to cover STACK_TOP. Cc: stable(a)vger.kernel.org Fixes: add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57") Reviewed-by: Leonardo Bras <leobras(a)redhat.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Signed-off-by: Guo Ren <guoren(a)linux.alibaba.com> Signed-off-by: Guo Ren <guoren(a)kernel.org> --- arch/riscv/include/asm/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h index ab00235b018f..74ffb2178f54 100644 --- a/arch/riscv/include/asm/pgtable.h +++ b/arch/riscv/include/asm/pgtable.h @@ -881,7 +881,7 @@ static inline pte_t pte_swp_clear_exclusive(pte_t pte) #define TASK_SIZE_MIN (PGDIR_SIZE_L3 * PTRS_PER_PGD / 2) #ifdef CONFIG_COMPAT -#define TASK_SIZE_32 (_AC(0x80000000, UL) - PAGE_SIZE) +#define TASK_SIZE_32 (_AC(0x80000000, UL)) #define TASK_SIZE (test_thread_flag(TIF_32BIT) ? \ TASK_SIZE_32 : TASK_SIZE_64) #else -- 2.40.1

1 year, 8 months

1
0
0 0

[PATCH net v3 1/2] rtnetlink: allow to set iface down before enslaving it

by Nicolas Dichtel

The below commit adds support for: > ip link set dummy0 down > ip link set dummy0 master bond0 up but breaks the opposite: > ip link set dummy0 up > ip link set dummy0 master bond0 down Let's add a workaround to have both commands working. Cc: stable(a)vger.kernel.org Fixes: a4abfa627c38 ("net: rtnetlink: Enslave device before bringing it up") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Acked-by: Phil Sutter <phil(a)nwl.cc> Reviewed-by: David Ahern <dsahern(a)kernel.org> --- net/core/rtnetlink.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index e8431c6c8490..dd79693c2d91 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2905,6 +2905,14 @@ static int do_setlink(const struct sk_buff *skb, call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); } + /* Backward compat: enable to set interface down before enslaving it */ + if (!(ifm->ifi_flags & IFF_UP) && ifm->ifi_change & IFF_UP) { + err = dev_change_flags(dev, rtnl_dev_combine_flags(dev, ifm), + extack); + if (err < 0) + goto errout; + } + if (tb[IFLA_MASTER]) { err = do_set_master(dev, nla_get_u32(tb[IFLA_MASTER]), extack); if (err) -- 2.39.2

1 year, 8 months

3
4
0 0

[PATCH V2 2/3] wifi: brcmfmac: avoid invalid list operation when vendor attach fails

by Arend van Spriel

When the brcmf_fwvid_attach() fails the driver instance is not added to the vendor list. Hence we should not try to delete it from that list when the brcmf_fwvid_detach() function is called in cleanup path. Cc: stable(a)vger.kernel.org # 6.2.x Fixes: d6a5c562214f ("wifi: brcmfmac: add support for vendor-specific firmware api") Signed-off-by: Arend van Spriel <arend.vanspriel(a)broadcom.com> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c index f633e2bbd891..b427782554b5 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c @@ -186,9 +186,10 @@ void brcmf_fwvid_detach(struct brcmf_pub *drvr) mutex_lock(&fwvid_list_lock); - drvr->vops = NULL; - list_del(&drvr->bus_if->list); - + if (drvr->vops) { + drvr->vops = NULL; + list_del(&drvr->bus_if->list); + } mutex_unlock(&fwvid_list_lock); } -- 2.32.0

1 year, 8 months

1
0
0 0

[PATCH 1/3] wifi: brcmfmac: Demote vendor-specific attach/detach messages to info

by Arend van Spriel

From: Hector Martin <marcan(a)marcan.st> People are getting spooked by brcmfmac errors on their boot console. There's no reason for these messages to be errors. Cc: stable(a)vger.kernel.org # 6.2.x Fixes: d6a5c562214f ("wifi: brcmfmac: add support for vendor-specific firmware api") Signed-off-by: Hector Martin <marcan(a)marcan.st> [arend.vanspriel(a)broadcom.com: remove attach/detach vendor callbacks] Signed-off-by: Arend van Spriel <arend.vanspriel(a)broadcom.com> --- .../broadcom/brcm80211/brcmfmac/bca/core.c | 13 ---------- .../broadcom/brcm80211/brcmfmac/cyw/core.c | 13 ---------- .../broadcom/brcm80211/brcmfmac/fwvid.c | 7 +++-- .../broadcom/brcm80211/brcmfmac/fwvid.h | 26 ++----------------- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 15 +---------- 5 files changed, 6 insertions(+), 68 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c index a5d9ac5e6763..a963c242975a 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c @@ -11,17 +11,6 @@ #include "vops.h" -static int brcmf_bca_attach(struct brcmf_pub *drvr) -{ - pr_err("%s: executing\n", __func__); - return 0; -} - -static void brcmf_bca_detach(struct brcmf_pub *drvr) -{ - pr_err("%s: executing\n", __func__); -} - static void brcmf_bca_feat_attach(struct brcmf_if *ifp) { /* SAE support not confirmed so disabling for now */ @@ -29,7 +18,5 @@ static void brcmf_bca_feat_attach(struct brcmf_if *ifp) } const struct brcmf_fwvid_ops brcmf_bca_ops = { - .attach = brcmf_bca_attach, - .detach = brcmf_bca_detach, .feat_attach = brcmf_bca_feat_attach, }; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c index 24670497f1a4..bec5748310b9 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c @@ -11,17 +11,6 @@ #include "vops.h" -static int brcmf_cyw_attach(struct brcmf_pub *drvr) -{ - pr_err("%s: executing\n", __func__); - return 0; -} - -static void brcmf_cyw_detach(struct brcmf_pub *drvr) -{ - pr_err("%s: executing\n", __func__); -} - static int brcmf_cyw_set_sae_pwd(struct brcmf_if *ifp, struct cfg80211_crypto_settings *crypto) { @@ -49,7 +38,5 @@ static int brcmf_cyw_set_sae_pwd(struct brcmf_if *ifp, } const struct brcmf_fwvid_ops brcmf_cyw_ops = { - .attach = brcmf_cyw_attach, - .detach = brcmf_cyw_detach, .set_sae_password = brcmf_cyw_set_sae_pwd, }; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c index 86eafdb40541..f633e2bbd891 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c @@ -89,8 +89,7 @@ int brcmf_fwvid_register_vendor(enum brcmf_fwvendor fwvid, struct module *vmod, if (fwvid >= BRCMF_FWVENDOR_NUM) return -ERANGE; - if (WARN_ON(!vmod) || WARN_ON(!vops) || - WARN_ON(!vops->attach) || WARN_ON(!vops->detach)) + if (WARN_ON(!vmod) || WARN_ON(!vops)) return -EINVAL; if (WARN_ON(fwvid_list[fwvid].vmod)) @@ -150,7 +149,7 @@ static inline int brcmf_fwvid_request_module(enum brcmf_fwvendor fwvid) } #endif -int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr) +int brcmf_fwvid_attach(struct brcmf_pub *drvr) { enum brcmf_fwvendor fwvid = drvr->bus_if->fwvid; int ret; @@ -175,7 +174,7 @@ int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr) return ret; } -void brcmf_fwvid_detach_ops(struct brcmf_pub *drvr) +void brcmf_fwvid_detach(struct brcmf_pub *drvr) { enum brcmf_fwvendor fwvid = drvr->bus_if->fwvid; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h index d9fc76b46db9..dac22534d033 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h @@ -12,8 +12,6 @@ struct brcmf_pub; struct brcmf_if; struct brcmf_fwvid_ops { - int (*attach)(struct brcmf_pub *drvr); - void (*detach)(struct brcmf_pub *drvr); void (*feat_attach)(struct brcmf_if *ifp); int (*set_sae_password)(struct brcmf_if *ifp, struct cfg80211_crypto_settings *crypto); }; @@ -24,30 +22,10 @@ int brcmf_fwvid_register_vendor(enum brcmf_fwvendor fwvid, struct module *mod, int brcmf_fwvid_unregister_vendor(enum brcmf_fwvendor fwvid, struct module *mod); /* core driver functions */ -int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr); -void brcmf_fwvid_detach_ops(struct brcmf_pub *drvr); +int brcmf_fwvid_attach(struct brcmf_pub *drvr); +void brcmf_fwvid_detach(struct brcmf_pub *drvr); const char *brcmf_fwvid_vendor_name(struct brcmf_pub *drvr); -static inline int brcmf_fwvid_attach(struct brcmf_pub *drvr) -{ - int ret; - - ret = brcmf_fwvid_attach_ops(drvr); - if (ret) - return ret; - - return drvr->vops->attach(drvr); -} - -static inline void brcmf_fwvid_detach(struct brcmf_pub *drvr) -{ - if (!drvr->vops) - return; - - drvr->vops->detach(drvr); - brcmf_fwvid_detach_ops(drvr); -} - static inline void brcmf_fwvid_feat_attach(struct brcmf_if *ifp) { const struct brcmf_fwvid_ops *vops = ifp->drvr->vops; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c index 2d8f80bd7382..fd593b93ad40 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c @@ -7,21 +7,10 @@ #include <core.h> #include <bus.h> #include <fwvid.h> -#include <fwil.h> +#include <cfg80211.h> #include "vops.h" -static int brcmf_wcc_attach(struct brcmf_pub *drvr) -{ - pr_debug("%s: executing\n", __func__); - return 0; -} - -static void brcmf_wcc_detach(struct brcmf_pub *drvr) -{ - pr_debug("%s: executing\n", __func__); -} - static int brcmf_wcc_set_sae_pwd(struct brcmf_if *ifp, struct cfg80211_crypto_settings *crypto) { @@ -30,7 +19,5 @@ static int brcmf_wcc_set_sae_pwd(struct brcmf_if *ifp, } const struct brcmf_fwvid_ops brcmf_wcc_ops = { - .attach = brcmf_wcc_attach, - .detach = brcmf_wcc_detach, .set_sae_password = brcmf_wcc_set_sae_pwd, }; -- 2.32.0

1 year, 8 months

1
1
0 0

[PATCH 4.14 00/21] 4.14.335-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.335 release. There are 21 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 07 Jan 2024 14:38:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.335-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.335-rc1 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/s390/include/asm/fpu/api.h | 2 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/md/dm-integrity.c | 11 ++-- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- drivers/pinctrl/pinctrl-at91-pio4.c | 8 +++ drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/block_dev.c | 9 ++- net/8021q/vlan_core.c | 9 ++- net/9p/protocol.c | 17 +++-- net/bluetooth/hci_event.c | 3 +- net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 +++ net/wireless/certs/wens.hex | 87 +++++++++++++++++++++++++ 20 files changed, 175 insertions(+), 32 deletions(-)

1 year, 8 months

6
28
0 0

[PATCH 5.4 00/47] 5.4.266-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.266 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 07 Jan 2024 14:38:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.266-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.266-rc1 Sarthak Kukreti <sarthakkukreti(a)chromium.org> block: Don't invalidate pagecache for invalid falloc modes Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Flush posted write only after srst_udelay Julien Panis <jpanis(a)baylibre.com> bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smbCalcSize() Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Thomas Gleixner <tglx(a)linutronix.de> x86/alternatives: Sync core before enabling interrupts Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Wadim Egorov <w.egorov(a)phytec.de> iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Wei Yongjun <weiyongjun1(a)huawei.com> scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Treat xlate() returning NULL node as an error Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Quan Nguyen <quan(a)os.amperecomputing.com> i2c: aspeed: Handle the coalesced stop conditions with the start conditions. David Howells <dhowells(a)redhat.com> afs: Fix overwriting of result of DNS query Eric Dumazet <edumazet(a)google.com> net: check dev->gso_max_size in gso_features_check() Heiner Kallweit <hkallweit1(a)gmail.com> net: warn if gso_type isn't set for a GSO SKB David Howells <dhowells(a)redhat.com> afs: Fix dynamic root lookup DNS check David Howells <dhowells(a)redhat.com> afs: Fix the dynamic root's d_delete to always delete unused dentries Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Eric Dumazet <edumazet(a)google.com> net/rose: fix races in rose_kill_by_device() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix fw tracer first block check Hu Haowen <xianfengting221(a)163.com> net/mlx5: improve some comments Vlad Buslov <vladbu(a)nvidia.com> Revert "net/mlx5e: fix double free of encap_header" Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Geert Uytterhoeven <geert+renesas(a)glider.be> reset: Fix crash when freeing non-existent optional resets Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Bin Li <bin.li(a)canonical.com> ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ------------- Diffstat: Makefile | 4 +- arch/arm/mach-omap2/id.c | 5 ++ arch/s390/include/asm/fpu/api.h | 2 +- arch/x86/kernel/alternative.c | 2 +- drivers/bus/ti-sysc.c | 19 +++-- drivers/i2c/busses/i2c-aspeed.c | 48 ++++++++---- drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/interconnect/core.c | 3 + drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 4 +- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 10 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- drivers/pinctrl/pinctrl-at91-pio4.c | 8 ++ drivers/reset/core.c | 3 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 +-- drivers/usb/host/fotg210-hcd.c | 3 - drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 ++ fs/afs/cell.c | 6 +- fs/afs/dynroot.c | 31 ++++---- fs/block_dev.c | 9 ++- fs/btrfs/ioctl.c | 9 +++ fs/cifs/misc.c | 4 + fs/cifs/smb2misc.c | 26 +++---- fs/cifs/smb2pdu.h | 2 +- kernel/trace/ring_buffer.c | 9 ++- net/8021q/vlan_core.c | 9 ++- net/9p/protocol.c | 17 ++++- net/bluetooth/hci_event.c | 3 +- net/core/dev.c | 8 ++ net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +-- net/rfkill/rfkill-gpio.c | 8 ++ net/rose/af_rose.c | 41 ++++++++-- net/wireless/certs/wens.hex | 87 ++++++++++++++++++++++ sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + 41 files changed, 335 insertions(+), 107 deletions(-)

1 year, 8 months

4
53
0 0

Linux 6.6.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.10 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/powerpc/Kconfig | 4 arch/riscv/Kconfig | 4 arch/s390/Kconfig | 4 arch/x86/Kconfig | 4 drivers/nvme/host/fc.c | 21 --- drivers/platform/x86/intel/pmc/adl.c | 9 - drivers/platform/x86/intel/pmc/cnp.c | 26 +++- drivers/platform/x86/intel/pmc/core.c | 12 + drivers/platform/x86/intel/pmc/core.h | 7 - drivers/platform/x86/intel/pmc/mtl.c | 9 - drivers/platform/x86/intel/pmc/tgl.c | 9 - drivers/virtio/virtio_ring.c | 6 fs/libfs.c | 41 ++++-- fs/smb/client/file.c | 18 +- fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 17 +- fs/smb/client/smb2ops.c | 6 fs/smb/common/smb2pdu.h | 1 fs/smb/server/connection.c | 16 -- fs/smb/server/ksmbd_work.c | 51 ++++---- fs/smb/server/mgmt/user_config.h | 1 fs/smb/server/oplock.c | 118 ++++++++++++++++-- fs/smb/server/oplock.h | 8 + fs/smb/server/smb2misc.c | 15 +- fs/smb/server/smb2ops.c | 9 - fs/smb/server/smb2pdu.c | 156 +++++++++++++------------ fs/smb/server/transport_rdma.c | 40 ++++-- fs/smb/server/unicode.c | 187 ++++++++++++++++++++++-------- fs/smb/server/vfs.c | 14 +- fs/smb/server/vfs_cache.c | 30 ++-- fs/smb/server/vfs_cache.h | 9 - include/linux/blkdev.h | 2 include/linux/export-internal.h | 6 include/linux/fs.h | 85 +++++++++++-- kernel/Kconfig.kexec | 2 kernel/trace/ftrace.c | 100 +++++++--------- kernel/trace/ring_buffer.c | 12 + kernel/trace/trace.c | 20 ++- lib/maple_tree.c | 11 + mm/filemap.c | 9 + mm/memory-failure.c | 8 - mm/migrate.c | 9 + net/mptcp/protocol.c | 27 +++- net/mptcp/protocol.h | 63 ++++++++-- net/mptcp/sockopt.c | 5 net/mptcp/subflow.c | 29 ++-- net/netfilter/nf_tables_api.c | 2 net/wireless/core.h | 1 net/wireless/nl80211.c | 56 +++++--- tools/testing/radix-tree/maple.c | 2 tools/testing/selftests/mm/memfd_secret.c | 3 52 files changed, 884 insertions(+), 428 deletions(-) Arnd Bergmann (2): kexec: fix KEXEC_FILE dependencies kexec: select CRYPTO from KEXEC_FILE instead of depending on it Baokun Li (1): mm/filemap: avoid buffered read/write race to read inconsistent data Charan Teja Kalla (1): mm: migrate high-order folios in swap cache correctly Cheng-Han Wu (1): ksmbd: Remove unused field in ksmbd_user struct Christoph Hellwig (1): block: renumber QUEUE_FLAG_HW_WC David E. Box (3): platform/x86/intel/pmc: Add suspend callback platform/x86/intel/pmc: Allow reenabling LTRs platform/x86/intel/pmc: Move GBE LTR ignore to suspend callback Greg Kroah-Hartman (1): Linux 6.6.10 Helge Deller (2): linux/export: Fix alignment for 64-bit ksymtab entries linux/export: Ensure natural alignment of kcrctab array Jeff Layton (2): fs: new accessor methods for atime and mtime client: convert to new timestamp accessors Johannes Berg (1): wifi: cfg80211: fix CQM for non-range use Kangjing Huang (1): ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Keith Busch (1): Revert "nvme-fc: fix race between error recovery and creating association" Léo Lam (1): wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) Matthew Wilcox (Oracle) (2): mm/memory-failure: cast index to loff_t before shifting it mm/memory-failure: check the mapcount of the precise page Muhammad Usama Anjum (1): selftests: secretmem: floor the memory size to the multiple of page_size Namjae Jeon (17): ksmbd: reorganize ksmbd_iov_pin_rsp() ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() ksmbd: add support for surrogate pair conversion ksmbd: no need to wait for binded connection termination at logoff ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() ksmbd: separately allocate ci per dentry ksmbd: move oplock handling after unlock parent dir ksmbd: release interim response after sending status pending response ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error ksmbd: set epoch in create context v2 lease ksmbd: set v2 lease capability ksmbd: downgrade RWH lease caching state to RH for directory ksmbd: send v2 lease break notification for directory ksmbd: lazy v2 lease break on smb2_write() ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Pablo Neira Ayuso (1): netfilter: nf_tables: skip set commit for deleted/destroyed sets Paolo Abeni (3): mptcp: refactor sndbuf auto-tuning mptcp: fix possible NULL pointer dereference on close mptcp: fix inconsistent state on fastopen race Shin'ichiro Kawasaki (2): platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe Revert "platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe" Sidhartha Kumar (1): maple_tree: do not preallocate nodes for slot stores Steven Rostedt (Google) (3): ring-buffer: Fix wake ups when buffer_percent is set to 100 ftrace: Fix modification of direct_function hash while in use tracing: Fix blocked reader of snapshot buffer Xuan Zhuo (1): virtio_ring: fix syncs DMA memory with different direction Zizhi Wo (1): fs: cifs: Fix atime update check Zongmin Zhou (1): ksmbd: prevent memory leak on error return

1 year, 8 months

1
1
0 0

Linux 6.1.71

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.71 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am33xx.dtsi | 1 drivers/base/property.c | 11 drivers/iio/imu/adis16475.c | 117 ++-- drivers/spi/spi-atmel.c | 82 ++- drivers/spi/spi.c | 92 ++- drivers/usb/host/fotg210-hcd.c | 3 fs/namei.c | 125 +++- fs/nfsd/nfsctl.c | 9 fs/nfsd/nfsd.h | 8 fs/nfsd/nfssvc.c | 57 -- fs/smb/common/smb2pdu.h | 1 fs/smb/server/Kconfig | 10 fs/smb/server/asn1.c | 27 fs/smb/server/auth.c | 11 fs/smb/server/connection.c | 74 -- fs/smb/server/connection.h | 2 fs/smb/server/ksmbd_netlink.h | 4 fs/smb/server/ksmbd_work.c | 100 +++ fs/smb/server/ksmbd_work.h | 36 - fs/smb/server/mgmt/share_config.h | 29 - fs/smb/server/mgmt/tree_connect.c | 53 + fs/smb/server/mgmt/tree_connect.h | 14 fs/smb/server/mgmt/user_config.h | 1 fs/smb/server/mgmt/user_session.c | 38 - fs/smb/server/mgmt/user_session.h | 3 fs/smb/server/oplock.c | 147 ++++- fs/smb/server/oplock.h | 8 fs/smb/server/server.c | 36 - fs/smb/server/smb2misc.c | 19 fs/smb/server/smb2ops.c | 19 fs/smb/server/smb2pdu.c | 1033 ++++++++++++++++---------------------- fs/smb/server/smb2pdu.h | 3 fs/smb/server/smb_common.c | 19 fs/smb/server/smb_common.h | 14 fs/smb/server/smbacl.c | 20 fs/smb/server/smbacl.h | 2 fs/smb/server/transport_ipc.c | 4 fs/smb/server/transport_rdma.c | 44 + fs/smb/server/unicode.c | 193 ++++--- fs/smb/server/vfs.c | 608 +++++++++++----------- fs/smb/server/vfs.h | 52 - fs/smb/server/vfs_cache.c | 63 +- fs/smb/server/vfs_cache.h | 18 include/linux/blkdev.h | 2 include/linux/export-internal.h | 1 include/linux/module.h | 9 include/linux/namei.h | 7 include/linux/property.h | 7 include/linux/spi/spi.h | 23 kernel/module/kallsyms.c | 2 kernel/trace/ring_buffer.c | 140 +---- kernel/trace/trace.c | 20 kernel/trace/trace_kprobe.c | 25 mm/filemap.c | 9 mm/memory-failure.c | 8 mm/migrate.c | 9 net/netfilter/nf_tables_api.c | 2 58 files changed, 1981 insertions(+), 1495 deletions(-) Al Viro (1): fs: introduce lock_rename_child() helper Amit Kumar Mahapatra (1): spi: Add APIs in spi core to set/get spi->chip_select and spi->cs_gpiod Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Andy Shevchenko (2): spi: Introduce spi_get_device_match_data() helper device property: Allow const parameter to dev_fwnode() Atte Heikkilä (1): ksmbd: fix `force create mode' and `force directory mode' Baokun Li (1): mm/filemap: avoid buffered read/write race to read inconsistent data Charan Teja Kalla (1): mm: migrate high-order folios in swap cache correctly Cheng-Han Wu (1): ksmbd: Remove unused field in ksmbd_user struct Christoph Hellwig (1): block: renumber QUEUE_FLAG_HW_WC Colin Ian King (1): ksmbd: Fix spelling mistake "excceed" -> "exceeded" Dan Carpenter (1): usb: fotg210-hcd: delete an incorrect bounds test David Disseldorp (3): ksmbd: set NegotiateContextCount once instead of every inc ksmbd: avoid duplicate negotiate ctx offset increments ksmbd: remove unused compression negotiate ctx packing Dawei Li (3): ksmbd: Implements sess->rpc_handle_list as xarray ksmbd: fix typo, syncronous->synchronous ksmbd: Remove duplicated codes Geert Uytterhoeven (1): spi: Constify spi parameters of chip select APIs Greg Kroah-Hartman (1): Linux 6.1.71 Gustavo A. R. Silva (3): ksmbd: replace one-element arrays with flexible-array members ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() ksmbd: Replace one-element array with flexible-array member Helge Deller (1): linux/export: Ensure natural alignment of kcrctab array Jeff Layton (1): ksmbd: use F_SETLK when unlocking a file Jiapeng Chong (1): ksmbd: Fix parameter name and comment mismatch Jiri Olsa (1): kallsyms: Make module_kallsyms_on_each_symbol generally available Kangjing Huang (1): ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Louis Chauvet (1): spi: atmel: Fix clock issue when using devices with different polarities Lu Hongfei (2): ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void ksmbd: Replace the ternary conditional operator with min() Marios Makassikis (2): ksmbd: Fix resource leak in smb2_lock() ksmbd: fix recursive locking in vfs helpers Matthew Wilcox (Oracle) (2): mm/memory-failure: cast index to loff_t before shifting it mm/memory-failure: check the mapcount of the precise page Namjae Jeon (46): ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share ksmbd: delete asynchronous work from list ksmbd: fix racy issue from using ->d_parent and ->d_name ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() ksmbd: fix uninitialized pointer read in smb2_create_link() ksmbd: call putname after using the last component ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() ksmbd: add mnt_want_write to ksmbd vfs functions ksmbd: remove unused ksmbd_tree_conn_share function ksmbd: use kzalloc() instead of __GFP_ZERO ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() ksmbd: use kvzalloc instead of kvmalloc ksmbd: check if a mount point is crossed during path lookup ksmbd: add support for read compound ksmbd: fix wrong interim response on compound ksmbd: add missing calling smb2_set_err_rsp() on error ksmbd: remove unneeded mark_inode_dirty in set_info_sec() ksmbd: fix passing freed memory 'aux_payload_buf' ksmbd: return invalid parameter error response if smb2 request is invalid ksmbd: check iov vector index in ksmbd_conn_write() ksmbd: fix race condition with fp ksmbd: fix race condition from parallel smb2 logoff requests ksmbd: fix race condition from parallel smb2 lock requests ksmbd: fix race condition between tree conn lookup and disconnect ksmbd: fix wrong error response status by using set_smb2_rsp_status() ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() ksmbd: fix potential double free on smb2_read_pipe() error path ksmbd: reorganize ksmbd_iov_pin_rsp() ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() ksmbd: add support for surrogate pair conversion ksmbd: no need to wait for binded connection termination at logoff ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() ksmbd: fix possible deadlock in smb2_open ksmbd: separately allocate ci per dentry ksmbd: move oplock handling after unlock parent dir ksmbd: release interim response after sending status pending response ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error ksmbd: set epoch in create context v2 lease ksmbd: set v2 lease capability ksmbd: downgrade RWH lease caching state to RH for directory ksmbd: send v2 lease break notification for directory ksmbd: lazy v2 lease break on smb2_write() ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() ksmbd: fix wrong allocation size update in smb2_open() ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() NeilBrown (3): nfsd: separate nfsd_last_thread() from nfsd_put() nfsd: call nfsd_last_thread() before final nfsd_put() NFSD: fix possible oops when nfsd/pool_stats is closed. Nuno Sa (1): iio: imu: adis16475: add spi_device_id table Pablo Neira Ayuso (1): netfilter: nf_tables: skip set commit for deleted/destroyed sets Shin'ichiro Kawasaki (2): platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe Revert "platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe" Steve French (2): ksmbd: update Kconfig to note Kerberos support and fix indentation ksmbd: remove experimental warning Steven Rostedt (Google) (4): ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() ring-buffer: Fix slowpath of interrupted event Tom Rix (1): ksmbd: remove unused is_char_allowed function Tony Lindgren (1): ARM: dts: Fix occasional boot hang for am3 usb Tudor Ambarus (1): spi: Reintroduce spi_set_cs_timing() Wang Ming (1): ksmbd: Fix unsigned expression compared with zero Yang Li (1): ksmbd: Fix one kernel-doc comment Yang Yingliang (1): ksmbd: switch to use kmemdup_nul() helper Zongmin Zhou (1): ksmbd: prevent memory leak on error return ye xingchen (1): ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs

1 year, 8 months

1
1
0 0

Linux 5.15.146

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.146 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/nvmem/mxs-ocotp.yaml | 10 Makefile | 2 arch/arm/boot/dts/am33xx.dtsi | 1 arch/arm/boot/dts/dra7.dtsi | 2 arch/arm/mach-omap2/id.c | 5 arch/arm64/kvm/arm.c | 2 arch/arm64/kvm/vgic/vgic-init.c | 5 arch/arm64/kvm/vgic/vgic-mmio-v3.c | 2 arch/arm64/kvm/vgic/vgic.h | 1 arch/s390/include/asm/fpu/api.h | 2 arch/x86/kernel/alternative.c | 2 arch/x86/net/bpf_jit_comp.c | 46 + drivers/base/property.c | 13 drivers/bus/ti-sysc.c | 18 drivers/gpio/gpio-dwapb.c | 12 drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/i915/display/intel_atomic.c | 193 ------- drivers/gpu/drm/i915/display/intel_atomic.h | 4 drivers/gpu/drm/i915/display/skl_scaler.c | 257 ++++++++++ drivers/gpu/drm/i915/display/skl_scaler.h | 10 drivers/i2c/busses/i2c-aspeed.c | 48 + drivers/iio/adc/ti_am335x_adc.c | 4 drivers/iio/buffer/industrialio-triggered-buffer.c | 10 drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 drivers/iio/imu/adis16475.c | 117 ++-- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 drivers/input/keyboard/ipaq-micro-keys.c | 3 drivers/input/misc/soc_button_array.c | 5 drivers/interconnect/core.c | 3 drivers/md/dm-integrity.c | 11 drivers/net/ethernet/actions/owl-emac.c | 2 drivers/net/ethernet/adaptec/starfire.c | 10 drivers/net/ethernet/alacritech/slicoss.c | 2 drivers/net/ethernet/alteon/acenic.c | 4 drivers/net/ethernet/altera/altera_tse_main.c | 2 drivers/net/ethernet/amd/nmclan_cs.c | 3 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 2 drivers/net/ethernet/amd/xgbe/xgbe.h | 2 drivers/net/ethernet/apm/xgene-v2/mac.c | 2 drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 2 drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 2 drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 2 drivers/net/ethernet/apple/bmac.c | 8 drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 6 drivers/net/ethernet/aquantia/atlantic/aq_macsec.c | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 4 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 4 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | 4 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils_fw2x.c | 4 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 drivers/net/ethernet/broadcom/b44.c | 6 drivers/net/ethernet/broadcom/bcmsysport.c | 2 drivers/net/ethernet/broadcom/bgmac.c | 2 drivers/net/ethernet/broadcom/bnx2.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 3 drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.h | 2 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 drivers/net/ethernet/calxeda/xgmac.c | 2 drivers/net/ethernet/chelsio/cxgb/gmac.h | 2 drivers/net/ethernet/chelsio/cxgb/pm3393.c | 2 drivers/net/ethernet/chelsio/cxgb/vsc7326.c | 2 drivers/net/ethernet/chelsio/cxgb3/common.h | 2 drivers/net/ethernet/chelsio/cxgb3/xgmac.c | 2 drivers/net/ethernet/cisco/enic/enic_pp.c | 2 drivers/net/ethernet/dlink/dl2k.c | 2 drivers/net/ethernet/dnet.c | 6 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/emulex/benet/be_cmds.h | 2 drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/ethoc.c | 2 drivers/net/ethernet/fealnx.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 4 drivers/net/ethernet/freescale/fman/fman_dtsec.c | 8 drivers/net/ethernet/freescale/fman/fman_dtsec.h | 2 drivers/net/ethernet/freescale/fman/fman_memac.c | 8 drivers/net/ethernet/freescale/fman/fman_memac.h | 2 drivers/net/ethernet/freescale/fman/fman_tgec.c | 8 drivers/net/ethernet/freescale/fman/fman_tgec.h | 2 drivers/net/ethernet/freescale/fman/mac.h | 2 drivers/net/ethernet/hisilicon/hisi_femac.c | 2 drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 2 drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 2 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 5 drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/i825xx/sun3_82586.c | 2 drivers/net/ethernet/intel/i40e/i40e.h | 2 drivers/net/ethernet/intel/ixgb/ixgb_hw.c | 2 drivers/net/ethernet/intel/ixgb/ixgb_hw.h | 2 drivers/net/ethernet/marvell/mv643xx_eth.c | 2 drivers/net/ethernet/marvell/mvneta.c | 4 drivers/net/ethernet/marvell/pxa168_eth.c | 6 drivers/net/ethernet/mediatek/mtk_star_emac.c | 2 drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 30 - drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 2 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/micrel/ks8842.c | 2 drivers/net/ethernet/micrel/ks8851.h | 3 drivers/net/ethernet/micrel/ks8851_common.c | 20 drivers/net/ethernet/micrel/ks8851_spi.c | 42 + drivers/net/ethernet/micrel/ksz884x.c | 4 drivers/net/ethernet/microsoft/Kconfig | 1 drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 3 drivers/net/ethernet/neterion/s2io.c | 2 drivers/net/ethernet/neterion/s2io.h | 2 drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c | 6 drivers/net/ethernet/nxp/lpc_eth.c | 2 drivers/net/ethernet/qlogic/qed/qed_dev.c | 2 drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 2 drivers/net/ethernet/qlogic/qed/qed_l2.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 2 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 2 drivers/net/ethernet/qlogic/qed/qed_mcp.h | 2 drivers/net/ethernet/qlogic/qed/qed_rdma.c | 2 drivers/net/ethernet/qlogic/qed/qed_vf.c | 2 drivers/net/ethernet/qlogic/qed/qed_vf.h | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 2 drivers/net/ethernet/qualcomm/emac/emac-mac.c | 2 drivers/net/ethernet/rdc/r6040.c | 12 drivers/net/ethernet/samsung/sxgbe/sxgbe_common.h | 2 drivers/net/ethernet/samsung/sxgbe/sxgbe_core.c | 3 drivers/net/ethernet/sfc/ef10.c | 4 drivers/net/ethernet/sfc/ef10_sriov.c | 2 drivers/net/ethernet/sfc/ef10_sriov.h | 6 drivers/net/ethernet/sfc/net_driver.h | 2 drivers/net/ethernet/sfc/siena_sriov.c | 2 drivers/net/ethernet/sfc/siena_sriov.h | 2 drivers/net/ethernet/sis/sis900.c | 2 drivers/net/ethernet/smsc/smsc911x.c | 2 drivers/net/ethernet/smsc/smsc9420.c | 2 drivers/net/ethernet/stmicro/stmmac/common.h | 4 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 2 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 3 drivers/net/ethernet/stmicro/stmmac/hwif.h | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c | 4 drivers/net/ethernet/sun/sunbmac.c | 2 drivers/net/ethernet/sun/sunqe.c | 2 drivers/net/ethernet/synopsys/dwc-xlgmac-hw.c | 2 drivers/net/ethernet/synopsys/dwc-xlgmac.h | 2 drivers/net/ethernet/ti/tlan.c | 4 drivers/net/ethernet/toshiba/tc35815.c | 3 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 7 drivers/net/ethernet/xircom/xirc2ps_cs.c | 2 drivers/net/phy/mscc/mscc_main.c | 2 drivers/net/usb/aqc111.c | 2 drivers/net/usb/ax88179_178a.c | 224 ++++---- drivers/net/usb/catc.c | 2 drivers/net/usb/dm9601.c | 3 drivers/net/usb/mcs7830.c | 3 drivers/net/usb/sr9700.c | 3 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 4 drivers/pinctrl/pinctrl-at91-pio4.c | 8 drivers/reset/core.c | 8 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 drivers/scsi/scsi_error.c | 2 drivers/spi/spi.c | 12 drivers/usb/host/fotg210-hcd.c | 3 drivers/usb/serial/ftdi_sio.c | 6 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 5 fs/Kconfig | 4 fs/afs/cell.c | 67 +- fs/afs/cmservice.c | 2 fs/afs/dynroot.c | 31 - fs/afs/internal.h | 18 fs/afs/proc.c | 6 fs/afs/rxrpc.c | 26 - fs/afs/server.c | 40 - fs/afs/vl_list.c | 19 fs/afs/volume.c | 47 + fs/cifs/misc.c | 4 fs/cifs/smb2misc.c | 26 - fs/cifs/smb2ops.c | 26 - fs/cifs/smb2pdu.c | 29 - fs/cifs/smb2pdu.h | 2 fs/fuse/fuse_i.h | 15 fs/fuse/inode.c | 75 ++ fs/ksmbd/oplock.c | 115 ++++ fs/ksmbd/oplock.h | 8 fs/ksmbd/smb2misc.c | 15 fs/ksmbd/smb2ops.c | 9 fs/ksmbd/smb2pdu.c | 61 +- fs/ksmbd/smb2pdu.h | 1 fs/ksmbd/vfs.c | 3 fs/ksmbd/vfs_cache.c | 13 fs/ksmbd/vfs_cache.h | 3 include/linux/bpf.h | 3 include/linux/key-type.h | 1 include/linux/property.h | 9 include/linux/qed/qed_eth_if.h | 2 include/linux/qed/qed_if.h | 2 include/linux/qed/qed_rdma_if.h | 3 include/linux/spi/spi.h | 3 include/net/bluetooth/hci_core.h | 5 include/trace/events/afs.h | 26 - kernel/bpf/arraymap.c | 58 -- kernel/trace/ring_buffer.c | 136 +---- kernel/trace/synth_event_gen_test.c | 11 kernel/trace/trace.c | 20 lib/vsprintf.c | 11 mm/filemap.c | 9 net/8021q/vlan_core.c | 9 net/9p/protocol.c | 17 net/bluetooth/af_bluetooth.c | 7 net/bluetooth/hci_event.c | 3 net/bluetooth/l2cap_core.c | 21 net/bluetooth/mgmt.c | 25 net/bluetooth/smp.c | 7 net/core/dev.c | 3 net/dns_resolver/dns_key.c | 10 net/ife/ife.c | 1 net/mac80211/mesh_plink.c | 10 net/netfilter/nf_tables_api.c | 2 net/rfkill/rfkill-gpio.c | 8 net/rose/af_rose.c | 39 + net/wireless/certs/wens.hex | 87 +++ security/keys/gc.c | 31 - security/keys/internal.h | 11 security/keys/key.c | 15 security/keys/proc.c | 2 sound/soc/codecs/hdmi-codec.c | 12 sound/usb/quirks.c | 4 243 files changed, 1795 insertions(+), 1078 deletions(-) Alexander Atanasov (1): scsi: core: Always send batch on reset or error handling command Alexis Lothoré (1): pinctrl: at91-pio4: use dedicated lock class for IRQ Alper Ak (1): USB: serial: option: add Quectel EG912Y module support Andrew Davis (1): ARM: dts: dra7: Fix DRA7 L3 NoC node register size Andy Shevchenko (3): device property: Add const qualifier to device_get_match_data() parameter spi: Introduce spi_get_device_match_data() helper device property: Allow const parameter to dev_fwnode() Baokun Li (1): mm/filemap: avoid buffered read/write race to read inconsistent data Chen-Yu Tsai (1): wifi: cfg80211: Add my certificate Christoffer Sandberg (1): Input: soc_button_array - add mapping for airplane mode button Dan Carpenter (1): usb: fotg210-hcd: delete an incorrect bounds test David Howells (6): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry afs: Fix overwriting of result of DNS query afs: Use refcount_t rather than atomic_t afs: Fix use-after-free due to get/remove race in volume tree David Lechner (1): iio: triggered-buffer: prevent possible freeing of wrong buffer Dinghao Liu (1): net/mlx5e: fix a potential double-free in fs_udp_create_groups Eric Dumazet (3): net: sched: ife: fix potential use-after-free net/rose: fix races in rose_kill_by_device() net: check dev->gso_max_size in gso_features_check() Fabio Estevam (1): dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp Fedor Pchelkin (1): net: 9p: avoid freeing uninit memory in p9pdu_vreadf Frédéric Danis (1): Bluetooth: L2CAP: Send reject on command corrupted request Geert Uytterhoeven (1): reset: Fix crash when freeing non-existent optional resets Greg Kroah-Hartman (1): Linux 5.15.146 Haoran Liu (1): Input: ipaq-micro-keys - add error handling for devm_kmemdup Heiko Carstens (1): s390/vx: fix save/restore of fpu kernel context Herve Codina (1): lib/vsprintf: Fix %pfwf when current node refcount == 0 Hyunwoo Kim (1): Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg Jakub Kicinski (1): ethernet: constify references to netdev->dev_addr in drivers Javier Carrasco (1): iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Jeremie Knuesel (1): ALSA: usb-audio: Increase delay in MOTU M quirk Jerome Brunet (1): ASoC: hdmi-codec: fix missing report for jack initial status Jiri Olsa (1): bpf: Fix prog_array_map_poke_run map poke update Johannes Berg (3): wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock wifi: mac80211: mesh_plink: fix matches_local logic wifi: cfg80211: fix certs build to not depend on file order Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid failed operations when device is disconnected Justin Chen (2): net: usb: ax88179_178a: clean up pm calls net: usb: ax88179_178a: wol optimizations Kent Gibson (1): gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() Krister Johansen (1): fuse: share lookup state between submount and its parent Kunwu Chan (1): ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Liu Jian (1): net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Luca Coelho (1): drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Marc Zyngier (1): KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy Mark Glover (1): USB: serial: ftdi_sio: update Actisense PIDs constant names Mike Tipton (1): interconnect: Treat xlate() returning NULL node as an error Mikulas Patocka (1): dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Moshe Shemesh (1): net/mlx5: Fix fw tracer first block check Namjae Jeon (10): ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ksmbd: have a dependency on cifs ARC4 ksmbd: set epoch in create context v2 lease ksmbd: set v2 lease capability ksmbd: downgrade RWH lease caching state to RH for directory ksmbd: send v2 lease break notification for directory ksmbd: lazy v2 lease break on smb2_write() ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() ksmbd: fix wrong allocation size update in smb2_open() ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Nuno Sa (1): iio: imu: adis16475: add spi_device_id table Pablo Neira Ayuso (1): netfilter: nf_tables: skip set commit for deleted/destroyed sets Paulo Alcantara (4): smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in smb2_query_reparse_point() smb: client: fix OOB in SMB2_query_info_init() smb: client: fix OOB in smbCalcSize() Quan Nguyen (1): i2c: aspeed: Handle the coalesced stop conditions with the start conditions. Rahul Rameshbabu (1): net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Reinhard Speyerer (1): USB: serial: option: add Quectel RM500Q R13 firmware support Ronald Wahl (1): net: ks8851: Fix TX stall caused by TX buffer overrun Rouven Czerwinski (1): net: rfkill: gpio: set GPIO direction Shifeng Li (1): net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() Slark Xiao (1): USB: serial: option: add Foxconn T99W265 with new baseline Steven Rostedt (Google) (5): tracing / synthetic: Disable events after testing in synth_event_gen_test_init() ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() ring-buffer: Fix slowpath of interrupted event Su Hui (1): iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Thomas Gleixner (1): x86/alternatives: Sync core before enabling interrupts Tony Lindgren (2): bus: ti-sysc: Flush posted write only after srst_udelay ARM: dts: Fix occasional boot hang for am3 usb Ville Syrjälä (2): drm/i915: Relocate intel_atomic_setup_scalers() drm/i915: Fix intel_atomic_setup_scalers() plane_state handling Vlad Buslov (2): Revert "net/mlx5e: fix double free of encap_header in update funcs" Revert "net/mlx5e: fix double free of encap_header" Wadim Egorov (1): iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Wei Yongjun (1): scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Xiao Yao (1): Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE Yury Norov (1): net: mana: select PAGE_POOL Zhipeng Lu (1): ethernet: atheros: fix a memleak in atl1e_setup_ring_resources xiongxin (1): gpio: dwapb: mask/unmask IRQ when disable/enale it

1 year, 8 months

1
1
0 0

[PATCH v2] PM / devfreq: Fix buffer overflow in trans_stat_show

by Christian Marangi

Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure sysfs_emit. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041 Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v2: - Squash and use directly sysfs_emit - Fix typo for df->freq_table[2] - Reduce check of PAGE_SIZE to only at the start of for loops Documentation/ABI/testing/sysfs-class-devfreq | 3 ++ drivers/devfreq/devfreq.c | 47 ++++++++++++------- 2 files changed, 33 insertions(+), 17 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq index 5e6b74f30406..1e7e0bb4c14e 100644 --- a/Documentation/ABI/testing/sysfs-class-devfreq +++ b/Documentation/ABI/testing/sysfs-class-devfreq @@ -52,6 +52,9 @@ Description: echo 0 > /sys/class/devfreq/.../trans_stat + If the transition table is bigger than PAGE_SIZE, reading + this will return an -EFBIG error. + What: /sys/class/devfreq/.../available_frequencies Date: October 2012 Contact: Nishanth Menon <nm(a)ti.com> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 63347a5ae599..3b8019ab523d 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1688,7 +1688,7 @@ static ssize_t trans_stat_show(struct device *dev, struct device_attribute *attr, char *buf) { struct devfreq *df = to_devfreq(dev); - ssize_t len; + ssize_t len = 0; int i, j; unsigned int max_state; @@ -1697,7 +1697,7 @@ static ssize_t trans_stat_show(struct device *dev, max_state = df->max_state; if (max_state == 0) - return sprintf(buf, "Not Supported.\n"); + return sysfs_emit(buf, "Not Supported.\n"); mutex_lock(&df->lock); if (!df->stop_polling && @@ -1707,31 +1707,44 @@ static ssize_t trans_stat_show(struct device *dev, } mutex_unlock(&df->lock); - len = sprintf(buf, " From : To\n"); - len += sprintf(buf + len, " :"); - for (i = 0; i < max_state; i++) - len += sprintf(buf + len, "%10lu", - df->freq_table[i]); + len += sysfs_emit_at(buf, len, " From : To\n"); + len += sysfs_emit_at(buf, len, " :"); + for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; + len += sysfs_emit_at(buf, len, "%10lu", + df->freq_table[i]); + } - len += sprintf(buf + len, " time(ms)\n"); + len += sysfs_emit_at(buf, len, " time(ms)\n"); for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; if (df->freq_table[i] == df->previous_freq) - len += sprintf(buf + len, "*"); + len += sysfs_emit_at(buf, len, "*"); else - len += sprintf(buf + len, " "); + len += sysfs_emit_at(buf, len, " "); - len += sprintf(buf + len, "%10lu:", df->freq_table[i]); - for (j = 0; j < max_state; j++) - len += sprintf(buf + len, "%10u", + len += sysfs_emit_at(buf, len, "%10lu:", df->freq_table[i]); + for (j = 0; j < max_state; j++) { + if (len >= PAGE_SIZE - 1) + break; + len += sysfs_emit_at(buf, len, "%10u", df->stats.trans_table[(i * max_state) + j]); + } + + len += sysfs_emit_at(buf, len, "%10llu\n", (u64) + jiffies64_to_msecs(df->stats.time_in_state[i])); + } - len += sprintf(buf + len, "%10llu\n", (u64) - jiffies64_to_msecs(df->stats.time_in_state[i])); + len += sysfs_emit_at(buf, len, "Total transition : %u\n", + df->stats.total_trans); + if (len >= PAGE_SIZE - 1) { + pr_warn_once("devfreq transition table exceeds PAGE_SIZE. Disabling\n"); + return -EFBIG; } - len += sprintf(buf + len, "Total transition : %u\n", - df->stats.total_trans); return len; } -- 2.43.0

1 year, 8 months

1
0
0 0

FAILED: patch "[PATCH] block: Don't invalidate pagecache for invalid falloc modes" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 1364a3c391aedfeb32aa025303ead3d7c91cdf9d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023101517-patriarch-reuse-cc1c@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 1364a3c391ae ("block: Don't invalidate pagecache for invalid falloc modes") 05bdb9965305 ("block: replace fmode_t with a block-specific type for block open flags") 5e4ea834676e ("block: remove unused fmode_t arguments from ioctl handlers") cfb425761c79 ("block: move a few internal definitions out of blkdev.h") 99b07780814e ("rnbd-srv: replace sess->open_flags with a "bool readonly"") 658afed19cee ("mtd: block: use a simple bool to track open for write") 7d9d7d59d44b ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool") 2e80089c1824 ("scsi: replace the fmode_t argument to scsi_ioctl with a simple bool") 5f4eb9d5413f ("scsi: replace the fmode_t argument to scsi_cmd_allowed with a simple bool") 81b1fb7d17c0 ("fs: remove sb->s_mode") 3f0b3e785e8b ("block: add a sb_open_mode helper") 2736e8eeb0cc ("block: use the holder as indication for exclusive opens") 2ef789288afd ("btrfs: don't pass a holder for non-exclusive blkdev_get_by_path") 29499ab060fe ("bcache: don't pass a stack address to blkdev_get_by_path") c889d0793d9d ("swsusp: don't pass a stack address to blkdev_get_by_path") ae220766d87c ("block: remove the unused mode argument to ->release") d32e2bf83791 ("block: pass a gendisk to ->open") 444aa2c58cb3 ("block: pass a gendisk on bdev_check_media_change") 7ae24fcee992 ("cdrom: remove the unused mode argument to cdrom_release") 473399b50de1 ("cdrom: remove the unused mode argument to cdrom_ioctl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1364a3c391aedfeb32aa025303ead3d7c91cdf9d Mon Sep 17 00:00:00 2001 From: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Date: Wed, 11 Oct 2023 13:12:30 -0700 Subject: [PATCH] block: Don't invalidate pagecache for invalid falloc modes Only call truncate_bdev_range() if the fallocate mode is supported. This fixes a bug where data in the pagecache could be invalidated if the fallocate() was called on the block device with an invalid mode. Fixes: 25f4c41415e5 ("block: implement (some of) fallocate for block devices") Cc: stable(a)vger.kernel.org Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Sarthak Kukreti <sarthakkukreti(a)chromium.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: "Darrick J. Wong" <djwong(a)kernel.org> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Fixes: line? I've never seen those wrapped. Link: https://lore.kernel.org/r/20231011201230.750105-1-sarthakkukreti@chromium.o… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/fops.c b/block/fops.c index acff3d5d22d4..73e42742543f 100644 --- a/block/fops.c +++ b/block/fops.c @@ -772,24 +772,35 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, filemap_invalidate_lock(inode->i_mapping); - /* Invalidate the page cache, including dirty pages. */ - error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); - if (error) - goto fail; - + /* + * Invalidate the page cache, including dirty pages, for valid + * de-allocate mode calls to fallocate(). + */ switch (mode) { case FALLOC_FL_ZERO_RANGE: case FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOUNMAP); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_zeroout(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL, BLKDEV_ZERO_NOFALLBACK); break; case FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE | FALLOC_FL_NO_HIDE_STALE: + error = truncate_bdev_range(bdev, file_to_blk_mode(file), start, end); + if (error) + goto fail; + error = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, len >> SECTOR_SHIFT, GFP_KERNEL); break;

1 year, 8 months

3
2
0 0

[PATCH v8 7/7] serial: 8250_exar: Set missing rs485_supported flag

by Lino Sanfilippo

The UART supports an auto-RTS mode in which the RTS pin is automatically activated during transmission. So mark this mode as being supported even if RTS is not controlled by the driver but the UART. Also the serial core expects now at least one of both modes rts-on-send or rts-after-send to be supported. This is since during sanitization unsupported flags are deleted from a RS485 configuration set by userspace. However if the configuration ends up with both flags unset, the core prints a warning since it considers such a configuration invalid (see uart_sanitize_serial_rs485()). Cc: stable(a)vger.kernel.org Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/8250/8250_exar.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c index 6085d356ad86..23366f868ae3 100644 --- a/drivers/tty/serial/8250/8250_exar.c +++ b/drivers/tty/serial/8250/8250_exar.c @@ -480,7 +480,7 @@ static int sealevel_rs485_config(struct uart_port *port, struct ktermios *termio } static const struct serial_rs485 generic_rs485_supported = { - .flags = SER_RS485_ENABLED, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND, }; static const struct exar8250_platform exar8250_default_platform = { @@ -524,7 +524,8 @@ static int iot2040_rs485_config(struct uart_port *port, struct ktermios *termios } static const struct serial_rs485 iot2040_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RX_DURING_TX | SER_RS485_TERMINATE_BUS, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | + SER_RS485_RX_DURING_TX | SER_RS485_TERMINATE_BUS, }; static const struct property_entry iot2040_gpio_properties[] = { -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 6/7] serial: omap: do not override settings for RS485 support

by Lino Sanfilippo

The drivers RS485 support is deactivated if there is no RTS GPIO available. This is done by nullifying the ports rs485_supported struct. After that however the settings in serial_omap_rs485_supported are assigned to the same structure unconditionally, which results in an unintended reactivation of RS485 support. Fix this by moving the assignment to the beginning of serial_omap_probe_rs485() and thus before the check for the RTS GPIO. Also relocate the assignment of serial_omap_config_rs485() to have the complete RS485 setup in one function. Fixes: e2752ae3cfc9 ("serial: omap: Disallow RS-485 if rts-gpio is not specified") Cc: stable(a)vger.kernel.org Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/omap-serial.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c index ad4c1c5d0a7f..f4c6ff806465 100644 --- a/drivers/tty/serial/omap-serial.c +++ b/drivers/tty/serial/omap-serial.c @@ -1483,6 +1483,13 @@ static struct omap_uart_port_info *of_get_uart_port_info(struct device *dev) return omap_up_info; } +static const struct serial_rs485 serial_omap_rs485_supported = { + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND | + SER_RS485_RX_DURING_TX, + .delay_rts_before_send = 1, + .delay_rts_after_send = 1, +}; + static int serial_omap_probe_rs485(struct uart_omap_port *up, struct device *dev) { @@ -1497,6 +1504,9 @@ static int serial_omap_probe_rs485(struct uart_omap_port *up, if (!np) return 0; + up->port.rs485_config = serial_omap_config_rs485; + up->port.rs485_supported = serial_omap_rs485_supported; + ret = uart_get_rs485_mode(&up->port); if (ret) return ret; @@ -1531,13 +1541,6 @@ static int serial_omap_probe_rs485(struct uart_omap_port *up, return 0; } -static const struct serial_rs485 serial_omap_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND | - SER_RS485_RX_DURING_TX, - .delay_rts_before_send = 1, - .delay_rts_after_send = 1, -}; - static int serial_omap_probe(struct platform_device *pdev) { struct omap_uart_port_info *omap_up_info = dev_get_platdata(&pdev->dev); @@ -1604,17 +1607,11 @@ static int serial_omap_probe(struct platform_device *pdev) dev_info(up->port.dev, "no wakeirq for uart%d\n", up->port.line); - ret = serial_omap_probe_rs485(up, &pdev->dev); - if (ret < 0) - goto err_rs485; - sprintf(up->name, "OMAP UART%d", up->port.line); up->port.mapbase = mem->start; up->port.membase = base; up->port.flags = omap_up_info->flags; up->port.uartclk = omap_up_info->uartclk; - up->port.rs485_config = serial_omap_config_rs485; - up->port.rs485_supported = serial_omap_rs485_supported; if (!up->port.uartclk) { up->port.uartclk = DEFAULT_CLK_SPEED; dev_warn(&pdev->dev, @@ -1622,6 +1619,10 @@ static int serial_omap_probe(struct platform_device *pdev) DEFAULT_CLK_SPEED); } + ret = serial_omap_probe_rs485(up, &pdev->dev); + if (ret < 0) + goto err_rs485; + up->latency = PM_QOS_CPU_LATENCY_DEFAULT_VALUE; up->calc_latency = PM_QOS_CPU_LATENCY_DEFAULT_VALUE; cpu_latency_qos_add_request(&up->pm_qos_request, up->latency); -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 5/7] serial: core, imx: do not set RS485 enabled if it is not supported

by Lino Sanfilippo

If the imx driver cannot support RS485 it nullifies the ports rs485_supported structure. But it still calls uart_get_rs485_mode() which may set the RS485_ENABLED flag nevertheless. This may lead to an attempt to configure RS485 even if it is not supported when the flag is evaluated in uart_configure_port() at port startup. Avoid this by bailing out of uart_get_rs485_mode() if the RS485_ENABLED flag is not supported by the caller. With this fix a check for RTS availability is now obsolete in the imx driver, since it can not evaluate to true any more. So remove this check. Furthermore the explicit nullifcation of rs485_supported is not needed, since the memory has already been set to zeros at allocation. So remove this, too. Fixes: 00d7a00e2a6f ("serial: imx: Fill in rs485_supported") Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Suggested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/imx.c | 7 ------- drivers/tty/serial/serial_core.c | 3 +++ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 9cffeb23112b..198ce7e7bc8b 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -2206,7 +2206,6 @@ static enum hrtimer_restart imx_trigger_stop_tx(struct hrtimer *t) return HRTIMER_NORESTART; } -static const struct serial_rs485 imx_no_rs485 = {}; /* No RS485 if no RTS */ static const struct serial_rs485 imx_rs485_supported = { .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND | SER_RS485_RX_DURING_TX, @@ -2290,8 +2289,6 @@ static int imx_uart_probe(struct platform_device *pdev) /* RTS is required to control the RS485 transmitter */ if (sport->have_rtscts || sport->have_rtsgpio) sport->port.rs485_supported = imx_rs485_supported; - else - sport->port.rs485_supported = imx_no_rs485; sport->port.flags = UPF_BOOT_AUTOCONF; timer_setup(&sport->timer, imx_uart_timeout, 0); @@ -2328,10 +2325,6 @@ static int imx_uart_probe(struct platform_device *pdev) return ret; } - if (sport->port.rs485.flags & SER_RS485_ENABLED && - (!sport->have_rtscts && !sport->have_rtsgpio)) - dev_err(&pdev->dev, "no RTS control, disabling rs485\n"); - /* * If using the i.MX UART RTS/CTS control then the RTS (CTS_B) * signal cannot be set low during transmission in case the diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 28bcbc686c67..93e4e1693601 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -3600,6 +3600,9 @@ int uart_get_rs485_mode(struct uart_port *port) u32 rs485_delay[2]; int ret; + if (!(port->rs485_supported.flags & SER_RS485_ENABLED)) + return 0; + ret = device_property_read_u32_array(dev, "rs485-rts-delay", rs485_delay, 2); if (!ret) { -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 4/7] serial: core: make sure RS485 cannot be enabled when it is not supported

by Lino Sanfilippo

Some uart drivers specify a rs485_config() function and then decide later to disable RS485 support for some reason (e.g. imx and ar933). In these cases userspace may be able to activate RS485 via TIOCSRS485 nevertheless, since in uart_set_rs485_config() an existing rs485_config() function indicates that RS485 is supported. Make sure that this is not longer possible by checking the uarts rs485_supported.flags instead and bailing out if SER_RS485_ENABLED is not set. Furthermore instead of returning an empty structure return -ENOTTY if the RS485 configuration is requested via TIOCGRS485 but RS485 is not supported. This has a small impact on userspace visibility but it is consistent with the -ENOTTY error for TIOCGRS485. Fixes: e849145e1fdd ("serial: ar933x: Fill in rs485_supported") Fixes: 55e18c6b6d42 ("serial: imx: Remove serial_rs485 sanitization") Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index f67fb6a04983..28bcbc686c67 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1469,7 +1469,7 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, int ret; unsigned long flags; - if (!port->rs485_config) + if (!(port->rs485_supported.flags & SER_RS485_ENABLED)) return -ENOTTY; if (copy_from_user(&rs485, rs485_user, sizeof(*rs485_user))) -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 3/7] serial: core: fix sanitizing check for RTS settings

by Lino Sanfilippo

Among other things uart_sanitize_serial_rs485() tests the sanity of the RTS settings in a RS485 configuration that has been passed by userspace. If RTS-on-send and RTS-after-send are both set or unset the configuration is adjusted and RTS-after-send is disabled and RTS-on-send enabled. This however makes only sense if both RTS modes are actually supported by the driver. With commit be2e2cb1d281 ("serial: Sanitize rs485_struct") the code does take the driver support into account but only checks if one of both RTS modes are supported. This may lead to the errorneous result of RTS-on-send being set even if only RTS-after-send is supported. Fix this by changing the implemented logic: First clear all unsupported flags in the RS485 configuration, then adjust an invalid RTS setting by taking into account which RTS mode is supported. Cc: stable(a)vger.kernel.org Fixes: be2e2cb1d281 ("serial: Sanitize rs485_struct") Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 1204102d7162..f67fb6a04983 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1371,19 +1371,27 @@ static void uart_sanitize_serial_rs485(struct uart_port *port, struct serial_rs4 return; } + rs485->flags &= supported_flags; + /* Pick sane settings if the user hasn't */ - if ((supported_flags & (SER_RS485_RTS_ON_SEND|SER_RS485_RTS_AFTER_SEND)) && - !(rs485->flags & SER_RS485_RTS_ON_SEND) == + if (!(rs485->flags & SER_RS485_RTS_ON_SEND) == !(rs485->flags & SER_RS485_RTS_AFTER_SEND)) { - dev_warn_ratelimited(port->dev, - "%s (%d): invalid RTS setting, using RTS_ON_SEND instead\n", - port->name, port->line); - rs485->flags |= SER_RS485_RTS_ON_SEND; - rs485->flags &= ~SER_RS485_RTS_AFTER_SEND; - supported_flags |= SER_RS485_RTS_ON_SEND|SER_RS485_RTS_AFTER_SEND; - } + if (supported_flags & SER_RS485_RTS_ON_SEND) { + rs485->flags |= SER_RS485_RTS_ON_SEND; + rs485->flags &= ~SER_RS485_RTS_AFTER_SEND; - rs485->flags &= supported_flags; + dev_warn_ratelimited(port->dev, + "%s (%d): invalid RTS setting, using RTS_ON_SEND instead\n", + port->name, port->line); + } else { + rs485->flags |= SER_RS485_RTS_AFTER_SEND; + rs485->flags &= ~SER_RS485_RTS_ON_SEND; + + dev_warn_ratelimited(port->dev, + "%s (%d): invalid RTS setting, using RTS_AFTER_SEND instead\n", + port->name, port->line); + } + } uart_sanitize_serial_rs485_delays(port, rs485); -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 2/7] serial: core: set missing supported flag for RX during TX GPIO

by Lino Sanfilippo

If the RS485 feature RX-during-TX is supported by means of a GPIO set the according supported flag. Otherwise setting this feature from userspace may not be possible, since in uart_sanitize_serial_rs485() the passed RS485 configuration is matched against the supported features and unsupported settings are thereby removed and thus take no effect. Cc: stable(a)vger.kernel.org Fixes: 163f080eb717 ("serial: core: Add option to output RS485 RX_DURING_TX state via GPIO") Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/serial_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index d155131f221d..1204102d7162 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -3642,6 +3642,8 @@ int uart_get_rs485_mode(struct uart_port *port) if (IS_ERR(desc)) return dev_err_probe(dev, PTR_ERR(desc), "Cannot get rs485-rx-during-tx-gpios\n"); port->rs485_rx_during_tx_gpio = desc; + if (port->rs485_rx_during_tx_gpio) + port->rs485_supported.flags |= SER_RS485_RX_DURING_TX; return 0; } -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v8 1/7] serial: Do not hold the port lock when setting rx-during-tx GPIO

by Lino Sanfilippo

Both the imx and stm32 driver set the rx-during-tx GPIO in rs485_config(). Since this function is called with the port lock held, this can be an problem in case that setting the GPIO line can sleep (e.g. if a GPIO expander is used which is connected via SPI or I2C). Avoid this issue by moving the GPIO setting outside of the port lock into the serial core and thus making it a generic feature. Also reset old GPIO settings in case that changing the RS485 configuration failed. Fixes: c54d48543689 ("serial: stm32: Add support for rs485 RX_DURING_TX output GPIO") Fixes: ca530cfa968c ("serial: imx: Add support for RS485 RX_DURING_TX output GPIO") Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/imx.c | 4 ---- drivers/tty/serial/serial_core.c | 26 ++++++++++++++++++++++++-- drivers/tty/serial/stm32-usart.c | 5 +---- 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 708b9852a575..9cffeb23112b 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -1943,10 +1943,6 @@ static int imx_uart_rs485_config(struct uart_port *port, struct ktermios *termio rs485conf->flags & SER_RS485_RX_DURING_TX) imx_uart_start_rx(port); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - return 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index f1348a509552..d155131f221d 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1402,6 +1402,16 @@ static void uart_set_rs485_termination(struct uart_port *port, !!(rs485->flags & SER_RS485_TERMINATE_BUS)); } +static void uart_set_rs485_rx_during_tx(struct uart_port *port, + const struct serial_rs485 *rs485) +{ + if (!(rs485->flags & SER_RS485_ENABLED)) + return; + + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, + !!(rs485->flags & SER_RS485_RX_DURING_TX)); +} + static int uart_rs485_config(struct uart_port *port) { struct serial_rs485 *rs485 = &port->rs485; @@ -1413,12 +1423,17 @@ static int uart_rs485_config(struct uart_port *port) uart_sanitize_serial_rs485(port, rs485); uart_set_rs485_termination(port, rs485); + uart_set_rs485_rx_during_tx(port, rs485); uart_port_lock_irqsave(port, &flags); ret = port->rs485_config(port, NULL, rs485); uart_port_unlock_irqrestore(port, flags); - if (ret) + if (ret) { memset(rs485, 0, sizeof(*rs485)); + /* unset GPIOs */ + gpiod_set_value_cansleep(port->rs485_term_gpio, 0); + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, 0); + } return ret; } @@ -1457,6 +1472,7 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, return ret; uart_sanitize_serial_rs485(port, &rs485); uart_set_rs485_termination(port, &rs485); + uart_set_rs485_rx_during_tx(port, &rs485); uart_port_lock_irqsave(port, &flags); ret = port->rs485_config(port, &tty->termios, &rs485); @@ -1468,8 +1484,14 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, port->ops->set_mctrl(port, port->mctrl); } uart_port_unlock_irqrestore(port, flags); - if (ret) + if (ret) { + /* restore old GPIO settings */ + gpiod_set_value_cansleep(port->rs485_term_gpio, + !!(port->rs485.flags & SER_RS485_TERMINATE_BUS)); + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, + !!(port->rs485.flags & SER_RS485_RX_DURING_TX)); return ret; + } if (copy_to_user(rs485_user, &port->rs485, sizeof(port->rs485))) return -EFAULT; diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 3048620315d6..ec9a72a5bea9 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -226,10 +226,7 @@ static int stm32_usart_config_rs485(struct uart_port *port, struct ktermios *ter stm32_usart_clr_bits(port, ofs->cr1, BIT(cfg->uart_enable_bit)); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - else + if (!port->rs485_rx_during_tx_gpio) rs485conf->flags |= SER_RS485_RX_DURING_TX; if (rs485conf->flags & SER_RS485_ENABLED) { -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH v7 6/7] serial: omap: do not override settings for RS485 support

by Lino Sanfilippo

The drivers RS485 support is deactivated if there is no RTS GPIO available. This is done by nullifying the ports rs485_supported struct. After that however the settings in serial_omap_rs485_supported are assigned to the same structure unconditionally, which results in an unintended reactivation of RS485 support. Fix this by moving the assignment to the beginning of serial_omap_probe_rs485() and thus before uart_get_rs485_mode() gets called. Also replace the assignment of rs485_config() to have the complete RS485 setup in one function. Fixes: e2752ae3cfc9 ("serial: omap: Disallow RS-485 if rts-gpio is not specified") Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/omap-serial.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c index ad4c1c5d0a7f..f4c6ff806465 100644 --- a/drivers/tty/serial/omap-serial.c +++ b/drivers/tty/serial/omap-serial.c @@ -1483,6 +1483,13 @@ static struct omap_uart_port_info *of_get_uart_port_info(struct device *dev) return omap_up_info; } +static const struct serial_rs485 serial_omap_rs485_supported = { + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND | + SER_RS485_RX_DURING_TX, + .delay_rts_before_send = 1, + .delay_rts_after_send = 1, +}; + static int serial_omap_probe_rs485(struct uart_omap_port *up, struct device *dev) { @@ -1497,6 +1504,9 @@ static int serial_omap_probe_rs485(struct uart_omap_port *up, if (!np) return 0; + up->port.rs485_config = serial_omap_config_rs485; + up->port.rs485_supported = serial_omap_rs485_supported; + ret = uart_get_rs485_mode(&up->port); if (ret) return ret; @@ -1531,13 +1541,6 @@ static int serial_omap_probe_rs485(struct uart_omap_port *up, return 0; } -static const struct serial_rs485 serial_omap_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND | - SER_RS485_RX_DURING_TX, - .delay_rts_before_send = 1, - .delay_rts_after_send = 1, -}; - static int serial_omap_probe(struct platform_device *pdev) { struct omap_uart_port_info *omap_up_info = dev_get_platdata(&pdev->dev); @@ -1604,17 +1607,11 @@ static int serial_omap_probe(struct platform_device *pdev) dev_info(up->port.dev, "no wakeirq for uart%d\n", up->port.line); - ret = serial_omap_probe_rs485(up, &pdev->dev); - if (ret < 0) - goto err_rs485; - sprintf(up->name, "OMAP UART%d", up->port.line); up->port.mapbase = mem->start; up->port.membase = base; up->port.flags = omap_up_info->flags; up->port.uartclk = omap_up_info->uartclk; - up->port.rs485_config = serial_omap_config_rs485; - up->port.rs485_supported = serial_omap_rs485_supported; if (!up->port.uartclk) { up->port.uartclk = DEFAULT_CLK_SPEED; dev_warn(&pdev->dev, @@ -1622,6 +1619,10 @@ static int serial_omap_probe(struct platform_device *pdev) DEFAULT_CLK_SPEED); } + ret = serial_omap_probe_rs485(up, &pdev->dev); + if (ret < 0) + goto err_rs485; + up->latency = PM_QOS_CPU_LATENCY_DEFAULT_VALUE; up->calc_latency = PM_QOS_CPU_LATENCY_DEFAULT_VALUE; cpu_latency_qos_add_request(&up->pm_qos_request, up->latency); -- 2.43.0

1 year, 8 months

3
2
0 0

Re: Physicians Email & Mailing List

by Dyana Collins

Hi, Would you be interested in acquiring *Physicians Email & Mailing List* for your upcoming campaigns? *Physician Specialties* Anesthesiologist Ophthalmologist Cardiologist Optometrist Dermatologist Pathologist Dentist Pediatrician Emergency Medicine Psychiatrist Family Practitioners Psychologist Gastroenterologist Plastic Surgeon General Practitioners Podiatrist Gynecologist Pulmonologist Hospitalist Radiologist Hematologist Rheumatologist Internal Medicine Urologist Nephrologists Physician Assistants Neurologist Nurse Practitioners Oncologist Registered Nurses etc. Let me know your *target audience* so that I will get back to you with more information along with *pricing*. If you think I should be talking to someone else, please forward this email to the concerned person. Looking forward to hearing from you. Regards, *Dyana Collins**| **Online Marketing Executive* PWe have a responsibility to the environment Before printing this e-mail or any other document, let's ask ourselves whether we need a hard copy To unsubscribe, reply with “leave out” in the subject line.

1 year, 8 months

1
0
0 0

[PATCH 6.1 000/100] 6.1.71-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.71 release. There are 100 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jan 2024 16:47:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.71-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.71-rc1 Andrii Nakryiko <andrii(a)kernel.org> tracing/kprobes: Fix symbol counting logic by looking at modules as well Jiri Olsa <jolsa(a)kernel.org> kallsyms: Make module_kallsyms_on_each_symbol generally available Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> device property: Allow const parameter to dev_fwnode() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Constify spi parameters of chip select APIs NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix slowpath of interrupted event Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip set commit for deleted/destroyed sets Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix blocked reader of snapshot buffer Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: check the mapcount of the precise page Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/memory-failure: cast index to loff_t before shifting it Charan Teja Kalla <quic_charante(a)quicinc.com> mm: migrate high-order folios in swap cache correctly Baokun Li <libaokun1(a)huawei.com> mm/filemap: avoid buffered read/write race to read inconsistent data Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Christoph Hellwig <hch(a)lst.de> block: renumber QUEUE_FLAG_HW_WC Louis Chauvet <louis.chauvet(a)bootlin.com> spi: atmel: Fix clock issue when using devices with different polarities Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> spi: Add APIs in spi core to set/get spi->chip_select and spi->cs_gpiod Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: Reintroduce spi_set_cs_timing() Helge Deller <deller(a)gmx.de> linux/export: Ensure natural alignment of kcrctab array NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis16475: add spi_device_id table Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: Introduce spi_get_device_match_data() helper Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Tony Lindgren <tony(a)atomide.com> ARM: dts: Fix occasional boot hang for am3 usb Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong allocation size update in smb2_open() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: lazy v2 lease break on smb2_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send v2 lease break notification for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: downgrade RWH lease caching state to RH for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease capability Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set epoch in create context v2 lease Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: release interim response after sending status pending response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: move oplock handling after unlock parent dir Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: separately allocate ci per dentry Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix possible deadlock in smb2_open Zongmin Zhou <zhouzongmin(a)kylinos.cn> ksmbd: prevent memory leak on error return Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: no need to wait for binded connection termination at logoff Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for surrogate pair conversion Kangjing Huang <huangkangjing(a)gmail.com> ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix recursive locking in vfs helpers Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: reorganize ksmbd_iov_pin_rsp() Cheng-Han Wu <hank20010209(a)gmail.com> ksmbd: Remove unused field in ksmbd_user struct Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential double free on smb2_read_pipe() error path Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong error response status by using set_smb2_rsp_status() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition between tree conn lookup and disconnect Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition from parallel smb2 lock requests Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition from parallel smb2 logoff requests Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix race condition with fp Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check iov vector index in ksmbd_conn_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return invalid parameter error response if smb2 request is invalid Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix passing freed memory 'aux_payload_buf' Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unneeded mark_inode_dirty in set_info_sec() Steve French <stfrench(a)microsoft.com> ksmbd: remove experimental warning Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add missing calling smb2_set_err_rsp() on error Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Fix one kernel-doc comment Atte Heikkilä <atteh.mailbox(a)gmail.com> ksmbd: fix `force create mode' and `force directory mode' Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong interim response on compound Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for read compound Yang Yingliang <yangyingliang(a)huawei.com> ksmbd: switch to use kmemdup_nul() helper Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: check if a mount point is crossed during path lookup Wang Ming <machel(a)vivo.com> ksmbd: Fix unsigned expression compared with zero Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: Replace one-element array with flexible-array member Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() Lu Hongfei <luhongfei(a)vivo.com> ksmbd: Replace the ternary conditional operator with min() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use kvzalloc instead of kvmalloc Lu Hongfei <luhongfei(a)vivo.com> ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use kzalloc() instead of __GFP_ZERO Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unused ksmbd_tree_conn_share function Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add mnt_want_write to ksmbd vfs functions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: call putname after using the last component Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix uninitialized pointer read in smb2_create_link() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from using ->d_parent and ->d_name Al Viro <viro(a)zeniv.linux.org.uk> fs: introduce lock_rename_child() helper David Disseldorp <ddiss(a)suse.de> ksmbd: remove unused compression negotiate ctx packing David Disseldorp <ddiss(a)suse.de> ksmbd: avoid duplicate negotiate ctx offset increments David Disseldorp <ddiss(a)suse.de> ksmbd: set NegotiateContextCount once instead of every inc Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: delete asynchronous work from list Tom Rix <trix(a)redhat.com> ksmbd: remove unused is_char_allowed function Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> ksmbd: Fix parameter name and comment mismatch Colin Ian King <colin.i.king(a)gmail.com> ksmbd: Fix spelling mistake "excceed" -> "exceeded" Steve French <stfrench(a)microsoft.com> ksmbd: update Kconfig to note Kerberos support and fix indentation Dawei Li <set_pte_at(a)outlook.com> ksmbd: Remove duplicated codes Dawei Li <set_pte_at(a)outlook.com> ksmbd: fix typo, syncronous->synchronous Dawei Li <set_pte_at(a)outlook.com> ksmbd: Implements sess->rpc_handle_list as xarray ye xingchen <ye.xingchen(a)zte.com.cn> ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: Fix resource leak in smb2_lock() Jeff Layton <jlayton(a)kernel.org> ksmbd: use F_SETLK when unlocking a file Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share Gustavo A. R. Silva <gustavoars(a)kernel.org> ksmbd: replace one-element arrays with flexible-array members ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am33xx.dtsi | 1 + drivers/base/property.c | 11 +- drivers/iio/imu/adis16475.c | 129 +++-- drivers/platform/x86/p2sb.c | 178 +++++-- drivers/spi/spi-atmel.c | 82 ++- drivers/spi/spi.c | 92 +++- drivers/usb/host/fotg210-hcd.c | 3 - fs/namei.c | 125 ++++- fs/nfsd/nfsctl.c | 9 +- fs/nfsd/nfsd.h | 8 +- fs/nfsd/nfssvc.c | 57 +- fs/smb/common/smb2pdu.h | 1 + fs/smb/server/Kconfig | 10 +- fs/smb/server/asn1.c | 33 +- fs/smb/server/auth.c | 11 +- fs/smb/server/connection.c | 74 +-- fs/smb/server/connection.h | 2 +- fs/smb/server/ksmbd_netlink.h | 4 +- fs/smb/server/ksmbd_work.c | 100 +++- fs/smb/server/ksmbd_work.h | 36 +- fs/smb/server/mgmt/share_config.h | 29 +- fs/smb/server/mgmt/tree_connect.c | 53 +- fs/smb/server/mgmt/tree_connect.h | 14 +- fs/smb/server/mgmt/user_config.h | 1 - fs/smb/server/mgmt/user_session.c | 38 +- fs/smb/server/mgmt/user_session.h | 3 +- fs/smb/server/oplock.c | 147 ++++-- fs/smb/server/oplock.h | 8 +- fs/smb/server/server.c | 36 +- fs/smb/server/smb2misc.c | 19 +- fs/smb/server/smb2ops.c | 19 +- fs/smb/server/smb2pdu.c | 1033 ++++++++++++++++--------------------- fs/smb/server/smb2pdu.h | 3 +- fs/smb/server/smb_common.c | 19 +- fs/smb/server/smb_common.h | 14 +- fs/smb/server/smbacl.c | 20 +- fs/smb/server/smbacl.h | 2 +- fs/smb/server/transport_ipc.c | 4 +- fs/smb/server/transport_rdma.c | 44 +- fs/smb/server/unicode.c | 191 ++++--- fs/smb/server/vfs.c | 638 ++++++++++++----------- fs/smb/server/vfs.h | 52 +- fs/smb/server/vfs_cache.c | 63 ++- fs/smb/server/vfs_cache.h | 18 +- include/linux/blkdev.h | 2 +- include/linux/export-internal.h | 1 + include/linux/module.h | 9 + include/linux/namei.h | 7 + include/linux/property.h | 7 +- include/linux/spi/spi.h | 23 + kernel/module/kallsyms.c | 2 - kernel/trace/ring_buffer.c | 140 ++--- kernel/trace/trace.c | 20 +- kernel/trace/trace_kprobe.c | 25 +- mm/filemap.c | 9 + mm/memory-failure.c | 8 +- mm/migrate.c | 9 +- net/netfilter/nf_tables_api.c | 2 +- 59 files changed, 2139 insertions(+), 1563 deletions(-)

1 year, 8 months

15
120
0 0

[PATCH 5.15 00/95] 5.15.146-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.146 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jan 2024 16:47:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.146-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.146-rc1 Jiri Olsa <jolsa(a)kernel.org> bpf: Fix prog_array_map_poke_run map poke update Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> device property: Allow const parameter to dev_fwnode() Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix slowpath of interrupted event Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip set commit for deleted/destroyed sets Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix blocked reader of snapshot buffer Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix wake ups when buffer_percent is set to 100 Baokun Li <libaokun1(a)huawei.com> mm/filemap: avoid buffered read/write race to read inconsistent data Hyunwoo Kim <v4bel(a)theori.io> Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smbCalcSize() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in SMB2_query_info_init() Nuno Sa <nuno.sa(a)analog.com> iio: imu: adis16475: add spi_device_id table Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: Introduce spi_get_device_match_data() helper Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> device property: Add const qualifier to device_get_match_data() parameter Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid failed operations when device is disconnected Justin Chen <justinpopo6(a)gmail.com> net: usb: ax88179_178a: wol optimizations Justin Chen <justinpopo6(a)gmail.com> net: usb: ax88179_178a: clean up pm calls Jakub Kicinski <kuba(a)kernel.org> ethernet: constify references to netdev->dev_addr in drivers Dan Carpenter <dan.carpenter(a)linaro.org> usb: fotg210-hcd: delete an incorrect bounds test Tony Lindgren <tony(a)atomide.com> ARM: dts: Fix occasional boot hang for am3 usb Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong allocation size update in smb2_open() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: lazy v2 lease break on smb2_write() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send v2 lease break notification for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: downgrade RWH lease caching state to RH for directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease capability Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set epoch in create context v2 lease Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: have a dependency on cifs ARC4 Krister Johansen <kjlx(a)templeofstupid.com> fuse: share lookup state between submount and its parent Thomas Gleixner <tglx(a)linutronix.de> x86/alternatives: Sync core before enabling interrupts Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy Herve Codina <herve.codina(a)bootlin.com> lib/vsprintf: Fix %pfwf when current node refcount == 0 xiongxin <xiongxin(a)kylinos.cn> gpio: dwapb: mask/unmask IRQ when disable/enale it Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Flush posted write only after srst_udelay Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing / synthetic: Disable events after testing in synth_event_gen_test_init() Alexander Atanasov <alexander.atanasov(a)virtuozzo.com> scsi: core: Always send batch on reset or error handling command Fabio Estevam <festevam(a)denx.de> dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix TX stall caused by TX buffer overrun Rouven Czerwinski <r.czerwinski(a)pengutronix.de> net: rfkill: gpio: set GPIO direction Fedor Pchelkin <pchelkin(a)ispras.ru> net: 9p: avoid freeing uninit memory in p9pdu_vreadf Christoffer Sandberg <cs(a)tuxedo.de> Input: soc_button_array - add mapping for airplane mode button Xiao Yao <xiaoyao(a)rock-chips.com> Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Send reject on command corrupted request Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RM500Q R13 firmware support Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W265 with new baseline Alper Ak <alperyasinak1(a)gmail.com> USB: serial: option: add Quectel EG912Y module support Mark Glover <mark.glover(a)actisense.com> USB: serial: ftdi_sio: update Actisense PIDs constant names Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix certs build to not depend on file order Chen-Yu Tsai <wens(a)kernel.org> wifi: cfg80211: Add my certificate Jeremie Knuesel <knuesel(a)gmail.com> ALSA: usb-audio: Increase delay in MOTU M quirk David Lechner <dlechner(a)baylibre.com> iio: triggered-buffer: prevent possible freeing of wrong buffer Wadim Egorov <w.egorov(a)phytec.de> iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Wei Yongjun <weiyongjun1(a)huawei.com> scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Haoran Liu <liuhaoran14(a)163.com> Input: ipaq-micro-keys - add error handling for devm_kmemdup Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: sm8250: Enable sync_state Su Hui <suhui(a)nfschina.com> iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Treat xlate() returning NULL node as an error Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smb2_query_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix intel_atomic_setup_scalers() plane_state handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Relocate intel_atomic_setup_scalers() Luca Coelho <luciano.coelho(a)intel.com> drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() Alexis Lothoré <alexis.lothore(a)bootlin.com> pinctrl: at91-pio4: use dedicated lock class for IRQ Quan Nguyen <quan(a)os.amperecomputing.com> i2c: aspeed: Handle the coalesced stop conditions with the start conditions. Jerome Brunet <jbrunet(a)baylibre.com> ASoC: hdmi-codec: fix missing report for jack initial status David Howells <dhowells(a)redhat.com> afs: Fix use-after-free due to get/remove race in volume tree David Howells <dhowells(a)redhat.com> afs: Use refcount_t rather than atomic_t David Howells <dhowells(a)redhat.com> afs: Fix overwriting of result of DNS query David Howells <dhowells(a)redhat.com> keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry Eric Dumazet <edumazet(a)google.com> net: check dev->gso_max_size in gso_features_check() David Howells <dhowells(a)redhat.com> afs: Fix dynamic root lookup DNS check David Howells <dhowells(a)redhat.com> afs: Fix the dynamic root's d_delete to always delete unused dentries Liu Jian <liujian56(a)huawei.com> net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Yury Norov <yury.norov(a)gmail.com> net: mana: select PAGE_POOL Eric Dumazet <edumazet(a)google.com> net/rose: fix races in rose_kill_by_device() Zhipeng Lu <alexious(a)zju.edu.cn> ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Eric Dumazet <edumazet(a)google.com> net: sched: ife: fix potential use-after-free Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix fw tracer first block check Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/mlx5e: fix a potential double-free in fs_udp_create_groups Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() Vlad Buslov <vladbu(a)nvidia.com> Revert "net/mlx5e: fix double free of encap_header" Vlad Buslov <vladbu(a)nvidia.com> Revert "net/mlx5e: fix double free of encap_header in update funcs" Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mesh_plink: fix matches_local logic Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock Heiko Carstens <hca(a)linux.ibm.com> s390/vx: fix save/restore of fpu kernel context Geert Uytterhoeven <geert+renesas(a)glider.be> reset: Fix crash when freeing non-existent optional resets Kunwu Chan <chentao(a)kylinos.cn> ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Andrew Davis <afd(a)ti.com> ARM: dts: dra7: Fix DRA7 L3 NoC node register size ------------- Diffstat: .../devicetree/bindings/nvmem/mxs-ocotp.yaml | 10 +- Makefile | 4 +- arch/arm/boot/dts/am33xx.dtsi | 1 + arch/arm/boot/dts/dra7.dtsi | 2 +- arch/arm/mach-omap2/id.c | 5 + arch/arm64/kvm/arm.c | 2 +- arch/arm64/kvm/vgic/vgic-init.c | 5 +- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 2 +- arch/arm64/kvm/vgic/vgic.h | 1 + arch/s390/include/asm/fpu/api.h | 2 +- arch/x86/kernel/alternative.c | 2 +- arch/x86/net/bpf_jit_comp.c | 46 ++++ drivers/base/property.c | 13 +- drivers/bus/ti-sysc.c | 18 +- drivers/gpio/gpio-dwapb.c | 12 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/i915/display/intel_atomic.c | 193 +--------------- drivers/gpu/drm/i915/display/intel_atomic.h | 4 - drivers/gpu/drm/i915/display/skl_scaler.c | 257 +++++++++++++++++++++ drivers/gpu/drm/i915/display/skl_scaler.h | 14 +- drivers/i2c/busses/i2c-aspeed.c | 48 ++-- drivers/iio/adc/ti_am335x_adc.c | 4 +- drivers/iio/buffer/industrialio-triggered-buffer.c | 10 + drivers/iio/common/ms_sensors/ms_sensors_i2c.c | 4 +- drivers/iio/imu/adis16475.c | 129 +++++++---- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 4 +- drivers/input/keyboard/ipaq-micro-keys.c | 3 + drivers/input/misc/soc_button_array.c | 5 + drivers/interconnect/core.c | 3 + drivers/interconnect/qcom/sm8250.c | 1 + drivers/md/dm-integrity.c | 11 +- drivers/net/ethernet/actions/owl-emac.c | 2 +- drivers/net/ethernet/adaptec/starfire.c | 10 +- drivers/net/ethernet/alacritech/slicoss.c | 2 +- drivers/net/ethernet/alteon/acenic.c | 4 +- drivers/net/ethernet/altera/altera_tse_main.c | 2 +- drivers/net/ethernet/amd/nmclan_cs.c | 3 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 2 +- drivers/net/ethernet/apm/xgene-v2/mac.c | 2 +- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 2 +- drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 2 +- drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 2 +- drivers/net/ethernet/apple/bmac.c | 8 +- drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 6 +- drivers/net/ethernet/aquantia/atlantic/aq_macsec.c | 2 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 4 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 4 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.h | 2 +- .../aquantia/atlantic/hw_atl/hw_atl_utils.c | 4 +- .../aquantia/atlantic/hw_atl/hw_atl_utils_fw2x.c | 4 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 5 +- drivers/net/ethernet/broadcom/b44.c | 6 +- drivers/net/ethernet/broadcom/bcmsysport.c | 2 +- drivers/net/ethernet/broadcom/bgmac.c | 2 +- drivers/net/ethernet/broadcom/bnx2.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 3 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.h | 2 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/calxeda/xgmac.c | 2 +- drivers/net/ethernet/chelsio/cxgb/gmac.h | 2 +- drivers/net/ethernet/chelsio/cxgb/pm3393.c | 2 +- drivers/net/ethernet/chelsio/cxgb/vsc7326.c | 2 +- drivers/net/ethernet/chelsio/cxgb3/common.h | 2 +- drivers/net/ethernet/chelsio/cxgb3/xgmac.c | 2 +- drivers/net/ethernet/cisco/enic/enic_pp.c | 2 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/dnet.c | 6 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.h | 2 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/ethoc.c | 2 +- drivers/net/ethernet/fealnx.c | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 4 +- drivers/net/ethernet/freescale/fman/fman_dtsec.c | 8 +- drivers/net/ethernet/freescale/fman/fman_dtsec.h | 2 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 8 +- drivers/net/ethernet/freescale/fman/fman_memac.h | 2 +- drivers/net/ethernet/freescale/fman/fman_tgec.c | 8 +- drivers/net/ethernet/freescale/fman/fman_tgec.h | 2 +- drivers/net/ethernet/freescale/fman/mac.h | 2 +- drivers/net/ethernet/hisilicon/hisi_femac.c | 2 +- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 5 +- .../net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/ixgb/ixgb_hw.c | 2 +- drivers/net/ethernet/intel/ixgb/ixgb_hw.h | 2 +- drivers/net/ethernet/marvell/mv643xx_eth.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 4 +- drivers/net/ethernet/marvell/pxa168_eth.c | 6 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 2 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +- .../mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 30 +-- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 +- drivers/net/ethernet/micrel/ks8842.c | 2 +- drivers/net/ethernet/micrel/ks8851.h | 3 + drivers/net/ethernet/micrel/ks8851_common.c | 22 +- drivers/net/ethernet/micrel/ks8851_spi.c | 42 ++-- drivers/net/ethernet/micrel/ksz884x.c | 4 +- drivers/net/ethernet/microsoft/Kconfig | 1 + drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 3 +- drivers/net/ethernet/neterion/s2io.c | 2 +- drivers/net/ethernet/neterion/s2io.h | 2 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 6 +- drivers/net/ethernet/nxp/lpc_eth.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dev.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_rdma.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 2 +- drivers/net/ethernet/qualcomm/emac/emac-mac.c | 2 +- drivers/net/ethernet/rdc/r6040.c | 12 +- drivers/net/ethernet/samsung/sxgbe/sxgbe_common.h | 2 +- drivers/net/ethernet/samsung/sxgbe/sxgbe_core.c | 3 +- drivers/net/ethernet/sfc/ef10.c | 4 +- drivers/net/ethernet/sfc/ef10_sriov.c | 2 +- drivers/net/ethernet/sfc/ef10_sriov.h | 6 +- drivers/net/ethernet/sfc/net_driver.h | 2 +- drivers/net/ethernet/sfc/siena_sriov.c | 2 +- drivers/net/ethernet/sfc/siena_sriov.h | 2 +- drivers/net/ethernet/sis/sis900.c | 2 +- drivers/net/ethernet/smsc/smsc911x.c | 2 +- drivers/net/ethernet/smsc/smsc9420.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 3 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 3 +- .../net/ethernet/stmicro/stmmac/stmmac_selftests.c | 4 +- drivers/net/ethernet/sun/sunbmac.c | 2 +- drivers/net/ethernet/sun/sunqe.c | 2 +- drivers/net/ethernet/synopsys/dwc-xlgmac-hw.c | 2 +- drivers/net/ethernet/synopsys/dwc-xlgmac.h | 2 +- drivers/net/ethernet/ti/tlan.c | 4 +- drivers/net/ethernet/toshiba/tc35815.c | 3 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 7 +- drivers/net/ethernet/xircom/xirc2ps_cs.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 2 +- drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/ax88179_178a.c | 224 +++++++++--------- drivers/net/usb/catc.c | 2 +- drivers/net/usb/dm9601.c | 3 +- drivers/net/usb/mcs7830.c | 3 +- drivers/net/usb/sr9700.c | 3 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 4 +- drivers/pinctrl/pinctrl-at91-pio4.c | 8 + drivers/reset/core.c | 8 +- drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 9 +- drivers/scsi/scsi_error.c | 2 + drivers/spi/spi.c | 12 + drivers/usb/host/fotg210-hcd.c | 3 - drivers/usb/serial/ftdi_sio.c | 6 +- drivers/usb/serial/ftdi_sio_ids.h | 6 +- drivers/usb/serial/option.c | 5 + fs/Kconfig | 4 +- fs/afs/cell.c | 67 +++--- fs/afs/cmservice.c | 2 +- fs/afs/dynroot.c | 31 +-- fs/afs/internal.h | 18 +- fs/afs/proc.c | 6 +- fs/afs/rxrpc.c | 26 ++- fs/afs/server.c | 40 ++-- fs/afs/vl_list.c | 19 +- fs/afs/volume.c | 47 +++- fs/cifs/misc.c | 4 + fs/cifs/smb2misc.c | 26 +-- fs/cifs/smb2ops.c | 26 ++- fs/cifs/smb2pdu.c | 29 ++- fs/cifs/smb2pdu.h | 2 +- fs/fuse/fuse_i.h | 15 ++ fs/fuse/inode.c | 75 +++++- fs/ksmbd/oplock.c | 115 ++++++++- fs/ksmbd/oplock.h | 8 +- fs/ksmbd/smb2misc.c | 15 +- fs/ksmbd/smb2ops.c | 9 +- fs/ksmbd/smb2pdu.c | 61 ++--- fs/ksmbd/smb2pdu.h | 1 + fs/ksmbd/vfs.c | 3 + fs/ksmbd/vfs_cache.c | 13 +- fs/ksmbd/vfs_cache.h | 3 + include/linux/bpf.h | 3 + include/linux/key-type.h | 1 + include/linux/property.h | 9 +- include/linux/qed/qed_eth_if.h | 2 +- include/linux/qed/qed_if.h | 2 +- include/linux/qed/qed_rdma_if.h | 3 +- include/linux/spi/spi.h | 3 + include/net/bluetooth/hci_core.h | 5 + include/trace/events/afs.h | 26 +-- kernel/bpf/arraymap.c | 58 +---- kernel/trace/ring_buffer.c | 136 ++++------- kernel/trace/synth_event_gen_test.c | 11 + kernel/trace/trace.c | 20 +- lib/vsprintf.c | 11 +- mm/filemap.c | 9 + net/8021q/vlan_core.c | 9 +- net/9p/protocol.c | 17 +- net/bluetooth/af_bluetooth.c | 7 +- net/bluetooth/hci_event.c | 3 +- net/bluetooth/l2cap_core.c | 21 +- net/bluetooth/mgmt.c | 25 +- net/bluetooth/smp.c | 7 + net/core/dev.c | 3 + net/dns_resolver/dns_key.c | 10 +- net/ife/ife.c | 1 + net/mac80211/mesh_plink.c | 10 +- net/netfilter/nf_tables_api.c | 2 +- net/rfkill/rfkill-gpio.c | 8 + net/rose/af_rose.c | 41 +++- net/wireless/certs/wens.hex | 87 +++++++ security/keys/gc.c | 31 ++- security/keys/internal.h | 11 +- security/keys/key.c | 15 +- security/keys/proc.c | 2 +- sound/soc/codecs/hdmi-codec.c | 12 +- sound/usb/quirks.c | 4 +- 244 files changed, 1807 insertions(+), 1089 deletions(-)

1 year, 8 months

13
108
0 0

[PATCH v7 1/7] serial: Do not hold the port lock when setting rx-during-tx GPIO

by Lino Sanfilippo

Both the imx and stm32 driver set the rx-during-tx GPIO in rs485_config(). Since this function is called with the port lock held, this can be a problem in case that setting the GPIO line can sleep (e.g. if a GPIO expander is used which is connected via SPI or I2C). Avoid this issue by moving the GPIO setting outside of the port lock into the serial core and thus making it a generic feature. Also with commit c54d48543689 ("serial: stm32: Add support for rs485 RX_DURING_TX output GPIO") the SER_RS485_RX_DURING_TX flag is only set if a rx-during-tx GPIO is _not_ available, which is wrong. Fix this, too. Furthermore reset old GPIO settings in case that changing the RS485 configuration failed. Fixes: c54d48543689 ("serial: stm32: Add support for rs485 RX_DURING_TX output GPIO") Fixes: ca530cfa968c ("serial: imx: Add support for RS485 RX_DURING_TX output GPIO") Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> --- drivers/tty/serial/imx.c | 4 ---- drivers/tty/serial/serial_core.c | 26 ++++++++++++++++++++++++-- drivers/tty/serial/stm32-usart.c | 8 ++------ 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 708b9852a575..9cffeb23112b 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -1943,10 +1943,6 @@ static int imx_uart_rs485_config(struct uart_port *port, struct ktermios *termio rs485conf->flags & SER_RS485_RX_DURING_TX) imx_uart_start_rx(port); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - return 0; } diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index f1348a509552..d155131f221d 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1402,6 +1402,16 @@ static void uart_set_rs485_termination(struct uart_port *port, !!(rs485->flags & SER_RS485_TERMINATE_BUS)); } +static void uart_set_rs485_rx_during_tx(struct uart_port *port, + const struct serial_rs485 *rs485) +{ + if (!(rs485->flags & SER_RS485_ENABLED)) + return; + + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, + !!(rs485->flags & SER_RS485_RX_DURING_TX)); +} + static int uart_rs485_config(struct uart_port *port) { struct serial_rs485 *rs485 = &port->rs485; @@ -1413,12 +1423,17 @@ static int uart_rs485_config(struct uart_port *port) uart_sanitize_serial_rs485(port, rs485); uart_set_rs485_termination(port, rs485); + uart_set_rs485_rx_during_tx(port, rs485); uart_port_lock_irqsave(port, &flags); ret = port->rs485_config(port, NULL, rs485); uart_port_unlock_irqrestore(port, flags); - if (ret) + if (ret) { memset(rs485, 0, sizeof(*rs485)); + /* unset GPIOs */ + gpiod_set_value_cansleep(port->rs485_term_gpio, 0); + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, 0); + } return ret; } @@ -1457,6 +1472,7 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, return ret; uart_sanitize_serial_rs485(port, &rs485); uart_set_rs485_termination(port, &rs485); + uart_set_rs485_rx_during_tx(port, &rs485); uart_port_lock_irqsave(port, &flags); ret = port->rs485_config(port, &tty->termios, &rs485); @@ -1468,8 +1484,14 @@ static int uart_set_rs485_config(struct tty_struct *tty, struct uart_port *port, port->ops->set_mctrl(port, port->mctrl); } uart_port_unlock_irqrestore(port, flags); - if (ret) + if (ret) { + /* restore old GPIO settings */ + gpiod_set_value_cansleep(port->rs485_term_gpio, + !!(port->rs485.flags & SER_RS485_TERMINATE_BUS)); + gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, + !!(port->rs485.flags & SER_RS485_RX_DURING_TX)); return ret; + } if (copy_to_user(rs485_user, &port->rs485, sizeof(port->rs485))) return -EFAULT; diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c index 3048620315d6..fc7fd40bca98 100644 --- a/drivers/tty/serial/stm32-usart.c +++ b/drivers/tty/serial/stm32-usart.c @@ -226,12 +226,6 @@ static int stm32_usart_config_rs485(struct uart_port *port, struct ktermios *ter stm32_usart_clr_bits(port, ofs->cr1, BIT(cfg->uart_enable_bit)); - if (port->rs485_rx_during_tx_gpio) - gpiod_set_value_cansleep(port->rs485_rx_during_tx_gpio, - !!(rs485conf->flags & SER_RS485_RX_DURING_TX)); - else - rs485conf->flags |= SER_RS485_RX_DURING_TX; - if (rs485conf->flags & SER_RS485_ENABLED) { cr1 = readl_relaxed(port->membase + ofs->cr1); cr3 = readl_relaxed(port->membase + ofs->cr3); @@ -256,6 +250,8 @@ static int stm32_usart_config_rs485(struct uart_port *port, struct ktermios *ter writel_relaxed(cr3, port->membase + ofs->cr3); writel_relaxed(cr1, port->membase + ofs->cr1); + + rs485conf->flags |= SER_RS485_RX_DURING_TX; } else { stm32_usart_clr_bits(port, ofs->cr3, USART_CR3_DEM | USART_CR3_DEP); -- 2.43.0

1 year, 8 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror